diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index c17d4f9a4..d2a04c861 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -22,7 +22,7 @@ jobs:
# gcc is needed to build the mock dnf-json binary for the unit tests
# gpgme-devel is needed for container upload dependencies
- name: Install build and test dependencies
- run: dnf -y install krb5-devel gcc git-core go gpgme-devel
+ run: dnf -y install krb5-devel gcc git-core go gpgme-devel btrfs-progs-devel device-mapper-devel
- name: Check out code into the Go module directory
uses: actions/checkout@v4
@@ -130,6 +130,13 @@ jobs:
- name: Install libgpgme devel package
run: sudo apt-get install -y libgpgme-dev
+ # This is needed for the 'github.com/containers/storage' package
+ - name: Install btrfs-progs devel package
+ run: sudo apt-get install -y libbtrfs-dev
+
+ - name: Install libdevmapper devel package
+ run: sudo apt-get install -y libdevmapper-dev
+
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v3
with:
diff --git a/Schutzfile b/Schutzfile
index 82fdfb708..465567eff 100644
--- a/Schutzfile
+++ b/Schutzfile
@@ -159,6 +159,13 @@
}
}
},
+ "rhel-8.9": {
+ "dependencies": {
+ "osbuild": {
+ "commit": "5fc3b565a257b0e0636d9e7f0015fc7f6cae0e55"
+ }
+ }
+ },
"rhel-8.10": {
"dependencies": {
"osbuild": {
@@ -212,6 +219,13 @@
}
}
},
+ "rhel-9.3": {
+ "dependencies": {
+ "osbuild": {
+ "commit": "5fc3b565a257b0e0636d9e7f0015fc7f6cae0e55"
+ }
+ }
+ },
"rhel-9.4": {
"dependencies": {
"osbuild": {
diff --git a/cmd/gen-manifests/main.go b/cmd/gen-manifests/main.go
index f9ed50bc8..76cf015db 100644
--- a/cmd/gen-manifests/main.go
+++ b/cmd/gen-manifests/main.go
@@ -15,12 +15,13 @@ import (
"io"
"os"
"path/filepath"
+ "sort"
"strings"
"github.com/osbuild/images/pkg/blueprint"
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/distro"
- "github.com/osbuild/images/pkg/distroregistry"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/images/pkg/manifest"
"github.com/osbuild/images/pkg/ostree"
"github.com/osbuild/images/pkg/rhsm/facts"
@@ -208,6 +209,15 @@ func makeManifestJob(name string, imgType distro.ImageType, cr composeRequest, d
type DistroArchRepoMap map[string]map[string][]repository
+func (darm DistroArchRepoMap) ListDistros() []string {
+ distros := make([]string, 0, len(darm))
+ for d := range darm {
+ distros = append(distros, d)
+ }
+ sort.Strings(distros)
+ return distros
+}
+
func convertRepo(r repository) rpmmd.RepoConfig {
var urls []string
if r.BaseURL != "" {
@@ -447,7 +457,7 @@ func main() {
seedArg := int64(0)
darm := readRepos()
- distroReg := distroregistry.NewDefault()
+ distroFac := distrofactory.NewDefault()
jobs := make([]manifestJob, 0)
requestMap := loadFormatRequestMap()
@@ -459,10 +469,10 @@ func main() {
fmt.Println("Collecting jobs")
if len(distros) == 0 {
- distros = distroReg.List()
+ distros = darm.ListDistros()
}
for _, distroName := range distros {
- distribution := distroReg.GetDistro(distroName)
+ distribution := distroFac.GetDistro(distroName)
if distribution == nil {
fmt.Fprintf(os.Stderr, "invalid distro name %q\n", distroName)
continue
diff --git a/cmd/osbuild-composer/composer.go b/cmd/osbuild-composer/composer.go
index 3574abbd5..e9b5b7fe2 100644
--- a/cmd/osbuild-composer/composer.go
+++ b/cmd/osbuild-composer/composer.go
@@ -21,7 +21,7 @@ import (
"github.com/osbuild/osbuild-composer/pkg/jobqueue"
"github.com/osbuild/osbuild-composer/pkg/jobqueue/dbjobqueue"
- "github.com/osbuild/images/pkg/distroregistry"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/osbuild-composer/internal/auth"
"github.com/osbuild/osbuild-composer/internal/cloudapi"
v2 "github.com/osbuild/osbuild-composer/internal/cloudapi/v2"
@@ -36,7 +36,7 @@ type Composer struct {
stateDir string
cacheDir string
logger *log.Logger
- distros *distroregistry.Registry
+ distros *distrofactory.Factory
solver *dnfjson.BaseSolver
@@ -68,11 +68,11 @@ func NewComposer(config *ComposerConfigFile, stateDir, cacheDir string) (*Compos
}
}
- c.distros = distroregistry.NewDefault()
- logrus.Infof("Loaded %d distros", len(c.distros.List()))
+ c.distros = distrofactory.NewDefault()
+ // TODO: Move this to Weldr API initialization
// Clean up the cache, removes unknown distros and files
- dnfjson.CleanupOldCacheDirs(path.Join(c.cacheDir, "rpmmd"), c.distros.List())
+ // dnfjson.CleanupOldCacheDirs(path.Join(c.cacheDir, "rpmmd"), c.distros.List())
c.solver = dnfjson.NewBaseSolver(path.Join(c.cacheDir, "rpmmd"))
c.solver.SetDNFJSONPath(c.config.DNFJson)
diff --git a/cmd/osbuild-dnf-json-tests/main_test.go b/cmd/osbuild-dnf-json-tests/main_test.go
index 5a6958952..c51110bdc 100644
--- a/cmd/osbuild-dnf-json-tests/main_test.go
+++ b/cmd/osbuild-dnf-json-tests/main_test.go
@@ -13,8 +13,9 @@ import (
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/blueprint"
"github.com/osbuild/images/pkg/distro"
- rhel "github.com/osbuild/images/pkg/distro/rhel8"
+ "github.com/osbuild/images/pkg/distro/rhel9"
"github.com/osbuild/images/pkg/ostree"
+ "github.com/osbuild/images/pkg/reporegistry"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/osbuild-composer/internal/dnfjson"
)
@@ -27,13 +28,14 @@ func TestCrossArchDepsolve(t *testing.T) {
repoDir := "/usr/share/tests/osbuild-composer"
// NOTE: we can add RHEL, but don't make it hard requirement because it will fail outside of VPN
- cs9 := rhel.NewCentos()
+ cs9 := rhel9.DistroFactory("centos-9")
+ require.NotNil(t, cs9)
// Set up temporary directory for rpm/dnf cache
dir := t.TempDir()
baseSolver := dnfjson.NewBaseSolver(dir)
- repos, err := rpmmd.LoadRepositories([]string{repoDir}, cs9.Name())
+ repos, err := reporegistry.LoadRepositories([]string{repoDir}, cs9.Name())
require.NoErrorf(t, err, "Failed to LoadRepositories %v", cs9.Name())
for _, archStr := range cs9.ListArches() {
@@ -81,13 +83,14 @@ func TestDepsolvePackageSets(t *testing.T) {
repoDir := "/usr/share/tests/osbuild-composer"
// NOTE: we can add RHEL, but don't make it hard requirement because it will fail outside of VPN
- cs9 := rhel.NewCentos()
+ cs9 := rhel9.DistroFactory("centos-9")
+ require.NotNil(t, cs9)
// Set up temporary directory for rpm/dnf cache
dir := t.TempDir()
solver := dnfjson.NewSolver(cs9.ModulePlatformID(), cs9.Releasever(), arch.ARCH_X86_64.String(), cs9.Name(), dir)
- repos, err := rpmmd.LoadRepositories([]string{repoDir}, cs9.Name())
+ repos, err := reporegistry.LoadRepositories([]string{repoDir}, cs9.Name())
require.NoErrorf(t, err, "Failed to LoadRepositories %v", cs9.Name())
x86Repos, ok := repos[arch.ARCH_X86_64.String()]
require.Truef(t, ok, "failed to get %q repos for %q", arch.ARCH_X86_64.String(), cs9.Name())
diff --git a/cmd/osbuild-store-dump/main.go b/cmd/osbuild-store-dump/main.go
index 70f01e1c4..28a535de3 100644
--- a/cmd/osbuild-store-dump/main.go
+++ b/cmd/osbuild-store-dump/main.go
@@ -12,8 +12,9 @@ import (
"github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/distro/fedora"
- "github.com/osbuild/images/pkg/distroregistry"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/images/pkg/manifest"
+ "github.com/osbuild/images/pkg/reporegistry"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/osbuild-composer/internal/blueprint"
"github.com/osbuild/osbuild-composer/internal/dnfjson"
@@ -126,7 +127,9 @@ func main() {
awsTarget.Created = time.Now()
awsTarget.OsbuildArtifact.ExportFilename = "image.ami"
- d := fedora.NewF37()
+ const fedoraID = "fedora-37"
+
+ d := fedora.DistroFactory(fedoraID)
a, err := d.GetArch(arch.ARCH_X86_64.String())
if err != nil {
panic(err)
@@ -139,7 +142,7 @@ func main() {
if err != nil {
panic(err)
}
- allRepos, err := rpmmd.LoadRepositories([]string{cwd}, "fedora-37")
+ allRepos, err := reporegistry.LoadRepositories([]string{cwd}, fedoraID)
if err != nil {
panic(err)
}
@@ -150,8 +153,9 @@ func main() {
}
rpmmdCache := path.Join(homeDir, ".cache/osbuild-composer/rpmmd")
- dr, _ := distroregistry.New(d, nil)
- s := store.New(&cwd, dr, nil)
+ df := distrofactory.New(fedora.DistroFactory)
+
+ s := store.New(&cwd, df, nil)
if s == nil {
panic("could not create store")
}
diff --git a/cmd/osbuild-worker/jobimpl-container-resolve.go b/cmd/osbuild-worker/jobimpl-container-resolve.go
index 002648b48..05af551f3 100644
--- a/cmd/osbuild-worker/jobimpl-container-resolve.go
+++ b/cmd/osbuild-worker/jobimpl-container-resolve.go
@@ -32,7 +32,7 @@ func (impl *ContainerResolveJobImpl) Run(job worker.Job) error {
resolver.AuthFilePath = impl.AuthFilePath
for _, s := range args.Specs {
- resolver.Add(container.SourceSpec{s.Source, s.Name, s.TLSVerify})
+ resolver.Add(container.SourceSpec{s.Source, s.Name, nil, s.TLSVerify, nil, nil})
}
specs, err := resolver.Finish()
diff --git a/distribution/Dockerfile-ubi b/distribution/Dockerfile-ubi
index fb6053f46..634a4e4a5 100644
--- a/distribution/Dockerfile-ubi
+++ b/distribution/Dockerfile-ubi
@@ -3,7 +3,7 @@ FROM registry.access.redhat.com/ubi9/go-toolset:latest AS builder
USER 0
# The go package `proglottis/gpgme` a dependency of `containers/image/v5` package
# uses `libgpgme` so we need to install it and its build dependencies
-RUN dnf install -y gpgme-devel libassuan-devel
+RUN dnf install -y gpgme-devel libassuan-devel device-mapper-devel
USER 1001
# ubi9/go-toolset defaults to uid 1001. Let's copy the files with this UID as well.
# Otherwise, VCS stamping will fail because git >= 2.35.2 refuses to work in
@@ -12,7 +12,7 @@ COPY --chown=1001 . .
ARG COMMIT
ENV LDFLAGS="${COMMIT:+-X \'github.com/osbuild/osbuild-composer/internal/common.GitRev=${COMMIT}\'}"
ENV LDFLAGS="${LDFLAGS:+-ldflags=\"${LDFLAGS}\"}"
-ENV GOFLAGS=-mod=vendor
+ENV GOFLAGS="-mod=vendor -tags=exclude_graphdriver_btrfs"
# if run without "sh -c", podman for some reason executes the command in a way,
# which results in the following error:
# [1/3] STEP 12/12: RUN go install ${LDFLAGS} ./cmd/osbuild-composer/
@@ -23,7 +23,10 @@ FROM registry.access.redhat.com/ubi9/go-toolset:latest AS builder2
RUN go install github.com/jackc/tern@latest
FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
-RUN microdnf install -y python3 python3-dnf
+# We need to manually install all dependencies of osbuild-composer manually
+# due to building the binary in a separate container and not installing an
+# actual RPM.
+RUN microdnf install -y python3 python3-dnf gpgme libassuan device-mapper-libs
RUN mkdir -p "/usr/libexec/osbuild-composer"
RUN mkdir -p "/etc/osbuild-composer/"
RUN mkdir -p "/run/osbuild-composer/"
diff --git a/go.mod b/go.mod
index 87f6613bf..7b4b61a49 100644
--- a/go.mod
+++ b/go.mod
@@ -16,7 +16,7 @@ require (
github.com/Azure/go-autorest/autorest v0.11.29
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12
github.com/BurntSushi/toml v1.3.2
- github.com/aws/aws-sdk-go v1.49.13
+ github.com/aws/aws-sdk-go v1.50.0
github.com/coreos/go-semver v0.3.1
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
github.com/deepmap/oapi-codegen v1.8.2
@@ -35,7 +35,7 @@ require (
github.com/labstack/gommon v0.4.2
github.com/openshift-online/ocm-sdk-go v0.1.390
github.com/oracle/oci-go-sdk/v54 v54.0.0
- github.com/osbuild/images v0.28.0
+ github.com/osbuild/images v0.33.0
github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1
github.com/osbuild/pulp-client v0.1.0
github.com/prometheus/client_golang v1.18.0
@@ -44,18 +44,19 @@ require (
github.com/spf13/cobra v1.8.0
github.com/stretchr/testify v1.8.4
github.com/ubccr/kerby v0.0.0-20170626144437-201a958fc453
- github.com/vmware/govmomi v0.34.1
+ github.com/vmware/govmomi v0.34.2
golang.org/x/exp v0.0.0-20231006140011-7918f672742d
- golang.org/x/oauth2 v0.15.0
- golang.org/x/sync v0.5.0
- golang.org/x/sys v0.15.0
- google.golang.org/api v0.154.0
+ golang.org/x/oauth2 v0.16.0
+ golang.org/x/sync v0.6.0
+ golang.org/x/sys v0.16.0
+ google.golang.org/api v0.157.0
)
require (
- cloud.google.com/go v0.110.10 // indirect
+ cloud.google.com/go v0.111.0 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v1.1.5 // indirect
+ dario.cat/mergo v1.0.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
@@ -67,6 +68,8 @@ require (
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
+ github.com/Microsoft/go-winio v0.6.1 // indirect
+ github.com/Microsoft/hcsshim v0.12.0-rc.1 // indirect
github.com/VividCortex/ewma v1.2.0 // indirect
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
@@ -74,12 +77,16 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
+ github.com/containerd/cgroups/v3 v3.0.2 // indirect
+ github.com/containerd/containerd v1.7.9 // indirect
+ github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
github.com/containers/common v0.57.1 // indirect
- github.com/containers/image/v5 v5.29.0 // indirect
+ github.com/containers/image/v5 v5.29.1 // indirect
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
github.com/containers/ocicrypt v1.1.9 // indirect
github.com/containers/storage v1.51.0 // indirect
github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
+ github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/distribution/reference v0.5.0 // indirect
@@ -104,12 +111,14 @@ require (
github.com/go-openapi/strfmt v0.21.7 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
github.com/go-openapi/validate v0.22.1 // indirect
+ github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
github.com/golang/glog v1.1.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/go-containerregistry v0.16.1 // indirect
+ github.com/google/go-intervals v0.0.2 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
@@ -139,10 +148,12 @@ require (
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
+ github.com/mattn/go-shellwords v1.0.12 // indirect
github.com/mattn/go-sqlite3 v1.14.18 // indirect
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
github.com/microcosm-cc/bluemonday v1.0.18 // indirect
github.com/miekg/pkcs11 v1.1.1 // indirect
+ github.com/mistifyio/go-zfs/v3 v3.0.1 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/moby/sys/mountinfo v0.7.1 // indirect
@@ -153,6 +164,8 @@ require (
github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
github.com/opencontainers/runc v1.1.10 // indirect
github.com/opencontainers/runtime-spec v1.1.0 // indirect
+ github.com/opencontainers/selinux v1.11.0 // indirect
+ github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f // indirect
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -168,7 +181,9 @@ require (
github.com/sony/gobreaker v0.4.2-0.20210216022020-dd874f9dd33b // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect
+ github.com/sylabs/sif/v2 v2.15.0 // indirect
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
+ github.com/tchap/go-patricia/v2 v2.3.1 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/ulikunitz/xz v0.5.11 // indirect
github.com/valyala/bytebufferpool v1.0.0 // indirect
@@ -183,20 +198,19 @@ require (
go.opentelemetry.io/otel v1.21.0 // indirect
go.opentelemetry.io/otel/metric v1.21.0 // indirect
go.opentelemetry.io/otel/trace v1.21.0 // indirect
- golang.org/x/crypto v0.17.0 // indirect
+ golang.org/x/crypto v0.18.0 // indirect
golang.org/x/mod v0.13.0 // indirect
- golang.org/x/net v0.19.0 // indirect
- golang.org/x/term v0.15.0 // indirect
+ golang.org/x/net v0.20.0 // indirect
+ golang.org/x/term v0.16.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.14.0 // indirect
- golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/appengine v1.6.8 // indirect
- google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4 // indirect
- google.golang.org/grpc v1.59.0 // indirect
- google.golang.org/protobuf v1.31.0 // indirect
+ google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
+ google.golang.org/grpc v1.60.1 // indirect
+ google.golang.org/protobuf v1.32.0 // indirect
gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index ed7d6f05e..fca2df50d 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.110.10 h1:LXy9GEO+timppncPIAZoOj3l58LIU9k+kn48AN7IO3Y=
-cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic=
+cloud.google.com/go v0.111.0 h1:YHLKNupSD1KqjDbQ3+LVdQ81h/UJbJyZG203cEfnQgM=
+cloud.google.com/go v0.111.0/go.mod h1:0mibmpKP1TyOOFYQY5izo0LnT+ecvOQ0Sg3OdmMiNRU=
cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
@@ -10,6 +10,8 @@ cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXE
cloud.google.com/go/storage v1.36.0 h1:P0mOkAcaJxhCTvAkMhxMfrTKiNcub4YmmPBtlhAyTr8=
cloud.google.com/go/storage v1.36.0/go.mod h1:M6M/3V/D3KpzMTJyPOR/HU6n2Si5QdaXYEsng2xgOs8=
dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
+dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774 h1:SCbEWT58NSt7d2mcFdvxC9uyrdcTfvBbPLThhkDmXzg=
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ=
@@ -61,6 +63,10 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
+github.com/Microsoft/hcsshim v0.12.0-rc.1 h1:Hy+xzYujv7urO5wrgcG58SPMOXNLrj4WCJbySs2XX/A=
+github.com/Microsoft/hcsshim v0.12.0-rc.1/go.mod h1:Y1a1S0QlYp1mBpyvGiuEdOfZqnao+0uX5AWHXQ5NhZU=
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
@@ -70,8 +76,8 @@ github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat6
github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.49.13 h1:f4mGztsgnx2dR9r8FQYa9YW/RsKb+N7bgef4UGrOW1Y=
-github.com/aws/aws-sdk-go v1.49.13/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go v1.50.0 h1:HBtrLeO+QyDKnc3t1+5DR1RxodOHCGr8ZcrHudpv7jI=
+github.com/aws/aws-sdk-go v1.50.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -86,10 +92,16 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
+github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
+github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
+github.com/containerd/containerd v1.7.9 h1:KOhK01szQbM80YfW1H6RZKh85PHGqY/9OcEZ35Je8sc=
+github.com/containerd/containerd v1.7.9/go.mod h1:0/W44LWEYfSHoxBtsHIiNU/duEkgpMokemafHVCpq9Y=
+github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
+github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
github.com/containers/common v0.57.1 h1:KWAs4PMPgBFmBV4QNbXhUB8TqvlgR95BJN2sbbXkWHY=
github.com/containers/common v0.57.1/go.mod h1:t/Z+/sFrapvFMEJe3YnecN49/Tae2wYEQShbEN6SRaU=
-github.com/containers/image/v5 v5.29.0 h1:9+nhS/ZM7c4Kuzu5tJ0NMpxrgoryOJ2HAYTgG8Ny7j4=
-github.com/containers/image/v5 v5.29.0/go.mod h1:kQ7qcDsps424ZAz24thD+x7+dJw1vgur3A9tTDsj97E=
+github.com/containers/image/v5 v5.29.1 h1:9COTXQpl3FgrW/jw/roLAWlW4TN9ly7/bCAKY76wYl8=
+github.com/containers/image/v5 v5.29.1/go.mod h1:kQ7qcDsps424ZAz24thD+x7+dJw1vgur3A9tTDsj97E=
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA=
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
github.com/containers/ocicrypt v1.1.9 h1:2Csfba4jse85Raxk5HIyEk8OwZNjRvfkhEGijOjIdEM=
@@ -108,6 +120,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc=
github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
+github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
+github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -228,6 +242,8 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
@@ -271,6 +287,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ=
github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
+github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM=
+github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=
github.com/google/pprof v0.0.0-20230323073829-e72429f035bd h1:r8yyd+DJDmsUhGrRBxH5Pj7KeFK5l+Y3FsgT8keqKtk=
@@ -279,6 +297,7 @@ github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
@@ -374,6 +393,7 @@ github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4d
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
github.com/klauspost/compress v1.17.3 h1:qkRjuerhUU1EmXLYGkSH6EZL+vPSxIrYjLNAK4slzwA=
@@ -432,6 +452,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
+github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
github.com/mattn/go-sqlite3 v1.14.18 h1:JL0eqdCOq6DJVNPSvArO/bIV9/P7fbGrV00LZHc+5aI=
github.com/mattn/go-sqlite3 v1.14.18/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
@@ -440,6 +462,8 @@ github.com/microcosm-cc/bluemonday v1.0.18 h1:6HcxvXDAi3ARt3slx6nTesbvorIc3QeTzB
github.com/microcosm-cc/bluemonday v1.0.18/go.mod h1:Z0r70sCuXHig8YpBzCc5eGHAap2K7e/u082ZUpDRRqM=
github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=
github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
+github.com/mistifyio/go-zfs/v3 v3.0.1 h1:YaoXgBePoMA12+S1u/ddkv+QqxcfiZK4prI6HPnkFiU=
+github.com/mistifyio/go-zfs/v3 v3.0.1/go.mod h1:CzVgeB0RvF2EGzQnytKVvVSDwmKJXxkOTUGbNrTja/k=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@@ -469,16 +493,20 @@ github.com/opencontainers/runc v1.1.10 h1:EaL5WeO9lv9wmS6SASjszOeQdSctvpbu0DdBQB
github.com/opencontainers/runc v1.1.10/go.mod h1:+/R6+KmDlh+hOO8NkjmgkG9Qzvypzk0yXxAPYYR65+M=
github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
+github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
github.com/openshift-online/ocm-sdk-go v0.1.390 h1:J6mqjOFiid1OQ9Gshr4hjCeJiX2UnvFIDlB1mwQxFmI=
github.com/openshift-online/ocm-sdk-go v0.1.390/go.mod h1:/+VFIw1iW2H0jEkFH4GnbL/liWareyzsL0w7mDIudB4=
github.com/oracle/oci-go-sdk/v54 v54.0.0 h1:CDLjeSejv2aDpElAJrhKpi6zvT/zhZCZuXchUUZ+LS4=
github.com/oracle/oci-go-sdk/v54 v54.0.0/go.mod h1:+t+yvcFGVp+3ZnztnyxqXfQDsMlq8U25faBLa+mqCMc=
-github.com/osbuild/images v0.28.0 h1:xKbBV8FkMobMUW66alk6eVkkjl5jF4gDNx8WWul6EHs=
-github.com/osbuild/images v0.28.0/go.mod h1:qWXkQRoeIuWn1v9Ibr2/tEjMSox0deP+MjUvkU14DZU=
+github.com/osbuild/images v0.33.0 h1:/3/eJc2awu9Tklb8hMdCyjVsYbF22UknktiS+cCjXhE=
+github.com/osbuild/images v0.33.0/go.mod h1:1oM2pbLkppS3jOqMQMJAVcx1agS3sEe7vD6uSS61ZeM=
github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1 h1:UFEJIcPa46W8gtWgOYzriRKYyy1t6SWL0BI7fPTuVvc=
github.com/osbuild/osbuild-composer/pkg/splunk_logger v0.0.0-20231117174845-e969a9dc3cd1/go.mod h1:z+WA+dX6qMwc7fqY5jCzESDIlg4WR2sBQezxsoXv9Ik=
github.com/osbuild/pulp-client v0.1.0 h1:L0C4ezBJGTamN3BKdv+rKLuq/WxXJbsFwz/Hj7aEmJ8=
github.com/osbuild/pulp-client v0.1.0/go.mod h1:rd/MLdfwwO2cQI1s056h8z32zAi3Bo90XhlAAryIvWc=
+github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f h1:/UDgs8FGMqwnHagNDPGOlts35QkhAZ8by3DR7nMih7M=
+github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
@@ -512,10 +540,12 @@ github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OK
github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/sebdah/goldie/v2 v2.5.3 h1:9ES/mNN+HNUbNWpVAlrzuZ7jE+Nrczbj8uFRjM7624Y=
github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg=
github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI=
github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
+github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
@@ -557,8 +587,12 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/sylabs/sif/v2 v2.15.0 h1:Nv0tzksFnoQiQ2eUwpAis9nVqEu4c3RcNSxX8P3Cecw=
+github.com/sylabs/sif/v2 v2.15.0/go.mod h1:X1H7eaPz6BAxA84POMESXoXfTqgAnLQkujyF/CQFWTc=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
+github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=
+github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k=
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=
@@ -579,8 +613,8 @@ github.com/vbauerster/mpb/v8 v8.6.2 h1:9EhnJGQRtvgDVCychJgR96EDCOqgg2NsMuk5JUcX4
github.com/vbauerster/mpb/v8 v8.6.2/go.mod h1:oVJ7T+dib99kZ/VBjoBaC8aPXiSAihnzuKmotuihyFo=
github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
-github.com/vmware/govmomi v0.34.1 h1:Hqu2Uke2itC+cNoIcFQBLEZvX9wBRTTOP04J7V1fqRw=
-github.com/vmware/govmomi v0.34.1/go.mod h1:qWWT6n9mdCr/T9vySsoUqcI04sSEj4CqHXxtk/Y+Los=
+github.com/vmware/govmomi v0.34.2 h1:o6ydkTVITOkpQU6HAf6tP5GvHFCNJlNUNlMsvFK77X4=
+github.com/vmware/govmomi v0.34.2/go.mod h1:qWWT6n9mdCr/T9vySsoUqcI04sSEj4CqHXxtk/Y+Los=
github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
@@ -590,6 +624,8 @@ github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMc
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
@@ -609,6 +645,7 @@ go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
+go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o=
go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
@@ -643,8 +680,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
@@ -654,6 +691,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
@@ -664,7 +703,9 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@@ -673,21 +714,22 @@ golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qx
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
-golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
+golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -716,14 +758,14 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -756,6 +798,8 @@ golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtn
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
@@ -766,9 +810,8 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
-golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
-google.golang.org/api v0.154.0 h1:X7QkVKZBskztmpPKWQXgjJRPA2dJYrL6r+sYPRLj050=
-google.golang.org/api v0.154.0/go.mod h1:qhSMkM85hgqiokIYsrRyKxrjfBeIhgl4Z2JmeRkYylc=
+google.golang.org/api v0.157.0 h1:ORAeqmbrrozeyw5NjnMxh7peHO0UzV4wWYSwZeCUb20=
+google.golang.org/api v0.157.0/go.mod h1:+z4v4ufbZ1WEpld6yMGHyggs+PmAHiaLNj5ytP3N01g=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
@@ -776,19 +819,19 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f h1:Vn+VyHU5guc9KjB5KrjI2q0wCOWEOIh0OEsleqakHJg=
-google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f/go.mod h1:nWSwAFPb+qfNJXsoeO3Io7zf4tMSfN8EA8RlDA04GhY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f h1:2yNACc1O40tTnrsbk9Cv6oxiW8pxI/pXj0wRtdlYmgY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f/go.mod h1:Uy9bTZJqmfrw2rIBxgGLnamc78euZULUBrLZ9XTITKI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4 h1:DC7wcm+i+P1rN3Ff07vL+OndGg5OhNddHyTA+ocPqYE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4/go.mod h1:eJVxU6o+4G1PSczBr85xmyvSNYAKvAYgkub40YGomFM=
+google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 h1:nz5NESFLZbJGPFxDT/HCn+V1mZ8JGNoY4nUpmW/Y2eg=
+google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917/go.mod h1:pZqR+glSb11aJ+JQcczCvgf47+duRuzNSKqE8YAQnV0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM=
+google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac h1:nUQEQmH/csSvFECKYRv6HWEyypysidKl2I6Qpsglq/0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:daQN87bsDqDoe316QbbvX60nMoJQa4r6Ds0ZuoAe5yA=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
-google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU=
+google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -800,8 +843,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
+google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/alexcesaro/statsd.v2 v2.0.0 h1:FXkZSCZIH17vLCO5sO2UucTHsH9pc+17F6pl3JVCwMc=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -825,6 +868,8 @@ gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
diff --git a/internal/blueprint/blueprint.go b/internal/blueprint/blueprint.go
index 3df6a5782..b7a428edf 100644
--- a/internal/blueprint/blueprint.go
+++ b/internal/blueprint/blueprint.go
@@ -45,10 +45,12 @@ type Group struct {
}
type Container struct {
- Source string `json:"source" toml:"source"`
+ Source string `json:"source,omitempty" toml:"source"`
Name string `json:"name,omitempty" toml:"name,omitempty"`
- TLSVerify *bool `json:"tls-verify,omitempty" toml:"tls-verify,omitempty"`
+ TLSVerify *bool `json:"tls-verify,omitempty" toml:"tls-verify,omitempty"`
+ ContainersTransport *string `json:"containers-transport,omitempty" toml:"containers-transport,omitempty"`
+ StoragePath *string `json:"source-path,omitempty" toml:"source-path,omitempty"`
}
// DeepCopy returns a deep copy of the blueprint
diff --git a/internal/client/unit_test.go b/internal/client/unit_test.go
index c4b0f76fa..28cd5e11e 100644
--- a/internal/client/unit_test.go
+++ b/internal/client/unit_test.go
@@ -17,12 +17,11 @@ import (
"testing"
"github.com/osbuild/images/pkg/distro/test_distro"
- "github.com/osbuild/images/pkg/distroregistry"
+ "github.com/osbuild/images/pkg/reporegistry"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/osbuild-composer/internal/dnfjson"
dnfjson_mock "github.com/osbuild/osbuild-composer/internal/mocks/dnfjson"
rpmmd_mock "github.com/osbuild/osbuild-composer/internal/mocks/rpmmd"
- "github.com/osbuild/osbuild-composer/internal/reporegistry"
"github.com/osbuild/osbuild-composer/internal/weldr"
)
@@ -63,38 +62,28 @@ func executeTests(m *testing.M) int {
if err != nil {
panic(err)
}
- fixture := rpmmd_mock.BaseFixture(path.Join(tmpdir, "/jobs"))
+ fixture := rpmmd_mock.BaseFixture(path.Join(tmpdir, "/jobs"), test_distro.TestDistro1Name, test_distro.TestArchName)
+ defer fixture.StoreFixture.Cleanup()
- distro1 := test_distro.New()
- arch, err := distro1.GetArch(test_distro.TestArchName)
- if err != nil {
- panic(err)
- }
- distro2 := test_distro.NewTestDistro("test-distro-2", "platform:test-2", "2")
- _, err = fixture.Workers.RegisterWorker(arch.Name())
+ _, err = fixture.Workers.RegisterWorker(fixture.StoreFixture.HostArchName)
if err != nil {
panic(err)
}
rr := reporegistry.NewFromDistrosRepoConfigs(rpmmd.DistrosRepoConfigs{
- test_distro.TestDistroName: {
- test_distro.TestArchName: {
+ fixture.StoreFixture.HostDistroName: {
+ fixture.StoreFixture.HostArchName: {
{Name: "test-system-repo", BaseURLs: []string{"http://example.com/test/os/test_arch"}},
},
},
})
- dr, err := distroregistry.New(distro1, distro1, distro2)
- if err != nil {
- panic(err)
- }
-
dspath, err := os.MkdirTemp(tmpdir, "")
dnfjsonFixture := dnfjson_mock.Base(dspath)
solver := dnfjson.NewBaseSolver(path.Join(tmpdir, "dnfjson-cache"))
solver.SetDNFJSONPath(dnfjsonPath, dnfjsonFixture)
logger := log.New(os.Stdout, "", 0)
- api := weldr.NewTestAPI(solver, arch, dr, rr, logger, fixture.Store, fixture.Workers, "", nil)
+ api := weldr.NewTestAPI(solver, rr, logger, fixture.StoreFixture, fixture.Workers, "", nil)
server := http.Server{Handler: api}
defer server.Close()
diff --git a/internal/cloudapi/server.go b/internal/cloudapi/server.go
index a6fa0f4d3..1fcda0b39 100644
--- a/internal/cloudapi/server.go
+++ b/internal/cloudapi/server.go
@@ -3,7 +3,7 @@ package cloudapi
import (
"net/http"
- "github.com/osbuild/images/pkg/distroregistry"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/osbuild-composer/internal/worker"
v2 "github.com/osbuild/osbuild-composer/internal/cloudapi/v2"
@@ -13,7 +13,7 @@ type Server struct {
v2 *v2.Server
}
-func NewServer(workers *worker.Server, distros *distroregistry.Registry, config v2.ServerConfig) *Server {
+func NewServer(workers *worker.Server, distros *distrofactory.Factory, config v2.ServerConfig) *Server {
server := &Server{
v2: v2.NewServer(workers, distros, config),
}
diff --git a/internal/cloudapi/v2/imagerequest_test.go b/internal/cloudapi/v2/imagerequest_test.go
index ce2a50cdf..773a8aa03 100644
--- a/internal/cloudapi/v2/imagerequest_test.go
+++ b/internal/cloudapi/v2/imagerequest_test.go
@@ -3,6 +3,7 @@ package v2
import (
"testing"
+ "github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/distro/rhel9"
"github.com/osbuild/images/pkg/distro/test_distro"
"github.com/osbuild/osbuild-composer/internal/blueprint"
@@ -14,7 +15,8 @@ import (
)
func TestImageRequestSize(t *testing.T) {
- distro := test_distro.New()
+ distro := test_distro.DistroFactory(test_distro.TestDistro1Name)
+ require.NotNil(t, distro)
arch, err := distro.GetArch(test_distro.TestArchName)
if err != nil {
panic(err)
@@ -135,8 +137,9 @@ func TestGetOstreeOptions(t *testing.T) {
func TestGetTargets(t *testing.T) {
at := assert.New(t)
- r9 := rhel9.NewRHEL93()
- arch, err := r9.GetArch("x86_64")
+ r9 := rhel9.DistroFactory("rhel-9.3")
+ require.NotNil(t, r9)
+ arch, err := r9.GetArch(arch.ARCH_X86_64.String())
at.NoError(err)
cr := &ComposeRequest{
diff --git a/internal/cloudapi/v2/server.go b/internal/cloudapi/v2/server.go
index 22644412c..499e80727 100644
--- a/internal/cloudapi/v2/server.go
+++ b/internal/cloudapi/v2/server.go
@@ -21,7 +21,7 @@ import (
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/distro"
- "github.com/osbuild/images/pkg/distroregistry"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/images/pkg/manifest"
"github.com/osbuild/images/pkg/ostree"
"github.com/osbuild/osbuild-composer/internal/auth"
@@ -36,7 +36,7 @@ import (
// Server represents the state of the cloud Server
type Server struct {
workers *worker.Server
- distros *distroregistry.Registry
+ distros *distrofactory.Factory
config ServerConfig
router routers.Router
@@ -50,7 +50,7 @@ type ServerConfig struct {
JWTEnabled bool
}
-func NewServer(workers *worker.Server, distros *distroregistry.Registry, config ServerConfig) *Server {
+func NewServer(workers *worker.Server, distros *distrofactory.Factory, config ServerConfig) *Server {
ctx, cancel := context.WithCancel(context.Background())
spec, err := GetSwagger()
if err != nil {
diff --git a/internal/cloudapi/v2/v2_koji_test.go b/internal/cloudapi/v2/v2_koji_test.go
index 7a2fa3c34..463b841bb 100644
--- a/internal/cloudapi/v2/v2_koji_test.go
+++ b/internal/cloudapi/v2/v2_koji_test.go
@@ -48,7 +48,7 @@ func TestKojiCompose(t *testing.T) {
},
buildResult: worker.OSBuildJobResult{
Arch: test_distro.TestArchName,
- HostOS: test_distro.TestDistroName,
+ HostOS: test_distro.TestDistro1Name,
TargetResults: []*target.TargetResult{target.NewKojiTargetResult(&target.KojiTargetResultOptions{
Image: &target.KojiOutputInfo{
Filename: "test.img",
@@ -92,7 +92,7 @@ func TestKojiCompose(t *testing.T) {
},
buildResult: worker.OSBuildJobResult{
Arch: test_distro.TestArchName,
- HostOS: test_distro.TestDistroName,
+ HostOS: test_distro.TestDistro1Name,
TargetResults: []*target.TargetResult{target.NewKojiTargetResult(&target.KojiTargetResultOptions{
Image: &target.KojiOutputInfo{
Filename: "test.img",
@@ -136,7 +136,7 @@ func TestKojiCompose(t *testing.T) {
},
buildResult: worker.OSBuildJobResult{
Arch: test_distro.TestArchName,
- HostOS: test_distro.TestDistroName,
+ HostOS: test_distro.TestDistro1Name,
TargetResults: []*target.TargetResult{target.NewKojiTargetResult(&target.KojiTargetResultOptions{
Image: &target.KojiOutputInfo{
Filename: "test.img",
@@ -179,7 +179,7 @@ func TestKojiCompose(t *testing.T) {
},
buildResult: worker.OSBuildJobResult{
Arch: test_distro.TestArchName,
- HostOS: test_distro.TestDistroName,
+ HostOS: test_distro.TestDistro1Name,
TargetResults: []*target.TargetResult{target.NewKojiTargetResult(&target.KojiTargetResultOptions{
Image: &target.KojiOutputInfo{
Filename: "test.img",
@@ -224,7 +224,7 @@ func TestKojiCompose(t *testing.T) {
},
buildResult: worker.OSBuildJobResult{
Arch: test_distro.TestArchName,
- HostOS: test_distro.TestDistroName,
+ HostOS: test_distro.TestDistro1Name,
TargetResults: []*target.TargetResult{target.NewKojiTargetResult(&target.KojiTargetResultOptions{
Image: &target.KojiOutputInfo{
Filename: "test.img",
@@ -280,7 +280,7 @@ func TestKojiCompose(t *testing.T) {
},
buildResult: worker.OSBuildJobResult{
Arch: test_distro.TestArchName,
- HostOS: test_distro.TestDistroName,
+ HostOS: test_distro.TestDistro1Name,
TargetResults: []*target.TargetResult{target.NewKojiTargetResult(&target.KojiTargetResultOptions{
Image: &target.KojiOutputInfo{
Filename: "test.img",
@@ -328,7 +328,7 @@ func TestKojiCompose(t *testing.T) {
},
buildResult: worker.OSBuildJobResult{
Arch: test_distro.TestArchName,
- HostOS: test_distro.TestDistroName,
+ HostOS: test_distro.TestDistro1Name,
TargetResults: []*target.TargetResult{target.NewKojiTargetResult(&target.KojiTargetResultOptions{
Image: &target.KojiOutputInfo{
Filename: "test.img",
@@ -407,7 +407,7 @@ func TestKojiCompose(t *testing.T) {
"release":"%[6]s",
"task_id": 42
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesGuestImage), name, version, release),
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesGuestImage), name, version, release),
c.composeReplyCode, c.composeReply, "id", "operation_id")
// determine the compose ID from the reply
@@ -477,7 +477,7 @@ func TestKojiCompose(t *testing.T) {
"success": true
}
}
- }`, test_distro.TestArch3Name, test_distro.TestDistroName)
+ }`, test_distro.TestArch3Name, test_distro.TestDistro1Name)
}
test.TestRoute(t, workerHandler, false, "PATCH", fmt.Sprintf("/api/worker/v1/jobs/%v", token), buildJobResult, http.StatusOK,
diff --git a/internal/cloudapi/v2/v2_multi_tenancy_test.go b/internal/cloudapi/v2/v2_multi_tenancy_test.go
index 22e79de83..5a4866d61 100644
--- a/internal/cloudapi/v2/v2_multi_tenancy_test.go
+++ b/internal/cloudapi/v2/v2_multi_tenancy_test.go
@@ -16,7 +16,7 @@ import (
"github.com/osbuild/osbuild-composer/pkg/jobqueue"
"github.com/osbuild/images/pkg/distro/test_distro"
- "github.com/osbuild/osbuild-composer/internal/cloudapi/v2"
+ v2 "github.com/osbuild/osbuild-composer/internal/cloudapi/v2"
"github.com/osbuild/osbuild-composer/internal/test"
"github.com/osbuild/osbuild-composer/internal/worker"
)
@@ -43,7 +43,7 @@ func kojiRequest() string {
"version":"1",
"release":"2"
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesGuestImage))
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesGuestImage))
}
func s3Request() string {
@@ -64,7 +64,7 @@ func s3Request() string {
}
}
]
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesGuestImage))
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesGuestImage))
}
var reqContextCallCount = 0
diff --git a/internal/cloudapi/v2/v2_test.go b/internal/cloudapi/v2/v2_test.go
index 32c1cfc95..63ff6274d 100644
--- a/internal/cloudapi/v2/v2_test.go
+++ b/internal/cloudapi/v2/v2_test.go
@@ -14,12 +14,12 @@ import (
"github.com/osbuild/osbuild-composer/pkg/jobqueue"
"github.com/osbuild/images/pkg/distro/test_distro"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/ostree/mock_ostree_repo"
"github.com/osbuild/images/pkg/rpmmd"
v2 "github.com/osbuild/osbuild-composer/internal/cloudapi/v2"
"github.com/osbuild/osbuild-composer/internal/jobqueue/fsjobqueue"
- distro_mock "github.com/osbuild/osbuild-composer/internal/mocks/distro"
"github.com/osbuild/osbuild-composer/internal/target"
"github.com/osbuild/osbuild-composer/internal/test"
"github.com/osbuild/osbuild-composer/internal/worker"
@@ -31,8 +31,7 @@ func newV2Server(t *testing.T, dir string, depsolveChannels []string, enableJWT
require.NoError(t, err)
workerServer := worker.NewServer(nil, q, worker.Config{BasePath: "/api/worker/v1", JWTEnabled: enableJWT, TenantProviderFields: []string{"rh-org-id", "account_id"}})
- distros, err := distro_mock.NewDefaultRegistry()
- require.NoError(t, err)
+ distros := distrofactory.NewTestDefault()
require.NotNil(t, distros)
config := v2.ServerConfig{
@@ -50,7 +49,7 @@ func newV2Server(t *testing.T, dir string, depsolveChannels []string, enableJWT
go func() {
defer wg.Done()
for {
- _, token, _, _, _, err := workerServer.RequestJob(depsolveContext, test_distro.TestDistroName, []string{worker.JobTypeDepsolve}, depsolveChannels, uuid.Nil)
+ _, token, _, _, _, err := workerServer.RequestJob(depsolveContext, test_distro.TestArchName, []string{worker.JobTypeDepsolve}, depsolveChannels, uuid.Nil)
select {
case <-depsolveContext.Done():
return
@@ -87,7 +86,7 @@ func newV2Server(t *testing.T, dir string, depsolveChannels []string, enableJWT
go func() {
defer wg.Done()
for {
- _, token, _, _, _, err := workerServer.RequestJob(ostreeResolveContext, test_distro.TestDistroName, []string{worker.JobTypeOSTreeResolve}, depsolveChannels, uuid.Nil)
+ _, token, _, _, _, err := workerServer.RequestJob(ostreeResolveContext, test_distro.TestDistro1Name, []string{worker.JobTypeOSTreeResolve}, depsolveChannels, uuid.Nil)
select {
case <-ostreeResolveContext.Done():
return
@@ -189,8 +188,10 @@ func TestCompose(t *testing.T) {
srv, _, _, cancel := newV2Server(t, t.TempDir(), []string{""}, false, false)
defer cancel()
+ testDistro := test_distro.DistroFactory(test_distro.TestDistro1Name)
+ require.NotNil(t, testDistro)
// create two ostree repos, one to serve the default test_distro ref (for fallback tests) and one to serve a custom ref
- ostreeRepoDefault := mock_ostree_repo.Setup(test_distro.New().OSTreeRef())
+ ostreeRepoDefault := mock_ostree_repo.Setup(testDistro.OSTreeRef())
defer ostreeRepoDefault.TearDown()
ostreeRepoOther := mock_ostree_repo.Setup("some/other/ref")
defer ostreeRepoOther.TearDown()
@@ -235,7 +236,7 @@ func TestCompose(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName), http.StatusBadRequest, `
+ }`, testDistro.Name()), http.StatusBadRequest, `
{
"href": "/api/image-builder-composer/v2/errors/5",
"id": "5",
@@ -259,7 +260,7 @@ func TestCompose(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusBadRequest, `
+ }`, testDistro.Name(), test_distro.TestArch3Name), http.StatusBadRequest, `
{
"href": "/api/image-builder-composer/v2/errors/30",
"id": "30",
@@ -283,7 +284,7 @@ func TestCompose(t *testing.T) {
// "region": "eu-central-1"
// }
// }]
- // }`, test_distro.TestDistroName, test_distro.TestArch3Name, test_distro.TestImageTypeName), http.StatusMethodNotAllowed, `
+ // }`, testDistro.Name(), test_distro.TestArch3Name, test_distro.TestImageTypeName), http.StatusMethodNotAllowed, `
// {
// "href": "/api/image-builder-composer/v2/errors/22",
// "id": "22",
@@ -307,7 +308,7 @@ func TestCompose(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, testDistro.Name(), test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -331,7 +332,7 @@ func TestCompose(t *testing.T) {
}
}]
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, testDistro.Name(), test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -358,7 +359,7 @@ func TestCompose(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, testDistro.Name(), test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -383,7 +384,7 @@ func TestCompose(t *testing.T) {
"rhsm": false
}]
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, testDistro.Name(), test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -409,7 +410,7 @@ func TestCompose(t *testing.T) {
"ref": "rhel/10/x86_64/edge"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, testDistro.Name(), test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -439,7 +440,7 @@ func TestCompose(t *testing.T) {
"ref": "rhel/10/x86_64/edge"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, testDistro.Name(), test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -463,7 +464,7 @@ func TestCompose(t *testing.T) {
"url": "%s"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, ostreeRepoDefault.Server.URL), http.StatusCreated, `
+ }`, testDistro.Name(), test_distro.TestArch3Name, ostreeRepoDefault.Server.URL), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -488,7 +489,7 @@ func TestCompose(t *testing.T) {
"url": "%s"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, ostreeRepoDefault.OSTreeRef, ostreeRepoDefault.Server.URL), http.StatusCreated, `
+ }`, testDistro.Name(), test_distro.TestArch3Name, ostreeRepoDefault.OSTreeRef, ostreeRepoDefault.Server.URL), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -513,7 +514,7 @@ func TestCompose(t *testing.T) {
"url": "%s"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, ostreeRepoDefault.OSTreeRef, ostreeRepoDefault.Server.URL), http.StatusCreated, `
+ }`, testDistro.Name(), test_distro.TestArch3Name, ostreeRepoDefault.OSTreeRef, ostreeRepoDefault.Server.URL), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -539,7 +540,7 @@ func TestCompose(t *testing.T) {
"ref": "a/new/ref"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, ostreeRepoOther.OSTreeRef, ostreeRepoOther.Server.URL), http.StatusCreated, `
+ }`, testDistro.Name(), test_distro.TestArch3Name, ostreeRepoOther.OSTreeRef, ostreeRepoOther.Server.URL), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -567,7 +568,7 @@ func TestCompose(t *testing.T) {
"rhsm": true
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, ostreeRepoOther.OSTreeRef, ostreeRepoOther.Server.URL, fmt.Sprintf("%s/content", ostreeRepoOther.Server.URL)), http.StatusCreated, `
+ }`, testDistro.Name(), test_distro.TestArch3Name, ostreeRepoOther.OSTreeRef, ostreeRepoOther.Server.URL, fmt.Sprintf("%s/content", ostreeRepoOther.Server.URL)), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -592,7 +593,7 @@ func TestComposeStatusSuccess(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -703,7 +704,7 @@ func TestComposeStatusFailure(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -774,7 +775,7 @@ func TestComposeJobError(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -839,7 +840,7 @@ func TestComposeDependencyError(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -912,7 +913,7 @@ func TestComposeTargetErrors(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1085,7 +1086,7 @@ func TestComposeCustomizations(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1121,7 +1122,7 @@ func TestComposeRhcSubscription(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1148,7 +1149,7 @@ func TestImageTypes(t *testing.T) {
"share_with_accounts": ["123456789012","234567890123"]
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesAws)), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesAws)), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1169,7 +1170,7 @@ func TestImageTypes(t *testing.T) {
"share_with_accounts": ["123456789012","234567890123"]
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesAws)), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesAws)), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1188,7 +1189,7 @@ func TestImageTypes(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesEdgeCommit)), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesEdgeCommit)), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1207,7 +1208,7 @@ func TestImageTypes(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesEdgeInstaller)), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesEdgeInstaller)), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1229,7 +1230,7 @@ func TestImageTypes(t *testing.T) {
"location": "westeurope"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesAzure)), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesAzure)), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1250,7 +1251,7 @@ func TestImageTypes(t *testing.T) {
"share_with_accounts": ["user:alice@example.com"]
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesGcp)), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesGcp)), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1269,7 +1270,7 @@ func TestImageTypes(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesImageInstaller)), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesImageInstaller)), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1288,7 +1289,7 @@ func TestImageTypes(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesGuestImage)), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesGuestImage)), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1307,7 +1308,7 @@ func TestImageTypes(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name, string(v2.ImageTypesVsphere)), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name, string(v2.ImageTypesVsphere)), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
@@ -1332,7 +1333,7 @@ func TestImageFromCompose(t *testing.T) {
"region": "eu-central-1"
}
}
- }`, test_distro.TestDistroName, test_distro.TestArch3Name), http.StatusCreated, `
+ }`, test_distro.TestDistro1Name, test_distro.TestArch3Name), http.StatusCreated, `
{
"href": "/api/image-builder-composer/v2/compose",
"kind": "ComposeId"
diff --git a/internal/mocks/distro/distro_mock.go b/internal/mocks/distro/distro_mock.go
deleted file mode 100644
index 90621e26e..000000000
--- a/internal/mocks/distro/distro_mock.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package distro_mock
-
-import (
- "github.com/osbuild/images/pkg/distro/test_distro"
- "github.com/osbuild/images/pkg/distroregistry"
-)
-
-func NewDefaultRegistry() (*distroregistry.Registry, error) {
- testDistro := test_distro.New()
- if testDistro == nil {
- panic("Attempt to register test distro failed")
- }
- return distroregistry.New(nil, testDistro)
-}
diff --git a/internal/mocks/rpmmd/fixtures.go b/internal/mocks/rpmmd/fixtures.go
index f5c8896fb..6f0d22f1c 100644
--- a/internal/mocks/rpmmd/fixtures.go
+++ b/internal/mocks/rpmmd/fixtures.go
@@ -10,7 +10,7 @@ import (
"github.com/osbuild/osbuild-composer/internal/worker"
)
-type FixtureGenerator func(tmpdir string) Fixture
+type FixtureGenerator func(tmpdir, hostDistroName, hostArchName string) Fixture
func createBaseWorkersFixture(tmpdir string) *worker.Server {
q, err := fsjobqueue.New(tmpdir)
@@ -20,55 +20,55 @@ func createBaseWorkersFixture(tmpdir string) *worker.Server {
return worker.NewServer(nil, q, worker.Config{BasePath: "/api/worker/v1"})
}
-func BaseFixture(tmpdir string) Fixture {
+func BaseFixture(tmpdir, hostDistroName, hostArchName string) Fixture {
return Fixture{
- store.FixtureBase(),
+ store.FixtureBase(hostDistroName, hostArchName),
createBaseWorkersFixture(tmpdir),
dnfjson_mock.Base,
}
}
-func NoComposesFixture(tmpdir string) Fixture {
+func NoComposesFixture(tmpdir, hostDistroName, hostArchName string) Fixture {
return Fixture{
- store.FixtureEmpty(),
+ store.FixtureEmpty(hostDistroName, hostArchName),
createBaseWorkersFixture(tmpdir),
dnfjson_mock.Base,
}
}
-func NonExistingPackage(tmpdir string) Fixture {
+func NonExistingPackage(tmpdir, hostDistroName, hostArchName string) Fixture {
return Fixture{
- store.FixtureBase(),
+ store.FixtureBase(hostDistroName, hostArchName),
createBaseWorkersFixture(tmpdir),
dnfjson_mock.NonExistingPackage,
}
}
-func BadDepsolve(tmpdir string) Fixture {
+func BadDepsolve(tmpdir, hostDistroName, hostArchName string) Fixture {
return Fixture{
- store.FixtureBase(),
+ store.FixtureBase(hostDistroName, hostArchName),
createBaseWorkersFixture(tmpdir),
dnfjson_mock.BadDepsolve,
}
}
-func BadFetch(tmpdir string) Fixture {
+func BadFetch(tmpdir, hostDistroName, hostArchName string) Fixture {
return Fixture{
- store.FixtureBase(),
+ store.FixtureBase(hostDistroName, hostArchName),
createBaseWorkersFixture(tmpdir),
dnfjson_mock.BadFetch,
}
}
-func OldChangesFixture(tmpdir string) Fixture {
+func OldChangesFixture(tmpdir, hostDistroName, hostArchName string) Fixture {
return Fixture{
- store.FixtureOldChanges(),
+ store.FixtureOldChanges(hostDistroName, hostArchName),
createBaseWorkersFixture(tmpdir),
dnfjson_mock.Base,
}
}
-func BadJobJSONFixture(tmpdir string) Fixture {
+func BadJobJSONFixture(tmpdir, hostDistroName, hostArchName string) Fixture {
err := os.Mkdir(path.Join(tmpdir, "/jobs"), 0755)
if err != nil {
panic(err)
@@ -79,7 +79,7 @@ func BadJobJSONFixture(tmpdir string) Fixture {
}
return Fixture{
- store.FixtureJobs(),
+ store.FixtureJobs(hostDistroName, hostArchName),
createBaseWorkersFixture(path.Join(tmpdir, "/jobs")),
dnfjson_mock.Base,
}
diff --git a/internal/mocks/rpmmd/rpmmd_mock.go b/internal/mocks/rpmmd/rpmmd_mock.go
index cf529d366..778e8823f 100644
--- a/internal/mocks/rpmmd/rpmmd_mock.go
+++ b/internal/mocks/rpmmd/rpmmd_mock.go
@@ -7,7 +7,7 @@ import (
)
type Fixture struct {
- *store.Store
- Workers *worker.Server
+ StoreFixture *store.Fixture
+ Workers *worker.Server
dnfjson_mock.ResponseGenerator
}
diff --git a/internal/reporegistry/reporegistry_test.go b/internal/reporegistry/reporegistry_test.go
deleted file mode 100644
index 32a4cdf05..000000000
--- a/internal/reporegistry/reporegistry_test.go
+++ /dev/null
@@ -1,393 +0,0 @@
-package reporegistry
-
-import (
- "reflect"
- "testing"
-
- "github.com/osbuild/images/pkg/distro"
- "github.com/osbuild/images/pkg/distro/test_distro"
- "github.com/osbuild/images/pkg/rpmmd"
- "github.com/stretchr/testify/assert"
-)
-
-func getTestingRepoRegistry() *RepoRegistry {
- return &RepoRegistry{
- map[string]map[string][]rpmmd.RepoConfig{
- test_distro.TestDistroName: {
- test_distro.TestArchName: {
- {
- Name: "baseos",
- BaseURLs: []string{"https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os"},
- },
- {
- Name: "appstream",
- BaseURLs: []string{"https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os"},
- },
- },
- test_distro.TestArch2Name: {
- {
- Name: "baseos",
- BaseURLs: []string{"https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os"},
- },
- {
- Name: "appstream",
- BaseURLs: []string{"https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os"},
- ImageTypeTags: []string{},
- },
- {
- Name: "google-compute-engine",
- BaseURLs: []string{"https://packages.cloud.google.com/yum/repos/google-compute-engine-el8-x86_64-stable"},
- ImageTypeTags: []string{test_distro.TestImageType2Name},
- },
- {
- Name: "google-cloud-sdk",
- BaseURLs: []string{"https://packages.cloud.google.com/yum/repos/cloud-sdk-el8-x86_64"},
- ImageTypeTags: []string{test_distro.TestImageType2Name},
- },
- },
- },
- },
- }
-}
-
-func TestReposByImageType_reposByImageTypeName(t *testing.T) {
- rr := getTestingRepoRegistry()
- testDistro := test_distro.New()
-
- ta, _ := testDistro.GetArch(test_distro.TestArchName)
- ta2, _ := testDistro.GetArch(test_distro.TestArch2Name)
-
- ta_it, _ := ta.GetImageType(test_distro.TestImageTypeName)
-
- ta2_it, _ := ta2.GetImageType(test_distro.TestImageTypeName)
- ta2_it2, _ := ta2.GetImageType(test_distro.TestImageType2Name)
-
- type args struct {
- input distro.ImageType
- }
- tests := []struct {
- name string
- args args
- want []string
- }{
- {
- name: "NoAdditionalReposNeeded_NoAdditionalReposDefined",
- args: args{
- input: ta_it,
- },
- want: []string{"baseos", "appstream"},
- },
- {
- name: "NoAdditionalReposNeeded_AdditionalReposDefined",
- args: args{
- input: ta2_it,
- },
- want: []string{"baseos", "appstream"},
- },
- {
- name: "AdditionalReposNeeded_AdditionalReposDefined",
- args: args{
- input: ta2_it2,
- },
- want: []string{"baseos", "appstream", "google-compute-engine", "google-cloud-sdk"},
- },
- }
- for _, tt := range tests {
- t.Run(tt.name, func(t *testing.T) {
- got, err := rr.ReposByImageType(tt.args.input)
- assert.Nil(t, err)
-
- var gotNames []string
- for _, r := range got {
- gotNames = append(gotNames, r.Name)
- }
-
- if !reflect.DeepEqual(gotNames, tt.want) {
- t.Errorf("ReposByImageType() =\n got: %#v\n want: %#v", gotNames, tt.want)
- }
-
- got, err = rr.reposByImageTypeName(tt.args.input.Arch().Distro().Name(), tt.args.input.Arch().Name(), tt.args.input.Name())
- assert.Nil(t, err)
- gotNames = []string{}
- for _, r := range got {
- gotNames = append(gotNames, r.Name)
- }
-
- if !reflect.DeepEqual(gotNames, tt.want) {
- t.Errorf("reposByImageTypeName() =\n got: %#v\n want: %#v", gotNames, tt.want)
- }
- })
- }
-}
-
-// TestInvalidReposByImageType tests return values from ReposByImageType
-// for invalid values
-func TestInvalidReposByImageType(t *testing.T) {
- rr := getTestingRepoRegistry()
-
- ti := test_distro.TestImageType{}
-
- repos, err := rr.ReposByImageType(&ti)
- assert.Nil(t, repos)
- assert.NotNil(t, err)
-}
-
-// TestInvalidreposByImageTypeName tests return values from reposByImageTypeName
-// for invalid distro name, arch and image type
-func TestInvalidreposByImageTypeName(t *testing.T) {
- rr := getTestingRepoRegistry()
-
- type args struct {
- distro string
- arch string
- imageType string
- }
- tests := []struct {
- name string
- args args
- want func(repos []rpmmd.RepoConfig, err error) bool
- }{
- {
- name: "invalid distro, valid arch and image type",
- args: args{
- distro: test_distro.TestDistroName + "-invalid",
- arch: test_distro.TestArchName,
- imageType: test_distro.TestImageTypeName,
- },
- want: func(repos []rpmmd.RepoConfig, err error) bool {
- // the list of repos should be nil and an error should be returned
- if repos != nil || err == nil {
- return false
- }
- return true
- },
- },
- {
- name: "invalid arch, valid distro and image type",
- args: args{
- distro: test_distro.TestDistroName,
- arch: test_distro.TestArchName + "-invalid",
- imageType: test_distro.TestImageTypeName,
- },
- want: func(repos []rpmmd.RepoConfig, err error) bool {
- // the list of repos should be nil and an error should be returned
- if repos != nil || err == nil {
- return false
- }
- return true
- },
- },
- {
- name: "invalid image type, valid distro and arch, without tagged repos",
- args: args{
- distro: test_distro.TestDistroName,
- arch: test_distro.TestArchName,
- imageType: test_distro.TestImageTypeName + "-invalid",
- },
- want: func(repos []rpmmd.RepoConfig, err error) bool {
- // a non-empty list of repos should be returned without an error
- if repos == nil || err != nil {
- return false
- }
- // only the list of common distro-arch repos should be returned
- // these are repos without any explicit imageType tag
- if len(repos) != 2 {
- return false
- }
- return true
- },
- },
- {
- name: "invalid image type, valid distro and arch, with tagged repos",
- args: args{
- distro: test_distro.TestDistroName,
- arch: test_distro.TestArch2Name,
- imageType: test_distro.TestImageTypeName + "-invalid",
- },
- want: func(repos []rpmmd.RepoConfig, err error) bool {
- // a non-empty list of repos should be returned without an error
- if repos == nil || err != nil {
- return false
- }
- // only the list of common distro-arch repos should be returned
- // these are repos without any explicit imageType tag
- if len(repos) != 2 {
- return false
- }
- return true
- },
- },
- }
- for _, tt := range tests {
- t.Run(tt.name, func(t *testing.T) {
- got, err := rr.reposByImageTypeName(tt.args.distro, tt.args.arch, tt.args.imageType)
- assert.True(t, tt.want(got, err))
- })
- }
-}
-
-func TestReposByArch(t *testing.T) {
- rr := getTestingRepoRegistry()
- testDistro := test_distro.New()
-
- ta, _ := testDistro.GetArch(test_distro.TestArchName)
- ta2, _ := testDistro.GetArch(test_distro.TestArch2Name)
-
- type args struct {
- arch distro.Arch
- taggedRepos bool
- }
- tests := []struct {
- name string
- args args
- want []string
- }{
- {
- name: "Test Arch 1, without tagged repos",
- args: args{
- arch: ta,
- taggedRepos: false,
- },
- want: []string{"baseos", "appstream"},
- },
- {
- name: "Test Arch 1, with tagged repos",
- args: args{
- arch: ta,
- taggedRepos: true,
- },
- want: []string{"baseos", "appstream"},
- },
- {
- name: "Test Arch 2, without tagged repos",
- args: args{
- arch: ta2,
- taggedRepos: false,
- },
- want: []string{"baseos", "appstream"},
- },
- {
- name: "Test Arch 2, with tagged repos",
- args: args{
- arch: ta2,
- taggedRepos: true,
- },
- want: []string{"baseos", "appstream", "google-compute-engine", "google-cloud-sdk"},
- },
- }
- for _, tt := range tests {
- t.Run(tt.name, func(t *testing.T) {
- got, err := rr.ReposByArchName(tt.args.arch.Distro().Name(), tt.args.arch.Name(), tt.args.taggedRepos)
- assert.Nil(t, err)
- gotNames := []string{}
- for _, r := range got {
- gotNames = append(gotNames, r.Name)
- }
-
- if !reflect.DeepEqual(gotNames, tt.want) {
- t.Errorf("ReposByArchName() =\n got: %#v\n want: %#v", gotNames, tt.want)
- }
- })
- }
-}
-
-// TestInvalidReposByArch tests return values from ReposByArch
-// for invalid arch value
-func TestInvalidReposByArch(t *testing.T) {
- rr := getTestingRepoRegistry()
-
- ta := test_distro.TestArch{}
- td := test_distro.TestDistro{}
-
- repos, err := rr.ReposByArchName(td.Name(), ta.Name(), false)
- assert.Nil(t, repos)
- assert.NotNil(t, err)
-
- repos, err = rr.ReposByArchName(td.Name(), ta.Name(), false)
- assert.Nil(t, repos)
- assert.NotNil(t, err)
-}
-
-// TestInvalidReposByArchName tests return values from ReposByArchName
-// for invalid distro name and arch
-func TestInvalidReposByArchName(t *testing.T) {
- rr := getTestingRepoRegistry()
-
- type args struct {
- distro string
- arch string
- taggedRepos bool
- }
- tests := []struct {
- name string
- args args
- want func(repos []rpmmd.RepoConfig, err error) bool
- }{
- {
- name: "invalid distro, valid arch, without tagged repos",
- args: args{
- distro: test_distro.TestDistroName + "-invalid",
- arch: test_distro.TestArch2Name,
- taggedRepos: false,
- },
- want: func(repos []rpmmd.RepoConfig, err error) bool {
- // the list of repos should be nil and an error should be returned
- if repos != nil || err == nil {
- return false
- }
- return true
- },
- },
- {
- name: "invalid distro, valid arch, with tagged repos",
- args: args{
- distro: test_distro.TestDistroName + "-invalid",
- arch: test_distro.TestArch2Name,
- taggedRepos: true,
- },
- want: func(repos []rpmmd.RepoConfig, err error) bool {
- // the list of repos should be nil and an error should be returned
- if repos != nil || err == nil {
- return false
- }
- return true
- },
- },
- {
- name: "invalid arch, valid distro, without tagged repos",
- args: args{
- distro: test_distro.TestDistroName,
- arch: test_distro.TestArch2Name + "-invalid",
- taggedRepos: false,
- },
- want: func(repos []rpmmd.RepoConfig, err error) bool {
- // the list of repos should be nil and an error should be returned
- if repos != nil || err == nil {
- return false
- }
- return true
- },
- },
- {
- name: "invalid arch, valid distro, with tagged repos",
- args: args{
- distro: test_distro.TestDistroName,
- arch: test_distro.TestArch2Name + "-invalid",
- taggedRepos: true,
- },
- want: func(repos []rpmmd.RepoConfig, err error) bool {
- // the list of repos should be nil and an error should be returned
- if repos != nil || err == nil {
- return false
- }
- return true
- },
- },
- }
- for _, tt := range tests {
- t.Run(tt.name, func(t *testing.T) {
- got, err := rr.ReposByArchName(tt.args.distro, tt.args.arch, tt.args.taggedRepos)
- assert.True(t, tt.want(got, err))
- })
- }
-}
diff --git a/internal/store/fixtures.go b/internal/store/fixtures.go
index e71783ff1..81757c765 100644
--- a/internal/store/fixtures.go
+++ b/internal/store/fixtures.go
@@ -7,13 +7,40 @@ import (
"github.com/google/uuid"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/distro/test_distro"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/osbuild-composer/internal/blueprint"
"github.com/osbuild/osbuild-composer/internal/common"
"github.com/osbuild/osbuild-composer/internal/target"
)
-func FixtureBase() *Store {
+func setupTestHostDistro(distroName, archName string) (Cleanup func()) {
+ originalHostDistroNameFunc := getHostDistroName
+ originalHostArchFunc := getHostArch
+
+ getHostDistroName = func() (string, error) {
+ return distroName, nil
+ }
+
+ getHostArch = func() string {
+ return archName
+ }
+
+ return func() {
+ getHostDistroName = originalHostDistroNameFunc
+ getHostArch = originalHostArchFunc
+ }
+}
+
+type Fixture struct {
+ *Store
+ Cleanup func()
+ *distrofactory.Factory
+ HostDistroName string
+ HostArchName string
+}
+
+func FixtureBase(hostDistroName, hostArchName string) *Fixture {
var bName = "test"
var b = blueprint.Blueprint{
Name: bName,
@@ -41,11 +68,14 @@ func FixtureBase() *Store {
},
}
- dr := test_distro.NewRegistry()
- d := dr.FromHost()
- arch, err := d.GetArch(test_distro.TestArchName)
+ df := distrofactory.NewTestDefault()
+ d := df.GetDistro(hostDistroName)
+ if d == nil {
+ panic(fmt.Sprintf("failed to get distro object for distro name %q", hostDistroName))
+ }
+ arch, err := d.GetArch(hostArchName)
if err != nil {
- panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", test_distro.TestArchName, err))
+ panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", hostArchName, err))
}
imgType, err := arch.GetImageType(test_distro.TestImageTypeName)
if err != nil {
@@ -61,7 +91,7 @@ func FixtureBase() *Store {
panic(fmt.Sprintf("failed to create a manifest: %v", err))
}
- s := New(nil, dr, nil)
+ s := New(nil, df, nil)
pkgs := []rpmmd.PackageSpec{
{
@@ -69,13 +99,13 @@ func FixtureBase() *Store {
Epoch: 0,
Version: "2.11.2",
Release: "1.fc35",
- Arch: test_distro.TestArchName,
+ Arch: hostArchName,
}, {
Name: "test2",
Epoch: 3,
Version: "4.2.2",
Release: "1.fc35",
- Arch: test_distro.TestArchName,
+ Arch: hostArchName,
}}
s.blueprints[bName] = b
@@ -145,9 +175,16 @@ func FixtureBase() *Store {
},
}
- return s
+ return &Fixture{
+ s,
+ setupTestHostDistro(hostDistroName, hostArchName),
+ df,
+ hostDistroName,
+ hostArchName,
+ }
}
-func FixtureFinished() *Store {
+
+func FixtureFinished(hostDistroName, hostArchName string) *Fixture {
var bName = "test"
var b = blueprint.Blueprint{
Name: bName,
@@ -184,11 +221,11 @@ func FixtureFinished() *Store {
},
}
- dr := test_distro.NewRegistry()
- d := dr.FromHost()
- arch, err := d.GetArch(test_distro.TestArchName)
+ df := distrofactory.NewTestDefault()
+ d := df.GetDistro(hostDistroName)
+ arch, err := d.GetArch(hostArchName)
if err != nil {
- panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", test_distro.TestArchName, err))
+ panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", hostArchName, err))
}
imgType, err := arch.GetImageType(test_distro.TestImageTypeName)
if err != nil {
@@ -204,7 +241,7 @@ func FixtureFinished() *Store {
panic(fmt.Sprintf("failed to create a manifest: %v", err))
}
- s := New(nil, dr, nil)
+ s := New(nil, df, nil)
pkgs := []rpmmd.PackageSpec{
{
@@ -212,13 +249,13 @@ func FixtureFinished() *Store {
Epoch: 0,
Version: "2.11.2",
Release: "1.fc35",
- Arch: test_distro.TestArchName,
+ Arch: hostArchName,
}, {
Name: "test2",
Epoch: 3,
Version: "4.2.2",
Release: "1.fc35",
- Arch: test_distro.TestArchName,
+ Arch: hostArchName,
}}
s.blueprints[bName] = b
@@ -273,10 +310,16 @@ func FixtureFinished() *Store {
},
}
- return s
+ return &Fixture{
+ s,
+ setupTestHostDistro(hostDistroName, hostArchName),
+ df,
+ hostDistroName,
+ hostArchName,
+ }
}
-func FixtureEmpty() *Store {
+func FixtureEmpty(hostDistroName, hostArchName string) *Fixture {
var bName = "test"
var b = blueprint.Blueprint{
Name: bName,
@@ -287,21 +330,24 @@ func FixtureEmpty() *Store {
Customizations: nil,
}
- dr := test_distro.NewRegistry()
- d := dr.FromHost()
- _, err := d.GetArch(test_distro.TestArchName)
+ df := distrofactory.NewTestDefault()
+ d := df.GetDistro(hostDistroName)
+ if d == nil {
+ panic(fmt.Sprintf("failed to get distro object for distro name %q", hostDistroName))
+ }
+ _, err := d.GetArch(hostArchName)
if err != nil {
- panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", test_distro.TestArchName, err))
+ panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", hostArchName, err))
}
- s := New(nil, dr, nil)
+ s := New(nil, df, nil)
s.blueprints[bName] = b
// 2nd distro blueprint
b2 := b
b2.Name = "test-distro-2"
- b2.Distro = "test-distro-2"
+ b2.Distro = fmt.Sprintf("%s-2", test_distro.TestDistroNameBase)
s.blueprints[b2.Name] = b2
// Unknown distro blueprint
@@ -322,12 +368,18 @@ func FixtureEmpty() *Store {
b5.Arch = test_distro.TestArch2Name
s.blueprints[b5.Name] = b5
- return s
+ return &Fixture{
+ s,
+ setupTestHostDistro(hostDistroName, hostArchName),
+ df,
+ hostDistroName,
+ hostArchName,
+ }
}
// FixtureOldChanges contains a blueprint and old changes
// This simulates restarting the service and losing the old blueprints
-func FixtureOldChanges() *Store {
+func FixtureOldChanges(hostDistroName, hostArchName string) *Fixture {
var bName = "test-old-changes"
var b = blueprint.Blueprint{
Name: bName,
@@ -338,14 +390,14 @@ func FixtureOldChanges() *Store {
Customizations: nil,
}
- dr := test_distro.NewRegistry()
- d := dr.FromHost()
- _, err := d.GetArch(test_distro.TestArchName)
+ df := distrofactory.NewTestDefault()
+ d := df.GetDistro(hostDistroName)
+ _, err := d.GetArch(hostArchName)
if err != nil {
- panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", test_distro.TestArchName, err))
+ panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", hostArchName, err))
}
- s := New(nil, dr, nil)
+ s := New(nil, df, nil)
s.PushBlueprint(b, "Initial commit")
b.Version = "0.0.1"
@@ -365,11 +417,17 @@ func FixtureOldChanges() *Store {
}
}
- return s
+ return &Fixture{
+ s,
+ setupTestHostDistro(hostDistroName, hostArchName),
+ df,
+ hostDistroName,
+ hostArchName,
+ }
}
// Fixture to use for checking job queue files
-func FixtureJobs() *Store {
+func FixtureJobs(hostDistroName, hostArchName string) *Fixture {
var bName = "test"
var b = blueprint.Blueprint{
Name: bName,
@@ -397,11 +455,11 @@ func FixtureJobs() *Store {
},
}
- dr := test_distro.NewRegistry()
- d := dr.FromHost()
- arch, err := d.GetArch(test_distro.TestArchName)
+ df := distrofactory.NewTestDefault()
+ d := df.GetDistro(hostDistroName)
+ arch, err := d.GetArch(hostArchName)
if err != nil {
- panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", test_distro.TestArchName, err))
+ panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", hostArchName, err))
}
imgType, err := arch.GetImageType(test_distro.TestImageTypeName)
if err != nil {
@@ -417,7 +475,7 @@ func FixtureJobs() *Store {
panic(fmt.Sprintf("failed to create a manifest: %v", err))
}
- s := New(nil, dr, nil)
+ s := New(nil, df, nil)
pkgs := []rpmmd.PackageSpec{
{
@@ -425,13 +483,13 @@ func FixtureJobs() *Store {
Epoch: 0,
Version: "2.11.2",
Release: "1.fc35",
- Arch: test_distro.TestArchName,
+ Arch: hostArchName,
}, {
Name: "test2",
Epoch: 3,
Version: "4.2.2",
Release: "1.fc35",
- Arch: test_distro.TestArchName,
+ Arch: hostArchName,
}}
s.blueprints[bName] = b
@@ -514,5 +572,11 @@ func FixtureJobs() *Store {
},
}
- return s
+ return &Fixture{
+ s,
+ setupTestHostDistro(hostDistroName, hostArchName),
+ df,
+ hostDistroName,
+ hostArchName,
+ }
}
diff --git a/internal/store/json.go b/internal/store/json.go
index 976d87705..8f974662f 100644
--- a/internal/store/json.go
+++ b/internal/store/json.go
@@ -8,8 +8,9 @@ import (
"time"
"github.com/google/uuid"
+ "github.com/osbuild/images/pkg/arch"
"github.com/osbuild/images/pkg/distro"
- "github.com/osbuild/images/pkg/distroregistry"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/images/pkg/manifest"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/osbuild-composer/internal/blueprint"
@@ -17,6 +18,9 @@ import (
"github.com/osbuild/osbuild-composer/internal/target"
)
+var getHostDistroName func() (string, error) = distro.GetHostDistroName
+var getHostArch func() string = arch.Current().String
+
type storeV0 struct {
Blueprints blueprintsV0 `json:"blueprints"`
Workspace workspaceV0 `json:"workspace"`
@@ -102,11 +106,11 @@ func newWorkspaceFromV0(workspaceStruct workspaceV0) map[string]blueprint.Bluepr
return workspace
}
-func newComposesFromV0(composesStruct composesV0, dr *distroregistry.Registry, log *log.Logger) map[uuid.UUID]Compose {
+func newComposesFromV0(composesStruct composesV0, df *distrofactory.Factory, log *log.Logger) map[uuid.UUID]Compose {
composes := make(map[uuid.UUID]Compose)
for composeID, composeStruct := range composesStruct {
- c, err := newComposeFromV0(composeStruct, dr)
+ c, err := newComposeFromV0(composeStruct, df)
if err != nil {
if log != nil {
log.Printf("ignoring compose: %v", err)
@@ -149,7 +153,7 @@ func newImageBuildFromV0(imageBuildStruct imageBuildV0, arch distro.Arch) (Image
}, nil
}
-func newComposeFromV0(composeStruct composeV0, dr *distroregistry.Registry) (Compose, error) {
+func newComposeFromV0(composeStruct composeV0, df *distrofactory.Factory) (Compose, error) {
if len(composeStruct.ImageBuilds) != 1 {
return Compose{}, errors.New("compose with unsupported number of image builds")
}
@@ -158,15 +162,19 @@ func newComposeFromV0(composeStruct composeV0, dr *distroregistry.Registry) (Com
bp := composeStruct.Blueprint.DeepCopy()
distroName := bp.Distro
if len(distroName) == 0 {
- distroName = dr.FromHost().Name()
+ var err error
+ distroName, err = getHostDistroName()
+ if err != nil {
+ return Compose{}, fmt.Errorf("Failed to get host distro name: %v", err)
+ }
}
- distro := dr.GetDistro(distroName)
+ distro := df.GetDistro(distroName)
if distro == nil {
return Compose{}, fmt.Errorf("Unknown distro - %s", distroName)
}
// Get the host distro's architecture. This contains the distro+arch specific image types
- arch, err := distro.GetArch(dr.HostArchName())
+ arch, err := distro.GetArch(getHostArch())
if err != nil {
return Compose{}, err
}
@@ -258,11 +266,11 @@ func newCommitsFromV0(commitsMapStruct commitsV0, changesMapStruct changesV0) ma
return commitsMap
}
-func newStoreFromV0(storeStruct storeV0, dr *distroregistry.Registry, log *log.Logger) *Store {
+func newStoreFromV0(storeStruct storeV0, df *distrofactory.Factory, log *log.Logger) *Store {
return &Store{
blueprints: newBlueprintsFromV0(storeStruct.Blueprints),
workspace: newWorkspaceFromV0(storeStruct.Workspace),
- composes: newComposesFromV0(storeStruct.Composes, dr, log),
+ composes: newComposesFromV0(storeStruct.Composes, df, log),
sources: newSourceConfigsFromV0(storeStruct.Sources),
blueprintsChanges: newChangesFromV0(storeStruct.Changes),
blueprintsCommits: newCommitsFromV0(storeStruct.Commits, storeStruct.Changes),
diff --git a/internal/store/json_test.go b/internal/store/json_test.go
index 3e1d79a63..3a10e8f57 100644
--- a/internal/store/json_test.go
+++ b/internal/store/json_test.go
@@ -2,7 +2,6 @@ package store
import (
"encoding/json"
- "fmt"
"os"
"path/filepath"
"reflect"
@@ -17,7 +16,7 @@ import (
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/distro/fedora"
"github.com/osbuild/images/pkg/distro/test_distro"
- "github.com/osbuild/images/pkg/distroregistry"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/osbuild-composer/internal/blueprint"
"github.com/osbuild/osbuild-composer/internal/common"
@@ -33,14 +32,22 @@ func MustParseTime(ts string) time.Time {
return t
}
+func getTestDistroArchImgType(t *testing.T) (distro.Distro, distro.Arch, distro.ImageType) {
+ testDistro := test_distro.DistroFactory(test_distro.TestDistro1Name)
+ require.NotNil(t, testDistro)
+ testArch, err := testDistro.GetArch(test_distro.TestArchName)
+ require.NoError(t, err)
+ testImageType, err := testArch.GetImageType(test_distro.TestImageTypeName)
+ require.NoError(t, err)
+ return testDistro, testArch, testImageType
+}
+
func Test_imageTypeToCompatString(t *testing.T) {
type args struct {
input distro.ImageType
}
- testDistro := test_distro.New()
- testArch, _ := testDistro.GetArch(test_distro.TestArchName)
- testImageType, _ := testArch.GetImageType(test_distro.TestImageTypeName)
+ _, _, testImageType := getTestDistroArchImgType(t)
tests := []struct {
name string
@@ -71,9 +78,7 @@ func Test_imageTypeFromCompatString(t *testing.T) {
arch distro.Arch
}
- testDistro := test_distro.New()
- testArch, _ := testDistro.GetArch(test_distro.TestArchName)
- testImageType, _ := testArch.GetImageType(test_distro.TestImageTypeName)
+ _, testArch, testImageType := getTestDistroArchImgType(t)
tests := []struct {
name string
@@ -116,32 +121,24 @@ func Test_imageTypeFromCompatString(t *testing.T) {
}
func TestMarshalEmpty(t *testing.T) {
- d := test_distro.New()
- _, err := d.GetArch(test_distro.TestArchName)
- if err != nil {
- panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", test_distro.TestArchName, err))
- }
- store1 := FixtureEmpty()
- storeV0 := store1.toStoreV0()
- dr := test_distro.NewRegistry()
- store2 := newStoreFromV0(*storeV0, dr, nil)
- if !reflect.DeepEqual(store1, store2) {
- t.Errorf("marshal/unmarshal roundtrip not a noop for empty store:\n got: %#v\n want: %#v", store1, store2)
+ fixture := FixtureEmpty(test_distro.TestDistro1Name, test_distro.TestArchName)
+ t.Cleanup(fixture.Cleanup)
+ storeV0 := fixture.Store.toStoreV0()
+ df := distrofactory.NewTestDefault()
+ store2 := newStoreFromV0(*storeV0, df, nil)
+ if !reflect.DeepEqual(fixture.Store, store2) {
+ t.Errorf("marshal/unmarshal roundtrip not a noop for empty store:\n got: %#v\n want: %#v", store2, fixture.Store)
}
}
func TestMarshalFinished(t *testing.T) {
- d := test_distro.New()
- _, err := d.GetArch(test_distro.TestArchName)
- if err != nil {
- panic(fmt.Sprintf("failed to get architecture %s for a test distro: %v", test_distro.TestArchName, err))
- }
- store1 := FixtureFinished()
- storeV0 := store1.toStoreV0()
- dr := test_distro.NewRegistry()
- store2 := newStoreFromV0(*storeV0, dr, nil)
- if !reflect.DeepEqual(store1, store2) {
- t.Errorf("marshal/unmarshal roundtrip not a noop for base store:\n got: %#v\n want: %#v", store2, store1)
+ fixture := FixtureFinished(test_distro.TestDistro1Name, test_distro.TestArchName)
+ t.Cleanup(fixture.Cleanup)
+ storeV0 := fixture.Store.toStoreV0()
+ df := distrofactory.NewTestDefault()
+ store2 := newStoreFromV0(*storeV0, df, nil)
+ if !reflect.DeepEqual(fixture.Store, store2) {
+ t.Errorf("marshal/unmarshal roundtrip not a noop for base store:\n got: %#v\n want: %#v", store2, fixture.Store)
}
}
@@ -192,12 +189,10 @@ func TestStore_toStoreV0(t *testing.T) {
func Test_newStoreFromV0(t *testing.T) {
type args struct {
storeStruct storeV0
- registry *distroregistry.Registry
+ factory *distrofactory.Factory
}
- //testDistro := test_distro.New()
- // testArch, _ := testDistro.GetArch(test_distro.TestArchName)
- dr := test_distro.NewRegistry()
+ df := distrofactory.NewTestDefault()
tests := []struct {
name string
@@ -208,14 +203,14 @@ func Test_newStoreFromV0(t *testing.T) {
name: "empty",
args: args{
storeStruct: storeV0{},
- registry: dr,
+ factory: df,
},
- want: New(nil, dr, nil),
+ want: New(nil, df, nil),
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
- if got := newStoreFromV0(tt.args.storeStruct, tt.args.registry, nil); !reflect.DeepEqual(got, tt.want) {
+ if got := newStoreFromV0(tt.args.storeStruct, tt.args.factory, nil); !reflect.DeepEqual(got, tt.want) {
t.Errorf("newStoreFromV0() =\n got: %#v\n want: %#v", got, tt.want)
}
})
@@ -304,23 +299,24 @@ func Test_upgrade(t *testing.T) {
assert.NoErrorf(err, "Could not read test store directory '%s': %v", testPath, err)
require.Greaterf(t, len(fileNames), 0, "No test stores found in %s", testPath)
for _, fileName := range fileNames {
- var storeStruct storeV0
- file, err := os.ReadFile(fileName)
- assert.NoErrorf(err, "Could not read test-store '%s': %v", fileName, err)
- err = json.Unmarshal([]byte(file), &storeStruct)
- assert.NoErrorf(err, "Could not parse test-store '%s': %v", fileName, err)
- f37 := fedora.NewF37()
- registry, err := distroregistry.New(f37, f37)
- assert.NoError(err)
+ t.Run(fileName, func(t *testing.T) {
+ var storeStruct storeV0
+ file, err := os.ReadFile(fileName)
+ assert.NoErrorf(err, "Could not read test-store '%s': %v", fileName, err)
+ err = json.Unmarshal([]byte(file), &storeStruct)
+ assert.NoErrorf(err, "Could not parse test-store '%s': %v", fileName, err)
- // The test data has image types only supported on Fedora X86_64
- registry.SetHostArchName(arch.ARCH_X86_64.String())
- store := newStoreFromV0(storeStruct, registry, nil)
- assert.Equal(1, len(store.blueprints))
- assert.Equal(1, len(store.blueprintsChanges))
- assert.Equal(1, len(store.blueprintsCommits))
- assert.LessOrEqual(1, len(store.composes))
- assert.Equal(1, len(store.workspace))
+ cleanup := setupTestHostDistro("fedora-37", arch.ARCH_X86_64.String())
+ t.Cleanup(cleanup)
+ factory := distrofactory.New(fedora.DistroFactory)
+
+ store := newStoreFromV0(storeStruct, factory, nil)
+ assert.Equal(1, len(store.blueprints))
+ assert.Equal(1, len(store.blueprintsChanges))
+ assert.Equal(1, len(store.blueprintsCommits))
+ assert.LessOrEqual(1, len(store.composes))
+ assert.Equal(1, len(store.workspace))
+ })
}
}
@@ -1131,9 +1127,7 @@ func Test_newComposeV0(t *testing.T) {
{Name: "tmux", Version: "*"}},
}
- testDistro := test_distro.New()
- testArch, _ := testDistro.GetArch(test_distro.TestArchName)
- testImageType, _ := testArch.GetImageType(test_distro.TestImageTypeName)
+ _, _, testImageType := getTestDistroArchImgType(t)
tests := []struct {
name string
@@ -1227,29 +1221,29 @@ func Test_newComposeFromV0(t *testing.T) {
{Name: "tmux", Version: "*"}},
}
- testDistro := test_distro.New()
- testArch, _ := testDistro.GetArch(test_distro.TestArchName)
- testImageType, _ := testArch.GetImageType(test_distro.TestImageTypeName)
- dr := test_distro.NewRegistry()
+ testDistro, testArch, testImageType := getTestDistroArchImgType(t)
+ df := distrofactory.NewTestDefault()
+
+ t.Cleanup(setupTestHostDistro(testDistro.Name(), testArch.Name()))
tests := []struct {
- name string
- compose composeV0
- registry *distroregistry.Registry
- want Compose
- errOk bool
+ name string
+ compose composeV0
+ factory *distrofactory.Factory
+ want Compose
+ errOk bool
}{
{
- name: "empty",
- compose: composeV0{},
- registry: dr,
- want: Compose{},
- errOk: true,
+ name: "empty",
+ compose: composeV0{},
+ factory: df,
+ want: Compose{},
+ errOk: true,
},
{
- name: "qcow2 compose",
- registry: dr,
- errOk: false,
+ name: "qcow2 compose",
+ factory: df,
+ errOk: false,
compose: composeV0{
Blueprint: &bp,
ImageBuilds: []imageBuildV0{
@@ -1319,7 +1313,7 @@ func Test_newComposeFromV0(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
- got, err := newComposeFromV0(tt.compose, tt.registry)
+ got, err := newComposeFromV0(tt.compose, tt.factory)
if err != nil {
if !tt.errOk {
t.Errorf("newComposeFromV0() error = %v", err)
@@ -1340,9 +1334,7 @@ func Test_newComposesV0(t *testing.T) {
{Name: "tmux", Version: "*"}},
}
- testDistro := test_distro.New()
- testArch, _ := testDistro.GetArch(test_distro.TestArchName)
- testImageType, _ := testArch.GetImageType(test_distro.TestImageTypeName)
+ _, _, testImageType := getTestDistroArchImgType(t)
tests := []struct {
name string
@@ -1505,26 +1497,26 @@ func Test_newComposesFromV0(t *testing.T) {
{Name: "tmux", Version: "*"}},
}
- testDistro := test_distro.New()
- testArch, _ := testDistro.GetArch(test_distro.TestArchName)
- testImageType, _ := testArch.GetImageType(test_distro.TestImageTypeName)
- dr := test_distro.NewRegistry()
+ testDistro, testArch, testImageType := getTestDistroArchImgType(t)
+ df := distrofactory.NewTestDefault()
+
+ t.Cleanup(setupTestHostDistro(testDistro.Name(), testArch.Name()))
tests := []struct {
name string
- registry *distroregistry.Registry
+ registry *distrofactory.Factory
composes composesV0
want map[uuid.UUID]Compose
}{
{
name: "empty",
- registry: dr,
+ registry: df,
composes: composesV0{},
want: make(map[uuid.UUID]Compose),
},
{
name: "two composes",
- registry: dr,
+ registry: df,
composes: composesV0{
uuid.MustParse("f53b49c0-d321-447e-8ab8-6e827891e3f0"): {
Blueprint: &bp,
@@ -1671,9 +1663,7 @@ func Test_newComposesFromV0(t *testing.T) {
}
func Test_newImageBuildFromV0(t *testing.T) {
- testDistro := test_distro.New()
- testArch, _ := testDistro.GetArch(test_distro.TestArchName)
- testImageType, _ := testArch.GetImageType(test_distro.TestImageTypeName)
+ _, testArch, testImageType := getTestDistroArchImgType(t)
tests := []struct {
name string
diff --git a/internal/store/store.go b/internal/store/store.go
index 05984ffae..407d40362 100644
--- a/internal/store/store.go
+++ b/internal/store/store.go
@@ -18,10 +18,10 @@ import (
"time"
"github.com/osbuild/images/pkg/distro"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/images/pkg/manifest"
"github.com/osbuild/osbuild-composer/internal/jsondb"
- "github.com/osbuild/images/pkg/distroregistry"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/osbuild-composer/internal/blueprint"
"github.com/osbuild/osbuild-composer/internal/common"
@@ -86,7 +86,7 @@ func (e *NoLocalTargetError) Error() string {
return e.message
}
-func New(stateDir *string, dr *distroregistry.Registry, log *log.Logger) *Store {
+func New(stateDir *string, df *distrofactory.Factory, log *log.Logger) *Store {
var storeStruct storeV0
var db *jsondb.JSONDatabase
@@ -98,7 +98,7 @@ func New(stateDir *string, dr *distroregistry.Registry, log *log.Logger) *Store
}
}
- store := newStoreFromV0(storeStruct, dr, log)
+ store := newStoreFromV0(storeStruct, df, log)
store.stateDir = stateDir
store.db = db
diff --git a/internal/store/store_test.go b/internal/store/store_test.go
index d88d87905..f1335c2a6 100644
--- a/internal/store/store_test.go
+++ b/internal/store/store_test.go
@@ -9,6 +9,7 @@ import (
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/distro/test_distro"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/images/pkg/manifest"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/rpmmd"
@@ -32,7 +33,7 @@ type storeTest struct {
myCompose Compose
myImageBuild ImageBuild
mySourceConfig SourceConfig
- myDistro *test_distro.TestDistro
+ myDistro distro.Distro
myArch distro.Arch
myImageType distro.ImageType
myManifest manifest.OSBuildManifest
@@ -44,14 +45,18 @@ type storeTest struct {
// func to initialize some default values before the suite is ran
func (suite *storeTest) SetupSuite() {
+ var err error
suite.myRepoConfig = []rpmmd.RepoConfig{rpmmd.RepoConfig{
Name: "testRepo",
MirrorList: "testURL",
}}
suite.myPackageSpec = []rpmmd.PackageSpec{rpmmd.PackageSpec{}}
- suite.myDistro = test_distro.New()
- suite.myArch, _ = suite.myDistro.GetArch(test_distro.TestArchName)
- suite.myImageType, _ = suite.myArch.GetImageType(test_distro.TestImageTypeName)
+ suite.myDistro = test_distro.DistroFactory(test_distro.TestDistro1Name)
+ suite.NotNil(suite.myDistro)
+ suite.myArch, err = suite.myDistro.GetArch(test_distro.TestArchName)
+ suite.NoError(err)
+ suite.myImageType, err = suite.myArch.GetImageType(test_distro.TestImageTypeName)
+ suite.NoError(err)
ibp := blueprint.Convert(suite.myBP)
manifest, _, _ := suite.myImageType.Manifest(&ibp, suite.myImageOptions, suite.myRepoConfig, 0)
suite.myManifest, _ = manifest.Serialize(nil, nil, nil)
@@ -142,12 +147,9 @@ func (suite *storeTest) SetupSuite() {
// setup before each test
func (suite *storeTest) SetupTest() {
- distro := test_distro.New()
- _, err := distro.GetArch(test_distro.TestArchName)
- suite.NoError(err)
suite.dir = suite.T().TempDir()
- dr := test_distro.NewRegistry()
- suite.myStore = New(&suite.dir, dr, nil)
+ df := distrofactory.NewTestDefault()
+ suite.myStore = New(&suite.dir, df, nil)
}
func (suite *storeTest) TestRandomSHA1String() {
diff --git a/internal/weldr/api.go b/internal/weldr/api.go
index 0057dc12f..80873ea08 100644
--- a/internal/weldr/api.go
+++ b/internal/weldr/api.go
@@ -33,15 +33,16 @@ import (
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/distro"
- "github.com/osbuild/images/pkg/distroregistry"
+ "github.com/osbuild/images/pkg/distrofactory"
+ "github.com/osbuild/images/pkg/distroidparser"
"github.com/osbuild/images/pkg/osbuild"
"github.com/osbuild/images/pkg/ostree"
+ "github.com/osbuild/images/pkg/reporegistry"
"github.com/osbuild/images/pkg/rhsm/facts"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/osbuild-composer/internal/blueprint"
"github.com/osbuild/osbuild-composer/internal/common"
"github.com/osbuild/osbuild-composer/internal/dnfjson"
- "github.com/osbuild/osbuild-composer/internal/reporegistry"
"github.com/osbuild/osbuild-composer/internal/store"
"github.com/osbuild/osbuild-composer/internal/target"
"github.com/osbuild/osbuild-composer/internal/worker"
@@ -61,8 +62,8 @@ type API struct {
compatOutputDir string
- hostDistroName string // Name of the host distro
- distroRegistry *distroregistry.Registry // Available distros
+ hostDistroName string // Name of the host distro
+ distroFactory *distrofactory.Factory // Available distros
// List of ImageType names, which should not be exposed by the API
distrosImageTypeDenylist map[string][]string
@@ -105,50 +106,56 @@ func (api *API) systemRepoNames() (names []string) {
return names
}
-// validDistros returns a list of distributions that also have repositories
+// validDistros returns a sorted list of distributions that also have
+// repositories defined for the given architecture
func (api *API) validDistros(arch string) []string {
distros := []string{}
- for _, d := range api.distroRegistry.List() {
- _, found := api.repoRegistry.DistroHasRepos(d, arch)
- if found {
- distros = append(distros, d)
+ for _, distroName := range api.repoRegistry.ListDistros() {
+ distro := api.distroFactory.GetDistro(distroName)
+ if distro == nil {
+ if api.logger != nil {
+ api.logger.Printf("Distro %s has repositories defined, but it's not supported. Skipping.", distroName)
+ }
+ continue
+ }
+
+ _, err := api.repoRegistry.DistroHasRepos(distroName, arch)
+ if err == nil {
+ distros = append(distros, distroName)
} else {
if api.logger != nil {
- api.logger.Printf("Distro %s has no repositories, skipping.", d)
+ api.logger.Printf("Distro %s has no repositories defined for %s architecture, skipping.", distroName, arch)
}
}
}
- // NOTE: distro list is already sorted, so result will be sorted
+ sort.Strings(distros)
return distros
}
var ValidBlueprintName = regexp.MustCompile(`^[a-zA-Z0-9._-]+$`)
// NewTestAPI is used for the test framework, sets up a single distro
-func NewTestAPI(solver *dnfjson.BaseSolver, arch distro.Arch, dr *distroregistry.Registry,
- rr *reporegistry.RepoRegistry, logger *log.Logger,
- store *store.Store, workers *worker.Server, compatOutputDir string,
- distrosImageTypeDenylist map[string][]string) *API {
+func NewTestAPI(solver *dnfjson.BaseSolver, rr *reporegistry.RepoRegistry,
+ logger *log.Logger, storeFixture *store.Fixture, workers *worker.Server,
+ compatOutputDir string, distrosImageTypeDenylist map[string][]string) *API {
- // Use the first entry as the host distribution
- hostDistro := dr.GetDistro(dr.List()[0])
api := &API{
- store: store,
+ store: storeFixture.Store,
workers: workers,
solver: solver,
- hostArch: arch.Name(),
+ hostArch: storeFixture.HostArchName,
repoRegistry: rr,
logger: logger,
compatOutputDir: compatOutputDir,
- hostDistroName: hostDistro.Name(),
- distroRegistry: dr,
+ hostDistroName: storeFixture.HostDistroName,
+ distroFactory: storeFixture.Factory,
distrosImageTypeDenylist: distrosImageTypeDenylist,
}
return setupRouter(api)
}
-func New(repoPaths []string, stateDir string, solver *dnfjson.BaseSolver, dr *distroregistry.Registry,
+func New(repoPaths []string, stateDir string, solver *dnfjson.BaseSolver, df *distrofactory.Factory,
logger *log.Logger, workers *worker.Server, distrosImageTypeDenylist map[string][]string) (*API, error) {
if logger == nil {
logger = log.New(os.Stdout, "", 0)
@@ -165,7 +172,7 @@ func New(repoPaths []string, stateDir string, solver *dnfjson.BaseSolver, dr *di
return nil, fmt.Errorf("error loading repository definitions: %v", err)
}
- hostDistro := dr.GetDistro(hostDistroName)
+ hostDistro := df.GetDistro(hostDistroName)
if hostDistro != nil {
// get canonical distro name if the host distro is supported
hostDistroName = hostDistro.Name()
@@ -185,7 +192,7 @@ func New(repoPaths []string, stateDir string, solver *dnfjson.BaseSolver, dr *di
log.Printf("host distro %q is not supported: only cross-distro builds are available", hostDistroName)
}
- store := store.New(&stateDir, dr, logger)
+ store := store.New(&stateDir, df, logger)
compatOutputDir := path.Join(stateDir, "outputs")
api := &API{
@@ -197,7 +204,7 @@ func New(repoPaths []string, stateDir string, solver *dnfjson.BaseSolver, dr *di
logger: logger,
compatOutputDir: compatOutputDir,
hostDistroName: hostDistroName,
- distroRegistry: dr,
+ distroFactory: df,
distrosImageTypeDenylist: distrosImageTypeDenylist,
}
return setupRouter(api), nil
@@ -505,7 +512,7 @@ func (api *API) getDistro(name, arch string) distro.Distro {
if !common.IsStringInSortedSlice(api.validDistros(arch), name) {
return nil
}
- return api.distroRegistry.GetDistro(name)
+ return api.distroFactory.GetDistro(name)
}
func verifyRequestVersion(writer http.ResponseWriter, params httprouter.Params, minVersion uint) bool {
@@ -2054,6 +2061,13 @@ func (api *API) blueprintsNewHandler(writer http.ResponseWriter, request *http.R
// Check the blueprint's distro to make sure it is valid
if len(blueprint.Distro) > 0 {
+ // NB: For backward compatibility, try to to standardize the distro name,
+ // because it may be missing a dot to separate major and minor verion.
+ // If it fails, just use the original name.
+ if distroStandardized, err := distroidparser.DefaultParser.Standardize(blueprint.Distro); err == nil {
+ blueprint.Distro = distroStandardized
+ }
+
arch := blueprint.Arch
if arch == "" {
arch = api.hostArch
@@ -3542,7 +3556,11 @@ func (api *API) payloadRepositories(distroName string) []rpmmd.RepoConfig {
// which are needed to build the specific image type. The allRepositories() can't do this, because
// it is used in places where image types are not considered.
func (api *API) allRepositoriesByImageType(imageType distro.ImageType) ([]rpmmd.RepoConfig, error) {
- repos, err := api.repoRegistry.ReposByImageType(imageType)
+ repos, err := api.repoRegistry.ReposByImageTypeName(
+ imageType.Arch().Distro().Name(),
+ imageType.Arch().Name(),
+ imageType.Name(),
+ )
if err != nil {
return nil, err
}
diff --git a/internal/weldr/api_test.go b/internal/weldr/api_test.go
index 99018e1d8..936610b47 100644
--- a/internal/weldr/api_test.go
+++ b/internal/weldr/api_test.go
@@ -21,16 +21,16 @@ import (
"github.com/osbuild/images/pkg/container"
"github.com/osbuild/images/pkg/distro"
"github.com/osbuild/images/pkg/distro/test_distro"
- "github.com/osbuild/images/pkg/distroregistry"
+ "github.com/osbuild/images/pkg/distrofactory"
"github.com/osbuild/images/pkg/ostree"
"github.com/osbuild/images/pkg/ostree/mock_ostree_repo"
+ "github.com/osbuild/images/pkg/reporegistry"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/osbuild-composer/internal/blueprint"
"github.com/osbuild/osbuild-composer/internal/common"
"github.com/osbuild/osbuild-composer/internal/dnfjson"
dnfjson_mock "github.com/osbuild/osbuild-composer/internal/mocks/dnfjson"
rpmmd_mock "github.com/osbuild/osbuild-composer/internal/mocks/rpmmd"
- "github.com/osbuild/osbuild-composer/internal/reporegistry"
"github.com/osbuild/osbuild-composer/internal/store"
"github.com/osbuild/osbuild-composer/internal/target"
"github.com/osbuild/osbuild-composer/internal/test"
@@ -43,6 +43,8 @@ import (
var dnfjsonPath string
+var testDistro2Name string = fmt.Sprintf("%s-2", test_distro.TestDistroNameBase)
+
func setupDNFJSON() {
// compile the mock-dnf-json binary to speed up tests
tmpdir, err := os.MkdirTemp("", "")
@@ -56,43 +58,70 @@ func setupDNFJSON() {
}
}
-func createWeldrAPI(tempdir string, fixtureGenerator rpmmd_mock.FixtureGenerator) (*API, *store.Store) {
+func createTestWeldrAPI(tempdir, hostDistroName, hostArchName string, fixtureGenerator rpmmd_mock.FixtureGenerator,
+ distroImageTypeDenylist map[string][]string) (*API, *store.Fixture) {
// create tempdir subdirectory for store
dbpath, err := os.MkdirTemp(tempdir, "")
if err != nil {
panic(err)
}
- fixture := fixtureGenerator(dbpath)
+ fixture := fixtureGenerator(dbpath, hostDistroName, hostArchName)
+
+ df := distrofactory.NewTestDefault()
+ distro := df.GetDistro(fixture.StoreFixture.HostDistroName)
+ if distro == nil {
+ panic(fmt.Errorf("unknown distro: %s", fixture.StoreFixture.HostDistroName))
+ }
+ _, err = distro.GetArch(fixture.StoreFixture.HostArchName)
+ if err != nil {
+ panic(fmt.Errorf("unknown arch: %s", fixture.StoreFixture.HostArchName))
+ }
+
+ // Determine the second arch, which is not the host arch
+ testArches := []string{
+ test_distro.TestArchName,
+ test_distro.TestArch2Name,
+ test_distro.TestArch3Name,
+ }
+ var otherArch string
+ for _, arch := range testArches {
+ if arch != fixture.StoreFixture.HostArchName {
+ otherArch = arch
+ break
+ }
+ }
+
+ hostDistroVer, err := strconv.Atoi(distro.Releasever())
+ if err != nil {
+ panic(fmt.Sprintf("failed to parse host distro version: %s", distro.Releasever()))
+ }
+ otherDistroName := fmt.Sprintf("%s-%d", test_distro.TestDistroNameBase, hostDistroVer+1)
+ otherDistro := df.GetDistro(otherDistroName)
+ if otherDistro == nil {
+ panic(fmt.Errorf("unknown distro: %s", otherDistroName))
+ }
+ _, err = otherDistro.GetArch(otherArch)
+ if err != nil {
+ panic(fmt.Errorf("unknown arch: %s", otherArch))
+ }
rr := reporegistry.NewFromDistrosRepoConfigs(rpmmd.DistrosRepoConfigs{
- test_distro.TestDistroName: {
- test_distro.TestArchName: {
+ fixture.StoreFixture.HostDistroName: {
+ fixture.StoreFixture.HostArchName: {
{Name: "test-id", BaseURLs: []string{"http://example.com/test/os/x86_64"}, CheckGPG: common.ToPtr(true)},
},
- test_distro.TestArch2Name: {
+ otherArch: {
{Name: "test-id", BaseURLs: []string{"http://example.com/test/os/aarch64"}, CheckGPG: common.ToPtr(true)},
},
},
- test_distro.TestDistro2Name: {
- test_distro.TestArchName: {
+ otherDistro.Name(): {
+ fixture.StoreFixture.HostArchName: {
{Name: "test-id-2", BaseURLs: []string{"http://example.com/test-2/os/x86_64"}, CheckGPG: common.ToPtr(true)},
},
},
})
- distro1 := test_distro.New()
- arch, err := distro1.GetArch(test_distro.TestArchName)
- if err != nil {
- panic(err)
- }
- distro2 := test_distro.NewTestDistro("test-distro-2", "platform:test-2", "2")
-
- dr, err := distroregistry.New(distro1, distro1, distro2)
- if err != nil {
- panic(err)
- }
-
solver := dnfjson.NewBaseSolver("") // test solver doesn't need a cache dir
// create tempdir subdirectory for solver response file
dspath, err := os.MkdirTemp(tempdir, "")
@@ -103,55 +132,8 @@ func createWeldrAPI(tempdir string, fixtureGenerator rpmmd_mock.FixtureGenerator
respfile := fixture.ResponseGenerator(dspath)
solver.SetDNFJSONPath(dnfjsonPath, respfile)
- testApi := NewTestAPI(solver, arch, dr, rr, nil, fixture.Store, fixture.Workers, "", nil)
- return testApi, fixture.Store
-}
-
-// createWeldrAPI2 is an alternative function to createWeldrAPI, using different test architecture
-// with more than a single image type
-func createWeldrAPI2(tempdir string, fixtureGenerator rpmmd_mock.FixtureGenerator, distroImageTypeDenylist map[string][]string) (*API, *store.Store) {
- // create tempdir subdirectory for store
- dbpath, err := os.MkdirTemp(tempdir, "")
- if err != nil {
- panic(err)
- }
- fixture := fixtureGenerator(dbpath)
-
- rr := reporegistry.NewFromDistrosRepoConfigs(rpmmd.DistrosRepoConfigs{
- test_distro.TestDistroName: {
- test_distro.TestArch2Name: {
- {Name: "test-id", BaseURLs: []string{"http://example.com/test/os/x86_64"}, CheckGPG: common.ToPtr(true)},
- },
- },
- test_distro.TestDistro2Name: {
- test_distro.TestArch2Name: {
- {Name: "test-id-2", BaseURLs: []string{"http://example.com/test-2/os/x86_64"}, CheckGPG: common.ToPtr(true)},
- },
- },
- })
-
- distro1 := test_distro.New()
- arch, err := distro1.GetArch(test_distro.TestArch2Name)
- if err != nil {
- panic(err)
- }
- distro2 := test_distro.NewTestDistro("test-distro-2", "platform:test-2", "2")
-
- dr, err := distroregistry.New(distro1, distro2)
- if err != nil {
- panic(err)
- }
-
- // create tempdir subdirectory for solver response file
- dspath, err := os.MkdirTemp(tempdir, "")
- if err != nil {
- panic(err)
- }
-
- solver := dnfjson.NewBaseSolver("")
- respfile := fixture.ResponseGenerator(dspath)
- solver.SetDNFJSONPath(dnfjsonPath, respfile)
- return NewTestAPI(solver, arch, dr, rr, nil, fixture.Store, fixture.Workers, "", distroImageTypeDenylist), fixture.Store
+ testApi := NewTestAPI(solver, rr, nil, fixture.StoreFixture, fixture.Workers, "", distroImageTypeDenylist)
+ return testApi, fixture.StoreFixture
}
// ResolveContent transforms content source specs into resolved specs for serialization.
@@ -212,13 +194,15 @@ func TestBasic(t *testing.T) {
{"/api/v0/blueprints/list", http.StatusOK, `{"total":1,"offset":0,"limit":1,"blueprints":["test"]}`},
{"/api/v0/blueprints/info/", http.StatusNotFound, `{"errors":[{"code":404,"id":"HTTPError","msg":"Not Found"}],"status":false}`},
{"/api/v0/blueprints/info/foo", http.StatusOK, `{"blueprints":[],"changes":[],"errors":[{"id":"UnknownBlueprint","msg":"foo: "}]}`},
- {"/api/v1/distros/list", http.StatusOK, `{"distros": ["test-distro", "test-distro-2"]}`},
+ {"/api/v1/distros/list", http.StatusOK, `{"distros": ["test-distro-1", "test-distro-2"]}`},
{"/api/v1/compose/types", http.StatusOK, `{"types": [{"enabled":true, "name":"test_ostree_type"},{"enabled":true, "name":"test_type"}]}`},
{"/api/v1/compose/types?distro=test-distro-2", http.StatusOK, `{"types": [{"enabled":true, "name":"test_ostree_type"},{"enabled":true, "name":"test_type"}]}`},
{"/api/v1/compose/types?distro=fedora-1", http.StatusBadRequest, `{"status":false,"errors":[{"id":"DistroError","msg":"Invalid distro: fedora-1"}]}`},
}
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
+
for _, c := range cases {
test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
}
@@ -237,15 +221,15 @@ func TestBlueprintsNew(t *testing.T) {
{"POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","packages:}`, http.StatusBadRequest, `{"status":false,"errors":[{"id":"BlueprintsError","msg":"400 Bad Request: The browser (or proxy) sent a request that this server could not understand: unexpected EOF"}]}`},
{"POST", "/api/v0/blueprints/new", `{"name":"","description":"Test","packages":[{"name":"httpd","version":"2.4.*"}],"version":"0.0.0"}`, http.StatusBadRequest, `{"status":false,"errors":[{"id":"InvalidChars","msg":"Invalid characters in API path"}]}`},
{"POST", "/api/v0/blueprints/new", ``, http.StatusBadRequest, `{"status":false,"errors":[{"id":"BlueprintsError","msg":"Missing blueprint"}]}`},
- {"POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","distro":"test-distro","packages":[],"version":""}`, http.StatusOK, `{"status":true}`},
+ {"POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","distro":"test-distro-1","packages":[],"version":""}`, http.StatusOK, `{"status":true}`},
{"POST", "/api/v0/blueprints/new", `{"name":"test2","description":"Test 2","distro":"test-distro-2","packages":[],"version":""}`, http.StatusOK, `{"status":true}`},
{"POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","distro":"fedora-1","packages":[],"version":""}`, http.StatusBadRequest, `{"status":false,"errors":[{"id":"BlueprintsError","msg":"'fedora-1' is not a valid distribution (architecture 'test_arch')"}]}`},
}
- tempdir := t.TempDir()
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
test.TestRoute(t, api, true, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON)
}
}
@@ -264,7 +248,8 @@ version = "2.4.*"`
req.Header.Set("Content-Type", "text/x-toml")
recorder := httptest.NewRecorder()
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
api.ServeHTTP(recorder, req)
r := recorder.Result()
@@ -276,7 +261,8 @@ func TestBlueprintsEmptyToml(t *testing.T) {
req.Header.Set("Content-Type", "text/x-toml")
recorder := httptest.NewRecorder()
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
api.ServeHTTP(recorder, req)
r := recorder.Result()
@@ -297,7 +283,8 @@ version = "2.4.*"`
req.Header.Set("Content-Type", "text/x-toml")
recorder := httptest.NewRecorder()
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
api.ServeHTTP(recorder, req)
r := recorder.Result()
@@ -317,10 +304,10 @@ func TestBlueprintsWorkspaceJSON(t *testing.T) {
{"POST", "/api/v0/blueprints/workspace", ``, http.StatusBadRequest, `{"status":false,"errors":[{"id":"BlueprintsError","msg":"Missing blueprint"}]}`},
}
- tempdir := t.TempDir()
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
test.TestRoute(t, api, true, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON)
}
}
@@ -339,7 +326,8 @@ version = "2.4.*"`
req.Header.Set("Content-Type", "text/x-toml")
recorder := httptest.NewRecorder()
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
api.ServeHTTP(recorder, req)
r := recorder.Result()
@@ -351,7 +339,8 @@ func TestBlueprintsWorkspaceEmptyTOML(t *testing.T) {
req.Header.Set("Content-Type", "text/x-toml")
recorder := httptest.NewRecorder()
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
api.ServeHTTP(recorder, req)
r := recorder.Result()
@@ -372,7 +361,8 @@ version = "2.4.*"`
req.Header.Set("Content-Type", "text/x-toml")
recorder := httptest.NewRecorder()
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
api.ServeHTTP(recorder, req)
r := recorder.Result()
@@ -394,10 +384,10 @@ func TestBlueprintsInfo(t *testing.T) {
{"GET", "/api/v0/blueprints/info/test3-non", ``, http.StatusOK, `{"blueprints":[],"changes":[],"errors":[{"id":"UnknownBlueprint","msg":"test3-non: "}]}`},
}
- tempdir := t.TempDir()
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
test.SendHTTP(api, true, "POST", "/api/v0/blueprints/new", `{"name":"test1","description":"Test","packages":[{"name":"httpd","version":"2.4.*"}],"version":"0.0.0"}`)
test.SendHTTP(api, true, "POST", "/api/v0/blueprints/new", `{"name":"test2","description":"Test","packages":[{"name":"httpd","version":"2.4.*"}],"version":"0.0.0"}`)
test.SendHTTP(api, true, "POST", "/api/v0/blueprints/workspace", `{"name":"test2","description":"Test","packages":[{"name":"systemd","version":"123"}],"version":"0.0.0"}`)
@@ -408,7 +398,8 @@ func TestBlueprintsInfo(t *testing.T) {
}
func TestBlueprintsInfoToml(t *testing.T) {
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
test.SendHTTP(api, true, "POST", "/api/v0/blueprints/new", `{"name":"test1","description":"Test","packages":[{"name":"httpd","version":"2.4.*"}],"version":"0.0.0"}`)
req := httptest.NewRequest("GET", "/api/v0/blueprints/info/test1?format=toml", nil)
@@ -439,7 +430,8 @@ func TestBlueprintsInfoToml(t *testing.T) {
}
func TestBlueprintsCustomizationInfoToml(t *testing.T) {
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
// A test blueprint with all the available customizations filled in
// Converted from TOML to JSON for the POST
@@ -447,7 +439,7 @@ func TestBlueprintsCustomizationInfoToml(t *testing.T) {
"name": "example-custom-base",
"description": "A base system with customizations",
"version": "0.0.1",
- "distro": "test-distro",
+ "distro": "test-distro-1",
"packages": [
{
"name": "tmux",
@@ -579,7 +571,7 @@ func TestBlueprintsCustomizationInfoToml(t *testing.T) {
Name: "example-custom-base",
Description: "A base system with customizations",
Version: "0.0.1",
- Distro: "test-distro",
+ Distro: test_distro.TestDistro1Name,
Packages: []blueprint.Package{
blueprint.Package{Name: "tmux", Version: "*"},
blueprint.Package{Name: "git", Version: "*"},
@@ -656,7 +648,8 @@ func TestBlueprintsCustomizationInfoToml(t *testing.T) {
}
func TestNonExistentBlueprintsInfoToml(t *testing.T) {
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
req := httptest.NewRequest("GET", "/api/v0/blueprints/info/test3-non?format=toml", nil)
recorder := httptest.NewRecorder()
api.ServeHTTP(recorder, req)
@@ -676,13 +669,14 @@ func TestBlueprintsFreeze(t *testing.T) {
{rpmmd_mock.BaseFixture, "/api/v0/blueprints/freeze/test,test2", http.StatusOK, freezeTestResponse},
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","packages":[{"name":"dep-package1","version":"*"},{"name":"dep-package3","version":"*"}], "modules":[{"name":"dep-package2","version":"*"}],"version":"0.0.0"}`)
- test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test2","description":"Test","packages":[{"name":"dep-package1","version":"*"},{"name":"dep-package3","version":"*"}], "modules":[{"name":"dep-package2","version":"*"}],"version":"0.0.0"}`)
- test.TestRoute(t, api, false, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","packages":[{"name":"dep-package1","version":"*"},{"name":"dep-package3","version":"*"}], "modules":[{"name":"dep-package2","version":"*"}],"version":"0.0.0"}`)
+ test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test2","description":"Test","packages":[{"name":"dep-package1","version":"*"},{"name":"dep-package3","version":"*"}], "modules":[{"name":"dep-package2","version":"*"}],"version":"0.0.0"}`)
+ test.TestRoute(t, api, false, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ })
}
})
@@ -697,12 +691,13 @@ func TestBlueprintsFreeze(t *testing.T) {
{rpmmd_mock.BaseFixture, "/api/v0/blueprints/freeze/missing?format=toml", http.StatusOK, ""},
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","packages":[{"name":"dep-package1","version":"*"},{"name":"dep-package3","version":"*"}], "modules":[{"name":"dep-package2","version":"*"}],"version":"0.0.0"}`)
- test.TestTOMLRoute(t, api, false, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedTOML)
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","packages":[{"name":"dep-package1","version":"*"},{"name":"dep-package3","version":"*"}], "modules":[{"name":"dep-package2","version":"*"}],"version":"0.0.0"}`)
+ test.TestTOMLRoute(t, api, false, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedTOML)
+ })
}
})
@@ -716,13 +711,14 @@ func TestBlueprintsFreeze(t *testing.T) {
{rpmmd_mock.BaseFixture, "/api/v0/blueprints/freeze/test,test2?format=toml", http.StatusBadRequest, "{\"status\":false,\"errors\":[{\"id\":\"HTTPError\",\"msg\":\"toml format only supported when requesting one blueprint\"}]}"},
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","packages":[{"name":"dep-package1","version":"*"},{"name":"dep-package3","version":"*"}], "modules":[{"name":"dep-package2","version":"*"}],"version":"0.0.0"}`)
- test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test2","description":"Test","packages":[{"name":"dep-package1","version":"*"},{"name":"dep-package3","version":"*"}], "modules":[{"name":"dep-package2","version":"*"}],"version":"0.0.0"}`)
- test.TestRoute(t, api, false, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","packages":[{"name":"dep-package1","version":"*"},{"name":"dep-package3","version":"*"}], "modules":[{"name":"dep-package2","version":"*"}],"version":"0.0.0"}`)
+ test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test2","description":"Test","packages":[{"name":"dep-package1","version":"*"},{"name":"dep-package3","version":"*"}], "modules":[{"name":"dep-package2","version":"*"}],"version":"0.0.0"}`)
+ test.TestRoute(t, api, false, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ })
}
})
}
@@ -738,10 +734,10 @@ func TestBlueprintsDiff(t *testing.T) {
{"GET", "/api/v0/blueprints/diff/test/NEWEST/WORKSPACE", ``, http.StatusOK, `{"diff":[{"new":{"Package":{"name":"systemd","version":"123"}},"old":null},{"new":null,"old":{"Package":{"name":"httpd","version":"2.4.*"}}}]}`},
}
- tempdir := t.TempDir()
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
test.SendHTTP(api, true, "POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","packages":[{"name":"httpd","version":"2.4.*"}],"version":"0.0.0"}`)
test.SendHTTP(api, true, "POST", "/api/v0/blueprints/workspace", `{"name":"test","description":"Test","packages":[{"name":"systemd","version":"123"}],"version":"0.0.0"}`)
test.TestRoute(t, api, true, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON)
@@ -761,10 +757,10 @@ func TestBlueprintsDelete(t *testing.T) {
{"DELETE", "/api/v0/blueprints/delete/test3-non", ``, http.StatusBadRequest, `{"status":false,"errors":[{"id":"BlueprintsError","msg":"Unknown blueprint: test3-non"}]}`},
}
- tempdir := t.TempDir()
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
test.SendHTTP(api, true, "POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","packages":[{"name":"httpd","version":"2.4.*"}],"version":"0.0.0"}`)
test.TestRoute(t, api, true, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON)
test.SendHTTP(api, true, "DELETE", "/api/v0/blueprints/delete/test", ``)
@@ -772,7 +768,8 @@ func TestBlueprintsDelete(t *testing.T) {
}
func TestBlueprintsChanges(t *testing.T) {
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
rand.Seed(time.Now().UnixNano())
// math/rand is good enough in this case
/* #nosec G404 */
@@ -797,7 +794,8 @@ func TestBlueprintsChanges(t *testing.T) {
// TestBlueprintChange tests getting a single blueprint commit
func TestBlueprintChange(t *testing.T) {
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
rand.Seed(time.Now().UnixNano())
// math/rand is good enough in this case
/* #nosec G404 */
@@ -842,20 +840,22 @@ func TestBlueprintsDepsolve(t *testing.T) {
{rpmmd_mock.BadDepsolve, http.StatusOK, depsolveBadError},
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","packages":[{"name":"dep-package1","version":"*"}],"modules":[{"name":"dep-package3","version":"*"}],"version":"0.0.0"}`)
- test.TestRoute(t, api, false, "GET", "/api/v0/blueprints/depsolve/test", ``, c.ExpectedStatus, c.ExpectedJSON)
- test.SendHTTP(api, false, "DELETE", "/api/v0/blueprints/delete/test", ``)
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.SendHTTP(api, false, "POST", "/api/v0/blueprints/new", `{"name":"test","description":"Test","packages":[{"name":"dep-package1","version":"*"}],"modules":[{"name":"dep-package3","version":"*"}],"version":"0.0.0"}`)
+ test.TestRoute(t, api, false, "GET", "/api/v0/blueprints/depsolve/test", ``, c.ExpectedStatus, c.ExpectedJSON)
+ test.SendHTTP(api, false, "DELETE", "/api/v0/blueprints/delete/test", ``)
+ })
}
}
// TestOldBlueprintsUndo run tests with blueprint changes after a service restart
// Old blueprints are not saved, after a restart the changes are listed, but cannot be recalled
func TestOldBlueprintsUndo(t *testing.T) {
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.OldChangesFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.OldChangesFixture, nil)
+ t.Cleanup(sf.Cleanup)
rand.Seed(time.Now().UnixNano())
// math/rand is good enough in this case
/* #nosec G404 */
@@ -889,7 +889,8 @@ func TestOldBlueprintsUndo(t *testing.T) {
// TestNewBlueprintsUndo run tests with blueprint changes without a service restart
func TestNewBlueprintsUndo(t *testing.T) {
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
rand.Seed(time.Now().UnixNano())
// math/rand is good enough in this case
/* #nosec G404 */
@@ -927,13 +928,16 @@ func TestNewBlueprintsUndo(t *testing.T) {
func TestCompose(t *testing.T) {
// create two ostree repos, one to serve the default test_distro ref (for fallback tests) and one to serve a custom ref
- ostreeRepoDefault := mock_ostree_repo.Setup(test_distro.New().OSTreeRef())
+ distro1 := test_distro.DistroFactory(test_distro.TestDistro1Name)
+ require.NotNil(t, distro1)
+
+ ostreeRepoDefault := mock_ostree_repo.Setup(distro1.OSTreeRef())
defer ostreeRepoDefault.TearDown()
otherRef := "some/other/ref"
ostreeRepoOther := mock_ostree_repo.Setup(otherRef)
defer ostreeRepoOther.TearDown()
- arch, err := test_distro.New().GetArch(test_distro.TestArchName)
+ arch, err := distro1.GetArch(test_distro.TestArchName)
require.NoError(t, err)
imgType, err := arch.GetImageType(test_distro.TestImageTypeName)
require.NoError(t, err)
@@ -1096,7 +1100,8 @@ func TestCompose(t *testing.T) {
}
// For 2nd distribution
- distro2 := test_distro.NewTestDistro("test-distro-2", "platform:test-2", "2")
+ distro2 := test_distro.DistroFactory(testDistro2Name)
+ require.NotNil(t, distro2)
arch2, err := distro2.GetArch(test_distro.TestArchName)
require.NoError(t, err)
imgType2, err := arch2.GetImageType(test_distro.TestImageTypeName)
@@ -1116,7 +1121,7 @@ func TestCompose(t *testing.T) {
Modules: []blueprint.Package{},
Groups: []blueprint.Group{},
Customizations: nil,
- Distro: "test-distro-2",
+ Distro: testDistro2Name,
},
ImageBuild: store.ImageBuild{
QueueStatus: common.IBWaiting,
@@ -1204,7 +1209,7 @@ func TestCompose(t *testing.T) {
"/api/v1/compose",
fmt.Sprintf(`{"blueprint_name": "test-badarch","compose_type": "%s","branch": "master"}`, test_distro.TestImageTypeName),
http.StatusBadRequest,
- `{"status": false,"errors":[{"id":"DistroError", "msg":"Unknown distribution: test-distro for arch badarch"}]}`,
+ `{"status": false,"errors":[{"id":"DistroError", "msg":"Unknown distribution: test-distro-1 for arch badarch"}]}`,
nil,
[]string{"build_id", "warnings"},
},
@@ -1320,33 +1325,36 @@ func TestCompose(t *testing.T) {
},
}
- tempdir := t.TempDir()
for name, c := range cases {
- api, s := createWeldrAPI(tempdir, rpmmd_mock.NoComposesFixture)
- _, err = api.workers.RegisterWorker(arch.Name())
- require.NoError(t, err)
- test.TestRoute(t, api, c.External, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON, c.IgnoreFields...)
+ t.Run(name, func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.NoComposesFixture, nil)
+ t.Cleanup(sf.Cleanup)
- if c.ExpectedStatus != http.StatusOK {
- continue
- }
+ _, err = api.workers.RegisterWorker(arch.Name())
+ require.NoError(t, err)
+ test.TestRoute(t, api, c.External, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON, c.IgnoreFields...)
- composes := s.GetAllComposes()
+ if c.ExpectedStatus != http.StatusOK {
+ return
+ }
- require.Equalf(t, 1, len(composes), "%s: %s: bad compose count in store", name, c.Path)
+ composes := sf.Store.GetAllComposes()
- // I have no idea how to get the compose in better way
- var composeStruct store.Compose
- for _, c := range composes {
- composeStruct = c
- break
- }
+ require.Equalf(t, 1, len(composes), "%s: %s: bad compose count in store", name, c.Path)
- require.NotNilf(t, composeStruct.ImageBuild.Manifest, "%s: %s: the compose in the store did not contain a blueprint", name, c.Path)
+ // I have no idea how to get the compose in better way
+ var composeStruct store.Compose
+ for _, c := range composes {
+ composeStruct = c
+ break
+ }
- if diff := cmp.Diff(composeStruct, *c.ExpectedCompose, test.IgnoreDates(), test.IgnoreUuids(), test.Ignore("Targets.Options.Location"), test.CompareImageTypes()); diff != "" {
- t.Errorf("%s: %s: compose in store isn't the same as expected, diff:\n%s", name, c.Path, diff)
- }
+ require.NotNilf(t, composeStruct.ImageBuild.Manifest, "%s: %s: the compose in the store did not contain a blueprint", name, c.Path)
+
+ if diff := cmp.Diff(composeStruct, *c.ExpectedCompose, test.IgnoreDates(), test.IgnoreUuids(), test.Ignore("Targets.Options.Location"), test.CompareImageTypes()); diff != "" {
+ t.Errorf("%s: %s: compose in store isn't the same as expected, diff:\n%s", name, c.Path, diff)
+ }
+ })
}
}
@@ -1367,19 +1375,21 @@ func TestComposeDelete(t *testing.T) {
{"/api/v0/compose/delete/30000000-0000-0000-0000-000000000003,42000000-0000-0000-0000-000000000000", `{"uuids":[{"uuid":"30000000-0000-0000-0000-000000000003","status":true}],"errors":[{"id":"UnknownUUID","msg":"compose 42000000-0000-0000-0000-000000000000 doesn't exist"}]}`, []string{"30000000-0000-0000-0000-000000000000", "30000000-0000-0000-0000-000000000001", "30000000-0000-0000-0000-000000000002", "30000000-0000-0000-0000-000000000004"}},
}
- tempdir := t.TempDir()
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
- for _, c := range cases {
- api, s := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
- test.TestRoute(t, api, false, "DELETE", c.Path, "", http.StatusOK, c.ExpectedJSON)
+ test.TestRoute(t, api, false, "DELETE", c.Path, "", http.StatusOK, c.ExpectedJSON)
- idsInStore := []string{}
+ idsInStore := []string{}
- for id := range s.GetAllComposes() {
- idsInStore = append(idsInStore, id.String())
- }
+ for id := range sf.Store.GetAllComposes() {
+ idsInStore = append(idsInStore, id.String())
+ }
- require.ElementsMatch(t, c.ExpectedIDsInStore, idsInStore, "%s: composes in store are different", c.Path)
+ require.ElementsMatch(t, c.ExpectedIDsInStore, idsInStore, "%s: composes in store are different", c.Path)
+ })
}
}
@@ -1406,10 +1416,10 @@ func TestComposeStatus(t *testing.T) {
t.Skip("This test is for internal testing only")
}
- tempdir := t.TempDir()
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
test.TestRoute(t, api, false, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON, "id", "job_created", "job_started")
}
}
@@ -1433,10 +1443,10 @@ func TestComposeInfo(t *testing.T) {
t.Skip("This test is for internal testing only")
}
- tempdir := t.TempDir()
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
test.TestRoute(t, api, false, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON)
}
}
@@ -1462,11 +1472,10 @@ func TestComposeLogs(t *testing.T) {
{"/api/v1/compose/results/30000000-0000-0000-0000-000000000002", "attachment; filename=30000000-0000-0000-0000-000000000002.tar", "application/x-tar", "30000000-0000-0000-0000-000000000002.json", emptyManifest},
}
- tempdir := t.TempDir()
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
for _, c := range successCases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
-
response := test.SendHTTP(api, false, "GET", c.Path, "")
require.Equalf(t, http.StatusOK, response.StatusCode, "%s: unexpected status code", c.Path)
require.Equalf(t, c.ExpectedContentDisposition, response.Header.Get("content-disposition"), "%s: header mismatch", c.Path)
@@ -1506,7 +1515,6 @@ func TestComposeLogs(t *testing.T) {
}
for _, c := range failureCases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
test.TestRoute(t, api, false, "GET", c.Path, "", http.StatusBadRequest, c.ExpectedJSON)
}
}
@@ -1531,10 +1539,10 @@ func TestComposeLog(t *testing.T) {
t.Skip("This test is for internal testing only")
}
- tempdir := t.TempDir()
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
test.TestNonJsonRoute(t, api, false, "GET", c.Path, "", c.ExpectedStatus, c.ExpectedResponse)
}
}
@@ -1558,11 +1566,12 @@ func TestComposeQueue(t *testing.T) {
t.Skip("This test is for internal testing only")
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- test.TestRoute(t, api, false, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON, "id", "job_created", "job_started")
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.TestRoute(t, api, false, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON, "id", "job_created", "job_started")
+ })
}
}
@@ -1584,11 +1593,12 @@ func TestComposeFinished(t *testing.T) {
t.Skip("This test is for internal testing only")
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- test.TestRoute(t, api, false, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON, "id", "job_created", "job_started")
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.TestRoute(t, api, false, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON, "id", "job_created", "job_started")
+ })
}
}
@@ -1610,11 +1620,12 @@ func TestComposeFailed(t *testing.T) {
t.Skip("This test is for internal testing only")
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- test.TestRoute(t, api, false, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON, "id", "job_created", "job_started")
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.TestRoute(t, api, false, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON, "id", "job_created", "job_started")
+ })
}
}
@@ -1635,23 +1646,21 @@ func TestSourcesNew(t *testing.T) {
{"POST", "/api/v0/projects/source/new", `{"name": "fish", "url": "https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/","check_ssl": false,"check_gpg": false}`, http.StatusBadRequest, `{"errors": [{"id": "ProjectsError","msg": "Problem parsing POST body: 'type' field is missing from request"}],"status":false}`},
{"POST", "/api/v0/projects/source/new", `{"name": "test-id", "url": "https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/","type": "yum-baseurl","check_ssl": false,"check_gpg": false}`, http.StatusBadRequest, `{"errors": [{"id": "SystemSource","msg": "test-id is a system source, it cannot be changed."}],"status":false}`},
{"POST", "/api/v1/projects/source/new", `{"id": "test-id", "name": "test system repo", "url": "https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/","type": "yum-baseurl","check_ssl": false,"check_gpg": false}`, http.StatusBadRequest, `{"errors": [{"id": "SystemSource","msg": "test-id is a system source, it cannot be changed."}],"status":false}`},
- {"POST", "/api/v1/projects/source/new", `{"id": "fish","name":"fish repo","url": "https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/","type": "yum-baseurl","check_ssl": false,"check_gpg": false,"distros":["test-distro", "test-distro-2"]}`, http.StatusOK, `{"status":true}`},
+ {"POST", "/api/v1/projects/source/new", `{"id": "fish","name":"fish repo","url": "https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/","type": "yum-baseurl","check_ssl": false,"check_gpg": false,"distros":["test-distro-1", "test-distro-2"]}`, http.StatusOK, `{"status":true}`},
{"POST", "/api/v1/projects/source/new", `{"id": "fish","name":"fish repo","url": "https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/","type": "yum-baseurl","check_ssl": false,"check_gpg": false,"distros":["fedora-1"]}`, http.StatusBadRequest, `{"status":false, "errors":[{"id":"ProjectsError", "msg":"Invalid distributions: fedora-1"}]}`},
{"POST", "/api/v1/projects/source/new", `{"id": "fish","name":"fish repo","url": "https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/","type": "yum-baseurl","check_ssl": false,"check_gpg": true,"check_repogpg":true,"gpgkeys": ["https://repourl/path/to/key.pub"]}`, http.StatusOK, `{"status":true}`},
}
- tempdir := t.TempDir()
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
test.TestRoute(t, api, true, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON)
test.SendHTTP(api, true, "DELETE", "/api/v0/projects/source/delete/fish", ``)
}
}
func TestSourcesNewTomlV0(t *testing.T) {
- tempdir := t.TempDir()
-
sources := []string{`
name = "fish"
url = "https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/"
@@ -1665,12 +1674,15 @@ type = "yum-baseurl"
check_ssl = false
check_gpg = false
`}
+
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
+
for _, source := range sources {
req := httptest.NewRequest("POST", "/api/v0/projects/source/new", bytes.NewReader([]byte(source)))
req.Header.Set("Content-Type", "text/x-toml")
recorder := httptest.NewRecorder()
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
api.ServeHTTP(recorder, req)
r := recorder.Result()
@@ -1682,20 +1694,21 @@ check_gpg = false
// Empty TOML, and invalid TOML should return an error
func TestSourcesNewWrongTomlV0(t *testing.T) {
- tempdir := t.TempDir()
-
sources := []string{``, `
url = "https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/"
type = "yum-baseurl"
check_ssl = false
check_gpg = false
`}
+
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
+
for _, source := range sources {
req := httptest.NewRequest("POST", "/api/v0/projects/source/new", bytes.NewReader([]byte(source)))
req.Header.Set("Content-Type", "text/x-toml")
recorder := httptest.NewRecorder()
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
api.ServeHTTP(recorder, req)
r := recorder.Result()
@@ -1705,8 +1718,6 @@ check_gpg = false
// TestSourcesNewTomlV1 tests the v1 sources API with id and name
func TestSourcesNewTomlV1(t *testing.T) {
- tempdir := t.TempDir()
-
sources := []string{`
id = "fish"
name = "fish or cut bait"
@@ -1767,12 +1778,15 @@ Yu2U6D6/DYohtTYp0s1ekS5KQkCJM7lfqecDsQhfVfOfR0w4aF8k8u3HmWdOfUz+
=myjM
-----END PGP PUBLIC KEY BLOCK-----''']
`}
+
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
+
for _, source := range sources {
req := httptest.NewRequest("POST", "/api/v1/projects/source/new", bytes.NewReader([]byte(source)))
req.Header.Set("Content-Type", "text/x-toml")
recorder := httptest.NewRecorder()
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
api.ServeHTTP(recorder, req)
r := recorder.Result()
@@ -1797,7 +1811,8 @@ rhsm = true
req.Header.Set("Content-Type", "text/x-toml")
recorder := httptest.NewRecorder()
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
api.ServeHTTP(recorder, req)
r := recorder.Result()
@@ -1809,7 +1824,8 @@ rhsm = true
func TestSourcesInfoGPGKeysV1(t *testing.T) {
sourceStr := `{"id":"fish","name":"fish repo","type":"yum-baseurl","url":"https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/","check_gpg":true,"check_repogpg":true,"check_ssl":false,"gpgkeys":["https://repourl/path/to/key.pub"],"rhsm":false,"system":false}`
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
test.SendHTTP(api, true, "POST", "/api/v1/projects/source/new", sourceStr)
test.TestRoute(t, api, true, "GET", "/api/v1/projects/source/info/fish", ``, 200, `{"sources":{"fish":`+sourceStr+`},"errors":[]}`)
test.TestRoute(t, api, true, "GET", "/api/v1/projects/source/info/fish?format=json", ``, 200, `{"sources":{"fish":`+sourceStr+`},"errors":[]}`)
@@ -1817,8 +1833,6 @@ func TestSourcesInfoGPGKeysV1(t *testing.T) {
// TestSourcesNewWrongTomlV1 Tests that Empty TOML, and invalid TOML should return an error
func TestSourcesNewWrongTomlV1(t *testing.T) {
- tempdir := t.TempDir()
-
sources := []string{``, `
url = "https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/"
type = "yum-baseurl"
@@ -1837,12 +1851,15 @@ type = "yum-baseurl"
check_ssl = false
check_gpg = false
`}
+
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
+
for _, source := range sources {
req := httptest.NewRequest("POST", "/api/v1/projects/source/new", bytes.NewReader([]byte(source)))
req.Header.Set("Content-Type", "text/x-toml")
recorder := httptest.NewRecorder()
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
api.ServeHTTP(recorder, req)
r := recorder.Result()
@@ -1853,7 +1870,8 @@ check_gpg = false
func TestSourcesInfo(t *testing.T) {
sourceStr := `{"name":"fish","type":"yum-baseurl","url":"https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/","check_gpg":false,"check_ssl":false,"system":false}`
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
test.SendHTTP(api, true, "POST", "/api/v0/projects/source/new", sourceStr)
test.TestRoute(t, api, true, "GET", "/api/v0/projects/source/info/fish", ``, 200, `{"sources":{"fish":`+sourceStr+`},"errors":[]}`)
test.TestRoute(t, api, true, "GET", "/api/v0/projects/source/info/fish?format=json", ``, 200, `{"sources":{"fish":`+sourceStr+`},"errors":[]}`)
@@ -1863,7 +1881,8 @@ func TestSourcesInfo(t *testing.T) {
func TestSourcesInfoToml(t *testing.T) {
sourceStr := `{"name":"fish","type":"yum-baseurl","url":"https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/","check_gpg":false,"check_ssl":false,"system":false}`
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
test.SendHTTP(api, true, "POST", "/api/v0/projects/source/new", sourceStr)
req := httptest.NewRequest("GET", "/api/v0/projects/source/info/fish?format=toml", nil)
@@ -1899,10 +1918,10 @@ func TestSourcesDelete(t *testing.T) {
{"DELETE", "/api/v0/projects/source/delete/unknown", ``, http.StatusBadRequest, `{"status":false,"errors":[{"id":"UnknownSource","msg":"unknown is not a valid source."}]}`},
}
- tempdir := t.TempDir()
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, rpmmd_mock.BaseFixture)
test.SendHTTP(api, true, "POST", "/api/v0/projects/source/new", `{"name": "fish","url": "https://download.opensuse.org/repositories/shells:/fish:/release:/3/Fedora_29/","type": "yum-baseurl","check_ssl": false,"check_gpg": false}`)
test.TestRoute(t, api, true, c.Method, c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON)
test.SendHTTP(api, true, "DELETE", "/api/v0/projects/source/delete/fish", ``)
@@ -1923,11 +1942,12 @@ func TestProjectsDepsolve(t *testing.T) {
{rpmmd_mock.BaseFixture, "/api/v0/projects/depsolve/fish?distro=fedora-1", http.StatusBadRequest, `{"status":false,"errors":[{"id":"DistroError","msg":"Invalid distro: fedora-1"}]}`},
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ })
}
}
@@ -1948,11 +1968,12 @@ func TestProjectsInfo(t *testing.T) {
{rpmmd_mock.BaseFixture, "/api/v0/projects/info/package16?distro=fedora-1", http.StatusBadRequest, `{"status":false,"errors":[{"id":"DistroError","msg":"Invalid distro: fedora-1"}]}`},
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ })
}
}
@@ -1975,12 +1996,12 @@ func TestModulesInfo(t *testing.T) {
{rpmmd_mock.BaseFixture, "/api/v1/modules/info/package16?distro=fedora-1", http.StatusBadRequest, `{"status":false,"errors":[{"id":"DistroError","msg":"Invalid distro: fedora-1"}]}`},
}
- tempdir := t.TempDir()
-
for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- t.Logf("Path = %s", c.Path)
- test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ t.Run("Path = %s", func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ })
}
}
@@ -1999,11 +2020,12 @@ func TestProjectsList(t *testing.T) {
{rpmmd_mock.BaseFixture, "/api/v0/projects/list?distro=fedora-1&offset=1&limit=1", http.StatusBadRequest, `{"status":false,"errors":[{"id":"DistroError","msg":"Invalid distro: fedora-1"}]}`},
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ })
}
}
@@ -2025,11 +2047,12 @@ func TestModulesList(t *testing.T) {
{rpmmd_mock.BaseFixture, "/api/v0/modules/list/package2*,package16?distro=fedora-1&offset=1&limit=1", http.StatusBadRequest, `{"status":false,"errors":[{"id":"DistroError","msg":"Invalid distro: fedora-1"}]}`},
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI(tempdir, c.Fixture)
- test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, c.Fixture, nil)
+ t.Cleanup(sf.Cleanup)
+ test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ })
}
}
@@ -2054,25 +2077,25 @@ func TestComposeTypes_ImageTypeDenylist(t *testing.T) {
},
{
"/api/v1/compose/types",
- map[string][]string{test_distro.TestDistro2Name: {test_distro.TestImageTypeName}},
+ map[string][]string{testDistro2Name: {test_distro.TestImageTypeName}},
http.StatusOK,
fmt.Sprintf(`{"types": [{"enabled":true, "name":%q}]}`, test_distro.TestImageType2Name),
},
{
"/api/v1/compose/types?distro=test-distro-2",
- map[string][]string{test_distro.TestDistro2Name: {test_distro.TestImageTypeName}},
+ map[string][]string{testDistro2Name: {test_distro.TestImageTypeName}},
http.StatusOK,
fmt.Sprintf(`{"types": [{"enabled":true, "name":%q}]}`, test_distro.TestImageType2Name),
},
{
"/api/v1/compose/types",
- map[string][]string{test_distro.TestDistro2Name: {test_distro.TestImageTypeName, test_distro.TestImageType2Name}},
+ map[string][]string{testDistro2Name: {test_distro.TestImageTypeName, test_distro.TestImageType2Name}},
http.StatusOK,
`{"types": null}`,
},
{
"/api/v1/compose/types?distro=test-distro-2",
- map[string][]string{test_distro.TestDistro2Name: {test_distro.TestImageTypeName, test_distro.TestImageType2Name}},
+ map[string][]string{testDistro2Name: {test_distro.TestImageTypeName, test_distro.TestImageType2Name}},
http.StatusOK,
`{"types": null}`,
},
@@ -2090,29 +2113,31 @@ func TestComposeTypes_ImageTypeDenylist(t *testing.T) {
},
{
"/api/v1/compose/types",
- map[string][]string{test_distro.TestDistro2Name: {"*"}},
+ map[string][]string{testDistro2Name: {"*"}},
http.StatusOK,
`{"types": null}`,
},
{
"/api/v1/compose/types?distro=test-distro-2",
- map[string][]string{test_distro.TestDistroName: {"*"}},
+ map[string][]string{test_distro.TestDistro1Name: {"*"}},
http.StatusOK,
fmt.Sprintf(`{"types": [{"enabled":true, "name":%q}, {"enabled":true, "name":%q}]}`,
test_distro.TestImageTypeName, test_distro.TestImageType2Name),
},
}
- tempdir := t.TempDir()
-
- for _, c := range cases {
- api, _ := createWeldrAPI2(tempdir, rpmmd_mock.BaseFixture, c.ImageTypeDenylist)
- test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), testDistro2Name, test_distro.TestArch2Name, rpmmd_mock.BaseFixture, c.ImageTypeDenylist)
+ t.Cleanup(sf.Cleanup)
+ test.TestRoute(t, api, true, "GET", c.Path, ``, c.ExpectedStatus, c.ExpectedJSON)
+ })
}
}
func TestComposePOST_ImageTypeDenylist(t *testing.T) {
- distro2 := test_distro.NewTestDistro("test-distro-2", "platform:test-2", "2")
+ distro2 := test_distro.DistroFactory(testDistro2Name)
+ require.NotNil(t, distro2)
arch, err := distro2.GetArch(test_distro.TestArch2Name)
require.NoError(t, err)
imgType, err := arch.GetImageType(test_distro.TestImageTypeName)
@@ -2214,17 +2239,17 @@ func TestComposePOST_ImageTypeDenylist(t *testing.T) {
{
"/api/v1/compose",
fmt.Sprintf(`{"blueprint_name": "test","compose_type": "%s","branch": "master"}`, test_distro.TestImageTypeName),
- map[string][]string{test_distro.TestDistro2Name: {test_distro.TestImageTypeName}},
+ map[string][]string{testDistro2Name: {test_distro.TestImageTypeName}},
http.StatusBadRequest,
fmt.Sprintf(`{"status":false,"errors":[{"id":"ComposeError","msg":"Failed to get compose type \"%[1]s\": image type \"%[1]s\" for distro \"%[2]s\" is denied by configuration"}]}`,
- test_distro.TestImageTypeName, test_distro.TestDistro2Name),
+ test_distro.TestImageTypeName, testDistro2Name),
expectedComposeLocal,
[]string{"build_id", "warnings"},
},
{
"/api/v1/compose",
fmt.Sprintf(`{"blueprint_name": "test","compose_type": "%s","branch": "master"}`, test_distro.TestImageType2Name),
- map[string][]string{test_distro.TestDistro2Name: {test_distro.TestImageTypeName}},
+ map[string][]string{testDistro2Name: {test_distro.TestImageTypeName}},
http.StatusOK,
`{"status": true}`,
expectedComposeLocal2,
@@ -2233,20 +2258,20 @@ func TestComposePOST_ImageTypeDenylist(t *testing.T) {
{
"/api/v1/compose",
fmt.Sprintf(`{"blueprint_name": "test","compose_type": "%s","branch": "master"}`, test_distro.TestImageTypeName),
- map[string][]string{test_distro.TestDistro2Name: {test_distro.TestImageTypeName, test_distro.TestImageType2Name}},
+ map[string][]string{testDistro2Name: {test_distro.TestImageTypeName, test_distro.TestImageType2Name}},
http.StatusBadRequest,
fmt.Sprintf(`{"status":false,"errors":[{"id":"ComposeError","msg":"Failed to get compose type \"%[1]s\": image type \"%[1]s\" for distro \"%[2]s\" is denied by configuration"}]}`,
- test_distro.TestImageTypeName, test_distro.TestDistro2Name),
+ test_distro.TestImageTypeName, testDistro2Name),
expectedComposeLocal,
[]string{"build_id", "warnings"},
},
{
"/api/v1/compose",
fmt.Sprintf(`{"blueprint_name": "test","compose_type": "%s","branch": "master"}`, test_distro.TestImageType2Name),
- map[string][]string{test_distro.TestDistro2Name: {test_distro.TestImageTypeName, test_distro.TestImageType2Name}},
+ map[string][]string{testDistro2Name: {test_distro.TestImageTypeName, test_distro.TestImageType2Name}},
http.StatusBadRequest,
fmt.Sprintf(`{"status":false,"errors":[{"id":"ComposeError","msg":"Failed to get compose type \"%[1]s\": image type \"%[1]s\" for distro \"%[2]s\" is denied by configuration"}]}`,
- test_distro.TestImageType2Name, test_distro.TestDistro2Name),
+ test_distro.TestImageType2Name, testDistro2Name),
expectedComposeLocal2,
[]string{"build_id", "warnings"},
},
@@ -2256,68 +2281,69 @@ func TestComposePOST_ImageTypeDenylist(t *testing.T) {
map[string][]string{"*": {test_distro.TestImageTypeName}},
http.StatusBadRequest,
fmt.Sprintf(`{"status":false,"errors":[{"id":"ComposeError","msg":"Failed to get compose type \"%[1]s\": image type \"%[1]s\" for distro \"%[2]s\" is denied by configuration"}]}`,
- test_distro.TestImageTypeName, test_distro.TestDistro2Name),
+ test_distro.TestImageTypeName, testDistro2Name),
expectedComposeLocal,
[]string{"build_id", "warnings"},
},
{
"/api/v1/compose",
fmt.Sprintf(`{"blueprint_name": "test","compose_type": "%s","branch": "master"}`, test_distro.TestImageTypeName),
- map[string][]string{test_distro.TestDistro2Name: {"*"}},
+ map[string][]string{testDistro2Name: {"*"}},
http.StatusBadRequest,
fmt.Sprintf(`{"status":false,"errors":[{"id":"ComposeError","msg":"Failed to get compose type \"%[1]s\": image type \"%[1]s\" for distro \"%[2]s\" is denied by configuration"}]}`,
- test_distro.TestImageTypeName, test_distro.TestDistro2Name),
+ test_distro.TestImageTypeName, testDistro2Name),
expectedComposeLocal,
[]string{"build_id", "warnings"},
},
{
"/api/v1/compose",
fmt.Sprintf(`{"blueprint_name": "test","compose_type": "%s","branch": "master"}`, test_distro.TestImageTypeName),
- map[string][]string{fmt.Sprintf("%s*", test_distro.TestDistroName): {fmt.Sprintf("%s*", test_distro.TestImageTypeName)}},
+ map[string][]string{fmt.Sprintf("%s*", test_distro.TestDistroNameBase): {fmt.Sprintf("%s*", test_distro.TestImageTypeName)}},
http.StatusBadRequest,
fmt.Sprintf(`{"status":false,"errors":[{"id":"ComposeError","msg":"Failed to get compose type \"%[1]s\": image type \"%[1]s\" for distro \"%[2]s\" is denied by configuration"}]}`,
- test_distro.TestImageTypeName, test_distro.TestDistro2Name),
+ test_distro.TestImageTypeName, testDistro2Name),
expectedComposeLocal,
[]string{"build_id", "warnings"},
},
{
"/api/v1/compose",
fmt.Sprintf(`{"blueprint_name": "test","compose_type": "%s","branch": "master"}`, test_distro.TestImageType2Name),
- map[string][]string{fmt.Sprintf("%s*", test_distro.TestDistroName): {fmt.Sprintf("%s*", test_distro.TestImageTypeName)}},
+ map[string][]string{fmt.Sprintf("%s*", test_distro.TestDistroNameBase): {fmt.Sprintf("%s*", test_distro.TestImageTypeName)}},
http.StatusBadRequest,
fmt.Sprintf(`{"status":false,"errors":[{"id":"ComposeError","msg":"Failed to get compose type \"%[1]s\": image type \"%[1]s\" for distro \"%[2]s\" is denied by configuration"}]}`,
- test_distro.TestImageType2Name, test_distro.TestDistro2Name),
+ test_distro.TestImageType2Name, testDistro2Name),
expectedComposeLocal,
[]string{"build_id", "warnings"},
},
}
- tempdir := t.TempDir()
+ for idx, c := range cases {
+ t.Run(fmt.Sprintf("case %d", idx), func(t *testing.T) {
+ api, sf := createTestWeldrAPI(t.TempDir(), distro2.Name(), arch.Name(), rpmmd_mock.NoComposesFixture, c.imageTypeDenylist)
+ t.Cleanup(sf.Cleanup)
+ _, err = api.workers.RegisterWorker(arch.Name())
+ require.NoError(t, err)
+ test.TestRoute(t, api, true, "POST", c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON, c.IgnoreFields...)
- for _, c := range cases {
- api, s := createWeldrAPI2(tempdir, rpmmd_mock.NoComposesFixture, c.imageTypeDenylist)
- _, err = api.workers.RegisterWorker(arch.Name())
- require.NoError(t, err)
- test.TestRoute(t, api, true, "POST", c.Path, c.Body, c.ExpectedStatus, c.ExpectedJSON, c.IgnoreFields...)
+ if c.ExpectedStatus != http.StatusOK {
+ return
+ }
- if c.ExpectedStatus != http.StatusOK {
- continue
- }
+ composes := sf.Store.GetAllComposes()
+ require.Equalf(t, 1, len(composes), "%s: bad compose count in store", c.Path)
- composes := s.GetAllComposes()
- require.Equalf(t, 1, len(composes), "%s: bad compose count in store", c.Path)
+ var composeStruct store.Compose
+ for _, c := range composes {
+ composeStruct = c
+ break
+ }
- var composeStruct store.Compose
- for _, c := range composes {
- composeStruct = c
- break
- }
+ require.NotNilf(t, composeStruct.ImageBuild.Manifest, "%s: the compose in the store did not contain a blueprint", c.Path)
- require.NotNilf(t, composeStruct.ImageBuild.Manifest, "%s: the compose in the store did not contain a blueprint", c.Path)
-
- if diff := cmp.Diff(composeStruct, *c.ExpectedCompose, test.IgnoreDates(), test.IgnoreUuids(), test.Ignore("Targets.Options.Location"), test.CompareImageTypes()); diff != "" {
- t.Errorf("%s: compose in store isn't the same as expected, diff:\n%s", c.Path, diff)
- }
+ if diff := cmp.Diff(composeStruct, *c.ExpectedCompose, test.IgnoreDates(), test.IgnoreUuids(), test.Ignore("Targets.Options.Location"), test.CompareImageTypes()); diff != "" {
+ t.Errorf("%s: compose in store isn't the same as expected, diff:\n%s", c.Path, diff)
+ }
+ })
}
}
func TestExpandBlueprintNoGlob(t *testing.T) {
diff --git a/internal/weldr/compose_test.go b/internal/weldr/compose_test.go
index b91905567..c139c1bdd 100644
--- a/internal/weldr/compose_test.go
+++ b/internal/weldr/compose_test.go
@@ -22,9 +22,10 @@ func TestComposeStatusFromLegacyError(t *testing.T) {
t.Skip("This test is for internal testing only")
}
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
- distroStruct := test_distro.New()
+ distroStruct := test_distro.DistroFactory(test_distro.TestDistro1Name)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
@@ -77,9 +78,10 @@ func TestComposeStatusFromJobError(t *testing.T) {
t.Skip("This test is for internal testing only")
}
- api, _ := createWeldrAPI(t.TempDir(), rpmmd_mock.BaseFixture)
+ api, sf := createTestWeldrAPI(t.TempDir(), test_distro.TestDistro1Name, test_distro.TestArchName, rpmmd_mock.BaseFixture, nil)
+ t.Cleanup(sf.Cleanup)
- distroStruct := test_distro.New()
+ distroStruct := test_distro.DistroFactory(test_distro.TestDistro1Name)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
diff --git a/internal/worker/server_test.go b/internal/worker/server_test.go
index 31f155e7c..d45aa3457 100644
--- a/internal/worker/server_test.go
+++ b/internal/worker/server_test.go
@@ -127,8 +127,14 @@ func TestErrorsAlteredBasePath(t *testing.T) {
}
}
+func newTestDistro(t *testing.T) distro.Distro {
+ distroStruct := test_distro.DistroFactory(test_distro.TestDistro1Name)
+ require.NotNil(t, distroStruct)
+ return distroStruct
+}
+
func TestCreate(t *testing.T) {
- distroStruct := test_distro.New()
+ distroStruct := newTestDistro(t)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
@@ -158,7 +164,7 @@ func TestCreate(t *testing.T) {
}
func TestCancel(t *testing.T) {
- distroStruct := test_distro.New()
+ distroStruct := newTestDistro(t)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
@@ -199,7 +205,7 @@ func TestCancel(t *testing.T) {
}
func TestUpdate(t *testing.T) {
- distroStruct := test_distro.New()
+ distroStruct := newTestDistro(t)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
@@ -237,7 +243,7 @@ func TestUpdate(t *testing.T) {
}
func TestArgs(t *testing.T) {
- distroStruct := test_distro.New()
+ distroStruct := newTestDistro(t)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
require.NoError(t, err)
imageType, err := arch.GetImageType(test_distro.TestImageTypeName)
@@ -282,7 +288,7 @@ func TestArgs(t *testing.T) {
}
func TestUpload(t *testing.T) {
- distroStruct := test_distro.New()
+ distroStruct := newTestDistro(t)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
@@ -316,7 +322,7 @@ func TestUpload(t *testing.T) {
}
func TestUploadNotAcceptingArtifacts(t *testing.T) {
- distroStruct := test_distro.New()
+ distroStruct := newTestDistro(t)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
@@ -350,7 +356,7 @@ func TestUploadNotAcceptingArtifacts(t *testing.T) {
}
func TestUploadAlteredBasePath(t *testing.T) {
- distroStruct := test_distro.New()
+ distroStruct := newTestDistro(t)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
@@ -390,7 +396,7 @@ func TestUploadAlteredBasePath(t *testing.T) {
}
func TestTimeout(t *testing.T) {
- distroStruct := test_distro.New()
+ distroStruct := newTestDistro(t)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
@@ -409,7 +415,7 @@ func TestTimeout(t *testing.T) {
}
func TestRequestJobById(t *testing.T) {
- distroStruct := test_distro.New()
+ distroStruct := newTestDistro(t)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
@@ -612,7 +618,7 @@ func TestMixedOSBuildJob(t *testing.T) {
}
func TestDepsolveLegacyErrorConversion(t *testing.T) {
- distroStruct := test_distro.New()
+ distroStruct := newTestDistro(t)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
@@ -1642,7 +1648,7 @@ func TestRequestJobForWorker(t *testing.T) {
require.NoError(t, err)
test.TestRoute(t, server.Handler(), false, "POST", fmt.Sprintf("/api/worker/v1/workers/%s/status", workerID), "{}", 200, "")
- distroStruct := test_distro.New()
+ distroStruct := newTestDistro(t)
arch, err := distroStruct.GetArch(test_distro.TestArchName)
if err != nil {
t.Fatalf("error getting arch from distro: %v", err)
diff --git a/osbuild-composer.spec b/osbuild-composer.spec
index c8dcedf4e..cd3387622 100644
--- a/osbuild-composer.spec
+++ b/osbuild-composer.spec
@@ -42,9 +42,13 @@ BuildRequires: make
# Build requirements of 'theproglottis/gpgme' package
BuildRequires: gpgme-devel
BuildRequires: libassuan-devel
+# Build requirements of 'github.com/containers/storage' package
+BuildRequires: device-mapper-devel
%if 0%{?fedora}
BuildRequires: systemd-rpm-macros
BuildRequires: git
+# Build requirements of 'github.com/containers/storage' package
+BuildRequires: btrfs-progs-devel
# DO NOT REMOVE the BUNDLE_START and BUNDLE_END markers as they are used by 'tools/rpm_spec_add_provides_bundle.sh' to generate the Provides: bundled list
# BUNDLE_START
# BUNDLE_END
@@ -84,6 +88,11 @@ export GOFLAGS+=" -mod=vendor"
%undefine gomodulesmode
%endif
+# btrfs-progs-devel is not available on RHEL
+%if 0%{?rhel}
+GOTAGS="exclude_graphdriver_btrfs"
+%endif
+
# Set the commit hash so that composer can report what source version
# was used to build it. This has to be set explicitly when calling rpmbuild,
# this script will not attempt to automatically discover it.
@@ -92,8 +101,8 @@ export LDFLAGS="${LDFLAGS} -X 'github.com/osbuild/osbuild-composer/internal/comm
%endif
export LDFLAGS="${LDFLAGS} -X 'github.com/osbuild/osbuild-composer/internal/common.RpmVersion=%{name}-%{?epoch:%epoch:}%{version}-%{release}.%{_arch}'"
-%gobuild -o _bin/osbuild-composer %{goipath}/cmd/osbuild-composer
-%gobuild -o _bin/osbuild-worker %{goipath}/cmd/osbuild-worker
+%gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-composer %{goipath}/cmd/osbuild-composer
+%gobuild ${GOTAGS:+-tags=$GOTAGS} -o _bin/osbuild-worker %{goipath}/cmd/osbuild-worker
make man
@@ -112,15 +121,15 @@ export GOPATH=%{gobuilddir}:%{gopath}
TEST_LDFLAGS="${LDFLAGS:-} -B 0x$(od -N 20 -An -tx1 -w100 /dev/urandom | tr -d ' ')"
-go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-cli-tests %{goipath}/cmd/osbuild-composer-cli-tests
-go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-dnf-json-tests %{goipath}/cmd/osbuild-dnf-json-tests
-go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-weldr-tests %{goipath}/internal/client/
-go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-image-tests %{goipath}/cmd/osbuild-image-tests
-go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-auth-tests %{goipath}/cmd/osbuild-auth-tests
-go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-koji-tests %{goipath}/cmd/osbuild-koji-tests
-go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-dbjobqueue-tests %{goipath}/cmd/osbuild-composer-dbjobqueue-tests
-go test -c -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-service-maintenance-tests %{goipath}/cmd/osbuild-service-maintenance
-go build -tags=integration -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-mock-openid-provider %{goipath}/cmd/osbuild-mock-openid-provider
+go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-cli-tests %{goipath}/cmd/osbuild-composer-cli-tests
+go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-dnf-json-tests %{goipath}/cmd/osbuild-dnf-json-tests
+go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-weldr-tests %{goipath}/internal/client/
+go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-image-tests %{goipath}/cmd/osbuild-image-tests
+go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-auth-tests %{goipath}/cmd/osbuild-auth-tests
+go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-koji-tests %{goipath}/cmd/osbuild-koji-tests
+go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-composer-dbjobqueue-tests %{goipath}/cmd/osbuild-composer-dbjobqueue-tests
+go test -c -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-service-maintenance-tests %{goipath}/cmd/osbuild-service-maintenance
+go build -tags="integration${GOTAGS:+,$GOTAGS}" -ldflags="${TEST_LDFLAGS}" -o _bin/osbuild-mock-openid-provider %{goipath}/cmd/osbuild-mock-openid-provider
%endif
@@ -253,7 +262,7 @@ install -m 0644 -vp test/data/upgrade8to9/* %{buildroot}%{
%check
export GOFLAGS="-buildmode=pie"
%if 0%{?rhel}
-export GOFLAGS+=" -mod=vendor"
+export GOFLAGS+=" -mod=vendor -tags=exclude_graphdriver_btrfs"
export GOPATH=$PWD/_build:%{gopath}
# cd inside GOPATH, otherwise go with GO111MODULE=off ignores vendor directory
cd $PWD/_build/src/%{goipath}
@@ -298,10 +307,10 @@ The core osbuild-composer binary. This is suitable both for spawning in containe
Summary: The worker for osbuild-composer
Requires: systemd
Requires: qemu-img
-Requires: osbuild >= 93
-Requires: osbuild-ostree >= 93
-Requires: osbuild-lvm2 >= 93
-Requires: osbuild-luks2 >= 93
+Requires: osbuild >= 98
+Requires: osbuild-ostree >= 98
+Requires: osbuild-lvm2 >= 98
+Requires: osbuild-luks2 >= 98
Requires: %{name}-dnf-json = %{version}-%{release}
%description worker
diff --git a/test/cases/ostree-ng.sh b/test/cases/ostree-ng.sh
index 4a87bc137..27fc3d436 100755
--- a/test/cases/ostree-ng.sh
+++ b/test/cases/ostree-ng.sh
@@ -125,7 +125,7 @@ case "${ID}-${VERSION_ID}" in
CONTAINER_TYPE=iot-container
INSTALLER_TYPE=iot-installer
OSTREE_REF="fedora/${VERSION_ID}/${ARCH}/iot"
- OSTREE_OSNAME=fedora
+ OSTREE_OSNAME=fedora-iot
OS_VARIANT="fedora-unknown"
EMBEDED_CONTAINER="false"
DIRS_FILES_CUSTOMIZATION="true"
diff --git a/vendor/cloud.google.com/go/internal/.repo-metadata-full.json b/vendor/cloud.google.com/go/internal/.repo-metadata-full.json
index 31d172047..46c4094d3 100644
--- a/vendor/cloud.google.com/go/internal/.repo-metadata-full.json
+++ b/vendor/cloud.google.com/go/internal/.repo-metadata-full.json
@@ -619,6 +619,16 @@
"release_level": "stable",
"library_type": "GAPIC_AUTO"
},
+ "cloud.google.com/go/cloudprofiler/apiv2": {
+ "api_shortname": "cloudprofiler",
+ "distribution_name": "cloud.google.com/go/cloudprofiler/apiv2",
+ "description": "Cloud Profiler API",
+ "language": "go",
+ "client_library_type": "generated",
+ "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/cloudprofiler/latest/apiv2",
+ "release_level": "preview",
+ "library_type": "GAPIC_AUTO"
+ },
"cloud.google.com/go/cloudtasks/apiv2": {
"api_shortname": "cloudtasks",
"distribution_name": "cloud.google.com/go/cloudtasks/apiv2",
@@ -1019,6 +1029,16 @@
"release_level": "stable",
"library_type": "GAPIC_AUTO"
},
+ "cloud.google.com/go/edgenetwork/apiv1": {
+ "api_shortname": "edgenetwork",
+ "distribution_name": "cloud.google.com/go/edgenetwork/apiv1",
+ "description": "Distributed Cloud Edge Network API",
+ "language": "go",
+ "client_library_type": "generated",
+ "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/edgenetwork/latest/apiv1",
+ "release_level": "preview",
+ "library_type": "GAPIC_AUTO"
+ },
"cloud.google.com/go/errorreporting": {
"api_shortname": "clouderrorreporting",
"distribution_name": "cloud.google.com/go/errorreporting",
@@ -1099,6 +1119,16 @@
"release_level": "stable",
"library_type": "GAPIC_AUTO"
},
+ "cloud.google.com/go/firestore/apiv1/admin": {
+ "api_shortname": "firestore",
+ "distribution_name": "cloud.google.com/go/firestore/apiv1/admin",
+ "description": "Cloud Firestore API",
+ "language": "go",
+ "client_library_type": "generated",
+ "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/firestore/latest/apiv1/admin",
+ "release_level": "stable",
+ "library_type": "GAPIC_AUTO"
+ },
"cloud.google.com/go/functions/apiv1": {
"api_shortname": "cloudfunctions",
"distribution_name": "cloud.google.com/go/functions/apiv1",
@@ -2279,6 +2309,16 @@
"release_level": "preview",
"library_type": "GAPIC_AUTO"
},
+ "cloud.google.com/go/telcoautomation/apiv1": {
+ "api_shortname": "telcoautomation",
+ "distribution_name": "cloud.google.com/go/telcoautomation/apiv1",
+ "description": "Telco Automation API",
+ "language": "go",
+ "client_library_type": "generated",
+ "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/telcoautomation/latest/apiv1",
+ "release_level": "preview",
+ "library_type": "GAPIC_AUTO"
+ },
"cloud.google.com/go/texttospeech/apiv1": {
"api_shortname": "texttospeech",
"distribution_name": "cloud.google.com/go/texttospeech/apiv1",
diff --git a/vendor/cloud.google.com/go/internal/trace/trace.go b/vendor/cloud.google.com/go/internal/trace/trace.go
index c201d343e..f6b88253b 100644
--- a/vendor/cloud.google.com/go/internal/trace/trace.go
+++ b/vendor/cloud.google.com/go/internal/trace/trace.go
@@ -16,35 +16,94 @@ package trace
import (
"context"
+ "errors"
"fmt"
+ "os"
+ "strings"
"go.opencensus.io/trace"
- "golang.org/x/xerrors"
+ "go.opentelemetry.io/otel"
+ "go.opentelemetry.io/otel/attribute"
+ "go.opentelemetry.io/otel/codes"
+ ottrace "go.opentelemetry.io/otel/trace"
"google.golang.org/api/googleapi"
"google.golang.org/genproto/googleapis/rpc/code"
"google.golang.org/grpc/status"
)
-// StartSpan adds a span to the trace with the given name.
+const (
+ telemetryPlatformTracingOpenCensus = "opencensus"
+ telemetryPlatformTracingOpenTelemetry = "opentelemetry"
+ telemetryPlatformTracingVar = "GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING"
+)
+
+var (
+ // TODO(chrisdsmith): Should the name of the OpenTelemetry tracer be public and mutable?
+ openTelemetryTracerName string = "cloud.google.com/go"
+ openTelemetryTracingEnabled bool = strings.EqualFold(strings.TrimSpace(
+ os.Getenv(telemetryPlatformTracingVar)), telemetryPlatformTracingOpenTelemetry)
+)
+
+// IsOpenCensusTracingEnabled returns true if the environment variable
+// GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING is NOT set to the
+// case-insensitive value "opentelemetry".
+func IsOpenCensusTracingEnabled() bool {
+ return !IsOpenTelemetryTracingEnabled()
+}
+
+// IsOpenTelemetryTracingEnabled returns true if the environment variable
+// GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING is set to the
+// case-insensitive value "opentelemetry".
+func IsOpenTelemetryTracingEnabled() bool {
+ return openTelemetryTracingEnabled
+}
+
+// StartSpan adds a span to the trace with the given name. If IsOpenCensusTracingEnabled
+// returns true, the span will be an OpenCensus span. If IsOpenTelemetryTracingEnabled
+// returns true, the span will be an OpenTelemetry span. Set the environment variable
+// GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING to the case-insensitive
+// value "opentelemetry" before loading the package to use OpenTelemetry tracing.
+// The default will remain OpenCensus until [TBD], at which time the default will
+// switch to "opentelemetry" and explicitly setting the environment variable to
+// "opencensus" will be required to continue using OpenCensus tracing.
func StartSpan(ctx context.Context, name string) context.Context {
- ctx, _ = trace.StartSpan(ctx, name)
+ if IsOpenTelemetryTracingEnabled() {
+ ctx, _ = otel.GetTracerProvider().Tracer(openTelemetryTracerName).Start(ctx, name)
+ } else {
+ ctx, _ = trace.StartSpan(ctx, name)
+ }
return ctx
}
-// EndSpan ends a span with the given error.
+// EndSpan ends a span with the given error. If IsOpenCensusTracingEnabled
+// returns true, the span will be an OpenCensus span. If IsOpenTelemetryTracingEnabled
+// returns true, the span will be an OpenTelemetry span. Set the environment variable
+// GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING to the case-insensitive
+// value "opentelemetry" before loading the package to use OpenTelemetry tracing.
+// The default will remain OpenCensus until [TBD], at which time the default will
+// switch to "opentelemetry" and explicitly setting the environment variable to
+// "opencensus" will be required to continue using OpenCensus tracing.
func EndSpan(ctx context.Context, err error) {
- span := trace.FromContext(ctx)
- if err != nil {
- span.SetStatus(toStatus(err))
+ if IsOpenTelemetryTracingEnabled() {
+ span := ottrace.SpanFromContext(ctx)
+ if err != nil {
+ span.SetStatus(codes.Error, toOpenTelemetryStatusDescription(err))
+ span.RecordError(err)
+ }
+ span.End()
+ } else {
+ span := trace.FromContext(ctx)
+ if err != nil {
+ span.SetStatus(toStatus(err))
+ }
+ span.End()
}
- span.End()
}
-// toStatus interrogates an error and converts it to an appropriate
-// OpenCensus status.
+// toStatus converts an error to an equivalent OpenCensus status.
func toStatus(err error) trace.Status {
var err2 *googleapi.Error
- if ok := xerrors.As(err, &err2); ok {
+ if ok := errors.As(err, &err2); ok {
return trace.Status{Code: httpStatusCodeToOCCode(err2.Code), Message: err2.Message}
} else if s, ok := status.FromError(err); ok {
return trace.Status{Code: int32(s.Code()), Message: s.Message()}
@@ -53,6 +112,18 @@ func toStatus(err error) trace.Status {
}
}
+// toOpenTelemetryStatus converts an error to an equivalent OpenTelemetry status description.
+func toOpenTelemetryStatusDescription(err error) string {
+ var err2 *googleapi.Error
+ if ok := errors.As(err, &err2); ok {
+ return err2.Message
+ } else if s, ok := status.FromError(err); ok {
+ return s.Message()
+ } else {
+ return err.Error()
+ }
+}
+
// TODO(deklerk): switch to using OpenCensus function when it becomes available.
// Reference: https://github.com/googleapis/googleapis/blob/26b634d2724ac5dd30ae0b0cbfb01f07f2e4050e/google/rpc/code.proto
func httpStatusCodeToOCCode(httpStatusCode int) int32 {
@@ -86,10 +157,33 @@ func httpStatusCodeToOCCode(httpStatusCode int) int32 {
}
}
-// TODO: (odeke-em): perhaps just pass around spans due to the cost
-// incurred from using trace.FromContext(ctx) yet we could avoid
-// throwing away the work done by ctx, span := trace.StartSpan.
+// TracePrintf retrieves the current OpenCensus or OpenTelemetry span from context, then:
+// * calls Span.Annotatef if OpenCensus is enabled; or
+// * calls Span.AddEvent if OpenTelemetry is enabled.
+//
+// If IsOpenCensusTracingEnabled returns true, the expected span must be an
+// OpenCensus span. If IsOpenTelemetryTracingEnabled returns true, the expected
+// span must be an OpenTelemetry span. Set the environment variable
+// GOOGLE_API_GO_EXPERIMENTAL_TELEMETRY_PLATFORM_TRACING to the case-insensitive
+// value "opentelemetry" before loading the package to use OpenTelemetry tracing.
+// The default will remain OpenCensus until [TBD], at which time the default will
+// switch to "opentelemetry" and explicitly setting the environment variable to
+// "opencensus" will be required to continue using OpenCensus tracing.
func TracePrintf(ctx context.Context, attrMap map[string]interface{}, format string, args ...interface{}) {
+ if IsOpenTelemetryTracingEnabled() {
+ attrs := otAttrs(attrMap)
+ ottrace.SpanFromContext(ctx).AddEvent(fmt.Sprintf(format, args...), ottrace.WithAttributes(attrs...))
+ } else {
+ attrs := ocAttrs(attrMap)
+ // TODO: (odeke-em): perhaps just pass around spans due to the cost
+ // incurred from using trace.FromContext(ctx) yet we could avoid
+ // throwing away the work done by ctx, span := trace.StartSpan.
+ trace.FromContext(ctx).Annotatef(attrs, format, args...)
+ }
+}
+
+// ocAttrs converts a generic map to OpenCensus attributes.
+func ocAttrs(attrMap map[string]interface{}) []trace.Attribute {
var attrs []trace.Attribute
for k, v := range attrMap {
var a trace.Attribute
@@ -107,5 +201,27 @@ func TracePrintf(ctx context.Context, attrMap map[string]interface{}, format str
}
attrs = append(attrs, a)
}
- trace.FromContext(ctx).Annotatef(attrs, format, args...)
+ return attrs
+}
+
+// otAttrs converts a generic map to OpenTelemetry attributes.
+func otAttrs(attrMap map[string]interface{}) []attribute.KeyValue {
+ var attrs []attribute.KeyValue
+ for k, v := range attrMap {
+ var a attribute.KeyValue
+ switch v := v.(type) {
+ case string:
+ a = attribute.Key(k).String(v)
+ case bool:
+ a = attribute.Key(k).Bool(v)
+ case int:
+ a = attribute.Key(k).Int(v)
+ case int64:
+ a = attribute.Key(k).Int64(v)
+ default:
+ a = attribute.Key(k).String(fmt.Sprintf("%#v", v))
+ }
+ attrs = append(attrs, a)
+ }
+ return attrs
}
diff --git a/vendor/dario.cat/mergo/.deepsource.toml b/vendor/dario.cat/mergo/.deepsource.toml
new file mode 100644
index 000000000..a8bc979e0
--- /dev/null
+++ b/vendor/dario.cat/mergo/.deepsource.toml
@@ -0,0 +1,12 @@
+version = 1
+
+test_patterns = [
+ "*_test.go"
+]
+
+[[analyzers]]
+name = "go"
+enabled = true
+
+ [analyzers.meta]
+ import_path = "dario.cat/mergo"
\ No newline at end of file
diff --git a/vendor/dario.cat/mergo/.gitignore b/vendor/dario.cat/mergo/.gitignore
new file mode 100644
index 000000000..529c3412b
--- /dev/null
+++ b/vendor/dario.cat/mergo/.gitignore
@@ -0,0 +1,33 @@
+#### joe made this: http://goel.io/joe
+
+#### go ####
+# Binaries for programs and plugins
+*.exe
+*.dll
+*.so
+*.dylib
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
+.glide/
+
+#### vim ####
+# Swap
+[._]*.s[a-v][a-z]
+[._]*.sw[a-p]
+[._]s[a-v][a-z]
+[._]sw[a-p]
+
+# Session
+Session.vim
+
+# Temporary
+.netrwhist
+*~
+# Auto-generated tag files
+tags
diff --git a/vendor/dario.cat/mergo/.travis.yml b/vendor/dario.cat/mergo/.travis.yml
new file mode 100644
index 000000000..d324c43ba
--- /dev/null
+++ b/vendor/dario.cat/mergo/.travis.yml
@@ -0,0 +1,12 @@
+language: go
+arch:
+ - amd64
+ - ppc64le
+install:
+ - go get -t
+ - go get golang.org/x/tools/cmd/cover
+ - go get github.com/mattn/goveralls
+script:
+ - go test -race -v ./...
+after_script:
+ - $HOME/gopath/bin/goveralls -service=travis-ci -repotoken $COVERALLS_TOKEN
diff --git a/vendor/dario.cat/mergo/CODE_OF_CONDUCT.md b/vendor/dario.cat/mergo/CODE_OF_CONDUCT.md
new file mode 100644
index 000000000..469b44907
--- /dev/null
+++ b/vendor/dario.cat/mergo/CODE_OF_CONDUCT.md
@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at i@dario.im. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/
diff --git a/vendor/dario.cat/mergo/CONTRIBUTING.md b/vendor/dario.cat/mergo/CONTRIBUTING.md
new file mode 100644
index 000000000..0a1ff9f94
--- /dev/null
+++ b/vendor/dario.cat/mergo/CONTRIBUTING.md
@@ -0,0 +1,112 @@
+
+# Contributing to mergo
+
+First off, thanks for taking the time to contribute! â¤ï¸
+
+All types of contributions are encouraged and valued. See the [Table of Contents](#table-of-contents) for different ways to help and details about how this project handles them. Please make sure to read the relevant section before making your contribution. It will make it a lot easier for us maintainers and smooth out the experience for all involved. The community looks forward to your contributions. 🎉
+
+> And if you like the project, but just don't have time to contribute, that's fine. There are other easy ways to support the project and show your appreciation, which we would also be very happy about:
+> - Star the project
+> - Tweet about it
+> - Refer this project in your project's readme
+> - Mention the project at local meetups and tell your friends/colleagues
+
+
+## Table of Contents
+
+- [Code of Conduct](#code-of-conduct)
+- [I Have a Question](#i-have-a-question)
+- [I Want To Contribute](#i-want-to-contribute)
+- [Reporting Bugs](#reporting-bugs)
+- [Suggesting Enhancements](#suggesting-enhancements)
+
+## Code of Conduct
+
+This project and everyone participating in it is governed by the
+[mergo Code of Conduct](https://github.com/imdario/mergoblob/master/CODE_OF_CONDUCT.md).
+By participating, you are expected to uphold this code. Please report unacceptable behavior
+to <>.
+
+
+## I Have a Question
+
+> If you want to ask a question, we assume that you have read the available [Documentation](https://pkg.go.dev/github.com/imdario/mergo).
+
+Before you ask a question, it is best to search for existing [Issues](https://github.com/imdario/mergo/issues) that might help you. In case you have found a suitable issue and still need clarification, you can write your question in this issue. It is also advisable to search the internet for answers first.
+
+If you then still feel the need to ask a question and need clarification, we recommend the following:
+
+- Open an [Issue](https://github.com/imdario/mergo/issues/new).
+- Provide as much context as you can about what you're running into.
+- Provide project and platform versions (nodejs, npm, etc), depending on what seems relevant.
+
+We will then take care of the issue as soon as possible.
+
+## I Want To Contribute
+
+> ### Legal Notice
+> When contributing to this project, you must agree that you have authored 100% of the content, that you have the necessary rights to the content and that the content you contribute may be provided under the project license.
+
+### Reporting Bugs
+
+
+#### Before Submitting a Bug Report
+
+A good bug report shouldn't leave others needing to chase you up for more information. Therefore, we ask you to investigate carefully, collect information and describe the issue in detail in your report. Please complete the following steps in advance to help us fix any potential bug as fast as possible.
+
+- Make sure that you are using the latest version.
+- Determine if your bug is really a bug and not an error on your side e.g. using incompatible environment components/versions (Make sure that you have read the [documentation](). If you are looking for support, you might want to check [this section](#i-have-a-question)).
+- To see if other users have experienced (and potentially already solved) the same issue you are having, check if there is not already a bug report existing for your bug or error in the [bug tracker](https://github.com/imdario/mergoissues?q=label%3Abug).
+- Also make sure to search the internet (including Stack Overflow) to see if users outside of the GitHub community have discussed the issue.
+- Collect information about the bug:
+- Stack trace (Traceback)
+- OS, Platform and Version (Windows, Linux, macOS, x86, ARM)
+- Version of the interpreter, compiler, SDK, runtime environment, package manager, depending on what seems relevant.
+- Possibly your input and the output
+- Can you reliably reproduce the issue? And can you also reproduce it with older versions?
+
+
+#### How Do I Submit a Good Bug Report?
+
+> You must never report security related issues, vulnerabilities or bugs including sensitive information to the issue tracker, or elsewhere in public. Instead sensitive bugs must be sent by email to .
+
+
+We use GitHub issues to track bugs and errors. If you run into an issue with the project:
+
+- Open an [Issue](https://github.com/imdario/mergo/issues/new). (Since we can't be sure at this point whether it is a bug or not, we ask you not to talk about a bug yet and not to label the issue.)
+- Explain the behavior you would expect and the actual behavior.
+- Please provide as much context as possible and describe the *reproduction steps* that someone else can follow to recreate the issue on their own. This usually includes your code. For good bug reports you should isolate the problem and create a reduced test case.
+- Provide the information you collected in the previous section.
+
+Once it's filed:
+
+- The project team will label the issue accordingly.
+- A team member will try to reproduce the issue with your provided steps. If there are no reproduction steps or no obvious way to reproduce the issue, the team will ask you for those steps and mark the issue as `needs-repro`. Bugs with the `needs-repro` tag will not be addressed until they are reproduced.
+- If the team is able to reproduce the issue, it will be marked `needs-fix`, as well as possibly other tags (such as `critical`), and the issue will be left to be implemented by someone.
+
+### Suggesting Enhancements
+
+This section guides you through submitting an enhancement suggestion for mergo, **including completely new features and minor improvements to existing functionality**. Following these guidelines will help maintainers and the community to understand your suggestion and find related suggestions.
+
+
+#### Before Submitting an Enhancement
+
+- Make sure that you are using the latest version.
+- Read the [documentation]() carefully and find out if the functionality is already covered, maybe by an individual configuration.
+- Perform a [search](https://github.com/imdario/mergo/issues) to see if the enhancement has already been suggested. If it has, add a comment to the existing issue instead of opening a new one.
+- Find out whether your idea fits with the scope and aims of the project. It's up to you to make a strong case to convince the project's developers of the merits of this feature. Keep in mind that we want features that will be useful to the majority of our users and not just a small subset. If you're just targeting a minority of users, consider writing an add-on/plugin library.
+
+
+#### How Do I Submit a Good Enhancement Suggestion?
+
+Enhancement suggestions are tracked as [GitHub issues](https://github.com/imdario/mergo/issues).
+
+- Use a **clear and descriptive title** for the issue to identify the suggestion.
+- Provide a **step-by-step description of the suggested enhancement** in as many details as possible.
+- **Describe the current behavior** and **explain which behavior you expected to see instead** and why. At this point you can also tell which alternatives do not work for you.
+- You may want to **include screenshots and animated GIFs** which help you demonstrate the steps or point out the part which the suggestion is related to. You can use [this tool](https://www.cockos.com/licecap/) to record GIFs on macOS and Windows, and [this tool](https://github.com/colinkeenan/silentcast) or [this tool](https://github.com/GNOME/byzanz) on Linux.
+- **Explain why this enhancement would be useful** to most mergo users. You may also want to point out the other projects that solved it better and which could serve as inspiration.
+
+
+## Attribution
+This guide is based on the **contributing-gen**. [Make your own](https://github.com/bttger/contributing-gen)!
diff --git a/vendor/golang.org/x/xerrors/LICENSE b/vendor/dario.cat/mergo/LICENSE
similarity index 92%
rename from vendor/golang.org/x/xerrors/LICENSE
rename to vendor/dario.cat/mergo/LICENSE
index e4a47e17f..686680298 100644
--- a/vendor/golang.org/x/xerrors/LICENSE
+++ b/vendor/dario.cat/mergo/LICENSE
@@ -1,4 +1,5 @@
-Copyright (c) 2019 The Go Authors. All rights reserved.
+Copyright (c) 2013 Dario Castañé. All rights reserved.
+Copyright (c) 2012 The Go Authors. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
diff --git a/vendor/dario.cat/mergo/README.md b/vendor/dario.cat/mergo/README.md
new file mode 100644
index 000000000..7d0cf9f32
--- /dev/null
+++ b/vendor/dario.cat/mergo/README.md
@@ -0,0 +1,248 @@
+# Mergo
+
+[![GitHub release][5]][6]
+[![GoCard][7]][8]
+[![Test status][1]][2]
+[![OpenSSF Scorecard][21]][22]
+[![OpenSSF Best Practices][19]][20]
+[![Coverage status][9]][10]
+[![Sourcegraph][11]][12]
+[![FOSSA status][13]][14]
+
+[![GoDoc][3]][4]
+[![Become my sponsor][15]][16]
+[![Tidelift][17]][18]
+
+[1]: https://github.com/imdario/mergo/workflows/tests/badge.svg?branch=master
+[2]: https://github.com/imdario/mergo/actions/workflows/tests.yml
+[3]: https://godoc.org/github.com/imdario/mergo?status.svg
+[4]: https://godoc.org/github.com/imdario/mergo
+[5]: https://img.shields.io/github/release/imdario/mergo.svg
+[6]: https://github.com/imdario/mergo/releases
+[7]: https://goreportcard.com/badge/imdario/mergo
+[8]: https://goreportcard.com/report/github.com/imdario/mergo
+[9]: https://coveralls.io/repos/github/imdario/mergo/badge.svg?branch=master
+[10]: https://coveralls.io/github/imdario/mergo?branch=master
+[11]: https://sourcegraph.com/github.com/imdario/mergo/-/badge.svg
+[12]: https://sourcegraph.com/github.com/imdario/mergo?badge
+[13]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Fimdario%2Fmergo.svg?type=shield
+[14]: https://app.fossa.io/projects/git%2Bgithub.com%2Fimdario%2Fmergo?ref=badge_shield
+[15]: https://img.shields.io/github/sponsors/imdario
+[16]: https://github.com/sponsors/imdario
+[17]: https://tidelift.com/badges/package/go/github.com%2Fimdario%2Fmergo
+[18]: https://tidelift.com/subscription/pkg/go-github.com-imdario-mergo
+[19]: https://bestpractices.coreinfrastructure.org/projects/7177/badge
+[20]: https://bestpractices.coreinfrastructure.org/projects/7177
+[21]: https://api.securityscorecards.dev/projects/github.com/imdario/mergo/badge
+[22]: https://api.securityscorecards.dev/projects/github.com/imdario/mergo
+
+A helper to merge structs and maps in Golang. Useful for configuration default values, avoiding messy if-statements.
+
+Mergo merges same-type structs and maps by setting default values in zero-value fields. Mergo won't merge unexported (private) fields. It will do recursively any exported one. It also won't merge structs inside maps (because they are not addressable using Go reflection).
+
+Also a lovely [comune](http://en.wikipedia.org/wiki/Mergo) (municipality) in the Province of Ancona in the Italian region of Marche.
+
+## Status
+
+It is ready for production use. [It is used in several projects by Docker, Google, The Linux Foundation, VMWare, Shopify, Microsoft, etc](https://github.com/imdario/mergo#mergo-in-the-wild).
+
+### Important notes
+
+#### 1.0.0
+
+In [1.0.0](//github.com/imdario/mergo/releases/tag/1.0.0) Mergo moves to a vanity URL `dario.cat/mergo`.
+
+#### 0.3.9
+
+Please keep in mind that a problematic PR broke [0.3.9](//github.com/imdario/mergo/releases/tag/0.3.9). I reverted it in [0.3.10](//github.com/imdario/mergo/releases/tag/0.3.10), and I consider it stable but not bug-free. Also, this version adds support for go modules.
+
+Keep in mind that in [0.3.2](//github.com/imdario/mergo/releases/tag/0.3.2), Mergo changed `Merge()`and `Map()` signatures to support [transformers](#transformers). I added an optional/variadic argument so that it won't break the existing code.
+
+If you were using Mergo before April 6th, 2015, please check your project works as intended after updating your local copy with ```go get -u dario.cat/mergo```. I apologize for any issue caused by its previous behavior and any future bug that Mergo could cause in existing projects after the change (release 0.2.0).
+
+### Donations
+
+If Mergo is useful to you, consider buying me a coffee, a beer, or making a monthly donation to allow me to keep building great free software. :heart_eyes:
+
+
+
+
+
+### Mergo in the wild
+
+- [moby/moby](https://github.com/moby/moby)
+- [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes)
+- [vmware/dispatch](https://github.com/vmware/dispatch)
+- [Shopify/themekit](https://github.com/Shopify/themekit)
+- [imdario/zas](https://github.com/imdario/zas)
+- [matcornic/hermes](https://github.com/matcornic/hermes)
+- [OpenBazaar/openbazaar-go](https://github.com/OpenBazaar/openbazaar-go)
+- [kataras/iris](https://github.com/kataras/iris)
+- [michaelsauter/crane](https://github.com/michaelsauter/crane)
+- [go-task/task](https://github.com/go-task/task)
+- [sensu/uchiwa](https://github.com/sensu/uchiwa)
+- [ory/hydra](https://github.com/ory/hydra)
+- [sisatech/vcli](https://github.com/sisatech/vcli)
+- [dairycart/dairycart](https://github.com/dairycart/dairycart)
+- [projectcalico/felix](https://github.com/projectcalico/felix)
+- [resin-os/balena](https://github.com/resin-os/balena)
+- [go-kivik/kivik](https://github.com/go-kivik/kivik)
+- [Telefonica/govice](https://github.com/Telefonica/govice)
+- [supergiant/supergiant](supergiant/supergiant)
+- [SergeyTsalkov/brooce](https://github.com/SergeyTsalkov/brooce)
+- [soniah/dnsmadeeasy](https://github.com/soniah/dnsmadeeasy)
+- [ohsu-comp-bio/funnel](https://github.com/ohsu-comp-bio/funnel)
+- [EagerIO/Stout](https://github.com/EagerIO/Stout)
+- [lynndylanhurley/defsynth-api](https://github.com/lynndylanhurley/defsynth-api)
+- [russross/canvasassignments](https://github.com/russross/canvasassignments)
+- [rdegges/cryptly-api](https://github.com/rdegges/cryptly-api)
+- [casualjim/exeggutor](https://github.com/casualjim/exeggutor)
+- [divshot/gitling](https://github.com/divshot/gitling)
+- [RWJMurphy/gorl](https://github.com/RWJMurphy/gorl)
+- [andrerocker/deploy42](https://github.com/andrerocker/deploy42)
+- [elwinar/rambler](https://github.com/elwinar/rambler)
+- [tmaiaroto/gopartman](https://github.com/tmaiaroto/gopartman)
+- [jfbus/impressionist](https://github.com/jfbus/impressionist)
+- [Jmeyering/zealot](https://github.com/Jmeyering/zealot)
+- [godep-migrator/rigger-host](https://github.com/godep-migrator/rigger-host)
+- [Dronevery/MultiwaySwitch-Go](https://github.com/Dronevery/MultiwaySwitch-Go)
+- [thoas/picfit](https://github.com/thoas/picfit)
+- [mantasmatelis/whooplist-server](https://github.com/mantasmatelis/whooplist-server)
+- [jnuthong/item_search](https://github.com/jnuthong/item_search)
+- [bukalapak/snowboard](https://github.com/bukalapak/snowboard)
+- [containerssh/containerssh](https://github.com/containerssh/containerssh)
+- [goreleaser/goreleaser](https://github.com/goreleaser/goreleaser)
+- [tjpnz/structbot](https://github.com/tjpnz/structbot)
+
+## Install
+
+ go get dario.cat/mergo
+
+ // use in your .go code
+ import (
+ "dario.cat/mergo"
+ )
+
+## Usage
+
+You can only merge same-type structs with exported fields initialized as zero value of their type and same-types maps. Mergo won't merge unexported (private) fields but will do recursively any exported one. It won't merge empty structs value as [they are zero values](https://golang.org/ref/spec#The_zero_value) too. Also, maps will be merged recursively except for structs inside maps (because they are not addressable using Go reflection).
+
+```go
+if err := mergo.Merge(&dst, src); err != nil {
+ // ...
+}
+```
+
+Also, you can merge overwriting values using the transformer `WithOverride`.
+
+```go
+if err := mergo.Merge(&dst, src, mergo.WithOverride); err != nil {
+ // ...
+}
+```
+
+Additionally, you can map a `map[string]interface{}` to a struct (and otherwise, from struct to map), following the same restrictions as in `Merge()`. Keys are capitalized to find each corresponding exported field.
+
+```go
+if err := mergo.Map(&dst, srcMap); err != nil {
+ // ...
+}
+```
+
+Warning: if you map a struct to map, it won't do it recursively. Don't expect Mergo to map struct members of your struct as `map[string]interface{}`. They will be just assigned as values.
+
+Here is a nice example:
+
+```go
+package main
+
+import (
+ "fmt"
+ "dario.cat/mergo"
+)
+
+type Foo struct {
+ A string
+ B int64
+}
+
+func main() {
+ src := Foo{
+ A: "one",
+ B: 2,
+ }
+ dest := Foo{
+ A: "two",
+ }
+ mergo.Merge(&dest, src)
+ fmt.Println(dest)
+ // Will print
+ // {two 2}
+}
+```
+
+Note: if test are failing due missing package, please execute:
+
+ go get gopkg.in/yaml.v3
+
+### Transformers
+
+Transformers allow to merge specific types differently than in the default behavior. In other words, now you can customize how some types are merged. For example, `time.Time` is a struct; it doesn't have zero value but IsZero can return true because it has fields with zero value. How can we merge a non-zero `time.Time`?
+
+```go
+package main
+
+import (
+ "fmt"
+ "dario.cat/mergo"
+ "reflect"
+ "time"
+)
+
+type timeTransformer struct {
+}
+
+func (t timeTransformer) Transformer(typ reflect.Type) func(dst, src reflect.Value) error {
+ if typ == reflect.TypeOf(time.Time{}) {
+ return func(dst, src reflect.Value) error {
+ if dst.CanSet() {
+ isZero := dst.MethodByName("IsZero")
+ result := isZero.Call([]reflect.Value{})
+ if result[0].Bool() {
+ dst.Set(src)
+ }
+ }
+ return nil
+ }
+ }
+ return nil
+}
+
+type Snapshot struct {
+ Time time.Time
+ // ...
+}
+
+func main() {
+ src := Snapshot{time.Now()}
+ dest := Snapshot{}
+ mergo.Merge(&dest, src, mergo.WithTransformers(timeTransformer{}))
+ fmt.Println(dest)
+ // Will print
+ // { 2018-01-12 01:15:00 +0000 UTC m=+0.000000001 }
+}
+```
+
+## Contact me
+
+If I can help you, you have an idea or you are using Mergo in your projects, don't hesitate to drop me a line (or a pull request): [@im_dario](https://twitter.com/im_dario)
+
+## About
+
+Written by [Dario Castañé](http://dario.im).
+
+## License
+
+[BSD 3-Clause](http://opensource.org/licenses/BSD-3-Clause) license, as [Go language](http://golang.org/LICENSE).
+
+[](https://app.fossa.io/projects/git%2Bgithub.com%2Fimdario%2Fmergo?ref=badge_large)
diff --git a/vendor/dario.cat/mergo/SECURITY.md b/vendor/dario.cat/mergo/SECURITY.md
new file mode 100644
index 000000000..a5de61f77
--- /dev/null
+++ b/vendor/dario.cat/mergo/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+| ------- | ------------------ |
+| 0.3.x | :white_check_mark: |
+| < 0.3 | :x: |
+
+## Security contact information
+
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.
diff --git a/vendor/dario.cat/mergo/doc.go b/vendor/dario.cat/mergo/doc.go
new file mode 100644
index 000000000..7d96ec054
--- /dev/null
+++ b/vendor/dario.cat/mergo/doc.go
@@ -0,0 +1,148 @@
+// Copyright 2013 Dario Castañé. All rights reserved.
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+A helper to merge structs and maps in Golang. Useful for configuration default values, avoiding messy if-statements.
+
+Mergo merges same-type structs and maps by setting default values in zero-value fields. Mergo won't merge unexported (private) fields. It will do recursively any exported one. It also won't merge structs inside maps (because they are not addressable using Go reflection).
+
+# Status
+
+It is ready for production use. It is used in several projects by Docker, Google, The Linux Foundation, VMWare, Shopify, etc.
+
+# Important notes
+
+1.0.0
+
+In 1.0.0 Mergo moves to a vanity URL `dario.cat/mergo`.
+
+0.3.9
+
+Please keep in mind that a problematic PR broke 0.3.9. We reverted it in 0.3.10. We consider 0.3.10 as stable but not bug-free. . Also, this version adds suppot for go modules.
+
+Keep in mind that in 0.3.2, Mergo changed Merge() and Map() signatures to support transformers. We added an optional/variadic argument so that it won't break the existing code.
+
+If you were using Mergo before April 6th, 2015, please check your project works as intended after updating your local copy with go get -u dario.cat/mergo. I apologize for any issue caused by its previous behavior and any future bug that Mergo could cause in existing projects after the change (release 0.2.0).
+
+# Install
+
+Do your usual installation procedure:
+
+ go get dario.cat/mergo
+
+ // use in your .go code
+ import (
+ "dario.cat/mergo"
+ )
+
+# Usage
+
+You can only merge same-type structs with exported fields initialized as zero value of their type and same-types maps. Mergo won't merge unexported (private) fields but will do recursively any exported one. It won't merge empty structs value as they are zero values too. Also, maps will be merged recursively except for structs inside maps (because they are not addressable using Go reflection).
+
+ if err := mergo.Merge(&dst, src); err != nil {
+ // ...
+ }
+
+Also, you can merge overwriting values using the transformer WithOverride.
+
+ if err := mergo.Merge(&dst, src, mergo.WithOverride); err != nil {
+ // ...
+ }
+
+Additionally, you can map a map[string]interface{} to a struct (and otherwise, from struct to map), following the same restrictions as in Merge(). Keys are capitalized to find each corresponding exported field.
+
+ if err := mergo.Map(&dst, srcMap); err != nil {
+ // ...
+ }
+
+Warning: if you map a struct to map, it won't do it recursively. Don't expect Mergo to map struct members of your struct as map[string]interface{}. They will be just assigned as values.
+
+Here is a nice example:
+
+ package main
+
+ import (
+ "fmt"
+ "dario.cat/mergo"
+ )
+
+ type Foo struct {
+ A string
+ B int64
+ }
+
+ func main() {
+ src := Foo{
+ A: "one",
+ B: 2,
+ }
+ dest := Foo{
+ A: "two",
+ }
+ mergo.Merge(&dest, src)
+ fmt.Println(dest)
+ // Will print
+ // {two 2}
+ }
+
+# Transformers
+
+Transformers allow to merge specific types differently than in the default behavior. In other words, now you can customize how some types are merged. For example, time.Time is a struct; it doesn't have zero value but IsZero can return true because it has fields with zero value. How can we merge a non-zero time.Time?
+
+ package main
+
+ import (
+ "fmt"
+ "dario.cat/mergo"
+ "reflect"
+ "time"
+ )
+
+ type timeTransformer struct {
+ }
+
+ func (t timeTransformer) Transformer(typ reflect.Type) func(dst, src reflect.Value) error {
+ if typ == reflect.TypeOf(time.Time{}) {
+ return func(dst, src reflect.Value) error {
+ if dst.CanSet() {
+ isZero := dst.MethodByName("IsZero")
+ result := isZero.Call([]reflect.Value{})
+ if result[0].Bool() {
+ dst.Set(src)
+ }
+ }
+ return nil
+ }
+ }
+ return nil
+ }
+
+ type Snapshot struct {
+ Time time.Time
+ // ...
+ }
+
+ func main() {
+ src := Snapshot{time.Now()}
+ dest := Snapshot{}
+ mergo.Merge(&dest, src, mergo.WithTransformers(timeTransformer{}))
+ fmt.Println(dest)
+ // Will print
+ // { 2018-01-12 01:15:00 +0000 UTC m=+0.000000001 }
+ }
+
+# Contact me
+
+If I can help you, you have an idea or you are using Mergo in your projects, don't hesitate to drop me a line (or a pull request): https://twitter.com/im_dario
+
+# About
+
+Written by Dario Castañé: https://da.rio.hn
+
+# License
+
+BSD 3-Clause license, as Go language.
+*/
+package mergo
diff --git a/vendor/dario.cat/mergo/map.go b/vendor/dario.cat/mergo/map.go
new file mode 100644
index 000000000..b50d5c2a4
--- /dev/null
+++ b/vendor/dario.cat/mergo/map.go
@@ -0,0 +1,178 @@
+// Copyright 2014 Dario Castañé. All rights reserved.
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Based on src/pkg/reflect/deepequal.go from official
+// golang's stdlib.
+
+package mergo
+
+import (
+ "fmt"
+ "reflect"
+ "unicode"
+ "unicode/utf8"
+)
+
+func changeInitialCase(s string, mapper func(rune) rune) string {
+ if s == "" {
+ return s
+ }
+ r, n := utf8.DecodeRuneInString(s)
+ return string(mapper(r)) + s[n:]
+}
+
+func isExported(field reflect.StructField) bool {
+ r, _ := utf8.DecodeRuneInString(field.Name)
+ return r >= 'A' && r <= 'Z'
+}
+
+// Traverses recursively both values, assigning src's fields values to dst.
+// The map argument tracks comparisons that have already been seen, which allows
+// short circuiting on recursive types.
+func deepMap(dst, src reflect.Value, visited map[uintptr]*visit, depth int, config *Config) (err error) {
+ overwrite := config.Overwrite
+ if dst.CanAddr() {
+ addr := dst.UnsafeAddr()
+ h := 17 * addr
+ seen := visited[h]
+ typ := dst.Type()
+ for p := seen; p != nil; p = p.next {
+ if p.ptr == addr && p.typ == typ {
+ return nil
+ }
+ }
+ // Remember, remember...
+ visited[h] = &visit{typ, seen, addr}
+ }
+ zeroValue := reflect.Value{}
+ switch dst.Kind() {
+ case reflect.Map:
+ dstMap := dst.Interface().(map[string]interface{})
+ for i, n := 0, src.NumField(); i < n; i++ {
+ srcType := src.Type()
+ field := srcType.Field(i)
+ if !isExported(field) {
+ continue
+ }
+ fieldName := field.Name
+ fieldName = changeInitialCase(fieldName, unicode.ToLower)
+ if v, ok := dstMap[fieldName]; !ok || (isEmptyValue(reflect.ValueOf(v), !config.ShouldNotDereference) || overwrite) {
+ dstMap[fieldName] = src.Field(i).Interface()
+ }
+ }
+ case reflect.Ptr:
+ if dst.IsNil() {
+ v := reflect.New(dst.Type().Elem())
+ dst.Set(v)
+ }
+ dst = dst.Elem()
+ fallthrough
+ case reflect.Struct:
+ srcMap := src.Interface().(map[string]interface{})
+ for key := range srcMap {
+ config.overwriteWithEmptyValue = true
+ srcValue := srcMap[key]
+ fieldName := changeInitialCase(key, unicode.ToUpper)
+ dstElement := dst.FieldByName(fieldName)
+ if dstElement == zeroValue {
+ // We discard it because the field doesn't exist.
+ continue
+ }
+ srcElement := reflect.ValueOf(srcValue)
+ dstKind := dstElement.Kind()
+ srcKind := srcElement.Kind()
+ if srcKind == reflect.Ptr && dstKind != reflect.Ptr {
+ srcElement = srcElement.Elem()
+ srcKind = reflect.TypeOf(srcElement.Interface()).Kind()
+ } else if dstKind == reflect.Ptr {
+ // Can this work? I guess it can't.
+ if srcKind != reflect.Ptr && srcElement.CanAddr() {
+ srcPtr := srcElement.Addr()
+ srcElement = reflect.ValueOf(srcPtr)
+ srcKind = reflect.Ptr
+ }
+ }
+
+ if !srcElement.IsValid() {
+ continue
+ }
+ if srcKind == dstKind {
+ if err = deepMerge(dstElement, srcElement, visited, depth+1, config); err != nil {
+ return
+ }
+ } else if dstKind == reflect.Interface && dstElement.Kind() == reflect.Interface {
+ if err = deepMerge(dstElement, srcElement, visited, depth+1, config); err != nil {
+ return
+ }
+ } else if srcKind == reflect.Map {
+ if err = deepMap(dstElement, srcElement, visited, depth+1, config); err != nil {
+ return
+ }
+ } else {
+ return fmt.Errorf("type mismatch on %s field: found %v, expected %v", fieldName, srcKind, dstKind)
+ }
+ }
+ }
+ return
+}
+
+// Map sets fields' values in dst from src.
+// src can be a map with string keys or a struct. dst must be the opposite:
+// if src is a map, dst must be a valid pointer to struct. If src is a struct,
+// dst must be map[string]interface{}.
+// It won't merge unexported (private) fields and will do recursively
+// any exported field.
+// If dst is a map, keys will be src fields' names in lower camel case.
+// Missing key in src that doesn't match a field in dst will be skipped. This
+// doesn't apply if dst is a map.
+// This is separated method from Merge because it is cleaner and it keeps sane
+// semantics: merging equal types, mapping different (restricted) types.
+func Map(dst, src interface{}, opts ...func(*Config)) error {
+ return _map(dst, src, opts...)
+}
+
+// MapWithOverwrite will do the same as Map except that non-empty dst attributes will be overridden by
+// non-empty src attribute values.
+// Deprecated: Use Map(…) with WithOverride
+func MapWithOverwrite(dst, src interface{}, opts ...func(*Config)) error {
+ return _map(dst, src, append(opts, WithOverride)...)
+}
+
+func _map(dst, src interface{}, opts ...func(*Config)) error {
+ if dst != nil && reflect.ValueOf(dst).Kind() != reflect.Ptr {
+ return ErrNonPointerArgument
+ }
+ var (
+ vDst, vSrc reflect.Value
+ err error
+ )
+ config := &Config{}
+
+ for _, opt := range opts {
+ opt(config)
+ }
+
+ if vDst, vSrc, err = resolveValues(dst, src); err != nil {
+ return err
+ }
+ // To be friction-less, we redirect equal-type arguments
+ // to deepMerge. Only because arguments can be anything.
+ if vSrc.Kind() == vDst.Kind() {
+ return deepMerge(vDst, vSrc, make(map[uintptr]*visit), 0, config)
+ }
+ switch vSrc.Kind() {
+ case reflect.Struct:
+ if vDst.Kind() != reflect.Map {
+ return ErrExpectedMapAsDestination
+ }
+ case reflect.Map:
+ if vDst.Kind() != reflect.Struct {
+ return ErrExpectedStructAsDestination
+ }
+ default:
+ return ErrNotSupported
+ }
+ return deepMap(vDst, vSrc, make(map[uintptr]*visit), 0, config)
+}
diff --git a/vendor/dario.cat/mergo/merge.go b/vendor/dario.cat/mergo/merge.go
new file mode 100644
index 000000000..0ef9b2138
--- /dev/null
+++ b/vendor/dario.cat/mergo/merge.go
@@ -0,0 +1,409 @@
+// Copyright 2013 Dario Castañé. All rights reserved.
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Based on src/pkg/reflect/deepequal.go from official
+// golang's stdlib.
+
+package mergo
+
+import (
+ "fmt"
+ "reflect"
+)
+
+func hasMergeableFields(dst reflect.Value) (exported bool) {
+ for i, n := 0, dst.NumField(); i < n; i++ {
+ field := dst.Type().Field(i)
+ if field.Anonymous && dst.Field(i).Kind() == reflect.Struct {
+ exported = exported || hasMergeableFields(dst.Field(i))
+ } else if isExportedComponent(&field) {
+ exported = exported || len(field.PkgPath) == 0
+ }
+ }
+ return
+}
+
+func isExportedComponent(field *reflect.StructField) bool {
+ pkgPath := field.PkgPath
+ if len(pkgPath) > 0 {
+ return false
+ }
+ c := field.Name[0]
+ if 'a' <= c && c <= 'z' || c == '_' {
+ return false
+ }
+ return true
+}
+
+type Config struct {
+ Transformers Transformers
+ Overwrite bool
+ ShouldNotDereference bool
+ AppendSlice bool
+ TypeCheck bool
+ overwriteWithEmptyValue bool
+ overwriteSliceWithEmptyValue bool
+ sliceDeepCopy bool
+ debug bool
+}
+
+type Transformers interface {
+ Transformer(reflect.Type) func(dst, src reflect.Value) error
+}
+
+// Traverses recursively both values, assigning src's fields values to dst.
+// The map argument tracks comparisons that have already been seen, which allows
+// short circuiting on recursive types.
+func deepMerge(dst, src reflect.Value, visited map[uintptr]*visit, depth int, config *Config) (err error) {
+ overwrite := config.Overwrite
+ typeCheck := config.TypeCheck
+ overwriteWithEmptySrc := config.overwriteWithEmptyValue
+ overwriteSliceWithEmptySrc := config.overwriteSliceWithEmptyValue
+ sliceDeepCopy := config.sliceDeepCopy
+
+ if !src.IsValid() {
+ return
+ }
+ if dst.CanAddr() {
+ addr := dst.UnsafeAddr()
+ h := 17 * addr
+ seen := visited[h]
+ typ := dst.Type()
+ for p := seen; p != nil; p = p.next {
+ if p.ptr == addr && p.typ == typ {
+ return nil
+ }
+ }
+ // Remember, remember...
+ visited[h] = &visit{typ, seen, addr}
+ }
+
+ if config.Transformers != nil && !isReflectNil(dst) && dst.IsValid() {
+ if fn := config.Transformers.Transformer(dst.Type()); fn != nil {
+ err = fn(dst, src)
+ return
+ }
+ }
+
+ switch dst.Kind() {
+ case reflect.Struct:
+ if hasMergeableFields(dst) {
+ for i, n := 0, dst.NumField(); i < n; i++ {
+ if err = deepMerge(dst.Field(i), src.Field(i), visited, depth+1, config); err != nil {
+ return
+ }
+ }
+ } else {
+ if dst.CanSet() && (isReflectNil(dst) || overwrite) && (!isEmptyValue(src, !config.ShouldNotDereference) || overwriteWithEmptySrc) {
+ dst.Set(src)
+ }
+ }
+ case reflect.Map:
+ if dst.IsNil() && !src.IsNil() {
+ if dst.CanSet() {
+ dst.Set(reflect.MakeMap(dst.Type()))
+ } else {
+ dst = src
+ return
+ }
+ }
+
+ if src.Kind() != reflect.Map {
+ if overwrite && dst.CanSet() {
+ dst.Set(src)
+ }
+ return
+ }
+
+ for _, key := range src.MapKeys() {
+ srcElement := src.MapIndex(key)
+ if !srcElement.IsValid() {
+ continue
+ }
+ dstElement := dst.MapIndex(key)
+ switch srcElement.Kind() {
+ case reflect.Chan, reflect.Func, reflect.Map, reflect.Interface, reflect.Slice:
+ if srcElement.IsNil() {
+ if overwrite {
+ dst.SetMapIndex(key, srcElement)
+ }
+ continue
+ }
+ fallthrough
+ default:
+ if !srcElement.CanInterface() {
+ continue
+ }
+ switch reflect.TypeOf(srcElement.Interface()).Kind() {
+ case reflect.Struct:
+ fallthrough
+ case reflect.Ptr:
+ fallthrough
+ case reflect.Map:
+ srcMapElm := srcElement
+ dstMapElm := dstElement
+ if srcMapElm.CanInterface() {
+ srcMapElm = reflect.ValueOf(srcMapElm.Interface())
+ if dstMapElm.IsValid() {
+ dstMapElm = reflect.ValueOf(dstMapElm.Interface())
+ }
+ }
+ if err = deepMerge(dstMapElm, srcMapElm, visited, depth+1, config); err != nil {
+ return
+ }
+ case reflect.Slice:
+ srcSlice := reflect.ValueOf(srcElement.Interface())
+
+ var dstSlice reflect.Value
+ if !dstElement.IsValid() || dstElement.IsNil() {
+ dstSlice = reflect.MakeSlice(srcSlice.Type(), 0, srcSlice.Len())
+ } else {
+ dstSlice = reflect.ValueOf(dstElement.Interface())
+ }
+
+ if (!isEmptyValue(src, !config.ShouldNotDereference) || overwriteWithEmptySrc || overwriteSliceWithEmptySrc) && (overwrite || isEmptyValue(dst, !config.ShouldNotDereference)) && !config.AppendSlice && !sliceDeepCopy {
+ if typeCheck && srcSlice.Type() != dstSlice.Type() {
+ return fmt.Errorf("cannot override two slices with different type (%s, %s)", srcSlice.Type(), dstSlice.Type())
+ }
+ dstSlice = srcSlice
+ } else if config.AppendSlice {
+ if srcSlice.Type() != dstSlice.Type() {
+ return fmt.Errorf("cannot append two slices with different type (%s, %s)", srcSlice.Type(), dstSlice.Type())
+ }
+ dstSlice = reflect.AppendSlice(dstSlice, srcSlice)
+ } else if sliceDeepCopy {
+ i := 0
+ for ; i < srcSlice.Len() && i < dstSlice.Len(); i++ {
+ srcElement := srcSlice.Index(i)
+ dstElement := dstSlice.Index(i)
+
+ if srcElement.CanInterface() {
+ srcElement = reflect.ValueOf(srcElement.Interface())
+ }
+ if dstElement.CanInterface() {
+ dstElement = reflect.ValueOf(dstElement.Interface())
+ }
+
+ if err = deepMerge(dstElement, srcElement, visited, depth+1, config); err != nil {
+ return
+ }
+ }
+
+ }
+ dst.SetMapIndex(key, dstSlice)
+ }
+ }
+
+ if dstElement.IsValid() && !isEmptyValue(dstElement, !config.ShouldNotDereference) {
+ if reflect.TypeOf(srcElement.Interface()).Kind() == reflect.Slice {
+ continue
+ }
+ if reflect.TypeOf(srcElement.Interface()).Kind() == reflect.Map && reflect.TypeOf(dstElement.Interface()).Kind() == reflect.Map {
+ continue
+ }
+ }
+
+ if srcElement.IsValid() && ((srcElement.Kind() != reflect.Ptr && overwrite) || !dstElement.IsValid() || isEmptyValue(dstElement, !config.ShouldNotDereference)) {
+ if dst.IsNil() {
+ dst.Set(reflect.MakeMap(dst.Type()))
+ }
+ dst.SetMapIndex(key, srcElement)
+ }
+ }
+
+ // Ensure that all keys in dst are deleted if they are not in src.
+ if overwriteWithEmptySrc {
+ for _, key := range dst.MapKeys() {
+ srcElement := src.MapIndex(key)
+ if !srcElement.IsValid() {
+ dst.SetMapIndex(key, reflect.Value{})
+ }
+ }
+ }
+ case reflect.Slice:
+ if !dst.CanSet() {
+ break
+ }
+ if (!isEmptyValue(src, !config.ShouldNotDereference) || overwriteWithEmptySrc || overwriteSliceWithEmptySrc) && (overwrite || isEmptyValue(dst, !config.ShouldNotDereference)) && !config.AppendSlice && !sliceDeepCopy {
+ dst.Set(src)
+ } else if config.AppendSlice {
+ if src.Type() != dst.Type() {
+ return fmt.Errorf("cannot append two slice with different type (%s, %s)", src.Type(), dst.Type())
+ }
+ dst.Set(reflect.AppendSlice(dst, src))
+ } else if sliceDeepCopy {
+ for i := 0; i < src.Len() && i < dst.Len(); i++ {
+ srcElement := src.Index(i)
+ dstElement := dst.Index(i)
+ if srcElement.CanInterface() {
+ srcElement = reflect.ValueOf(srcElement.Interface())
+ }
+ if dstElement.CanInterface() {
+ dstElement = reflect.ValueOf(dstElement.Interface())
+ }
+
+ if err = deepMerge(dstElement, srcElement, visited, depth+1, config); err != nil {
+ return
+ }
+ }
+ }
+ case reflect.Ptr:
+ fallthrough
+ case reflect.Interface:
+ if isReflectNil(src) {
+ if overwriteWithEmptySrc && dst.CanSet() && src.Type().AssignableTo(dst.Type()) {
+ dst.Set(src)
+ }
+ break
+ }
+
+ if src.Kind() != reflect.Interface {
+ if dst.IsNil() || (src.Kind() != reflect.Ptr && overwrite) {
+ if dst.CanSet() && (overwrite || isEmptyValue(dst, !config.ShouldNotDereference)) {
+ dst.Set(src)
+ }
+ } else if src.Kind() == reflect.Ptr {
+ if !config.ShouldNotDereference {
+ if err = deepMerge(dst.Elem(), src.Elem(), visited, depth+1, config); err != nil {
+ return
+ }
+ } else {
+ if overwriteWithEmptySrc || (overwrite && !src.IsNil()) || dst.IsNil() {
+ dst.Set(src)
+ }
+ }
+ } else if dst.Elem().Type() == src.Type() {
+ if err = deepMerge(dst.Elem(), src, visited, depth+1, config); err != nil {
+ return
+ }
+ } else {
+ return ErrDifferentArgumentsTypes
+ }
+ break
+ }
+
+ if dst.IsNil() || overwrite {
+ if dst.CanSet() && (overwrite || isEmptyValue(dst, !config.ShouldNotDereference)) {
+ dst.Set(src)
+ }
+ break
+ }
+
+ if dst.Elem().Kind() == src.Elem().Kind() {
+ if err = deepMerge(dst.Elem(), src.Elem(), visited, depth+1, config); err != nil {
+ return
+ }
+ break
+ }
+ default:
+ mustSet := (isEmptyValue(dst, !config.ShouldNotDereference) || overwrite) && (!isEmptyValue(src, !config.ShouldNotDereference) || overwriteWithEmptySrc)
+ if mustSet {
+ if dst.CanSet() {
+ dst.Set(src)
+ } else {
+ dst = src
+ }
+ }
+ }
+
+ return
+}
+
+// Merge will fill any empty for value type attributes on the dst struct using corresponding
+// src attributes if they themselves are not empty. dst and src must be valid same-type structs
+// and dst must be a pointer to struct.
+// It won't merge unexported (private) fields and will do recursively any exported field.
+func Merge(dst, src interface{}, opts ...func(*Config)) error {
+ return merge(dst, src, opts...)
+}
+
+// MergeWithOverwrite will do the same as Merge except that non-empty dst attributes will be overridden by
+// non-empty src attribute values.
+// Deprecated: use Merge(…) with WithOverride
+func MergeWithOverwrite(dst, src interface{}, opts ...func(*Config)) error {
+ return merge(dst, src, append(opts, WithOverride)...)
+}
+
+// WithTransformers adds transformers to merge, allowing to customize the merging of some types.
+func WithTransformers(transformers Transformers) func(*Config) {
+ return func(config *Config) {
+ config.Transformers = transformers
+ }
+}
+
+// WithOverride will make merge override non-empty dst attributes with non-empty src attributes values.
+func WithOverride(config *Config) {
+ config.Overwrite = true
+}
+
+// WithOverwriteWithEmptyValue will make merge override non empty dst attributes with empty src attributes values.
+func WithOverwriteWithEmptyValue(config *Config) {
+ config.Overwrite = true
+ config.overwriteWithEmptyValue = true
+}
+
+// WithOverrideEmptySlice will make merge override empty dst slice with empty src slice.
+func WithOverrideEmptySlice(config *Config) {
+ config.overwriteSliceWithEmptyValue = true
+}
+
+// WithoutDereference prevents dereferencing pointers when evaluating whether they are empty
+// (i.e. a non-nil pointer is never considered empty).
+func WithoutDereference(config *Config) {
+ config.ShouldNotDereference = true
+}
+
+// WithAppendSlice will make merge append slices instead of overwriting it.
+func WithAppendSlice(config *Config) {
+ config.AppendSlice = true
+}
+
+// WithTypeCheck will make merge check types while overwriting it (must be used with WithOverride).
+func WithTypeCheck(config *Config) {
+ config.TypeCheck = true
+}
+
+// WithSliceDeepCopy will merge slice element one by one with Overwrite flag.
+func WithSliceDeepCopy(config *Config) {
+ config.sliceDeepCopy = true
+ config.Overwrite = true
+}
+
+func merge(dst, src interface{}, opts ...func(*Config)) error {
+ if dst != nil && reflect.ValueOf(dst).Kind() != reflect.Ptr {
+ return ErrNonPointerArgument
+ }
+ var (
+ vDst, vSrc reflect.Value
+ err error
+ )
+
+ config := &Config{}
+
+ for _, opt := range opts {
+ opt(config)
+ }
+
+ if vDst, vSrc, err = resolveValues(dst, src); err != nil {
+ return err
+ }
+ if vDst.Type() != vSrc.Type() {
+ return ErrDifferentArgumentsTypes
+ }
+ return deepMerge(vDst, vSrc, make(map[uintptr]*visit), 0, config)
+}
+
+// IsReflectNil is the reflect value provided nil
+func isReflectNil(v reflect.Value) bool {
+ k := v.Kind()
+ switch k {
+ case reflect.Interface, reflect.Slice, reflect.Chan, reflect.Func, reflect.Map, reflect.Ptr:
+ // Both interface and slice are nil if first word is 0.
+ // Both are always bigger than a word; assume flagIndir.
+ return v.IsNil()
+ default:
+ return false
+ }
+}
diff --git a/vendor/dario.cat/mergo/mergo.go b/vendor/dario.cat/mergo/mergo.go
new file mode 100644
index 000000000..0a721e2d8
--- /dev/null
+++ b/vendor/dario.cat/mergo/mergo.go
@@ -0,0 +1,81 @@
+// Copyright 2013 Dario Castañé. All rights reserved.
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Based on src/pkg/reflect/deepequal.go from official
+// golang's stdlib.
+
+package mergo
+
+import (
+ "errors"
+ "reflect"
+)
+
+// Errors reported by Mergo when it finds invalid arguments.
+var (
+ ErrNilArguments = errors.New("src and dst must not be nil")
+ ErrDifferentArgumentsTypes = errors.New("src and dst must be of same type")
+ ErrNotSupported = errors.New("only structs, maps, and slices are supported")
+ ErrExpectedMapAsDestination = errors.New("dst was expected to be a map")
+ ErrExpectedStructAsDestination = errors.New("dst was expected to be a struct")
+ ErrNonPointerArgument = errors.New("dst must be a pointer")
+)
+
+// During deepMerge, must keep track of checks that are
+// in progress. The comparison algorithm assumes that all
+// checks in progress are true when it reencounters them.
+// Visited are stored in a map indexed by 17 * a1 + a2;
+type visit struct {
+ typ reflect.Type
+ next *visit
+ ptr uintptr
+}
+
+// From src/pkg/encoding/json/encode.go.
+func isEmptyValue(v reflect.Value, shouldDereference bool) bool {
+ switch v.Kind() {
+ case reflect.Array, reflect.Map, reflect.Slice, reflect.String:
+ return v.Len() == 0
+ case reflect.Bool:
+ return !v.Bool()
+ case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+ return v.Int() == 0
+ case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+ return v.Uint() == 0
+ case reflect.Float32, reflect.Float64:
+ return v.Float() == 0
+ case reflect.Interface, reflect.Ptr:
+ if v.IsNil() {
+ return true
+ }
+ if shouldDereference {
+ return isEmptyValue(v.Elem(), shouldDereference)
+ }
+ return false
+ case reflect.Func:
+ return v.IsNil()
+ case reflect.Invalid:
+ return true
+ }
+ return false
+}
+
+func resolveValues(dst, src interface{}) (vDst, vSrc reflect.Value, err error) {
+ if dst == nil || src == nil {
+ err = ErrNilArguments
+ return
+ }
+ vDst = reflect.ValueOf(dst).Elem()
+ if vDst.Kind() != reflect.Struct && vDst.Kind() != reflect.Map && vDst.Kind() != reflect.Slice {
+ err = ErrNotSupported
+ return
+ }
+ vSrc = reflect.ValueOf(src)
+ // We check if vSrc is a pointer to dereference it.
+ if vSrc.Kind() == reflect.Ptr {
+ vSrc = vSrc.Elem()
+ }
+ return
+}
diff --git a/vendor/github.com/Microsoft/go-winio/.gitattributes b/vendor/github.com/Microsoft/go-winio/.gitattributes
new file mode 100644
index 000000000..94f480de9
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/.gitattributes
@@ -0,0 +1 @@
+* text=auto eol=lf
\ No newline at end of file
diff --git a/vendor/github.com/Microsoft/go-winio/.gitignore b/vendor/github.com/Microsoft/go-winio/.gitignore
new file mode 100644
index 000000000..815e20660
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/.gitignore
@@ -0,0 +1,10 @@
+.vscode/
+
+*.exe
+
+# testing
+testdata
+
+# go workspaces
+go.work
+go.work.sum
diff --git a/vendor/github.com/Microsoft/go-winio/.golangci.yml b/vendor/github.com/Microsoft/go-winio/.golangci.yml
new file mode 100644
index 000000000..7b503d26a
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/.golangci.yml
@@ -0,0 +1,149 @@
+run:
+ skip-dirs:
+ - pkg/etw/sample
+
+linters:
+ enable:
+ # style
+ - containedctx # struct contains a context
+ - dupl # duplicate code
+ - errname # erorrs are named correctly
+ - nolintlint # "//nolint" directives are properly explained
+ - revive # golint replacement
+ - unconvert # unnecessary conversions
+ - wastedassign
+
+ # bugs, performance, unused, etc ...
+ - contextcheck # function uses a non-inherited context
+ - errorlint # errors not wrapped for 1.13
+ - exhaustive # check exhaustiveness of enum switch statements
+ - gofmt # files are gofmt'ed
+ - gosec # security
+ - nilerr # returns nil even with non-nil error
+ - unparam # unused function params
+
+issues:
+ exclude-rules:
+ # err is very often shadowed in nested scopes
+ - linters:
+ - govet
+ text: '^shadow: declaration of "err" shadows declaration'
+
+ # ignore long lines for skip autogen directives
+ - linters:
+ - revive
+ text: "^line-length-limit: "
+ source: "^//(go:generate|sys) "
+
+ #TODO: remove after upgrading to go1.18
+ # ignore comment spacing for nolint and sys directives
+ - linters:
+ - revive
+ text: "^comment-spacings: no space between comment delimiter and comment text"
+ source: "//(cspell:|nolint:|sys |todo)"
+
+ # not on go 1.18 yet, so no any
+ - linters:
+ - revive
+ text: "^use-any: since GO 1.18 'interface{}' can be replaced by 'any'"
+
+ # allow unjustified ignores of error checks in defer statements
+ - linters:
+ - nolintlint
+ text: "^directive `//nolint:errcheck` should provide explanation"
+ source: '^\s*defer '
+
+ # allow unjustified ignores of error lints for io.EOF
+ - linters:
+ - nolintlint
+ text: "^directive `//nolint:errorlint` should provide explanation"
+ source: '[=|!]= io.EOF'
+
+
+linters-settings:
+ exhaustive:
+ default-signifies-exhaustive: true
+ govet:
+ enable-all: true
+ disable:
+ # struct order is often for Win32 compat
+ # also, ignore pointer bytes/GC issues for now until performance becomes an issue
+ - fieldalignment
+ check-shadowing: true
+ nolintlint:
+ allow-leading-space: false
+ require-explanation: true
+ require-specific: true
+ revive:
+ # revive is more configurable than static check, so likely the preferred alternative to static-check
+ # (once the perf issue is solved: https://github.com/golangci/golangci-lint/issues/2997)
+ enable-all-rules:
+ true
+ # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md
+ rules:
+ # rules with required arguments
+ - name: argument-limit
+ disabled: true
+ - name: banned-characters
+ disabled: true
+ - name: cognitive-complexity
+ disabled: true
+ - name: cyclomatic
+ disabled: true
+ - name: file-header
+ disabled: true
+ - name: function-length
+ disabled: true
+ - name: function-result-limit
+ disabled: true
+ - name: max-public-structs
+ disabled: true
+ # geneally annoying rules
+ - name: add-constant # complains about any and all strings and integers
+ disabled: true
+ - name: confusing-naming # we frequently use "Foo()" and "foo()" together
+ disabled: true
+ - name: flag-parameter # excessive, and a common idiom we use
+ disabled: true
+ - name: unhandled-error # warns over common fmt.Print* and io.Close; rely on errcheck instead
+ disabled: true
+ # general config
+ - name: line-length-limit
+ arguments:
+ - 140
+ - name: var-naming
+ arguments:
+ - []
+ - - CID
+ - CRI
+ - CTRD
+ - DACL
+ - DLL
+ - DOS
+ - ETW
+ - FSCTL
+ - GCS
+ - GMSA
+ - HCS
+ - HV
+ - IO
+ - LCOW
+ - LDAP
+ - LPAC
+ - LTSC
+ - MMIO
+ - NT
+ - OCI
+ - PMEM
+ - PWSH
+ - RX
+ - SACl
+ - SID
+ - SMB
+ - TX
+ - VHD
+ - VHDX
+ - VMID
+ - VPCI
+ - WCOW
+ - WIM
diff --git a/vendor/github.com/Microsoft/go-winio/CODEOWNERS b/vendor/github.com/Microsoft/go-winio/CODEOWNERS
new file mode 100644
index 000000000..ae1b4942b
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/CODEOWNERS
@@ -0,0 +1 @@
+ * @microsoft/containerplat
diff --git a/vendor/github.com/Microsoft/go-winio/LICENSE b/vendor/github.com/Microsoft/go-winio/LICENSE
new file mode 100644
index 000000000..b8b569d77
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Microsoft
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/vendor/github.com/Microsoft/go-winio/README.md b/vendor/github.com/Microsoft/go-winio/README.md
new file mode 100644
index 000000000..7474b4f0b
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/README.md
@@ -0,0 +1,89 @@
+# go-winio [](https://github.com/microsoft/go-winio/actions/workflows/ci.yml)
+
+This repository contains utilities for efficiently performing Win32 IO operations in
+Go. Currently, this is focused on accessing named pipes and other file handles, and
+for using named pipes as a net transport.
+
+This code relies on IO completion ports to avoid blocking IO on system threads, allowing Go
+to reuse the thread to schedule another goroutine. This limits support to Windows Vista and
+newer operating systems. This is similar to the implementation of network sockets in Go's net
+package.
+
+Please see the LICENSE file for licensing information.
+
+## Contributing
+
+This project welcomes contributions and suggestions.
+Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that
+you have the right to, and actually do, grant us the rights to use your contribution.
+For details, visit [Microsoft CLA](https://cla.microsoft.com).
+
+When you submit a pull request, a CLA-bot will automatically determine whether you need to
+provide a CLA and decorate the PR appropriately (e.g., label, comment).
+Simply follow the instructions provided by the bot.
+You will only need to do this once across all repos using our CLA.
+
+Additionally, the pull request pipeline requires the following steps to be performed before
+mergining.
+
+### Code Sign-Off
+
+We require that contributors sign their commits using [`git commit --signoff`][git-commit-s]
+to certify they either authored the work themselves or otherwise have permission to use it in this project.
+
+A range of commits can be signed off using [`git rebase --signoff`][git-rebase-s].
+
+Please see [the developer certificate](https://developercertificate.org) for more info,
+as well as to make sure that you can attest to the rules listed.
+Our CI uses the DCO Github app to ensure that all commits in a given PR are signed-off.
+
+### Linting
+
+Code must pass a linting stage, which uses [`golangci-lint`][lint].
+The linting settings are stored in [`.golangci.yaml`](./.golangci.yaml), and can be run
+automatically with VSCode by adding the following to your workspace or folder settings:
+
+```json
+ "go.lintTool": "golangci-lint",
+ "go.lintOnSave": "package",
+```
+
+Additional editor [integrations options are also available][lint-ide].
+
+Alternatively, `golangci-lint` can be [installed locally][lint-install] and run from the repo root:
+
+```shell
+# use . or specify a path to only lint a package
+# to show all lint errors, use flags "--max-issues-per-linter=0 --max-same-issues=0"
+> golangci-lint run ./...
+```
+
+### Go Generate
+
+The pipeline checks that auto-generated code, via `go generate`, are up to date.
+
+This can be done for the entire repo:
+
+```shell
+> go generate ./...
+```
+
+## Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+
+## Special Thanks
+
+Thanks to [natefinch][natefinch] for the inspiration for this library.
+See [npipe](https://github.com/natefinch/npipe) for another named pipe implementation.
+
+[lint]: https://golangci-lint.run/
+[lint-ide]: https://golangci-lint.run/usage/integrations/#editor-integration
+[lint-install]: https://golangci-lint.run/usage/install/#local-installation
+
+[git-commit-s]: https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s
+[git-rebase-s]: https://git-scm.com/docs/git-rebase#Documentation/git-rebase.txt---signoff
+
+[natefinch]: https://github.com/natefinch
diff --git a/vendor/github.com/Microsoft/go-winio/SECURITY.md b/vendor/github.com/Microsoft/go-winio/SECURITY.md
new file mode 100644
index 000000000..869fdfe2b
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/SECURITY.md
@@ -0,0 +1,41 @@
+
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc).
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+ * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+ * Full paths of source file(s) related to the manifestation of the issue
+ * The location of the affected source code (tag/branch/commit or direct URL)
+ * Any special configuration required to reproduce the issue
+ * Step-by-step instructions to reproduce the issue
+ * Proof-of-concept or exploit code (if possible)
+ * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
+
+
diff --git a/vendor/github.com/Microsoft/go-winio/backup.go b/vendor/github.com/Microsoft/go-winio/backup.go
new file mode 100644
index 000000000..09621c884
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/backup.go
@@ -0,0 +1,290 @@
+//go:build windows
+// +build windows
+
+package winio
+
+import (
+ "encoding/binary"
+ "errors"
+ "fmt"
+ "io"
+ "os"
+ "runtime"
+ "syscall"
+ "unicode/utf16"
+
+ "golang.org/x/sys/windows"
+)
+
+//sys backupRead(h syscall.Handle, b []byte, bytesRead *uint32, abort bool, processSecurity bool, context *uintptr) (err error) = BackupRead
+//sys backupWrite(h syscall.Handle, b []byte, bytesWritten *uint32, abort bool, processSecurity bool, context *uintptr) (err error) = BackupWrite
+
+const (
+ BackupData = uint32(iota + 1)
+ BackupEaData
+ BackupSecurity
+ BackupAlternateData
+ BackupLink
+ BackupPropertyData
+ BackupObjectId //revive:disable-line:var-naming ID, not Id
+ BackupReparseData
+ BackupSparseBlock
+ BackupTxfsData
+)
+
+const (
+ StreamSparseAttributes = uint32(8)
+)
+
+//nolint:revive // var-naming: ALL_CAPS
+const (
+ WRITE_DAC = windows.WRITE_DAC
+ WRITE_OWNER = windows.WRITE_OWNER
+ ACCESS_SYSTEM_SECURITY = windows.ACCESS_SYSTEM_SECURITY
+)
+
+// BackupHeader represents a backup stream of a file.
+type BackupHeader struct {
+ //revive:disable-next-line:var-naming ID, not Id
+ Id uint32 // The backup stream ID
+ Attributes uint32 // Stream attributes
+ Size int64 // The size of the stream in bytes
+ Name string // The name of the stream (for BackupAlternateData only).
+ Offset int64 // The offset of the stream in the file (for BackupSparseBlock only).
+}
+
+type win32StreamID struct {
+ StreamID uint32
+ Attributes uint32
+ Size uint64
+ NameSize uint32
+}
+
+// BackupStreamReader reads from a stream produced by the BackupRead Win32 API and produces a series
+// of BackupHeader values.
+type BackupStreamReader struct {
+ r io.Reader
+ bytesLeft int64
+}
+
+// NewBackupStreamReader produces a BackupStreamReader from any io.Reader.
+func NewBackupStreamReader(r io.Reader) *BackupStreamReader {
+ return &BackupStreamReader{r, 0}
+}
+
+// Next returns the next backup stream and prepares for calls to Read(). It skips the remainder of the current stream if
+// it was not completely read.
+func (r *BackupStreamReader) Next() (*BackupHeader, error) {
+ if r.bytesLeft > 0 { //nolint:nestif // todo: flatten this
+ if s, ok := r.r.(io.Seeker); ok {
+ // Make sure Seek on io.SeekCurrent sometimes succeeds
+ // before trying the actual seek.
+ if _, err := s.Seek(0, io.SeekCurrent); err == nil {
+ if _, err = s.Seek(r.bytesLeft, io.SeekCurrent); err != nil {
+ return nil, err
+ }
+ r.bytesLeft = 0
+ }
+ }
+ if _, err := io.Copy(io.Discard, r); err != nil {
+ return nil, err
+ }
+ }
+ var wsi win32StreamID
+ if err := binary.Read(r.r, binary.LittleEndian, &wsi); err != nil {
+ return nil, err
+ }
+ hdr := &BackupHeader{
+ Id: wsi.StreamID,
+ Attributes: wsi.Attributes,
+ Size: int64(wsi.Size),
+ }
+ if wsi.NameSize != 0 {
+ name := make([]uint16, int(wsi.NameSize/2))
+ if err := binary.Read(r.r, binary.LittleEndian, name); err != nil {
+ return nil, err
+ }
+ hdr.Name = syscall.UTF16ToString(name)
+ }
+ if wsi.StreamID == BackupSparseBlock {
+ if err := binary.Read(r.r, binary.LittleEndian, &hdr.Offset); err != nil {
+ return nil, err
+ }
+ hdr.Size -= 8
+ }
+ r.bytesLeft = hdr.Size
+ return hdr, nil
+}
+
+// Read reads from the current backup stream.
+func (r *BackupStreamReader) Read(b []byte) (int, error) {
+ if r.bytesLeft == 0 {
+ return 0, io.EOF
+ }
+ if int64(len(b)) > r.bytesLeft {
+ b = b[:r.bytesLeft]
+ }
+ n, err := r.r.Read(b)
+ r.bytesLeft -= int64(n)
+ if err == io.EOF {
+ err = io.ErrUnexpectedEOF
+ } else if r.bytesLeft == 0 && err == nil {
+ err = io.EOF
+ }
+ return n, err
+}
+
+// BackupStreamWriter writes a stream compatible with the BackupWrite Win32 API.
+type BackupStreamWriter struct {
+ w io.Writer
+ bytesLeft int64
+}
+
+// NewBackupStreamWriter produces a BackupStreamWriter on top of an io.Writer.
+func NewBackupStreamWriter(w io.Writer) *BackupStreamWriter {
+ return &BackupStreamWriter{w, 0}
+}
+
+// WriteHeader writes the next backup stream header and prepares for calls to Write().
+func (w *BackupStreamWriter) WriteHeader(hdr *BackupHeader) error {
+ if w.bytesLeft != 0 {
+ return fmt.Errorf("missing %d bytes", w.bytesLeft)
+ }
+ name := utf16.Encode([]rune(hdr.Name))
+ wsi := win32StreamID{
+ StreamID: hdr.Id,
+ Attributes: hdr.Attributes,
+ Size: uint64(hdr.Size),
+ NameSize: uint32(len(name) * 2),
+ }
+ if hdr.Id == BackupSparseBlock {
+ // Include space for the int64 block offset
+ wsi.Size += 8
+ }
+ if err := binary.Write(w.w, binary.LittleEndian, &wsi); err != nil {
+ return err
+ }
+ if len(name) != 0 {
+ if err := binary.Write(w.w, binary.LittleEndian, name); err != nil {
+ return err
+ }
+ }
+ if hdr.Id == BackupSparseBlock {
+ if err := binary.Write(w.w, binary.LittleEndian, hdr.Offset); err != nil {
+ return err
+ }
+ }
+ w.bytesLeft = hdr.Size
+ return nil
+}
+
+// Write writes to the current backup stream.
+func (w *BackupStreamWriter) Write(b []byte) (int, error) {
+ if w.bytesLeft < int64(len(b)) {
+ return 0, fmt.Errorf("too many bytes by %d", int64(len(b))-w.bytesLeft)
+ }
+ n, err := w.w.Write(b)
+ w.bytesLeft -= int64(n)
+ return n, err
+}
+
+// BackupFileReader provides an io.ReadCloser interface on top of the BackupRead Win32 API.
+type BackupFileReader struct {
+ f *os.File
+ includeSecurity bool
+ ctx uintptr
+}
+
+// NewBackupFileReader returns a new BackupFileReader from a file handle. If includeSecurity is true,
+// Read will attempt to read the security descriptor of the file.
+func NewBackupFileReader(f *os.File, includeSecurity bool) *BackupFileReader {
+ r := &BackupFileReader{f, includeSecurity, 0}
+ return r
+}
+
+// Read reads a backup stream from the file by calling the Win32 API BackupRead().
+func (r *BackupFileReader) Read(b []byte) (int, error) {
+ var bytesRead uint32
+ err := backupRead(syscall.Handle(r.f.Fd()), b, &bytesRead, false, r.includeSecurity, &r.ctx)
+ if err != nil {
+ return 0, &os.PathError{Op: "BackupRead", Path: r.f.Name(), Err: err}
+ }
+ runtime.KeepAlive(r.f)
+ if bytesRead == 0 {
+ return 0, io.EOF
+ }
+ return int(bytesRead), nil
+}
+
+// Close frees Win32 resources associated with the BackupFileReader. It does not close
+// the underlying file.
+func (r *BackupFileReader) Close() error {
+ if r.ctx != 0 {
+ _ = backupRead(syscall.Handle(r.f.Fd()), nil, nil, true, false, &r.ctx)
+ runtime.KeepAlive(r.f)
+ r.ctx = 0
+ }
+ return nil
+}
+
+// BackupFileWriter provides an io.WriteCloser interface on top of the BackupWrite Win32 API.
+type BackupFileWriter struct {
+ f *os.File
+ includeSecurity bool
+ ctx uintptr
+}
+
+// NewBackupFileWriter returns a new BackupFileWriter from a file handle. If includeSecurity is true,
+// Write() will attempt to restore the security descriptor from the stream.
+func NewBackupFileWriter(f *os.File, includeSecurity bool) *BackupFileWriter {
+ w := &BackupFileWriter{f, includeSecurity, 0}
+ return w
+}
+
+// Write restores a portion of the file using the provided backup stream.
+func (w *BackupFileWriter) Write(b []byte) (int, error) {
+ var bytesWritten uint32
+ err := backupWrite(syscall.Handle(w.f.Fd()), b, &bytesWritten, false, w.includeSecurity, &w.ctx)
+ if err != nil {
+ return 0, &os.PathError{Op: "BackupWrite", Path: w.f.Name(), Err: err}
+ }
+ runtime.KeepAlive(w.f)
+ if int(bytesWritten) != len(b) {
+ return int(bytesWritten), errors.New("not all bytes could be written")
+ }
+ return len(b), nil
+}
+
+// Close frees Win32 resources associated with the BackupFileWriter. It does not
+// close the underlying file.
+func (w *BackupFileWriter) Close() error {
+ if w.ctx != 0 {
+ _ = backupWrite(syscall.Handle(w.f.Fd()), nil, nil, true, false, &w.ctx)
+ runtime.KeepAlive(w.f)
+ w.ctx = 0
+ }
+ return nil
+}
+
+// OpenForBackup opens a file or directory, potentially skipping access checks if the backup
+// or restore privileges have been acquired.
+//
+// If the file opened was a directory, it cannot be used with Readdir().
+func OpenForBackup(path string, access uint32, share uint32, createmode uint32) (*os.File, error) {
+ winPath, err := syscall.UTF16FromString(path)
+ if err != nil {
+ return nil, err
+ }
+ h, err := syscall.CreateFile(&winPath[0],
+ access,
+ share,
+ nil,
+ createmode,
+ syscall.FILE_FLAG_BACKUP_SEMANTICS|syscall.FILE_FLAG_OPEN_REPARSE_POINT,
+ 0)
+ if err != nil {
+ err = &os.PathError{Op: "open", Path: path, Err: err}
+ return nil, err
+ }
+ return os.NewFile(uintptr(h), path), nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/backuptar/doc.go b/vendor/github.com/Microsoft/go-winio/backuptar/doc.go
new file mode 100644
index 000000000..965d52ab0
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/backuptar/doc.go
@@ -0,0 +1,3 @@
+// This file only exists to allow go get on non-Windows platforms.
+
+package backuptar
diff --git a/vendor/github.com/Microsoft/go-winio/backuptar/strconv.go b/vendor/github.com/Microsoft/go-winio/backuptar/strconv.go
new file mode 100644
index 000000000..455fd798e
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/backuptar/strconv.go
@@ -0,0 +1,70 @@
+//go:build windows
+
+package backuptar
+
+import (
+ "archive/tar"
+ "fmt"
+ "strconv"
+ "strings"
+ "time"
+)
+
+// Functions copied from https://github.com/golang/go/blob/master/src/archive/tar/strconv.go
+// as we need to manage the LIBARCHIVE.creationtime PAXRecord manually.
+// Idea taken from containerd which did the same thing.
+
+// parsePAXTime takes a string of the form %d.%d as described in the PAX
+// specification. Note that this implementation allows for negative timestamps,
+// which is allowed for by the PAX specification, but not always portable.
+func parsePAXTime(s string) (time.Time, error) {
+ const maxNanoSecondDigits = 9
+
+ // Split string into seconds and sub-seconds parts.
+ ss, sn := s, ""
+ if pos := strings.IndexByte(s, '.'); pos >= 0 {
+ ss, sn = s[:pos], s[pos+1:]
+ }
+
+ // Parse the seconds.
+ secs, err := strconv.ParseInt(ss, 10, 64)
+ if err != nil {
+ return time.Time{}, tar.ErrHeader
+ }
+ if len(sn) == 0 {
+ return time.Unix(secs, 0), nil // No sub-second values
+ }
+
+ // Parse the nanoseconds.
+ if strings.Trim(sn, "0123456789") != "" {
+ return time.Time{}, tar.ErrHeader
+ }
+ if len(sn) < maxNanoSecondDigits {
+ sn += strings.Repeat("0", maxNanoSecondDigits-len(sn)) // Right pad
+ } else {
+ sn = sn[:maxNanoSecondDigits] // Right truncate
+ }
+ nsecs, _ := strconv.ParseInt(sn, 10, 64) // Must succeed
+ if len(ss) > 0 && ss[0] == '-' {
+ return time.Unix(secs, -1*nsecs), nil // Negative correction
+ }
+ return time.Unix(secs, nsecs), nil
+}
+
+// formatPAXTime converts ts into a time of the form %d.%d as described in the
+// PAX specification. This function is capable of negative timestamps.
+func formatPAXTime(ts time.Time) (s string) {
+ secs, nsecs := ts.Unix(), ts.Nanosecond()
+ if nsecs == 0 {
+ return strconv.FormatInt(secs, 10)
+ }
+
+ // If seconds is negative, then perform correction.
+ sign := ""
+ if secs < 0 {
+ sign = "-" // Remember sign
+ secs = -(secs + 1) // Add a second to secs
+ nsecs = -(nsecs - 1e9) // Take that second away from nsecs
+ }
+ return strings.TrimRight(fmt.Sprintf("%s%d.%09d", sign, secs, nsecs), "0")
+}
diff --git a/vendor/github.com/Microsoft/go-winio/backuptar/tar.go b/vendor/github.com/Microsoft/go-winio/backuptar/tar.go
new file mode 100644
index 000000000..6b3b0cd51
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/backuptar/tar.go
@@ -0,0 +1,509 @@
+//go:build windows
+// +build windows
+
+package backuptar
+
+import (
+ "archive/tar"
+ "encoding/base64"
+ "fmt"
+ "io"
+ "path/filepath"
+ "strconv"
+ "strings"
+ "syscall"
+ "time"
+
+ "github.com/Microsoft/go-winio"
+ "golang.org/x/sys/windows"
+)
+
+//nolint:deadcode,varcheck // keep unused constants for potential future use
+const (
+ cISUID = 0004000 // Set uid
+ cISGID = 0002000 // Set gid
+ cISVTX = 0001000 // Save text (sticky bit)
+ cISDIR = 0040000 // Directory
+ cISFIFO = 0010000 // FIFO
+ cISREG = 0100000 // Regular file
+ cISLNK = 0120000 // Symbolic link
+ cISBLK = 0060000 // Block special file
+ cISCHR = 0020000 // Character special file
+ cISSOCK = 0140000 // Socket
+)
+
+const (
+ hdrFileAttributes = "MSWINDOWS.fileattr"
+ hdrSecurityDescriptor = "MSWINDOWS.sd"
+ hdrRawSecurityDescriptor = "MSWINDOWS.rawsd"
+ hdrMountPoint = "MSWINDOWS.mountpoint"
+ hdrEaPrefix = "MSWINDOWS.xattr."
+
+ hdrCreationTime = "LIBARCHIVE.creationtime"
+)
+
+// zeroReader is an io.Reader that always returns 0s.
+type zeroReader struct{}
+
+func (zeroReader) Read(b []byte) (int, error) {
+ for i := range b {
+ b[i] = 0
+ }
+ return len(b), nil
+}
+
+func copySparse(t *tar.Writer, br *winio.BackupStreamReader) error {
+ curOffset := int64(0)
+ for {
+ bhdr, err := br.Next()
+ if err == io.EOF { //nolint:errorlint
+ err = io.ErrUnexpectedEOF
+ }
+ if err != nil {
+ return err
+ }
+ if bhdr.Id != winio.BackupSparseBlock {
+ return fmt.Errorf("unexpected stream %d", bhdr.Id)
+ }
+
+ // We can't seek backwards, since we have already written that data to the tar.Writer.
+ if bhdr.Offset < curOffset {
+ return fmt.Errorf("cannot seek back from %d to %d", curOffset, bhdr.Offset)
+ }
+ // archive/tar does not support writing sparse files
+ // so just write zeroes to catch up to the current offset.
+ if _, err = io.CopyN(t, zeroReader{}, bhdr.Offset-curOffset); err != nil {
+ return fmt.Errorf("seek to offset %d: %w", bhdr.Offset, err)
+ }
+ if bhdr.Size == 0 {
+ // A sparse block with size = 0 is used to mark the end of the sparse blocks.
+ break
+ }
+ n, err := io.Copy(t, br)
+ if err != nil {
+ return err
+ }
+ if n != bhdr.Size {
+ return fmt.Errorf("copied %d bytes instead of %d at offset %d", n, bhdr.Size, bhdr.Offset)
+ }
+ curOffset = bhdr.Offset + n
+ }
+ return nil
+}
+
+// BasicInfoHeader creates a tar header from basic file information.
+func BasicInfoHeader(name string, size int64, fileInfo *winio.FileBasicInfo) *tar.Header {
+ hdr := &tar.Header{
+ Format: tar.FormatPAX,
+ Name: filepath.ToSlash(name),
+ Size: size,
+ Typeflag: tar.TypeReg,
+ ModTime: time.Unix(0, fileInfo.LastWriteTime.Nanoseconds()),
+ ChangeTime: time.Unix(0, fileInfo.ChangeTime.Nanoseconds()),
+ AccessTime: time.Unix(0, fileInfo.LastAccessTime.Nanoseconds()),
+ PAXRecords: make(map[string]string),
+ }
+ hdr.PAXRecords[hdrFileAttributes] = fmt.Sprintf("%d", fileInfo.FileAttributes)
+ hdr.PAXRecords[hdrCreationTime] = formatPAXTime(time.Unix(0, fileInfo.CreationTime.Nanoseconds()))
+
+ if (fileInfo.FileAttributes & syscall.FILE_ATTRIBUTE_DIRECTORY) != 0 {
+ hdr.Mode |= cISDIR
+ hdr.Size = 0
+ hdr.Typeflag = tar.TypeDir
+ }
+ return hdr
+}
+
+// SecurityDescriptorFromTarHeader reads the SDDL associated with the header of the current file
+// from the tar header and returns the security descriptor into a byte slice.
+func SecurityDescriptorFromTarHeader(hdr *tar.Header) ([]byte, error) {
+ if sdraw, ok := hdr.PAXRecords[hdrRawSecurityDescriptor]; ok {
+ sd, err := base64.StdEncoding.DecodeString(sdraw)
+ if err != nil {
+ // Not returning sd as-is in the error-case, as base64.DecodeString
+ // may return partially decoded data (not nil or empty slice) in case
+ // of a failure: https://github.com/golang/go/blob/go1.17.7/src/encoding/base64/base64.go#L382-L387
+ return nil, err
+ }
+ return sd, nil
+ }
+ // Maintaining old SDDL-based behavior for backward compatibility. All new
+ // tar headers written by this library will have raw binary for the security
+ // descriptor.
+ if sddl, ok := hdr.PAXRecords[hdrSecurityDescriptor]; ok {
+ return winio.SddlToSecurityDescriptor(sddl)
+ }
+ return nil, nil
+}
+
+// ExtendedAttributesFromTarHeader reads the EAs associated with the header of the
+// current file from the tar header and returns it as a byte slice.
+func ExtendedAttributesFromTarHeader(hdr *tar.Header) ([]byte, error) {
+ var eas []winio.ExtendedAttribute //nolint:prealloc // len(eas) <= len(hdr.PAXRecords); prealloc is wasteful
+ for k, v := range hdr.PAXRecords {
+ if !strings.HasPrefix(k, hdrEaPrefix) {
+ continue
+ }
+ data, err := base64.StdEncoding.DecodeString(v)
+ if err != nil {
+ return nil, err
+ }
+ eas = append(eas, winio.ExtendedAttribute{
+ Name: k[len(hdrEaPrefix):],
+ Value: data,
+ })
+ }
+ var eaData []byte
+ var err error
+ if len(eas) != 0 {
+ eaData, err = winio.EncodeExtendedAttributes(eas)
+ if err != nil {
+ return nil, err
+ }
+ }
+ return eaData, nil
+}
+
+// EncodeReparsePointFromTarHeader reads the ReparsePoint structure from the tar header
+// and encodes it into a byte slice. The file for which this function is called must be a
+// symlink.
+func EncodeReparsePointFromTarHeader(hdr *tar.Header) []byte {
+ _, isMountPoint := hdr.PAXRecords[hdrMountPoint]
+ rp := winio.ReparsePoint{
+ Target: filepath.FromSlash(hdr.Linkname),
+ IsMountPoint: isMountPoint,
+ }
+ return winio.EncodeReparsePoint(&rp)
+}
+
+// WriteTarFileFromBackupStream writes a file to a tar writer using data from a Win32 backup stream.
+//
+// This encodes Win32 metadata as tar pax vendor extensions starting with MSWINDOWS.
+//
+// The additional Win32 metadata is:
+//
+// - MSWINDOWS.fileattr: The Win32 file attributes, as a decimal value
+// - MSWINDOWS.rawsd: The Win32 security descriptor, in raw binary format
+// - MSWINDOWS.mountpoint: If present, this is a mount point and not a symlink, even though the type is '2' (symlink)
+func WriteTarFileFromBackupStream(t *tar.Writer, r io.Reader, name string, size int64, fileInfo *winio.FileBasicInfo) error {
+ name = filepath.ToSlash(name)
+ hdr := BasicInfoHeader(name, size, fileInfo)
+
+ // If r can be seeked, then this function is two-pass: pass 1 collects the
+ // tar header data, and pass 2 copies the data stream. If r cannot be
+ // seeked, then some header data (in particular EAs) will be silently lost.
+ var (
+ restartPos int64
+ err error
+ )
+ sr, readTwice := r.(io.Seeker)
+ if readTwice {
+ if restartPos, err = sr.Seek(0, io.SeekCurrent); err != nil {
+ readTwice = false
+ }
+ }
+
+ br := winio.NewBackupStreamReader(r)
+ var dataHdr *winio.BackupHeader
+ for dataHdr == nil {
+ bhdr, err := br.Next()
+ if err == io.EOF { //nolint:errorlint
+ break
+ }
+ if err != nil {
+ return err
+ }
+ switch bhdr.Id {
+ case winio.BackupData:
+ hdr.Mode |= cISREG
+ if !readTwice {
+ dataHdr = bhdr
+ }
+ case winio.BackupSecurity:
+ sd, err := io.ReadAll(br)
+ if err != nil {
+ return err
+ }
+ hdr.PAXRecords[hdrRawSecurityDescriptor] = base64.StdEncoding.EncodeToString(sd)
+
+ case winio.BackupReparseData:
+ hdr.Mode |= cISLNK
+ hdr.Typeflag = tar.TypeSymlink
+ reparseBuffer, _ := io.ReadAll(br)
+ rp, err := winio.DecodeReparsePoint(reparseBuffer)
+ if err != nil {
+ return err
+ }
+ if rp.IsMountPoint {
+ hdr.PAXRecords[hdrMountPoint] = "1"
+ }
+ hdr.Linkname = rp.Target
+
+ case winio.BackupEaData:
+ eab, err := io.ReadAll(br)
+ if err != nil {
+ return err
+ }
+ eas, err := winio.DecodeExtendedAttributes(eab)
+ if err != nil {
+ return err
+ }
+ for _, ea := range eas {
+ // Use base64 encoding for the binary value. Note that there
+ // is no way to encode the EA's flags, since their use doesn't
+ // make any sense for persisted EAs.
+ hdr.PAXRecords[hdrEaPrefix+ea.Name] = base64.StdEncoding.EncodeToString(ea.Value)
+ }
+
+ case winio.BackupAlternateData, winio.BackupLink, winio.BackupPropertyData, winio.BackupObjectId, winio.BackupTxfsData:
+ // ignore these streams
+ default:
+ return fmt.Errorf("%s: unknown stream ID %d", name, bhdr.Id)
+ }
+ }
+
+ err = t.WriteHeader(hdr)
+ if err != nil {
+ return err
+ }
+
+ if readTwice {
+ // Get back to the data stream.
+ if _, err = sr.Seek(restartPos, io.SeekStart); err != nil {
+ return err
+ }
+ for dataHdr == nil {
+ bhdr, err := br.Next()
+ if err == io.EOF { //nolint:errorlint
+ break
+ }
+ if err != nil {
+ return err
+ }
+ if bhdr.Id == winio.BackupData {
+ dataHdr = bhdr
+ }
+ }
+ }
+
+ // The logic for copying file contents is fairly complicated due to the need for handling sparse files,
+ // and the weird ways they are represented by BackupRead. A normal file will always either have a data stream
+ // with size and content, or no data stream at all (if empty). However, for a sparse file, the content can also
+ // be represented using a series of sparse block streams following the data stream. Additionally, the way sparse
+ // files are handled by BackupRead has changed in the OS recently. The specifics of the representation are described
+ // in the list at the bottom of this block comment.
+ //
+ // Sparse files can be represented in four different ways, based on the specifics of the file.
+ // - Size = 0:
+ // Previously: BackupRead yields no data stream and no sparse block streams.
+ // Recently: BackupRead yields a data stream with size = 0. There are no following sparse block streams.
+ // - Size > 0, no allocated ranges:
+ // BackupRead yields a data stream with size = 0. Following is a single sparse block stream with
+ // size = 0 and offset = .
+ // - Size > 0, one allocated range:
+ // BackupRead yields a data stream with size = containing the file contents. There are no
+ // sparse block streams. This is the case if you take a normal file with contents and simply set the
+ // sparse flag on it.
+ // - Size > 0, multiple allocated ranges:
+ // BackupRead yields a data stream with size = 0. Following are sparse block streams for each allocated
+ // range of the file containing the range contents. Finally there is a sparse block stream with
+ // size = 0 and offset = .
+
+ if dataHdr != nil { //nolint:nestif // todo: reduce nesting complexity
+ // A data stream was found. Copy the data.
+ // We assume that we will either have a data stream size > 0 XOR have sparse block streams.
+ if dataHdr.Size > 0 || (dataHdr.Attributes&winio.StreamSparseAttributes) == 0 {
+ if size != dataHdr.Size {
+ return fmt.Errorf("%s: mismatch between file size %d and header size %d", name, size, dataHdr.Size)
+ }
+ if _, err = io.Copy(t, br); err != nil {
+ return fmt.Errorf("%s: copying contents from data stream: %w", name, err)
+ }
+ } else if size > 0 {
+ // As of a recent OS change, BackupRead now returns a data stream for empty sparse files.
+ // These files have no sparse block streams, so skip the copySparse call if file size = 0.
+ if err = copySparse(t, br); err != nil {
+ return fmt.Errorf("%s: copying contents from sparse block stream: %w", name, err)
+ }
+ }
+ }
+
+ // Look for streams after the data stream. The only ones we handle are alternate data streams.
+ // Other streams may have metadata that could be serialized, but the tar header has already
+ // been written. In practice, this means that we don't get EA or TXF metadata.
+ for {
+ bhdr, err := br.Next()
+ if err == io.EOF { //nolint:errorlint
+ break
+ }
+ if err != nil {
+ return err
+ }
+ switch bhdr.Id {
+ case winio.BackupAlternateData:
+ if (bhdr.Attributes & winio.StreamSparseAttributes) != 0 {
+ // Unsupported for now, since the size of the alternate stream is not present
+ // in the backup stream until after the data has been read.
+ return fmt.Errorf("%s: tar of sparse alternate data streams is unsupported", name)
+ }
+ altName := strings.TrimSuffix(bhdr.Name, ":$DATA")
+ hdr = &tar.Header{
+ Format: hdr.Format,
+ Name: name + altName,
+ Mode: hdr.Mode,
+ Typeflag: tar.TypeReg,
+ Size: bhdr.Size,
+ ModTime: hdr.ModTime,
+ AccessTime: hdr.AccessTime,
+ ChangeTime: hdr.ChangeTime,
+ }
+ err = t.WriteHeader(hdr)
+ if err != nil {
+ return err
+ }
+ _, err = io.Copy(t, br)
+ if err != nil {
+ return err
+ }
+ case winio.BackupEaData, winio.BackupLink, winio.BackupPropertyData, winio.BackupObjectId, winio.BackupTxfsData:
+ // ignore these streams
+ default:
+ return fmt.Errorf("%s: unknown stream ID %d after data", name, bhdr.Id)
+ }
+ }
+ return nil
+}
+
+// FileInfoFromHeader retrieves basic Win32 file information from a tar header, using the additional metadata written by
+// WriteTarFileFromBackupStream.
+func FileInfoFromHeader(hdr *tar.Header) (name string, size int64, fileInfo *winio.FileBasicInfo, err error) {
+ name = hdr.Name
+ if hdr.Typeflag == tar.TypeReg || hdr.Typeflag == tar.TypeRegA {
+ size = hdr.Size
+ }
+ fileInfo = &winio.FileBasicInfo{
+ LastAccessTime: windows.NsecToFiletime(hdr.AccessTime.UnixNano()),
+ LastWriteTime: windows.NsecToFiletime(hdr.ModTime.UnixNano()),
+ ChangeTime: windows.NsecToFiletime(hdr.ChangeTime.UnixNano()),
+ // Default to ModTime, we'll pull hdrCreationTime below if present
+ CreationTime: windows.NsecToFiletime(hdr.ModTime.UnixNano()),
+ }
+ if attrStr, ok := hdr.PAXRecords[hdrFileAttributes]; ok {
+ attr, err := strconv.ParseUint(attrStr, 10, 32)
+ if err != nil {
+ return "", 0, nil, err
+ }
+ fileInfo.FileAttributes = uint32(attr)
+ } else {
+ if hdr.Typeflag == tar.TypeDir {
+ fileInfo.FileAttributes |= syscall.FILE_ATTRIBUTE_DIRECTORY
+ }
+ }
+ if creationTimeStr, ok := hdr.PAXRecords[hdrCreationTime]; ok {
+ creationTime, err := parsePAXTime(creationTimeStr)
+ if err != nil {
+ return "", 0, nil, err
+ }
+ fileInfo.CreationTime = windows.NsecToFiletime(creationTime.UnixNano())
+ }
+ return name, size, fileInfo, err
+}
+
+// WriteBackupStreamFromTarFile writes a Win32 backup stream from the current tar file. Since this function may process multiple
+// tar file entries in order to collect all the alternate data streams for the file, it returns the next
+// tar file that was not processed, or io.EOF is there are no more.
+func WriteBackupStreamFromTarFile(w io.Writer, t *tar.Reader, hdr *tar.Header) (*tar.Header, error) {
+ bw := winio.NewBackupStreamWriter(w)
+
+ sd, err := SecurityDescriptorFromTarHeader(hdr)
+ if err != nil {
+ return nil, err
+ }
+ if len(sd) != 0 {
+ bhdr := winio.BackupHeader{
+ Id: winio.BackupSecurity,
+ Size: int64(len(sd)),
+ }
+ err := bw.WriteHeader(&bhdr)
+ if err != nil {
+ return nil, err
+ }
+ _, err = bw.Write(sd)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ eadata, err := ExtendedAttributesFromTarHeader(hdr)
+ if err != nil {
+ return nil, err
+ }
+ if len(eadata) != 0 {
+ bhdr := winio.BackupHeader{
+ Id: winio.BackupEaData,
+ Size: int64(len(eadata)),
+ }
+ err = bw.WriteHeader(&bhdr)
+ if err != nil {
+ return nil, err
+ }
+ _, err = bw.Write(eadata)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ if hdr.Typeflag == tar.TypeSymlink {
+ reparse := EncodeReparsePointFromTarHeader(hdr)
+ bhdr := winio.BackupHeader{
+ Id: winio.BackupReparseData,
+ Size: int64(len(reparse)),
+ }
+ err := bw.WriteHeader(&bhdr)
+ if err != nil {
+ return nil, err
+ }
+ _, err = bw.Write(reparse)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ if hdr.Typeflag == tar.TypeReg || hdr.Typeflag == tar.TypeRegA {
+ bhdr := winio.BackupHeader{
+ Id: winio.BackupData,
+ Size: hdr.Size,
+ }
+ err := bw.WriteHeader(&bhdr)
+ if err != nil {
+ return nil, err
+ }
+ _, err = io.Copy(bw, t)
+ if err != nil {
+ return nil, err
+ }
+ }
+ // Copy all the alternate data streams and return the next non-ADS header.
+ for {
+ ahdr, err := t.Next()
+ if err != nil {
+ return nil, err
+ }
+ if ahdr.Typeflag != tar.TypeReg || !strings.HasPrefix(ahdr.Name, hdr.Name+":") {
+ return ahdr, nil
+ }
+ bhdr := winio.BackupHeader{
+ Id: winio.BackupAlternateData,
+ Size: ahdr.Size,
+ Name: ahdr.Name[len(hdr.Name):] + ":$DATA",
+ }
+ err = bw.WriteHeader(&bhdr)
+ if err != nil {
+ return nil, err
+ }
+ _, err = io.Copy(bw, t)
+ if err != nil {
+ return nil, err
+ }
+ }
+}
diff --git a/vendor/github.com/Microsoft/go-winio/doc.go b/vendor/github.com/Microsoft/go-winio/doc.go
new file mode 100644
index 000000000..1f5bfe2d5
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/doc.go
@@ -0,0 +1,22 @@
+// This package provides utilities for efficiently performing Win32 IO operations in Go.
+// Currently, this package is provides support for genreal IO and management of
+// - named pipes
+// - files
+// - [Hyper-V sockets]
+//
+// This code is similar to Go's [net] package, and uses IO completion ports to avoid
+// blocking IO on system threads, allowing Go to reuse the thread to schedule other goroutines.
+//
+// This limits support to Windows Vista and newer operating systems.
+//
+// Additionally, this package provides support for:
+// - creating and managing GUIDs
+// - writing to [ETW]
+// - opening and manageing VHDs
+// - parsing [Windows Image files]
+// - auto-generating Win32 API code
+//
+// [Hyper-V sockets]: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/make-integration-service
+// [ETW]: https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/event-tracing-for-windows--etw-
+// [Windows Image files]: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/work-with-windows-images
+package winio
diff --git a/vendor/github.com/Microsoft/go-winio/ea.go b/vendor/github.com/Microsoft/go-winio/ea.go
new file mode 100644
index 000000000..e104dbdfd
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/ea.go
@@ -0,0 +1,137 @@
+package winio
+
+import (
+ "bytes"
+ "encoding/binary"
+ "errors"
+)
+
+type fileFullEaInformation struct {
+ NextEntryOffset uint32
+ Flags uint8
+ NameLength uint8
+ ValueLength uint16
+}
+
+var (
+ fileFullEaInformationSize = binary.Size(&fileFullEaInformation{})
+
+ errInvalidEaBuffer = errors.New("invalid extended attribute buffer")
+ errEaNameTooLarge = errors.New("extended attribute name too large")
+ errEaValueTooLarge = errors.New("extended attribute value too large")
+)
+
+// ExtendedAttribute represents a single Windows EA.
+type ExtendedAttribute struct {
+ Name string
+ Value []byte
+ Flags uint8
+}
+
+func parseEa(b []byte) (ea ExtendedAttribute, nb []byte, err error) {
+ var info fileFullEaInformation
+ err = binary.Read(bytes.NewReader(b), binary.LittleEndian, &info)
+ if err != nil {
+ err = errInvalidEaBuffer
+ return ea, nb, err
+ }
+
+ nameOffset := fileFullEaInformationSize
+ nameLen := int(info.NameLength)
+ valueOffset := nameOffset + int(info.NameLength) + 1
+ valueLen := int(info.ValueLength)
+ nextOffset := int(info.NextEntryOffset)
+ if valueLen+valueOffset > len(b) || nextOffset < 0 || nextOffset > len(b) {
+ err = errInvalidEaBuffer
+ return ea, nb, err
+ }
+
+ ea.Name = string(b[nameOffset : nameOffset+nameLen])
+ ea.Value = b[valueOffset : valueOffset+valueLen]
+ ea.Flags = info.Flags
+ if info.NextEntryOffset != 0 {
+ nb = b[info.NextEntryOffset:]
+ }
+ return ea, nb, err
+}
+
+// DecodeExtendedAttributes decodes a list of EAs from a FILE_FULL_EA_INFORMATION
+// buffer retrieved from BackupRead, ZwQueryEaFile, etc.
+func DecodeExtendedAttributes(b []byte) (eas []ExtendedAttribute, err error) {
+ for len(b) != 0 {
+ ea, nb, err := parseEa(b)
+ if err != nil {
+ return nil, err
+ }
+
+ eas = append(eas, ea)
+ b = nb
+ }
+ return eas, err
+}
+
+func writeEa(buf *bytes.Buffer, ea *ExtendedAttribute, last bool) error {
+ if int(uint8(len(ea.Name))) != len(ea.Name) {
+ return errEaNameTooLarge
+ }
+ if int(uint16(len(ea.Value))) != len(ea.Value) {
+ return errEaValueTooLarge
+ }
+ entrySize := uint32(fileFullEaInformationSize + len(ea.Name) + 1 + len(ea.Value))
+ withPadding := (entrySize + 3) &^ 3
+ nextOffset := uint32(0)
+ if !last {
+ nextOffset = withPadding
+ }
+ info := fileFullEaInformation{
+ NextEntryOffset: nextOffset,
+ Flags: ea.Flags,
+ NameLength: uint8(len(ea.Name)),
+ ValueLength: uint16(len(ea.Value)),
+ }
+
+ err := binary.Write(buf, binary.LittleEndian, &info)
+ if err != nil {
+ return err
+ }
+
+ _, err = buf.Write([]byte(ea.Name))
+ if err != nil {
+ return err
+ }
+
+ err = buf.WriteByte(0)
+ if err != nil {
+ return err
+ }
+
+ _, err = buf.Write(ea.Value)
+ if err != nil {
+ return err
+ }
+
+ _, err = buf.Write([]byte{0, 0, 0}[0 : withPadding-entrySize])
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+// EncodeExtendedAttributes encodes a list of EAs into a FILE_FULL_EA_INFORMATION
+// buffer for use with BackupWrite, ZwSetEaFile, etc.
+func EncodeExtendedAttributes(eas []ExtendedAttribute) ([]byte, error) {
+ var buf bytes.Buffer
+ for i := range eas {
+ last := false
+ if i == len(eas)-1 {
+ last = true
+ }
+
+ err := writeEa(&buf, &eas[i], last)
+ if err != nil {
+ return nil, err
+ }
+ }
+ return buf.Bytes(), nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/file.go b/vendor/github.com/Microsoft/go-winio/file.go
new file mode 100644
index 000000000..175a99d3f
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/file.go
@@ -0,0 +1,331 @@
+//go:build windows
+// +build windows
+
+package winio
+
+import (
+ "errors"
+ "io"
+ "runtime"
+ "sync"
+ "sync/atomic"
+ "syscall"
+ "time"
+
+ "golang.org/x/sys/windows"
+)
+
+//sys cancelIoEx(file syscall.Handle, o *syscall.Overlapped) (err error) = CancelIoEx
+//sys createIoCompletionPort(file syscall.Handle, port syscall.Handle, key uintptr, threadCount uint32) (newport syscall.Handle, err error) = CreateIoCompletionPort
+//sys getQueuedCompletionStatus(port syscall.Handle, bytes *uint32, key *uintptr, o **ioOperation, timeout uint32) (err error) = GetQueuedCompletionStatus
+//sys setFileCompletionNotificationModes(h syscall.Handle, flags uint8) (err error) = SetFileCompletionNotificationModes
+//sys wsaGetOverlappedResult(h syscall.Handle, o *syscall.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) = ws2_32.WSAGetOverlappedResult
+
+type atomicBool int32
+
+func (b *atomicBool) isSet() bool { return atomic.LoadInt32((*int32)(b)) != 0 }
+func (b *atomicBool) setFalse() { atomic.StoreInt32((*int32)(b), 0) }
+func (b *atomicBool) setTrue() { atomic.StoreInt32((*int32)(b), 1) }
+
+//revive:disable-next-line:predeclared Keep "new" to maintain consistency with "atomic" pkg
+func (b *atomicBool) swap(new bool) bool {
+ var newInt int32
+ if new {
+ newInt = 1
+ }
+ return atomic.SwapInt32((*int32)(b), newInt) == 1
+}
+
+var (
+ ErrFileClosed = errors.New("file has already been closed")
+ ErrTimeout = &timeoutError{}
+)
+
+type timeoutError struct{}
+
+func (*timeoutError) Error() string { return "i/o timeout" }
+func (*timeoutError) Timeout() bool { return true }
+func (*timeoutError) Temporary() bool { return true }
+
+type timeoutChan chan struct{}
+
+var ioInitOnce sync.Once
+var ioCompletionPort syscall.Handle
+
+// ioResult contains the result of an asynchronous IO operation.
+type ioResult struct {
+ bytes uint32
+ err error
+}
+
+// ioOperation represents an outstanding asynchronous Win32 IO.
+type ioOperation struct {
+ o syscall.Overlapped
+ ch chan ioResult
+}
+
+func initIO() {
+ h, err := createIoCompletionPort(syscall.InvalidHandle, 0, 0, 0xffffffff)
+ if err != nil {
+ panic(err)
+ }
+ ioCompletionPort = h
+ go ioCompletionProcessor(h)
+}
+
+// win32File implements Reader, Writer, and Closer on a Win32 handle without blocking in a syscall.
+// It takes ownership of this handle and will close it if it is garbage collected.
+type win32File struct {
+ handle syscall.Handle
+ wg sync.WaitGroup
+ wgLock sync.RWMutex
+ closing atomicBool
+ socket bool
+ readDeadline deadlineHandler
+ writeDeadline deadlineHandler
+}
+
+type deadlineHandler struct {
+ setLock sync.Mutex
+ channel timeoutChan
+ channelLock sync.RWMutex
+ timer *time.Timer
+ timedout atomicBool
+}
+
+// makeWin32File makes a new win32File from an existing file handle.
+func makeWin32File(h syscall.Handle) (*win32File, error) {
+ f := &win32File{handle: h}
+ ioInitOnce.Do(initIO)
+ _, err := createIoCompletionPort(h, ioCompletionPort, 0, 0xffffffff)
+ if err != nil {
+ return nil, err
+ }
+ err = setFileCompletionNotificationModes(h, windows.FILE_SKIP_COMPLETION_PORT_ON_SUCCESS|windows.FILE_SKIP_SET_EVENT_ON_HANDLE)
+ if err != nil {
+ return nil, err
+ }
+ f.readDeadline.channel = make(timeoutChan)
+ f.writeDeadline.channel = make(timeoutChan)
+ return f, nil
+}
+
+func MakeOpenFile(h syscall.Handle) (io.ReadWriteCloser, error) {
+ // If we return the result of makeWin32File directly, it can result in an
+ // interface-wrapped nil, rather than a nil interface value.
+ f, err := makeWin32File(h)
+ if err != nil {
+ return nil, err
+ }
+ return f, nil
+}
+
+// closeHandle closes the resources associated with a Win32 handle.
+func (f *win32File) closeHandle() {
+ f.wgLock.Lock()
+ // Atomically set that we are closing, releasing the resources only once.
+ if !f.closing.swap(true) {
+ f.wgLock.Unlock()
+ // cancel all IO and wait for it to complete
+ _ = cancelIoEx(f.handle, nil)
+ f.wg.Wait()
+ // at this point, no new IO can start
+ syscall.Close(f.handle)
+ f.handle = 0
+ } else {
+ f.wgLock.Unlock()
+ }
+}
+
+// Close closes a win32File.
+func (f *win32File) Close() error {
+ f.closeHandle()
+ return nil
+}
+
+// IsClosed checks if the file has been closed.
+func (f *win32File) IsClosed() bool {
+ return f.closing.isSet()
+}
+
+// prepareIO prepares for a new IO operation.
+// The caller must call f.wg.Done() when the IO is finished, prior to Close() returning.
+func (f *win32File) prepareIO() (*ioOperation, error) {
+ f.wgLock.RLock()
+ if f.closing.isSet() {
+ f.wgLock.RUnlock()
+ return nil, ErrFileClosed
+ }
+ f.wg.Add(1)
+ f.wgLock.RUnlock()
+ c := &ioOperation{}
+ c.ch = make(chan ioResult)
+ return c, nil
+}
+
+// ioCompletionProcessor processes completed async IOs forever.
+func ioCompletionProcessor(h syscall.Handle) {
+ for {
+ var bytes uint32
+ var key uintptr
+ var op *ioOperation
+ err := getQueuedCompletionStatus(h, &bytes, &key, &op, syscall.INFINITE)
+ if op == nil {
+ panic(err)
+ }
+ op.ch <- ioResult{bytes, err}
+ }
+}
+
+// todo: helsaawy - create an asyncIO version that takes a context
+
+// asyncIO processes the return value from ReadFile or WriteFile, blocking until
+// the operation has actually completed.
+func (f *win32File) asyncIO(c *ioOperation, d *deadlineHandler, bytes uint32, err error) (int, error) {
+ if err != syscall.ERROR_IO_PENDING { //nolint:errorlint // err is Errno
+ return int(bytes), err
+ }
+
+ if f.closing.isSet() {
+ _ = cancelIoEx(f.handle, &c.o)
+ }
+
+ var timeout timeoutChan
+ if d != nil {
+ d.channelLock.Lock()
+ timeout = d.channel
+ d.channelLock.Unlock()
+ }
+
+ var r ioResult
+ select {
+ case r = <-c.ch:
+ err = r.err
+ if err == syscall.ERROR_OPERATION_ABORTED { //nolint:errorlint // err is Errno
+ if f.closing.isSet() {
+ err = ErrFileClosed
+ }
+ } else if err != nil && f.socket {
+ // err is from Win32. Query the overlapped structure to get the winsock error.
+ var bytes, flags uint32
+ err = wsaGetOverlappedResult(f.handle, &c.o, &bytes, false, &flags)
+ }
+ case <-timeout:
+ _ = cancelIoEx(f.handle, &c.o)
+ r = <-c.ch
+ err = r.err
+ if err == syscall.ERROR_OPERATION_ABORTED { //nolint:errorlint // err is Errno
+ err = ErrTimeout
+ }
+ }
+
+ // runtime.KeepAlive is needed, as c is passed via native
+ // code to ioCompletionProcessor, c must remain alive
+ // until the channel read is complete.
+ // todo: (de)allocate *ioOperation via win32 heap functions, instead of needing to KeepAlive?
+ runtime.KeepAlive(c)
+ return int(r.bytes), err
+}
+
+// Read reads from a file handle.
+func (f *win32File) Read(b []byte) (int, error) {
+ c, err := f.prepareIO()
+ if err != nil {
+ return 0, err
+ }
+ defer f.wg.Done()
+
+ if f.readDeadline.timedout.isSet() {
+ return 0, ErrTimeout
+ }
+
+ var bytes uint32
+ err = syscall.ReadFile(f.handle, b, &bytes, &c.o)
+ n, err := f.asyncIO(c, &f.readDeadline, bytes, err)
+ runtime.KeepAlive(b)
+
+ // Handle EOF conditions.
+ if err == nil && n == 0 && len(b) != 0 {
+ return 0, io.EOF
+ } else if err == syscall.ERROR_BROKEN_PIPE { //nolint:errorlint // err is Errno
+ return 0, io.EOF
+ } else {
+ return n, err
+ }
+}
+
+// Write writes to a file handle.
+func (f *win32File) Write(b []byte) (int, error) {
+ c, err := f.prepareIO()
+ if err != nil {
+ return 0, err
+ }
+ defer f.wg.Done()
+
+ if f.writeDeadline.timedout.isSet() {
+ return 0, ErrTimeout
+ }
+
+ var bytes uint32
+ err = syscall.WriteFile(f.handle, b, &bytes, &c.o)
+ n, err := f.asyncIO(c, &f.writeDeadline, bytes, err)
+ runtime.KeepAlive(b)
+ return n, err
+}
+
+func (f *win32File) SetReadDeadline(deadline time.Time) error {
+ return f.readDeadline.set(deadline)
+}
+
+func (f *win32File) SetWriteDeadline(deadline time.Time) error {
+ return f.writeDeadline.set(deadline)
+}
+
+func (f *win32File) Flush() error {
+ return syscall.FlushFileBuffers(f.handle)
+}
+
+func (f *win32File) Fd() uintptr {
+ return uintptr(f.handle)
+}
+
+func (d *deadlineHandler) set(deadline time.Time) error {
+ d.setLock.Lock()
+ defer d.setLock.Unlock()
+
+ if d.timer != nil {
+ if !d.timer.Stop() {
+ <-d.channel
+ }
+ d.timer = nil
+ }
+ d.timedout.setFalse()
+
+ select {
+ case <-d.channel:
+ d.channelLock.Lock()
+ d.channel = make(chan struct{})
+ d.channelLock.Unlock()
+ default:
+ }
+
+ if deadline.IsZero() {
+ return nil
+ }
+
+ timeoutIO := func() {
+ d.timedout.setTrue()
+ close(d.channel)
+ }
+
+ now := time.Now()
+ duration := deadline.Sub(now)
+ if deadline.After(now) {
+ // Deadline is in the future, set a timer to wait
+ d.timer = time.AfterFunc(duration, timeoutIO)
+ } else {
+ // Deadline is in the past. Cancel all pending IO now.
+ timeoutIO()
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/fileinfo.go b/vendor/github.com/Microsoft/go-winio/fileinfo.go
new file mode 100644
index 000000000..702950e72
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/fileinfo.go
@@ -0,0 +1,92 @@
+//go:build windows
+// +build windows
+
+package winio
+
+import (
+ "os"
+ "runtime"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+// FileBasicInfo contains file access time and file attributes information.
+type FileBasicInfo struct {
+ CreationTime, LastAccessTime, LastWriteTime, ChangeTime windows.Filetime
+ FileAttributes uint32
+ _ uint32 // padding
+}
+
+// GetFileBasicInfo retrieves times and attributes for a file.
+func GetFileBasicInfo(f *os.File) (*FileBasicInfo, error) {
+ bi := &FileBasicInfo{}
+ if err := windows.GetFileInformationByHandleEx(
+ windows.Handle(f.Fd()),
+ windows.FileBasicInfo,
+ (*byte)(unsafe.Pointer(bi)),
+ uint32(unsafe.Sizeof(*bi)),
+ ); err != nil {
+ return nil, &os.PathError{Op: "GetFileInformationByHandleEx", Path: f.Name(), Err: err}
+ }
+ runtime.KeepAlive(f)
+ return bi, nil
+}
+
+// SetFileBasicInfo sets times and attributes for a file.
+func SetFileBasicInfo(f *os.File, bi *FileBasicInfo) error {
+ if err := windows.SetFileInformationByHandle(
+ windows.Handle(f.Fd()),
+ windows.FileBasicInfo,
+ (*byte)(unsafe.Pointer(bi)),
+ uint32(unsafe.Sizeof(*bi)),
+ ); err != nil {
+ return &os.PathError{Op: "SetFileInformationByHandle", Path: f.Name(), Err: err}
+ }
+ runtime.KeepAlive(f)
+ return nil
+}
+
+// FileStandardInfo contains extended information for the file.
+// FILE_STANDARD_INFO in WinBase.h
+// https://docs.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-file_standard_info
+type FileStandardInfo struct {
+ AllocationSize, EndOfFile int64
+ NumberOfLinks uint32
+ DeletePending, Directory bool
+}
+
+// GetFileStandardInfo retrieves ended information for the file.
+func GetFileStandardInfo(f *os.File) (*FileStandardInfo, error) {
+ si := &FileStandardInfo{}
+ if err := windows.GetFileInformationByHandleEx(windows.Handle(f.Fd()),
+ windows.FileStandardInfo,
+ (*byte)(unsafe.Pointer(si)),
+ uint32(unsafe.Sizeof(*si))); err != nil {
+ return nil, &os.PathError{Op: "GetFileInformationByHandleEx", Path: f.Name(), Err: err}
+ }
+ runtime.KeepAlive(f)
+ return si, nil
+}
+
+// FileIDInfo contains the volume serial number and file ID for a file. This pair should be
+// unique on a system.
+type FileIDInfo struct {
+ VolumeSerialNumber uint64
+ FileID [16]byte
+}
+
+// GetFileID retrieves the unique (volume, file ID) pair for a file.
+func GetFileID(f *os.File) (*FileIDInfo, error) {
+ fileID := &FileIDInfo{}
+ if err := windows.GetFileInformationByHandleEx(
+ windows.Handle(f.Fd()),
+ windows.FileIdInfo,
+ (*byte)(unsafe.Pointer(fileID)),
+ uint32(unsafe.Sizeof(*fileID)),
+ ); err != nil {
+ return nil, &os.PathError{Op: "GetFileInformationByHandleEx", Path: f.Name(), Err: err}
+ }
+ runtime.KeepAlive(f)
+ return fileID, nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/hvsock.go b/vendor/github.com/Microsoft/go-winio/hvsock.go
new file mode 100644
index 000000000..c88191658
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/hvsock.go
@@ -0,0 +1,575 @@
+//go:build windows
+// +build windows
+
+package winio
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "io"
+ "net"
+ "os"
+ "syscall"
+ "time"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+
+ "github.com/Microsoft/go-winio/internal/socket"
+ "github.com/Microsoft/go-winio/pkg/guid"
+)
+
+const afHVSock = 34 // AF_HYPERV
+
+// Well known Service and VM IDs
+// https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/make-integration-service#vmid-wildcards
+
+// HvsockGUIDWildcard is the wildcard VmId for accepting connections from all partitions.
+func HvsockGUIDWildcard() guid.GUID { // 00000000-0000-0000-0000-000000000000
+ return guid.GUID{}
+}
+
+// HvsockGUIDBroadcast is the wildcard VmId for broadcasting sends to all partitions.
+func HvsockGUIDBroadcast() guid.GUID { // ffffffff-ffff-ffff-ffff-ffffffffffff
+ return guid.GUID{
+ Data1: 0xffffffff,
+ Data2: 0xffff,
+ Data3: 0xffff,
+ Data4: [8]uint8{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ }
+}
+
+// HvsockGUIDLoopback is the Loopback VmId for accepting connections to the same partition as the connector.
+func HvsockGUIDLoopback() guid.GUID { // e0e16197-dd56-4a10-9195-5ee7a155a838
+ return guid.GUID{
+ Data1: 0xe0e16197,
+ Data2: 0xdd56,
+ Data3: 0x4a10,
+ Data4: [8]uint8{0x91, 0x95, 0x5e, 0xe7, 0xa1, 0x55, 0xa8, 0x38},
+ }
+}
+
+// HvsockGUIDSiloHost is the address of a silo's host partition:
+// - The silo host of a hosted silo is the utility VM.
+// - The silo host of a silo on a physical host is the physical host.
+func HvsockGUIDSiloHost() guid.GUID { // 36bd0c5c-7276-4223-88ba-7d03b654c568
+ return guid.GUID{
+ Data1: 0x36bd0c5c,
+ Data2: 0x7276,
+ Data3: 0x4223,
+ Data4: [8]byte{0x88, 0xba, 0x7d, 0x03, 0xb6, 0x54, 0xc5, 0x68},
+ }
+}
+
+// HvsockGUIDChildren is the wildcard VmId for accepting connections from the connector's child partitions.
+func HvsockGUIDChildren() guid.GUID { // 90db8b89-0d35-4f79-8ce9-49ea0ac8b7cd
+ return guid.GUID{
+ Data1: 0x90db8b89,
+ Data2: 0xd35,
+ Data3: 0x4f79,
+ Data4: [8]uint8{0x8c, 0xe9, 0x49, 0xea, 0xa, 0xc8, 0xb7, 0xcd},
+ }
+}
+
+// HvsockGUIDParent is the wildcard VmId for accepting connections from the connector's parent partition.
+// Listening on this VmId accepts connection from:
+// - Inside silos: silo host partition.
+// - Inside hosted silo: host of the VM.
+// - Inside VM: VM host.
+// - Physical host: Not supported.
+func HvsockGUIDParent() guid.GUID { // a42e7cda-d03f-480c-9cc2-a4de20abb878
+ return guid.GUID{
+ Data1: 0xa42e7cda,
+ Data2: 0xd03f,
+ Data3: 0x480c,
+ Data4: [8]uint8{0x9c, 0xc2, 0xa4, 0xde, 0x20, 0xab, 0xb8, 0x78},
+ }
+}
+
+// hvsockVsockServiceTemplate is the Service GUID used for the VSOCK protocol.
+func hvsockVsockServiceTemplate() guid.GUID { // 00000000-facb-11e6-bd58-64006a7986d3
+ return guid.GUID{
+ Data2: 0xfacb,
+ Data3: 0x11e6,
+ Data4: [8]uint8{0xbd, 0x58, 0x64, 0x00, 0x6a, 0x79, 0x86, 0xd3},
+ }
+}
+
+// An HvsockAddr is an address for a AF_HYPERV socket.
+type HvsockAddr struct {
+ VMID guid.GUID
+ ServiceID guid.GUID
+}
+
+type rawHvsockAddr struct {
+ Family uint16
+ _ uint16
+ VMID guid.GUID
+ ServiceID guid.GUID
+}
+
+var _ socket.RawSockaddr = &rawHvsockAddr{}
+
+// Network returns the address's network name, "hvsock".
+func (*HvsockAddr) Network() string {
+ return "hvsock"
+}
+
+func (addr *HvsockAddr) String() string {
+ return fmt.Sprintf("%s:%s", &addr.VMID, &addr.ServiceID)
+}
+
+// VsockServiceID returns an hvsock service ID corresponding to the specified AF_VSOCK port.
+func VsockServiceID(port uint32) guid.GUID {
+ g := hvsockVsockServiceTemplate() // make a copy
+ g.Data1 = port
+ return g
+}
+
+func (addr *HvsockAddr) raw() rawHvsockAddr {
+ return rawHvsockAddr{
+ Family: afHVSock,
+ VMID: addr.VMID,
+ ServiceID: addr.ServiceID,
+ }
+}
+
+func (addr *HvsockAddr) fromRaw(raw *rawHvsockAddr) {
+ addr.VMID = raw.VMID
+ addr.ServiceID = raw.ServiceID
+}
+
+// Sockaddr returns a pointer to and the size of this struct.
+//
+// Implements the [socket.RawSockaddr] interface, and allows use in
+// [socket.Bind] and [socket.ConnectEx].
+func (r *rawHvsockAddr) Sockaddr() (unsafe.Pointer, int32, error) {
+ return unsafe.Pointer(r), int32(unsafe.Sizeof(rawHvsockAddr{})), nil
+}
+
+// Sockaddr interface allows use with `sockets.Bind()` and `.ConnectEx()`.
+func (r *rawHvsockAddr) FromBytes(b []byte) error {
+ n := int(unsafe.Sizeof(rawHvsockAddr{}))
+
+ if len(b) < n {
+ return fmt.Errorf("got %d, want %d: %w", len(b), n, socket.ErrBufferSize)
+ }
+
+ copy(unsafe.Slice((*byte)(unsafe.Pointer(r)), n), b[:n])
+ if r.Family != afHVSock {
+ return fmt.Errorf("got %d, want %d: %w", r.Family, afHVSock, socket.ErrAddrFamily)
+ }
+
+ return nil
+}
+
+// HvsockListener is a socket listener for the AF_HYPERV address family.
+type HvsockListener struct {
+ sock *win32File
+ addr HvsockAddr
+}
+
+var _ net.Listener = &HvsockListener{}
+
+// HvsockConn is a connected socket of the AF_HYPERV address family.
+type HvsockConn struct {
+ sock *win32File
+ local, remote HvsockAddr
+}
+
+var _ net.Conn = &HvsockConn{}
+
+func newHVSocket() (*win32File, error) {
+ fd, err := syscall.Socket(afHVSock, syscall.SOCK_STREAM, 1)
+ if err != nil {
+ return nil, os.NewSyscallError("socket", err)
+ }
+ f, err := makeWin32File(fd)
+ if err != nil {
+ syscall.Close(fd)
+ return nil, err
+ }
+ f.socket = true
+ return f, nil
+}
+
+// ListenHvsock listens for connections on the specified hvsock address.
+func ListenHvsock(addr *HvsockAddr) (_ *HvsockListener, err error) {
+ l := &HvsockListener{addr: *addr}
+ sock, err := newHVSocket()
+ if err != nil {
+ return nil, l.opErr("listen", err)
+ }
+ sa := addr.raw()
+ err = socket.Bind(windows.Handle(sock.handle), &sa)
+ if err != nil {
+ return nil, l.opErr("listen", os.NewSyscallError("socket", err))
+ }
+ err = syscall.Listen(sock.handle, 16)
+ if err != nil {
+ return nil, l.opErr("listen", os.NewSyscallError("listen", err))
+ }
+ return &HvsockListener{sock: sock, addr: *addr}, nil
+}
+
+func (l *HvsockListener) opErr(op string, err error) error {
+ return &net.OpError{Op: op, Net: "hvsock", Addr: &l.addr, Err: err}
+}
+
+// Addr returns the listener's network address.
+func (l *HvsockListener) Addr() net.Addr {
+ return &l.addr
+}
+
+// Accept waits for the next connection and returns it.
+func (l *HvsockListener) Accept() (_ net.Conn, err error) {
+ sock, err := newHVSocket()
+ if err != nil {
+ return nil, l.opErr("accept", err)
+ }
+ defer func() {
+ if sock != nil {
+ sock.Close()
+ }
+ }()
+ c, err := l.sock.prepareIO()
+ if err != nil {
+ return nil, l.opErr("accept", err)
+ }
+ defer l.sock.wg.Done()
+
+ // AcceptEx, per documentation, requires an extra 16 bytes per address.
+ //
+ // https://docs.microsoft.com/en-us/windows/win32/api/mswsock/nf-mswsock-acceptex
+ const addrlen = uint32(16 + unsafe.Sizeof(rawHvsockAddr{}))
+ var addrbuf [addrlen * 2]byte
+
+ var bytes uint32
+ err = syscall.AcceptEx(l.sock.handle, sock.handle, &addrbuf[0], 0 /* rxdatalen */, addrlen, addrlen, &bytes, &c.o)
+ if _, err = l.sock.asyncIO(c, nil, bytes, err); err != nil {
+ return nil, l.opErr("accept", os.NewSyscallError("acceptex", err))
+ }
+
+ conn := &HvsockConn{
+ sock: sock,
+ }
+ // The local address returned in the AcceptEx buffer is the same as the Listener socket's
+ // address. However, the service GUID reported by GetSockName is different from the Listeners
+ // socket, and is sometimes the same as the local address of the socket that dialed the
+ // address, with the service GUID.Data1 incremented, but othertimes is different.
+ // todo: does the local address matter? is the listener's address or the actual address appropriate?
+ conn.local.fromRaw((*rawHvsockAddr)(unsafe.Pointer(&addrbuf[0])))
+ conn.remote.fromRaw((*rawHvsockAddr)(unsafe.Pointer(&addrbuf[addrlen])))
+
+ // initialize the accepted socket and update its properties with those of the listening socket
+ if err = windows.Setsockopt(windows.Handle(sock.handle),
+ windows.SOL_SOCKET, windows.SO_UPDATE_ACCEPT_CONTEXT,
+ (*byte)(unsafe.Pointer(&l.sock.handle)), int32(unsafe.Sizeof(l.sock.handle))); err != nil {
+ return nil, conn.opErr("accept", os.NewSyscallError("setsockopt", err))
+ }
+
+ sock = nil
+ return conn, nil
+}
+
+// Close closes the listener, causing any pending Accept calls to fail.
+func (l *HvsockListener) Close() error {
+ return l.sock.Close()
+}
+
+// HvsockDialer configures and dials a Hyper-V Socket (ie, [HvsockConn]).
+type HvsockDialer struct {
+ // Deadline is the time the Dial operation must connect before erroring.
+ Deadline time.Time
+
+ // Retries is the number of additional connects to try if the connection times out, is refused,
+ // or the host is unreachable
+ Retries uint
+
+ // RetryWait is the time to wait after a connection error to retry
+ RetryWait time.Duration
+
+ rt *time.Timer // redial wait timer
+}
+
+// Dial the Hyper-V socket at addr.
+//
+// See [HvsockDialer.Dial] for more information.
+func Dial(ctx context.Context, addr *HvsockAddr) (conn *HvsockConn, err error) {
+ return (&HvsockDialer{}).Dial(ctx, addr)
+}
+
+// Dial attempts to connect to the Hyper-V socket at addr, and returns a connection if successful.
+// Will attempt (HvsockDialer).Retries if dialing fails, waiting (HvsockDialer).RetryWait between
+// retries.
+//
+// Dialing can be cancelled either by providing (HvsockDialer).Deadline, or cancelling ctx.
+func (d *HvsockDialer) Dial(ctx context.Context, addr *HvsockAddr) (conn *HvsockConn, err error) {
+ op := "dial"
+ // create the conn early to use opErr()
+ conn = &HvsockConn{
+ remote: *addr,
+ }
+
+ if !d.Deadline.IsZero() {
+ var cancel context.CancelFunc
+ ctx, cancel = context.WithDeadline(ctx, d.Deadline)
+ defer cancel()
+ }
+
+ // preemptive timeout/cancellation check
+ if err = ctx.Err(); err != nil {
+ return nil, conn.opErr(op, err)
+ }
+
+ sock, err := newHVSocket()
+ if err != nil {
+ return nil, conn.opErr(op, err)
+ }
+ defer func() {
+ if sock != nil {
+ sock.Close()
+ }
+ }()
+
+ sa := addr.raw()
+ err = socket.Bind(windows.Handle(sock.handle), &sa)
+ if err != nil {
+ return nil, conn.opErr(op, os.NewSyscallError("bind", err))
+ }
+
+ c, err := sock.prepareIO()
+ if err != nil {
+ return nil, conn.opErr(op, err)
+ }
+ defer sock.wg.Done()
+ var bytes uint32
+ for i := uint(0); i <= d.Retries; i++ {
+ err = socket.ConnectEx(
+ windows.Handle(sock.handle),
+ &sa,
+ nil, // sendBuf
+ 0, // sendDataLen
+ &bytes,
+ (*windows.Overlapped)(unsafe.Pointer(&c.o)))
+ _, err = sock.asyncIO(c, nil, bytes, err)
+ if i < d.Retries && canRedial(err) {
+ if err = d.redialWait(ctx); err == nil {
+ continue
+ }
+ }
+ break
+ }
+ if err != nil {
+ return nil, conn.opErr(op, os.NewSyscallError("connectex", err))
+ }
+
+ // update the connection properties, so shutdown can be used
+ if err = windows.Setsockopt(
+ windows.Handle(sock.handle),
+ windows.SOL_SOCKET,
+ windows.SO_UPDATE_CONNECT_CONTEXT,
+ nil, // optvalue
+ 0, // optlen
+ ); err != nil {
+ return nil, conn.opErr(op, os.NewSyscallError("setsockopt", err))
+ }
+
+ // get the local name
+ var sal rawHvsockAddr
+ err = socket.GetSockName(windows.Handle(sock.handle), &sal)
+ if err != nil {
+ return nil, conn.opErr(op, os.NewSyscallError("getsockname", err))
+ }
+ conn.local.fromRaw(&sal)
+
+ // one last check for timeout, since asyncIO doesn't check the context
+ if err = ctx.Err(); err != nil {
+ return nil, conn.opErr(op, err)
+ }
+
+ conn.sock = sock
+ sock = nil
+
+ return conn, nil
+}
+
+// redialWait waits before attempting to redial, resetting the timer as appropriate.
+func (d *HvsockDialer) redialWait(ctx context.Context) (err error) {
+ if d.RetryWait == 0 {
+ return nil
+ }
+
+ if d.rt == nil {
+ d.rt = time.NewTimer(d.RetryWait)
+ } else {
+ // should already be stopped and drained
+ d.rt.Reset(d.RetryWait)
+ }
+
+ select {
+ case <-ctx.Done():
+ case <-d.rt.C:
+ return nil
+ }
+
+ // stop and drain the timer
+ if !d.rt.Stop() {
+ <-d.rt.C
+ }
+ return ctx.Err()
+}
+
+// assumes error is a plain, unwrapped syscall.Errno provided by direct syscall.
+func canRedial(err error) bool {
+ //nolint:errorlint // guaranteed to be an Errno
+ switch err {
+ case windows.WSAECONNREFUSED, windows.WSAENETUNREACH, windows.WSAETIMEDOUT,
+ windows.ERROR_CONNECTION_REFUSED, windows.ERROR_CONNECTION_UNAVAIL:
+ return true
+ default:
+ return false
+ }
+}
+
+func (conn *HvsockConn) opErr(op string, err error) error {
+ // translate from "file closed" to "socket closed"
+ if errors.Is(err, ErrFileClosed) {
+ err = socket.ErrSocketClosed
+ }
+ return &net.OpError{Op: op, Net: "hvsock", Source: &conn.local, Addr: &conn.remote, Err: err}
+}
+
+func (conn *HvsockConn) Read(b []byte) (int, error) {
+ c, err := conn.sock.prepareIO()
+ if err != nil {
+ return 0, conn.opErr("read", err)
+ }
+ defer conn.sock.wg.Done()
+ buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
+ var flags, bytes uint32
+ err = syscall.WSARecv(conn.sock.handle, &buf, 1, &bytes, &flags, &c.o, nil)
+ n, err := conn.sock.asyncIO(c, &conn.sock.readDeadline, bytes, err)
+ if err != nil {
+ var eno windows.Errno
+ if errors.As(err, &eno) {
+ err = os.NewSyscallError("wsarecv", eno)
+ }
+ return 0, conn.opErr("read", err)
+ } else if n == 0 {
+ err = io.EOF
+ }
+ return n, err
+}
+
+func (conn *HvsockConn) Write(b []byte) (int, error) {
+ t := 0
+ for len(b) != 0 {
+ n, err := conn.write(b)
+ if err != nil {
+ return t + n, err
+ }
+ t += n
+ b = b[n:]
+ }
+ return t, nil
+}
+
+func (conn *HvsockConn) write(b []byte) (int, error) {
+ c, err := conn.sock.prepareIO()
+ if err != nil {
+ return 0, conn.opErr("write", err)
+ }
+ defer conn.sock.wg.Done()
+ buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
+ var bytes uint32
+ err = syscall.WSASend(conn.sock.handle, &buf, 1, &bytes, 0, &c.o, nil)
+ n, err := conn.sock.asyncIO(c, &conn.sock.writeDeadline, bytes, err)
+ if err != nil {
+ var eno windows.Errno
+ if errors.As(err, &eno) {
+ err = os.NewSyscallError("wsasend", eno)
+ }
+ return 0, conn.opErr("write", err)
+ }
+ return n, err
+}
+
+// Close closes the socket connection, failing any pending read or write calls.
+func (conn *HvsockConn) Close() error {
+ return conn.sock.Close()
+}
+
+func (conn *HvsockConn) IsClosed() bool {
+ return conn.sock.IsClosed()
+}
+
+// shutdown disables sending or receiving on a socket.
+func (conn *HvsockConn) shutdown(how int) error {
+ if conn.IsClosed() {
+ return socket.ErrSocketClosed
+ }
+
+ err := syscall.Shutdown(conn.sock.handle, how)
+ if err != nil {
+ // If the connection was closed, shutdowns fail with "not connected"
+ if errors.Is(err, windows.WSAENOTCONN) ||
+ errors.Is(err, windows.WSAESHUTDOWN) {
+ err = socket.ErrSocketClosed
+ }
+ return os.NewSyscallError("shutdown", err)
+ }
+ return nil
+}
+
+// CloseRead shuts down the read end of the socket, preventing future read operations.
+func (conn *HvsockConn) CloseRead() error {
+ err := conn.shutdown(syscall.SHUT_RD)
+ if err != nil {
+ return conn.opErr("closeread", err)
+ }
+ return nil
+}
+
+// CloseWrite shuts down the write end of the socket, preventing future write operations and
+// notifying the other endpoint that no more data will be written.
+func (conn *HvsockConn) CloseWrite() error {
+ err := conn.shutdown(syscall.SHUT_WR)
+ if err != nil {
+ return conn.opErr("closewrite", err)
+ }
+ return nil
+}
+
+// LocalAddr returns the local address of the connection.
+func (conn *HvsockConn) LocalAddr() net.Addr {
+ return &conn.local
+}
+
+// RemoteAddr returns the remote address of the connection.
+func (conn *HvsockConn) RemoteAddr() net.Addr {
+ return &conn.remote
+}
+
+// SetDeadline implements the net.Conn SetDeadline method.
+func (conn *HvsockConn) SetDeadline(t time.Time) error {
+ // todo: implement `SetDeadline` for `win32File`
+ if err := conn.SetReadDeadline(t); err != nil {
+ return fmt.Errorf("set read deadline: %w", err)
+ }
+ if err := conn.SetWriteDeadline(t); err != nil {
+ return fmt.Errorf("set write deadline: %w", err)
+ }
+ return nil
+}
+
+// SetReadDeadline implements the net.Conn SetReadDeadline method.
+func (conn *HvsockConn) SetReadDeadline(t time.Time) error {
+ return conn.sock.SetReadDeadline(t)
+}
+
+// SetWriteDeadline implements the net.Conn SetWriteDeadline method.
+func (conn *HvsockConn) SetWriteDeadline(t time.Time) error {
+ return conn.sock.SetWriteDeadline(t)
+}
diff --git a/vendor/github.com/Microsoft/go-winio/internal/fs/doc.go b/vendor/github.com/Microsoft/go-winio/internal/fs/doc.go
new file mode 100644
index 000000000..1f6538817
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/doc.go
@@ -0,0 +1,2 @@
+// This package contains Win32 filesystem functionality.
+package fs
diff --git a/vendor/github.com/Microsoft/go-winio/internal/fs/fs.go b/vendor/github.com/Microsoft/go-winio/internal/fs/fs.go
new file mode 100644
index 000000000..509b3ec64
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/fs.go
@@ -0,0 +1,202 @@
+//go:build windows
+
+package fs
+
+import (
+ "golang.org/x/sys/windows"
+
+ "github.com/Microsoft/go-winio/internal/stringbuffer"
+)
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go fs.go
+
+// https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew
+//sys CreateFile(name string, access AccessMask, mode FileShareMode, sa *syscall.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) [failretval==windows.InvalidHandle] = CreateFileW
+
+const NullHandle windows.Handle = 0
+
+// AccessMask defines standard, specific, and generic rights.
+//
+// Bitmask:
+// 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
+// 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+// +---------------+---------------+-------------------------------+
+// |G|G|G|G|Resvd|A| StandardRights| SpecificRights |
+// |R|W|E|A| |S| | |
+// +-+-------------+---------------+-------------------------------+
+//
+// GR Generic Read
+// GW Generic Write
+// GE Generic Exectue
+// GA Generic All
+// Resvd Reserved
+// AS Access Security System
+//
+// https://learn.microsoft.com/en-us/windows/win32/secauthz/access-mask
+//
+// https://learn.microsoft.com/en-us/windows/win32/secauthz/generic-access-rights
+//
+// https://learn.microsoft.com/en-us/windows/win32/fileio/file-access-rights-constants
+type AccessMask = windows.ACCESS_MASK
+
+//nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
+const (
+ // Not actually any.
+ //
+ // For CreateFile: "query certain metadata such as file, directory, or device attributes without accessing that file or device"
+ // https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew#parameters
+ FILE_ANY_ACCESS AccessMask = 0
+
+ // Specific Object Access
+ // from ntioapi.h
+
+ FILE_READ_DATA AccessMask = (0x0001) // file & pipe
+ FILE_LIST_DIRECTORY AccessMask = (0x0001) // directory
+
+ FILE_WRITE_DATA AccessMask = (0x0002) // file & pipe
+ FILE_ADD_FILE AccessMask = (0x0002) // directory
+
+ FILE_APPEND_DATA AccessMask = (0x0004) // file
+ FILE_ADD_SUBDIRECTORY AccessMask = (0x0004) // directory
+ FILE_CREATE_PIPE_INSTANCE AccessMask = (0x0004) // named pipe
+
+ FILE_READ_EA AccessMask = (0x0008) // file & directory
+ FILE_READ_PROPERTIES AccessMask = FILE_READ_EA
+
+ FILE_WRITE_EA AccessMask = (0x0010) // file & directory
+ FILE_WRITE_PROPERTIES AccessMask = FILE_WRITE_EA
+
+ FILE_EXECUTE AccessMask = (0x0020) // file
+ FILE_TRAVERSE AccessMask = (0x0020) // directory
+
+ FILE_DELETE_CHILD AccessMask = (0x0040) // directory
+
+ FILE_READ_ATTRIBUTES AccessMask = (0x0080) // all
+
+ FILE_WRITE_ATTRIBUTES AccessMask = (0x0100) // all
+
+ FILE_ALL_ACCESS AccessMask = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
+ FILE_GENERIC_READ AccessMask = (STANDARD_RIGHTS_READ | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE)
+ FILE_GENERIC_WRITE AccessMask = (STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE)
+ FILE_GENERIC_EXECUTE AccessMask = (STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE)
+
+ SPECIFIC_RIGHTS_ALL AccessMask = 0x0000FFFF
+
+ // Standard Access
+ // from ntseapi.h
+
+ DELETE AccessMask = 0x0001_0000
+ READ_CONTROL AccessMask = 0x0002_0000
+ WRITE_DAC AccessMask = 0x0004_0000
+ WRITE_OWNER AccessMask = 0x0008_0000
+ SYNCHRONIZE AccessMask = 0x0010_0000
+
+ STANDARD_RIGHTS_REQUIRED AccessMask = 0x000F_0000
+
+ STANDARD_RIGHTS_READ AccessMask = READ_CONTROL
+ STANDARD_RIGHTS_WRITE AccessMask = READ_CONTROL
+ STANDARD_RIGHTS_EXECUTE AccessMask = READ_CONTROL
+
+ STANDARD_RIGHTS_ALL AccessMask = 0x001F_0000
+)
+
+type FileShareMode uint32
+
+//nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
+const (
+ FILE_SHARE_NONE FileShareMode = 0x00
+ FILE_SHARE_READ FileShareMode = 0x01
+ FILE_SHARE_WRITE FileShareMode = 0x02
+ FILE_SHARE_DELETE FileShareMode = 0x04
+ FILE_SHARE_VALID_FLAGS FileShareMode = 0x07
+)
+
+type FileCreationDisposition uint32
+
+//nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
+const (
+ // from winbase.h
+
+ CREATE_NEW FileCreationDisposition = 0x01
+ CREATE_ALWAYS FileCreationDisposition = 0x02
+ OPEN_EXISTING FileCreationDisposition = 0x03
+ OPEN_ALWAYS FileCreationDisposition = 0x04
+ TRUNCATE_EXISTING FileCreationDisposition = 0x05
+)
+
+// CreateFile and co. take flags or attributes together as one parameter.
+// Define alias until we can use generics to allow both
+
+// https://learn.microsoft.com/en-us/windows/win32/fileio/file-attribute-constants
+type FileFlagOrAttribute uint32
+
+//nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
+const ( // from winnt.h
+ FILE_FLAG_WRITE_THROUGH FileFlagOrAttribute = 0x8000_0000
+ FILE_FLAG_OVERLAPPED FileFlagOrAttribute = 0x4000_0000
+ FILE_FLAG_NO_BUFFERING FileFlagOrAttribute = 0x2000_0000
+ FILE_FLAG_RANDOM_ACCESS FileFlagOrAttribute = 0x1000_0000
+ FILE_FLAG_SEQUENTIAL_SCAN FileFlagOrAttribute = 0x0800_0000
+ FILE_FLAG_DELETE_ON_CLOSE FileFlagOrAttribute = 0x0400_0000
+ FILE_FLAG_BACKUP_SEMANTICS FileFlagOrAttribute = 0x0200_0000
+ FILE_FLAG_POSIX_SEMANTICS FileFlagOrAttribute = 0x0100_0000
+ FILE_FLAG_OPEN_REPARSE_POINT FileFlagOrAttribute = 0x0020_0000
+ FILE_FLAG_OPEN_NO_RECALL FileFlagOrAttribute = 0x0010_0000
+ FILE_FLAG_FIRST_PIPE_INSTANCE FileFlagOrAttribute = 0x0008_0000
+)
+
+type FileSQSFlag = FileFlagOrAttribute
+
+//nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
+const ( // from winbase.h
+ SECURITY_ANONYMOUS FileSQSFlag = FileSQSFlag(SecurityAnonymous << 16)
+ SECURITY_IDENTIFICATION FileSQSFlag = FileSQSFlag(SecurityIdentification << 16)
+ SECURITY_IMPERSONATION FileSQSFlag = FileSQSFlag(SecurityImpersonation << 16)
+ SECURITY_DELEGATION FileSQSFlag = FileSQSFlag(SecurityDelegation << 16)
+
+ SECURITY_SQOS_PRESENT FileSQSFlag = 0x00100000
+ SECURITY_VALID_SQOS_FLAGS FileSQSFlag = 0x001F0000
+)
+
+// GetFinalPathNameByHandle flags
+//
+// https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getfinalpathnamebyhandlew#parameters
+type GetFinalPathFlag uint32
+
+//nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
+const (
+ GetFinalPathDefaultFlag GetFinalPathFlag = 0x0
+
+ FILE_NAME_NORMALIZED GetFinalPathFlag = 0x0
+ FILE_NAME_OPENED GetFinalPathFlag = 0x8
+
+ VOLUME_NAME_DOS GetFinalPathFlag = 0x0
+ VOLUME_NAME_GUID GetFinalPathFlag = 0x1
+ VOLUME_NAME_NT GetFinalPathFlag = 0x2
+ VOLUME_NAME_NONE GetFinalPathFlag = 0x4
+)
+
+// getFinalPathNameByHandle facilitates calling the Windows API GetFinalPathNameByHandle
+// with the given handle and flags. It transparently takes care of creating a buffer of the
+// correct size for the call.
+//
+// https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getfinalpathnamebyhandlew
+func GetFinalPathNameByHandle(h windows.Handle, flags GetFinalPathFlag) (string, error) {
+ b := stringbuffer.NewWString()
+ //TODO: can loop infinitely if Win32 keeps returning the same (or a larger) n?
+ for {
+ n, err := windows.GetFinalPathNameByHandle(h, b.Pointer(), b.Cap(), uint32(flags))
+ if err != nil {
+ return "", err
+ }
+ // If the buffer wasn't large enough, n will be the total size needed (including null terminator).
+ // Resize and try again.
+ if n > b.Cap() {
+ b.ResizeTo(n)
+ continue
+ }
+ // If the buffer is large enough, n will be the size not including the null terminator.
+ // Convert to a Go string and return.
+ return b.String(), nil
+ }
+}
diff --git a/vendor/github.com/Microsoft/go-winio/internal/fs/security.go b/vendor/github.com/Microsoft/go-winio/internal/fs/security.go
new file mode 100644
index 000000000..81760ac67
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/security.go
@@ -0,0 +1,12 @@
+package fs
+
+// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ne-winnt-security_impersonation_level
+type SecurityImpersonationLevel int32 // C default enums underlying type is `int`, which is Go `int32`
+
+// Impersonation levels
+const (
+ SecurityAnonymous SecurityImpersonationLevel = 0
+ SecurityIdentification SecurityImpersonationLevel = 1
+ SecurityImpersonation SecurityImpersonationLevel = 2
+ SecurityDelegation SecurityImpersonationLevel = 3
+)
diff --git a/vendor/github.com/Microsoft/go-winio/internal/fs/zsyscall_windows.go b/vendor/github.com/Microsoft/go-winio/internal/fs/zsyscall_windows.go
new file mode 100644
index 000000000..e2f7bb24e
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/zsyscall_windows.go
@@ -0,0 +1,64 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package fs
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+
+ procCreateFileW = modkernel32.NewProc("CreateFileW")
+)
+
+func CreateFile(name string, access AccessMask, mode FileShareMode, sa *syscall.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) {
+ var _p0 *uint16
+ _p0, err = syscall.UTF16PtrFromString(name)
+ if err != nil {
+ return
+ }
+ return _CreateFile(_p0, access, mode, sa, createmode, attrs, templatefile)
+}
+
+func _CreateFile(name *uint16, access AccessMask, mode FileShareMode, sa *syscall.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) {
+ r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0)
+ handle = windows.Handle(r0)
+ if handle == windows.InvalidHandle {
+ err = errnoErr(e1)
+ }
+ return
+}
diff --git a/vendor/github.com/Microsoft/go-winio/internal/socket/rawaddr.go b/vendor/github.com/Microsoft/go-winio/internal/socket/rawaddr.go
new file mode 100644
index 000000000..7e82f9afa
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/internal/socket/rawaddr.go
@@ -0,0 +1,20 @@
+package socket
+
+import (
+ "unsafe"
+)
+
+// RawSockaddr allows structs to be used with [Bind] and [ConnectEx]. The
+// struct must meet the Win32 sockaddr requirements specified here:
+// https://docs.microsoft.com/en-us/windows/win32/winsock/sockaddr-2
+//
+// Specifically, the struct size must be least larger than an int16 (unsigned short)
+// for the address family.
+type RawSockaddr interface {
+ // Sockaddr returns a pointer to the RawSockaddr and its struct size, allowing
+ // for the RawSockaddr's data to be overwritten by syscalls (if necessary).
+ //
+ // It is the callers responsibility to validate that the values are valid; invalid
+ // pointers or size can cause a panic.
+ Sockaddr() (unsafe.Pointer, int32, error)
+}
diff --git a/vendor/github.com/Microsoft/go-winio/internal/socket/socket.go b/vendor/github.com/Microsoft/go-winio/internal/socket/socket.go
new file mode 100644
index 000000000..aeb7b7250
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/internal/socket/socket.go
@@ -0,0 +1,179 @@
+//go:build windows
+
+package socket
+
+import (
+ "errors"
+ "fmt"
+ "net"
+ "sync"
+ "syscall"
+ "unsafe"
+
+ "github.com/Microsoft/go-winio/pkg/guid"
+ "golang.org/x/sys/windows"
+)
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go socket.go
+
+//sys getsockname(s windows.Handle, name unsafe.Pointer, namelen *int32) (err error) [failretval==socketError] = ws2_32.getsockname
+//sys getpeername(s windows.Handle, name unsafe.Pointer, namelen *int32) (err error) [failretval==socketError] = ws2_32.getpeername
+//sys bind(s windows.Handle, name unsafe.Pointer, namelen int32) (err error) [failretval==socketError] = ws2_32.bind
+
+const socketError = uintptr(^uint32(0))
+
+var (
+ // todo(helsaawy): create custom error types to store the desired vs actual size and addr family?
+
+ ErrBufferSize = errors.New("buffer size")
+ ErrAddrFamily = errors.New("address family")
+ ErrInvalidPointer = errors.New("invalid pointer")
+ ErrSocketClosed = fmt.Errorf("socket closed: %w", net.ErrClosed)
+)
+
+// todo(helsaawy): replace these with generics, ie: GetSockName[S RawSockaddr](s windows.Handle) (S, error)
+
+// GetSockName writes the local address of socket s to the [RawSockaddr] rsa.
+// If rsa is not large enough, the [windows.WSAEFAULT] is returned.
+func GetSockName(s windows.Handle, rsa RawSockaddr) error {
+ ptr, l, err := rsa.Sockaddr()
+ if err != nil {
+ return fmt.Errorf("could not retrieve socket pointer and size: %w", err)
+ }
+
+ // although getsockname returns WSAEFAULT if the buffer is too small, it does not set
+ // &l to the correct size, so--apart from doubling the buffer repeatedly--there is no remedy
+ return getsockname(s, ptr, &l)
+}
+
+// GetPeerName returns the remote address the socket is connected to.
+//
+// See [GetSockName] for more information.
+func GetPeerName(s windows.Handle, rsa RawSockaddr) error {
+ ptr, l, err := rsa.Sockaddr()
+ if err != nil {
+ return fmt.Errorf("could not retrieve socket pointer and size: %w", err)
+ }
+
+ return getpeername(s, ptr, &l)
+}
+
+func Bind(s windows.Handle, rsa RawSockaddr) (err error) {
+ ptr, l, err := rsa.Sockaddr()
+ if err != nil {
+ return fmt.Errorf("could not retrieve socket pointer and size: %w", err)
+ }
+
+ return bind(s, ptr, l)
+}
+
+// "golang.org/x/sys/windows".ConnectEx and .Bind only accept internal implementations of the
+// their sockaddr interface, so they cannot be used with HvsockAddr
+// Replicate functionality here from
+// https://cs.opensource.google/go/x/sys/+/master:windows/syscall_windows.go
+
+// The function pointers to `AcceptEx`, `ConnectEx` and `GetAcceptExSockaddrs` must be loaded at
+// runtime via a WSAIoctl call:
+// https://docs.microsoft.com/en-us/windows/win32/api/Mswsock/nc-mswsock-lpfn_connectex#remarks
+
+type runtimeFunc struct {
+ id guid.GUID
+ once sync.Once
+ addr uintptr
+ err error
+}
+
+func (f *runtimeFunc) Load() error {
+ f.once.Do(func() {
+ var s windows.Handle
+ s, f.err = windows.Socket(windows.AF_INET, windows.SOCK_STREAM, windows.IPPROTO_TCP)
+ if f.err != nil {
+ return
+ }
+ defer windows.CloseHandle(s) //nolint:errcheck
+
+ var n uint32
+ f.err = windows.WSAIoctl(s,
+ windows.SIO_GET_EXTENSION_FUNCTION_POINTER,
+ (*byte)(unsafe.Pointer(&f.id)),
+ uint32(unsafe.Sizeof(f.id)),
+ (*byte)(unsafe.Pointer(&f.addr)),
+ uint32(unsafe.Sizeof(f.addr)),
+ &n,
+ nil, // overlapped
+ 0, // completionRoutine
+ )
+ })
+ return f.err
+}
+
+var (
+ // todo: add `AcceptEx` and `GetAcceptExSockaddrs`
+ WSAID_CONNECTEX = guid.GUID{ //revive:disable-line:var-naming ALL_CAPS
+ Data1: 0x25a207b9,
+ Data2: 0xddf3,
+ Data3: 0x4660,
+ Data4: [8]byte{0x8e, 0xe9, 0x76, 0xe5, 0x8c, 0x74, 0x06, 0x3e},
+ }
+
+ connectExFunc = runtimeFunc{id: WSAID_CONNECTEX}
+)
+
+func ConnectEx(
+ fd windows.Handle,
+ rsa RawSockaddr,
+ sendBuf *byte,
+ sendDataLen uint32,
+ bytesSent *uint32,
+ overlapped *windows.Overlapped,
+) error {
+ if err := connectExFunc.Load(); err != nil {
+ return fmt.Errorf("failed to load ConnectEx function pointer: %w", err)
+ }
+ ptr, n, err := rsa.Sockaddr()
+ if err != nil {
+ return err
+ }
+ return connectEx(fd, ptr, n, sendBuf, sendDataLen, bytesSent, overlapped)
+}
+
+// BOOL LpfnConnectex(
+// [in] SOCKET s,
+// [in] const sockaddr *name,
+// [in] int namelen,
+// [in, optional] PVOID lpSendBuffer,
+// [in] DWORD dwSendDataLength,
+// [out] LPDWORD lpdwBytesSent,
+// [in] LPOVERLAPPED lpOverlapped
+// )
+
+func connectEx(
+ s windows.Handle,
+ name unsafe.Pointer,
+ namelen int32,
+ sendBuf *byte,
+ sendDataLen uint32,
+ bytesSent *uint32,
+ overlapped *windows.Overlapped,
+) (err error) {
+ // todo: after upgrading to 1.18, switch from syscall.Syscall9 to syscall.SyscallN
+ r1, _, e1 := syscall.Syscall9(connectExFunc.addr,
+ 7,
+ uintptr(s),
+ uintptr(name),
+ uintptr(namelen),
+ uintptr(unsafe.Pointer(sendBuf)),
+ uintptr(sendDataLen),
+ uintptr(unsafe.Pointer(bytesSent)),
+ uintptr(unsafe.Pointer(overlapped)),
+ 0,
+ 0)
+ if r1 == 0 {
+ if e1 != 0 {
+ err = error(e1)
+ } else {
+ err = syscall.EINVAL
+ }
+ }
+ return err
+}
diff --git a/vendor/github.com/Microsoft/go-winio/internal/socket/zsyscall_windows.go b/vendor/github.com/Microsoft/go-winio/internal/socket/zsyscall_windows.go
new file mode 100644
index 000000000..6d2e1a9e4
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/internal/socket/zsyscall_windows.go
@@ -0,0 +1,72 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package socket
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modws2_32 = windows.NewLazySystemDLL("ws2_32.dll")
+
+ procbind = modws2_32.NewProc("bind")
+ procgetpeername = modws2_32.NewProc("getpeername")
+ procgetsockname = modws2_32.NewProc("getsockname")
+)
+
+func bind(s windows.Handle, name unsafe.Pointer, namelen int32) (err error) {
+ r1, _, e1 := syscall.Syscall(procbind.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
+ if r1 == socketError {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func getpeername(s windows.Handle, name unsafe.Pointer, namelen *int32) (err error) {
+ r1, _, e1 := syscall.Syscall(procgetpeername.Addr(), 3, uintptr(s), uintptr(name), uintptr(unsafe.Pointer(namelen)))
+ if r1 == socketError {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func getsockname(s windows.Handle, name unsafe.Pointer, namelen *int32) (err error) {
+ r1, _, e1 := syscall.Syscall(procgetsockname.Addr(), 3, uintptr(s), uintptr(name), uintptr(unsafe.Pointer(namelen)))
+ if r1 == socketError {
+ err = errnoErr(e1)
+ }
+ return
+}
diff --git a/vendor/github.com/Microsoft/go-winio/internal/stringbuffer/wstring.go b/vendor/github.com/Microsoft/go-winio/internal/stringbuffer/wstring.go
new file mode 100644
index 000000000..7ad505702
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/internal/stringbuffer/wstring.go
@@ -0,0 +1,132 @@
+package stringbuffer
+
+import (
+ "sync"
+ "unicode/utf16"
+)
+
+// TODO: worth exporting and using in mkwinsyscall?
+
+// Uint16BufferSize is the buffer size in the pool, chosen somewhat arbitrarily to accommodate
+// large path strings:
+// MAX_PATH (260) + size of volume GUID prefix (49) + null terminator = 310.
+const MinWStringCap = 310
+
+// use *[]uint16 since []uint16 creates an extra allocation where the slice header
+// is copied to heap and then referenced via pointer in the interface header that sync.Pool
+// stores.
+var pathPool = sync.Pool{ // if go1.18+ adds Pool[T], use that to store []uint16 directly
+ New: func() interface{} {
+ b := make([]uint16, MinWStringCap)
+ return &b
+ },
+}
+
+func newBuffer() []uint16 { return *(pathPool.Get().(*[]uint16)) }
+
+// freeBuffer copies the slice header data, and puts a pointer to that in the pool.
+// This avoids taking a pointer to the slice header in WString, which can be set to nil.
+func freeBuffer(b []uint16) { pathPool.Put(&b) }
+
+// WString is a wide string buffer ([]uint16) meant for storing UTF-16 encoded strings
+// for interacting with Win32 APIs.
+// Sizes are specified as uint32 and not int.
+//
+// It is not thread safe.
+type WString struct {
+ // type-def allows casting to []uint16 directly, use struct to prevent that and allow adding fields in the future.
+
+ // raw buffer
+ b []uint16
+}
+
+// NewWString returns a [WString] allocated from a shared pool with an
+// initial capacity of at least [MinWStringCap].
+// Since the buffer may have been previously used, its contents are not guaranteed to be empty.
+//
+// The buffer should be freed via [WString.Free]
+func NewWString() *WString {
+ return &WString{
+ b: newBuffer(),
+ }
+}
+
+func (b *WString) Free() {
+ if b.empty() {
+ return
+ }
+ freeBuffer(b.b)
+ b.b = nil
+}
+
+// ResizeTo grows the buffer to at least c and returns the new capacity, freeing the
+// previous buffer back into pool.
+func (b *WString) ResizeTo(c uint32) uint32 {
+ // allready sufficient (or n is 0)
+ if c <= b.Cap() {
+ return b.Cap()
+ }
+
+ if c <= MinWStringCap {
+ c = MinWStringCap
+ }
+ // allocate at-least double buffer size, as is done in [bytes.Buffer] and other places
+ if c <= 2*b.Cap() {
+ c = 2 * b.Cap()
+ }
+
+ b2 := make([]uint16, c)
+ if !b.empty() {
+ copy(b2, b.b)
+ freeBuffer(b.b)
+ }
+ b.b = b2
+ return c
+}
+
+// Buffer returns the underlying []uint16 buffer.
+func (b *WString) Buffer() []uint16 {
+ if b.empty() {
+ return nil
+ }
+ return b.b
+}
+
+// Pointer returns a pointer to the first uint16 in the buffer.
+// If the [WString.Free] has already been called, the pointer will be nil.
+func (b *WString) Pointer() *uint16 {
+ if b.empty() {
+ return nil
+ }
+ return &b.b[0]
+}
+
+// String returns the returns the UTF-8 encoding of the UTF-16 string in the buffer.
+//
+// It assumes that the data is null-terminated.
+func (b *WString) String() string {
+ // Using [windows.UTF16ToString] would require importing "golang.org/x/sys/windows"
+ // and would make this code Windows-only, which makes no sense.
+ // So copy UTF16ToString code into here.
+ // If other windows-specific code is added, switch to [windows.UTF16ToString]
+
+ s := b.b
+ for i, v := range s {
+ if v == 0 {
+ s = s[:i]
+ break
+ }
+ }
+ return string(utf16.Decode(s))
+}
+
+// Cap returns the underlying buffer capacity.
+func (b *WString) Cap() uint32 {
+ if b.empty() {
+ return 0
+ }
+ return b.cap()
+}
+
+func (b *WString) cap() uint32 { return uint32(cap(b.b)) }
+func (b *WString) empty() bool { return b == nil || b.cap() == 0 }
diff --git a/vendor/github.com/Microsoft/go-winio/pipe.go b/vendor/github.com/Microsoft/go-winio/pipe.go
new file mode 100644
index 000000000..25cc81103
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pipe.go
@@ -0,0 +1,525 @@
+//go:build windows
+// +build windows
+
+package winio
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "io"
+ "net"
+ "os"
+ "runtime"
+ "syscall"
+ "time"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+
+ "github.com/Microsoft/go-winio/internal/fs"
+)
+
+//sys connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) = ConnectNamedPipe
+//sys createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) [failretval==syscall.InvalidHandle] = CreateNamedPipeW
+//sys getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) = GetNamedPipeInfo
+//sys getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW
+//sys localAlloc(uFlags uint32, length uint32) (ptr uintptr) = LocalAlloc
+//sys ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntStatus) = ntdll.NtCreateNamedPipeFile
+//sys rtlNtStatusToDosError(status ntStatus) (winerr error) = ntdll.RtlNtStatusToDosErrorNoTeb
+//sys rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntStatus) = ntdll.RtlDosPathNameToNtPathName_U
+//sys rtlDefaultNpAcl(dacl *uintptr) (status ntStatus) = ntdll.RtlDefaultNpAcl
+
+type ioStatusBlock struct {
+ Status, Information uintptr
+}
+
+type objectAttributes struct {
+ Length uintptr
+ RootDirectory uintptr
+ ObjectName *unicodeString
+ Attributes uintptr
+ SecurityDescriptor *securityDescriptor
+ SecurityQoS uintptr
+}
+
+type unicodeString struct {
+ Length uint16
+ MaximumLength uint16
+ Buffer uintptr
+}
+
+type securityDescriptor struct {
+ Revision byte
+ Sbz1 byte
+ Control uint16
+ Owner uintptr
+ Group uintptr
+ Sacl uintptr //revive:disable-line:var-naming SACL, not Sacl
+ Dacl uintptr //revive:disable-line:var-naming DACL, not Dacl
+}
+
+type ntStatus int32
+
+func (status ntStatus) Err() error {
+ if status >= 0 {
+ return nil
+ }
+ return rtlNtStatusToDosError(status)
+}
+
+var (
+ // ErrPipeListenerClosed is returned for pipe operations on listeners that have been closed.
+ ErrPipeListenerClosed = net.ErrClosed
+
+ errPipeWriteClosed = errors.New("pipe has been closed for write")
+)
+
+type win32Pipe struct {
+ *win32File
+ path string
+}
+
+type win32MessageBytePipe struct {
+ win32Pipe
+ writeClosed bool
+ readEOF bool
+}
+
+type pipeAddress string
+
+func (f *win32Pipe) LocalAddr() net.Addr {
+ return pipeAddress(f.path)
+}
+
+func (f *win32Pipe) RemoteAddr() net.Addr {
+ return pipeAddress(f.path)
+}
+
+func (f *win32Pipe) SetDeadline(t time.Time) error {
+ if err := f.SetReadDeadline(t); err != nil {
+ return err
+ }
+ return f.SetWriteDeadline(t)
+}
+
+// CloseWrite closes the write side of a message pipe in byte mode.
+func (f *win32MessageBytePipe) CloseWrite() error {
+ if f.writeClosed {
+ return errPipeWriteClosed
+ }
+ err := f.win32File.Flush()
+ if err != nil {
+ return err
+ }
+ _, err = f.win32File.Write(nil)
+ if err != nil {
+ return err
+ }
+ f.writeClosed = true
+ return nil
+}
+
+// Write writes bytes to a message pipe in byte mode. Zero-byte writes are ignored, since
+// they are used to implement CloseWrite().
+func (f *win32MessageBytePipe) Write(b []byte) (int, error) {
+ if f.writeClosed {
+ return 0, errPipeWriteClosed
+ }
+ if len(b) == 0 {
+ return 0, nil
+ }
+ return f.win32File.Write(b)
+}
+
+// Read reads bytes from a message pipe in byte mode. A read of a zero-byte message on a message
+// mode pipe will return io.EOF, as will all subsequent reads.
+func (f *win32MessageBytePipe) Read(b []byte) (int, error) {
+ if f.readEOF {
+ return 0, io.EOF
+ }
+ n, err := f.win32File.Read(b)
+ if err == io.EOF { //nolint:errorlint
+ // If this was the result of a zero-byte read, then
+ // it is possible that the read was due to a zero-size
+ // message. Since we are simulating CloseWrite with a
+ // zero-byte message, ensure that all future Read() calls
+ // also return EOF.
+ f.readEOF = true
+ } else if err == syscall.ERROR_MORE_DATA { //nolint:errorlint // err is Errno
+ // ERROR_MORE_DATA indicates that the pipe's read mode is message mode
+ // and the message still has more bytes. Treat this as a success, since
+ // this package presents all named pipes as byte streams.
+ err = nil
+ }
+ return n, err
+}
+
+func (pipeAddress) Network() string {
+ return "pipe"
+}
+
+func (s pipeAddress) String() string {
+ return string(s)
+}
+
+// tryDialPipe attempts to dial the pipe at `path` until `ctx` cancellation or timeout.
+func tryDialPipe(ctx context.Context, path *string, access fs.AccessMask) (syscall.Handle, error) {
+ for {
+ select {
+ case <-ctx.Done():
+ return syscall.Handle(0), ctx.Err()
+ default:
+ wh, err := fs.CreateFile(*path,
+ access,
+ 0, // mode
+ nil, // security attributes
+ fs.OPEN_EXISTING,
+ fs.FILE_FLAG_OVERLAPPED|fs.SECURITY_SQOS_PRESENT|fs.SECURITY_ANONYMOUS,
+ 0, // template file handle
+ )
+ h := syscall.Handle(wh)
+ if err == nil {
+ return h, nil
+ }
+ if err != windows.ERROR_PIPE_BUSY { //nolint:errorlint // err is Errno
+ return h, &os.PathError{Err: err, Op: "open", Path: *path}
+ }
+ // Wait 10 msec and try again. This is a rather simplistic
+ // view, as we always try each 10 milliseconds.
+ time.Sleep(10 * time.Millisecond)
+ }
+ }
+}
+
+// DialPipe connects to a named pipe by path, timing out if the connection
+// takes longer than the specified duration. If timeout is nil, then we use
+// a default timeout of 2 seconds. (We do not use WaitNamedPipe.)
+func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
+ var absTimeout time.Time
+ if timeout != nil {
+ absTimeout = time.Now().Add(*timeout)
+ } else {
+ absTimeout = time.Now().Add(2 * time.Second)
+ }
+ ctx, cancel := context.WithDeadline(context.Background(), absTimeout)
+ defer cancel()
+ conn, err := DialPipeContext(ctx, path)
+ if errors.Is(err, context.DeadlineExceeded) {
+ return nil, ErrTimeout
+ }
+ return conn, err
+}
+
+// DialPipeContext attempts to connect to a named pipe by `path` until `ctx`
+// cancellation or timeout.
+func DialPipeContext(ctx context.Context, path string) (net.Conn, error) {
+ return DialPipeAccess(ctx, path, syscall.GENERIC_READ|syscall.GENERIC_WRITE)
+}
+
+// DialPipeAccess attempts to connect to a named pipe by `path` with `access` until `ctx`
+// cancellation or timeout.
+func DialPipeAccess(ctx context.Context, path string, access uint32) (net.Conn, error) {
+ var err error
+ var h syscall.Handle
+ h, err = tryDialPipe(ctx, &path, fs.AccessMask(access))
+ if err != nil {
+ return nil, err
+ }
+
+ var flags uint32
+ err = getNamedPipeInfo(h, &flags, nil, nil, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ f, err := makeWin32File(h)
+ if err != nil {
+ syscall.Close(h)
+ return nil, err
+ }
+
+ // If the pipe is in message mode, return a message byte pipe, which
+ // supports CloseWrite().
+ if flags&windows.PIPE_TYPE_MESSAGE != 0 {
+ return &win32MessageBytePipe{
+ win32Pipe: win32Pipe{win32File: f, path: path},
+ }, nil
+ }
+ return &win32Pipe{win32File: f, path: path}, nil
+}
+
+type acceptResponse struct {
+ f *win32File
+ err error
+}
+
+type win32PipeListener struct {
+ firstHandle syscall.Handle
+ path string
+ config PipeConfig
+ acceptCh chan (chan acceptResponse)
+ closeCh chan int
+ doneCh chan int
+}
+
+func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (syscall.Handle, error) {
+ path16, err := syscall.UTF16FromString(path)
+ if err != nil {
+ return 0, &os.PathError{Op: "open", Path: path, Err: err}
+ }
+
+ var oa objectAttributes
+ oa.Length = unsafe.Sizeof(oa)
+
+ var ntPath unicodeString
+ if err := rtlDosPathNameToNtPathName(&path16[0],
+ &ntPath,
+ 0,
+ 0,
+ ).Err(); err != nil {
+ return 0, &os.PathError{Op: "open", Path: path, Err: err}
+ }
+ defer localFree(ntPath.Buffer)
+ oa.ObjectName = &ntPath
+ oa.Attributes = windows.OBJ_CASE_INSENSITIVE
+
+ // The security descriptor is only needed for the first pipe.
+ if first {
+ if sd != nil {
+ l := uint32(len(sd))
+ sdb := localAlloc(0, l)
+ defer localFree(sdb)
+ copy((*[0xffff]byte)(unsafe.Pointer(sdb))[:], sd)
+ oa.SecurityDescriptor = (*securityDescriptor)(unsafe.Pointer(sdb))
+ } else {
+ // Construct the default named pipe security descriptor.
+ var dacl uintptr
+ if err := rtlDefaultNpAcl(&dacl).Err(); err != nil {
+ return 0, fmt.Errorf("getting default named pipe ACL: %w", err)
+ }
+ defer localFree(dacl)
+
+ sdb := &securityDescriptor{
+ Revision: 1,
+ Control: windows.SE_DACL_PRESENT,
+ Dacl: dacl,
+ }
+ oa.SecurityDescriptor = sdb
+ }
+ }
+
+ typ := uint32(windows.FILE_PIPE_REJECT_REMOTE_CLIENTS)
+ if c.MessageMode {
+ typ |= windows.FILE_PIPE_MESSAGE_TYPE
+ }
+
+ disposition := uint32(windows.FILE_OPEN)
+ access := uint32(syscall.GENERIC_READ | syscall.GENERIC_WRITE | syscall.SYNCHRONIZE)
+ if first {
+ disposition = windows.FILE_CREATE
+ // By not asking for read or write access, the named pipe file system
+ // will put this pipe into an initially disconnected state, blocking
+ // client connections until the next call with first == false.
+ access = syscall.SYNCHRONIZE
+ }
+
+ timeout := int64(-50 * 10000) // 50ms
+
+ var (
+ h syscall.Handle
+ iosb ioStatusBlock
+ )
+ err = ntCreateNamedPipeFile(&h,
+ access,
+ &oa,
+ &iosb,
+ syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE,
+ disposition,
+ 0,
+ typ,
+ 0,
+ 0,
+ 0xffffffff,
+ uint32(c.InputBufferSize),
+ uint32(c.OutputBufferSize),
+ &timeout).Err()
+ if err != nil {
+ return 0, &os.PathError{Op: "open", Path: path, Err: err}
+ }
+
+ runtime.KeepAlive(ntPath)
+ return h, nil
+}
+
+func (l *win32PipeListener) makeServerPipe() (*win32File, error) {
+ h, err := makeServerPipeHandle(l.path, nil, &l.config, false)
+ if err != nil {
+ return nil, err
+ }
+ f, err := makeWin32File(h)
+ if err != nil {
+ syscall.Close(h)
+ return nil, err
+ }
+ return f, nil
+}
+
+func (l *win32PipeListener) makeConnectedServerPipe() (*win32File, error) {
+ p, err := l.makeServerPipe()
+ if err != nil {
+ return nil, err
+ }
+
+ // Wait for the client to connect.
+ ch := make(chan error)
+ go func(p *win32File) {
+ ch <- connectPipe(p)
+ }(p)
+
+ select {
+ case err = <-ch:
+ if err != nil {
+ p.Close()
+ p = nil
+ }
+ case <-l.closeCh:
+ // Abort the connect request by closing the handle.
+ p.Close()
+ p = nil
+ err = <-ch
+ if err == nil || err == ErrFileClosed { //nolint:errorlint // err is Errno
+ err = ErrPipeListenerClosed
+ }
+ }
+ return p, err
+}
+
+func (l *win32PipeListener) listenerRoutine() {
+ closed := false
+ for !closed {
+ select {
+ case <-l.closeCh:
+ closed = true
+ case responseCh := <-l.acceptCh:
+ var (
+ p *win32File
+ err error
+ )
+ for {
+ p, err = l.makeConnectedServerPipe()
+ // If the connection was immediately closed by the client, try
+ // again.
+ if err != windows.ERROR_NO_DATA { //nolint:errorlint // err is Errno
+ break
+ }
+ }
+ responseCh <- acceptResponse{p, err}
+ closed = err == ErrPipeListenerClosed //nolint:errorlint // err is Errno
+ }
+ }
+ syscall.Close(l.firstHandle)
+ l.firstHandle = 0
+ // Notify Close() and Accept() callers that the handle has been closed.
+ close(l.doneCh)
+}
+
+// PipeConfig contain configuration for the pipe listener.
+type PipeConfig struct {
+ // SecurityDescriptor contains a Windows security descriptor in SDDL format.
+ SecurityDescriptor string
+
+ // MessageMode determines whether the pipe is in byte or message mode. In either
+ // case the pipe is read in byte mode by default. The only practical difference in
+ // this implementation is that CloseWrite() is only supported for message mode pipes;
+ // CloseWrite() is implemented as a zero-byte write, but zero-byte writes are only
+ // transferred to the reader (and returned as io.EOF in this implementation)
+ // when the pipe is in message mode.
+ MessageMode bool
+
+ // InputBufferSize specifies the size of the input buffer, in bytes.
+ InputBufferSize int32
+
+ // OutputBufferSize specifies the size of the output buffer, in bytes.
+ OutputBufferSize int32
+}
+
+// ListenPipe creates a listener on a Windows named pipe path, e.g. \\.\pipe\mypipe.
+// The pipe must not already exist.
+func ListenPipe(path string, c *PipeConfig) (net.Listener, error) {
+ var (
+ sd []byte
+ err error
+ )
+ if c == nil {
+ c = &PipeConfig{}
+ }
+ if c.SecurityDescriptor != "" {
+ sd, err = SddlToSecurityDescriptor(c.SecurityDescriptor)
+ if err != nil {
+ return nil, err
+ }
+ }
+ h, err := makeServerPipeHandle(path, sd, c, true)
+ if err != nil {
+ return nil, err
+ }
+ l := &win32PipeListener{
+ firstHandle: h,
+ path: path,
+ config: *c,
+ acceptCh: make(chan (chan acceptResponse)),
+ closeCh: make(chan int),
+ doneCh: make(chan int),
+ }
+ go l.listenerRoutine()
+ return l, nil
+}
+
+func connectPipe(p *win32File) error {
+ c, err := p.prepareIO()
+ if err != nil {
+ return err
+ }
+ defer p.wg.Done()
+
+ err = connectNamedPipe(p.handle, &c.o)
+ _, err = p.asyncIO(c, nil, 0, err)
+ if err != nil && err != windows.ERROR_PIPE_CONNECTED { //nolint:errorlint // err is Errno
+ return err
+ }
+ return nil
+}
+
+func (l *win32PipeListener) Accept() (net.Conn, error) {
+ ch := make(chan acceptResponse)
+ select {
+ case l.acceptCh <- ch:
+ response := <-ch
+ err := response.err
+ if err != nil {
+ return nil, err
+ }
+ if l.config.MessageMode {
+ return &win32MessageBytePipe{
+ win32Pipe: win32Pipe{win32File: response.f, path: l.path},
+ }, nil
+ }
+ return &win32Pipe{win32File: response.f, path: l.path}, nil
+ case <-l.doneCh:
+ return nil, ErrPipeListenerClosed
+ }
+}
+
+func (l *win32PipeListener) Close() error {
+ select {
+ case l.closeCh <- 1:
+ <-l.doneCh
+ case <-l.doneCh:
+ }
+ return nil
+}
+
+func (l *win32PipeListener) Addr() net.Addr {
+ return pipeAddress(l.path)
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go
new file mode 100644
index 000000000..48ce4e924
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go
@@ -0,0 +1,232 @@
+// Package guid provides a GUID type. The backing structure for a GUID is
+// identical to that used by the golang.org/x/sys/windows GUID type.
+// There are two main binary encodings used for a GUID, the big-endian encoding,
+// and the Windows (mixed-endian) encoding. See here for details:
+// https://en.wikipedia.org/wiki/Universally_unique_identifier#Encoding
+package guid
+
+import (
+ "crypto/rand"
+ "crypto/sha1" //nolint:gosec // not used for secure application
+ "encoding"
+ "encoding/binary"
+ "fmt"
+ "strconv"
+)
+
+//go:generate go run golang.org/x/tools/cmd/stringer -type=Variant -trimprefix=Variant -linecomment
+
+// Variant specifies which GUID variant (or "type") of the GUID. It determines
+// how the entirety of the rest of the GUID is interpreted.
+type Variant uint8
+
+// The variants specified by RFC 4122 section 4.1.1.
+const (
+ // VariantUnknown specifies a GUID variant which does not conform to one of
+ // the variant encodings specified in RFC 4122.
+ VariantUnknown Variant = iota
+ VariantNCS
+ VariantRFC4122 // RFC 4122
+ VariantMicrosoft
+ VariantFuture
+)
+
+// Version specifies how the bits in the GUID were generated. For instance, a
+// version 4 GUID is randomly generated, and a version 5 is generated from the
+// hash of an input string.
+type Version uint8
+
+func (v Version) String() string {
+ return strconv.FormatUint(uint64(v), 10)
+}
+
+var _ = (encoding.TextMarshaler)(GUID{})
+var _ = (encoding.TextUnmarshaler)(&GUID{})
+
+// NewV4 returns a new version 4 (pseudorandom) GUID, as defined by RFC 4122.
+func NewV4() (GUID, error) {
+ var b [16]byte
+ if _, err := rand.Read(b[:]); err != nil {
+ return GUID{}, err
+ }
+
+ g := FromArray(b)
+ g.setVersion(4) // Version 4 means randomly generated.
+ g.setVariant(VariantRFC4122)
+
+ return g, nil
+}
+
+// NewV5 returns a new version 5 (generated from a string via SHA-1 hashing)
+// GUID, as defined by RFC 4122. The RFC is unclear on the encoding of the name,
+// and the sample code treats it as a series of bytes, so we do the same here.
+//
+// Some implementations, such as those found on Windows, treat the name as a
+// big-endian UTF16 stream of bytes. If that is desired, the string can be
+// encoded as such before being passed to this function.
+func NewV5(namespace GUID, name []byte) (GUID, error) {
+ b := sha1.New() //nolint:gosec // not used for secure application
+ namespaceBytes := namespace.ToArray()
+ b.Write(namespaceBytes[:])
+ b.Write(name)
+
+ a := [16]byte{}
+ copy(a[:], b.Sum(nil))
+
+ g := FromArray(a)
+ g.setVersion(5) // Version 5 means generated from a string.
+ g.setVariant(VariantRFC4122)
+
+ return g, nil
+}
+
+func fromArray(b [16]byte, order binary.ByteOrder) GUID {
+ var g GUID
+ g.Data1 = order.Uint32(b[0:4])
+ g.Data2 = order.Uint16(b[4:6])
+ g.Data3 = order.Uint16(b[6:8])
+ copy(g.Data4[:], b[8:16])
+ return g
+}
+
+func (g GUID) toArray(order binary.ByteOrder) [16]byte {
+ b := [16]byte{}
+ order.PutUint32(b[0:4], g.Data1)
+ order.PutUint16(b[4:6], g.Data2)
+ order.PutUint16(b[6:8], g.Data3)
+ copy(b[8:16], g.Data4[:])
+ return b
+}
+
+// FromArray constructs a GUID from a big-endian encoding array of 16 bytes.
+func FromArray(b [16]byte) GUID {
+ return fromArray(b, binary.BigEndian)
+}
+
+// ToArray returns an array of 16 bytes representing the GUID in big-endian
+// encoding.
+func (g GUID) ToArray() [16]byte {
+ return g.toArray(binary.BigEndian)
+}
+
+// FromWindowsArray constructs a GUID from a Windows encoding array of bytes.
+func FromWindowsArray(b [16]byte) GUID {
+ return fromArray(b, binary.LittleEndian)
+}
+
+// ToWindowsArray returns an array of 16 bytes representing the GUID in Windows
+// encoding.
+func (g GUID) ToWindowsArray() [16]byte {
+ return g.toArray(binary.LittleEndian)
+}
+
+func (g GUID) String() string {
+ return fmt.Sprintf(
+ "%08x-%04x-%04x-%04x-%012x",
+ g.Data1,
+ g.Data2,
+ g.Data3,
+ g.Data4[:2],
+ g.Data4[2:])
+}
+
+// FromString parses a string containing a GUID and returns the GUID. The only
+// format currently supported is the `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
+// format.
+func FromString(s string) (GUID, error) {
+ if len(s) != 36 {
+ return GUID{}, fmt.Errorf("invalid GUID %q", s)
+ }
+ if s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-' {
+ return GUID{}, fmt.Errorf("invalid GUID %q", s)
+ }
+
+ var g GUID
+
+ data1, err := strconv.ParseUint(s[0:8], 16, 32)
+ if err != nil {
+ return GUID{}, fmt.Errorf("invalid GUID %q", s)
+ }
+ g.Data1 = uint32(data1)
+
+ data2, err := strconv.ParseUint(s[9:13], 16, 16)
+ if err != nil {
+ return GUID{}, fmt.Errorf("invalid GUID %q", s)
+ }
+ g.Data2 = uint16(data2)
+
+ data3, err := strconv.ParseUint(s[14:18], 16, 16)
+ if err != nil {
+ return GUID{}, fmt.Errorf("invalid GUID %q", s)
+ }
+ g.Data3 = uint16(data3)
+
+ for i, x := range []int{19, 21, 24, 26, 28, 30, 32, 34} {
+ v, err := strconv.ParseUint(s[x:x+2], 16, 8)
+ if err != nil {
+ return GUID{}, fmt.Errorf("invalid GUID %q", s)
+ }
+ g.Data4[i] = uint8(v)
+ }
+
+ return g, nil
+}
+
+func (g *GUID) setVariant(v Variant) {
+ d := g.Data4[0]
+ switch v {
+ case VariantNCS:
+ d = (d & 0x7f)
+ case VariantRFC4122:
+ d = (d & 0x3f) | 0x80
+ case VariantMicrosoft:
+ d = (d & 0x1f) | 0xc0
+ case VariantFuture:
+ d = (d & 0x0f) | 0xe0
+ case VariantUnknown:
+ fallthrough
+ default:
+ panic(fmt.Sprintf("invalid variant: %d", v))
+ }
+ g.Data4[0] = d
+}
+
+// Variant returns the GUID variant, as defined in RFC 4122.
+func (g GUID) Variant() Variant {
+ b := g.Data4[0]
+ if b&0x80 == 0 {
+ return VariantNCS
+ } else if b&0xc0 == 0x80 {
+ return VariantRFC4122
+ } else if b&0xe0 == 0xc0 {
+ return VariantMicrosoft
+ } else if b&0xe0 == 0xe0 {
+ return VariantFuture
+ }
+ return VariantUnknown
+}
+
+func (g *GUID) setVersion(v Version) {
+ g.Data3 = (g.Data3 & 0x0fff) | (uint16(v) << 12)
+}
+
+// Version returns the GUID version, as defined in RFC 4122.
+func (g GUID) Version() Version {
+ return Version((g.Data3 & 0xF000) >> 12)
+}
+
+// MarshalText returns the textual representation of the GUID.
+func (g GUID) MarshalText() ([]byte, error) {
+ return []byte(g.String()), nil
+}
+
+// UnmarshalText takes the textual representation of a GUID, and unmarhals it
+// into this GUID.
+func (g *GUID) UnmarshalText(text []byte) error {
+ g2, err := FromString(string(text))
+ if err != nil {
+ return err
+ }
+ *g = g2
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go
new file mode 100644
index 000000000..805bd3548
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go
@@ -0,0 +1,16 @@
+//go:build !windows
+// +build !windows
+
+package guid
+
+// GUID represents a GUID/UUID. It has the same structure as
+// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
+// that type. It is defined as its own type as that is only available to builds
+// targeted at `windows`. The representation matches that used by native Windows
+// code.
+type GUID struct {
+ Data1 uint32
+ Data2 uint16
+ Data3 uint16
+ Data4 [8]byte
+}
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go
new file mode 100644
index 000000000..27e45ee5c
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go
@@ -0,0 +1,13 @@
+//go:build windows
+// +build windows
+
+package guid
+
+import "golang.org/x/sys/windows"
+
+// GUID represents a GUID/UUID. It has the same structure as
+// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
+// that type. It is defined as its own type so that stringification and
+// marshaling can be supported. The representation matches that used by native
+// Windows code.
+type GUID windows.GUID
diff --git a/vendor/github.com/Microsoft/go-winio/pkg/guid/variant_string.go b/vendor/github.com/Microsoft/go-winio/pkg/guid/variant_string.go
new file mode 100644
index 000000000..4076d3132
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/variant_string.go
@@ -0,0 +1,27 @@
+// Code generated by "stringer -type=Variant -trimprefix=Variant -linecomment"; DO NOT EDIT.
+
+package guid
+
+import "strconv"
+
+func _() {
+ // An "invalid array index" compiler error signifies that the constant values have changed.
+ // Re-run the stringer command to generate them again.
+ var x [1]struct{}
+ _ = x[VariantUnknown-0]
+ _ = x[VariantNCS-1]
+ _ = x[VariantRFC4122-2]
+ _ = x[VariantMicrosoft-3]
+ _ = x[VariantFuture-4]
+}
+
+const _Variant_name = "UnknownNCSRFC 4122MicrosoftFuture"
+
+var _Variant_index = [...]uint8{0, 7, 10, 18, 27, 33}
+
+func (i Variant) String() string {
+ if i >= Variant(len(_Variant_index)-1) {
+ return "Variant(" + strconv.FormatInt(int64(i), 10) + ")"
+ }
+ return _Variant_name[_Variant_index[i]:_Variant_index[i+1]]
+}
diff --git a/vendor/github.com/Microsoft/go-winio/privilege.go b/vendor/github.com/Microsoft/go-winio/privilege.go
new file mode 100644
index 000000000..0ff9dac90
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/privilege.go
@@ -0,0 +1,197 @@
+//go:build windows
+// +build windows
+
+package winio
+
+import (
+ "bytes"
+ "encoding/binary"
+ "fmt"
+ "runtime"
+ "sync"
+ "syscall"
+ "unicode/utf16"
+
+ "golang.org/x/sys/windows"
+)
+
+//sys adjustTokenPrivileges(token windows.Token, releaseAll bool, input *byte, outputSize uint32, output *byte, requiredSize *uint32) (success bool, err error) [true] = advapi32.AdjustTokenPrivileges
+//sys impersonateSelf(level uint32) (err error) = advapi32.ImpersonateSelf
+//sys revertToSelf() (err error) = advapi32.RevertToSelf
+//sys openThreadToken(thread syscall.Handle, accessMask uint32, openAsSelf bool, token *windows.Token) (err error) = advapi32.OpenThreadToken
+//sys getCurrentThread() (h syscall.Handle) = GetCurrentThread
+//sys lookupPrivilegeValue(systemName string, name string, luid *uint64) (err error) = advapi32.LookupPrivilegeValueW
+//sys lookupPrivilegeName(systemName string, luid *uint64, buffer *uint16, size *uint32) (err error) = advapi32.LookupPrivilegeNameW
+//sys lookupPrivilegeDisplayName(systemName string, name *uint16, buffer *uint16, size *uint32, languageId *uint32) (err error) = advapi32.LookupPrivilegeDisplayNameW
+
+const (
+ //revive:disable-next-line:var-naming ALL_CAPS
+ SE_PRIVILEGE_ENABLED = windows.SE_PRIVILEGE_ENABLED
+
+ //revive:disable-next-line:var-naming ALL_CAPS
+ ERROR_NOT_ALL_ASSIGNED syscall.Errno = windows.ERROR_NOT_ALL_ASSIGNED
+
+ SeBackupPrivilege = "SeBackupPrivilege"
+ SeRestorePrivilege = "SeRestorePrivilege"
+ SeSecurityPrivilege = "SeSecurityPrivilege"
+)
+
+var (
+ privNames = make(map[string]uint64)
+ privNameMutex sync.Mutex
+)
+
+// PrivilegeError represents an error enabling privileges.
+type PrivilegeError struct {
+ privileges []uint64
+}
+
+func (e *PrivilegeError) Error() string {
+ s := "Could not enable privilege "
+ if len(e.privileges) > 1 {
+ s = "Could not enable privileges "
+ }
+ for i, p := range e.privileges {
+ if i != 0 {
+ s += ", "
+ }
+ s += `"`
+ s += getPrivilegeName(p)
+ s += `"`
+ }
+ return s
+}
+
+// RunWithPrivilege enables a single privilege for a function call.
+func RunWithPrivilege(name string, fn func() error) error {
+ return RunWithPrivileges([]string{name}, fn)
+}
+
+// RunWithPrivileges enables privileges for a function call.
+func RunWithPrivileges(names []string, fn func() error) error {
+ privileges, err := mapPrivileges(names)
+ if err != nil {
+ return err
+ }
+ runtime.LockOSThread()
+ defer runtime.UnlockOSThread()
+ token, err := newThreadToken()
+ if err != nil {
+ return err
+ }
+ defer releaseThreadToken(token)
+ err = adjustPrivileges(token, privileges, SE_PRIVILEGE_ENABLED)
+ if err != nil {
+ return err
+ }
+ return fn()
+}
+
+func mapPrivileges(names []string) ([]uint64, error) {
+ privileges := make([]uint64, 0, len(names))
+ privNameMutex.Lock()
+ defer privNameMutex.Unlock()
+ for _, name := range names {
+ p, ok := privNames[name]
+ if !ok {
+ err := lookupPrivilegeValue("", name, &p)
+ if err != nil {
+ return nil, err
+ }
+ privNames[name] = p
+ }
+ privileges = append(privileges, p)
+ }
+ return privileges, nil
+}
+
+// EnableProcessPrivileges enables privileges globally for the process.
+func EnableProcessPrivileges(names []string) error {
+ return enableDisableProcessPrivilege(names, SE_PRIVILEGE_ENABLED)
+}
+
+// DisableProcessPrivileges disables privileges globally for the process.
+func DisableProcessPrivileges(names []string) error {
+ return enableDisableProcessPrivilege(names, 0)
+}
+
+func enableDisableProcessPrivilege(names []string, action uint32) error {
+ privileges, err := mapPrivileges(names)
+ if err != nil {
+ return err
+ }
+
+ p := windows.CurrentProcess()
+ var token windows.Token
+ err = windows.OpenProcessToken(p, windows.TOKEN_ADJUST_PRIVILEGES|windows.TOKEN_QUERY, &token)
+ if err != nil {
+ return err
+ }
+
+ defer token.Close()
+ return adjustPrivileges(token, privileges, action)
+}
+
+func adjustPrivileges(token windows.Token, privileges []uint64, action uint32) error {
+ var b bytes.Buffer
+ _ = binary.Write(&b, binary.LittleEndian, uint32(len(privileges)))
+ for _, p := range privileges {
+ _ = binary.Write(&b, binary.LittleEndian, p)
+ _ = binary.Write(&b, binary.LittleEndian, action)
+ }
+ prevState := make([]byte, b.Len())
+ reqSize := uint32(0)
+ success, err := adjustTokenPrivileges(token, false, &b.Bytes()[0], uint32(len(prevState)), &prevState[0], &reqSize)
+ if !success {
+ return err
+ }
+ if err == ERROR_NOT_ALL_ASSIGNED { //nolint:errorlint // err is Errno
+ return &PrivilegeError{privileges}
+ }
+ return nil
+}
+
+func getPrivilegeName(luid uint64) string {
+ var nameBuffer [256]uint16
+ bufSize := uint32(len(nameBuffer))
+ err := lookupPrivilegeName("", &luid, &nameBuffer[0], &bufSize)
+ if err != nil {
+ return fmt.Sprintf("", luid)
+ }
+
+ var displayNameBuffer [256]uint16
+ displayBufSize := uint32(len(displayNameBuffer))
+ var langID uint32
+ err = lookupPrivilegeDisplayName("", &nameBuffer[0], &displayNameBuffer[0], &displayBufSize, &langID)
+ if err != nil {
+ return fmt.Sprintf("", string(utf16.Decode(nameBuffer[:bufSize])))
+ }
+
+ return string(utf16.Decode(displayNameBuffer[:displayBufSize]))
+}
+
+func newThreadToken() (windows.Token, error) {
+ err := impersonateSelf(windows.SecurityImpersonation)
+ if err != nil {
+ return 0, err
+ }
+
+ var token windows.Token
+ err = openThreadToken(getCurrentThread(), syscall.TOKEN_ADJUST_PRIVILEGES|syscall.TOKEN_QUERY, false, &token)
+ if err != nil {
+ rerr := revertToSelf()
+ if rerr != nil {
+ panic(rerr)
+ }
+ return 0, err
+ }
+ return token, nil
+}
+
+func releaseThreadToken(h windows.Token) {
+ err := revertToSelf()
+ if err != nil {
+ panic(err)
+ }
+ h.Close()
+}
diff --git a/vendor/github.com/Microsoft/go-winio/reparse.go b/vendor/github.com/Microsoft/go-winio/reparse.go
new file mode 100644
index 000000000..67d1a104a
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/reparse.go
@@ -0,0 +1,131 @@
+//go:build windows
+// +build windows
+
+package winio
+
+import (
+ "bytes"
+ "encoding/binary"
+ "fmt"
+ "strings"
+ "unicode/utf16"
+ "unsafe"
+)
+
+const (
+ reparseTagMountPoint = 0xA0000003
+ reparseTagSymlink = 0xA000000C
+)
+
+type reparseDataBuffer struct {
+ ReparseTag uint32
+ ReparseDataLength uint16
+ Reserved uint16
+ SubstituteNameOffset uint16
+ SubstituteNameLength uint16
+ PrintNameOffset uint16
+ PrintNameLength uint16
+}
+
+// ReparsePoint describes a Win32 symlink or mount point.
+type ReparsePoint struct {
+ Target string
+ IsMountPoint bool
+}
+
+// UnsupportedReparsePointError is returned when trying to decode a non-symlink or
+// mount point reparse point.
+type UnsupportedReparsePointError struct {
+ Tag uint32
+}
+
+func (e *UnsupportedReparsePointError) Error() string {
+ return fmt.Sprintf("unsupported reparse point %x", e.Tag)
+}
+
+// DecodeReparsePoint decodes a Win32 REPARSE_DATA_BUFFER structure containing either a symlink
+// or a mount point.
+func DecodeReparsePoint(b []byte) (*ReparsePoint, error) {
+ tag := binary.LittleEndian.Uint32(b[0:4])
+ return DecodeReparsePointData(tag, b[8:])
+}
+
+func DecodeReparsePointData(tag uint32, b []byte) (*ReparsePoint, error) {
+ isMountPoint := false
+ switch tag {
+ case reparseTagMountPoint:
+ isMountPoint = true
+ case reparseTagSymlink:
+ default:
+ return nil, &UnsupportedReparsePointError{tag}
+ }
+ nameOffset := 8 + binary.LittleEndian.Uint16(b[4:6])
+ if !isMountPoint {
+ nameOffset += 4
+ }
+ nameLength := binary.LittleEndian.Uint16(b[6:8])
+ name := make([]uint16, nameLength/2)
+ err := binary.Read(bytes.NewReader(b[nameOffset:nameOffset+nameLength]), binary.LittleEndian, &name)
+ if err != nil {
+ return nil, err
+ }
+ return &ReparsePoint{string(utf16.Decode(name)), isMountPoint}, nil
+}
+
+func isDriveLetter(c byte) bool {
+ return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')
+}
+
+// EncodeReparsePoint encodes a Win32 REPARSE_DATA_BUFFER structure describing a symlink or
+// mount point.
+func EncodeReparsePoint(rp *ReparsePoint) []byte {
+ // Generate an NT path and determine if this is a relative path.
+ var ntTarget string
+ relative := false
+ if strings.HasPrefix(rp.Target, `\\?\`) {
+ ntTarget = `\??\` + rp.Target[4:]
+ } else if strings.HasPrefix(rp.Target, `\\`) {
+ ntTarget = `\??\UNC\` + rp.Target[2:]
+ } else if len(rp.Target) >= 2 && isDriveLetter(rp.Target[0]) && rp.Target[1] == ':' {
+ ntTarget = `\??\` + rp.Target
+ } else {
+ ntTarget = rp.Target
+ relative = true
+ }
+
+ // The paths must be NUL-terminated even though they are counted strings.
+ target16 := utf16.Encode([]rune(rp.Target + "\x00"))
+ ntTarget16 := utf16.Encode([]rune(ntTarget + "\x00"))
+
+ size := int(unsafe.Sizeof(reparseDataBuffer{})) - 8
+ size += len(ntTarget16)*2 + len(target16)*2
+
+ tag := uint32(reparseTagMountPoint)
+ if !rp.IsMountPoint {
+ tag = reparseTagSymlink
+ size += 4 // Add room for symlink flags
+ }
+
+ data := reparseDataBuffer{
+ ReparseTag: tag,
+ ReparseDataLength: uint16(size),
+ SubstituteNameOffset: 0,
+ SubstituteNameLength: uint16((len(ntTarget16) - 1) * 2),
+ PrintNameOffset: uint16(len(ntTarget16) * 2),
+ PrintNameLength: uint16((len(target16) - 1) * 2),
+ }
+
+ var b bytes.Buffer
+ _ = binary.Write(&b, binary.LittleEndian, &data)
+ if !rp.IsMountPoint {
+ flags := uint32(0)
+ if relative {
+ flags |= 1
+ }
+ _ = binary.Write(&b, binary.LittleEndian, flags)
+ }
+
+ _ = binary.Write(&b, binary.LittleEndian, ntTarget16)
+ _ = binary.Write(&b, binary.LittleEndian, target16)
+ return b.Bytes()
+}
diff --git a/vendor/github.com/Microsoft/go-winio/sd.go b/vendor/github.com/Microsoft/go-winio/sd.go
new file mode 100644
index 000000000..5550ef6b6
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/sd.go
@@ -0,0 +1,144 @@
+//go:build windows
+// +build windows
+
+package winio
+
+import (
+ "errors"
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+//sys lookupAccountName(systemName *uint16, accountName string, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) = advapi32.LookupAccountNameW
+//sys lookupAccountSid(systemName *uint16, sid *byte, name *uint16, nameSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) = advapi32.LookupAccountSidW
+//sys convertSidToStringSid(sid *byte, str **uint16) (err error) = advapi32.ConvertSidToStringSidW
+//sys convertStringSidToSid(str *uint16, sid **byte) (err error) = advapi32.ConvertStringSidToSidW
+//sys convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd *uintptr, size *uint32) (err error) = advapi32.ConvertStringSecurityDescriptorToSecurityDescriptorW
+//sys convertSecurityDescriptorToStringSecurityDescriptor(sd *byte, revision uint32, secInfo uint32, sddl **uint16, sddlSize *uint32) (err error) = advapi32.ConvertSecurityDescriptorToStringSecurityDescriptorW
+//sys localFree(mem uintptr) = LocalFree
+//sys getSecurityDescriptorLength(sd uintptr) (len uint32) = advapi32.GetSecurityDescriptorLength
+
+type AccountLookupError struct {
+ Name string
+ Err error
+}
+
+func (e *AccountLookupError) Error() string {
+ if e.Name == "" {
+ return "lookup account: empty account name specified"
+ }
+ var s string
+ switch {
+ case errors.Is(e.Err, windows.ERROR_INVALID_SID):
+ s = "the security ID structure is invalid"
+ case errors.Is(e.Err, windows.ERROR_NONE_MAPPED):
+ s = "not found"
+ default:
+ s = e.Err.Error()
+ }
+ return "lookup account " + e.Name + ": " + s
+}
+
+func (e *AccountLookupError) Unwrap() error { return e.Err }
+
+type SddlConversionError struct {
+ Sddl string
+ Err error
+}
+
+func (e *SddlConversionError) Error() string {
+ return "convert " + e.Sddl + ": " + e.Err.Error()
+}
+
+func (e *SddlConversionError) Unwrap() error { return e.Err }
+
+// LookupSidByName looks up the SID of an account by name
+//
+//revive:disable-next-line:var-naming SID, not Sid
+func LookupSidByName(name string) (sid string, err error) {
+ if name == "" {
+ return "", &AccountLookupError{name, windows.ERROR_NONE_MAPPED}
+ }
+
+ var sidSize, sidNameUse, refDomainSize uint32
+ err = lookupAccountName(nil, name, nil, &sidSize, nil, &refDomainSize, &sidNameUse)
+ if err != nil && err != syscall.ERROR_INSUFFICIENT_BUFFER { //nolint:errorlint // err is Errno
+ return "", &AccountLookupError{name, err}
+ }
+ sidBuffer := make([]byte, sidSize)
+ refDomainBuffer := make([]uint16, refDomainSize)
+ err = lookupAccountName(nil, name, &sidBuffer[0], &sidSize, &refDomainBuffer[0], &refDomainSize, &sidNameUse)
+ if err != nil {
+ return "", &AccountLookupError{name, err}
+ }
+ var strBuffer *uint16
+ err = convertSidToStringSid(&sidBuffer[0], &strBuffer)
+ if err != nil {
+ return "", &AccountLookupError{name, err}
+ }
+ sid = syscall.UTF16ToString((*[0xffff]uint16)(unsafe.Pointer(strBuffer))[:])
+ localFree(uintptr(unsafe.Pointer(strBuffer)))
+ return sid, nil
+}
+
+// LookupNameBySid looks up the name of an account by SID
+//
+//revive:disable-next-line:var-naming SID, not Sid
+func LookupNameBySid(sid string) (name string, err error) {
+ if sid == "" {
+ return "", &AccountLookupError{sid, windows.ERROR_NONE_MAPPED}
+ }
+
+ sidBuffer, err := windows.UTF16PtrFromString(sid)
+ if err != nil {
+ return "", &AccountLookupError{sid, err}
+ }
+
+ var sidPtr *byte
+ if err = convertStringSidToSid(sidBuffer, &sidPtr); err != nil {
+ return "", &AccountLookupError{sid, err}
+ }
+ defer localFree(uintptr(unsafe.Pointer(sidPtr)))
+
+ var nameSize, refDomainSize, sidNameUse uint32
+ err = lookupAccountSid(nil, sidPtr, nil, &nameSize, nil, &refDomainSize, &sidNameUse)
+ if err != nil && err != windows.ERROR_INSUFFICIENT_BUFFER { //nolint:errorlint // err is Errno
+ return "", &AccountLookupError{sid, err}
+ }
+
+ nameBuffer := make([]uint16, nameSize)
+ refDomainBuffer := make([]uint16, refDomainSize)
+ err = lookupAccountSid(nil, sidPtr, &nameBuffer[0], &nameSize, &refDomainBuffer[0], &refDomainSize, &sidNameUse)
+ if err != nil {
+ return "", &AccountLookupError{sid, err}
+ }
+
+ name = windows.UTF16ToString(nameBuffer)
+ return name, nil
+}
+
+func SddlToSecurityDescriptor(sddl string) ([]byte, error) {
+ var sdBuffer uintptr
+ err := convertStringSecurityDescriptorToSecurityDescriptor(sddl, 1, &sdBuffer, nil)
+ if err != nil {
+ return nil, &SddlConversionError{sddl, err}
+ }
+ defer localFree(sdBuffer)
+ sd := make([]byte, getSecurityDescriptorLength(sdBuffer))
+ copy(sd, (*[0xffff]byte)(unsafe.Pointer(sdBuffer))[:len(sd)])
+ return sd, nil
+}
+
+func SecurityDescriptorToSddl(sd []byte) (string, error) {
+ var sddl *uint16
+ // The returned string length seems to include an arbitrary number of terminating NULs.
+ // Don't use it.
+ err := convertSecurityDescriptorToStringSecurityDescriptor(&sd[0], 1, 0xff, &sddl, nil)
+ if err != nil {
+ return "", err
+ }
+ defer localFree(uintptr(unsafe.Pointer(sddl)))
+ return syscall.UTF16ToString((*[0xffff]uint16)(unsafe.Pointer(sddl))[:]), nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/syscall.go b/vendor/github.com/Microsoft/go-winio/syscall.go
new file mode 100644
index 000000000..a6ca111b3
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/syscall.go
@@ -0,0 +1,5 @@
+//go:build windows
+
+package winio
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go ./*.go
diff --git a/vendor/github.com/Microsoft/go-winio/tools.go b/vendor/github.com/Microsoft/go-winio/tools.go
new file mode 100644
index 000000000..2aa045843
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/tools.go
@@ -0,0 +1,5 @@
+//go:build tools
+
+package winio
+
+import _ "golang.org/x/tools/cmd/stringer"
diff --git a/vendor/github.com/Microsoft/go-winio/vhd/vhd.go b/vendor/github.com/Microsoft/go-winio/vhd/vhd.go
new file mode 100644
index 000000000..b54cad112
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/vhd/vhd.go
@@ -0,0 +1,377 @@
+//go:build windows
+// +build windows
+
+package vhd
+
+import (
+ "fmt"
+ "syscall"
+
+ "github.com/Microsoft/go-winio/pkg/guid"
+ "golang.org/x/sys/windows"
+)
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zvhd_windows.go vhd.go
+
+//sys createVirtualDisk(virtualStorageType *VirtualStorageType, path string, virtualDiskAccessMask uint32, securityDescriptor *uintptr, createVirtualDiskFlags uint32, providerSpecificFlags uint32, parameters *CreateVirtualDiskParameters, overlapped *syscall.Overlapped, handle *syscall.Handle) (win32err error) = virtdisk.CreateVirtualDisk
+//sys openVirtualDisk(virtualStorageType *VirtualStorageType, path string, virtualDiskAccessMask uint32, openVirtualDiskFlags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (win32err error) = virtdisk.OpenVirtualDisk
+//sys attachVirtualDisk(handle syscall.Handle, securityDescriptor *uintptr, attachVirtualDiskFlag uint32, providerSpecificFlags uint32, parameters *AttachVirtualDiskParameters, overlapped *syscall.Overlapped) (win32err error) = virtdisk.AttachVirtualDisk
+//sys detachVirtualDisk(handle syscall.Handle, detachVirtualDiskFlags uint32, providerSpecificFlags uint32) (win32err error) = virtdisk.DetachVirtualDisk
+//sys getVirtualDiskPhysicalPath(handle syscall.Handle, diskPathSizeInBytes *uint32, buffer *uint16) (win32err error) = virtdisk.GetVirtualDiskPhysicalPath
+
+type (
+ CreateVirtualDiskFlag uint32
+ VirtualDiskFlag uint32
+ AttachVirtualDiskFlag uint32
+ DetachVirtualDiskFlag uint32
+ VirtualDiskAccessMask uint32
+)
+
+type VirtualStorageType struct {
+ DeviceID uint32
+ VendorID guid.GUID
+}
+
+type CreateVersion2 struct {
+ UniqueID guid.GUID
+ MaximumSize uint64
+ BlockSizeInBytes uint32
+ SectorSizeInBytes uint32
+ PhysicalSectorSizeInByte uint32
+ ParentPath *uint16 // string
+ SourcePath *uint16 // string
+ OpenFlags uint32
+ ParentVirtualStorageType VirtualStorageType
+ SourceVirtualStorageType VirtualStorageType
+ ResiliencyGUID guid.GUID
+}
+
+type CreateVirtualDiskParameters struct {
+ Version uint32 // Must always be set to 2
+ Version2 CreateVersion2
+}
+
+type OpenVersion2 struct {
+ GetInfoOnly bool
+ ReadOnly bool
+ ResiliencyGUID guid.GUID
+}
+
+type OpenVirtualDiskParameters struct {
+ Version uint32 // Must always be set to 2
+ Version2 OpenVersion2
+}
+
+// The higher level `OpenVersion2` struct uses `bool`s to refer to `GetInfoOnly` and `ReadOnly` for ease of use. However,
+// the internal windows structure uses `BOOL`s aka int32s for these types. `openVersion2` is used for translating
+// `OpenVersion2` fields to the correct windows internal field types on the `Open____` methods.
+type openVersion2 struct {
+ getInfoOnly int32
+ readOnly int32
+ resiliencyGUID guid.GUID
+}
+
+type openVirtualDiskParameters struct {
+ version uint32
+ version2 openVersion2
+}
+
+type AttachVersion2 struct {
+ RestrictedOffset uint64
+ RestrictedLength uint64
+}
+
+type AttachVirtualDiskParameters struct {
+ Version uint32
+ Version2 AttachVersion2
+}
+
+const (
+ //revive:disable-next-line:var-naming ALL_CAPS
+ VIRTUAL_STORAGE_TYPE_DEVICE_VHDX = 0x3
+
+ // Access Mask for opening a VHD.
+ VirtualDiskAccessNone VirtualDiskAccessMask = 0x00000000
+ VirtualDiskAccessAttachRO VirtualDiskAccessMask = 0x00010000
+ VirtualDiskAccessAttachRW VirtualDiskAccessMask = 0x00020000
+ VirtualDiskAccessDetach VirtualDiskAccessMask = 0x00040000
+ VirtualDiskAccessGetInfo VirtualDiskAccessMask = 0x00080000
+ VirtualDiskAccessCreate VirtualDiskAccessMask = 0x00100000
+ VirtualDiskAccessMetaOps VirtualDiskAccessMask = 0x00200000
+ VirtualDiskAccessRead VirtualDiskAccessMask = 0x000d0000
+ VirtualDiskAccessAll VirtualDiskAccessMask = 0x003f0000
+ VirtualDiskAccessWritable VirtualDiskAccessMask = 0x00320000
+
+ // Flags for creating a VHD.
+ CreateVirtualDiskFlagNone CreateVirtualDiskFlag = 0x0
+ CreateVirtualDiskFlagFullPhysicalAllocation CreateVirtualDiskFlag = 0x1
+ CreateVirtualDiskFlagPreventWritesToSourceDisk CreateVirtualDiskFlag = 0x2
+ CreateVirtualDiskFlagDoNotCopyMetadataFromParent CreateVirtualDiskFlag = 0x4
+ CreateVirtualDiskFlagCreateBackingStorage CreateVirtualDiskFlag = 0x8
+ CreateVirtualDiskFlagUseChangeTrackingSourceLimit CreateVirtualDiskFlag = 0x10
+ CreateVirtualDiskFlagPreserveParentChangeTrackingState CreateVirtualDiskFlag = 0x20
+ CreateVirtualDiskFlagVhdSetUseOriginalBackingStorage CreateVirtualDiskFlag = 0x40 //revive:disable-line:var-naming VHD, not Vhd
+ CreateVirtualDiskFlagSparseFile CreateVirtualDiskFlag = 0x80
+ CreateVirtualDiskFlagPmemCompatible CreateVirtualDiskFlag = 0x100 //revive:disable-line:var-naming PMEM, not Pmem
+ CreateVirtualDiskFlagSupportCompressedVolumes CreateVirtualDiskFlag = 0x200
+
+ // Flags for opening a VHD.
+ OpenVirtualDiskFlagNone VirtualDiskFlag = 0x00000000
+ OpenVirtualDiskFlagNoParents VirtualDiskFlag = 0x00000001
+ OpenVirtualDiskFlagBlankFile VirtualDiskFlag = 0x00000002
+ OpenVirtualDiskFlagBootDrive VirtualDiskFlag = 0x00000004
+ OpenVirtualDiskFlagCachedIO VirtualDiskFlag = 0x00000008
+ OpenVirtualDiskFlagCustomDiffChain VirtualDiskFlag = 0x00000010
+ OpenVirtualDiskFlagParentCachedIO VirtualDiskFlag = 0x00000020
+ OpenVirtualDiskFlagVhdsetFileOnly VirtualDiskFlag = 0x00000040
+ OpenVirtualDiskFlagIgnoreRelativeParentLocator VirtualDiskFlag = 0x00000080
+ OpenVirtualDiskFlagNoWriteHardening VirtualDiskFlag = 0x00000100
+ OpenVirtualDiskFlagSupportCompressedVolumes VirtualDiskFlag = 0x00000200
+
+ // Flags for attaching a VHD.
+ AttachVirtualDiskFlagNone AttachVirtualDiskFlag = 0x00000000
+ AttachVirtualDiskFlagReadOnly AttachVirtualDiskFlag = 0x00000001
+ AttachVirtualDiskFlagNoDriveLetter AttachVirtualDiskFlag = 0x00000002
+ AttachVirtualDiskFlagPermanentLifetime AttachVirtualDiskFlag = 0x00000004
+ AttachVirtualDiskFlagNoLocalHost AttachVirtualDiskFlag = 0x00000008
+ AttachVirtualDiskFlagNoSecurityDescriptor AttachVirtualDiskFlag = 0x00000010
+ AttachVirtualDiskFlagBypassDefaultEncryptionPolicy AttachVirtualDiskFlag = 0x00000020
+ AttachVirtualDiskFlagNonPnp AttachVirtualDiskFlag = 0x00000040
+ AttachVirtualDiskFlagRestrictedRange AttachVirtualDiskFlag = 0x00000080
+ AttachVirtualDiskFlagSinglePartition AttachVirtualDiskFlag = 0x00000100
+ AttachVirtualDiskFlagRegisterVolume AttachVirtualDiskFlag = 0x00000200
+
+ // Flags for detaching a VHD.
+ DetachVirtualDiskFlagNone DetachVirtualDiskFlag = 0x0
+)
+
+// CreateVhdx is a helper function to create a simple vhdx file at the given path using
+// default values.
+//
+//revive:disable-next-line:var-naming VHDX, not Vhdx
+func CreateVhdx(path string, maxSizeInGb, blockSizeInMb uint32) error {
+ params := CreateVirtualDiskParameters{
+ Version: 2,
+ Version2: CreateVersion2{
+ MaximumSize: uint64(maxSizeInGb) * 1024 * 1024 * 1024,
+ BlockSizeInBytes: blockSizeInMb * 1024 * 1024,
+ },
+ }
+
+ handle, err := CreateVirtualDisk(path, VirtualDiskAccessNone, CreateVirtualDiskFlagNone, ¶ms)
+ if err != nil {
+ return err
+ }
+
+ return syscall.CloseHandle(handle)
+}
+
+// DetachVirtualDisk detaches a virtual hard disk by handle.
+func DetachVirtualDisk(handle syscall.Handle) (err error) {
+ if err := detachVirtualDisk(handle, 0, 0); err != nil {
+ return fmt.Errorf("failed to detach virtual disk: %w", err)
+ }
+ return nil
+}
+
+// DetachVhd detaches a vhd found at `path`.
+//
+//revive:disable-next-line:var-naming VHD, not Vhd
+func DetachVhd(path string) error {
+ handle, err := OpenVirtualDisk(
+ path,
+ VirtualDiskAccessNone,
+ OpenVirtualDiskFlagCachedIO|OpenVirtualDiskFlagIgnoreRelativeParentLocator,
+ )
+ if err != nil {
+ return err
+ }
+ defer syscall.CloseHandle(handle) //nolint:errcheck
+ return DetachVirtualDisk(handle)
+}
+
+// AttachVirtualDisk attaches a virtual hard disk for use.
+func AttachVirtualDisk(
+ handle syscall.Handle,
+ attachVirtualDiskFlag AttachVirtualDiskFlag,
+ parameters *AttachVirtualDiskParameters,
+) (err error) {
+ // Supports both version 1 and 2 of the attach parameters as version 2 wasn't present in RS5.
+ if err := attachVirtualDisk(
+ handle,
+ nil,
+ uint32(attachVirtualDiskFlag),
+ 0,
+ parameters,
+ nil,
+ ); err != nil {
+ return fmt.Errorf("failed to attach virtual disk: %w", err)
+ }
+ return nil
+}
+
+// AttachVhd attaches a virtual hard disk at `path` for use. Attaches using version 2
+// of the ATTACH_VIRTUAL_DISK_PARAMETERS.
+//
+//revive:disable-next-line:var-naming VHD, not Vhd
+func AttachVhd(path string) (err error) {
+ handle, err := OpenVirtualDisk(
+ path,
+ VirtualDiskAccessNone,
+ OpenVirtualDiskFlagCachedIO|OpenVirtualDiskFlagIgnoreRelativeParentLocator,
+ )
+ if err != nil {
+ return err
+ }
+
+ defer syscall.CloseHandle(handle) //nolint:errcheck
+ params := AttachVirtualDiskParameters{Version: 2}
+ if err := AttachVirtualDisk(
+ handle,
+ AttachVirtualDiskFlagNone,
+ ¶ms,
+ ); err != nil {
+ return fmt.Errorf("failed to attach virtual disk: %w", err)
+ }
+ return nil
+}
+
+// OpenVirtualDisk obtains a handle to a VHD opened with supplied access mask and flags.
+func OpenVirtualDisk(
+ vhdPath string,
+ virtualDiskAccessMask VirtualDiskAccessMask,
+ openVirtualDiskFlags VirtualDiskFlag,
+) (syscall.Handle, error) {
+ parameters := OpenVirtualDiskParameters{Version: 2}
+ handle, err := OpenVirtualDiskWithParameters(
+ vhdPath,
+ virtualDiskAccessMask,
+ openVirtualDiskFlags,
+ ¶meters,
+ )
+ if err != nil {
+ return 0, err
+ }
+ return handle, nil
+}
+
+// OpenVirtualDiskWithParameters obtains a handle to a VHD opened with supplied access mask, flags and parameters.
+func OpenVirtualDiskWithParameters(
+ vhdPath string,
+ virtualDiskAccessMask VirtualDiskAccessMask,
+ openVirtualDiskFlags VirtualDiskFlag,
+ parameters *OpenVirtualDiskParameters,
+) (syscall.Handle, error) {
+ var (
+ handle syscall.Handle
+ defaultType VirtualStorageType
+ getInfoOnly int32
+ readOnly int32
+ )
+ if parameters.Version != 2 {
+ return handle, fmt.Errorf("only version 2 VHDs are supported, found version: %d", parameters.Version)
+ }
+ if parameters.Version2.GetInfoOnly {
+ getInfoOnly = 1
+ }
+ if parameters.Version2.ReadOnly {
+ readOnly = 1
+ }
+ params := &openVirtualDiskParameters{
+ version: parameters.Version,
+ version2: openVersion2{
+ getInfoOnly,
+ readOnly,
+ parameters.Version2.ResiliencyGUID,
+ },
+ }
+ if err := openVirtualDisk(
+ &defaultType,
+ vhdPath,
+ uint32(virtualDiskAccessMask),
+ uint32(openVirtualDiskFlags),
+ params,
+ &handle,
+ ); err != nil {
+ return 0, fmt.Errorf("failed to open virtual disk: %w", err)
+ }
+ return handle, nil
+}
+
+// CreateVirtualDisk creates a virtual harddisk and returns a handle to the disk.
+func CreateVirtualDisk(
+ path string,
+ virtualDiskAccessMask VirtualDiskAccessMask,
+ createVirtualDiskFlags CreateVirtualDiskFlag,
+ parameters *CreateVirtualDiskParameters,
+) (syscall.Handle, error) {
+ var (
+ handle syscall.Handle
+ defaultType VirtualStorageType
+ )
+ if parameters.Version != 2 {
+ return handle, fmt.Errorf("only version 2 VHDs are supported, found version: %d", parameters.Version)
+ }
+
+ if err := createVirtualDisk(
+ &defaultType,
+ path,
+ uint32(virtualDiskAccessMask),
+ nil,
+ uint32(createVirtualDiskFlags),
+ 0,
+ parameters,
+ nil,
+ &handle,
+ ); err != nil {
+ return handle, fmt.Errorf("failed to create virtual disk: %w", err)
+ }
+ return handle, nil
+}
+
+// GetVirtualDiskPhysicalPath takes a handle to a virtual hard disk and returns the physical
+// path of the disk on the machine. This path is in the form \\.\PhysicalDriveX where X is an integer
+// that represents the particular enumeration of the physical disk on the caller's system.
+func GetVirtualDiskPhysicalPath(handle syscall.Handle) (_ string, err error) {
+ var (
+ diskPathSizeInBytes uint32 = 256 * 2 // max path length 256 wide chars
+ diskPhysicalPathBuf [256]uint16
+ )
+ if err := getVirtualDiskPhysicalPath(
+ handle,
+ &diskPathSizeInBytes,
+ &diskPhysicalPathBuf[0],
+ ); err != nil {
+ return "", fmt.Errorf("failed to get disk physical path: %w", err)
+ }
+ return windows.UTF16ToString(diskPhysicalPathBuf[:]), nil
+}
+
+// CreateDiffVhd is a helper function to create a differencing virtual disk.
+//
+//revive:disable-next-line:var-naming VHD, not Vhd
+func CreateDiffVhd(diffVhdPath, baseVhdPath string, blockSizeInMB uint32) error {
+ // Setting `ParentPath` is how to signal to create a differencing disk.
+ createParams := &CreateVirtualDiskParameters{
+ Version: 2,
+ Version2: CreateVersion2{
+ ParentPath: windows.StringToUTF16Ptr(baseVhdPath),
+ BlockSizeInBytes: blockSizeInMB * 1024 * 1024,
+ OpenFlags: uint32(OpenVirtualDiskFlagCachedIO),
+ },
+ }
+
+ vhdHandle, err := CreateVirtualDisk(
+ diffVhdPath,
+ VirtualDiskAccessNone,
+ CreateVirtualDiskFlagNone,
+ createParams,
+ )
+ if err != nil {
+ return fmt.Errorf("failed to create differencing vhd: %w", err)
+ }
+ if err := syscall.CloseHandle(vhdHandle); err != nil {
+ return fmt.Errorf("failed to close differencing vhd handle: %w", err)
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/go-winio/vhd/zvhd_windows.go b/vendor/github.com/Microsoft/go-winio/vhd/zvhd_windows.go
new file mode 100644
index 000000000..d0e917d2b
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/vhd/zvhd_windows.go
@@ -0,0 +1,108 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package vhd
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modvirtdisk = windows.NewLazySystemDLL("virtdisk.dll")
+
+ procAttachVirtualDisk = modvirtdisk.NewProc("AttachVirtualDisk")
+ procCreateVirtualDisk = modvirtdisk.NewProc("CreateVirtualDisk")
+ procDetachVirtualDisk = modvirtdisk.NewProc("DetachVirtualDisk")
+ procGetVirtualDiskPhysicalPath = modvirtdisk.NewProc("GetVirtualDiskPhysicalPath")
+ procOpenVirtualDisk = modvirtdisk.NewProc("OpenVirtualDisk")
+)
+
+func attachVirtualDisk(handle syscall.Handle, securityDescriptor *uintptr, attachVirtualDiskFlag uint32, providerSpecificFlags uint32, parameters *AttachVirtualDiskParameters, overlapped *syscall.Overlapped) (win32err error) {
+ r0, _, _ := syscall.Syscall6(procAttachVirtualDisk.Addr(), 6, uintptr(handle), uintptr(unsafe.Pointer(securityDescriptor)), uintptr(attachVirtualDiskFlag), uintptr(providerSpecificFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(overlapped)))
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func createVirtualDisk(virtualStorageType *VirtualStorageType, path string, virtualDiskAccessMask uint32, securityDescriptor *uintptr, createVirtualDiskFlags uint32, providerSpecificFlags uint32, parameters *CreateVirtualDiskParameters, overlapped *syscall.Overlapped, handle *syscall.Handle) (win32err error) {
+ var _p0 *uint16
+ _p0, win32err = syscall.UTF16PtrFromString(path)
+ if win32err != nil {
+ return
+ }
+ return _createVirtualDisk(virtualStorageType, _p0, virtualDiskAccessMask, securityDescriptor, createVirtualDiskFlags, providerSpecificFlags, parameters, overlapped, handle)
+}
+
+func _createVirtualDisk(virtualStorageType *VirtualStorageType, path *uint16, virtualDiskAccessMask uint32, securityDescriptor *uintptr, createVirtualDiskFlags uint32, providerSpecificFlags uint32, parameters *CreateVirtualDiskParameters, overlapped *syscall.Overlapped, handle *syscall.Handle) (win32err error) {
+ r0, _, _ := syscall.Syscall9(procCreateVirtualDisk.Addr(), 9, uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(unsafe.Pointer(securityDescriptor)), uintptr(createVirtualDiskFlags), uintptr(providerSpecificFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(handle)))
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func detachVirtualDisk(handle syscall.Handle, detachVirtualDiskFlags uint32, providerSpecificFlags uint32) (win32err error) {
+ r0, _, _ := syscall.Syscall(procDetachVirtualDisk.Addr(), 3, uintptr(handle), uintptr(detachVirtualDiskFlags), uintptr(providerSpecificFlags))
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func getVirtualDiskPhysicalPath(handle syscall.Handle, diskPathSizeInBytes *uint32, buffer *uint16) (win32err error) {
+ r0, _, _ := syscall.Syscall(procGetVirtualDiskPhysicalPath.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(diskPathSizeInBytes)), uintptr(unsafe.Pointer(buffer)))
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func openVirtualDisk(virtualStorageType *VirtualStorageType, path string, virtualDiskAccessMask uint32, openVirtualDiskFlags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (win32err error) {
+ var _p0 *uint16
+ _p0, win32err = syscall.UTF16PtrFromString(path)
+ if win32err != nil {
+ return
+ }
+ return _openVirtualDisk(virtualStorageType, _p0, virtualDiskAccessMask, openVirtualDiskFlags, parameters, handle)
+}
+
+func _openVirtualDisk(virtualStorageType *VirtualStorageType, path *uint16, virtualDiskAccessMask uint32, openVirtualDiskFlags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (win32err error) {
+ r0, _, _ := syscall.Syscall6(procOpenVirtualDisk.Addr(), 6, uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(openVirtualDiskFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(handle)))
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
diff --git a/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go b/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go
new file mode 100644
index 000000000..469b16f63
--- /dev/null
+++ b/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go
@@ -0,0 +1,419 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package winio
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
+ modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+ modntdll = windows.NewLazySystemDLL("ntdll.dll")
+ modws2_32 = windows.NewLazySystemDLL("ws2_32.dll")
+
+ procAdjustTokenPrivileges = modadvapi32.NewProc("AdjustTokenPrivileges")
+ procConvertSecurityDescriptorToStringSecurityDescriptorW = modadvapi32.NewProc("ConvertSecurityDescriptorToStringSecurityDescriptorW")
+ procConvertSidToStringSidW = modadvapi32.NewProc("ConvertSidToStringSidW")
+ procConvertStringSecurityDescriptorToSecurityDescriptorW = modadvapi32.NewProc("ConvertStringSecurityDescriptorToSecurityDescriptorW")
+ procConvertStringSidToSidW = modadvapi32.NewProc("ConvertStringSidToSidW")
+ procGetSecurityDescriptorLength = modadvapi32.NewProc("GetSecurityDescriptorLength")
+ procImpersonateSelf = modadvapi32.NewProc("ImpersonateSelf")
+ procLookupAccountNameW = modadvapi32.NewProc("LookupAccountNameW")
+ procLookupAccountSidW = modadvapi32.NewProc("LookupAccountSidW")
+ procLookupPrivilegeDisplayNameW = modadvapi32.NewProc("LookupPrivilegeDisplayNameW")
+ procLookupPrivilegeNameW = modadvapi32.NewProc("LookupPrivilegeNameW")
+ procLookupPrivilegeValueW = modadvapi32.NewProc("LookupPrivilegeValueW")
+ procOpenThreadToken = modadvapi32.NewProc("OpenThreadToken")
+ procRevertToSelf = modadvapi32.NewProc("RevertToSelf")
+ procBackupRead = modkernel32.NewProc("BackupRead")
+ procBackupWrite = modkernel32.NewProc("BackupWrite")
+ procCancelIoEx = modkernel32.NewProc("CancelIoEx")
+ procConnectNamedPipe = modkernel32.NewProc("ConnectNamedPipe")
+ procCreateIoCompletionPort = modkernel32.NewProc("CreateIoCompletionPort")
+ procCreateNamedPipeW = modkernel32.NewProc("CreateNamedPipeW")
+ procGetCurrentThread = modkernel32.NewProc("GetCurrentThread")
+ procGetNamedPipeHandleStateW = modkernel32.NewProc("GetNamedPipeHandleStateW")
+ procGetNamedPipeInfo = modkernel32.NewProc("GetNamedPipeInfo")
+ procGetQueuedCompletionStatus = modkernel32.NewProc("GetQueuedCompletionStatus")
+ procLocalAlloc = modkernel32.NewProc("LocalAlloc")
+ procLocalFree = modkernel32.NewProc("LocalFree")
+ procSetFileCompletionNotificationModes = modkernel32.NewProc("SetFileCompletionNotificationModes")
+ procNtCreateNamedPipeFile = modntdll.NewProc("NtCreateNamedPipeFile")
+ procRtlDefaultNpAcl = modntdll.NewProc("RtlDefaultNpAcl")
+ procRtlDosPathNameToNtPathName_U = modntdll.NewProc("RtlDosPathNameToNtPathName_U")
+ procRtlNtStatusToDosErrorNoTeb = modntdll.NewProc("RtlNtStatusToDosErrorNoTeb")
+ procWSAGetOverlappedResult = modws2_32.NewProc("WSAGetOverlappedResult")
+)
+
+func adjustTokenPrivileges(token windows.Token, releaseAll bool, input *byte, outputSize uint32, output *byte, requiredSize *uint32) (success bool, err error) {
+ var _p0 uint32
+ if releaseAll {
+ _p0 = 1
+ }
+ r0, _, e1 := syscall.Syscall6(procAdjustTokenPrivileges.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(input)), uintptr(outputSize), uintptr(unsafe.Pointer(output)), uintptr(unsafe.Pointer(requiredSize)))
+ success = r0 != 0
+ if true {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func convertSecurityDescriptorToStringSecurityDescriptor(sd *byte, revision uint32, secInfo uint32, sddl **uint16, sddlSize *uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procConvertSecurityDescriptorToStringSecurityDescriptorW.Addr(), 5, uintptr(unsafe.Pointer(sd)), uintptr(revision), uintptr(secInfo), uintptr(unsafe.Pointer(sddl)), uintptr(unsafe.Pointer(sddlSize)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func convertSidToStringSid(sid *byte, str **uint16) (err error) {
+ r1, _, e1 := syscall.Syscall(procConvertSidToStringSidW.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(str)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd *uintptr, size *uint32) (err error) {
+ var _p0 *uint16
+ _p0, err = syscall.UTF16PtrFromString(str)
+ if err != nil {
+ return
+ }
+ return _convertStringSecurityDescriptorToSecurityDescriptor(_p0, revision, sd, size)
+}
+
+func _convertStringSecurityDescriptorToSecurityDescriptor(str *uint16, revision uint32, sd *uintptr, size *uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procConvertStringSecurityDescriptorToSecurityDescriptorW.Addr(), 4, uintptr(unsafe.Pointer(str)), uintptr(revision), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(size)), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func convertStringSidToSid(str *uint16, sid **byte) (err error) {
+ r1, _, e1 := syscall.Syscall(procConvertStringSidToSidW.Addr(), 2, uintptr(unsafe.Pointer(str)), uintptr(unsafe.Pointer(sid)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func getSecurityDescriptorLength(sd uintptr) (len uint32) {
+ r0, _, _ := syscall.Syscall(procGetSecurityDescriptorLength.Addr(), 1, uintptr(sd), 0, 0)
+ len = uint32(r0)
+ return
+}
+
+func impersonateSelf(level uint32) (err error) {
+ r1, _, e1 := syscall.Syscall(procImpersonateSelf.Addr(), 1, uintptr(level), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func lookupAccountName(systemName *uint16, accountName string, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) {
+ var _p0 *uint16
+ _p0, err = syscall.UTF16PtrFromString(accountName)
+ if err != nil {
+ return
+ }
+ return _lookupAccountName(systemName, _p0, sid, sidSize, refDomain, refDomainSize, sidNameUse)
+}
+
+func _lookupAccountName(systemName *uint16, accountName *uint16, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) {
+ r1, _, e1 := syscall.Syscall9(procLookupAccountNameW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(accountName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sidSize)), uintptr(unsafe.Pointer(refDomain)), uintptr(unsafe.Pointer(refDomainSize)), uintptr(unsafe.Pointer(sidNameUse)), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func lookupAccountSid(systemName *uint16, sid *byte, name *uint16, nameSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) {
+ r1, _, e1 := syscall.Syscall9(procLookupAccountSidW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameSize)), uintptr(unsafe.Pointer(refDomain)), uintptr(unsafe.Pointer(refDomainSize)), uintptr(unsafe.Pointer(sidNameUse)), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func lookupPrivilegeDisplayName(systemName string, name *uint16, buffer *uint16, size *uint32, languageId *uint32) (err error) {
+ var _p0 *uint16
+ _p0, err = syscall.UTF16PtrFromString(systemName)
+ if err != nil {
+ return
+ }
+ return _lookupPrivilegeDisplayName(_p0, name, buffer, size, languageId)
+}
+
+func _lookupPrivilegeDisplayName(systemName *uint16, name *uint16, buffer *uint16, size *uint32, languageId *uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procLookupPrivilegeDisplayNameW.Addr(), 5, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(languageId)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func lookupPrivilegeName(systemName string, luid *uint64, buffer *uint16, size *uint32) (err error) {
+ var _p0 *uint16
+ _p0, err = syscall.UTF16PtrFromString(systemName)
+ if err != nil {
+ return
+ }
+ return _lookupPrivilegeName(_p0, luid, buffer, size)
+}
+
+func _lookupPrivilegeName(systemName *uint16, luid *uint64, buffer *uint16, size *uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procLookupPrivilegeNameW.Addr(), 4, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(luid)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func lookupPrivilegeValue(systemName string, name string, luid *uint64) (err error) {
+ var _p0 *uint16
+ _p0, err = syscall.UTF16PtrFromString(systemName)
+ if err != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, err = syscall.UTF16PtrFromString(name)
+ if err != nil {
+ return
+ }
+ return _lookupPrivilegeValue(_p0, _p1, luid)
+}
+
+func _lookupPrivilegeValue(systemName *uint16, name *uint16, luid *uint64) (err error) {
+ r1, _, e1 := syscall.Syscall(procLookupPrivilegeValueW.Addr(), 3, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(luid)))
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func openThreadToken(thread syscall.Handle, accessMask uint32, openAsSelf bool, token *windows.Token) (err error) {
+ var _p0 uint32
+ if openAsSelf {
+ _p0 = 1
+ }
+ r1, _, e1 := syscall.Syscall6(procOpenThreadToken.Addr(), 4, uintptr(thread), uintptr(accessMask), uintptr(_p0), uintptr(unsafe.Pointer(token)), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func revertToSelf() (err error) {
+ r1, _, e1 := syscall.Syscall(procRevertToSelf.Addr(), 0, 0, 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func backupRead(h syscall.Handle, b []byte, bytesRead *uint32, abort bool, processSecurity bool, context *uintptr) (err error) {
+ var _p0 *byte
+ if len(b) > 0 {
+ _p0 = &b[0]
+ }
+ var _p1 uint32
+ if abort {
+ _p1 = 1
+ }
+ var _p2 uint32
+ if processSecurity {
+ _p2 = 1
+ }
+ r1, _, e1 := syscall.Syscall9(procBackupRead.Addr(), 7, uintptr(h), uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(unsafe.Pointer(bytesRead)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(context)), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func backupWrite(h syscall.Handle, b []byte, bytesWritten *uint32, abort bool, processSecurity bool, context *uintptr) (err error) {
+ var _p0 *byte
+ if len(b) > 0 {
+ _p0 = &b[0]
+ }
+ var _p1 uint32
+ if abort {
+ _p1 = 1
+ }
+ var _p2 uint32
+ if processSecurity {
+ _p2 = 1
+ }
+ r1, _, e1 := syscall.Syscall9(procBackupWrite.Addr(), 7, uintptr(h), uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(unsafe.Pointer(bytesWritten)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(context)), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func cancelIoEx(file syscall.Handle, o *syscall.Overlapped) (err error) {
+ r1, _, e1 := syscall.Syscall(procCancelIoEx.Addr(), 2, uintptr(file), uintptr(unsafe.Pointer(o)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) {
+ r1, _, e1 := syscall.Syscall(procConnectNamedPipe.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(o)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func createIoCompletionPort(file syscall.Handle, port syscall.Handle, key uintptr, threadCount uint32) (newport syscall.Handle, err error) {
+ r0, _, e1 := syscall.Syscall6(procCreateIoCompletionPort.Addr(), 4, uintptr(file), uintptr(port), uintptr(key), uintptr(threadCount), 0, 0)
+ newport = syscall.Handle(r0)
+ if newport == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) {
+ var _p0 *uint16
+ _p0, err = syscall.UTF16PtrFromString(name)
+ if err != nil {
+ return
+ }
+ return _createNamedPipe(_p0, flags, pipeMode, maxInstances, outSize, inSize, defaultTimeout, sa)
+}
+
+func _createNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) {
+ r0, _, e1 := syscall.Syscall9(procCreateNamedPipeW.Addr(), 8, uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(pipeMode), uintptr(maxInstances), uintptr(outSize), uintptr(inSize), uintptr(defaultTimeout), uintptr(unsafe.Pointer(sa)), 0)
+ handle = syscall.Handle(r0)
+ if handle == syscall.InvalidHandle {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func getCurrentThread() (h syscall.Handle) {
+ r0, _, _ := syscall.Syscall(procGetCurrentThread.Addr(), 0, 0, 0, 0)
+ h = syscall.Handle(r0)
+ return
+}
+
+func getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) {
+ r1, _, e1 := syscall.Syscall9(procGetNamedPipeHandleStateW.Addr(), 7, uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(curInstances)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), uintptr(unsafe.Pointer(userName)), uintptr(maxUserNameSize), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procGetNamedPipeInfo.Addr(), 5, uintptr(pipe), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(outSize)), uintptr(unsafe.Pointer(inSize)), uintptr(unsafe.Pointer(maxInstances)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func getQueuedCompletionStatus(port syscall.Handle, bytes *uint32, key *uintptr, o **ioOperation, timeout uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procGetQueuedCompletionStatus.Addr(), 5, uintptr(port), uintptr(unsafe.Pointer(bytes)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(o)), uintptr(timeout), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func localAlloc(uFlags uint32, length uint32) (ptr uintptr) {
+ r0, _, _ := syscall.Syscall(procLocalAlloc.Addr(), 2, uintptr(uFlags), uintptr(length), 0)
+ ptr = uintptr(r0)
+ return
+}
+
+func localFree(mem uintptr) {
+ syscall.Syscall(procLocalFree.Addr(), 1, uintptr(mem), 0, 0)
+ return
+}
+
+func setFileCompletionNotificationModes(h syscall.Handle, flags uint8) (err error) {
+ r1, _, e1 := syscall.Syscall(procSetFileCompletionNotificationModes.Addr(), 2, uintptr(h), uintptr(flags), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntStatus) {
+ r0, _, _ := syscall.Syscall15(procNtCreateNamedPipeFile.Addr(), 14, uintptr(unsafe.Pointer(pipe)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(share), uintptr(disposition), uintptr(options), uintptr(typ), uintptr(readMode), uintptr(completionMode), uintptr(maxInstances), uintptr(inboundQuota), uintptr(outputQuota), uintptr(unsafe.Pointer(timeout)), 0)
+ status = ntStatus(r0)
+ return
+}
+
+func rtlDefaultNpAcl(dacl *uintptr) (status ntStatus) {
+ r0, _, _ := syscall.Syscall(procRtlDefaultNpAcl.Addr(), 1, uintptr(unsafe.Pointer(dacl)), 0, 0)
+ status = ntStatus(r0)
+ return
+}
+
+func rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntStatus) {
+ r0, _, _ := syscall.Syscall6(procRtlDosPathNameToNtPathName_U.Addr(), 4, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(ntName)), uintptr(filePart), uintptr(reserved), 0, 0)
+ status = ntStatus(r0)
+ return
+}
+
+func rtlNtStatusToDosError(status ntStatus) (winerr error) {
+ r0, _, _ := syscall.Syscall(procRtlNtStatusToDosErrorNoTeb.Addr(), 1, uintptr(status), 0, 0)
+ if r0 != 0 {
+ winerr = syscall.Errno(r0)
+ }
+ return
+}
+
+func wsaGetOverlappedResult(h syscall.Handle, o *syscall.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) {
+ var _p0 uint32
+ if wait {
+ _p0 = 1
+ }
+ r1, _, e1 := syscall.Syscall6(procWSAGetOverlappedResult.Addr(), 5, uintptr(h), uintptr(unsafe.Pointer(o)), uintptr(unsafe.Pointer(bytes)), uintptr(_p0), uintptr(unsafe.Pointer(flags)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/.gitattributes b/vendor/github.com/Microsoft/hcsshim/.gitattributes
new file mode 100644
index 000000000..dd0d09faa
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/.gitattributes
@@ -0,0 +1,3 @@
+* text=auto eol=lf
+vendor/** -text
+test/vendor/** -text
\ No newline at end of file
diff --git a/vendor/github.com/Microsoft/hcsshim/.gitignore b/vendor/github.com/Microsoft/hcsshim/.gitignore
new file mode 100644
index 000000000..74b68f0ad
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/.gitignore
@@ -0,0 +1,53 @@
+# Binaries for programs and plugins
+*.exe
+*.dll
+*.so
+*.dylib
+
+# Ignore vscode setting files
+.vscode/
+.idea/
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
+.glide/
+
+# Ignore gcs bin directory
+service/bin/
+service/pkg/
+
+*.img
+*.vhd
+*.tar.gz
+*.tar
+
+# Make stuff
+.rootfs-done
+bin/*
+rootfs/*
+rootfs-conv/*
+*.o
+/build/
+
+deps/*
+out/*
+
+# protobuf files
+# only files at root of the repo, otherwise this will cause issues with vendoring
+/protobuf/*
+
+# test results
+test/results
+
+# go workspace files
+go.work
+go.work.sum
+
+# keys and related artifacts
+*.pem
+*.cose
diff --git a/vendor/github.com/Microsoft/hcsshim/.golangci.yml b/vendor/github.com/Microsoft/hcsshim/.golangci.yml
new file mode 100644
index 000000000..abe77f57a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/.golangci.yml
@@ -0,0 +1,167 @@
+run:
+ timeout: 8m
+ tests: true
+ build-tags:
+ - admin
+ - functional
+ - integration
+ skip-dirs:
+ # paths are relative to module root
+ - cri-containerd/test-images
+
+linters:
+ enable:
+ # defaults:
+ # - errcheck
+ # - gosimple
+ # - govet
+ # - ineffassign
+ # - staticcheck
+ # - typecheck
+ # - unused
+
+ - gofmt # whether code was gofmt-ed
+ - govet # enabled by default, but just to be sure
+ - nolintlint # ill-formed or insufficient nolint directives
+ - stylecheck # golint replacement
+ - thelper # test helpers without t.Helper()
+
+linters-settings:
+ govet:
+ enable-all: true
+ disable:
+ # struct order is often for Win32 compat
+ # also, ignore pointer bytes/GC issues for now until performance becomes an issue
+ - fieldalignment
+ check-shadowing: true
+
+ stylecheck:
+ # https://staticcheck.io/docs/checks
+ checks: ["all"]
+
+issues:
+ exclude-rules:
+ # err is very often shadowed in nested scopes
+ - linters:
+ - govet
+ text: '^shadow: declaration of "err" shadows declaration'
+
+ # path is relative to module root, which is ./test/
+ - path: cri-containerd
+ linters:
+ - stylecheck
+ text: "^ST1003: should not use underscores in package names$"
+ source: "^package cri_containerd$"
+
+ # This repo has a LOT of generated schema files, operating system bindings, and other
+ # things that ST1003 from stylecheck won't like (screaming case Windows api constants for example).
+ # There's also some structs that we *could* change the initialisms to be Go friendly
+ # (Id -> ID) but they're exported and it would be a breaking change.
+ # This makes it so that most new code, code that isn't supposed to be a pretty faithful
+ # mapping to an OS call/constants, or non-generated code still checks if we're following idioms,
+ # while ignoring the things that are just noise or would be more of a hassle than it'd be worth to change.
+ - path: layer.go
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: hcsshim.go
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: cmd\\ncproxy\\nodenetsvc\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: cmd\\ncproxy_mock\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: internal\\hcs\\schema2\\
+ linters:
+ - stylecheck
+ - gofmt
+
+ - path: internal\\wclayer\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: hcn\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: internal\\hcs\\schema1\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: internal\\hns\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: ext4\\internal\\compactext4\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: ext4\\internal\\format\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: internal\\guestrequest\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: internal\\guest\\prot\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: internal\\windevice\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: internal\\winapi\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: internal\\vmcompute\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: internal\\regstate\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ - path: internal\\hcserror\\
+ linters:
+ - stylecheck
+ Text: "ST1003:"
+
+ # v0 APIs are deprecated, but still retained for backwards compatability
+ - path: cmd\\ncproxy\\
+ linters:
+ - staticcheck
+ text: "^SA1019: .*(ncproxygrpc|nodenetsvc)[/]?v0"
+
+ - path: internal\\tools\\networkagent
+ linters:
+ - staticcheck
+ text: "^SA1019: .*nodenetsvc[/]?v0"
+
+ - path: internal\\vhdx\\info
+ linters:
+ - stylecheck
+ Text: "ST1003:"
diff --git a/vendor/github.com/Microsoft/hcsshim/CODEOWNERS b/vendor/github.com/Microsoft/hcsshim/CODEOWNERS
new file mode 100644
index 000000000..f4c5a07d1
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/CODEOWNERS
@@ -0,0 +1 @@
+* @microsoft/containerplat
\ No newline at end of file
diff --git a/vendor/github.com/Microsoft/hcsshim/LICENSE b/vendor/github.com/Microsoft/hcsshim/LICENSE
new file mode 100644
index 000000000..49d21669a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Microsoft
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
\ No newline at end of file
diff --git a/vendor/github.com/Microsoft/hcsshim/Makefile b/vendor/github.com/Microsoft/hcsshim/Makefile
new file mode 100644
index 000000000..d8eb30b86
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/Makefile
@@ -0,0 +1,111 @@
+BASE:=base.tar.gz
+DEV_BUILD:=0
+
+GO:=go
+GO_FLAGS:=-ldflags "-s -w" # strip Go binaries
+CGO_ENABLED:=0
+GOMODVENDOR:=
+
+CFLAGS:=-O2 -Wall
+LDFLAGS:=-static -s # strip C binaries
+
+GO_FLAGS_EXTRA:=
+ifeq "$(GOMODVENDOR)" "1"
+GO_FLAGS_EXTRA += -mod=vendor
+endif
+GO_BUILD_TAGS:=
+ifneq ($(strip $(GO_BUILD_TAGS)),)
+GO_FLAGS_EXTRA += -tags="$(GO_BUILD_TAGS)"
+endif
+GO_BUILD:=CGO_ENABLED=$(CGO_ENABLED) $(GO) build $(GO_FLAGS) $(GO_FLAGS_EXTRA)
+
+SRCROOT=$(dir $(abspath $(firstword $(MAKEFILE_LIST))))
+# additional directories to search for rule prerequisites and targets
+VPATH=$(SRCROOT)
+
+DELTA_TARGET=out/delta.tar.gz
+
+ifeq "$(DEV_BUILD)" "1"
+DELTA_TARGET=out/delta-dev.tar.gz
+endif
+
+# The link aliases for gcstools
+GCS_TOOLS=\
+ generichook \
+ install-drivers
+
+.PHONY: all always rootfs test
+
+.DEFAULT_GOAL := all
+
+all: out/initrd.img out/rootfs.tar.gz
+
+clean:
+ find -name '*.o' -print0 | xargs -0 -r rm
+ rm -rf bin deps rootfs out
+
+test:
+ cd $(SRCROOT) && $(GO) test -v ./internal/guest/...
+
+rootfs: out/rootfs.vhd
+
+out/rootfs.vhd: out/rootfs.tar.gz bin/cmd/tar2ext4
+ gzip -f -d ./out/rootfs.tar.gz
+ bin/cmd/tar2ext4 -vhd -i ./out/rootfs.tar -o $@
+
+out/rootfs.tar.gz: out/initrd.img
+ rm -rf rootfs-conv
+ mkdir rootfs-conv
+ gunzip -c out/initrd.img | (cd rootfs-conv && cpio -imd)
+ tar -zcf $@ -C rootfs-conv .
+ rm -rf rootfs-conv
+
+out/initrd.img: $(BASE) $(DELTA_TARGET) $(SRCROOT)/hack/catcpio.sh
+ $(SRCROOT)/hack/catcpio.sh "$(BASE)" $(DELTA_TARGET) > out/initrd.img.uncompressed
+ gzip -c out/initrd.img.uncompressed > $@
+ rm out/initrd.img.uncompressed
+
+# This target includes utilities which may be useful for testing purposes.
+out/delta-dev.tar.gz: out/delta.tar.gz bin/internal/tools/snp-report
+ rm -rf rootfs-dev
+ mkdir rootfs-dev
+ tar -xzf out/delta.tar.gz -C rootfs-dev
+ cp bin/internal/tools/snp-report rootfs-dev/bin/
+ tar -zcf $@ -C rootfs-dev .
+ rm -rf rootfs-dev
+
+out/delta.tar.gz: bin/init bin/vsockexec bin/cmd/gcs bin/cmd/gcstools bin/cmd/hooks/wait-paths Makefile
+ @mkdir -p out
+ rm -rf rootfs
+ mkdir -p rootfs/bin/
+ mkdir -p rootfs/info/
+ cp bin/init rootfs/
+ cp bin/vsockexec rootfs/bin/
+ cp bin/cmd/gcs rootfs/bin/
+ cp bin/cmd/gcstools rootfs/bin/
+ cp bin/cmd/hooks/wait-paths rootfs/bin/
+ for tool in $(GCS_TOOLS); do ln -s gcstools rootfs/bin/$$tool; done
+ git -C $(SRCROOT) rev-parse HEAD > rootfs/info/gcs.commit && \
+ git -C $(SRCROOT) rev-parse --abbrev-ref HEAD > rootfs/info/gcs.branch && \
+ date --iso-8601=minute --utc > rootfs/info/tar.date
+ $(if $(and $(realpath $(subst .tar,.testdata.json,$(BASE))), $(shell which jq)), \
+ jq -r '.IMAGE_NAME' $(subst .tar,.testdata.json,$(BASE)) 2>/dev/null > rootfs/info/image.name && \
+ jq -r '.DATETIME' $(subst .tar,.testdata.json,$(BASE)) 2>/dev/null > rootfs/info/build.date)
+ tar -zcf $@ -C rootfs .
+ rm -rf rootfs
+
+bin/cmd/gcs bin/cmd/gcstools bin/cmd/hooks/wait-paths bin/cmd/tar2ext4 bin/internal/tools/snp-report:
+ @mkdir -p $(dir $@)
+ GOOS=linux $(GO_BUILD) -o $@ $(SRCROOT)/$(@:bin/%=%)
+
+bin/vsockexec: vsockexec/vsockexec.o vsockexec/vsock.o
+ @mkdir -p bin
+ $(CC) $(LDFLAGS) -o $@ $^
+
+bin/init: init/init.o vsockexec/vsock.o
+ @mkdir -p bin
+ $(CC) $(LDFLAGS) -o $@ $^
+
+%.o: %.c
+ @mkdir -p $(dir $@)
+ $(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
diff --git a/vendor/github.com/Microsoft/hcsshim/Protobuild.toml b/vendor/github.com/Microsoft/hcsshim/Protobuild.toml
new file mode 100644
index 000000000..17145bb25
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/Protobuild.toml
@@ -0,0 +1,25 @@
+version = "2"
+generators = ["go", "go-grpc"]
+
+# Control protoc include paths.
+[includes]
+ before = ["./protobuf"]
+
+ # defaults are "/usr/local/include" and "/usr/include", which don't exist on Windows.
+ # override defaults to supress errors about non-existant directories.
+ after = []
+
+# This section maps protobuf imports to Go packages.
+[packages]
+ # github.com/containerd/cgroups protofiles still list their go path as "github.com/containerd/cgroups/cgroup1/stats"
+ "github.com/containerd/cgroups/v3/cgroup1/stats/metrics.proto" = "github.com/containerd/cgroups/v3/cgroup1/stats"
+
+[[overrides]]
+prefixes = [
+ "github.com/Microsoft/hcsshim/internal/shimdiag",
+ "github.com/Microsoft/hcsshim/internal/extendedtask",
+ "github.com/Microsoft/hcsshim/internal/computeagent",
+ "github.com/Microsoft/hcsshim/internal/ncproxyttrpc",
+ "github.com/Microsoft/hcsshim/internal/vmservice",
+]
+generators = ["go", "go-ttrpc"]
diff --git a/vendor/github.com/Microsoft/hcsshim/README.md b/vendor/github.com/Microsoft/hcsshim/README.md
new file mode 100644
index 000000000..5a1361539
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/README.md
@@ -0,0 +1,102 @@
+# hcsshim
+
+[](https://github.com/microsoft/hcsshim/actions?query=branch%3Amaster)
+
+This package contains the Golang interface for using the Windows [Host Compute Service](https://techcommunity.microsoft.com/t5/containers/introducing-the-host-compute-service-hcs/ba-p/382332) (HCS) to launch and manage [Windows Containers](https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/). It also contains other helpers and functions for managing Windows Containers such as the Golang interface for the Host Network Service (HNS), as well as code for the [guest agent](./internal/guest/README.md) (commonly referred to as the GCS or Guest Compute Service in the codebase) used to support running Linux Hyper-V containers.
+
+It is primarily used in the [Moby](https://github.com/moby/moby) and [Containerd](https://github.com/containerd/containerd) projects, but it can be freely used by other projects as well.
+
+## Building
+
+While this repository can be used as a library of sorts to call the HCS apis, there are a couple binaries built out of the repository as well. The main ones being the Linux guest agent, and an implementation of the [runtime v2 containerd shim api](https://github.com/containerd/containerd/blob/master/runtime/v2/README.md).
+### Linux Hyper-V Container Guest Agent
+
+To build the Linux guest agent itself all that's needed is to set your GOOS to "Linux" and build out of ./cmd/gcs.
+```powershell
+C:\> $env:GOOS="linux"
+C:\> go build .\cmd\gcs\
+```
+
+or on a Linux machine
+```sh
+> go build ./cmd/gcs
+```
+
+If you want it to be packaged inside of a rootfs to boot with alongside all of the other tools then you'll need to provide a rootfs that it can be packaged inside of. An easy way is to export the rootfs of a container.
+
+```sh
+docker pull busybox
+docker run --name base_image_container busybox
+docker export base_image_container | gzip > base.tar.gz
+BASE=./base.tar.gz
+make all
+```
+
+If the build is successful, in the `./out` folder you should see:
+```sh
+> ls ./out/
+delta.tar.gz initrd.img rootfs.tar.gz
+```
+
+### Containerd Shim
+For info on the Runtime V2 API: https://github.com/containerd/containerd/blob/master/runtime/v2/README.md.
+
+Contrary to the typical Linux architecture of shim -> runc, the runhcs shim is used both to launch and manage the lifetime of containers.
+
+```powershell
+C:\> $env:GOOS="windows"
+C:\> go build .\cmd\containerd-shim-runhcs-v1
+```
+
+Then place the binary in the same directory that Containerd is located at in your environment. A default Containerd configuration file can be generated by running:
+```powershell
+.\containerd.exe config default | Out-File "C:\Program Files\containerd\config.toml" -Encoding ascii
+```
+
+This config file will already have the shim set as the default runtime for cri interactions.
+
+To trial using the shim out with ctr.exe:
+```powershell
+C:\> ctr.exe run --runtime io.containerd.runhcs.v1 --rm mcr.microsoft.com/windows/nanoserver:2004 windows-test cmd /c "echo Hello World!"
+```
+
+## Contributing
+
+This project welcomes contributions and suggestions. Most contributions require you to agree to a
+Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
+the rights to use your contribution. For details, visit https://cla.microsoft.com.
+
+When you submit a pull request, a CLA-bot will automatically determine whether you need to provide
+a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions
+provided by the bot. You will only need to do this once across all repos using our CLA.
+
+We also require that contributors [sign their commits](https://git-scm.com/docs/git-commit) using `git commit -s` or `git commit --signoff` to
+certify they either authored the work themselves or otherwise have permission to use it in this project. Please see https://developercertificate.org/ for
+more info, as well as to make sure that you can attest to the rules listed. Our CI uses the [DCO Github app](https://github.com/apps/dco) to ensure
+that all commits in a given PR are signed-off.
+
+## Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+
+## Dependencies
+
+This project requires Golang 1.17 or newer to build.
+
+For system requirements to run this project, see the Microsoft docs on [Windows Container requirements](https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/system-requirements).
+
+## Reporting Security Issues
+
+Security issues and bugs should be reported privately, via email, to the Microsoft Security
+Response Center (MSRC) at [secure@microsoft.com](mailto:secure@microsoft.com). You should
+receive a response within 24 hours. If for some reason you do not, please follow up via
+email to ensure we received your original message. Further information, including the
+[MSRC PGP](https://technet.microsoft.com/en-us/security/dn606155) key, can be found in
+the [Security TechCenter](https://technet.microsoft.com/en-us/security/default).
+
+For additional details, see [Report a Computer Security Vulnerability](https://technet.microsoft.com/en-us/security/ff852094.aspx) on Technet
+
+---------------
+Copyright (c) 2018 Microsoft Corp. All rights reserved.
diff --git a/vendor/github.com/Microsoft/hcsshim/SECURITY.md b/vendor/github.com/Microsoft/hcsshim/SECURITY.md
new file mode 100644
index 000000000..869fdfe2b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/SECURITY.md
@@ -0,0 +1,41 @@
+
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc).
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+ * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+ * Full paths of source file(s) related to the manifestation of the issue
+ * The location of the affected source code (tag/branch/commit or direct URL)
+ * Any special configuration required to reproduce the issue
+ * Step-by-step instructions to reproduce the issue
+ * Proof-of-concept or exploit code (if possible)
+ * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
+
+
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/attach.go b/vendor/github.com/Microsoft/hcsshim/computestorage/attach.go
new file mode 100644
index 000000000..54c4b3bc4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/attach.go
@@ -0,0 +1,40 @@
+//go:build windows
+
+package computestorage
+
+import (
+ "context"
+ "encoding/json"
+
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/pkg/errors"
+ "go.opencensus.io/trace"
+)
+
+// AttachLayerStorageFilter sets up the layer storage filter on a writable
+// container layer.
+//
+// `layerPath` is a path to a directory the writable layer is mounted. If the
+// path does not end in a `\` the platform will append it automatically.
+//
+// `layerData` is the parent read-only layer data.
+func AttachLayerStorageFilter(ctx context.Context, layerPath string, layerData LayerData) (err error) {
+ title := "hcsshim::AttachLayerStorageFilter"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("layerPath", layerPath),
+ )
+
+ bytes, err := json.Marshal(layerData)
+ if err != nil {
+ return err
+ }
+
+ err = hcsAttachLayerStorageFilter(layerPath, string(bytes))
+ if err != nil {
+ return errors.Wrap(err, "failed to attach layer storage filter")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go b/vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go
new file mode 100644
index 000000000..5058d3b55
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go
@@ -0,0 +1,28 @@
+//go:build windows
+
+package computestorage
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/pkg/errors"
+ "go.opencensus.io/trace"
+)
+
+// DestroyLayer deletes a container layer.
+//
+// `layerPath` is a path to a directory containing the layer to export.
+func DestroyLayer(ctx context.Context, layerPath string) (err error) {
+ title := "hcsshim::DestroyLayer"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("layerPath", layerPath))
+
+ err = hcsDestroyLayer(layerPath)
+ if err != nil {
+ return errors.Wrap(err, "failed to destroy layer")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/detach.go b/vendor/github.com/Microsoft/hcsshim/computestorage/detach.go
new file mode 100644
index 000000000..daf1bfff2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/detach.go
@@ -0,0 +1,28 @@
+//go:build windows
+
+package computestorage
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/pkg/errors"
+ "go.opencensus.io/trace"
+)
+
+// DetachLayerStorageFilter detaches the layer storage filter on a writable container layer.
+//
+// `layerPath` is a path to a directory containing the layer to export.
+func DetachLayerStorageFilter(ctx context.Context, layerPath string) (err error) {
+ title := "hcsshim::DetachLayerStorageFilter"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("layerPath", layerPath))
+
+ err = hcsDetachLayerStorageFilter(layerPath)
+ if err != nil {
+ return errors.Wrap(err, "failed to detach layer storage filter")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/export.go b/vendor/github.com/Microsoft/hcsshim/computestorage/export.go
new file mode 100644
index 000000000..c6370a5c9
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/export.go
@@ -0,0 +1,48 @@
+//go:build windows
+
+package computestorage
+
+import (
+ "context"
+ "encoding/json"
+
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/pkg/errors"
+ "go.opencensus.io/trace"
+)
+
+// ExportLayer exports a container layer.
+//
+// `layerPath` is a path to a directory containing the layer to export.
+//
+// `exportFolderPath` is a pre-existing folder to export the layer to.
+//
+// `layerData` is the parent layer data.
+//
+// `options` are the export options applied to the exported layer.
+func ExportLayer(ctx context.Context, layerPath, exportFolderPath string, layerData LayerData, options ExportLayerOptions) (err error) {
+ title := "hcsshim::ExportLayer"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("layerPath", layerPath),
+ trace.StringAttribute("exportFolderPath", exportFolderPath),
+ )
+
+ ldBytes, err := json.Marshal(layerData)
+ if err != nil {
+ return err
+ }
+
+ oBytes, err := json.Marshal(options)
+ if err != nil {
+ return err
+ }
+
+ err = hcsExportLayer(layerPath, exportFolderPath, string(ldBytes), string(oBytes))
+ if err != nil {
+ return errors.Wrap(err, "failed to export layer")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/format.go b/vendor/github.com/Microsoft/hcsshim/computestorage/format.go
new file mode 100644
index 000000000..2140e5c9f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/format.go
@@ -0,0 +1,32 @@
+//go:build windows
+
+package computestorage
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/pkg/errors"
+ "golang.org/x/sys/windows"
+)
+
+// FormatWritableLayerVhd formats a virtual disk for use as a writable container layer.
+//
+// If the VHD is not mounted it will be temporarily mounted.
+//
+// NOTE: This API had a breaking change in the operating system after Windows Server 2019.
+// On ws2019 the API expects to get passed a file handle from CreateFile for the vhd that
+// the caller wants to format. On > ws2019, its expected that the caller passes a vhd handle
+// that can be obtained from the virtdisk APIs.
+func FormatWritableLayerVhd(ctx context.Context, vhdHandle windows.Handle) (err error) {
+ title := "hcsshim::FormatWritableLayerVhd"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+
+ err = hcsFormatWritableLayerVhd(vhdHandle)
+ if err != nil {
+ return errors.Wrap(err, "failed to format writable layer vhd")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go b/vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go
new file mode 100644
index 000000000..858c84601
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go
@@ -0,0 +1,199 @@
+//go:build windows
+
+package computestorage
+
+import (
+ "context"
+ "os"
+ "path/filepath"
+ "syscall"
+
+ "github.com/Microsoft/go-winio/vhd"
+ "github.com/Microsoft/hcsshim/internal/memory"
+ "github.com/pkg/errors"
+ "golang.org/x/sys/windows"
+
+ "github.com/Microsoft/hcsshim/internal/security"
+)
+
+const (
+ defaultVHDXBlockSizeInMB = 1
+)
+
+// SetupContainerBaseLayer is a helper to setup a containers scratch. It
+// will create and format the vhdx's inside and the size is configurable with the sizeInGB
+// parameter.
+//
+// `layerPath` is the path to the base container layer on disk.
+//
+// `baseVhdPath` is the path to where the base vhdx for the base layer should be created.
+//
+// `diffVhdPath` is the path where the differencing disk for the base layer should be created.
+//
+// `sizeInGB` is the size in gigabytes to make the base vhdx.
+func SetupContainerBaseLayer(ctx context.Context, layerPath, baseVhdPath, diffVhdPath string, sizeInGB uint64) (err error) {
+ var (
+ hivesPath = filepath.Join(layerPath, "Hives")
+ layoutPath = filepath.Join(layerPath, "Layout")
+ )
+
+ // We need to remove the hives directory and layout file as `SetupBaseOSLayer` fails if these files
+ // already exist. `SetupBaseOSLayer` will create these files internally. We also remove the base and
+ // differencing disks if they exist in case we're asking for a different size.
+ if _, err := os.Stat(hivesPath); err == nil {
+ if err := os.RemoveAll(hivesPath); err != nil {
+ return errors.Wrap(err, "failed to remove prexisting hives directory")
+ }
+ }
+ if _, err := os.Stat(layoutPath); err == nil {
+ if err := os.RemoveAll(layoutPath); err != nil {
+ return errors.Wrap(err, "failed to remove prexisting layout file")
+ }
+ }
+
+ if _, err := os.Stat(baseVhdPath); err == nil {
+ if err := os.RemoveAll(baseVhdPath); err != nil {
+ return errors.Wrap(err, "failed to remove base vhdx path")
+ }
+ }
+ if _, err := os.Stat(diffVhdPath); err == nil {
+ if err := os.RemoveAll(diffVhdPath); err != nil {
+ return errors.Wrap(err, "failed to remove differencing vhdx")
+ }
+ }
+
+ createParams := &vhd.CreateVirtualDiskParameters{
+ Version: 2,
+ Version2: vhd.CreateVersion2{
+ MaximumSize: sizeInGB * memory.GiB,
+ BlockSizeInBytes: defaultVHDXBlockSizeInMB * memory.MiB,
+ },
+ }
+ handle, err := vhd.CreateVirtualDisk(baseVhdPath, vhd.VirtualDiskAccessNone, vhd.CreateVirtualDiskFlagNone, createParams)
+ if err != nil {
+ return errors.Wrap(err, "failed to create vhdx")
+ }
+
+ defer func() {
+ if err != nil {
+ _ = syscall.CloseHandle(handle)
+ os.RemoveAll(baseVhdPath)
+ os.RemoveAll(diffVhdPath)
+ }
+ }()
+
+ if err = FormatWritableLayerVhd(ctx, windows.Handle(handle)); err != nil {
+ return err
+ }
+ // Base vhd handle must be closed before calling SetupBaseLayer in case of Container layer
+ if err = syscall.CloseHandle(handle); err != nil {
+ return errors.Wrap(err, "failed to close vhdx handle")
+ }
+
+ options := OsLayerOptions{
+ Type: OsLayerTypeContainer,
+ }
+
+ // SetupBaseOSLayer expects an empty vhd handle for a container layer and will
+ // error out otherwise.
+ if err = SetupBaseOSLayer(ctx, layerPath, 0, options); err != nil {
+ return err
+ }
+ // Create the differencing disk that will be what's copied for the final rw layer
+ // for a container.
+ if err = vhd.CreateDiffVhd(diffVhdPath, baseVhdPath, defaultVHDXBlockSizeInMB); err != nil {
+ return errors.Wrap(err, "failed to create differencing disk")
+ }
+
+ if err = security.GrantVmGroupAccess(baseVhdPath); err != nil {
+ return errors.Wrapf(err, "failed to grant vm group access to %s", baseVhdPath)
+ }
+ if err = security.GrantVmGroupAccess(diffVhdPath); err != nil {
+ return errors.Wrapf(err, "failed to grant vm group access to %s", diffVhdPath)
+ }
+ return nil
+}
+
+// SetupUtilityVMBaseLayer is a helper to setup a UVMs scratch space. It will create and format
+// the vhdx inside and the size is configurable by the sizeInGB parameter.
+//
+// `uvmPath` is the path to the UtilityVM filesystem.
+//
+// `baseVhdPath` is the path to where the base vhdx for the UVM should be created.
+//
+// `diffVhdPath` is the path where the differencing disk for the UVM should be created.
+//
+// `sizeInGB` specifies the size in gigabytes to make the base vhdx.
+func SetupUtilityVMBaseLayer(ctx context.Context, uvmPath, baseVhdPath, diffVhdPath string, sizeInGB uint64) (err error) {
+ // Remove the base and differencing disks if they exist in case we're asking for a different size.
+ if _, err := os.Stat(baseVhdPath); err == nil {
+ if err := os.RemoveAll(baseVhdPath); err != nil {
+ return errors.Wrap(err, "failed to remove base vhdx")
+ }
+ }
+ if _, err := os.Stat(diffVhdPath); err == nil {
+ if err := os.RemoveAll(diffVhdPath); err != nil {
+ return errors.Wrap(err, "failed to remove differencing vhdx")
+ }
+ }
+
+ // Just create the vhdx for utilityVM layer, no need to format it.
+ createParams := &vhd.CreateVirtualDiskParameters{
+ Version: 2,
+ Version2: vhd.CreateVersion2{
+ MaximumSize: sizeInGB * memory.GiB,
+ BlockSizeInBytes: defaultVHDXBlockSizeInMB * memory.MiB,
+ },
+ }
+ handle, err := vhd.CreateVirtualDisk(baseVhdPath, vhd.VirtualDiskAccessNone, vhd.CreateVirtualDiskFlagNone, createParams)
+ if err != nil {
+ return errors.Wrap(err, "failed to create vhdx")
+ }
+
+ defer func() {
+ if err != nil {
+ _ = syscall.CloseHandle(handle)
+ os.RemoveAll(baseVhdPath)
+ os.RemoveAll(diffVhdPath)
+ }
+ }()
+
+ // If it is a UtilityVM layer then the base vhdx must be attached when calling
+ // `SetupBaseOSLayer`
+ attachParams := &vhd.AttachVirtualDiskParameters{
+ Version: 2,
+ }
+ if err := vhd.AttachVirtualDisk(handle, vhd.AttachVirtualDiskFlagNone, attachParams); err != nil {
+ return errors.Wrapf(err, "failed to attach virtual disk")
+ }
+
+ options := OsLayerOptions{
+ Type: OsLayerTypeVM,
+ }
+ if err := SetupBaseOSLayer(ctx, uvmPath, windows.Handle(handle), options); err != nil {
+ return err
+ }
+
+ // Detach and close the handle after setting up the layer as we don't need the handle
+ // for anything else and we no longer need to be attached either.
+ if err = vhd.DetachVirtualDisk(handle); err != nil {
+ return errors.Wrap(err, "failed to detach vhdx")
+ }
+ if err = syscall.CloseHandle(handle); err != nil {
+ return errors.Wrap(err, "failed to close vhdx handle")
+ }
+
+ // Create the differencing disk that will be what's copied for the final rw layer
+ // for a container.
+ if err = vhd.CreateDiffVhd(diffVhdPath, baseVhdPath, defaultVHDXBlockSizeInMB); err != nil {
+ return errors.Wrap(err, "failed to create differencing disk")
+ }
+
+ if err := security.GrantVmGroupAccess(baseVhdPath); err != nil {
+ return errors.Wrapf(err, "failed to grant vm group access to %s", baseVhdPath)
+ }
+ if err := security.GrantVmGroupAccess(diffVhdPath); err != nil {
+ return errors.Wrapf(err, "failed to grant vm group access to %s", diffVhdPath)
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/import.go b/vendor/github.com/Microsoft/hcsshim/computestorage/import.go
new file mode 100644
index 000000000..e1c87416a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/import.go
@@ -0,0 +1,43 @@
+//go:build windows
+
+package computestorage
+
+import (
+ "context"
+ "encoding/json"
+
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/pkg/errors"
+ "go.opencensus.io/trace"
+)
+
+// ImportLayer imports a container layer.
+//
+// `layerPath` is a path to a directory to import the layer to. If the directory
+// does not exist it will be automatically created.
+//
+// `sourceFolderpath` is a pre-existing folder that contains the layer to
+// import.
+//
+// `layerData` is the parent layer data.
+func ImportLayer(ctx context.Context, layerPath, sourceFolderPath string, layerData LayerData) (err error) {
+ title := "hcsshim::ImportLayer"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("layerPath", layerPath),
+ trace.StringAttribute("sourceFolderPath", sourceFolderPath),
+ )
+
+ bytes, err := json.Marshal(layerData)
+ if err != nil {
+ return err
+ }
+
+ err = hcsImportLayer(layerPath, sourceFolderPath, string(bytes))
+ if err != nil {
+ return errors.Wrap(err, "failed to import layer")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go b/vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go
new file mode 100644
index 000000000..d0c621605
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go
@@ -0,0 +1,40 @@
+//go:build windows
+
+package computestorage
+
+import (
+ "context"
+ "encoding/json"
+
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/pkg/errors"
+ "go.opencensus.io/trace"
+)
+
+// InitializeWritableLayer initializes a writable layer for a container.
+//
+// `layerPath` is a path to a directory the layer is mounted. If the
+// path does not end in a `\` the platform will append it automatically.
+//
+// `layerData` is the parent read-only layer data.
+func InitializeWritableLayer(ctx context.Context, layerPath string, layerData LayerData) (err error) {
+ title := "hcsshim::InitializeWritableLayer"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("layerPath", layerPath),
+ )
+
+ bytes, err := json.Marshal(layerData)
+ if err != nil {
+ return err
+ }
+
+ // Options are not used in the platform as of RS5
+ err = hcsInitializeWritableLayer(layerPath, string(bytes), "")
+ if err != nil {
+ return errors.Wrap(err, "failed to intitialize container layer")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/mount.go b/vendor/github.com/Microsoft/hcsshim/computestorage/mount.go
new file mode 100644
index 000000000..4f4d8ebf2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/mount.go
@@ -0,0 +1,28 @@
+//go:build windows
+
+package computestorage
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/interop"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/pkg/errors"
+ "golang.org/x/sys/windows"
+)
+
+// GetLayerVhdMountPath returns the volume path for a virtual disk of a writable container layer.
+func GetLayerVhdMountPath(ctx context.Context, vhdHandle windows.Handle) (path string, err error) {
+ title := "hcsshim::GetLayerVhdMountPath"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+
+ var mountPath *uint16
+ err = hcsGetLayerVhdMountPath(vhdHandle, &mountPath)
+ if err != nil {
+ return "", errors.Wrap(err, "failed to get vhd mount path")
+ }
+ path = interop.ConvertAndFreeCoTaskMemString(mountPath)
+ return path, nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/setup.go b/vendor/github.com/Microsoft/hcsshim/computestorage/setup.go
new file mode 100644
index 000000000..1c685aed0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/setup.go
@@ -0,0 +1,80 @@
+//go:build windows
+
+package computestorage
+
+import (
+ "context"
+ "encoding/json"
+
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/Microsoft/hcsshim/osversion"
+ "github.com/pkg/errors"
+ "go.opencensus.io/trace"
+ "golang.org/x/sys/windows"
+)
+
+// SetupBaseOSLayer sets up a layer that contains a base OS for a container.
+//
+// `layerPath` is a path to a directory containing the layer.
+//
+// `vhdHandle` is an empty file handle of `options.Type == OsLayerTypeContainer`
+// or else it is a file handle to the 'SystemTemplateBase.vhdx' if `options.Type
+// == OsLayerTypeVm`.
+//
+// `options` are the options applied while processing the layer.
+func SetupBaseOSLayer(ctx context.Context, layerPath string, vhdHandle windows.Handle, options OsLayerOptions) (err error) {
+ title := "hcsshim::SetupBaseOSLayer"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("layerPath", layerPath),
+ )
+
+ bytes, err := json.Marshal(options)
+ if err != nil {
+ return err
+ }
+
+ err = hcsSetupBaseOSLayer(layerPath, vhdHandle, string(bytes))
+ if err != nil {
+ return errors.Wrap(err, "failed to setup base OS layer")
+ }
+ return nil
+}
+
+// SetupBaseOSVolume sets up a volume that contains a base OS for a container.
+//
+// `layerPath` is a path to a directory containing the layer.
+//
+// `volumePath` is the path to the volume to be used for setup.
+//
+// `options` are the options applied while processing the layer.
+//
+// NOTE: This API is only available on builds of Windows greater than 19645. Inside we
+// check if the hosts build has the API available by using 'GetVersion' which requires
+// the calling application to be manifested. https://docs.microsoft.com/en-us/windows/win32/sbscs/manifests
+func SetupBaseOSVolume(ctx context.Context, layerPath, volumePath string, options OsLayerOptions) (err error) {
+ if osversion.Build() < 19645 {
+ return errors.New("SetupBaseOSVolume is not present on builds older than 19645")
+ }
+ title := "hcsshim::SetupBaseOSVolume"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("layerPath", layerPath),
+ trace.StringAttribute("volumePath", volumePath),
+ )
+
+ bytes, err := json.Marshal(options)
+ if err != nil {
+ return err
+ }
+
+ err = hcsSetupBaseOSVolume(layerPath, volumePath, string(bytes))
+ if err != nil {
+ return errors.Wrap(err, "failed to setup base OS layer")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/storage.go b/vendor/github.com/Microsoft/hcsshim/computestorage/storage.go
new file mode 100644
index 000000000..c38d3aa5a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/storage.go
@@ -0,0 +1,53 @@
+// Package computestorage is a wrapper around the HCS storage APIs. These are new storage APIs introduced
+// separate from the original graphdriver calls intended to give more freedom around creating
+// and managing container layers and scratch spaces.
+package computestorage
+
+import (
+ hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+)
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go storage.go
+
+//sys hcsImportLayer(layerPath string, sourceFolderPath string, layerData string) (hr error) = computestorage.HcsImportLayer?
+//sys hcsExportLayer(layerPath string, exportFolderPath string, layerData string, options string) (hr error) = computestorage.HcsExportLayer?
+//sys hcsDestroyLayer(layerPath string) (hr error) = computestorage.HcsDestroyLayer?
+//sys hcsSetupBaseOSLayer(layerPath string, handle windows.Handle, options string) (hr error) = computestorage.HcsSetupBaseOSLayer?
+//sys hcsInitializeWritableLayer(writableLayerPath string, layerData string, options string) (hr error) = computestorage.HcsInitializeWritableLayer?
+//sys hcsAttachLayerStorageFilter(layerPath string, layerData string) (hr error) = computestorage.HcsAttachLayerStorageFilter?
+//sys hcsDetachLayerStorageFilter(layerPath string) (hr error) = computestorage.HcsDetachLayerStorageFilter?
+//sys hcsFormatWritableLayerVhd(handle windows.Handle) (hr error) = computestorage.HcsFormatWritableLayerVhd?
+//sys hcsGetLayerVhdMountPath(vhdHandle windows.Handle, mountPath **uint16) (hr error) = computestorage.HcsGetLayerVhdMountPath?
+//sys hcsSetupBaseOSVolume(layerPath string, volumePath string, options string) (hr error) = computestorage.HcsSetupBaseOSVolume?
+
+type Version = hcsschema.Version
+type Layer = hcsschema.Layer
+
+// LayerData is the data used to describe parent layer information.
+type LayerData struct {
+ SchemaVersion Version `json:"SchemaVersion,omitempty"`
+ Layers []Layer `json:"Layers,omitempty"`
+}
+
+// ExportLayerOptions are the set of options that are used with the `computestorage.HcsExportLayer` syscall.
+type ExportLayerOptions struct {
+ IsWritableLayer bool `json:"IsWritableLayer,omitempty"`
+}
+
+// OsLayerType is the type of layer being operated on.
+type OsLayerType string
+
+const (
+ // OsLayerTypeContainer is a container layer.
+ OsLayerTypeContainer OsLayerType = "Container"
+ // OsLayerTypeVM is a virtual machine layer.
+ OsLayerTypeVM OsLayerType = "Vm"
+)
+
+// OsLayerOptions are the set of options that are used with the `SetupBaseOSLayer` and
+// `SetupBaseOSVolume` calls.
+type OsLayerOptions struct {
+ Type OsLayerType `json:"Type,omitempty"`
+ DisableCiCacheOptimization bool `json:"DisableCiCacheOptimization,omitempty"`
+ SkipUpdateBcdForBoot bool `json:"SkipUpdateBcdForBoot,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/computestorage/zsyscall_windows.go
new file mode 100644
index 000000000..b996b35e6
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/zsyscall_windows.go
@@ -0,0 +1,332 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package computestorage
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modcomputestorage = windows.NewLazySystemDLL("computestorage.dll")
+
+ procHcsAttachLayerStorageFilter = modcomputestorage.NewProc("HcsAttachLayerStorageFilter")
+ procHcsDestroyLayer = modcomputestorage.NewProc("HcsDestroyLayer")
+ procHcsDetachLayerStorageFilter = modcomputestorage.NewProc("HcsDetachLayerStorageFilter")
+ procHcsExportLayer = modcomputestorage.NewProc("HcsExportLayer")
+ procHcsFormatWritableLayerVhd = modcomputestorage.NewProc("HcsFormatWritableLayerVhd")
+ procHcsGetLayerVhdMountPath = modcomputestorage.NewProc("HcsGetLayerVhdMountPath")
+ procHcsImportLayer = modcomputestorage.NewProc("HcsImportLayer")
+ procHcsInitializeWritableLayer = modcomputestorage.NewProc("HcsInitializeWritableLayer")
+ procHcsSetupBaseOSLayer = modcomputestorage.NewProc("HcsSetupBaseOSLayer")
+ procHcsSetupBaseOSVolume = modcomputestorage.NewProc("HcsSetupBaseOSVolume")
+)
+
+func hcsAttachLayerStorageFilter(layerPath string, layerData string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(layerPath)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(layerData)
+ if hr != nil {
+ return
+ }
+ return _hcsAttachLayerStorageFilter(_p0, _p1)
+}
+
+func _hcsAttachLayerStorageFilter(layerPath *uint16, layerData *uint16) (hr error) {
+ hr = procHcsAttachLayerStorageFilter.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsAttachLayerStorageFilter.Addr(), 2, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(layerData)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsDestroyLayer(layerPath string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(layerPath)
+ if hr != nil {
+ return
+ }
+ return _hcsDestroyLayer(_p0)
+}
+
+func _hcsDestroyLayer(layerPath *uint16) (hr error) {
+ hr = procHcsDestroyLayer.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsDestroyLayer.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsDetachLayerStorageFilter(layerPath string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(layerPath)
+ if hr != nil {
+ return
+ }
+ return _hcsDetachLayerStorageFilter(_p0)
+}
+
+func _hcsDetachLayerStorageFilter(layerPath *uint16) (hr error) {
+ hr = procHcsDetachLayerStorageFilter.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsDetachLayerStorageFilter.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsExportLayer(layerPath string, exportFolderPath string, layerData string, options string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(layerPath)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(exportFolderPath)
+ if hr != nil {
+ return
+ }
+ var _p2 *uint16
+ _p2, hr = syscall.UTF16PtrFromString(layerData)
+ if hr != nil {
+ return
+ }
+ var _p3 *uint16
+ _p3, hr = syscall.UTF16PtrFromString(options)
+ if hr != nil {
+ return
+ }
+ return _hcsExportLayer(_p0, _p1, _p2, _p3)
+}
+
+func _hcsExportLayer(layerPath *uint16, exportFolderPath *uint16, layerData *uint16, options *uint16) (hr error) {
+ hr = procHcsExportLayer.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procHcsExportLayer.Addr(), 4, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(exportFolderPath)), uintptr(unsafe.Pointer(layerData)), uintptr(unsafe.Pointer(options)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsFormatWritableLayerVhd(handle windows.Handle) (hr error) {
+ hr = procHcsFormatWritableLayerVhd.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsFormatWritableLayerVhd.Addr(), 1, uintptr(handle), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsGetLayerVhdMountPath(vhdHandle windows.Handle, mountPath **uint16) (hr error) {
+ hr = procHcsGetLayerVhdMountPath.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsGetLayerVhdMountPath.Addr(), 2, uintptr(vhdHandle), uintptr(unsafe.Pointer(mountPath)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsImportLayer(layerPath string, sourceFolderPath string, layerData string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(layerPath)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(sourceFolderPath)
+ if hr != nil {
+ return
+ }
+ var _p2 *uint16
+ _p2, hr = syscall.UTF16PtrFromString(layerData)
+ if hr != nil {
+ return
+ }
+ return _hcsImportLayer(_p0, _p1, _p2)
+}
+
+func _hcsImportLayer(layerPath *uint16, sourceFolderPath *uint16, layerData *uint16) (hr error) {
+ hr = procHcsImportLayer.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsImportLayer.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(sourceFolderPath)), uintptr(unsafe.Pointer(layerData)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsInitializeWritableLayer(writableLayerPath string, layerData string, options string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(writableLayerPath)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(layerData)
+ if hr != nil {
+ return
+ }
+ var _p2 *uint16
+ _p2, hr = syscall.UTF16PtrFromString(options)
+ if hr != nil {
+ return
+ }
+ return _hcsInitializeWritableLayer(_p0, _p1, _p2)
+}
+
+func _hcsInitializeWritableLayer(writableLayerPath *uint16, layerData *uint16, options *uint16) (hr error) {
+ hr = procHcsInitializeWritableLayer.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsInitializeWritableLayer.Addr(), 3, uintptr(unsafe.Pointer(writableLayerPath)), uintptr(unsafe.Pointer(layerData)), uintptr(unsafe.Pointer(options)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsSetupBaseOSLayer(layerPath string, handle windows.Handle, options string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(layerPath)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(options)
+ if hr != nil {
+ return
+ }
+ return _hcsSetupBaseOSLayer(_p0, handle, _p1)
+}
+
+func _hcsSetupBaseOSLayer(layerPath *uint16, handle windows.Handle, options *uint16) (hr error) {
+ hr = procHcsSetupBaseOSLayer.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsSetupBaseOSLayer.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(handle), uintptr(unsafe.Pointer(options)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsSetupBaseOSVolume(layerPath string, volumePath string, options string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(layerPath)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(volumePath)
+ if hr != nil {
+ return
+ }
+ var _p2 *uint16
+ _p2, hr = syscall.UTF16PtrFromString(options)
+ if hr != nil {
+ return
+ }
+ return _hcsSetupBaseOSVolume(_p0, _p1, _p2)
+}
+
+func _hcsSetupBaseOSVolume(layerPath *uint16, volumePath *uint16, options *uint16) (hr error) {
+ hr = procHcsSetupBaseOSVolume.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsSetupBaseOSVolume.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(volumePath)), uintptr(unsafe.Pointer(options)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/container.go b/vendor/github.com/Microsoft/hcsshim/container.go
new file mode 100644
index 000000000..c8f09f88b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/container.go
@@ -0,0 +1,225 @@
+//go:build windows
+
+package hcsshim
+
+import (
+ "context"
+ "fmt"
+ "os"
+ "sync"
+ "time"
+
+ "github.com/Microsoft/hcsshim/internal/hcs"
+ "github.com/Microsoft/hcsshim/internal/hcs/schema1"
+ "github.com/Microsoft/hcsshim/internal/mergemaps"
+)
+
+// ContainerProperties holds the properties for a container and the processes running in that container
+type ContainerProperties = schema1.ContainerProperties
+
+// MemoryStats holds the memory statistics for a container
+type MemoryStats = schema1.MemoryStats
+
+// ProcessorStats holds the processor statistics for a container
+type ProcessorStats = schema1.ProcessorStats
+
+// StorageStats holds the storage statistics for a container
+type StorageStats = schema1.StorageStats
+
+// NetworkStats holds the network statistics for a container
+type NetworkStats = schema1.NetworkStats
+
+// Statistics is the structure returned by a statistics call on a container
+type Statistics = schema1.Statistics
+
+// ProcessList is the structure of an item returned by a ProcessList call on a container
+type ProcessListItem = schema1.ProcessListItem
+
+// MappedVirtualDiskController is the structure of an item returned by a MappedVirtualDiskList call on a container
+type MappedVirtualDiskController = schema1.MappedVirtualDiskController
+
+// Type of Request Support in ModifySystem
+type RequestType = schema1.RequestType
+
+// Type of Resource Support in ModifySystem
+type ResourceType = schema1.ResourceType
+
+// RequestType const
+const (
+ Add = schema1.Add
+ Remove = schema1.Remove
+ Network = schema1.Network
+)
+
+// ResourceModificationRequestResponse is the structure used to send request to the container to modify the system
+// Supported resource types are Network and Request Types are Add/Remove
+type ResourceModificationRequestResponse = schema1.ResourceModificationRequestResponse
+
+type container struct {
+ system *hcs.System
+ waitOnce sync.Once
+ waitErr error
+ waitCh chan struct{}
+}
+
+// createContainerAdditionalJSON is read from the environment at initialization
+// time. It allows an environment variable to define additional JSON which
+// is merged in the CreateComputeSystem call to HCS.
+var createContainerAdditionalJSON []byte
+
+func init() {
+ createContainerAdditionalJSON = ([]byte)(os.Getenv("HCSSHIM_CREATECONTAINER_ADDITIONALJSON"))
+}
+
+// CreateContainer creates a new container with the given configuration but does not start it.
+func CreateContainer(id string, c *ContainerConfig) (Container, error) {
+ fullConfig, err := mergemaps.MergeJSON(c, createContainerAdditionalJSON)
+ if err != nil {
+ return nil, fmt.Errorf("failed to merge additional JSON '%s': %s", createContainerAdditionalJSON, err)
+ }
+
+ system, err := hcs.CreateComputeSystem(context.Background(), id, fullConfig)
+ if err != nil {
+ return nil, err
+ }
+ return &container{system: system}, err
+}
+
+// OpenContainer opens an existing container by ID.
+func OpenContainer(id string) (Container, error) {
+ system, err := hcs.OpenComputeSystem(context.Background(), id)
+ if err != nil {
+ return nil, err
+ }
+ return &container{system: system}, err
+}
+
+// GetContainers gets a list of the containers on the system that match the query
+func GetContainers(q ComputeSystemQuery) ([]ContainerProperties, error) {
+ return hcs.GetComputeSystems(context.Background(), q)
+}
+
+// Start synchronously starts the container.
+func (container *container) Start() error {
+ return convertSystemError(container.system.Start(context.Background()), container)
+}
+
+// Shutdown requests a container shutdown, but it may not actually be shutdown until Wait() succeeds.
+func (container *container) Shutdown() error {
+ err := container.system.Shutdown(context.Background())
+ if err != nil {
+ return convertSystemError(err, container)
+ }
+ return &ContainerError{Container: container, Err: ErrVmcomputeOperationPending, Operation: "hcsshim::ComputeSystem::Shutdown"}
+}
+
+// Terminate requests a container terminate, but it may not actually be terminated until Wait() succeeds.
+func (container *container) Terminate() error {
+ err := container.system.Terminate(context.Background())
+ if err != nil {
+ return convertSystemError(err, container)
+ }
+ return &ContainerError{Container: container, Err: ErrVmcomputeOperationPending, Operation: "hcsshim::ComputeSystem::Terminate"}
+}
+
+// Waits synchronously waits for the container to shutdown or terminate.
+func (container *container) Wait() error {
+ err := container.system.Wait()
+ if err == nil {
+ err = container.system.ExitError()
+ }
+ return convertSystemError(err, container)
+}
+
+// WaitTimeout synchronously waits for the container to terminate or the duration to elapse. It
+// returns false if timeout occurs.
+func (container *container) WaitTimeout(timeout time.Duration) error {
+ container.waitOnce.Do(func() {
+ container.waitCh = make(chan struct{})
+ go func() {
+ container.waitErr = container.Wait()
+ close(container.waitCh)
+ }()
+ })
+ t := time.NewTimer(timeout)
+ defer t.Stop()
+ select {
+ case <-t.C:
+ return &ContainerError{Container: container, Err: ErrTimeout, Operation: "hcsshim::ComputeSystem::Wait"}
+ case <-container.waitCh:
+ return container.waitErr
+ }
+}
+
+// Pause pauses the execution of a container.
+func (container *container) Pause() error {
+ return convertSystemError(container.system.Pause(context.Background()), container)
+}
+
+// Resume resumes the execution of a container.
+func (container *container) Resume() error {
+ return convertSystemError(container.system.Resume(context.Background()), container)
+}
+
+// HasPendingUpdates returns true if the container has updates pending to install
+func (container *container) HasPendingUpdates() (bool, error) {
+ return false, nil
+}
+
+// Statistics returns statistics for the container. This is a legacy v1 call
+func (container *container) Statistics() (Statistics, error) {
+ properties, err := container.system.Properties(context.Background(), schema1.PropertyTypeStatistics)
+ if err != nil {
+ return Statistics{}, convertSystemError(err, container)
+ }
+
+ return properties.Statistics, nil
+}
+
+// ProcessList returns an array of ProcessListItems for the container. This is a legacy v1 call
+func (container *container) ProcessList() ([]ProcessListItem, error) {
+ properties, err := container.system.Properties(context.Background(), schema1.PropertyTypeProcessList)
+ if err != nil {
+ return nil, convertSystemError(err, container)
+ }
+
+ return properties.ProcessList, nil
+}
+
+// This is a legacy v1 call
+func (container *container) MappedVirtualDisks() (map[int]MappedVirtualDiskController, error) {
+ properties, err := container.system.Properties(context.Background(), schema1.PropertyTypeMappedVirtualDisk)
+ if err != nil {
+ return nil, convertSystemError(err, container)
+ }
+
+ return properties.MappedVirtualDiskControllers, nil
+}
+
+// CreateProcess launches a new process within the container.
+func (container *container) CreateProcess(c *ProcessConfig) (Process, error) {
+ p, err := container.system.CreateProcess(context.Background(), c)
+ if err != nil {
+ return nil, convertSystemError(err, container)
+ }
+ return &process{p: p.(*hcs.Process)}, nil
+}
+
+// OpenProcess gets an interface to an existing process within the container.
+func (container *container) OpenProcess(pid int) (Process, error) {
+ p, err := container.system.OpenProcess(context.Background(), pid)
+ if err != nil {
+ return nil, convertSystemError(err, container)
+ }
+ return &process{p: p}, nil
+}
+
+// Close cleans up any state associated with the container but does not terminate or wait for it.
+func (container *container) Close() error {
+ return convertSystemError(container.system.Close(), container)
+}
+
+// Modify the System
+func (container *container) Modify(config *ResourceModificationRequestResponse) error {
+ return convertSystemError(container.system.Modify(context.Background(), config), container)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/errors.go b/vendor/github.com/Microsoft/hcsshim/errors.go
new file mode 100644
index 000000000..594bbfb7a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/errors.go
@@ -0,0 +1,250 @@
+//go:build windows
+
+package hcsshim
+
+import (
+ "fmt"
+ "syscall"
+
+ "github.com/Microsoft/hcsshim/internal/hns"
+
+ "github.com/Microsoft/hcsshim/internal/hcs"
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+)
+
+var (
+ // ErrComputeSystemDoesNotExist is an error encountered when the container being operated on no longer exists = hcs.exist
+ ErrComputeSystemDoesNotExist = hcs.ErrComputeSystemDoesNotExist
+
+ // ErrElementNotFound is an error encountered when the object being referenced does not exist
+ ErrElementNotFound = hcs.ErrElementNotFound
+
+ // ErrElementNotFound is an error encountered when the object being referenced does not exist
+ ErrNotSupported = hcs.ErrNotSupported
+
+ // ErrInvalidData is an error encountered when the request being sent to hcs is invalid/unsupported
+ // decimal -2147024883 / hex 0x8007000d
+ ErrInvalidData = hcs.ErrInvalidData
+
+ // ErrHandleClose is an error encountered when the handle generating the notification being waited on has been closed
+ ErrHandleClose = hcs.ErrHandleClose
+
+ // ErrAlreadyClosed is an error encountered when using a handle that has been closed by the Close method
+ ErrAlreadyClosed = hcs.ErrAlreadyClosed
+
+ // ErrInvalidNotificationType is an error encountered when an invalid notification type is used
+ ErrInvalidNotificationType = hcs.ErrInvalidNotificationType
+
+ // ErrInvalidProcessState is an error encountered when the process is not in a valid state for the requested operation
+ ErrInvalidProcessState = hcs.ErrInvalidProcessState
+
+ // ErrTimeout is an error encountered when waiting on a notification times out
+ ErrTimeout = hcs.ErrTimeout
+
+ // ErrUnexpectedContainerExit is the error encountered when a container exits while waiting for
+ // a different expected notification
+ ErrUnexpectedContainerExit = hcs.ErrUnexpectedContainerExit
+
+ // ErrUnexpectedProcessAbort is the error encountered when communication with the compute service
+ // is lost while waiting for a notification
+ ErrUnexpectedProcessAbort = hcs.ErrUnexpectedProcessAbort
+
+ // ErrUnexpectedValue is an error encountered when hcs returns an invalid value
+ ErrUnexpectedValue = hcs.ErrUnexpectedValue
+
+ // ErrOperationDenied is an error when hcs attempts an operation that is explicitly denied
+ ErrOperationDenied = hcs.ErrOperationDenied
+
+ // ErrVmcomputeAlreadyStopped is an error encountered when a shutdown or terminate request is made on a stopped container
+ ErrVmcomputeAlreadyStopped = hcs.ErrVmcomputeAlreadyStopped
+
+ // ErrVmcomputeOperationPending is an error encountered when the operation is being completed asynchronously
+ ErrVmcomputeOperationPending = hcs.ErrVmcomputeOperationPending
+
+ // ErrVmcomputeOperationInvalidState is an error encountered when the compute system is not in a valid state for the requested operation
+ ErrVmcomputeOperationInvalidState = hcs.ErrVmcomputeOperationInvalidState
+
+ // ErrProcNotFound is an error encountered when a procedure look up fails.
+ ErrProcNotFound = hcs.ErrProcNotFound
+
+ // ErrVmcomputeOperationAccessIsDenied is an error which can be encountered when enumerating compute systems in RS1/RS2
+ // builds when the underlying silo might be in the process of terminating. HCS was fixed in RS3.
+ ErrVmcomputeOperationAccessIsDenied = hcs.ErrVmcomputeOperationAccessIsDenied
+
+ // ErrVmcomputeInvalidJSON is an error encountered when the compute system does not support/understand the messages sent by management
+ ErrVmcomputeInvalidJSON = hcs.ErrVmcomputeInvalidJSON
+
+ // ErrVmcomputeUnknownMessage is an error encountered guest compute system doesn't support the message
+ ErrVmcomputeUnknownMessage = hcs.ErrVmcomputeUnknownMessage
+
+ // ErrNotSupported is an error encountered when hcs doesn't support the request
+ ErrPlatformNotSupported = hcs.ErrPlatformNotSupported
+)
+
+type EndpointNotFoundError = hns.EndpointNotFoundError
+type NetworkNotFoundError = hns.NetworkNotFoundError
+
+// ProcessError is an error encountered in HCS during an operation on a Process object
+type ProcessError struct {
+ Process *process
+ Operation string
+ Err error
+ Events []hcs.ErrorEvent
+}
+
+// ContainerError is an error encountered in HCS during an operation on a Container object
+type ContainerError struct {
+ Container *container
+ Operation string
+ Err error
+ Events []hcs.ErrorEvent
+}
+
+func (e *ContainerError) Error() string {
+ if e == nil {
+ return ""
+ }
+
+ if e.Container == nil {
+ return "unexpected nil container for error: " + e.Err.Error()
+ }
+
+ s := "container " + e.Container.system.ID()
+
+ if e.Operation != "" {
+ s += " encountered an error during " + e.Operation
+ }
+
+ switch e.Err.(type) {
+ case nil:
+ break
+ case syscall.Errno:
+ s += fmt.Sprintf(": failure in a Windows system call: %s (0x%x)", e.Err, hcserror.Win32FromError(e.Err))
+ default:
+ s += fmt.Sprintf(": %s", e.Err.Error())
+ }
+
+ for _, ev := range e.Events {
+ s += "\n" + ev.String()
+ }
+
+ return s
+}
+
+func (e *ProcessError) Error() string {
+ if e == nil {
+ return ""
+ }
+
+ if e.Process == nil {
+ return "Unexpected nil process for error: " + e.Err.Error()
+ }
+
+ s := fmt.Sprintf("process %d in container %s", e.Process.p.Pid(), e.Process.p.SystemID())
+ if e.Operation != "" {
+ s += " encountered an error during " + e.Operation
+ }
+
+ switch e.Err.(type) {
+ case nil:
+ break
+ case syscall.Errno:
+ s += fmt.Sprintf(": failure in a Windows system call: %s (0x%x)", e.Err, hcserror.Win32FromError(e.Err))
+ default:
+ s += fmt.Sprintf(": %s", e.Err.Error())
+ }
+
+ for _, ev := range e.Events {
+ s += "\n" + ev.String()
+ }
+
+ return s
+}
+
+// IsNotExist checks if an error is caused by the Container or Process not existing.
+// Note: Currently, ErrElementNotFound can mean that a Process has either
+// already exited, or does not exist. Both IsAlreadyStopped and IsNotExist
+// will currently return true when the error is ErrElementNotFound.
+func IsNotExist(err error) bool {
+ if _, ok := err.(EndpointNotFoundError); ok {
+ return true
+ }
+ if _, ok := err.(NetworkNotFoundError); ok {
+ return true
+ }
+ return hcs.IsNotExist(getInnerError(err))
+}
+
+// IsAlreadyClosed checks if an error is caused by the Container or Process having been
+// already closed by a call to the Close() method.
+func IsAlreadyClosed(err error) bool {
+ return hcs.IsAlreadyClosed(getInnerError(err))
+}
+
+// IsPending returns a boolean indicating whether the error is that
+// the requested operation is being completed in the background.
+func IsPending(err error) bool {
+ return hcs.IsPending(getInnerError(err))
+}
+
+// IsTimeout returns a boolean indicating whether the error is caused by
+// a timeout waiting for the operation to complete.
+func IsTimeout(err error) bool {
+ return hcs.IsTimeout(getInnerError(err))
+}
+
+// IsAlreadyStopped returns a boolean indicating whether the error is caused by
+// a Container or Process being already stopped.
+// Note: Currently, ErrElementNotFound can mean that a Process has either
+// already exited, or does not exist. Both IsAlreadyStopped and IsNotExist
+// will currently return true when the error is ErrElementNotFound.
+func IsAlreadyStopped(err error) bool {
+ return hcs.IsAlreadyStopped(getInnerError(err))
+}
+
+// IsNotSupported returns a boolean indicating whether the error is caused by
+// unsupported platform requests
+// Note: Currently Unsupported platform requests can be mean either
+// ErrVmcomputeInvalidJSON, ErrInvalidData, ErrNotSupported or ErrVmcomputeUnknownMessage
+// is thrown from the Platform
+func IsNotSupported(err error) bool {
+ return hcs.IsNotSupported(getInnerError(err))
+}
+
+// IsOperationInvalidState returns true when err is caused by
+// `ErrVmcomputeOperationInvalidState`.
+func IsOperationInvalidState(err error) bool {
+ return hcs.IsOperationInvalidState(getInnerError(err))
+}
+
+// IsAccessIsDenied returns true when err is caused by
+// `ErrVmcomputeOperationAccessIsDenied`.
+func IsAccessIsDenied(err error) bool {
+ return hcs.IsAccessIsDenied(getInnerError(err))
+}
+
+func getInnerError(err error) error {
+ switch pe := err.(type) {
+ case nil:
+ return nil
+ case *ContainerError:
+ err = pe.Err
+ case *ProcessError:
+ err = pe.Err
+ }
+ return err
+}
+
+func convertSystemError(err error, c *container) error {
+ if serr, ok := err.(*hcs.SystemError); ok {
+ return &ContainerError{Container: c, Operation: serr.Op, Err: serr.Err, Events: serr.Events}
+ }
+ return err
+}
+
+func convertProcessError(err error, p *process) error {
+ if perr, ok := err.(*hcs.ProcessError); ok {
+ return &ProcessError{Process: p, Operation: perr.Op, Err: perr.Err, Events: perr.Events}
+ }
+ return err
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/hcsshim.go b/vendor/github.com/Microsoft/hcsshim/hcsshim.go
new file mode 100644
index 000000000..13f80e4a8
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/hcsshim.go
@@ -0,0 +1,30 @@
+//go:build windows
+
+// Shim for the Host Compute Service (HCS) to manage Windows Server
+// containers and Hyper-V containers.
+
+package hcsshim
+
+import (
+ "golang.org/x/sys/windows"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+)
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go hcsshim.go
+
+//sys SetCurrentThreadCompartmentId(compartmentId uint32) (hr error) = iphlpapi.SetCurrentThreadCompartmentId
+
+const (
+ // Specific user-visible exit codes
+ WaitErrExecFailed = 32767
+
+ ERROR_GEN_FAILURE = windows.ERROR_GEN_FAILURE
+ ERROR_SHUTDOWN_IN_PROGRESS = windows.ERROR_SHUTDOWN_IN_PROGRESS
+ WSAEINVAL = windows.WSAEINVAL
+
+ // Timeout on wait calls
+ TimeoutInfinite = 0xFFFFFFFF
+)
+
+type HcsError = hcserror.HcsError
diff --git a/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go b/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go
new file mode 100644
index 000000000..d8a73de98
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go
@@ -0,0 +1,120 @@
+//go:build windows
+
+package hcsshim
+
+import (
+ "github.com/Microsoft/hcsshim/internal/hns"
+)
+
+// HNSEndpoint represents a network endpoint in HNS
+type HNSEndpoint = hns.HNSEndpoint
+
+// HNSEndpointStats represent the stats for an networkendpoint in HNS
+type HNSEndpointStats = hns.EndpointStats
+
+// Namespace represents a Compartment.
+type Namespace = hns.Namespace
+
+// SystemType represents the type of the system on which actions are done
+type SystemType string
+
+// SystemType const
+const (
+ ContainerType SystemType = "Container"
+ VirtualMachineType SystemType = "VirtualMachine"
+ HostType SystemType = "Host"
+)
+
+// EndpointAttachDetachRequest is the structure used to send request to the container to modify the system
+// Supported resource types are Network and Request Types are Add/Remove
+type EndpointAttachDetachRequest = hns.EndpointAttachDetachRequest
+
+// EndpointResquestResponse is object to get the endpoint request response
+type EndpointResquestResponse = hns.EndpointResquestResponse
+
+// HNSEndpointRequest makes a HNS call to modify/query a network endpoint
+func HNSEndpointRequest(method, path, request string) (*HNSEndpoint, error) {
+ return hns.HNSEndpointRequest(method, path, request)
+}
+
+// HNSListEndpointRequest makes a HNS call to query the list of available endpoints
+func HNSListEndpointRequest() ([]HNSEndpoint, error) {
+ return hns.HNSListEndpointRequest()
+}
+
+// HotAttachEndpoint makes a HCS Call to attach the endpoint to the container
+func HotAttachEndpoint(containerID string, endpointID string) error {
+ endpoint, err := GetHNSEndpointByID(endpointID)
+ if err != nil {
+ return err
+ }
+ isAttached, err := endpoint.IsAttached(containerID)
+ if isAttached {
+ return err
+ }
+ return modifyNetworkEndpoint(containerID, endpointID, Add)
+}
+
+// HotDetachEndpoint makes a HCS Call to detach the endpoint from the container
+func HotDetachEndpoint(containerID string, endpointID string) error {
+ endpoint, err := GetHNSEndpointByID(endpointID)
+ if err != nil {
+ return err
+ }
+ isAttached, err := endpoint.IsAttached(containerID)
+ if !isAttached {
+ return err
+ }
+ return modifyNetworkEndpoint(containerID, endpointID, Remove)
+}
+
+// ModifyContainer corresponding to the container id, by sending a request
+func modifyContainer(id string, request *ResourceModificationRequestResponse) error {
+ container, err := OpenContainer(id)
+ if err != nil {
+ if IsNotExist(err) {
+ return ErrComputeSystemDoesNotExist
+ }
+ return getInnerError(err)
+ }
+ defer container.Close()
+ err = container.Modify(request)
+ if err != nil {
+ if IsNotSupported(err) {
+ return ErrPlatformNotSupported
+ }
+ return getInnerError(err)
+ }
+
+ return nil
+}
+
+func modifyNetworkEndpoint(containerID string, endpointID string, request RequestType) error {
+ requestMessage := &ResourceModificationRequestResponse{
+ Resource: Network,
+ Request: request,
+ Data: endpointID,
+ }
+ err := modifyContainer(containerID, requestMessage)
+
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+// GetHNSEndpointByID get the Endpoint by ID
+func GetHNSEndpointByID(endpointID string) (*HNSEndpoint, error) {
+ return hns.GetHNSEndpointByID(endpointID)
+}
+
+// GetHNSEndpointByName gets the endpoint filtered by Name
+func GetHNSEndpointByName(endpointName string) (*HNSEndpoint, error) {
+ return hns.GetHNSEndpointByName(endpointName)
+}
+
+// GetHNSEndpointStats gets the endpoint stats by ID
+func GetHNSEndpointStats(endpointName string) (*HNSEndpointStats, error) {
+ return hns.GetHNSEndpointStats(endpointName)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/hnsglobals.go b/vendor/github.com/Microsoft/hcsshim/hnsglobals.go
new file mode 100644
index 000000000..c564bf4a3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/hnsglobals.go
@@ -0,0 +1,18 @@
+//go:build windows
+
+package hcsshim
+
+import (
+ "github.com/Microsoft/hcsshim/internal/hns"
+)
+
+type HNSGlobals = hns.HNSGlobals
+type HNSVersion = hns.HNSVersion
+
+var (
+ HNSVersion1803 = hns.HNSVersion1803
+)
+
+func GetHNSGlobals() (*HNSGlobals, error) {
+ return hns.GetHNSGlobals()
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/hnsnetwork.go b/vendor/github.com/Microsoft/hcsshim/hnsnetwork.go
new file mode 100644
index 000000000..925c21249
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/hnsnetwork.go
@@ -0,0 +1,38 @@
+//go:build windows
+
+package hcsshim
+
+import (
+ "github.com/Microsoft/hcsshim/internal/hns"
+)
+
+// Subnet is associated with a network and represents a list
+// of subnets available to the network
+type Subnet = hns.Subnet
+
+// MacPool is associated with a network and represents a list
+// of macaddresses available to the network
+type MacPool = hns.MacPool
+
+// HNSNetwork represents a network in HNS
+type HNSNetwork = hns.HNSNetwork
+
+// HNSNetworkRequest makes a call into HNS to update/query a single network
+func HNSNetworkRequest(method, path, request string) (*HNSNetwork, error) {
+ return hns.HNSNetworkRequest(method, path, request)
+}
+
+// HNSListNetworkRequest makes a HNS call to query the list of available networks
+func HNSListNetworkRequest(method, path, request string) ([]HNSNetwork, error) {
+ return hns.HNSListNetworkRequest(method, path, request)
+}
+
+// GetHNSNetworkByID
+func GetHNSNetworkByID(networkID string) (*HNSNetwork, error) {
+ return hns.GetHNSNetworkByID(networkID)
+}
+
+// GetHNSNetworkName filtered by Name
+func GetHNSNetworkByName(networkName string) (*HNSNetwork, error) {
+ return hns.GetHNSNetworkByName(networkName)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/hnspolicy.go b/vendor/github.com/Microsoft/hcsshim/hnspolicy.go
new file mode 100644
index 000000000..00ab26364
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/hnspolicy.go
@@ -0,0 +1,60 @@
+package hcsshim
+
+import (
+ "github.com/Microsoft/hcsshim/internal/hns"
+)
+
+// Type of Request Support in ModifySystem
+type PolicyType = hns.PolicyType
+
+// RequestType const
+const (
+ Nat = hns.Nat
+ ACL = hns.ACL
+ PA = hns.PA
+ VLAN = hns.VLAN
+ VSID = hns.VSID
+ VNet = hns.VNet
+ L2Driver = hns.L2Driver
+ Isolation = hns.Isolation
+ QOS = hns.QOS
+ OutboundNat = hns.OutboundNat
+ ExternalLoadBalancer = hns.ExternalLoadBalancer
+ Route = hns.Route
+ Proxy = hns.Proxy
+)
+
+type ProxyPolicy = hns.ProxyPolicy
+
+type NatPolicy = hns.NatPolicy
+
+type QosPolicy = hns.QosPolicy
+
+type IsolationPolicy = hns.IsolationPolicy
+
+type VlanPolicy = hns.VlanPolicy
+
+type VsidPolicy = hns.VsidPolicy
+
+type PaPolicy = hns.PaPolicy
+
+type OutboundNatPolicy = hns.OutboundNatPolicy
+
+type ActionType = hns.ActionType
+type DirectionType = hns.DirectionType
+type RuleType = hns.RuleType
+
+const (
+ Allow = hns.Allow
+ Block = hns.Block
+
+ In = hns.In
+ Out = hns.Out
+
+ Host = hns.Host
+ Switch = hns.Switch
+)
+
+type ACLPolicy = hns.ACLPolicy
+
+type Policy = hns.Policy
diff --git a/vendor/github.com/Microsoft/hcsshim/hnspolicylist.go b/vendor/github.com/Microsoft/hcsshim/hnspolicylist.go
new file mode 100644
index 000000000..9bfe61ee8
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/hnspolicylist.go
@@ -0,0 +1,49 @@
+//go:build windows
+
+package hcsshim
+
+import (
+ "github.com/Microsoft/hcsshim/internal/hns"
+)
+
+// RoutePolicy is a structure defining schema for Route based Policy
+type RoutePolicy = hns.RoutePolicy
+
+// ELBPolicy is a structure defining schema for ELB LoadBalancing based Policy
+type ELBPolicy = hns.ELBPolicy
+
+// LBPolicy is a structure defining schema for LoadBalancing based Policy
+type LBPolicy = hns.LBPolicy
+
+// PolicyList is a structure defining schema for Policy list request
+type PolicyList = hns.PolicyList
+
+// HNSPolicyListRequest makes a call into HNS to update/query a single network
+func HNSPolicyListRequest(method, path, request string) (*PolicyList, error) {
+ return hns.HNSPolicyListRequest(method, path, request)
+}
+
+// HNSListPolicyListRequest gets all the policy list
+func HNSListPolicyListRequest() ([]PolicyList, error) {
+ return hns.HNSListPolicyListRequest()
+}
+
+// PolicyListRequest makes a HNS call to modify/query a network policy list
+func PolicyListRequest(method, path, request string) (*PolicyList, error) {
+ return hns.PolicyListRequest(method, path, request)
+}
+
+// GetPolicyListByID get the policy list by ID
+func GetPolicyListByID(policyListID string) (*PolicyList, error) {
+ return hns.GetPolicyListByID(policyListID)
+}
+
+// AddLoadBalancer policy list for the specified endpoints
+func AddLoadBalancer(endpoints []HNSEndpoint, isILB bool, sourceVIP, vip string, protocol uint16, internalPort uint16, externalPort uint16) (*PolicyList, error) {
+ return hns.AddLoadBalancer(endpoints, isILB, sourceVIP, vip, protocol, internalPort, externalPort)
+}
+
+// AddRoute adds route policy list for the specified endpoints
+func AddRoute(endpoints []HNSEndpoint, destinationPrefix string, nextHop string, encapEnabled bool) (*PolicyList, error) {
+ return hns.AddRoute(endpoints, destinationPrefix, nextHop, encapEnabled)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/hnssupport.go b/vendor/github.com/Microsoft/hcsshim/hnssupport.go
new file mode 100644
index 000000000..d97681e0c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/hnssupport.go
@@ -0,0 +1,15 @@
+//go:build windows
+
+package hcsshim
+
+import (
+ "github.com/Microsoft/hcsshim/internal/hns"
+)
+
+type HNSSupportedFeatures = hns.HNSSupportedFeatures
+
+type HNSAclFeatures = hns.HNSAclFeatures
+
+func GetHNSSupportedFeatures() HNSSupportedFeatures {
+ return hns.GetHNSSupportedFeatures()
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/interface.go b/vendor/github.com/Microsoft/hcsshim/interface.go
new file mode 100644
index 000000000..81a281951
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/interface.go
@@ -0,0 +1,116 @@
+//go:build windows
+
+package hcsshim
+
+import (
+ "io"
+ "time"
+
+ "github.com/Microsoft/hcsshim/internal/hcs/schema1"
+)
+
+// ProcessConfig is used as both the input of Container.CreateProcess
+// and to convert the parameters to JSON for passing onto the HCS
+type ProcessConfig = schema1.ProcessConfig
+
+type Layer = schema1.Layer
+type MappedDir = schema1.MappedDir
+type MappedPipe = schema1.MappedPipe
+type HvRuntime = schema1.HvRuntime
+type MappedVirtualDisk = schema1.MappedVirtualDisk
+
+// AssignedDevice represents a device that has been directly assigned to a container
+//
+// NOTE: Support added in RS5
+type AssignedDevice = schema1.AssignedDevice
+
+// ContainerConfig is used as both the input of CreateContainer
+// and to convert the parameters to JSON for passing onto the HCS
+type ContainerConfig = schema1.ContainerConfig
+
+type ComputeSystemQuery = schema1.ComputeSystemQuery
+
+// Container represents a created (but not necessarily running) container.
+type Container interface {
+ // Start synchronously starts the container.
+ Start() error
+
+ // Shutdown requests a container shutdown, but it may not actually be shutdown until Wait() succeeds.
+ Shutdown() error
+
+ // Terminate requests a container terminate, but it may not actually be terminated until Wait() succeeds.
+ Terminate() error
+
+ // Waits synchronously waits for the container to shutdown or terminate.
+ Wait() error
+
+ // WaitTimeout synchronously waits for the container to terminate or the duration to elapse. It
+ // returns false if timeout occurs.
+ WaitTimeout(time.Duration) error
+
+ // Pause pauses the execution of a container.
+ Pause() error
+
+ // Resume resumes the execution of a container.
+ Resume() error
+
+ // HasPendingUpdates returns true if the container has updates pending to install.
+ HasPendingUpdates() (bool, error)
+
+ // Statistics returns statistics for a container.
+ Statistics() (Statistics, error)
+
+ // ProcessList returns details for the processes in a container.
+ ProcessList() ([]ProcessListItem, error)
+
+ // MappedVirtualDisks returns virtual disks mapped to a utility VM, indexed by controller
+ MappedVirtualDisks() (map[int]MappedVirtualDiskController, error)
+
+ // CreateProcess launches a new process within the container.
+ CreateProcess(c *ProcessConfig) (Process, error)
+
+ // OpenProcess gets an interface to an existing process within the container.
+ OpenProcess(pid int) (Process, error)
+
+ // Close cleans up any state associated with the container but does not terminate or wait for it.
+ Close() error
+
+ // Modify the System
+ Modify(config *ResourceModificationRequestResponse) error
+}
+
+// Process represents a running or exited process.
+type Process interface {
+ // Pid returns the process ID of the process within the container.
+ Pid() int
+
+ // Kill signals the process to terminate but does not wait for it to finish terminating.
+ Kill() error
+
+ // Wait waits for the process to exit.
+ Wait() error
+
+ // WaitTimeout waits for the process to exit or the duration to elapse. It returns
+ // false if timeout occurs.
+ WaitTimeout(time.Duration) error
+
+ // ExitCode returns the exit code of the process. The process must have
+ // already terminated.
+ ExitCode() (int, error)
+
+ // ResizeConsole resizes the console of the process.
+ ResizeConsole(width, height uint16) error
+
+ // Stdio returns the stdin, stdout, and stderr pipes, respectively. Closing
+ // these pipes does not close the underlying pipes; it should be possible to
+ // call this multiple times to get multiple interfaces.
+ Stdio() (io.WriteCloser, io.ReadCloser, io.ReadCloser, error)
+
+ // CloseStdin closes the write side of the stdin pipe so that the process is
+ // notified on the read side that there is no more data in stdin.
+ CloseStdin() error
+
+ // Close cleans up any state associated with the process but does not kill
+ // or wait on it.
+ Close() error
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go b/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go
new file mode 100644
index 000000000..b60cd383b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go
@@ -0,0 +1,99 @@
+//go:build windows
+
+package cow
+
+import (
+ "context"
+ "io"
+
+ "github.com/Microsoft/hcsshim/internal/hcs/schema1"
+ hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+)
+
+// Process is the interface for an OS process running in a container or utility VM.
+type Process interface {
+ // Close releases resources associated with the process and closes the
+ // writer and readers returned by Stdio. Depending on the implementation,
+ // this may also terminate the process.
+ Close() error
+ // CloseStdin causes the process's stdin handle to receive EOF/EPIPE/whatever
+ // is appropriate to indicate that no more data is available.
+ CloseStdin(ctx context.Context) error
+ // CloseStdout closes the stdout connection to the process. It is used to indicate
+ // that we are done receiving output on the shim side.
+ CloseStdout(ctx context.Context) error
+ // CloseStderr closes the stderr connection to the process. It is used to indicate
+ // that we are done receiving output on the shim side.
+ CloseStderr(ctx context.Context) error
+ // Pid returns the process ID.
+ Pid() int
+ // Stdio returns the stdio streams for a process. These may be nil if a stream
+ // was not requested during CreateProcess.
+ Stdio() (_ io.Writer, _ io.Reader, _ io.Reader)
+ // ResizeConsole resizes the virtual terminal associated with the process.
+ ResizeConsole(ctx context.Context, width, height uint16) error
+ // Kill sends a SIGKILL or equivalent signal to the process and returns whether
+ // the signal was delivered. It does not wait for the process to terminate.
+ Kill(ctx context.Context) (bool, error)
+ // Signal sends a signal to the process and returns whether the signal was
+ // delivered. The input is OS specific (either
+ // guestrequest.SignalProcessOptionsWCOW or
+ // guestrequest.SignalProcessOptionsLCOW). It does not wait for the process
+ // to terminate.
+ Signal(ctx context.Context, options interface{}) (bool, error)
+ // Wait waits for the process to complete, or for a connection to the process to be
+ // terminated by some error condition (including calling Close).
+ Wait() error
+ // ExitCode returns the exit code of the process. Returns an error if the process is
+ // not running.
+ ExitCode() (int, error)
+}
+
+// ProcessHost is the interface for creating processes.
+type ProcessHost interface {
+ // CreateProcess creates a process. The configuration is host specific
+ // (either hcsschema.ProcessParameters or lcow.ProcessParameters).
+ CreateProcess(ctx context.Context, config interface{}) (Process, error)
+ // OS returns the host's operating system, "linux" or "windows".
+ OS() string
+ // IsOCI specifies whether this is an OCI-compliant process host. If true,
+ // then the configuration passed to CreateProcess should have an OCI process
+ // spec (or nil if this is the initial process in an OCI container).
+ // Otherwise, it should have the HCS-specific process parameters.
+ IsOCI() bool
+}
+
+// Container is the interface for container objects, either running on the host or
+// in a utility VM.
+type Container interface {
+ ProcessHost
+ // Close releases the resources associated with the container. Depending on
+ // the implementation, this may also terminate the container.
+ Close() error
+ // ID returns the container ID.
+ ID() string
+ // Properties returns the requested container properties targeting a V1 schema container.
+ Properties(ctx context.Context, types ...schema1.PropertyType) (*schema1.ContainerProperties, error)
+ // PropertiesV2 returns the requested container properties targeting a V2 schema container.
+ PropertiesV2(ctx context.Context, types ...hcsschema.PropertyType) (*hcsschema.Properties, error)
+ // Start starts a container.
+ Start(ctx context.Context) error
+ // Shutdown sends a shutdown request to the container (but does not wait for
+ // the shutdown to complete).
+ Shutdown(ctx context.Context) error
+ // Terminate sends a terminate request to the container (but does not wait
+ // for the terminate to complete).
+ Terminate(ctx context.Context) error
+ // Wait waits for the container to terminate, or for the connection to the
+ // container to be terminated by some error condition (including calling
+ // Close).
+ Wait() error
+ // WaitChannel returns the wait channel of the container
+ WaitChannel() <-chan struct{}
+ // WaitError returns the container termination error.
+ // This function should only be called after the channel in WaitChannel()
+ // is closed. Otherwise it is not thread safe.
+ WaitError() error
+ // Modify sends a request to modify container resources
+ Modify(ctx context.Context, config interface{}) error
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go
new file mode 100644
index 000000000..7b27173c3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go
@@ -0,0 +1,163 @@
+//go:build windows
+
+package hcs
+
+import (
+ "fmt"
+ "sync"
+ "syscall"
+
+ "github.com/Microsoft/hcsshim/internal/interop"
+ "github.com/Microsoft/hcsshim/internal/logfields"
+ "github.com/Microsoft/hcsshim/internal/vmcompute"
+ "github.com/sirupsen/logrus"
+)
+
+var (
+ nextCallback uintptr
+ callbackMap = map[uintptr]*notificationWatcherContext{}
+ callbackMapLock = sync.RWMutex{}
+
+ notificationWatcherCallback = syscall.NewCallback(notificationWatcher)
+
+ // Notifications for HCS_SYSTEM handles
+ hcsNotificationSystemExited hcsNotification = 0x00000001
+ hcsNotificationSystemCreateCompleted hcsNotification = 0x00000002
+ hcsNotificationSystemStartCompleted hcsNotification = 0x00000003
+ hcsNotificationSystemPauseCompleted hcsNotification = 0x00000004
+ hcsNotificationSystemResumeCompleted hcsNotification = 0x00000005
+ hcsNotificationSystemCrashReport hcsNotification = 0x00000006
+ hcsNotificationSystemSiloJobCreated hcsNotification = 0x00000007
+ hcsNotificationSystemSaveCompleted hcsNotification = 0x00000008
+ hcsNotificationSystemRdpEnhancedModeStateChanged hcsNotification = 0x00000009
+ hcsNotificationSystemShutdownFailed hcsNotification = 0x0000000A
+ hcsNotificationSystemGetPropertiesCompleted hcsNotification = 0x0000000B
+ hcsNotificationSystemModifyCompleted hcsNotification = 0x0000000C
+ hcsNotificationSystemCrashInitiated hcsNotification = 0x0000000D
+ hcsNotificationSystemGuestConnectionClosed hcsNotification = 0x0000000E
+
+ // Notifications for HCS_PROCESS handles
+ hcsNotificationProcessExited hcsNotification = 0x00010000
+
+ // Common notifications
+ hcsNotificationInvalid hcsNotification = 0x00000000
+ hcsNotificationServiceDisconnect hcsNotification = 0x01000000
+)
+
+type hcsNotification uint32
+
+func (hn hcsNotification) String() string {
+ switch hn {
+ case hcsNotificationSystemExited:
+ return "SystemExited"
+ case hcsNotificationSystemCreateCompleted:
+ return "SystemCreateCompleted"
+ case hcsNotificationSystemStartCompleted:
+ return "SystemStartCompleted"
+ case hcsNotificationSystemPauseCompleted:
+ return "SystemPauseCompleted"
+ case hcsNotificationSystemResumeCompleted:
+ return "SystemResumeCompleted"
+ case hcsNotificationSystemCrashReport:
+ return "SystemCrashReport"
+ case hcsNotificationSystemSiloJobCreated:
+ return "SystemSiloJobCreated"
+ case hcsNotificationSystemSaveCompleted:
+ return "SystemSaveCompleted"
+ case hcsNotificationSystemRdpEnhancedModeStateChanged:
+ return "SystemRdpEnhancedModeStateChanged"
+ case hcsNotificationSystemShutdownFailed:
+ return "SystemShutdownFailed"
+ case hcsNotificationSystemGetPropertiesCompleted:
+ return "SystemGetPropertiesCompleted"
+ case hcsNotificationSystemModifyCompleted:
+ return "SystemModifyCompleted"
+ case hcsNotificationSystemCrashInitiated:
+ return "SystemCrashInitiated"
+ case hcsNotificationSystemGuestConnectionClosed:
+ return "SystemGuestConnectionClosed"
+ case hcsNotificationProcessExited:
+ return "ProcessExited"
+ case hcsNotificationInvalid:
+ return "Invalid"
+ case hcsNotificationServiceDisconnect:
+ return "ServiceDisconnect"
+ default:
+ return fmt.Sprintf("Unknown: %d", hn)
+ }
+}
+
+type notificationChannel chan error
+
+type notificationWatcherContext struct {
+ channels notificationChannels
+ handle vmcompute.HcsCallback
+
+ systemID string
+ processID int
+}
+
+type notificationChannels map[hcsNotification]notificationChannel
+
+func newSystemChannels() notificationChannels {
+ channels := make(notificationChannels)
+ for _, notif := range []hcsNotification{
+ hcsNotificationServiceDisconnect,
+ hcsNotificationSystemExited,
+ hcsNotificationSystemCreateCompleted,
+ hcsNotificationSystemStartCompleted,
+ hcsNotificationSystemPauseCompleted,
+ hcsNotificationSystemResumeCompleted,
+ hcsNotificationSystemSaveCompleted,
+ } {
+ channels[notif] = make(notificationChannel, 1)
+ }
+ return channels
+}
+
+func newProcessChannels() notificationChannels {
+ channels := make(notificationChannels)
+ for _, notif := range []hcsNotification{
+ hcsNotificationServiceDisconnect,
+ hcsNotificationProcessExited,
+ } {
+ channels[notif] = make(notificationChannel, 1)
+ }
+ return channels
+}
+
+func closeChannels(channels notificationChannels) {
+ for _, c := range channels {
+ close(c)
+ }
+}
+
+func notificationWatcher(notificationType hcsNotification, callbackNumber uintptr, notificationStatus uintptr, notificationData *uint16) uintptr {
+ var result error
+ if int32(notificationStatus) < 0 {
+ result = interop.Win32FromHresult(notificationStatus)
+ }
+
+ callbackMapLock.RLock()
+ context := callbackMap[callbackNumber]
+ callbackMapLock.RUnlock()
+
+ if context == nil {
+ return 0
+ }
+
+ log := logrus.WithFields(logrus.Fields{
+ "notification-type": notificationType.String(),
+ "system-id": context.systemID,
+ })
+ if context.processID != 0 {
+ log.Data[logfields.ProcessID] = context.processID
+ }
+ log.Debug("HCS notification")
+
+ if channel, ok := context.channels[notificationType]; ok {
+ channel <- result
+ }
+
+ return 0
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/doc.go
new file mode 100644
index 000000000..d792dda98
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/doc.go
@@ -0,0 +1 @@
+package hcs
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go
new file mode 100644
index 000000000..3e10f5c7e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go
@@ -0,0 +1,336 @@
+//go:build windows
+
+package hcs
+
+import (
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "net"
+ "syscall"
+
+ "github.com/Microsoft/hcsshim/internal/log"
+)
+
+var (
+ // ErrComputeSystemDoesNotExist is an error encountered when the container being operated on no longer exists
+ ErrComputeSystemDoesNotExist = syscall.Errno(0xc037010e)
+
+ // ErrElementNotFound is an error encountered when the object being referenced does not exist
+ ErrElementNotFound = syscall.Errno(0x490)
+
+ // ErrElementNotFound is an error encountered when the object being referenced does not exist
+ ErrNotSupported = syscall.Errno(0x32)
+
+ // ErrInvalidData is an error encountered when the request being sent to hcs is invalid/unsupported
+ // decimal -2147024883 / hex 0x8007000d
+ ErrInvalidData = syscall.Errno(0xd)
+
+ // ErrHandleClose is an error encountered when the handle generating the notification being waited on has been closed
+ ErrHandleClose = errors.New("hcsshim: the handle generating this notification has been closed")
+
+ // ErrAlreadyClosed is an error encountered when using a handle that has been closed by the Close method
+ ErrAlreadyClosed = errors.New("hcsshim: the handle has already been closed")
+
+ // ErrInvalidNotificationType is an error encountered when an invalid notification type is used
+ ErrInvalidNotificationType = errors.New("hcsshim: invalid notification type")
+
+ // ErrInvalidProcessState is an error encountered when the process is not in a valid state for the requested operation
+ ErrInvalidProcessState = errors.New("the process is in an invalid state for the attempted operation")
+
+ // ErrTimeout is an error encountered when waiting on a notification times out
+ ErrTimeout = errors.New("hcsshim: timeout waiting for notification")
+
+ // ErrUnexpectedContainerExit is the error encountered when a container exits while waiting for
+ // a different expected notification
+ ErrUnexpectedContainerExit = errors.New("unexpected container exit")
+
+ // ErrUnexpectedProcessAbort is the error encountered when communication with the compute service
+ // is lost while waiting for a notification
+ ErrUnexpectedProcessAbort = errors.New("lost communication with compute service")
+
+ // ErrUnexpectedValue is an error encountered when hcs returns an invalid value
+ ErrUnexpectedValue = errors.New("unexpected value returned from hcs")
+
+ // ErrOperationDenied is an error when hcs attempts an operation that is explicitly denied
+ ErrOperationDenied = errors.New("operation denied")
+
+ // ErrVmcomputeAlreadyStopped is an error encountered when a shutdown or terminate request is made on a stopped container
+ ErrVmcomputeAlreadyStopped = syscall.Errno(0xc0370110)
+
+ // ErrVmcomputeOperationPending is an error encountered when the operation is being completed asynchronously
+ ErrVmcomputeOperationPending = syscall.Errno(0xC0370103)
+
+ // ErrVmcomputeOperationInvalidState is an error encountered when the compute system is not in a valid state for the requested operation
+ ErrVmcomputeOperationInvalidState = syscall.Errno(0xc0370105)
+
+ // ErrProcNotFound is an error encountered when a procedure look up fails.
+ ErrProcNotFound = syscall.Errno(0x7f)
+
+ // ErrVmcomputeOperationAccessIsDenied is an error which can be encountered when enumerating compute systems in RS1/RS2
+ // builds when the underlying silo might be in the process of terminating. HCS was fixed in RS3.
+ ErrVmcomputeOperationAccessIsDenied = syscall.Errno(0x5)
+
+ // ErrVmcomputeInvalidJSON is an error encountered when the compute system does not support/understand the messages sent by management
+ ErrVmcomputeInvalidJSON = syscall.Errno(0xc037010d)
+
+ // ErrVmcomputeUnknownMessage is an error encountered guest compute system doesn't support the message
+ ErrVmcomputeUnknownMessage = syscall.Errno(0xc037010b)
+
+ // ErrVmcomputeUnexpectedExit is an error encountered when the compute system terminates unexpectedly
+ ErrVmcomputeUnexpectedExit = syscall.Errno(0xC0370106)
+
+ // ErrNotSupported is an error encountered when hcs doesn't support the request
+ ErrPlatformNotSupported = errors.New("unsupported platform request")
+
+ // ErrProcessAlreadyStopped is returned by hcs if the process we're trying to kill has already been stopped.
+ ErrProcessAlreadyStopped = syscall.Errno(0x8037011f)
+
+ // ErrInvalidHandle is an error that can be encountered when querying the properties of a compute system when the handle to that
+ // compute system has already been closed.
+ ErrInvalidHandle = syscall.Errno(0x6)
+)
+
+type ErrorEvent struct {
+ Message string `json:"Message,omitempty"` // Fully formated error message
+ StackTrace string `json:"StackTrace,omitempty"` // Stack trace in string form
+ Provider string `json:"Provider,omitempty"`
+ EventID uint16 `json:"EventId,omitempty"`
+ Flags uint32 `json:"Flags,omitempty"`
+ Source string `json:"Source,omitempty"`
+ //Data []EventData `json:"Data,omitempty"` // Omit this as HCS doesn't encode this well. It's more confusing to include. It is however logged in debug mode (see processHcsResult function)
+}
+
+type hcsResult struct {
+ Error int32
+ ErrorMessage string
+ ErrorEvents []ErrorEvent `json:"ErrorEvents,omitempty"`
+}
+
+func (ev *ErrorEvent) String() string {
+ evs := "[Event Detail: " + ev.Message
+ if ev.StackTrace != "" {
+ evs += " Stack Trace: " + ev.StackTrace
+ }
+ if ev.Provider != "" {
+ evs += " Provider: " + ev.Provider
+ }
+ if ev.EventID != 0 {
+ evs = fmt.Sprintf("%s EventID: %d", evs, ev.EventID)
+ }
+ if ev.Flags != 0 {
+ evs = fmt.Sprintf("%s flags: %d", evs, ev.Flags)
+ }
+ if ev.Source != "" {
+ evs += " Source: " + ev.Source
+ }
+ evs += "]"
+ return evs
+}
+
+func processHcsResult(ctx context.Context, resultJSON string) []ErrorEvent {
+ if resultJSON != "" {
+ result := &hcsResult{}
+ if err := json.Unmarshal([]byte(resultJSON), result); err != nil {
+ log.G(ctx).WithError(err).Warning("Could not unmarshal HCS result")
+ return nil
+ }
+ return result.ErrorEvents
+ }
+ return nil
+}
+
+type HcsError struct {
+ Op string
+ Err error
+ Events []ErrorEvent
+}
+
+var _ net.Error = &HcsError{}
+
+func (e *HcsError) Error() string {
+ s := e.Op + ": " + e.Err.Error()
+ for _, ev := range e.Events {
+ s += "\n" + ev.String()
+ }
+ return s
+}
+
+func (e *HcsError) Is(target error) bool {
+ return errors.Is(e.Err, target)
+}
+
+// unwrap isnt really needed, but helpful convince function
+
+func (e *HcsError) Unwrap() error {
+ return e.Err
+}
+
+// Deprecated: net.Error.Temporary is deprecated.
+func (e *HcsError) Temporary() bool {
+ err := e.netError()
+ return (err != nil) && err.Temporary()
+}
+
+func (e *HcsError) Timeout() bool {
+ err := e.netError()
+ return (err != nil) && err.Timeout()
+}
+
+func (e *HcsError) netError() (err net.Error) {
+ if errors.As(e.Unwrap(), &err) {
+ return err
+ }
+ return nil
+}
+
+// SystemError is an error encountered in HCS during an operation on a Container object
+type SystemError struct {
+ HcsError
+ ID string
+}
+
+var _ net.Error = &SystemError{}
+
+func (e *SystemError) Error() string {
+ s := e.Op + " " + e.ID + ": " + e.Err.Error()
+ for _, ev := range e.Events {
+ s += "\n" + ev.String()
+ }
+ return s
+}
+
+func makeSystemError(system *System, op string, err error, events []ErrorEvent) error {
+ // Don't double wrap errors
+ var e *SystemError
+ if errors.As(err, &e) {
+ return err
+ }
+
+ return &SystemError{
+ ID: system.ID(),
+ HcsError: HcsError{
+ Op: op,
+ Err: err,
+ Events: events,
+ },
+ }
+}
+
+// ProcessError is an error encountered in HCS during an operation on a Process object
+type ProcessError struct {
+ HcsError
+ SystemID string
+ Pid int
+}
+
+var _ net.Error = &ProcessError{}
+
+func (e *ProcessError) Error() string {
+ s := fmt.Sprintf("%s %s:%d: %s", e.Op, e.SystemID, e.Pid, e.Err.Error())
+ for _, ev := range e.Events {
+ s += "\n" + ev.String()
+ }
+ return s
+}
+
+func makeProcessError(process *Process, op string, err error, events []ErrorEvent) error {
+ // Don't double wrap errors
+ var e *ProcessError
+ if errors.As(err, &e) {
+ return err
+ }
+ return &ProcessError{
+ Pid: process.Pid(),
+ SystemID: process.SystemID(),
+ HcsError: HcsError{
+ Op: op,
+ Err: err,
+ Events: events,
+ },
+ }
+}
+
+// IsNotExist checks if an error is caused by the Container or Process not existing.
+// Note: Currently, ErrElementNotFound can mean that a Process has either
+// already exited, or does not exist. Both IsAlreadyStopped and IsNotExist
+// will currently return true when the error is ErrElementNotFound.
+func IsNotExist(err error) bool {
+ return IsAny(err, ErrComputeSystemDoesNotExist, ErrElementNotFound)
+}
+
+// IsErrorInvalidHandle checks whether the error is the result of an operation carried
+// out on a handle that is invalid/closed. This error popped up while trying to query
+// stats on a container in the process of being stopped.
+func IsErrorInvalidHandle(err error) bool {
+ return errors.Is(err, ErrInvalidHandle)
+}
+
+// IsAlreadyClosed checks if an error is caused by the Container or Process having been
+// already closed by a call to the Close() method.
+func IsAlreadyClosed(err error) bool {
+ return errors.Is(err, ErrAlreadyClosed)
+}
+
+// IsPending returns a boolean indicating whether the error is that
+// the requested operation is being completed in the background.
+func IsPending(err error) bool {
+ return errors.Is(err, ErrVmcomputeOperationPending)
+}
+
+// IsTimeout returns a boolean indicating whether the error is caused by
+// a timeout waiting for the operation to complete.
+func IsTimeout(err error) bool {
+ // HcsError and co. implement Timeout regardless of whether the errors they wrap do,
+ // so `errors.As(err, net.Error)`` will always be true.
+ // Using `errors.As(err.Unwrap(), net.Err)` wont work for general errors.
+ // So first check if there an `ErrTimeout` in the chain, then convert to a net error.
+ if errors.Is(err, ErrTimeout) {
+ return true
+ }
+
+ var nerr net.Error
+ return errors.As(err, &nerr) && nerr.Timeout()
+}
+
+// IsAlreadyStopped returns a boolean indicating whether the error is caused by
+// a Container or Process being already stopped.
+// Note: Currently, ErrElementNotFound can mean that a Process has either
+// already exited, or does not exist. Both IsAlreadyStopped and IsNotExist
+// will currently return true when the error is ErrElementNotFound.
+func IsAlreadyStopped(err error) bool {
+ return IsAny(err, ErrVmcomputeAlreadyStopped, ErrProcessAlreadyStopped, ErrElementNotFound)
+}
+
+// IsNotSupported returns a boolean indicating whether the error is caused by
+// unsupported platform requests
+// Note: Currently Unsupported platform requests can be mean either
+// ErrVmcomputeInvalidJSON, ErrInvalidData, ErrNotSupported or ErrVmcomputeUnknownMessage
+// is thrown from the Platform
+func IsNotSupported(err error) bool {
+ // If Platform doesn't recognize or support the request sent, below errors are seen
+ return IsAny(err, ErrVmcomputeInvalidJSON, ErrInvalidData, ErrNotSupported, ErrVmcomputeUnknownMessage)
+}
+
+// IsOperationInvalidState returns true when err is caused by
+// `ErrVmcomputeOperationInvalidState`.
+func IsOperationInvalidState(err error) bool {
+ return errors.Is(err, ErrVmcomputeOperationInvalidState)
+}
+
+// IsAccessIsDenied returns true when err is caused by
+// `ErrVmcomputeOperationAccessIsDenied`.
+func IsAccessIsDenied(err error) bool {
+ return errors.Is(err, ErrVmcomputeOperationAccessIsDenied)
+}
+
+// IsAny is a vectorized version of [errors.Is], it returns true if err is one of targets.
+func IsAny(err error, targets ...error) bool {
+ for _, e := range targets {
+ if errors.Is(err, e) {
+ return true
+ }
+ }
+ return false
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go
new file mode 100644
index 000000000..37afbf691
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go
@@ -0,0 +1,583 @@
+//go:build windows
+
+package hcs
+
+import (
+ "context"
+ "encoding/json"
+ "errors"
+ "io"
+ "os"
+ "sync"
+ "syscall"
+ "time"
+
+ "go.opencensus.io/trace"
+
+ "github.com/Microsoft/hcsshim/internal/cow"
+ hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+ "github.com/Microsoft/hcsshim/internal/log"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/Microsoft/hcsshim/internal/protocol/guestrequest"
+ "github.com/Microsoft/hcsshim/internal/vmcompute"
+)
+
+type Process struct {
+ handleLock sync.RWMutex
+ handle vmcompute.HcsProcess
+ processID int
+ system *System
+ hasCachedStdio bool
+ stdioLock sync.Mutex
+ stdin io.WriteCloser
+ stdout io.ReadCloser
+ stderr io.ReadCloser
+ callbackNumber uintptr
+ killSignalDelivered bool
+
+ closedWaitOnce sync.Once
+ waitBlock chan struct{}
+ exitCode int
+ waitError error
+}
+
+var _ cow.Process = &Process{}
+
+func newProcess(process vmcompute.HcsProcess, processID int, computeSystem *System) *Process {
+ return &Process{
+ handle: process,
+ processID: processID,
+ system: computeSystem,
+ waitBlock: make(chan struct{}),
+ }
+}
+
+// Pid returns the process ID of the process within the container.
+func (process *Process) Pid() int {
+ return process.processID
+}
+
+// SystemID returns the ID of the process's compute system.
+func (process *Process) SystemID() string {
+ return process.system.ID()
+}
+
+func (process *Process) processSignalResult(ctx context.Context, err error) (bool, error) {
+ switch err {
+ case nil:
+ return true, nil
+ case ErrVmcomputeOperationInvalidState, ErrComputeSystemDoesNotExist, ErrElementNotFound:
+ if !process.stopped() {
+ // The process should be gone, but we have not received the notification.
+ // After a second, force unblock the process wait to work around a possible
+ // deadlock in the HCS.
+ go func() {
+ time.Sleep(time.Second)
+ process.closedWaitOnce.Do(func() {
+ log.G(ctx).WithError(err).Warn("force unblocking process waits")
+ process.exitCode = -1
+ process.waitError = err
+ close(process.waitBlock)
+ })
+ }()
+ }
+ return false, nil
+ default:
+ return false, err
+ }
+}
+
+// Signal signals the process with `options`.
+//
+// For LCOW `guestresource.SignalProcessOptionsLCOW`.
+//
+// For WCOW `guestresource.SignalProcessOptionsWCOW`.
+func (process *Process) Signal(ctx context.Context, options interface{}) (bool, error) {
+ process.handleLock.RLock()
+ defer process.handleLock.RUnlock()
+
+ operation := "hcs::Process::Signal"
+
+ if process.handle == 0 {
+ return false, makeProcessError(process, operation, ErrAlreadyClosed, nil)
+ }
+
+ optionsb, err := json.Marshal(options)
+ if err != nil {
+ return false, err
+ }
+
+ resultJSON, err := vmcompute.HcsSignalProcess(ctx, process.handle, string(optionsb))
+ events := processHcsResult(ctx, resultJSON)
+ delivered, err := process.processSignalResult(ctx, err)
+ if err != nil {
+ err = makeProcessError(process, operation, err, events)
+ }
+ return delivered, err
+}
+
+// Kill signals the process to terminate but does not wait for it to finish terminating.
+func (process *Process) Kill(ctx context.Context) (bool, error) {
+ process.handleLock.RLock()
+ defer process.handleLock.RUnlock()
+
+ operation := "hcs::Process::Kill"
+
+ if process.handle == 0 {
+ return false, makeProcessError(process, operation, ErrAlreadyClosed, nil)
+ }
+
+ if process.stopped() {
+ return false, makeProcessError(process, operation, ErrProcessAlreadyStopped, nil)
+ }
+
+ if process.killSignalDelivered {
+ // A kill signal has already been sent to this process. Sending a second
+ // one offers no real benefit, as processes cannot stop themselves from
+ // being terminated, once a TerminateProcess has been issued. Sending a
+ // second kill may result in a number of errors (two of which detailed bellow)
+ // and which we can avoid handling.
+ return true, nil
+ }
+
+ // HCS serializes the signals sent to a target pid per compute system handle.
+ // To avoid SIGKILL being serialized behind other signals, we open a new compute
+ // system handle to deliver the kill signal.
+ // If the calls to opening a new compute system handle fail, we forcefully
+ // terminate the container itself so that no container is left behind
+ hcsSystem, err := OpenComputeSystem(ctx, process.system.id)
+ if err != nil {
+ // log error and force termination of container
+ log.G(ctx).WithField("err", err).Error("OpenComputeSystem() call failed")
+ err = process.system.Terminate(ctx)
+ // if the Terminate() call itself ever failed, log and return error
+ if err != nil {
+ log.G(ctx).WithField("err", err).Error("Terminate() call failed")
+ return false, err
+ }
+ process.system.Close()
+ return true, nil
+ }
+ defer hcsSystem.Close()
+
+ newProcessHandle, err := hcsSystem.OpenProcess(ctx, process.Pid())
+ if err != nil {
+ // Return true only if the target process has either already
+ // exited, or does not exist.
+ if IsAlreadyStopped(err) {
+ return true, nil
+ } else {
+ return false, err
+ }
+ }
+ defer newProcessHandle.Close()
+
+ resultJSON, err := vmcompute.HcsTerminateProcess(ctx, newProcessHandle.handle)
+ if err != nil {
+ // We still need to check these two cases, as processes may still be killed by an
+ // external actor (human operator, OOM, random script etc).
+ if errors.Is(err, os.ErrPermission) || IsAlreadyStopped(err) {
+ // There are two cases where it should be safe to ignore an error returned
+ // by HcsTerminateProcess. The first one is cause by the fact that
+ // HcsTerminateProcess ends up calling TerminateProcess in the context
+ // of a container. According to the TerminateProcess documentation:
+ // https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-terminateprocess#remarks
+ // After a process has terminated, call to TerminateProcess with open
+ // handles to the process fails with ERROR_ACCESS_DENIED (5) error code.
+ // It's safe to ignore this error here. HCS should always have permissions
+ // to kill processes inside any container. So an ERROR_ACCESS_DENIED
+ // is unlikely to be anything else than what the ending remarks in the
+ // documentation states.
+ //
+ // The second case is generated by hcs itself, if for any reason HcsTerminateProcess
+ // is called twice in a very short amount of time. In such cases, hcs may return
+ // HCS_E_PROCESS_ALREADY_STOPPED.
+ return true, nil
+ }
+ }
+ events := processHcsResult(ctx, resultJSON)
+ delivered, err := newProcessHandle.processSignalResult(ctx, err)
+ if err != nil {
+ err = makeProcessError(newProcessHandle, operation, err, events)
+ }
+
+ process.killSignalDelivered = delivered
+ return delivered, err
+}
+
+// waitBackground waits for the process exit notification. Once received sets
+// `process.waitError` (if any) and unblocks all `Wait` calls.
+//
+// This MUST be called exactly once per `process.handle` but `Wait` is safe to
+// call multiple times.
+func (process *Process) waitBackground() {
+ operation := "hcs::Process::waitBackground"
+ ctx, span := oc.StartSpan(context.Background(), operation)
+ defer span.End()
+ span.AddAttributes(
+ trace.StringAttribute("cid", process.SystemID()),
+ trace.Int64Attribute("pid", int64(process.processID)))
+
+ var (
+ err error
+ exitCode = -1
+ propertiesJSON string
+ resultJSON string
+ )
+
+ err = waitForNotification(ctx, process.callbackNumber, hcsNotificationProcessExited, nil)
+ if err != nil {
+ err = makeProcessError(process, operation, err, nil)
+ log.G(ctx).WithError(err).Error("failed wait")
+ } else {
+ process.handleLock.RLock()
+ defer process.handleLock.RUnlock()
+
+ // Make sure we didn't race with Close() here
+ if process.handle != 0 {
+ propertiesJSON, resultJSON, err = vmcompute.HcsGetProcessProperties(ctx, process.handle)
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ err = makeProcessError(process, operation, err, events)
+ } else {
+ properties := &hcsschema.ProcessStatus{}
+ err = json.Unmarshal([]byte(propertiesJSON), properties)
+ if err != nil {
+ err = makeProcessError(process, operation, err, nil)
+ } else {
+ if properties.LastWaitResult != 0 {
+ log.G(ctx).WithField("wait-result", properties.LastWaitResult).Warning("non-zero last wait result")
+ } else {
+ exitCode = int(properties.ExitCode)
+ }
+ }
+ }
+ }
+ }
+ log.G(ctx).WithField("exitCode", exitCode).Debug("process exited")
+
+ process.closedWaitOnce.Do(func() {
+ process.exitCode = exitCode
+ process.waitError = err
+ close(process.waitBlock)
+ })
+ oc.SetSpanStatus(span, err)
+}
+
+// Wait waits for the process to exit. If the process has already exited returns
+// the previous error (if any).
+func (process *Process) Wait() error {
+ <-process.waitBlock
+ return process.waitError
+}
+
+// Exited returns if the process has stopped
+func (process *Process) stopped() bool {
+ select {
+ case <-process.waitBlock:
+ return true
+ default:
+ return false
+ }
+}
+
+// ResizeConsole resizes the console of the process.
+func (process *Process) ResizeConsole(ctx context.Context, width, height uint16) error {
+ process.handleLock.RLock()
+ defer process.handleLock.RUnlock()
+
+ operation := "hcs::Process::ResizeConsole"
+
+ if process.handle == 0 {
+ return makeProcessError(process, operation, ErrAlreadyClosed, nil)
+ }
+ modifyRequest := hcsschema.ProcessModifyRequest{
+ Operation: guestrequest.ModifyProcessConsoleSize,
+ ConsoleSize: &hcsschema.ConsoleSize{
+ Height: height,
+ Width: width,
+ },
+ }
+
+ modifyRequestb, err := json.Marshal(modifyRequest)
+ if err != nil {
+ return err
+ }
+
+ resultJSON, err := vmcompute.HcsModifyProcess(ctx, process.handle, string(modifyRequestb))
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ return makeProcessError(process, operation, err, events)
+ }
+
+ return nil
+}
+
+// ExitCode returns the exit code of the process. The process must have
+// already terminated.
+func (process *Process) ExitCode() (int, error) {
+ if !process.stopped() {
+ return -1, makeProcessError(process, "hcs::Process::ExitCode", ErrInvalidProcessState, nil)
+ }
+ if process.waitError != nil {
+ return -1, process.waitError
+ }
+ return process.exitCode, nil
+}
+
+// StdioLegacy returns the stdin, stdout, and stderr pipes, respectively. Closing
+// these pipes does not close the underlying pipes. Once returned, these pipes
+// are the responsibility of the caller to close.
+func (process *Process) StdioLegacy() (_ io.WriteCloser, _ io.ReadCloser, _ io.ReadCloser, err error) {
+ operation := "hcs::Process::StdioLegacy"
+ ctx, span := oc.StartSpan(context.Background(), operation)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("cid", process.SystemID()),
+ trace.Int64Attribute("pid", int64(process.processID)))
+
+ process.handleLock.RLock()
+ defer process.handleLock.RUnlock()
+
+ if process.handle == 0 {
+ return nil, nil, nil, makeProcessError(process, operation, ErrAlreadyClosed, nil)
+ }
+
+ process.stdioLock.Lock()
+ defer process.stdioLock.Unlock()
+ if process.hasCachedStdio {
+ stdin, stdout, stderr := process.stdin, process.stdout, process.stderr
+ process.stdin, process.stdout, process.stderr = nil, nil, nil
+ process.hasCachedStdio = false
+ return stdin, stdout, stderr, nil
+ }
+
+ processInfo, resultJSON, err := vmcompute.HcsGetProcessInfo(ctx, process.handle)
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ return nil, nil, nil, makeProcessError(process, operation, err, events)
+ }
+
+ pipes, err := makeOpenFiles([]syscall.Handle{processInfo.StdInput, processInfo.StdOutput, processInfo.StdError})
+ if err != nil {
+ return nil, nil, nil, makeProcessError(process, operation, err, nil)
+ }
+
+ return pipes[0], pipes[1], pipes[2], nil
+}
+
+// Stdio returns the stdin, stdout, and stderr pipes, respectively.
+// To close them, close the process handle, or use the `CloseStd*` functions.
+func (process *Process) Stdio() (stdin io.Writer, stdout, stderr io.Reader) {
+ process.stdioLock.Lock()
+ defer process.stdioLock.Unlock()
+ return process.stdin, process.stdout, process.stderr
+}
+
+// CloseStdin closes the write side of the stdin pipe so that the process is
+// notified on the read side that there is no more data in stdin.
+func (process *Process) CloseStdin(ctx context.Context) (err error) {
+ operation := "hcs::Process::CloseStdin"
+ ctx, span := trace.StartSpan(ctx, operation)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("cid", process.SystemID()),
+ trace.Int64Attribute("pid", int64(process.processID)))
+
+ process.handleLock.RLock()
+ defer process.handleLock.RUnlock()
+
+ if process.handle == 0 {
+ return makeProcessError(process, operation, ErrAlreadyClosed, nil)
+ }
+
+ //HcsModifyProcess request to close stdin will fail if the process has already exited
+ if !process.stopped() {
+ modifyRequest := hcsschema.ProcessModifyRequest{
+ Operation: guestrequest.CloseProcessHandle,
+ CloseHandle: &hcsschema.CloseHandle{
+ Handle: guestrequest.STDInHandle,
+ },
+ }
+
+ modifyRequestb, err := json.Marshal(modifyRequest)
+ if err != nil {
+ return err
+ }
+
+ resultJSON, err := vmcompute.HcsModifyProcess(ctx, process.handle, string(modifyRequestb))
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ return makeProcessError(process, operation, err, events)
+ }
+ }
+
+ process.stdioLock.Lock()
+ defer process.stdioLock.Unlock()
+ if process.stdin != nil {
+ process.stdin.Close()
+ process.stdin = nil
+ }
+
+ return nil
+}
+
+func (process *Process) CloseStdout(ctx context.Context) (err error) {
+ ctx, span := oc.StartSpan(ctx, "hcs::Process::CloseStdout") //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("cid", process.SystemID()),
+ trace.Int64Attribute("pid", int64(process.processID)))
+
+ process.handleLock.Lock()
+ defer process.handleLock.Unlock()
+
+ if process.handle == 0 {
+ return nil
+ }
+
+ process.stdioLock.Lock()
+ defer process.stdioLock.Unlock()
+ if process.stdout != nil {
+ process.stdout.Close()
+ process.stdout = nil
+ }
+ return nil
+}
+
+func (process *Process) CloseStderr(ctx context.Context) (err error) {
+ ctx, span := oc.StartSpan(ctx, "hcs::Process::CloseStderr") //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("cid", process.SystemID()),
+ trace.Int64Attribute("pid", int64(process.processID)))
+
+ process.handleLock.Lock()
+ defer process.handleLock.Unlock()
+
+ if process.handle == 0 {
+ return nil
+ }
+
+ process.stdioLock.Lock()
+ defer process.stdioLock.Unlock()
+ if process.stderr != nil {
+ process.stderr.Close()
+ process.stderr = nil
+ }
+ return nil
+}
+
+// Close cleans up any state associated with the process but does not kill
+// or wait on it.
+func (process *Process) Close() (err error) {
+ operation := "hcs::Process::Close"
+ ctx, span := oc.StartSpan(context.Background(), operation)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("cid", process.SystemID()),
+ trace.Int64Attribute("pid", int64(process.processID)))
+
+ process.handleLock.Lock()
+ defer process.handleLock.Unlock()
+
+ // Don't double free this
+ if process.handle == 0 {
+ return nil
+ }
+
+ process.stdioLock.Lock()
+ if process.stdin != nil {
+ process.stdin.Close()
+ process.stdin = nil
+ }
+ if process.stdout != nil {
+ process.stdout.Close()
+ process.stdout = nil
+ }
+ if process.stderr != nil {
+ process.stderr.Close()
+ process.stderr = nil
+ }
+ process.stdioLock.Unlock()
+
+ if err = process.unregisterCallback(ctx); err != nil {
+ return makeProcessError(process, operation, err, nil)
+ }
+
+ if err = vmcompute.HcsCloseProcess(ctx, process.handle); err != nil {
+ return makeProcessError(process, operation, err, nil)
+ }
+
+ process.handle = 0
+ process.closedWaitOnce.Do(func() {
+ process.exitCode = -1
+ process.waitError = ErrAlreadyClosed
+ close(process.waitBlock)
+ })
+
+ return nil
+}
+
+func (process *Process) registerCallback(ctx context.Context) error {
+ callbackContext := ¬ificationWatcherContext{
+ channels: newProcessChannels(),
+ systemID: process.SystemID(),
+ processID: process.processID,
+ }
+
+ callbackMapLock.Lock()
+ callbackNumber := nextCallback
+ nextCallback++
+ callbackMap[callbackNumber] = callbackContext
+ callbackMapLock.Unlock()
+
+ callbackHandle, err := vmcompute.HcsRegisterProcessCallback(ctx, process.handle, notificationWatcherCallback, callbackNumber)
+ if err != nil {
+ return err
+ }
+ callbackContext.handle = callbackHandle
+ process.callbackNumber = callbackNumber
+
+ return nil
+}
+
+func (process *Process) unregisterCallback(ctx context.Context) error {
+ callbackNumber := process.callbackNumber
+
+ callbackMapLock.RLock()
+ callbackContext := callbackMap[callbackNumber]
+ callbackMapLock.RUnlock()
+
+ if callbackContext == nil {
+ return nil
+ }
+
+ handle := callbackContext.handle
+
+ if handle == 0 {
+ return nil
+ }
+
+ // vmcompute.HcsUnregisterProcessCallback has its own synchronization to
+ // wait for all callbacks to complete. We must NOT hold the callbackMapLock.
+ err := vmcompute.HcsUnregisterProcessCallback(ctx, handle)
+ if err != nil {
+ return err
+ }
+
+ closeChannels(callbackContext.channels)
+
+ callbackMapLock.Lock()
+ delete(callbackMap, callbackNumber)
+ callbackMapLock.Unlock()
+
+ handle = 0 //nolint:ineffassign
+
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go
new file mode 100644
index 000000000..d1f219cfa
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go
@@ -0,0 +1,252 @@
+//go:build windows
+
+package schema1
+
+import (
+ "encoding/json"
+ "time"
+
+ "github.com/Microsoft/go-winio/pkg/guid"
+ hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+)
+
+// ProcessConfig is used as both the input of Container.CreateProcess
+// and to convert the parameters to JSON for passing onto the HCS
+type ProcessConfig struct {
+ ApplicationName string `json:",omitempty"`
+ CommandLine string `json:",omitempty"`
+ CommandArgs []string `json:",omitempty"` // Used by Linux Containers on Windows
+ User string `json:",omitempty"`
+ WorkingDirectory string `json:",omitempty"`
+ Environment map[string]string `json:",omitempty"`
+ EmulateConsole bool `json:",omitempty"`
+ CreateStdInPipe bool `json:",omitempty"`
+ CreateStdOutPipe bool `json:",omitempty"`
+ CreateStdErrPipe bool `json:",omitempty"`
+ ConsoleSize [2]uint `json:",omitempty"`
+ CreateInUtilityVm bool `json:",omitempty"` // Used by Linux Containers on Windows
+ OCISpecification *json.RawMessage `json:",omitempty"` // Used by Linux Containers on Windows
+}
+
+type Layer struct {
+ ID string
+ Path string
+}
+
+type MappedDir struct {
+ HostPath string
+ ContainerPath string
+ ReadOnly bool
+ BandwidthMaximum uint64
+ IOPSMaximum uint64
+ CreateInUtilityVM bool
+ // LinuxMetadata - Support added in 1803/RS4+.
+ LinuxMetadata bool `json:",omitempty"`
+}
+
+type MappedPipe struct {
+ HostPath string
+ ContainerPipeName string
+}
+
+type HvRuntime struct {
+ ImagePath string `json:",omitempty"`
+ SkipTemplate bool `json:",omitempty"`
+ LinuxInitrdFile string `json:",omitempty"` // File under ImagePath on host containing an initrd image for starting a Linux utility VM
+ LinuxKernelFile string `json:",omitempty"` // File under ImagePath on host containing a kernel for starting a Linux utility VM
+ LinuxBootParameters string `json:",omitempty"` // Additional boot parameters for starting a Linux Utility VM in initrd mode
+ BootSource string `json:",omitempty"` // "Vhd" for Linux Utility VM booting from VHD
+ WritableBootSource bool `json:",omitempty"` // Linux Utility VM booting from VHD
+}
+
+type MappedVirtualDisk struct {
+ HostPath string `json:",omitempty"` // Path to VHD on the host
+ ContainerPath string // Platform-specific mount point path in the container
+ CreateInUtilityVM bool `json:",omitempty"`
+ ReadOnly bool `json:",omitempty"`
+ Cache string `json:",omitempty"` // "" (Unspecified); "Disabled"; "Enabled"; "Private"; "PrivateAllowSharing"
+ AttachOnly bool `json:",omitempty"`
+}
+
+// AssignedDevice represents a device that has been directly assigned to a container
+//
+// NOTE: Support added in RS5
+type AssignedDevice struct {
+ // InterfaceClassGUID of the device to assign to container.
+ InterfaceClassGUID string `json:"InterfaceClassGuid,omitempty"`
+}
+
+// ContainerConfig is used as both the input of CreateContainer
+// and to convert the parameters to JSON for passing onto the HCS
+type ContainerConfig struct {
+ SystemType string // HCS requires this to be hard-coded to "Container"
+ Name string // Name of the container. We use the docker ID.
+ Owner string `json:",omitempty"` // The management platform that created this container
+ VolumePath string `json:",omitempty"` // Windows volume path for scratch space. Used by Windows Server Containers only. Format \\?\\Volume{GUID}
+ IgnoreFlushesDuringBoot bool `json:",omitempty"` // Optimization hint for container startup in Windows
+ LayerFolderPath string `json:",omitempty"` // Where the layer folders are located. Used by Windows Server Containers only. Format %root%\windowsfilter\containerID
+ Layers []Layer // List of storage layers. Required for Windows Server and Hyper-V Containers. Format ID=GUID;Path=%root%\windowsfilter\layerID
+ Credentials string `json:",omitempty"` // Credentials information
+ ProcessorCount uint32 `json:",omitempty"` // Number of processors to assign to the container.
+ ProcessorWeight uint64 `json:",omitempty"` // CPU shares (relative weight to other containers with cpu shares). Range is from 1 to 10000. A value of 0 results in default shares.
+ ProcessorMaximum int64 `json:",omitempty"` // Specifies the portion of processor cycles that this container can use as a percentage times 100. Range is from 1 to 10000. A value of 0 results in no limit.
+ StorageIOPSMaximum uint64 `json:",omitempty"` // Maximum Storage IOPS
+ StorageBandwidthMaximum uint64 `json:",omitempty"` // Maximum Storage Bandwidth in bytes per second
+ StorageSandboxSize uint64 `json:",omitempty"` // Size in bytes that the container system drive should be expanded to if smaller
+ MemoryMaximumInMB int64 `json:",omitempty"` // Maximum memory available to the container in Megabytes
+ HostName string `json:",omitempty"` // Hostname
+ MappedDirectories []MappedDir `json:",omitempty"` // List of mapped directories (volumes/mounts)
+ MappedPipes []MappedPipe `json:",omitempty"` // List of mapped Windows named pipes
+ HvPartition bool // True if it a Hyper-V Container
+ NetworkSharedContainerName string `json:",omitempty"` // Name (ID) of the container that we will share the network stack with.
+ EndpointList []string `json:",omitempty"` // List of networking endpoints to be attached to container
+ HvRuntime *HvRuntime `json:",omitempty"` // Hyper-V container settings. Used by Hyper-V containers only. Format ImagePath=%root%\BaseLayerID\UtilityVM
+ Servicing bool `json:",omitempty"` // True if this container is for servicing
+ AllowUnqualifiedDNSQuery bool `json:",omitempty"` // True to allow unqualified DNS name resolution
+ DNSSearchList string `json:",omitempty"` // Comma separated list of DNS suffixes to use for name resolution
+ ContainerType string `json:",omitempty"` // "Linux" for Linux containers on Windows. Omitted otherwise.
+ TerminateOnLastHandleClosed bool `json:",omitempty"` // Should HCS terminate the container once all handles have been closed
+ MappedVirtualDisks []MappedVirtualDisk `json:",omitempty"` // Array of virtual disks to mount at start
+ AssignedDevices []AssignedDevice `json:",omitempty"` // Array of devices to assign. NOTE: Support added in RS5
+}
+
+type ComputeSystemQuery struct {
+ IDs []string `json:"Ids,omitempty"`
+ Types []string `json:",omitempty"`
+ Names []string `json:",omitempty"`
+ Owners []string `json:",omitempty"`
+}
+
+type PropertyType string
+
+const (
+ PropertyTypeStatistics PropertyType = "Statistics" // V1 and V2
+ PropertyTypeProcessList PropertyType = "ProcessList" // V1 and V2
+ PropertyTypeMappedVirtualDisk PropertyType = "MappedVirtualDisk" // Not supported in V2 schema call
+ PropertyTypeGuestConnection PropertyType = "GuestConnection" // V1 and V2. Nil return from HCS before RS5
+)
+
+type PropertyQuery struct {
+ PropertyTypes []PropertyType `json:",omitempty"`
+}
+
+// ContainerProperties holds the properties for a container and the processes running in that container
+type ContainerProperties struct {
+ ID string `json:"Id"`
+ State string
+ Name string
+ SystemType string
+ RuntimeOSType string `json:"RuntimeOsType,omitempty"`
+ Owner string
+ SiloGUID string `json:"SiloGuid,omitempty"`
+ RuntimeID guid.GUID `json:"RuntimeId,omitempty"`
+ IsRuntimeTemplate bool `json:",omitempty"`
+ RuntimeImagePath string `json:",omitempty"`
+ Stopped bool `json:",omitempty"`
+ ExitType string `json:",omitempty"`
+ AreUpdatesPending bool `json:",omitempty"`
+ ObRoot string `json:",omitempty"`
+ Statistics Statistics `json:",omitempty"`
+ ProcessList []ProcessListItem `json:",omitempty"`
+ MappedVirtualDiskControllers map[int]MappedVirtualDiskController `json:",omitempty"`
+ GuestConnectionInfo GuestConnectionInfo `json:",omitempty"`
+}
+
+// MemoryStats holds the memory statistics for a container
+type MemoryStats struct {
+ UsageCommitBytes uint64 `json:"MemoryUsageCommitBytes,omitempty"`
+ UsageCommitPeakBytes uint64 `json:"MemoryUsageCommitPeakBytes,omitempty"`
+ UsagePrivateWorkingSetBytes uint64 `json:"MemoryUsagePrivateWorkingSetBytes,omitempty"`
+}
+
+// ProcessorStats holds the processor statistics for a container
+type ProcessorStats struct {
+ TotalRuntime100ns uint64 `json:",omitempty"`
+ RuntimeUser100ns uint64 `json:",omitempty"`
+ RuntimeKernel100ns uint64 `json:",omitempty"`
+}
+
+// StorageStats holds the storage statistics for a container
+type StorageStats struct {
+ ReadCountNormalized uint64 `json:",omitempty"`
+ ReadSizeBytes uint64 `json:",omitempty"`
+ WriteCountNormalized uint64 `json:",omitempty"`
+ WriteSizeBytes uint64 `json:",omitempty"`
+}
+
+// NetworkStats holds the network statistics for a container
+type NetworkStats struct {
+ BytesReceived uint64 `json:",omitempty"`
+ BytesSent uint64 `json:",omitempty"`
+ PacketsReceived uint64 `json:",omitempty"`
+ PacketsSent uint64 `json:",omitempty"`
+ DroppedPacketsIncoming uint64 `json:",omitempty"`
+ DroppedPacketsOutgoing uint64 `json:",omitempty"`
+ EndpointId string `json:",omitempty"`
+ InstanceId string `json:",omitempty"`
+}
+
+// Statistics is the structure returned by a statistics call on a container
+type Statistics struct {
+ Timestamp time.Time `json:",omitempty"`
+ ContainerStartTime time.Time `json:",omitempty"`
+ Uptime100ns uint64 `json:",omitempty"`
+ Memory MemoryStats `json:",omitempty"`
+ Processor ProcessorStats `json:",omitempty"`
+ Storage StorageStats `json:",omitempty"`
+ Network []NetworkStats `json:",omitempty"`
+}
+
+// ProcessList is the structure of an item returned by a ProcessList call on a container
+type ProcessListItem struct {
+ CreateTimestamp time.Time `json:",omitempty"`
+ ImageName string `json:",omitempty"`
+ KernelTime100ns uint64 `json:",omitempty"`
+ MemoryCommitBytes uint64 `json:",omitempty"`
+ MemoryWorkingSetPrivateBytes uint64 `json:",omitempty"`
+ MemoryWorkingSetSharedBytes uint64 `json:",omitempty"`
+ ProcessId uint32 `json:",omitempty"`
+ UserTime100ns uint64 `json:",omitempty"`
+}
+
+// MappedVirtualDiskController is the structure of an item returned by a MappedVirtualDiskList call on a container
+type MappedVirtualDiskController struct {
+ MappedVirtualDisks map[int]MappedVirtualDisk `json:",omitempty"`
+}
+
+// GuestDefinedCapabilities is part of the GuestConnectionInfo returned by a GuestConnection call on a utility VM
+type GuestDefinedCapabilities struct {
+ NamespaceAddRequestSupported bool `json:",omitempty"`
+ SignalProcessSupported bool `json:",omitempty"`
+ DumpStacksSupported bool `json:",omitempty"`
+ DeleteContainerStateSupported bool `json:",omitempty"`
+ UpdateContainerSupported bool `json:",omitempty"`
+}
+
+// GuestConnectionInfo is the structure of an iterm return by a GuestConnection call on a utility VM
+type GuestConnectionInfo struct {
+ SupportedSchemaVersions []hcsschema.Version `json:",omitempty"`
+ ProtocolVersion uint32 `json:",omitempty"`
+ GuestDefinedCapabilities GuestDefinedCapabilities `json:",omitempty"`
+}
+
+// Type of Request Support in ModifySystem
+type RequestType string
+
+// Type of Resource Support in ModifySystem
+type ResourceType string
+
+// RequestType const
+const (
+ Add RequestType = "Add"
+ Remove RequestType = "Remove"
+ Network ResourceType = "Network"
+)
+
+// ResourceModificationRequestResponse is the structure used to send request to the container to modify the system
+// Supported resource types are Network and Request Types are Add/Remove
+type ResourceModificationRequestResponse struct {
+ Resource ResourceType `json:"ResourceType"`
+ Data interface{} `json:"Settings"`
+ Request RequestType `json:"RequestType,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/attachment.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/attachment.go
new file mode 100644
index 000000000..70884aad7
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/attachment.go
@@ -0,0 +1,36 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Attachment struct {
+ Type_ string `json:"Type,omitempty"`
+
+ Path string `json:"Path,omitempty"`
+
+ IgnoreFlushes bool `json:"IgnoreFlushes,omitempty"`
+
+ CachingMode string `json:"CachingMode,omitempty"`
+
+ NoWriteHardening bool `json:"NoWriteHardening,omitempty"`
+
+ DisableExpansionOptimization bool `json:"DisableExpansionOptimization,omitempty"`
+
+ IgnoreRelativeLocator bool `json:"IgnoreRelativeLocator,omitempty"`
+
+ CaptureIoAttributionContext bool `json:"CaptureIoAttributionContext,omitempty"`
+
+ ReadOnly bool `json:"ReadOnly,omitempty"`
+
+ SupportCompressedVolumes bool `json:"SupportCompressedVolumes,omitempty"`
+
+ AlwaysAllowSparseFiles bool `json:"AlwaysAllowSparseFiles,omitempty"`
+
+ ExtensibleVirtualDiskType string `json:"ExtensibleVirtualDiskType,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/battery.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/battery.go
new file mode 100644
index 000000000..ecbbed4c2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/battery.go
@@ -0,0 +1,13 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Battery struct {
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cache_query_stats_response.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cache_query_stats_response.go
new file mode 100644
index 000000000..c1ea3953b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cache_query_stats_response.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type CacheQueryStatsResponse struct {
+ L3OccupancyBytes int32 `json:"L3OccupancyBytes,omitempty"`
+
+ L3TotalBwBytes int32 `json:"L3TotalBwBytes,omitempty"`
+
+ L3LocalBwBytes int32 `json:"L3LocalBwBytes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/chipset.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/chipset.go
new file mode 100644
index 000000000..ca75277a3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/chipset.go
@@ -0,0 +1,27 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Chipset struct {
+ Uefi *Uefi `json:"Uefi,omitempty"`
+
+ IsNumLockDisabled bool `json:"IsNumLockDisabled,omitempty"`
+
+ BaseBoardSerialNumber string `json:"BaseBoardSerialNumber,omitempty"`
+
+ ChassisSerialNumber string `json:"ChassisSerialNumber,omitempty"`
+
+ ChassisAssetTag string `json:"ChassisAssetTag,omitempty"`
+
+ UseUtc bool `json:"UseUtc,omitempty"`
+
+ // LinuxKernelDirect - Added in v2.2 Builds >=181117
+ LinuxKernelDirect *LinuxKernelDirect `json:"LinuxKernelDirect,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cim_mount.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cim_mount.go
new file mode 100644
index 000000000..81865e7ea
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cim_mount.go
@@ -0,0 +1,25 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.5
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+const (
+ CimMountFlagNone uint32 = 0x0
+ CimMountFlagChildOnly uint32 = 0x1
+ CimMountFlagEnableDax uint32 = 0x2
+ CimMountFlagCacheFiles uint32 = 0x4
+ CimMountFlagCacheRegions uint32 = 0x8
+)
+
+type CimMount struct {
+ ImagePath string `json:"ImagePath,omitempty"`
+ FileSystemName string `json:"FileSystemName,omitempty"`
+ VolumeGuid string `json:"VolumeGuid,omitempty"`
+ MountFlags uint32 `json:"MountFlags,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/close_handle.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/close_handle.go
new file mode 100644
index 000000000..bb36777b8
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/close_handle.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import "github.com/Microsoft/hcsshim/internal/protocol/guestrequest"
+
+type CloseHandle struct {
+ Handle guestrequest.STDIOHandle `json:"Handle,omitempty"` // NOTE: Swagger generated as string. Locally updated.
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/com_port.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/com_port.go
new file mode 100644
index 000000000..8bf8cab60
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/com_port.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// ComPort specifies the named pipe that will be used for the port, with empty string indicating a disconnected port.
+type ComPort struct {
+ NamedPipe string `json:"NamedPipe,omitempty"`
+
+ OptimizeForDebugger bool `json:"OptimizeForDebugger,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/compute_system.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/compute_system.go
new file mode 100644
index 000000000..10cea67e0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/compute_system.go
@@ -0,0 +1,26 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ComputeSystem struct {
+ Owner string `json:"Owner,omitempty"`
+
+ SchemaVersion *Version `json:"SchemaVersion,omitempty"`
+
+ HostingSystemId string `json:"HostingSystemId,omitempty"`
+
+ HostedSystem interface{} `json:"HostedSystem,omitempty"`
+
+ Container *Container `json:"Container,omitempty"`
+
+ VirtualMachine *VirtualMachine `json:"VirtualMachine,omitempty"`
+
+ ShouldTerminateOnLastHandleClosed bool `json:"ShouldTerminateOnLastHandleClosed,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/configuration.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/configuration.go
new file mode 100644
index 000000000..1d5dfe68a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/configuration.go
@@ -0,0 +1,72 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import (
+ "net/http"
+)
+
+// contextKeys are used to identify the type of value in the context.
+// Since these are string, it is possible to get a short description of the
+// context key for logging and debugging using key.String().
+
+type contextKey string
+
+func (c contextKey) String() string {
+ return "auth " + string(c)
+}
+
+var (
+ // ContextOAuth2 takes a oauth2.TokenSource as authentication for the request.
+ ContextOAuth2 = contextKey("token")
+
+ // ContextBasicAuth takes BasicAuth as authentication for the request.
+ ContextBasicAuth = contextKey("basic")
+
+ // ContextAccessToken takes a string oauth2 access token as authentication for the request.
+ ContextAccessToken = contextKey("accesstoken")
+
+ // ContextAPIKey takes an APIKey as authentication for the request
+ ContextAPIKey = contextKey("apikey")
+)
+
+// BasicAuth provides basic http authentication to a request passed via context using ContextBasicAuth
+type BasicAuth struct {
+ UserName string `json:"userName,omitempty"`
+ Password string `json:"password,omitempty"`
+}
+
+// APIKey provides API key based authentication to a request passed via context using ContextAPIKey
+type APIKey struct {
+ Key string
+ Prefix string
+}
+
+type Configuration struct {
+ BasePath string `json:"basePath,omitempty"`
+ Host string `json:"host,omitempty"`
+ Scheme string `json:"scheme,omitempty"`
+ DefaultHeader map[string]string `json:"defaultHeader,omitempty"`
+ UserAgent string `json:"userAgent,omitempty"`
+ HTTPClient *http.Client
+}
+
+func NewConfiguration() *Configuration {
+ cfg := &Configuration{
+ BasePath: "https://localhost",
+ DefaultHeader: make(map[string]string),
+ UserAgent: "Swagger-Codegen/2.1.0/go",
+ }
+ return cfg
+}
+
+func (c *Configuration) AddDefaultHeader(key string, value string) {
+ c.DefaultHeader[key] = value
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/console_size.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/console_size.go
new file mode 100644
index 000000000..347da50e8
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/console_size.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// NOTE: Swagger generated fields as int32. Locally updated to uint16 to match documentation.
+// https://learn.microsoft.com/en-us/virtualization/api/hcs/schemareference#ConsoleSize
+
+type ConsoleSize struct {
+ Height uint16 `json:"Height,omitempty"`
+
+ Width uint16 `json:"Width,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container.go
new file mode 100644
index 000000000..39a54432c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container.go
@@ -0,0 +1,36 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Container struct {
+ GuestOs *GuestOs `json:"GuestOs,omitempty"`
+
+ Storage *Storage `json:"Storage,omitempty"`
+
+ MappedDirectories []MappedDirectory `json:"MappedDirectories,omitempty"`
+
+ MappedPipes []MappedPipe `json:"MappedPipes,omitempty"`
+
+ Memory *Memory `json:"Memory,omitempty"`
+
+ Processor *Processor `json:"Processor,omitempty"`
+
+ Networking *Networking `json:"Networking,omitempty"`
+
+ HvSocket *HvSocket `json:"HvSocket,omitempty"`
+
+ ContainerCredentialGuard *ContainerCredentialGuardState `json:"ContainerCredentialGuard,omitempty"`
+
+ RegistryChanges *RegistryChanges `json:"RegistryChanges,omitempty"`
+
+ AssignedDevices []Device `json:"AssignedDevices,omitempty"`
+
+ AdditionalDeviceNamespace *ContainerDefinitionDevice `json:"AdditionalDeviceNamespace,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_add_instance_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_add_instance_request.go
new file mode 100644
index 000000000..495c6ebc8
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_add_instance_request.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardAddInstanceRequest struct {
+ Id string `json:"Id,omitempty"`
+ CredentialSpec string `json:"CredentialSpec,omitempty"`
+ Transport string `json:"Transport,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_hv_socket_service_config.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_hv_socket_service_config.go
new file mode 100644
index 000000000..1ed4c008f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_hv_socket_service_config.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardHvSocketServiceConfig struct {
+ ServiceId string `json:"ServiceId,omitempty"`
+ ServiceConfig *HvSocketServiceConfig `json:"ServiceConfig,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_instance.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_instance.go
new file mode 100644
index 000000000..d7ebd0fcc
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_instance.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardInstance struct {
+ Id string `json:"Id,omitempty"`
+ CredentialGuard *ContainerCredentialGuardState `json:"CredentialGuard,omitempty"`
+ HvSocketConfig *ContainerCredentialGuardHvSocketServiceConfig `json:"HvSocketConfig,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_modify_operation.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_modify_operation.go
new file mode 100644
index 000000000..71005b090
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_modify_operation.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardModifyOperation string
+
+const (
+ AddInstance ContainerCredentialGuardModifyOperation = "AddInstance"
+ RemoveInstance ContainerCredentialGuardModifyOperation = "RemoveInstance"
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_operation_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_operation_request.go
new file mode 100644
index 000000000..952cda496
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_operation_request.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardOperationRequest struct {
+ Operation ContainerCredentialGuardModifyOperation `json:"Operation,omitempty"`
+ OperationDetails interface{} `json:"OperationDetails,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_remove_instance_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_remove_instance_request.go
new file mode 100644
index 000000000..32e5a3bee
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_remove_instance_request.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardRemoveInstanceRequest struct {
+ Id string `json:"Id,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_state.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_state.go
new file mode 100644
index 000000000..0f8f64437
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_state.go
@@ -0,0 +1,25 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardState struct {
+
+ // Authentication cookie for calls to a Container Credential Guard instance.
+ Cookie string `json:"Cookie,omitempty"`
+
+ // Name of the RPC endpoint of the Container Credential Guard instance.
+ RpcEndpoint string `json:"RpcEndpoint,omitempty"`
+
+ // Transport used for the configured Container Credential Guard instance.
+ Transport string `json:"Transport,omitempty"`
+
+ // Credential spec used for the configured Container Credential Guard instance.
+ CredentialSpec string `json:"CredentialSpec,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_system_info.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_system_info.go
new file mode 100644
index 000000000..ea306fa21
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_system_info.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerCredentialGuardSystemInfo struct {
+ Instances []ContainerCredentialGuardInstance `json:"Instances,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_memory_information.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_memory_information.go
new file mode 100644
index 000000000..1fd7ca5d5
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_memory_information.go
@@ -0,0 +1,25 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// memory usage as viewed from within the container
+type ContainerMemoryInformation struct {
+ TotalPhysicalBytes int32 `json:"TotalPhysicalBytes,omitempty"`
+
+ TotalUsage int32 `json:"TotalUsage,omitempty"`
+
+ CommittedBytes int32 `json:"CommittedBytes,omitempty"`
+
+ SharedCommittedBytes int32 `json:"SharedCommittedBytes,omitempty"`
+
+ CommitLimitBytes int32 `json:"CommitLimitBytes,omitempty"`
+
+ PeakCommitmentBytes int32 `json:"PeakCommitmentBytes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group.go
new file mode 100644
index 000000000..90332a519
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// CPU groups allow Hyper-V administrators to better manage and allocate the host's CPU resources across guest virtual machines
+type CpuGroup struct {
+ Id string `json:"Id,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_affinity.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_affinity.go
new file mode 100644
index 000000000..8794961bf
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_affinity.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type CpuGroupAffinity struct {
+ LogicalProcessorCount int32 `json:"LogicalProcessorCount,omitempty"`
+ LogicalProcessors []int32 `json:"LogicalProcessors,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_config.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_config.go
new file mode 100644
index 000000000..0be0475d4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_config.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type CpuGroupConfig struct {
+ GroupId string `json:"GroupId,omitempty"`
+ Affinity *CpuGroupAffinity `json:"Affinity,omitempty"`
+ GroupProperties []CpuGroupProperty `json:"GroupProperties,omitempty"`
+ // Hypervisor CPU group IDs exposed to clients
+ HypervisorGroupId uint64 `json:"HypervisorGroupId,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_configurations.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_configurations.go
new file mode 100644
index 000000000..3ace0ccc3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_configurations.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Structure used to return cpu groups for a Service property query
+type CpuGroupConfigurations struct {
+ CpuGroups []CpuGroupConfig `json:"CpuGroups,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_operations.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_operations.go
new file mode 100644
index 000000000..7d8978070
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_operations.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type CPUGroupOperation string
+
+const (
+ CreateGroup CPUGroupOperation = "CreateGroup"
+ DeleteGroup CPUGroupOperation = "DeleteGroup"
+ SetProperty CPUGroupOperation = "SetProperty"
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go
new file mode 100644
index 000000000..31fe07c3a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go
@@ -0,0 +1,23 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type CPUGroupPropertyCode uint32
+
+const (
+ CPUCapacityProperty = 0x00010000
+ CPUSchedulingPriorityProperty = 0x00020000
+ IdleLPReserveProperty = 0x00030000
+)
+
+type CpuGroupProperty struct {
+ PropertyCode uint32 `json:"PropertyCode,omitempty"`
+ PropertyValue uint32 `json:"PropertyValue,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/create_group_operation.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/create_group_operation.go
new file mode 100644
index 000000000..91a8278fe
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/create_group_operation.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Create group operation settings
+type CreateGroupOperation struct {
+ GroupId string `json:"GroupId,omitempty"`
+ LogicalProcessorCount uint32 `json:"LogicalProcessorCount,omitempty"`
+ LogicalProcessors []uint32 `json:"LogicalProcessors,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/debug_options.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/debug_options.go
new file mode 100644
index 000000000..5385850fe
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/debug_options.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type DebugOptions struct {
+ // BugcheckSavedStateFileName is the path for the file in which the guest VM state will be saved when
+ // the guest crashes.
+ BugcheckSavedStateFileName string `json:"BugcheckSavedStateFileName,omitempty"`
+ // BugcheckNoCrashdumpSavedStateFileName is the path of the file in which the guest VM state will be
+ // saved when the guest crashes but the guest isn't able to generate the crash dump. This usually
+ // happens in early boot failures.
+ BugcheckNoCrashdumpSavedStateFileName string `json:"BugcheckNoCrashdumpSavedStateFileName,omitempty"`
+ TripleFaultSavedStateFileName string `json:"TripleFaultSavedStateFileName,omitempty"`
+ FirmwareDumpFileName string `json:"FirmwareDumpFileName,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/delete_group_operation.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/delete_group_operation.go
new file mode 100644
index 000000000..134bd9881
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/delete_group_operation.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Delete group operation settings
+type DeleteGroupOperation struct {
+ GroupId string `json:"GroupId,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/device.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/device.go
new file mode 100644
index 000000000..31c4538af
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/device.go
@@ -0,0 +1,27 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type DeviceType string
+
+const (
+ ClassGUID DeviceType = "ClassGuid"
+ DeviceInstanceID DeviceType = "DeviceInstance"
+ GPUMirror DeviceType = "GpuMirror"
+)
+
+type Device struct {
+ // The type of device to assign to the container.
+ Type DeviceType `json:"Type,omitempty"`
+ // The interface class guid of the device interfaces to assign to the container. Only used when Type is ClassGuid.
+ InterfaceClassGuid string `json:"InterfaceClassGuid,omitempty"`
+ // The location path of the device to assign to the container. Only used when Type is DeviceInstanceID.
+ LocationPath string `json:"LocationPath,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/devices.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/devices.go
new file mode 100644
index 000000000..e985d96d2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/devices.go
@@ -0,0 +1,46 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Devices struct {
+ ComPorts map[string]ComPort `json:"ComPorts,omitempty"`
+
+ Scsi map[string]Scsi `json:"Scsi,omitempty"`
+
+ VirtualPMem *VirtualPMemController `json:"VirtualPMem,omitempty"`
+
+ NetworkAdapters map[string]NetworkAdapter `json:"NetworkAdapters,omitempty"`
+
+ VideoMonitor *VideoMonitor `json:"VideoMonitor,omitempty"`
+
+ Keyboard *Keyboard `json:"Keyboard,omitempty"`
+
+ Mouse *Mouse `json:"Mouse,omitempty"`
+
+ HvSocket *HvSocket2 `json:"HvSocket,omitempty"`
+
+ EnhancedModeVideo *EnhancedModeVideo `json:"EnhancedModeVideo,omitempty"`
+
+ GuestCrashReporting *GuestCrashReporting `json:"GuestCrashReporting,omitempty"`
+
+ VirtualSmb *VirtualSmb `json:"VirtualSmb,omitempty"`
+
+ Plan9 *Plan9 `json:"Plan9,omitempty"`
+
+ Battery *Battery `json:"Battery,omitempty"`
+
+ FlexibleIov map[string]FlexibleIoDevice `json:"FlexibleIov,omitempty"`
+
+ SharedMemory *SharedMemoryConfiguration `json:"SharedMemory,omitempty"`
+
+ // TODO: This is pre-release support in schema 2.3. Need to add build number
+ // docs when a public build with this is out.
+ VirtualPci map[string]VirtualPciDevice `json:",omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/enhanced_mode_video.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/enhanced_mode_video.go
new file mode 100644
index 000000000..85450c41e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/enhanced_mode_video.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type EnhancedModeVideo struct {
+ ConnectionOptions *RdpConnectionOptions `json:"ConnectionOptions,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/flexible_io_device.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/flexible_io_device.go
new file mode 100644
index 000000000..fe86cab65
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/flexible_io_device.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type FlexibleIoDevice struct {
+ EmulatorId string `json:"EmulatorId,omitempty"`
+
+ HostingModel string `json:"HostingModel,omitempty"`
+
+ Configuration []string `json:"Configuration,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection.go
new file mode 100644
index 000000000..7db29495b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type GuestConnection struct {
+
+ // Use Vsock rather than Hyper-V sockets to communicate with the guest service.
+ UseVsock bool `json:"UseVsock,omitempty"`
+
+ // Don't disconnect the guest connection when pausing the virtual machine.
+ UseConnectedSuspend bool `json:"UseConnectedSuspend,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection_info.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection_info.go
new file mode 100644
index 000000000..8a369bab7
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection_info.go
@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Information about the guest.
+type GuestConnectionInfo struct {
+
+ // Each schema version x.y stands for the range of versions a.b where a==x and b<=y. This list comes from the SupportedSchemaVersions field in GcsCapabilities.
+ SupportedSchemaVersions []Version `json:"SupportedSchemaVersions,omitempty"`
+
+ ProtocolVersion int32 `json:"ProtocolVersion,omitempty"`
+
+ GuestDefinedCapabilities *interface{} `json:"GuestDefinedCapabilities,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_crash_reporting.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_crash_reporting.go
new file mode 100644
index 000000000..af8280048
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_crash_reporting.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type GuestCrashReporting struct {
+ WindowsCrashSettings *WindowsCrashReporting `json:"WindowsCrashSettings,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_os.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_os.go
new file mode 100644
index 000000000..8838519a3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_os.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type GuestOs struct {
+ HostName string `json:"HostName,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go
new file mode 100644
index 000000000..a48a65394
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go
@@ -0,0 +1,25 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type GuestState struct {
+
+ // The path to an existing file uses for persistent guest state storage. An empty string indicates the system should initialize new transient, in-memory guest state.
+ GuestStateFilePath string `json:"GuestStateFilePath,omitempty"`
+
+ // The guest state file type affected by different guest isolation modes - whether a file or block storage.
+ GuestStateFileType string `json:"GuestStateFileType,omitempty"`
+
+ // The path to an existing file for persistent runtime state storage. An empty string indicates the system should initialize new transient, in-memory runtime state.
+ RuntimeStateFilePath string `json:"RuntimeStateFilePath,omitempty"`
+
+ // If true, the guest state and runtime state files will be used as templates to populate transient, in-memory state instead of using the files as persistent backing store.
+ ForceTransientState bool `json:"ForceTransientState,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/host_processor_modify_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/host_processor_modify_request.go
new file mode 100644
index 000000000..2238ce530
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/host_processor_modify_request.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Structure used to request a service processor modification
+type HostProcessorModificationRequest struct {
+ Operation CPUGroupOperation `json:"Operation,omitempty"`
+ OperationDetails interface{} `json:"OperationDetails,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hosted_system.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hosted_system.go
new file mode 100644
index 000000000..ea3084bca
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hosted_system.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type HostedSystem struct {
+ SchemaVersion *Version `json:"SchemaVersion,omitempty"`
+
+ Container *Container `json:"Container,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket.go
new file mode 100644
index 000000000..23b2ee9e7
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type HvSocket struct {
+ Config *HvSocketSystemConfig `json:"Config,omitempty"`
+
+ EnablePowerShellDirect bool `json:"EnablePowerShellDirect,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_2.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_2.go
new file mode 100644
index 000000000..a017691f0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_2.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// HvSocket configuration for a VM
+type HvSocket2 struct {
+ HvSocketConfig *HvSocketSystemConfig `json:"HvSocketConfig,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_address.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_address.go
new file mode 100644
index 000000000..84c11b93e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_address.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// This class defines address settings applied to a VM
+// by the GCS every time a VM starts or restores.
+type HvSocketAddress struct {
+ LocalAddress string `json:"LocalAddress,omitempty"`
+ ParentAddress string `json:"ParentAddress,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_service_config.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_service_config.go
new file mode 100644
index 000000000..ecd9f7fba
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_service_config.go
@@ -0,0 +1,28 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type HvSocketServiceConfig struct {
+
+ // SDDL string that HvSocket will check before allowing a host process to bind to this specific service. If not specified, defaults to the system DefaultBindSecurityDescriptor, defined in HvSocketSystemWpConfig in V1.
+ BindSecurityDescriptor string `json:"BindSecurityDescriptor,omitempty"`
+
+ // SDDL string that HvSocket will check before allowing a host process to connect to this specific service. If not specified, defaults to the system DefaultConnectSecurityDescriptor, defined in HvSocketSystemWpConfig in V1.
+ ConnectSecurityDescriptor string `json:"ConnectSecurityDescriptor,omitempty"`
+
+ // If true, HvSocket will process wildcard binds for this service/system combination. Wildcard binds are secured in the registry at SOFTWARE/Microsoft/Windows NT/CurrentVersion/Virtualization/HvSocket/WildcardDescriptors
+ AllowWildcardBinds bool `json:"AllowWildcardBinds,omitempty"`
+
+ // Disabled controls whether the HvSocket service is accepting connection requests.
+ // This set to true will make the service refuse all incoming connections as well as cancel
+ // any connections already established. The service itself will still be active however
+ // and can be re-enabled at a future time.
+ Disabled bool `json:"Disabled,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_system_config.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_system_config.go
new file mode 100644
index 000000000..69f4f9d39
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_system_config.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// This is the HCS Schema version of the HvSocket configuration. The VMWP version is located in Config.Devices.IC in V1.
+type HvSocketSystemConfig struct {
+
+ // SDDL string that HvSocket will check before allowing a host process to bind to an unlisted service for this specific container/VM (not wildcard binds).
+ DefaultBindSecurityDescriptor string `json:"DefaultBindSecurityDescriptor,omitempty"`
+
+ // SDDL string that HvSocket will check before allowing a host process to connect to an unlisted service in the VM/container.
+ DefaultConnectSecurityDescriptor string `json:"DefaultConnectSecurityDescriptor,omitempty"`
+
+ ServiceTable map[string]HvSocketServiceConfig `json:"ServiceTable,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/interrupt_moderation_mode.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/interrupt_moderation_mode.go
new file mode 100644
index 000000000..a614d63bd
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/interrupt_moderation_mode.go
@@ -0,0 +1,42 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type InterruptModerationName string
+
+// The valid interrupt moderation modes for I/O virtualization (IOV) offloading.
+const (
+ DefaultName InterruptModerationName = "Default"
+ AdaptiveName InterruptModerationName = "Adaptive"
+ OffName InterruptModerationName = "Off"
+ LowName InterruptModerationName = "Low"
+ MediumName InterruptModerationName = "Medium"
+ HighName InterruptModerationName = "High"
+)
+
+type InterruptModerationValue uint32
+
+const (
+ DefaultValue InterruptModerationValue = iota
+ AdaptiveValue
+ OffValue
+ LowValue InterruptModerationValue = 100
+ MediumValue InterruptModerationValue = 200
+ HighValue InterruptModerationValue = 300
+)
+
+var InterruptModerationValueToName = map[InterruptModerationValue]InterruptModerationName{
+ DefaultValue: DefaultName,
+ AdaptiveValue: AdaptiveName,
+ OffValue: OffName,
+ LowValue: LowName,
+ MediumValue: MediumName,
+ HighValue: HighName,
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/iov_settings.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/iov_settings.go
new file mode 100644
index 000000000..2a55cc37c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/iov_settings.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type IovSettings struct {
+ // The weight assigned to this port for I/O virtualization (IOV) offloading.
+ // Setting this to 0 disables IOV offloading.
+ OffloadWeight *uint32 `json:"OffloadWeight,omitempty"`
+
+ // The number of queue pairs requested for this port for I/O virtualization (IOV) offloading.
+ QueuePairsRequested *uint32 `json:"QueuePairsRequested,omitempty"`
+
+ // The interrupt moderation mode for I/O virtualization (IOV) offloading.
+ InterruptModeration *InterruptModerationName `json:"InterruptModeration,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/isolation_settings.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/isolation_settings.go
new file mode 100644
index 000000000..a34c2f99a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/isolation_settings.go
@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type IsolationSettings struct {
+ // Guest isolation type options to decide virtual trust levels of virtual machine
+ IsolationType string `json:"IsolationType,omitempty"`
+ // Configuration to debug HCL layer for HCS VM TODO: Task 31102306: Miss the way to prevent the exposure of private debug configuration in HCS TODO: Think about the secret configurations which are private in VMMS VM (only edit by hvsedit)
+ DebugHost string `json:"DebugHost,omitempty"`
+ DebugPort int64 `json:"DebugPort,omitempty"`
+ // Optional data passed by host on isolated virtual machine start
+ LaunchData string `json:"LaunchData,omitempty"`
+ HclEnabled *bool `json:"HclEnabled,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/keyboard.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/keyboard.go
new file mode 100644
index 000000000..3d3fa3b1c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/keyboard.go
@@ -0,0 +1,13 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Keyboard struct {
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/layer.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/layer.go
new file mode 100644
index 000000000..176c49d49
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/layer.go
@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Layer struct {
+ Id string `json:"Id,omitempty"`
+
+ Path string `json:"Path,omitempty"`
+
+ PathType string `json:"PathType,omitempty"`
+
+ // Unspecified defaults to Enabled
+ Cache string `json:"Cache,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/linux_kernel_direct.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/linux_kernel_direct.go
new file mode 100644
index 000000000..0ab6c280f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/linux_kernel_direct.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.2
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type LinuxKernelDirect struct {
+ KernelFilePath string `json:"KernelFilePath,omitempty"`
+
+ InitRdPath string `json:"InitRdPath,omitempty"`
+
+ KernelCmdLine string `json:"KernelCmdLine,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/logical_processor.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/logical_processor.go
new file mode 100644
index 000000000..2e3aa5e17
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/logical_processor.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type LogicalProcessor struct {
+ LpIndex uint32 `json:"LpIndex,omitempty"`
+ NodeNumber uint8 `json:"NodeNumber,omitempty"`
+ PackageId uint32 `json:"PackageId,omitempty"`
+ CoreId uint32 `json:"CoreId,omitempty"`
+ RootVpIndex int32 `json:"RootVpIndex,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_directory.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_directory.go
new file mode 100644
index 000000000..9b86a4045
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_directory.go
@@ -0,0 +1,20 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type MappedDirectory struct {
+ HostPath string `json:"HostPath,omitempty"`
+
+ HostPathType string `json:"HostPathType,omitempty"`
+
+ ContainerPath string `json:"ContainerPath,omitempty"`
+
+ ReadOnly bool `json:"ReadOnly,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_pipe.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_pipe.go
new file mode 100644
index 000000000..208074e9a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_pipe.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type MappedPipe struct {
+ ContainerPipeName string `json:"ContainerPipeName,omitempty"`
+
+ HostPath string `json:"HostPath,omitempty"`
+
+ HostPathType string `json:"HostPathType,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory.go
new file mode 100644
index 000000000..30749c672
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Memory struct {
+ SizeInMB uint64 `json:"SizeInMB,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_2.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_2.go
new file mode 100644
index 000000000..71224c75b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_2.go
@@ -0,0 +1,49 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Memory2 struct {
+ SizeInMB uint64 `json:"SizeInMB,omitempty"`
+
+ AllowOvercommit bool `json:"AllowOvercommit,omitempty"`
+
+ EnableHotHint bool `json:"EnableHotHint,omitempty"`
+
+ EnableColdHint bool `json:"EnableColdHint,omitempty"`
+
+ EnableEpf bool `json:"EnableEpf,omitempty"`
+
+ // EnableDeferredCommit is private in the schema. If regenerated need to add back.
+ EnableDeferredCommit bool `json:"EnableDeferredCommit,omitempty"`
+
+ // EnableColdDiscardHint if enabled, then the memory cold discard hint feature is exposed
+ // to the VM, allowing it to trim non-zeroed pages from the working set (if supported by
+ // the guest operating system).
+ EnableColdDiscardHint bool `json:"EnableColdDiscardHint,omitempty"`
+
+ // LowMmioGapInMB is the low MMIO region allocated below 4GB.
+ //
+ // TODO: This is pre-release support in schema 2.3. Need to add build number
+ // docs when a public build with this is out.
+ LowMMIOGapInMB uint64 `json:"LowMmioGapInMB,omitempty"`
+
+ // HighMmioBaseInMB is the high MMIO region allocated above 4GB (base and
+ // size).
+ //
+ // TODO: This is pre-release support in schema 2.3. Need to add build number
+ // docs when a public build with this is out.
+ HighMMIOBaseInMB uint64 `json:"HighMmioBaseInMB,omitempty"`
+
+ // HighMmioGapInMB is the high MMIO region.
+ //
+ // TODO: This is pre-release support in schema 2.3. Need to add build number
+ // docs when a public build with this is out.
+ HighMMIOGapInMB uint64 `json:"HighMmioGapInMB,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_information_for_vm.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_information_for_vm.go
new file mode 100644
index 000000000..811779b04
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_information_for_vm.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type MemoryInformationForVm struct {
+ VirtualNodeCount uint32 `json:"VirtualNodeCount,omitempty"`
+
+ VirtualMachineMemory *VmMemory `json:"VirtualMachineMemory,omitempty"`
+
+ VirtualNodes []VirtualNodeInfo `json:"VirtualNodes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_stats.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_stats.go
new file mode 100644
index 000000000..906ba597f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_stats.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Memory runtime statistics
+type MemoryStats struct {
+ MemoryUsageCommitBytes uint64 `json:"MemoryUsageCommitBytes,omitempty"`
+
+ MemoryUsageCommitPeakBytes uint64 `json:"MemoryUsageCommitPeakBytes,omitempty"`
+
+ MemoryUsagePrivateWorkingSetBytes uint64 `json:"MemoryUsagePrivateWorkingSetBytes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_container_definition_device.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_container_definition_device.go
new file mode 100644
index 000000000..8dbe40b3b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_container_definition_device.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ContainerDefinitionDevice struct {
+ DeviceExtension []DeviceExtension `json:"device_extension,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_category.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_category.go
new file mode 100644
index 000000000..8fe89f927
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_category.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type DeviceCategory struct {
+ Name string `json:"name,omitempty"`
+ InterfaceClass []InterfaceClass `json:"interface_class,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_extension.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_extension.go
new file mode 100644
index 000000000..a62568d89
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_extension.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type DeviceExtension struct {
+ DeviceCategory *DeviceCategory `json:"device_category,omitempty"`
+ Namespace *DeviceExtensionNamespace `json:"namespace,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_instance.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_instance.go
new file mode 100644
index 000000000..a7410febd
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_instance.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type DeviceInstance struct {
+ Id string `json:"id,omitempty"`
+ LocationPath string `json:"location_path,omitempty"`
+ PortName string `json:"port_name,omitempty"`
+ InterfaceClass []InterfaceClass `json:"interface_class,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_namespace.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_namespace.go
new file mode 100644
index 000000000..355364064
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_device_namespace.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type DeviceNamespace struct {
+ RequiresDriverstore bool `json:"requires_driverstore,omitempty"`
+ DeviceCategory []DeviceCategory `json:"device_category,omitempty"`
+ DeviceInstance []DeviceInstance `json:"device_instance,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_interface_class.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_interface_class.go
new file mode 100644
index 000000000..7be98b541
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_interface_class.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type InterfaceClass struct {
+ Type_ string `json:"type,omitempty"`
+ Identifier string `json:"identifier,omitempty"`
+ Recurse bool `json:"recurse,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_namespace.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_namespace.go
new file mode 100644
index 000000000..3ab9cf1ec
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_namespace.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type DeviceExtensionNamespace struct {
+ Ob *ObjectNamespace `json:"ob,omitempty"`
+ Device *DeviceNamespace `json:"device,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_object_directory.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_object_directory.go
new file mode 100644
index 000000000..d2f51b3b5
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_object_directory.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ObjectDirectory struct {
+ Name string `json:"name,omitempty"`
+ Clonesd string `json:"clonesd,omitempty"`
+ Shadow string `json:"shadow,omitempty"`
+ Symlink []ObjectSymlink `json:"symlink,omitempty"`
+ Objdir []ObjectDirectory `json:"objdir,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_object_namespace.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_object_namespace.go
new file mode 100644
index 000000000..47dfb55bf
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_object_namespace.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ObjectNamespace struct {
+ Shadow string `json:"shadow,omitempty"`
+ Symlink []ObjectSymlink `json:"symlink,omitempty"`
+ Objdir []ObjectDirectory `json:"objdir,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_object_symlink.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_object_symlink.go
new file mode 100644
index 000000000..8867ebe5f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/model_object_symlink.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ObjectSymlink struct {
+ Name string `json:"name,omitempty"`
+ Path string `json:"path,omitempty"`
+ Scope string `json:"scope,omitempty"`
+ Pathtoclone string `json:"pathtoclone,omitempty"`
+ AccessMask int32 `json:"access_mask,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modification_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modification_request.go
new file mode 100644
index 000000000..1384ed888
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modification_request.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ModificationRequest struct {
+ PropertyType PropertyType `json:"PropertyType,omitempty"`
+ Settings interface{} `json:"Settings,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go
new file mode 100644
index 000000000..6364da8e2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import "github.com/Microsoft/hcsshim/internal/protocol/guestrequest"
+
+type ModifySettingRequest struct {
+ ResourcePath string `json:"ResourcePath,omitempty"`
+
+ RequestType guestrequest.RequestType `json:"RequestType,omitempty"` // NOTE: Swagger generated as string. Locally updated.
+
+ Settings interface{} `json:"Settings,omitempty"` // NOTE: Swagger generated as *interface{}. Locally updated
+
+ GuestRequest interface{} `json:"GuestRequest,omitempty"` // NOTE: Swagger generated as *interface{}. Locally updated
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mouse.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mouse.go
new file mode 100644
index 000000000..ccf8b938f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mouse.go
@@ -0,0 +1,13 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Mouse struct {
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/network_adapter.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/network_adapter.go
new file mode 100644
index 000000000..7408abd31
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/network_adapter.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type NetworkAdapter struct {
+ EndpointId string `json:"EndpointId,omitempty"`
+ MacAddress string `json:"MacAddress,omitempty"`
+ // The I/O virtualization (IOV) offloading configuration.
+ IovSettings *IovSettings `json:"IovSettings,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/networking.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/networking.go
new file mode 100644
index 000000000..e5ea187a2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/networking.go
@@ -0,0 +1,23 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Networking struct {
+ AllowUnqualifiedDnsQuery bool `json:"AllowUnqualifiedDnsQuery,omitempty"`
+
+ DnsSearchList string `json:"DnsSearchList,omitempty"`
+
+ NetworkSharedContainerName string `json:"NetworkSharedContainerName,omitempty"`
+
+ // Guid in windows; string in linux
+ Namespace string `json:"Namespace,omitempty"`
+
+ NetworkAdapters []string `json:"NetworkAdapters,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_notification.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_notification.go
new file mode 100644
index 000000000..d96c9501f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_notification.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Notification data that is indicated to components running in the Virtual Machine.
+type PauseNotification struct {
+ Reason string `json:"Reason,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_options.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_options.go
new file mode 100644
index 000000000..21707a88e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_options.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Options for HcsPauseComputeSystem
+type PauseOptions struct {
+ SuspensionLevel string `json:"SuspensionLevel,omitempty"`
+
+ HostedNotification *PauseNotification `json:"HostedNotification,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9.go
new file mode 100644
index 000000000..29d8c8012
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Plan9 struct {
+ Shares []Plan9Share `json:"Shares,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9_share.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9_share.go
new file mode 100644
index 000000000..41f8fdea0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9_share.go
@@ -0,0 +1,34 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Plan9Share struct {
+ Name string `json:"Name,omitempty"`
+
+ // The name by which the guest operation system can access this share, via the aname parameter in the Plan9 protocol.
+ AccessName string `json:"AccessName,omitempty"`
+
+ Path string `json:"Path,omitempty"`
+
+ Port int32 `json:"Port,omitempty"`
+
+ // Flags are marked private. Until they are exported correctly
+ //
+ // ReadOnly 0x00000001
+ // LinuxMetadata 0x00000004
+ // CaseSensitive 0x00000008
+ Flags int32 `json:"Flags,omitempty"`
+
+ ReadOnly bool `json:"ReadOnly,omitempty"`
+
+ UseShareRootIdentity bool `json:"UseShareRootIdentity,omitempty"`
+
+ AllowedFiles []string `json:"AllowedFiles,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_details.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_details.go
new file mode 100644
index 000000000..e9a662dd5
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_details.go
@@ -0,0 +1,33 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import (
+ "time"
+)
+
+// Information about a process running in a container
+type ProcessDetails struct {
+ ProcessId int32 `json:"ProcessId,omitempty"`
+
+ ImageName string `json:"ImageName,omitempty"`
+
+ CreateTimestamp time.Time `json:"CreateTimestamp,omitempty"`
+
+ UserTime100ns int32 `json:"UserTime100ns,omitempty"`
+
+ KernelTime100ns int32 `json:"KernelTime100ns,omitempty"`
+
+ MemoryCommitBytes int32 `json:"MemoryCommitBytes,omitempty"`
+
+ MemoryWorkingSetPrivateBytes int32 `json:"MemoryWorkingSetPrivateBytes,omitempty"`
+
+ MemoryWorkingSetSharedBytes int32 `json:"MemoryWorkingSetSharedBytes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_modify_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_modify_request.go
new file mode 100644
index 000000000..862b7911e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_modify_request.go
@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import "github.com/Microsoft/hcsshim/internal/protocol/guestrequest"
+
+// Passed to HcsRpc_ModifyProcess
+type ProcessModifyRequest struct {
+ Operation guestrequest.ProcessModifyOperation `json:"Operation,omitempty"` // NOTE: Swagger generated as string. Locally updated.
+
+ ConsoleSize *ConsoleSize `json:"ConsoleSize,omitempty"`
+
+ CloseHandle *CloseHandle `json:"CloseHandle,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_parameters.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_parameters.go
new file mode 100644
index 000000000..82b0d0532
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_parameters.go
@@ -0,0 +1,46 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ProcessParameters struct {
+ ApplicationName string `json:"ApplicationName,omitempty"`
+
+ CommandLine string `json:"CommandLine,omitempty"`
+
+ // optional alternative to CommandLine, currently only supported by Linux GCS
+ CommandArgs []string `json:"CommandArgs,omitempty"`
+
+ User string `json:"User,omitempty"`
+
+ WorkingDirectory string `json:"WorkingDirectory,omitempty"`
+
+ Environment map[string]string `json:"Environment,omitempty"`
+
+ // if set, will run as low-privilege process
+ RestrictedToken bool `json:"RestrictedToken,omitempty"`
+
+ // if set, ignore StdErrPipe
+ EmulateConsole bool `json:"EmulateConsole,omitempty"`
+
+ CreateStdInPipe bool `json:"CreateStdInPipe,omitempty"`
+
+ CreateStdOutPipe bool `json:"CreateStdOutPipe,omitempty"`
+
+ CreateStdErrPipe bool `json:"CreateStdErrPipe,omitempty"`
+
+ // height then width
+ ConsoleSize []int32 `json:"ConsoleSize,omitempty"`
+
+ // if set, find an existing session for the user and create the process in it
+ UseExistingLogin bool `json:"UseExistingLogin,omitempty"`
+
+ // if set, use the legacy console instead of conhost
+ UseLegacyConsole bool `json:"UseLegacyConsole,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_status.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_status.go
new file mode 100644
index 000000000..3c371d465
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_status.go
@@ -0,0 +1,24 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// NOTE: Swagger generated fields as int32. Locally updated to uint16 to match documentation.
+// https://learn.microsoft.com/en-us/virtualization/api/hcs/schemareference#ConsoleSize
+
+// Status of a process running in a container
+type ProcessStatus struct {
+ ProcessId uint32 `json:"ProcessId,omitempty"` // NOTE: Swagger generated as int32. Locally updated to match documentation.
+
+ Exited bool `json:"Exited,omitempty"`
+
+ ExitCode uint32 `json:"ExitCode,omitempty"` // NOTE: Swagger generated as int32. Locally updated to match documentation.
+
+ LastWaitResult int32 `json:"LastWaitResult,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor.go
new file mode 100644
index 000000000..bb24e88da
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Processor struct {
+ Count int32 `json:"Count,omitempty"`
+
+ Maximum int32 `json:"Maximum,omitempty"`
+
+ Weight int32 `json:"Weight,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_2.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_2.go
new file mode 100644
index 000000000..c64f335ec
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_2.go
@@ -0,0 +1,23 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.5
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Processor2 struct {
+ Count int32 `json:"Count,omitempty"`
+
+ Limit int32 `json:"Limit,omitempty"`
+
+ Weight int32 `json:"Weight,omitempty"`
+
+ ExposeVirtualizationExtensions bool `json:"ExposeVirtualizationExtensions,omitempty"`
+
+ // An optional object that configures the CPU Group to which a Virtual Machine is going to bind to.
+ CpuGroup *CpuGroup `json:"CpuGroup,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_stats.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_stats.go
new file mode 100644
index 000000000..6157e2522
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_stats.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// CPU runtime statistics
+type ProcessorStats struct {
+ TotalRuntime100ns uint64 `json:"TotalRuntime100ns,omitempty"`
+
+ RuntimeUser100ns uint64 `json:"RuntimeUser100ns,omitempty"`
+
+ RuntimeKernel100ns uint64 `json:"RuntimeKernel100ns,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_topology.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_topology.go
new file mode 100644
index 000000000..885156e77
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_topology.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type ProcessorTopology struct {
+ LogicalProcessorCount uint32 `json:"LogicalProcessorCount,omitempty"`
+ LogicalProcessors []LogicalProcessor `json:"LogicalProcessors,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/properties.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/properties.go
new file mode 100644
index 000000000..0c7efe8d4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/properties.go
@@ -0,0 +1,54 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import (
+ v1 "github.com/containerd/cgroups/v3/cgroup1/stats"
+)
+
+type Properties struct {
+ Id string `json:"Id,omitempty"`
+
+ SystemType string `json:"SystemType,omitempty"`
+
+ RuntimeOsType string `json:"RuntimeOsType,omitempty"`
+
+ Name string `json:"Name,omitempty"`
+
+ Owner string `json:"Owner,omitempty"`
+
+ RuntimeId string `json:"RuntimeId,omitempty"`
+
+ RuntimeTemplateId string `json:"RuntimeTemplateId,omitempty"`
+
+ State string `json:"State,omitempty"`
+
+ Stopped bool `json:"Stopped,omitempty"`
+
+ ExitType string `json:"ExitType,omitempty"`
+
+ Memory *MemoryInformationForVm `json:"Memory,omitempty"`
+
+ Statistics *Statistics `json:"Statistics,omitempty"`
+
+ ProcessList []ProcessDetails `json:"ProcessList,omitempty"`
+
+ TerminateOnLastHandleClosed bool `json:"TerminateOnLastHandleClosed,omitempty"`
+
+ HostingSystemId string `json:"HostingSystemId,omitempty"`
+
+ SharedMemoryRegionInfo []SharedMemoryRegionInfo `json:"SharedMemoryRegionInfo,omitempty"`
+
+ GuestConnectionInfo *GuestConnectionInfo `json:"GuestConnectionInfo,omitempty"`
+
+ // Metrics is not part of the API for HCS but this is used for LCOW v2 to
+ // return the full cgroup metrics from the guest.
+ Metrics *v1.Metrics `json:"LCOWMetrics,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_query.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_query.go
new file mode 100644
index 000000000..d6d80df13
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_query.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// By default the basic properties will be returned. This query provides a way to request specific properties.
+type PropertyQuery struct {
+ PropertyTypes []PropertyType `json:"PropertyTypes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_type.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_type.go
new file mode 100644
index 000000000..98f2c96ed
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_type.go
@@ -0,0 +1,26 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type PropertyType string
+
+const (
+ PTMemory PropertyType = "Memory"
+ PTGuestMemory PropertyType = "GuestMemory"
+ PTStatistics PropertyType = "Statistics"
+ PTProcessList PropertyType = "ProcessList"
+ PTTerminateOnLastHandleClosed PropertyType = "TerminateOnLastHandleClosed"
+ PTSharedMemoryRegion PropertyType = "SharedMemoryRegion"
+ PTContainerCredentialGuard PropertyType = "ContainerCredentialGuard" // This field is not generated by swagger. This was added manually.
+ PTGuestConnection PropertyType = "GuestConnection"
+ PTICHeartbeatStatus PropertyType = "ICHeartbeatStatus"
+ PTProcessorTopology PropertyType = "ProcessorTopology"
+ PTCPUGroup PropertyType = "CpuGroup"
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/rdp_connection_options.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/rdp_connection_options.go
new file mode 100644
index 000000000..8d5f5c171
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/rdp_connection_options.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type RdpConnectionOptions struct {
+ AccessSids []string `json:"AccessSids,omitempty"`
+
+ NamedPipe string `json:"NamedPipe,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_changes.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_changes.go
new file mode 100644
index 000000000..006906f6e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_changes.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type RegistryChanges struct {
+ AddValues []RegistryValue `json:"AddValues,omitempty"`
+
+ DeleteKeys []RegistryKey `json:"DeleteKeys,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_key.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_key.go
new file mode 100644
index 000000000..26fde99c7
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_key.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type RegistryKey struct {
+ Hive string `json:"Hive,omitempty"`
+
+ Name string `json:"Name,omitempty"`
+
+ Volatile bool `json:"Volatile,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_value.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_value.go
new file mode 100644
index 000000000..3f203176c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_value.go
@@ -0,0 +1,30 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type RegistryValue struct {
+ Key *RegistryKey `json:"Key,omitempty"`
+
+ Name string `json:"Name,omitempty"`
+
+ Type_ string `json:"Type,omitempty"`
+
+ // One and only one value type must be set.
+ StringValue string `json:"StringValue,omitempty"`
+
+ BinaryValue string `json:"BinaryValue,omitempty"`
+
+ DWordValue int32 `json:"DWordValue,omitempty"`
+
+ QWordValue int32 `json:"QWordValue,omitempty"`
+
+ // Only used if RegistryValueType is CustomType The data is in BinaryValue
+ CustomType int32 `json:"CustomType,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/restore_state.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/restore_state.go
new file mode 100644
index 000000000..778ff5873
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/restore_state.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type RestoreState struct {
+
+ // The path to the save state file to restore the system from.
+ SaveStateFilePath string `json:"SaveStateFilePath,omitempty"`
+
+ // The ID of the template system to clone this new system off of. An empty string indicates the system should not be cloned from a template.
+ TemplateSystemId string `json:"TemplateSystemId,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/save_options.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/save_options.go
new file mode 100644
index 000000000..e55fa1d98
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/save_options.go
@@ -0,0 +1,19 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SaveOptions struct {
+
+ // The type of save operation to be performed.
+ SaveType string `json:"SaveType,omitempty"`
+
+ // The path to the file that will container the saved state.
+ SaveStateFilePath string `json:"SaveStateFilePath,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/scsi.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/scsi.go
new file mode 100644
index 000000000..bf253a470
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/scsi.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Scsi struct {
+
+ // Map of attachments, where the key is the integer LUN number on the controller.
+ Attachments map[string]Attachment `json:"Attachments,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/security_settings.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/security_settings.go
new file mode 100644
index 000000000..14f0299e3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/security_settings.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SecuritySettings struct {
+ // Enablement of Trusted Platform Module on the computer system
+ EnableTpm bool `json:"EnableTpm,omitempty"`
+ Isolation *IsolationSettings `json:"Isolation,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/service_properties.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/service_properties.go
new file mode 100644
index 000000000..b8142ca6a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/service_properties.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import "encoding/json"
+
+type ServiceProperties struct {
+ // Changed Properties field to []json.RawMessage from []interface{} to avoid having to
+ // remarshal sp.Properties[n] and unmarshal into the type(s) we want.
+ Properties []json.RawMessage `json:"Properties,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_configuration.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_configuration.go
new file mode 100644
index 000000000..df9baa921
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_configuration.go
@@ -0,0 +1,14 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SharedMemoryConfiguration struct {
+ Regions []SharedMemoryRegion `json:"Regions,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region.go
new file mode 100644
index 000000000..825b71865
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SharedMemoryRegion struct {
+ SectionName string `json:"SectionName,omitempty"`
+
+ StartOffset int32 `json:"StartOffset,omitempty"`
+
+ Length int32 `json:"Length,omitempty"`
+
+ AllowGuestWrite bool `json:"AllowGuestWrite,omitempty"`
+
+ HiddenFromGuest bool `json:"HiddenFromGuest,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region_info.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region_info.go
new file mode 100644
index 000000000..f67b08eb5
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region_info.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SharedMemoryRegionInfo struct {
+ SectionName string `json:"SectionName,omitempty"`
+
+ GuestPhysicalAddress int32 `json:"GuestPhysicalAddress,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/silo_properties.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/silo_properties.go
new file mode 100644
index 000000000..5eaf6a7f4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/silo_properties.go
@@ -0,0 +1,17 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Silo job information
+type SiloProperties struct {
+ Enabled bool `json:"Enabled,omitempty"`
+
+ JobName string `json:"JobName,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/statistics.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/statistics.go
new file mode 100644
index 000000000..ba7a6b396
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/statistics.go
@@ -0,0 +1,29 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+import (
+ "time"
+)
+
+// Runtime statistics for a container
+type Statistics struct {
+ Timestamp time.Time `json:"Timestamp,omitempty"`
+
+ ContainerStartTime time.Time `json:"ContainerStartTime,omitempty"`
+
+ Uptime100ns uint64 `json:"Uptime100ns,omitempty"`
+
+ Processor *ProcessorStats `json:"Processor,omitempty"`
+
+ Memory *MemoryStats `json:"Memory,omitempty"`
+
+ Storage *StorageStats `json:"Storage,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage.go
new file mode 100644
index 000000000..2627af913
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage.go
@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Storage struct {
+
+ // List of layers that describe the parent hierarchy for a container's storage. These layers combined together, presented as a disposable and/or committable working storage, are used by the container to record all changes done to the parent layers.
+ Layers []Layer `json:"Layers,omitempty"`
+
+ // Path that points to the scratch space of a container, where parent layers are combined together to present a new disposable and/or committable layer with the changes done during its runtime.
+ Path string `json:"Path,omitempty"`
+
+ QoS *StorageQoS `json:"QoS,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_qo_s.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_qo_s.go
new file mode 100644
index 000000000..9c5e6eb53
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_qo_s.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type StorageQoS struct {
+ IopsMaximum int32 `json:"IopsMaximum,omitempty"`
+
+ BandwidthMaximum int32 `json:"BandwidthMaximum,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_stats.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_stats.go
new file mode 100644
index 000000000..4f042ffd9
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_stats.go
@@ -0,0 +1,21 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// Storage runtime statistics
+type StorageStats struct {
+ ReadCountNormalized uint64 `json:"ReadCountNormalized,omitempty"`
+
+ ReadSizeBytes uint64 `json:"ReadSizeBytes,omitempty"`
+
+ WriteCountNormalized uint64 `json:"WriteCountNormalized,omitempty"`
+
+ WriteSizeBytes uint64 `json:"WriteSizeBytes,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/system_time.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/system_time.go
new file mode 100644
index 000000000..72de80149
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/system_time.go
@@ -0,0 +1,28 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type SystemTime struct {
+ Year int32 `json:"Year,omitempty"`
+
+ Month int32 `json:"Month,omitempty"`
+
+ DayOfWeek int32 `json:"DayOfWeek,omitempty"`
+
+ Day int32 `json:"Day,omitempty"`
+
+ Hour int32 `json:"Hour,omitempty"`
+
+ Minute int32 `json:"Minute,omitempty"`
+
+ Second int32 `json:"Second,omitempty"`
+
+ Milliseconds int32 `json:"Milliseconds,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/time_zone_information.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/time_zone_information.go
new file mode 100644
index 000000000..529743d75
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/time_zone_information.go
@@ -0,0 +1,26 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type TimeZoneInformation struct {
+ Bias int32 `json:"Bias,omitempty"`
+
+ StandardName string `json:"StandardName,omitempty"`
+
+ StandardDate *SystemTime `json:"StandardDate,omitempty"`
+
+ StandardBias int32 `json:"StandardBias,omitempty"`
+
+ DaylightName string `json:"DaylightName,omitempty"`
+
+ DaylightDate *SystemTime `json:"DaylightDate,omitempty"`
+
+ DaylightBias int32 `json:"DaylightBias,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/topology.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/topology.go
new file mode 100644
index 000000000..834869940
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/topology.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Topology struct {
+ Memory *Memory2 `json:"Memory,omitempty"`
+
+ Processor *Processor2 `json:"Processor,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go
new file mode 100644
index 000000000..9228923fe
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Uefi struct {
+ EnableDebugger bool `json:"EnableDebugger,omitempty"`
+
+ ApplySecureBootTemplate string `json:"ApplySecureBootTemplate,omitempty"`
+
+ SecureBootTemplateId string `json:"SecureBootTemplateId,omitempty"`
+
+ BootThis *UefiBootEntry `json:"BootThis,omitempty"`
+
+ Console string `json:"Console,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi_boot_entry.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi_boot_entry.go
new file mode 100644
index 000000000..3ab409d82
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi_boot_entry.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type UefiBootEntry struct {
+ DeviceType string `json:"DeviceType,omitempty"`
+
+ DevicePath string `json:"DevicePath,omitempty"`
+
+ DiskNumber int32 `json:"DiskNumber,omitempty"`
+
+ OptionalData string `json:"OptionalData,omitempty"`
+
+ VmbFsRootPath string `json:"VmbFsRootPath,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/version.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/version.go
new file mode 100644
index 000000000..2abfccca3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/version.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type Version struct {
+ Major int32 `json:"Major,omitempty"`
+
+ Minor int32 `json:"Minor,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/video_monitor.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/video_monitor.go
new file mode 100644
index 000000000..ec5d0fb93
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/video_monitor.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VideoMonitor struct {
+ HorizontalResolution int32 `json:"HorizontalResolution,omitempty"`
+
+ VerticalResolution int32 `json:"VerticalResolution,omitempty"`
+
+ ConnectionOptions *RdpConnectionOptions `json:"ConnectionOptions,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go
new file mode 100644
index 000000000..1e0fab289
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go
@@ -0,0 +1,36 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualMachine struct {
+
+ // StopOnReset is private in the schema. If regenerated need to put back.
+ StopOnReset bool `json:"StopOnReset,omitempty"`
+
+ Chipset *Chipset `json:"Chipset,omitempty"`
+
+ ComputeTopology *Topology `json:"ComputeTopology,omitempty"`
+
+ Devices *Devices `json:"Devices,omitempty"`
+
+ GuestState *GuestState `json:"GuestState,omitempty"`
+
+ RestoreState *RestoreState `json:"RestoreState,omitempty"`
+
+ RegistryChanges *RegistryChanges `json:"RegistryChanges,omitempty"`
+
+ StorageQoS *StorageQoS `json:"StorageQoS,omitempty"`
+
+ GuestConnection *GuestConnection `json:"GuestConnection,omitempty"`
+
+ SecuritySettings *SecuritySettings `json:"SecuritySettings,omitempty"`
+
+ DebugOptions *DebugOptions `json:"DebugOptions,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_node_info.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_node_info.go
new file mode 100644
index 000000000..91a3c83d4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_node_info.go
@@ -0,0 +1,20 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualNodeInfo struct {
+ VirtualNodeIndex int32 `json:"VirtualNodeIndex,omitempty"`
+
+ PhysicalNodeNumber int32 `json:"PhysicalNodeNumber,omitempty"`
+
+ VirtualProcessorCount int32 `json:"VirtualProcessorCount,omitempty"`
+
+ MemoryUsageInPages int32 `json:"MemoryUsageInPages,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_controller.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_controller.go
new file mode 100644
index 000000000..f5b7f3e38
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_controller.go
@@ -0,0 +1,20 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualPMemController struct {
+ Devices map[string]VirtualPMemDevice `json:"Devices,omitempty"`
+
+ MaximumCount uint32 `json:"MaximumCount,omitempty"`
+
+ MaximumSizeBytes uint64 `json:"MaximumSizeBytes,omitempty"`
+
+ Backing string `json:"Backing,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_device.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_device.go
new file mode 100644
index 000000000..70cf2d90d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_device.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualPMemDevice struct {
+ HostPath string `json:"HostPath,omitempty"`
+
+ ReadOnly bool `json:"ReadOnly,omitempty"`
+
+ ImageFormat string `json:"ImageFormat,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_mapping.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_mapping.go
new file mode 100644
index 000000000..9ef322f61
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_mapping.go
@@ -0,0 +1,15 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualPMemMapping struct {
+ HostPath string `json:"HostPath,omitempty"`
+ ImageFormat string `json:"ImageFormat,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_device.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_device.go
new file mode 100644
index 000000000..f5e05903c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_device.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.3
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// TODO: This is pre-release support in schema 2.3. Need to add build number
+// docs when a public build with this is out.
+type VirtualPciDevice struct {
+ Functions []VirtualPciFunction `json:",omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_function.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_function.go
new file mode 100644
index 000000000..cedb7d18b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_function.go
@@ -0,0 +1,18 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.3
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// TODO: This is pre-release support in schema 2.3. Need to add build number
+// docs when a public build with this is out.
+type VirtualPciFunction struct {
+ DeviceInstancePath string `json:",omitempty"`
+
+ VirtualFunction uint16 `json:",omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb.go
new file mode 100644
index 000000000..362df363e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualSmb struct {
+ Shares []VirtualSmbShare `json:"Shares,omitempty"`
+
+ DirectFileMappingInMB int64 `json:"DirectFileMappingInMB,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share.go
new file mode 100644
index 000000000..915e9b638
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share.go
@@ -0,0 +1,20 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualSmbShare struct {
+ Name string `json:"Name,omitempty"`
+
+ Path string `json:"Path,omitempty"`
+
+ AllowedFiles []string `json:"AllowedFiles,omitempty"`
+
+ Options *VirtualSmbShareOptions `json:"Options,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share_options.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share_options.go
new file mode 100644
index 000000000..75196bd8c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share_options.go
@@ -0,0 +1,62 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VirtualSmbShareOptions struct {
+ ReadOnly bool `json:"ReadOnly,omitempty"`
+
+ // convert exclusive access to shared read access
+ ShareRead bool `json:"ShareRead,omitempty"`
+
+ // all opens will use cached I/O
+ CacheIo bool `json:"CacheIo,omitempty"`
+
+ // disable oplock support
+ NoOplocks bool `json:"NoOplocks,omitempty"`
+
+ // Acquire the backup privilege when attempting to open
+ TakeBackupPrivilege bool `json:"TakeBackupPrivilege,omitempty"`
+
+ // Use the identity of the share root when opening
+ UseShareRootIdentity bool `json:"UseShareRootIdentity,omitempty"`
+
+ // disable Direct Mapping
+ NoDirectmap bool `json:"NoDirectmap,omitempty"`
+
+ // disable Byterange locks
+ NoLocks bool `json:"NoLocks,omitempty"`
+
+ // disable Directory CHange Notifications
+ NoDirnotify bool `json:"NoDirnotify,omitempty"`
+
+ // share is use for VM shared memory
+ VmSharedMemory bool `json:"VmSharedMemory,omitempty"`
+
+ // allow access only to the files specified in AllowedFiles
+ RestrictFileAccess bool `json:"RestrictFileAccess,omitempty"`
+
+ // disable all oplocks except Level II
+ ForceLevelIIOplocks bool `json:"ForceLevelIIOplocks,omitempty"`
+
+ // Allow the host to reparse this base layer
+ ReparseBaseLayer bool `json:"ReparseBaseLayer,omitempty"`
+
+ // Enable pseudo-oplocks
+ PseudoOplocks bool `json:"PseudoOplocks,omitempty"`
+
+ // All opens will use non-cached IO
+ NonCacheIo bool `json:"NonCacheIo,omitempty"`
+
+ // Enable pseudo directory change notifications
+ PseudoDirnotify bool `json:"PseudoDirnotify,omitempty"`
+
+ // Block directory enumeration, renames, and deletes.
+ SingleFileMapping bool `json:"SingleFileMapping,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_memory.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_memory.go
new file mode 100644
index 000000000..8e1836dd6
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_memory.go
@@ -0,0 +1,26 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type VmMemory struct {
+ AvailableMemory int32 `json:"AvailableMemory,omitempty"`
+
+ AvailableMemoryBuffer int32 `json:"AvailableMemoryBuffer,omitempty"`
+
+ ReservedMemory uint64 `json:"ReservedMemory,omitempty"`
+
+ AssignedMemory uint64 `json:"AssignedMemory,omitempty"`
+
+ SlpActive bool `json:"SlpActive,omitempty"`
+
+ BalancingEnabled bool `json:"BalancingEnabled,omitempty"`
+
+ DmOperationInProgress bool `json:"DmOperationInProgress,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_processor_limits.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_processor_limits.go
new file mode 100644
index 000000000..de1b9cf1a
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_processor_limits.go
@@ -0,0 +1,22 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.4
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+// ProcessorLimits is used when modifying processor scheduling limits of a virtual machine.
+type ProcessorLimits struct {
+ // Maximum amount of host CPU resources that the virtual machine can use.
+ Limit uint64 `json:"Limit,omitempty"`
+ // Value describing the relative priority of this virtual machine compared to other virtual machines.
+ Weight uint64 `json:"Weight,omitempty"`
+ // Minimum amount of host CPU resources that the virtual machine is guaranteed.
+ Reservation uint64 `json:"Reservation,omitempty"`
+ // Provides the target maximum CPU frequency, in MHz, for a virtual machine.
+ MaximumFrequencyMHz uint32 `json:"MaximumFrequencyMHz,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/windows_crash_reporting.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/windows_crash_reporting.go
new file mode 100644
index 000000000..8ed7e566d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/windows_crash_reporting.go
@@ -0,0 +1,16 @@
+/*
+ * HCS API
+ *
+ * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
+ *
+ * API version: 2.1
+ * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
+ */
+
+package hcsschema
+
+type WindowsCrashReporting struct {
+ DumpFileName string `json:"DumpFileName,omitempty"`
+
+ MaxDumpSize int64 `json:"MaxDumpSize,omitempty"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go
new file mode 100644
index 000000000..a46b0051d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go
@@ -0,0 +1,51 @@
+//go:build windows
+
+package hcs
+
+import (
+ "context"
+ "encoding/json"
+
+ hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+ "github.com/Microsoft/hcsshim/internal/vmcompute"
+)
+
+// GetServiceProperties returns properties of the host compute service.
+func GetServiceProperties(ctx context.Context, q hcsschema.PropertyQuery) (*hcsschema.ServiceProperties, error) {
+ operation := "hcs::GetServiceProperties"
+
+ queryb, err := json.Marshal(q)
+ if err != nil {
+ return nil, err
+ }
+ propertiesJSON, resultJSON, err := vmcompute.HcsGetServiceProperties(ctx, string(queryb))
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ return nil, &HcsError{Op: operation, Err: err, Events: events}
+ }
+
+ if propertiesJSON == "" {
+ return nil, ErrUnexpectedValue
+ }
+ properties := &hcsschema.ServiceProperties{}
+ if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil {
+ return nil, err
+ }
+ return properties, nil
+}
+
+// ModifyServiceSettings modifies settings of the host compute service.
+func ModifyServiceSettings(ctx context.Context, settings hcsschema.ModificationRequest) error {
+ operation := "hcs::ModifyServiceSettings"
+
+ settingsJSON, err := json.Marshal(settings)
+ if err != nil {
+ return err
+ }
+ resultJSON, err := vmcompute.HcsModifyServiceSettings(ctx, string(settingsJSON))
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ return &HcsError{Op: operation, Err: err, Events: events}
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go
new file mode 100644
index 000000000..cf1db7da9
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go
@@ -0,0 +1,872 @@
+//go:build windows
+
+package hcs
+
+import (
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "strings"
+ "sync"
+ "syscall"
+ "time"
+
+ "github.com/Microsoft/hcsshim/internal/cow"
+ "github.com/Microsoft/hcsshim/internal/hcs/schema1"
+ hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+ "github.com/Microsoft/hcsshim/internal/jobobject"
+ "github.com/Microsoft/hcsshim/internal/log"
+ "github.com/Microsoft/hcsshim/internal/logfields"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/Microsoft/hcsshim/internal/timeout"
+ "github.com/Microsoft/hcsshim/internal/vmcompute"
+ "github.com/sirupsen/logrus"
+ "go.opencensus.io/trace"
+)
+
+type System struct {
+ handleLock sync.RWMutex
+ handle vmcompute.HcsSystem
+ id string
+ callbackNumber uintptr
+
+ closedWaitOnce sync.Once
+ waitBlock chan struct{}
+ waitError error
+ exitError error
+ os, typ, owner string
+ startTime time.Time
+}
+
+var _ cow.Container = &System{}
+var _ cow.ProcessHost = &System{}
+
+func newSystem(id string) *System {
+ return &System{
+ id: id,
+ waitBlock: make(chan struct{}),
+ }
+}
+
+// Implementation detail for silo naming, this should NOT be relied upon very heavily.
+func siloNameFmt(containerID string) string {
+ return fmt.Sprintf(`\Container_%s`, containerID)
+}
+
+// CreateComputeSystem creates a new compute system with the given configuration but does not start it.
+func CreateComputeSystem(ctx context.Context, id string, hcsDocumentInterface interface{}) (_ *System, err error) {
+ operation := "hcs::CreateComputeSystem"
+
+ // hcsCreateComputeSystemContext is an async operation. Start the outer span
+ // here to measure the full create time.
+ ctx, span := oc.StartSpan(ctx, operation)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("cid", id))
+
+ computeSystem := newSystem(id)
+
+ hcsDocumentB, err := json.Marshal(hcsDocumentInterface)
+ if err != nil {
+ return nil, err
+ }
+
+ hcsDocument := string(hcsDocumentB)
+
+ var (
+ identity syscall.Handle
+ resultJSON string
+ createError error
+ )
+ computeSystem.handle, resultJSON, createError = vmcompute.HcsCreateComputeSystem(ctx, id, hcsDocument, identity)
+ if createError == nil || IsPending(createError) {
+ defer func() {
+ if err != nil {
+ computeSystem.Close()
+ }
+ }()
+ if err = computeSystem.registerCallback(ctx); err != nil {
+ // Terminate the compute system if it still exists. We're okay to
+ // ignore a failure here.
+ _ = computeSystem.Terminate(ctx)
+ return nil, makeSystemError(computeSystem, operation, err, nil)
+ }
+ }
+
+ events, err := processAsyncHcsResult(ctx, createError, resultJSON, computeSystem.callbackNumber,
+ hcsNotificationSystemCreateCompleted, &timeout.SystemCreate)
+ if err != nil {
+ if err == ErrTimeout {
+ // Terminate the compute system if it still exists. We're okay to
+ // ignore a failure here.
+ _ = computeSystem.Terminate(ctx)
+ }
+ return nil, makeSystemError(computeSystem, operation, err, events)
+ }
+ go computeSystem.waitBackground()
+ if err = computeSystem.getCachedProperties(ctx); err != nil {
+ return nil, err
+ }
+ return computeSystem, nil
+}
+
+// OpenComputeSystem opens an existing compute system by ID.
+func OpenComputeSystem(ctx context.Context, id string) (*System, error) {
+ operation := "hcs::OpenComputeSystem"
+
+ computeSystem := newSystem(id)
+ handle, resultJSON, err := vmcompute.HcsOpenComputeSystem(ctx, id)
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, events)
+ }
+ computeSystem.handle = handle
+ defer func() {
+ if err != nil {
+ computeSystem.Close()
+ }
+ }()
+ if err = computeSystem.registerCallback(ctx); err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, nil)
+ }
+ go computeSystem.waitBackground()
+ if err = computeSystem.getCachedProperties(ctx); err != nil {
+ return nil, err
+ }
+ return computeSystem, nil
+}
+
+func (computeSystem *System) getCachedProperties(ctx context.Context) error {
+ props, err := computeSystem.Properties(ctx)
+ if err != nil {
+ return err
+ }
+ computeSystem.typ = strings.ToLower(props.SystemType)
+ computeSystem.os = strings.ToLower(props.RuntimeOSType)
+ computeSystem.owner = strings.ToLower(props.Owner)
+ if computeSystem.os == "" && computeSystem.typ == "container" {
+ // Pre-RS5 HCS did not return the OS, but it only supported containers
+ // that ran Windows.
+ computeSystem.os = "windows"
+ }
+ return nil
+}
+
+// OS returns the operating system of the compute system, "linux" or "windows".
+func (computeSystem *System) OS() string {
+ return computeSystem.os
+}
+
+// IsOCI returns whether processes in the compute system should be created via
+// OCI.
+func (computeSystem *System) IsOCI() bool {
+ return computeSystem.os == "linux" && computeSystem.typ == "container"
+}
+
+// GetComputeSystems gets a list of the compute systems on the system that match the query
+func GetComputeSystems(ctx context.Context, q schema1.ComputeSystemQuery) ([]schema1.ContainerProperties, error) {
+ operation := "hcs::GetComputeSystems"
+
+ queryb, err := json.Marshal(q)
+ if err != nil {
+ return nil, err
+ }
+
+ computeSystemsJSON, resultJSON, err := vmcompute.HcsEnumerateComputeSystems(ctx, string(queryb))
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ return nil, &HcsError{Op: operation, Err: err, Events: events}
+ }
+
+ if computeSystemsJSON == "" {
+ return nil, ErrUnexpectedValue
+ }
+ computeSystems := []schema1.ContainerProperties{}
+ if err = json.Unmarshal([]byte(computeSystemsJSON), &computeSystems); err != nil {
+ return nil, err
+ }
+
+ return computeSystems, nil
+}
+
+// Start synchronously starts the computeSystem.
+func (computeSystem *System) Start(ctx context.Context) (err error) {
+ operation := "hcs::System::Start"
+
+ // hcsStartComputeSystemContext is an async operation. Start the outer span
+ // here to measure the full start time.
+ ctx, span := oc.StartSpan(ctx, operation)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
+ computeSystem.handleLock.RLock()
+ defer computeSystem.handleLock.RUnlock()
+
+ // prevent starting an exited system because waitblock we do not recreate waitBlock
+ // or rerun waitBackground, so we have no way to be notified of it closing again
+ if computeSystem.handle == 0 {
+ return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+ }
+
+ resultJSON, err := vmcompute.HcsStartComputeSystem(ctx, computeSystem.handle, "")
+ events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber,
+ hcsNotificationSystemStartCompleted, &timeout.SystemStart)
+ if err != nil {
+ return makeSystemError(computeSystem, operation, err, events)
+ }
+ computeSystem.startTime = time.Now()
+ return nil
+}
+
+// ID returns the compute system's identifier.
+func (computeSystem *System) ID() string {
+ return computeSystem.id
+}
+
+// Shutdown requests a compute system shutdown.
+func (computeSystem *System) Shutdown(ctx context.Context) error {
+ computeSystem.handleLock.RLock()
+ defer computeSystem.handleLock.RUnlock()
+
+ operation := "hcs::System::Shutdown"
+
+ if computeSystem.handle == 0 || computeSystem.stopped() {
+ return nil
+ }
+
+ resultJSON, err := vmcompute.HcsShutdownComputeSystem(ctx, computeSystem.handle, "")
+ events := processHcsResult(ctx, resultJSON)
+ switch err {
+ case nil, ErrVmcomputeAlreadyStopped, ErrComputeSystemDoesNotExist, ErrVmcomputeOperationPending:
+ default:
+ return makeSystemError(computeSystem, operation, err, events)
+ }
+ return nil
+}
+
+// Terminate requests a compute system terminate.
+func (computeSystem *System) Terminate(ctx context.Context) error {
+ computeSystem.handleLock.RLock()
+ defer computeSystem.handleLock.RUnlock()
+
+ operation := "hcs::System::Terminate"
+
+ if computeSystem.handle == 0 || computeSystem.stopped() {
+ return nil
+ }
+
+ resultJSON, err := vmcompute.HcsTerminateComputeSystem(ctx, computeSystem.handle, "")
+ events := processHcsResult(ctx, resultJSON)
+ switch err {
+ case nil, ErrVmcomputeAlreadyStopped, ErrComputeSystemDoesNotExist, ErrVmcomputeOperationPending:
+ default:
+ return makeSystemError(computeSystem, operation, err, events)
+ }
+ return nil
+}
+
+// waitBackground waits for the compute system exit notification. Once received
+// sets `computeSystem.waitError` (if any) and unblocks all `Wait` calls.
+//
+// This MUST be called exactly once per `computeSystem.handle` but `Wait` is
+// safe to call multiple times.
+func (computeSystem *System) waitBackground() {
+ operation := "hcs::System::waitBackground"
+ ctx, span := oc.StartSpan(context.Background(), operation)
+ defer span.End()
+ span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
+ err := waitForNotification(ctx, computeSystem.callbackNumber, hcsNotificationSystemExited, nil)
+ switch err {
+ case nil:
+ log.G(ctx).Debug("system exited")
+ case ErrVmcomputeUnexpectedExit:
+ log.G(ctx).Debug("unexpected system exit")
+ computeSystem.exitError = makeSystemError(computeSystem, operation, err, nil)
+ err = nil
+ default:
+ err = makeSystemError(computeSystem, operation, err, nil)
+ }
+ computeSystem.closedWaitOnce.Do(func() {
+ computeSystem.waitError = err
+ close(computeSystem.waitBlock)
+ })
+ oc.SetSpanStatus(span, err)
+}
+
+func (computeSystem *System) WaitChannel() <-chan struct{} {
+ return computeSystem.waitBlock
+}
+
+func (computeSystem *System) WaitError() error {
+ return computeSystem.waitError
+}
+
+// Wait synchronously waits for the compute system to shutdown or terminate.
+// If the compute system has already exited returns the previous error (if any).
+func (computeSystem *System) Wait() error {
+ return computeSystem.WaitCtx(context.Background())
+}
+
+// WaitCtx synchronously waits for the compute system to shutdown or terminate, or the context to be cancelled.
+//
+// See [System.Wait] for more information.
+func (computeSystem *System) WaitCtx(ctx context.Context) error {
+ select {
+ case <-computeSystem.WaitChannel():
+ return computeSystem.WaitError()
+ case <-ctx.Done():
+ return ctx.Err()
+ }
+}
+
+// stopped returns true if the compute system stopped.
+func (computeSystem *System) stopped() bool {
+ select {
+ case <-computeSystem.waitBlock:
+ return true
+ default:
+ }
+ return false
+}
+
+// ExitError returns an error describing the reason the compute system terminated.
+func (computeSystem *System) ExitError() error {
+ if !computeSystem.stopped() {
+ return errors.New("container not exited")
+ }
+ if computeSystem.waitError != nil {
+ return computeSystem.waitError
+ }
+ return computeSystem.exitError
+}
+
+// Properties returns the requested container properties targeting a V1 schema container.
+func (computeSystem *System) Properties(ctx context.Context, types ...schema1.PropertyType) (*schema1.ContainerProperties, error) {
+ computeSystem.handleLock.RLock()
+ defer computeSystem.handleLock.RUnlock()
+
+ operation := "hcs::System::Properties"
+
+ if computeSystem.handle == 0 {
+ return nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+ }
+
+ queryBytes, err := json.Marshal(schema1.PropertyQuery{PropertyTypes: types})
+ if err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, nil)
+ }
+
+ propertiesJSON, resultJSON, err := vmcompute.HcsGetComputeSystemProperties(ctx, computeSystem.handle, string(queryBytes))
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, events)
+ }
+
+ if propertiesJSON == "" {
+ return nil, ErrUnexpectedValue
+ }
+ properties := &schema1.ContainerProperties{}
+ if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, nil)
+ }
+
+ return properties, nil
+}
+
+// queryInProc handles querying for container properties without reaching out to HCS. `props`
+// will be updated to contain any data returned from the queries present in `types`. If any properties
+// failed to be queried they will be tallied up and returned in as the first return value. Failures on
+// query are NOT considered errors; the only failure case for this method is if the containers job object
+// cannot be opened.
+func (computeSystem *System) queryInProc(
+ ctx context.Context,
+ props *hcsschema.Properties,
+ types []hcsschema.PropertyType,
+) ([]hcsschema.PropertyType, error) {
+ // In the future we can make use of some new functionality in the HCS that allows you
+ // to pass a job object for HCS to use for the container. Currently, the only way we'll
+ // be able to open the job/silo is if we're running as SYSTEM.
+ jobOptions := &jobobject.Options{
+ UseNTVariant: true,
+ Name: siloNameFmt(computeSystem.id),
+ }
+ job, err := jobobject.Open(ctx, jobOptions)
+ if err != nil {
+ return nil, err
+ }
+ defer job.Close()
+
+ var fallbackQueryTypes []hcsschema.PropertyType
+ for _, propType := range types {
+ switch propType {
+ case hcsschema.PTStatistics:
+ // Handle a bad caller asking for the same type twice. No use in re-querying if this is
+ // filled in already.
+ if props.Statistics == nil {
+ props.Statistics, err = computeSystem.statisticsInProc(job)
+ if err != nil {
+ log.G(ctx).WithError(err).Warn("failed to get statistics in-proc")
+
+ fallbackQueryTypes = append(fallbackQueryTypes, propType)
+ }
+ }
+ default:
+ fallbackQueryTypes = append(fallbackQueryTypes, propType)
+ }
+ }
+
+ return fallbackQueryTypes, nil
+}
+
+// statisticsInProc emulates what HCS does to grab statistics for a given container with a small
+// change to make grabbing the private working set total much more efficient.
+func (computeSystem *System) statisticsInProc(job *jobobject.JobObject) (*hcsschema.Statistics, error) {
+ // Start timestamp for these stats before we grab them to match HCS
+ timestamp := time.Now()
+
+ memInfo, err := job.QueryMemoryStats()
+ if err != nil {
+ return nil, err
+ }
+
+ processorInfo, err := job.QueryProcessorStats()
+ if err != nil {
+ return nil, err
+ }
+
+ storageInfo, err := job.QueryStorageStats()
+ if err != nil {
+ return nil, err
+ }
+
+ // This calculates the private working set more efficiently than HCS does. HCS calls NtQuerySystemInformation
+ // with the class SystemProcessInformation which returns an array containing system information for *every*
+ // process running on the machine. They then grab the pids that are running in the container and filter down
+ // the entries in the array to only what's running in that silo and start tallying up the total. This doesn't
+ // work well as performance should get worse if more processess are running on the machine in general and not
+ // just in the container. All of the additional information besides the WorkingSetPrivateSize field is ignored
+ // as well which isn't great and is wasted work to fetch.
+ //
+ // HCS only let's you grab statistics in an all or nothing fashion, so we can't just grab the private
+ // working set ourselves and ask for everything else separately. The optimization we can make here is
+ // to open the silo ourselves and do the same queries for the rest of the info, as well as calculating
+ // the private working set in a more efficient manner by:
+ //
+ // 1. Find the pids running in the silo
+ // 2. Get a process handle for every process (only need PROCESS_QUERY_LIMITED_INFORMATION access)
+ // 3. Call NtQueryInformationProcess on each process with the class ProcessVmCounters
+ // 4. Tally up the total using the field PrivateWorkingSetSize in VM_COUNTERS_EX2.
+ privateWorkingSet, err := job.QueryPrivateWorkingSet()
+ if err != nil {
+ return nil, err
+ }
+
+ return &hcsschema.Statistics{
+ Timestamp: timestamp,
+ ContainerStartTime: computeSystem.startTime,
+ Uptime100ns: uint64(time.Since(computeSystem.startTime).Nanoseconds()) / 100,
+ Memory: &hcsschema.MemoryStats{
+ MemoryUsageCommitBytes: memInfo.JobMemory,
+ MemoryUsageCommitPeakBytes: memInfo.PeakJobMemoryUsed,
+ MemoryUsagePrivateWorkingSetBytes: privateWorkingSet,
+ },
+ Processor: &hcsschema.ProcessorStats{
+ RuntimeKernel100ns: uint64(processorInfo.TotalKernelTime),
+ RuntimeUser100ns: uint64(processorInfo.TotalUserTime),
+ TotalRuntime100ns: uint64(processorInfo.TotalKernelTime + processorInfo.TotalUserTime),
+ },
+ Storage: &hcsschema.StorageStats{
+ ReadCountNormalized: uint64(storageInfo.ReadStats.IoCount),
+ ReadSizeBytes: storageInfo.ReadStats.TotalSize,
+ WriteCountNormalized: uint64(storageInfo.WriteStats.IoCount),
+ WriteSizeBytes: storageInfo.WriteStats.TotalSize,
+ },
+ }, nil
+}
+
+// hcsPropertiesV2Query is a helper to make a HcsGetComputeSystemProperties call using the V2 schema property types.
+func (computeSystem *System) hcsPropertiesV2Query(ctx context.Context, types []hcsschema.PropertyType) (*hcsschema.Properties, error) {
+ operation := "hcs::System::PropertiesV2"
+
+ if computeSystem.handle == 0 {
+ return nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+ }
+
+ queryBytes, err := json.Marshal(hcsschema.PropertyQuery{PropertyTypes: types})
+ if err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, nil)
+ }
+
+ propertiesJSON, resultJSON, err := vmcompute.HcsGetComputeSystemProperties(ctx, computeSystem.handle, string(queryBytes))
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, events)
+ }
+
+ if propertiesJSON == "" {
+ return nil, ErrUnexpectedValue
+ }
+ props := &hcsschema.Properties{}
+ if err := json.Unmarshal([]byte(propertiesJSON), props); err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, nil)
+ }
+
+ return props, nil
+}
+
+// PropertiesV2 returns the requested compute systems properties targeting a V2 schema compute system.
+func (computeSystem *System) PropertiesV2(ctx context.Context, types ...hcsschema.PropertyType) (_ *hcsschema.Properties, err error) {
+ computeSystem.handleLock.RLock()
+ defer computeSystem.handleLock.RUnlock()
+
+ // Let HCS tally up the total for VM based queries instead of querying ourselves.
+ if computeSystem.typ != "container" {
+ return computeSystem.hcsPropertiesV2Query(ctx, types)
+ }
+
+ // Define a starter Properties struct with the default fields returned from every
+ // query. Owner is only returned from Statistics but it's harmless to include.
+ properties := &hcsschema.Properties{
+ Id: computeSystem.id,
+ SystemType: computeSystem.typ,
+ RuntimeOsType: computeSystem.os,
+ Owner: computeSystem.owner,
+ }
+
+ logEntry := log.G(ctx)
+ // First lets try and query ourselves without reaching to HCS. If any of the queries fail
+ // we'll take note and fallback to querying HCS for any of the failed types.
+ fallbackTypes, err := computeSystem.queryInProc(ctx, properties, types)
+ if err == nil && len(fallbackTypes) == 0 {
+ return properties, nil
+ } else if err != nil {
+ logEntry = logEntry.WithError(fmt.Errorf("failed to query compute system properties in-proc: %w", err))
+ fallbackTypes = types
+ }
+
+ logEntry.WithFields(logrus.Fields{
+ logfields.ContainerID: computeSystem.id,
+ "propertyTypes": fallbackTypes,
+ }).Info("falling back to HCS for property type queries")
+
+ hcsProperties, err := computeSystem.hcsPropertiesV2Query(ctx, fallbackTypes)
+ if err != nil {
+ return nil, err
+ }
+
+ // Now add in anything that we might have successfully queried in process.
+ if properties.Statistics != nil {
+ hcsProperties.Statistics = properties.Statistics
+ hcsProperties.Owner = properties.Owner
+ }
+
+ // For future support for querying processlist in-proc as well.
+ if properties.ProcessList != nil {
+ hcsProperties.ProcessList = properties.ProcessList
+ }
+
+ return hcsProperties, nil
+}
+
+// Pause pauses the execution of the computeSystem. This feature is not enabled in TP5.
+func (computeSystem *System) Pause(ctx context.Context) (err error) {
+ operation := "hcs::System::Pause"
+
+ // hcsPauseComputeSystemContext is an async operation. Start the outer span
+ // here to measure the full pause time.
+ ctx, span := oc.StartSpan(ctx, operation)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
+ computeSystem.handleLock.RLock()
+ defer computeSystem.handleLock.RUnlock()
+
+ if computeSystem.handle == 0 {
+ return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+ }
+
+ resultJSON, err := vmcompute.HcsPauseComputeSystem(ctx, computeSystem.handle, "")
+ events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber,
+ hcsNotificationSystemPauseCompleted, &timeout.SystemPause)
+ if err != nil {
+ return makeSystemError(computeSystem, operation, err, events)
+ }
+
+ return nil
+}
+
+// Resume resumes the execution of the computeSystem. This feature is not enabled in TP5.
+func (computeSystem *System) Resume(ctx context.Context) (err error) {
+ operation := "hcs::System::Resume"
+
+ // hcsResumeComputeSystemContext is an async operation. Start the outer span
+ // here to measure the full restore time.
+ ctx, span := oc.StartSpan(ctx, operation)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
+ computeSystem.handleLock.RLock()
+ defer computeSystem.handleLock.RUnlock()
+
+ if computeSystem.handle == 0 {
+ return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+ }
+
+ resultJSON, err := vmcompute.HcsResumeComputeSystem(ctx, computeSystem.handle, "")
+ events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber,
+ hcsNotificationSystemResumeCompleted, &timeout.SystemResume)
+ if err != nil {
+ return makeSystemError(computeSystem, operation, err, events)
+ }
+
+ return nil
+}
+
+// Save the compute system
+func (computeSystem *System) Save(ctx context.Context, options interface{}) (err error) {
+ operation := "hcs::System::Save"
+
+ // hcsSaveComputeSystemContext is an async operation. Start the outer span
+ // here to measure the full save time.
+ ctx, span := oc.StartSpan(ctx, operation)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
+ saveOptions, err := json.Marshal(options)
+ if err != nil {
+ return err
+ }
+
+ computeSystem.handleLock.RLock()
+ defer computeSystem.handleLock.RUnlock()
+
+ if computeSystem.handle == 0 {
+ return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+ }
+
+ result, err := vmcompute.HcsSaveComputeSystem(ctx, computeSystem.handle, string(saveOptions))
+ events, err := processAsyncHcsResult(ctx, err, result, computeSystem.callbackNumber,
+ hcsNotificationSystemSaveCompleted, &timeout.SystemSave)
+ if err != nil {
+ return makeSystemError(computeSystem, operation, err, events)
+ }
+
+ return nil
+}
+
+func (computeSystem *System) createProcess(ctx context.Context, operation string, c interface{}) (*Process, *vmcompute.HcsProcessInformation, error) {
+ computeSystem.handleLock.RLock()
+ defer computeSystem.handleLock.RUnlock()
+
+ if computeSystem.handle == 0 {
+ return nil, nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+ }
+
+ configurationb, err := json.Marshal(c)
+ if err != nil {
+ return nil, nil, makeSystemError(computeSystem, operation, err, nil)
+ }
+
+ configuration := string(configurationb)
+ processInfo, processHandle, resultJSON, err := vmcompute.HcsCreateProcess(ctx, computeSystem.handle, configuration)
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ if v2, ok := c.(*hcsschema.ProcessParameters); ok {
+ operation += ": " + v2.CommandLine
+ } else if v1, ok := c.(*schema1.ProcessConfig); ok {
+ operation += ": " + v1.CommandLine
+ }
+ return nil, nil, makeSystemError(computeSystem, operation, err, events)
+ }
+
+ log.G(ctx).WithField("pid", processInfo.ProcessId).Debug("created process pid")
+ return newProcess(processHandle, int(processInfo.ProcessId), computeSystem), &processInfo, nil
+}
+
+// CreateProcess launches a new process within the computeSystem.
+func (computeSystem *System) CreateProcess(ctx context.Context, c interface{}) (cow.Process, error) {
+ operation := "hcs::System::CreateProcess"
+ process, processInfo, err := computeSystem.createProcess(ctx, operation, c)
+ if err != nil {
+ return nil, err
+ }
+ defer func() {
+ if err != nil {
+ process.Close()
+ }
+ }()
+
+ pipes, err := makeOpenFiles([]syscall.Handle{processInfo.StdInput, processInfo.StdOutput, processInfo.StdError})
+ if err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, nil)
+ }
+ process.stdin = pipes[0]
+ process.stdout = pipes[1]
+ process.stderr = pipes[2]
+ process.hasCachedStdio = true
+
+ if err = process.registerCallback(ctx); err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, nil)
+ }
+ go process.waitBackground()
+
+ return process, nil
+}
+
+// OpenProcess gets an interface to an existing process within the computeSystem.
+func (computeSystem *System) OpenProcess(ctx context.Context, pid int) (*Process, error) {
+ computeSystem.handleLock.RLock()
+ defer computeSystem.handleLock.RUnlock()
+
+ operation := "hcs::System::OpenProcess"
+
+ if computeSystem.handle == 0 {
+ return nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+ }
+
+ processHandle, resultJSON, err := vmcompute.HcsOpenProcess(ctx, computeSystem.handle, uint32(pid))
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, events)
+ }
+
+ process := newProcess(processHandle, pid, computeSystem)
+ if err = process.registerCallback(ctx); err != nil {
+ return nil, makeSystemError(computeSystem, operation, err, nil)
+ }
+ go process.waitBackground()
+
+ return process, nil
+}
+
+// Close cleans up any state associated with the compute system but does not terminate or wait for it.
+func (computeSystem *System) Close() error {
+ return computeSystem.CloseCtx(context.Background())
+}
+
+// CloseCtx is similar to [System.Close], but accepts a context.
+//
+// The context is used for all operations, including waits, so timeouts/cancellations may prevent
+// proper system cleanup.
+func (computeSystem *System) CloseCtx(ctx context.Context) (err error) {
+ operation := "hcs::System::Close"
+ ctx, span := oc.StartSpan(ctx, operation)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("cid", computeSystem.id))
+
+ computeSystem.handleLock.Lock()
+ defer computeSystem.handleLock.Unlock()
+
+ // Don't double free this
+ if computeSystem.handle == 0 {
+ return nil
+ }
+
+ if err = computeSystem.unregisterCallback(ctx); err != nil {
+ return makeSystemError(computeSystem, operation, err, nil)
+ }
+
+ err = vmcompute.HcsCloseComputeSystem(ctx, computeSystem.handle)
+ if err != nil {
+ return makeSystemError(computeSystem, operation, err, nil)
+ }
+
+ computeSystem.handle = 0
+ computeSystem.closedWaitOnce.Do(func() {
+ computeSystem.waitError = ErrAlreadyClosed
+ close(computeSystem.waitBlock)
+ })
+
+ return nil
+}
+
+func (computeSystem *System) registerCallback(ctx context.Context) error {
+ callbackContext := ¬ificationWatcherContext{
+ channels: newSystemChannels(),
+ systemID: computeSystem.id,
+ }
+
+ callbackMapLock.Lock()
+ callbackNumber := nextCallback
+ nextCallback++
+ callbackMap[callbackNumber] = callbackContext
+ callbackMapLock.Unlock()
+
+ callbackHandle, err := vmcompute.HcsRegisterComputeSystemCallback(ctx, computeSystem.handle,
+ notificationWatcherCallback, callbackNumber)
+ if err != nil {
+ return err
+ }
+ callbackContext.handle = callbackHandle
+ computeSystem.callbackNumber = callbackNumber
+
+ return nil
+}
+
+func (computeSystem *System) unregisterCallback(ctx context.Context) error {
+ callbackNumber := computeSystem.callbackNumber
+
+ callbackMapLock.RLock()
+ callbackContext := callbackMap[callbackNumber]
+ callbackMapLock.RUnlock()
+
+ if callbackContext == nil {
+ return nil
+ }
+
+ handle := callbackContext.handle
+
+ if handle == 0 {
+ return nil
+ }
+
+ // hcsUnregisterComputeSystemCallback has its own synchronization
+ // to wait for all callbacks to complete. We must NOT hold the callbackMapLock.
+ err := vmcompute.HcsUnregisterComputeSystemCallback(ctx, handle)
+ if err != nil {
+ return err
+ }
+
+ closeChannels(callbackContext.channels)
+
+ callbackMapLock.Lock()
+ delete(callbackMap, callbackNumber)
+ callbackMapLock.Unlock()
+
+ handle = 0 //nolint:ineffassign
+
+ return nil
+}
+
+// Modify the System by sending a request to HCS
+func (computeSystem *System) Modify(ctx context.Context, config interface{}) error {
+ computeSystem.handleLock.RLock()
+ defer computeSystem.handleLock.RUnlock()
+
+ operation := "hcs::System::Modify"
+
+ if computeSystem.handle == 0 {
+ return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
+ }
+
+ requestBytes, err := json.Marshal(config)
+ if err != nil {
+ return err
+ }
+
+ requestJSON := string(requestBytes)
+ resultJSON, err := vmcompute.HcsModifyComputeSystem(ctx, computeSystem.handle, requestJSON)
+ events := processHcsResult(ctx, resultJSON)
+ if err != nil {
+ return makeSystemError(computeSystem, operation, err, events)
+ }
+
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go
new file mode 100644
index 000000000..5dcb97eb3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go
@@ -0,0 +1,64 @@
+//go:build windows
+
+package hcs
+
+import (
+ "context"
+ "io"
+ "syscall"
+
+ "github.com/Microsoft/go-winio"
+ diskutil "github.com/Microsoft/go-winio/vhd"
+ "github.com/Microsoft/hcsshim/computestorage"
+ "github.com/pkg/errors"
+ "golang.org/x/sys/windows"
+)
+
+// makeOpenFiles calls winio.MakeOpenFile for each handle in a slice but closes all the handles
+// if there is an error.
+func makeOpenFiles(hs []syscall.Handle) (_ []io.ReadWriteCloser, err error) {
+ fs := make([]io.ReadWriteCloser, len(hs))
+ for i, h := range hs {
+ if h != syscall.Handle(0) {
+ if err == nil {
+ fs[i], err = winio.MakeOpenFile(h)
+ }
+ if err != nil {
+ syscall.Close(h)
+ }
+ }
+ }
+ if err != nil {
+ for _, f := range fs {
+ if f != nil {
+ f.Close()
+ }
+ }
+ return nil, err
+ }
+ return fs, nil
+}
+
+// CreateNTFSVHD creates a VHD formatted with NTFS of size `sizeGB` at the given `vhdPath`.
+func CreateNTFSVHD(ctx context.Context, vhdPath string, sizeGB uint32) (err error) {
+ if err := diskutil.CreateVhdx(vhdPath, sizeGB, 1); err != nil {
+ return errors.Wrap(err, "failed to create VHD")
+ }
+
+ vhd, err := diskutil.OpenVirtualDisk(vhdPath, diskutil.VirtualDiskAccessNone, diskutil.OpenVirtualDiskFlagNone)
+ if err != nil {
+ return errors.Wrap(err, "failed to open VHD")
+ }
+ defer func() {
+ err2 := windows.CloseHandle(windows.Handle(vhd))
+ if err == nil {
+ err = errors.Wrap(err2, "failed to close VHD")
+ }
+ }()
+
+ if err := computestorage.FormatWritableLayerVhd(ctx, windows.Handle(vhd)); err != nil {
+ return errors.Wrap(err, "failed to format VHD")
+ }
+
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go
new file mode 100644
index 000000000..3a51ed195
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go
@@ -0,0 +1,82 @@
+//go:build windows
+
+package hcs
+
+import (
+ "context"
+ "time"
+
+ "github.com/Microsoft/hcsshim/internal/log"
+)
+
+func processAsyncHcsResult(
+ ctx context.Context,
+ err error,
+ resultJSON string,
+ callbackNumber uintptr,
+ expectedNotification hcsNotification,
+ timeout *time.Duration,
+) ([]ErrorEvent, error) {
+ events := processHcsResult(ctx, resultJSON)
+ if IsPending(err) {
+ return nil, waitForNotification(ctx, callbackNumber, expectedNotification, timeout)
+ }
+
+ return events, err
+}
+
+func waitForNotification(
+ ctx context.Context,
+ callbackNumber uintptr,
+ expectedNotification hcsNotification,
+ timeout *time.Duration,
+) error {
+ callbackMapLock.RLock()
+ if _, ok := callbackMap[callbackNumber]; !ok {
+ callbackMapLock.RUnlock()
+ log.G(ctx).WithField("callbackNumber", callbackNumber).Error("failed to waitForNotification: callbackNumber does not exist in callbackMap")
+ return ErrHandleClose
+ }
+ channels := callbackMap[callbackNumber].channels
+ callbackMapLock.RUnlock()
+
+ expectedChannel := channels[expectedNotification]
+ if expectedChannel == nil {
+ log.G(ctx).WithField("type", expectedNotification).Error("unknown notification type in waitForNotification")
+ return ErrInvalidNotificationType
+ }
+
+ var c <-chan time.Time
+ if timeout != nil {
+ timer := time.NewTimer(*timeout)
+ c = timer.C
+ defer timer.Stop()
+ }
+
+ select {
+ case err, ok := <-expectedChannel:
+ if !ok {
+ return ErrHandleClose
+ }
+ return err
+ case err, ok := <-channels[hcsNotificationSystemExited]:
+ if !ok {
+ return ErrHandleClose
+ }
+ // If the expected notification is hcsNotificationSystemExited which of the two selects
+ // chosen is random. Return the raw error if hcsNotificationSystemExited is expected
+ if channels[hcsNotificationSystemExited] == expectedChannel {
+ return err
+ }
+ return ErrUnexpectedContainerExit
+ case _, ok := <-channels[hcsNotificationServiceDisconnect]:
+ if !ok {
+ return ErrHandleClose
+ }
+ // hcsNotificationServiceDisconnect should never be an expected notification
+ // it does not need the same handling as hcsNotificationSystemExited
+ return ErrUnexpectedProcessAbort
+ case <-c:
+ return ErrTimeout
+ }
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcserror/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/hcserror/doc.go
new file mode 100644
index 000000000..ce7067678
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcserror/doc.go
@@ -0,0 +1 @@
+package hcserror
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go b/vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go
new file mode 100644
index 000000000..a70d80da0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go
@@ -0,0 +1,52 @@
+//go:build windows
+
+package hcserror
+
+import (
+ "errors"
+ "fmt"
+
+ "golang.org/x/sys/windows"
+)
+
+type HcsError struct {
+ title string
+ rest string
+ Err error
+}
+
+func (e *HcsError) Error() string {
+ s := e.title
+ if len(s) > 0 && s[len(s)-1] != ' ' {
+ s += " "
+ }
+ s += fmt.Sprintf("failed in Win32: %s (0x%x)", e.Err, Win32FromError(e.Err))
+ if e.rest != "" {
+ if e.rest[0] != ' ' {
+ s += " "
+ }
+ s += e.rest
+ }
+ return s
+}
+
+func New(err error, title, rest string) error {
+ // Pass through DLL errors directly since they do not originate from HCS.
+ var e *windows.DLLError
+ if errors.As(err, &e) {
+ return err
+ }
+ return &HcsError{title, rest, err}
+}
+
+func Win32FromError(err error) uint32 {
+ var herr *HcsError
+ if errors.As(err, &herr) {
+ return Win32FromError(herr.Err)
+ }
+ var code windows.Errno
+ if errors.As(err, &code) {
+ return uint32(code)
+ }
+ return uint32(windows.ERROR_GEN_FAILURE)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/doc.go
new file mode 100644
index 000000000..f6d35df0e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/doc.go
@@ -0,0 +1 @@
+package hns
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hns.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hns.go
new file mode 100644
index 000000000..ec4c907d1
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hns.go
@@ -0,0 +1,23 @@
+package hns
+
+import "fmt"
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go hns.go
+
+//sys _hnsCall(method string, path string, object string, response **uint16) (hr error) = vmcompute.HNSCall?
+
+type EndpointNotFoundError struct {
+ EndpointName string
+}
+
+func (e EndpointNotFoundError) Error() string {
+ return fmt.Sprintf("Endpoint %s not found", e.EndpointName)
+}
+
+type NetworkNotFoundError struct {
+ NetworkName string
+}
+
+func (e NetworkNotFoundError) Error() string {
+ return fmt.Sprintf("Network %s not found", e.NetworkName)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go
new file mode 100644
index 000000000..593664419
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go
@@ -0,0 +1,338 @@
+//go:build windows
+
+package hns
+
+import (
+ "encoding/json"
+ "net"
+ "strings"
+
+ "github.com/sirupsen/logrus"
+)
+
+// HNSEndpoint represents a network endpoint in HNS
+type HNSEndpoint struct {
+ Id string `json:"ID,omitempty"`
+ Name string `json:",omitempty"`
+ VirtualNetwork string `json:",omitempty"`
+ VirtualNetworkName string `json:",omitempty"`
+ Policies []json.RawMessage `json:",omitempty"`
+ MacAddress string `json:",omitempty"`
+ IPAddress net.IP `json:",omitempty"`
+ IPv6Address net.IP `json:",omitempty"`
+ DNSSuffix string `json:",omitempty"`
+ DNSServerList string `json:",omitempty"`
+ DNSDomain string `json:",omitempty"`
+ GatewayAddress string `json:",omitempty"`
+ GatewayAddressV6 string `json:",omitempty"`
+ EnableInternalDNS bool `json:",omitempty"`
+ DisableICC bool `json:",omitempty"`
+ PrefixLength uint8 `json:",omitempty"`
+ IPv6PrefixLength uint8 `json:",omitempty"`
+ IsRemoteEndpoint bool `json:",omitempty"`
+ EnableLowMetric bool `json:",omitempty"`
+ Namespace *Namespace `json:",omitempty"`
+ EncapOverhead uint16 `json:",omitempty"`
+ SharedContainers []string `json:",omitempty"`
+}
+
+// SystemType represents the type of the system on which actions are done
+type SystemType string
+
+// SystemType const
+const (
+ ContainerType SystemType = "Container"
+ VirtualMachineType SystemType = "VirtualMachine"
+ HostType SystemType = "Host"
+)
+
+// EndpointAttachDetachRequest is the structure used to send request to the container to modify the system
+// Supported resource types are Network and Request Types are Add/Remove
+type EndpointAttachDetachRequest struct {
+ ContainerID string `json:"ContainerId,omitempty"`
+ SystemType SystemType `json:"SystemType"`
+ CompartmentID uint16 `json:"CompartmentId,omitempty"`
+ VirtualNICName string `json:"VirtualNicName,omitempty"`
+}
+
+// EndpointResquestResponse is object to get the endpoint request response
+type EndpointResquestResponse struct {
+ Success bool
+ Error string
+}
+
+// EndpointStats is the object that has stats for a given endpoint
+type EndpointStats struct {
+ BytesReceived uint64 `json:"BytesReceived"`
+ BytesSent uint64 `json:"BytesSent"`
+ DroppedPacketsIncoming uint64 `json:"DroppedPacketsIncoming"`
+ DroppedPacketsOutgoing uint64 `json:"DroppedPacketsOutgoing"`
+ EndpointID string `json:"EndpointId"`
+ InstanceID string `json:"InstanceId"`
+ PacketsReceived uint64 `json:"PacketsReceived"`
+ PacketsSent uint64 `json:"PacketsSent"`
+}
+
+// HNSEndpointRequest makes a HNS call to modify/query a network endpoint
+func HNSEndpointRequest(method, path, request string) (*HNSEndpoint, error) {
+ endpoint := &HNSEndpoint{}
+ err := hnsCall(method, "/endpoints/"+path, request, &endpoint)
+ if err != nil {
+ return nil, err
+ }
+
+ return endpoint, nil
+}
+
+// HNSListEndpointRequest makes a HNS call to query the list of available endpoints
+func HNSListEndpointRequest() ([]HNSEndpoint, error) {
+ var endpoint []HNSEndpoint
+ err := hnsCall("GET", "/endpoints/", "", &endpoint)
+ if err != nil {
+ return nil, err
+ }
+
+ return endpoint, nil
+}
+
+// hnsEndpointStatsRequest makes a HNS call to query the stats for a given endpoint ID
+func hnsEndpointStatsRequest(id string) (*EndpointStats, error) {
+ var stats EndpointStats
+ err := hnsCall("GET", "/endpointstats/"+id, "", &stats)
+ if err != nil {
+ return nil, err
+ }
+
+ return &stats, nil
+}
+
+// GetHNSEndpointByID get the Endpoint by ID
+func GetHNSEndpointByID(endpointID string) (*HNSEndpoint, error) {
+ return HNSEndpointRequest("GET", endpointID, "")
+}
+
+// GetHNSEndpointStats get the stats for a n Endpoint by ID
+func GetHNSEndpointStats(endpointID string) (*EndpointStats, error) {
+ return hnsEndpointStatsRequest(endpointID)
+}
+
+// GetHNSEndpointByName gets the endpoint filtered by Name
+func GetHNSEndpointByName(endpointName string) (*HNSEndpoint, error) {
+ hnsResponse, err := HNSListEndpointRequest()
+ if err != nil {
+ return nil, err
+ }
+ for _, hnsEndpoint := range hnsResponse {
+ if hnsEndpoint.Name == endpointName {
+ return &hnsEndpoint, nil
+ }
+ }
+ return nil, EndpointNotFoundError{EndpointName: endpointName}
+}
+
+type endpointAttachInfo struct {
+ SharedContainers json.RawMessage `json:",omitempty"`
+}
+
+func (endpoint *HNSEndpoint) IsAttached(vID string) (bool, error) {
+ attachInfo := endpointAttachInfo{}
+ err := hnsCall("GET", "/endpoints/"+endpoint.Id, "", &attachInfo)
+
+ // Return false allows us to just return the err
+ if err != nil {
+ return false, err
+ }
+
+ if strings.Contains(strings.ToLower(string(attachInfo.SharedContainers)), strings.ToLower(vID)) {
+ return true, nil
+ }
+
+ return false, nil
+}
+
+// Create Endpoint by sending EndpointRequest to HNS. TODO: Create a separate HNS interface to place all these methods
+func (endpoint *HNSEndpoint) Create() (*HNSEndpoint, error) {
+ operation := "Create"
+ title := "hcsshim::HNSEndpoint::" + operation
+ logrus.Debugf(title+" id=%s", endpoint.Id)
+
+ jsonString, err := json.Marshal(endpoint)
+ if err != nil {
+ return nil, err
+ }
+ return HNSEndpointRequest("POST", "", string(jsonString))
+}
+
+// Delete Endpoint by sending EndpointRequest to HNS
+func (endpoint *HNSEndpoint) Delete() (*HNSEndpoint, error) {
+ operation := "Delete"
+ title := "hcsshim::HNSEndpoint::" + operation
+ logrus.Debugf(title+" id=%s", endpoint.Id)
+
+ return HNSEndpointRequest("DELETE", endpoint.Id, "")
+}
+
+// Update Endpoint
+func (endpoint *HNSEndpoint) Update() (*HNSEndpoint, error) {
+ operation := "Update"
+ title := "hcsshim::HNSEndpoint::" + operation
+ logrus.Debugf(title+" id=%s", endpoint.Id)
+ jsonString, err := json.Marshal(endpoint)
+ if err != nil {
+ return nil, err
+ }
+ err = hnsCall("POST", "/endpoints/"+endpoint.Id, string(jsonString), &endpoint)
+
+ return endpoint, err
+}
+
+// ApplyACLPolicy applies a set of ACL Policies on the Endpoint
+func (endpoint *HNSEndpoint) ApplyACLPolicy(policies ...*ACLPolicy) error {
+ operation := "ApplyACLPolicy"
+ title := "hcsshim::HNSEndpoint::" + operation
+ logrus.Debugf(title+" id=%s", endpoint.Id)
+
+ for _, policy := range policies {
+ if policy == nil {
+ continue
+ }
+ jsonString, err := json.Marshal(policy)
+ if err != nil {
+ return err
+ }
+ endpoint.Policies = append(endpoint.Policies, jsonString)
+ }
+
+ _, err := endpoint.Update()
+ return err
+}
+
+// ApplyProxyPolicy applies a set of Proxy Policies on the Endpoint
+func (endpoint *HNSEndpoint) ApplyProxyPolicy(policies ...*ProxyPolicy) error {
+ operation := "ApplyProxyPolicy"
+ title := "hcsshim::HNSEndpoint::" + operation
+ logrus.Debugf(title+" id=%s", endpoint.Id)
+
+ for _, policy := range policies {
+ if policy == nil {
+ continue
+ }
+ jsonString, err := json.Marshal(policy)
+ if err != nil {
+ return err
+ }
+ endpoint.Policies = append(endpoint.Policies, jsonString)
+ }
+
+ _, err := endpoint.Update()
+ return err
+}
+
+// ContainerAttach attaches an endpoint to container
+func (endpoint *HNSEndpoint) ContainerAttach(containerID string, compartmentID uint16) error {
+ operation := "ContainerAttach"
+ title := "hcsshim::HNSEndpoint::" + operation
+ logrus.Debugf(title+" id=%s", endpoint.Id)
+
+ requestMessage := &EndpointAttachDetachRequest{
+ ContainerID: containerID,
+ CompartmentID: compartmentID,
+ SystemType: ContainerType,
+ }
+ response := &EndpointResquestResponse{}
+ jsonString, err := json.Marshal(requestMessage)
+ if err != nil {
+ return err
+ }
+ return hnsCall("POST", "/endpoints/"+endpoint.Id+"/attach", string(jsonString), &response)
+}
+
+// ContainerDetach detaches an endpoint from container
+func (endpoint *HNSEndpoint) ContainerDetach(containerID string) error {
+ operation := "ContainerDetach"
+ title := "hcsshim::HNSEndpoint::" + operation
+ logrus.Debugf(title+" id=%s", endpoint.Id)
+
+ requestMessage := &EndpointAttachDetachRequest{
+ ContainerID: containerID,
+ SystemType: ContainerType,
+ }
+ response := &EndpointResquestResponse{}
+
+ jsonString, err := json.Marshal(requestMessage)
+ if err != nil {
+ return err
+ }
+ return hnsCall("POST", "/endpoints/"+endpoint.Id+"/detach", string(jsonString), &response)
+}
+
+// HostAttach attaches a nic on the host
+func (endpoint *HNSEndpoint) HostAttach(compartmentID uint16) error {
+ operation := "HostAttach"
+ title := "hcsshim::HNSEndpoint::" + operation
+ logrus.Debugf(title+" id=%s", endpoint.Id)
+ requestMessage := &EndpointAttachDetachRequest{
+ CompartmentID: compartmentID,
+ SystemType: HostType,
+ }
+ response := &EndpointResquestResponse{}
+
+ jsonString, err := json.Marshal(requestMessage)
+ if err != nil {
+ return err
+ }
+ return hnsCall("POST", "/endpoints/"+endpoint.Id+"/attach", string(jsonString), &response)
+}
+
+// HostDetach detaches a nic on the host
+func (endpoint *HNSEndpoint) HostDetach() error {
+ operation := "HostDetach"
+ title := "hcsshim::HNSEndpoint::" + operation
+ logrus.Debugf(title+" id=%s", endpoint.Id)
+ requestMessage := &EndpointAttachDetachRequest{
+ SystemType: HostType,
+ }
+ response := &EndpointResquestResponse{}
+
+ jsonString, err := json.Marshal(requestMessage)
+ if err != nil {
+ return err
+ }
+ return hnsCall("POST", "/endpoints/"+endpoint.Id+"/detach", string(jsonString), &response)
+}
+
+// VirtualMachineNICAttach attaches a endpoint to a virtual machine
+func (endpoint *HNSEndpoint) VirtualMachineNICAttach(virtualMachineNICName string) error {
+ operation := "VirtualMachineNicAttach"
+ title := "hcsshim::HNSEndpoint::" + operation
+ logrus.Debugf(title+" id=%s", endpoint.Id)
+ requestMessage := &EndpointAttachDetachRequest{
+ VirtualNICName: virtualMachineNICName,
+ SystemType: VirtualMachineType,
+ }
+ response := &EndpointResquestResponse{}
+
+ jsonString, err := json.Marshal(requestMessage)
+ if err != nil {
+ return err
+ }
+ return hnsCall("POST", "/endpoints/"+endpoint.Id+"/attach", string(jsonString), &response)
+}
+
+// VirtualMachineNICDetach detaches a endpoint from a virtual machine
+func (endpoint *HNSEndpoint) VirtualMachineNICDetach() error {
+ operation := "VirtualMachineNicDetach"
+ title := "hcsshim::HNSEndpoint::" + operation
+ logrus.Debugf(title+" id=%s", endpoint.Id)
+
+ requestMessage := &EndpointAttachDetachRequest{
+ SystemType: VirtualMachineType,
+ }
+ response := &EndpointResquestResponse{}
+
+ jsonString, err := json.Marshal(requestMessage)
+ if err != nil {
+ return err
+ }
+ return hnsCall("POST", "/endpoints/"+endpoint.Id+"/detach", string(jsonString), &response)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go
new file mode 100644
index 000000000..0a8f36d83
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go
@@ -0,0 +1,51 @@
+//go:build windows
+
+package hns
+
+import (
+ "encoding/json"
+ "fmt"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/interop"
+ "github.com/sirupsen/logrus"
+)
+
+func hnsCallRawResponse(method, path, request string) (*hnsResponse, error) {
+ var responseBuffer *uint16
+ logrus.Debugf("[%s]=>[%s] Request : %s", method, path, request)
+
+ err := _hnsCall(method, path, request, &responseBuffer)
+ if err != nil {
+ return nil, hcserror.New(err, "hnsCall ", "")
+ }
+ response := interop.ConvertAndFreeCoTaskMemString(responseBuffer)
+
+ hnsresponse := &hnsResponse{}
+ if err = json.Unmarshal([]byte(response), &hnsresponse); err != nil {
+ return nil, err
+ }
+ return hnsresponse, nil
+}
+
+func hnsCall(method, path, request string, returnResponse interface{}) error {
+ hnsresponse, err := hnsCallRawResponse(method, path, request)
+ if err != nil {
+ return fmt.Errorf("failed during hnsCallRawResponse: %v", err)
+ }
+ if !hnsresponse.Success {
+ return fmt.Errorf("hns failed with error : %s", hnsresponse.Error)
+ }
+
+ if len(hnsresponse.Output) == 0 {
+ return nil
+ }
+
+ logrus.Debugf("Network Response : %s", hnsresponse.Output)
+ err = json.Unmarshal(hnsresponse.Output, returnResponse)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsglobals.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsglobals.go
new file mode 100644
index 000000000..464bb8954
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsglobals.go
@@ -0,0 +1,30 @@
+//go:build windows
+
+package hns
+
+type HNSGlobals struct {
+ Version HNSVersion `json:"Version"`
+}
+
+type HNSVersion struct {
+ Major int `json:"Major"`
+ Minor int `json:"Minor"`
+}
+
+var (
+ HNSVersion1803 = HNSVersion{Major: 7, Minor: 2}
+)
+
+func GetHNSGlobals() (*HNSGlobals, error) {
+ var version HNSVersion
+ err := hnsCall("GET", "/globals/version", "", &version)
+ if err != nil {
+ return nil, err
+ }
+
+ globals := &HNSGlobals{
+ Version: version,
+ }
+
+ return globals, nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go
new file mode 100644
index 000000000..8861faee7
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go
@@ -0,0 +1,144 @@
+//go:build windows
+
+package hns
+
+import (
+ "encoding/json"
+ "errors"
+ "net"
+
+ "github.com/sirupsen/logrus"
+)
+
+// Subnet is associated with a network and represents a list
+// of subnets available to the network
+type Subnet struct {
+ AddressPrefix string `json:",omitempty"`
+ GatewayAddress string `json:",omitempty"`
+ Policies []json.RawMessage `json:",omitempty"`
+}
+
+// MacPool is associated with a network and represents a list
+// of macaddresses available to the network
+type MacPool struct {
+ StartMacAddress string `json:",omitempty"`
+ EndMacAddress string `json:",omitempty"`
+}
+
+// HNSNetwork represents a network in HNS
+type HNSNetwork struct {
+ Id string `json:"ID,omitempty"`
+ Name string `json:",omitempty"`
+ Type string `json:",omitempty"`
+ NetworkAdapterName string `json:",omitempty"`
+ SourceMac string `json:",omitempty"`
+ Policies []json.RawMessage `json:",omitempty"`
+ MacPools []MacPool `json:",omitempty"`
+ Subnets []Subnet `json:",omitempty"`
+ DNSSuffix string `json:",omitempty"`
+ DNSServerList string `json:",omitempty"`
+ DNSServerCompartment uint32 `json:",omitempty"`
+ ManagementIP string `json:",omitempty"`
+ AutomaticDNS bool `json:",omitempty"`
+}
+
+type hnsResponse struct {
+ Success bool
+ Error string
+ Output json.RawMessage
+}
+
+// HNSNetworkRequest makes a call into HNS to update/query a single network
+func HNSNetworkRequest(method, path, request string) (*HNSNetwork, error) {
+ var network HNSNetwork
+ err := hnsCall(method, "/networks/"+path, request, &network)
+ if err != nil {
+ return nil, err
+ }
+
+ return &network, nil
+}
+
+// HNSListNetworkRequest makes a HNS call to query the list of available networks
+func HNSListNetworkRequest(method, path, request string) ([]HNSNetwork, error) {
+ var network []HNSNetwork
+ err := hnsCall(method, "/networks/"+path, request, &network)
+ if err != nil {
+ return nil, err
+ }
+
+ return network, nil
+}
+
+// GetHNSNetworkByID
+func GetHNSNetworkByID(networkID string) (*HNSNetwork, error) {
+ return HNSNetworkRequest("GET", networkID, "")
+}
+
+// GetHNSNetworkName filtered by Name
+func GetHNSNetworkByName(networkName string) (*HNSNetwork, error) {
+ hsnnetworks, err := HNSListNetworkRequest("GET", "", "")
+ if err != nil {
+ return nil, err
+ }
+ for _, hnsnetwork := range hsnnetworks {
+ if hnsnetwork.Name == networkName {
+ return &hnsnetwork, nil
+ }
+ }
+ return nil, NetworkNotFoundError{NetworkName: networkName}
+}
+
+// Create Network by sending NetworkRequest to HNS.
+func (network *HNSNetwork) Create() (*HNSNetwork, error) {
+ operation := "Create"
+ title := "hcsshim::HNSNetwork::" + operation
+ logrus.Debugf(title+" id=%s", network.Id)
+
+ for _, subnet := range network.Subnets {
+ if (subnet.AddressPrefix != "") && (subnet.GatewayAddress == "") {
+ return nil, errors.New("network create error, subnet has address prefix but no gateway specified")
+ }
+ }
+
+ jsonString, err := json.Marshal(network)
+ if err != nil {
+ return nil, err
+ }
+ return HNSNetworkRequest("POST", "", string(jsonString))
+}
+
+// Delete Network by sending NetworkRequest to HNS
+func (network *HNSNetwork) Delete() (*HNSNetwork, error) {
+ operation := "Delete"
+ title := "hcsshim::HNSNetwork::" + operation
+ logrus.Debugf(title+" id=%s", network.Id)
+
+ return HNSNetworkRequest("DELETE", network.Id, "")
+}
+
+// Creates an endpoint on the Network.
+func (network *HNSNetwork) NewEndpoint(ipAddress net.IP, macAddress net.HardwareAddr) *HNSEndpoint {
+ return &HNSEndpoint{
+ VirtualNetwork: network.Id,
+ IPAddress: ipAddress,
+ MacAddress: string(macAddress),
+ }
+}
+
+func (network *HNSNetwork) CreateEndpoint(endpoint *HNSEndpoint) (*HNSEndpoint, error) {
+ operation := "CreateEndpoint"
+ title := "hcsshim::HNSNetwork::" + operation
+ logrus.Debugf(title+" id=%s, endpointId=%s", network.Id, endpoint.Id)
+
+ endpoint.VirtualNetwork = network.Id
+ return endpoint.Create()
+}
+
+func (network *HNSNetwork) CreateRemoteEndpoint(endpoint *HNSEndpoint) (*HNSEndpoint, error) {
+ operation := "CreateRemoteEndpoint"
+ title := "hcsshim::HNSNetwork::" + operation
+ logrus.Debugf(title+" id=%s", network.Id)
+ endpoint.IsRemoteEndpoint = true
+ return network.CreateEndpoint(endpoint)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go
new file mode 100644
index 000000000..082c018a4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go
@@ -0,0 +1,110 @@
+package hns
+
+// Type of Request Support in ModifySystem
+type PolicyType string
+
+// RequestType const
+const (
+ Nat PolicyType = "NAT"
+ ACL PolicyType = "ACL"
+ PA PolicyType = "PA"
+ VLAN PolicyType = "VLAN"
+ VSID PolicyType = "VSID"
+ VNet PolicyType = "VNET"
+ L2Driver PolicyType = "L2Driver"
+ Isolation PolicyType = "Isolation"
+ QOS PolicyType = "QOS"
+ OutboundNat PolicyType = "OutBoundNAT"
+ ExternalLoadBalancer PolicyType = "ELB"
+ Route PolicyType = "ROUTE"
+ Proxy PolicyType = "PROXY"
+)
+
+type NatPolicy struct {
+ Type PolicyType `json:"Type"`
+ Protocol string `json:",omitempty"`
+ InternalPort uint16 `json:",omitempty"`
+ ExternalPort uint16 `json:",omitempty"`
+ ExternalPortReserved bool `json:",omitempty"`
+}
+
+type QosPolicy struct {
+ Type PolicyType `json:"Type"`
+ MaximumOutgoingBandwidthInBytes uint64
+}
+
+type IsolationPolicy struct {
+ Type PolicyType `json:"Type"`
+ VLAN uint
+ VSID uint
+ InDefaultIsolation bool
+}
+
+type VlanPolicy struct {
+ Type PolicyType `json:"Type"`
+ VLAN uint
+}
+
+type VsidPolicy struct {
+ Type PolicyType `json:"Type"`
+ VSID uint
+}
+
+type PaPolicy struct {
+ Type PolicyType `json:"Type"`
+ PA string `json:"PA"`
+}
+
+type OutboundNatPolicy struct {
+ Policy
+ VIP string `json:"VIP,omitempty"`
+ Exceptions []string `json:"ExceptionList,omitempty"`
+ Destinations []string `json:",omitempty"`
+}
+
+type ProxyPolicy struct {
+ Type PolicyType `json:"Type"`
+ IP string `json:",omitempty"`
+ Port string `json:",omitempty"`
+ ExceptionList []string `json:",omitempty"`
+ Destination string `json:",omitempty"`
+ OutboundNat bool `json:",omitempty"`
+}
+
+type ActionType string
+type DirectionType string
+type RuleType string
+
+const (
+ Allow ActionType = "Allow"
+ Block ActionType = "Block"
+
+ In DirectionType = "In"
+ Out DirectionType = "Out"
+
+ Host RuleType = "Host"
+ Switch RuleType = "Switch"
+)
+
+type ACLPolicy struct {
+ Type PolicyType `json:"Type"`
+ Id string `json:"Id,omitempty"`
+ Protocol uint16 `json:",omitempty"`
+ Protocols string `json:"Protocols,omitempty"`
+ InternalPort uint16 `json:",omitempty"`
+ Action ActionType
+ Direction DirectionType
+ LocalAddresses string `json:",omitempty"`
+ RemoteAddresses string `json:",omitempty"`
+ LocalPorts string `json:"LocalPorts,omitempty"`
+ LocalPort uint16 `json:",omitempty"`
+ RemotePorts string `json:"RemotePorts,omitempty"`
+ RemotePort uint16 `json:",omitempty"`
+ RuleType RuleType `json:"RuleType,omitempty"`
+ Priority uint16 `json:",omitempty"`
+ ServiceName string `json:",omitempty"`
+}
+
+type Policy struct {
+ Type PolicyType `json:"Type"`
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go
new file mode 100644
index 000000000..b98db40e8
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go
@@ -0,0 +1,203 @@
+//go:build windows
+
+package hns
+
+import (
+ "encoding/json"
+
+ "github.com/sirupsen/logrus"
+)
+
+// RoutePolicy is a structure defining schema for Route based Policy
+type RoutePolicy struct {
+ Policy
+ DestinationPrefix string `json:"DestinationPrefix,omitempty"`
+ NextHop string `json:"NextHop,omitempty"`
+ EncapEnabled bool `json:"NeedEncap,omitempty"`
+}
+
+// ELBPolicy is a structure defining schema for ELB LoadBalancing based Policy
+type ELBPolicy struct {
+ LBPolicy
+ SourceVIP string `json:"SourceVIP,omitempty"`
+ VIPs []string `json:"VIPs,omitempty"`
+ ILB bool `json:"ILB,omitempty"`
+ DSR bool `json:"IsDSR,omitempty"`
+}
+
+// LBPolicy is a structure defining schema for LoadBalancing based Policy
+type LBPolicy struct {
+ Policy
+ Protocol uint16 `json:"Protocol,omitempty"`
+ InternalPort uint16
+ ExternalPort uint16
+}
+
+// PolicyList is a structure defining schema for Policy list request
+type PolicyList struct {
+ ID string `json:"ID,omitempty"`
+ EndpointReferences []string `json:"References,omitempty"`
+ Policies []json.RawMessage `json:"Policies,omitempty"`
+}
+
+// HNSPolicyListRequest makes a call into HNS to update/query a single network
+func HNSPolicyListRequest(method, path, request string) (*PolicyList, error) {
+ var policy PolicyList
+ err := hnsCall(method, "/policylists/"+path, request, &policy)
+ if err != nil {
+ return nil, err
+ }
+
+ return &policy, nil
+}
+
+// HNSListPolicyListRequest gets all the policy list
+func HNSListPolicyListRequest() ([]PolicyList, error) {
+ var plist []PolicyList
+ err := hnsCall("GET", "/policylists/", "", &plist)
+ if err != nil {
+ return nil, err
+ }
+
+ return plist, nil
+}
+
+// PolicyListRequest makes a HNS call to modify/query a network policy list
+func PolicyListRequest(method, path, request string) (*PolicyList, error) {
+ policylist := &PolicyList{}
+ err := hnsCall(method, "/policylists/"+path, request, &policylist)
+ if err != nil {
+ return nil, err
+ }
+
+ return policylist, nil
+}
+
+// GetPolicyListByID get the policy list by ID
+func GetPolicyListByID(policyListID string) (*PolicyList, error) {
+ return PolicyListRequest("GET", policyListID, "")
+}
+
+// Create PolicyList by sending PolicyListRequest to HNS.
+func (policylist *PolicyList) Create() (*PolicyList, error) {
+ operation := "Create"
+ title := "hcsshim::PolicyList::" + operation
+ logrus.Debugf(title+" id=%s", policylist.ID)
+ jsonString, err := json.Marshal(policylist)
+ if err != nil {
+ return nil, err
+ }
+ return PolicyListRequest("POST", "", string(jsonString))
+}
+
+// Delete deletes PolicyList
+func (policylist *PolicyList) Delete() (*PolicyList, error) {
+ operation := "Delete"
+ title := "hcsshim::PolicyList::" + operation
+ logrus.Debugf(title+" id=%s", policylist.ID)
+
+ return PolicyListRequest("DELETE", policylist.ID, "")
+}
+
+// AddEndpoint add an endpoint to a Policy List
+func (policylist *PolicyList) AddEndpoint(endpoint *HNSEndpoint) (*PolicyList, error) {
+ operation := "AddEndpoint"
+ title := "hcsshim::PolicyList::" + operation
+ logrus.Debugf(title+" id=%s, endpointId:%s", policylist.ID, endpoint.Id)
+
+ _, err := policylist.Delete()
+ if err != nil {
+ return nil, err
+ }
+
+ // Add Endpoint to the Existing List
+ policylist.EndpointReferences = append(policylist.EndpointReferences, "/endpoints/"+endpoint.Id)
+
+ return policylist.Create()
+}
+
+// RemoveEndpoint removes an endpoint from the Policy List
+func (policylist *PolicyList) RemoveEndpoint(endpoint *HNSEndpoint) (*PolicyList, error) {
+ operation := "RemoveEndpoint"
+ title := "hcsshim::PolicyList::" + operation
+ logrus.Debugf(title+" id=%s, endpointId:%s", policylist.ID, endpoint.Id)
+
+ _, err := policylist.Delete()
+ if err != nil {
+ return nil, err
+ }
+
+ elementToRemove := "/endpoints/" + endpoint.Id
+
+ var references []string
+
+ for _, endpointReference := range policylist.EndpointReferences {
+ if endpointReference == elementToRemove {
+ continue
+ }
+ references = append(references, endpointReference)
+ }
+ policylist.EndpointReferences = references
+ return policylist.Create()
+}
+
+// AddLoadBalancer policy list for the specified endpoints
+func AddLoadBalancer(endpoints []HNSEndpoint, isILB bool, sourceVIP, vip string, protocol uint16, internalPort uint16, externalPort uint16) (*PolicyList, error) {
+ operation := "AddLoadBalancer"
+ title := "hcsshim::PolicyList::" + operation
+ logrus.Debugf(title+" endpointId=%v, isILB=%v, sourceVIP=%s, vip=%s, protocol=%v, internalPort=%v, externalPort=%v", endpoints, isILB, sourceVIP, vip, protocol, internalPort, externalPort)
+
+ policylist := &PolicyList{}
+
+ elbPolicy := &ELBPolicy{
+ SourceVIP: sourceVIP,
+ ILB: isILB,
+ }
+
+ if len(vip) > 0 {
+ elbPolicy.VIPs = []string{vip}
+ }
+ elbPolicy.Type = ExternalLoadBalancer
+ elbPolicy.Protocol = protocol
+ elbPolicy.InternalPort = internalPort
+ elbPolicy.ExternalPort = externalPort
+
+ for _, endpoint := range endpoints {
+ policylist.EndpointReferences = append(policylist.EndpointReferences, "/endpoints/"+endpoint.Id)
+ }
+
+ jsonString, err := json.Marshal(elbPolicy)
+ if err != nil {
+ return nil, err
+ }
+ policylist.Policies = append(policylist.Policies, jsonString)
+ return policylist.Create()
+}
+
+// AddRoute adds route policy list for the specified endpoints
+func AddRoute(endpoints []HNSEndpoint, destinationPrefix string, nextHop string, encapEnabled bool) (*PolicyList, error) {
+ operation := "AddRoute"
+ title := "hcsshim::PolicyList::" + operation
+ logrus.Debugf(title+" destinationPrefix:%s", destinationPrefix)
+
+ policylist := &PolicyList{}
+
+ rPolicy := &RoutePolicy{
+ DestinationPrefix: destinationPrefix,
+ NextHop: nextHop,
+ EncapEnabled: encapEnabled,
+ }
+ rPolicy.Type = Route
+
+ for _, endpoint := range endpoints {
+ policylist.EndpointReferences = append(policylist.EndpointReferences, "/endpoints/"+endpoint.Id)
+ }
+
+ jsonString, err := json.Marshal(rPolicy)
+ if err != nil {
+ return nil, err
+ }
+
+ policylist.Policies = append(policylist.Policies, jsonString)
+ return policylist.Create()
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnssupport.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnssupport.go
new file mode 100644
index 000000000..b9c30b901
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnssupport.go
@@ -0,0 +1,51 @@
+//go:build windows
+
+package hns
+
+import (
+ "github.com/sirupsen/logrus"
+)
+
+type HNSSupportedFeatures struct {
+ Acl HNSAclFeatures `json:"ACL"`
+}
+
+type HNSAclFeatures struct {
+ AclAddressLists bool `json:"AclAddressLists"`
+ AclNoHostRulePriority bool `json:"AclHostRulePriority"`
+ AclPortRanges bool `json:"AclPortRanges"`
+ AclRuleId bool `json:"AclRuleId"`
+}
+
+func GetHNSSupportedFeatures() HNSSupportedFeatures {
+ var hnsFeatures HNSSupportedFeatures
+
+ globals, err := GetHNSGlobals()
+ if err != nil {
+ // Expected on pre-1803 builds, all features will be false/unsupported
+ logrus.Debugf("Unable to obtain HNS globals: %s", err)
+ return hnsFeatures
+ }
+
+ hnsFeatures.Acl = HNSAclFeatures{
+ AclAddressLists: isHNSFeatureSupported(globals.Version, HNSVersion1803),
+ AclNoHostRulePriority: isHNSFeatureSupported(globals.Version, HNSVersion1803),
+ AclPortRanges: isHNSFeatureSupported(globals.Version, HNSVersion1803),
+ AclRuleId: isHNSFeatureSupported(globals.Version, HNSVersion1803),
+ }
+
+ return hnsFeatures
+}
+
+func isHNSFeatureSupported(currentVersion HNSVersion, minVersionSupported HNSVersion) bool {
+ if currentVersion.Major < minVersionSupported.Major {
+ return false
+ }
+ if currentVersion.Major > minVersionSupported.Major {
+ return true
+ }
+ if currentVersion.Minor < minVersionSupported.Minor {
+ return false
+ }
+ return true
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go
new file mode 100644
index 000000000..749588ad3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go
@@ -0,0 +1,113 @@
+//go:build windows
+
+package hns
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "path"
+ "strings"
+)
+
+type namespaceRequest struct {
+ IsDefault bool `json:",omitempty"`
+}
+
+type namespaceEndpointRequest struct {
+ ID string `json:"Id"`
+}
+
+type NamespaceResource struct {
+ Type string
+ Data json.RawMessage
+}
+
+type namespaceResourceRequest struct {
+ Type string
+ Data interface{}
+}
+
+type Namespace struct {
+ ID string
+ IsDefault bool `json:",omitempty"`
+ ResourceList []NamespaceResource `json:",omitempty"`
+ CompartmentId uint32 `json:",omitempty"`
+}
+
+func issueNamespaceRequest(id *string, method, subpath string, request interface{}) (*Namespace, error) {
+ var err error
+ hnspath := "/namespaces/"
+ if id != nil {
+ hnspath = path.Join(hnspath, *id)
+ }
+ if subpath != "" {
+ hnspath = path.Join(hnspath, subpath)
+ }
+ var reqJSON []byte
+ if request != nil {
+ if reqJSON, err = json.Marshal(request); err != nil {
+ return nil, err
+ }
+ }
+ var ns Namespace
+ err = hnsCall(method, hnspath, string(reqJSON), &ns)
+ if err != nil {
+ if strings.Contains(err.Error(), "Element not found.") {
+ return nil, os.ErrNotExist
+ }
+ return nil, fmt.Errorf("%s %s: %s", method, hnspath, err)
+ }
+ return &ns, err
+}
+
+func CreateNamespace() (string, error) {
+ req := namespaceRequest{}
+ ns, err := issueNamespaceRequest(nil, "POST", "", &req)
+ if err != nil {
+ return "", err
+ }
+ return ns.ID, nil
+}
+
+func RemoveNamespace(id string) error {
+ _, err := issueNamespaceRequest(&id, "DELETE", "", nil)
+ return err
+}
+
+func GetNamespaceEndpoints(id string) ([]string, error) {
+ ns, err := issueNamespaceRequest(&id, "GET", "", nil)
+ if err != nil {
+ return nil, err
+ }
+ var endpoints []string
+ for _, rsrc := range ns.ResourceList {
+ if rsrc.Type == "Endpoint" {
+ var endpoint namespaceEndpointRequest
+ err = json.Unmarshal(rsrc.Data, &endpoint)
+ if err != nil {
+ return nil, fmt.Errorf("unmarshal endpoint: %s", err)
+ }
+ endpoints = append(endpoints, endpoint.ID)
+ }
+ }
+ return endpoints, nil
+}
+
+func AddNamespaceEndpoint(id string, endpointID string) error {
+ resource := namespaceResourceRequest{
+ Type: "Endpoint",
+ Data: namespaceEndpointRequest{endpointID},
+ }
+ _, err := issueNamespaceRequest(&id, "POST", "addresource", &resource)
+ return err
+}
+
+func RemoveNamespaceEndpoint(id string, endpointID string) error {
+ resource := namespaceResourceRequest{
+ Type: "Endpoint",
+ Data: namespaceEndpointRequest{endpointID},
+ }
+ _, err := issueNamespaceRequest(&id, "POST", "removeresource", &resource)
+ return err
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go
new file mode 100644
index 000000000..a35ee945d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go
@@ -0,0 +1,80 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package hns
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modvmcompute = windows.NewLazySystemDLL("vmcompute.dll")
+
+ procHNSCall = modvmcompute.NewProc("HNSCall")
+)
+
+func _hnsCall(method string, path string, object string, response **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(method)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(path)
+ if hr != nil {
+ return
+ }
+ var _p2 *uint16
+ _p2, hr = syscall.UTF16PtrFromString(object)
+ if hr != nil {
+ return
+ }
+ return __hnsCall(_p0, _p1, _p2, response)
+}
+
+func __hnsCall(method *uint16, path *uint16, object *uint16, response **uint16) (hr error) {
+ hr = procHNSCall.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procHNSCall.Addr(), 4, uintptr(unsafe.Pointer(method)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(object)), uintptr(unsafe.Pointer(response)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/interop/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/interop/doc.go
new file mode 100644
index 000000000..cb554867f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/interop/doc.go
@@ -0,0 +1 @@
+package interop
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go b/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go
new file mode 100644
index 000000000..a56469656
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go
@@ -0,0 +1,25 @@
+//go:build windows
+
+package interop
+
+import (
+ "syscall"
+ "unsafe"
+)
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go interop.go
+
+//sys coTaskMemFree(buffer unsafe.Pointer) = api_ms_win_core_com_l1_1_0.CoTaskMemFree
+
+func ConvertAndFreeCoTaskMemString(buffer *uint16) string {
+ str := syscall.UTF16ToString((*[1 << 29]uint16)(unsafe.Pointer(buffer))[:])
+ coTaskMemFree(unsafe.Pointer(buffer))
+ return str
+}
+
+func Win32FromHresult(hr uintptr) syscall.Errno {
+ if hr&0x1fff0000 == 0x00070000 {
+ return syscall.Errno(hr & 0xffff)
+ }
+ return syscall.Errno(hr)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go
new file mode 100644
index 000000000..a17a11250
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go
@@ -0,0 +1,51 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package interop
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modapi_ms_win_core_com_l1_1_0 = windows.NewLazySystemDLL("api-ms-win-core-com-l1-1-0.dll")
+
+ procCoTaskMemFree = modapi_ms_win_core_com_l1_1_0.NewProc("CoTaskMemFree")
+)
+
+func coTaskMemFree(buffer unsafe.Pointer) {
+ syscall.Syscall(procCoTaskMemFree.Addr(), 1, uintptr(buffer), 0, 0)
+ return
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/doc.go
new file mode 100644
index 000000000..34b53d6e4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/doc.go
@@ -0,0 +1,8 @@
+// This package provides higher level constructs for the win32 job object API.
+// Most of the core creation and management functions are already present in "golang.org/x/sys/windows"
+// (CreateJobObject, AssignProcessToJobObject, etc.) as well as most of the limit information
+// structs and associated limit flags. Whatever is not present from the job object API
+// in golang.org/x/sys/windows is located in /internal/winapi.
+//
+// https://docs.microsoft.com/en-us/windows/win32/procthread/job-objects
+package jobobject
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go
new file mode 100644
index 000000000..bcca84b0d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go
@@ -0,0 +1,113 @@
+//go:build windows
+
+package jobobject
+
+import (
+ "context"
+ "fmt"
+ "sync"
+ "unsafe"
+
+ "github.com/Microsoft/hcsshim/internal/log"
+ "github.com/Microsoft/hcsshim/internal/queue"
+ "github.com/Microsoft/hcsshim/internal/winapi"
+ "github.com/sirupsen/logrus"
+ "golang.org/x/sys/windows"
+)
+
+var (
+ ioInitOnce sync.Once
+ initIOErr error
+ // Global iocp handle that will be re-used for every job object
+ ioCompletionPort windows.Handle
+ // Mapping of job handle to queue to place notifications in.
+ jobMap sync.Map
+)
+
+// MsgAllProcessesExited is a type representing a message that every process in a job has exited.
+type MsgAllProcessesExited struct{}
+
+// MsgUnimplemented represents a message that we are aware of, but that isn't implemented currently.
+// This should not be treated as an error.
+type MsgUnimplemented struct{}
+
+// pollIOCP polls the io completion port forever.
+func pollIOCP(ctx context.Context, iocpHandle windows.Handle) {
+ var (
+ overlapped uintptr
+ code uint32
+ key uintptr
+ )
+
+ for {
+ err := windows.GetQueuedCompletionStatus(iocpHandle, &code, &key, (**windows.Overlapped)(unsafe.Pointer(&overlapped)), windows.INFINITE)
+ if err != nil {
+ log.G(ctx).WithError(err).Error("failed to poll for job object message")
+ continue
+ }
+ if val, ok := jobMap.Load(key); ok {
+ msq, ok := val.(*queue.MessageQueue)
+ if !ok {
+ log.G(ctx).WithField("value", msq).Warn("encountered non queue type in job map")
+ continue
+ }
+ notification, err := parseMessage(code, overlapped)
+ if err != nil {
+ log.G(ctx).WithFields(logrus.Fields{
+ "code": code,
+ "overlapped": overlapped,
+ }).Warn("failed to parse job object message")
+ continue
+ }
+ if err := msq.Enqueue(notification); err == queue.ErrQueueClosed {
+ // Write will only return an error when the queue is closed.
+ // The only time a queue would ever be closed is when we call `Close` on
+ // the job it belongs to which also removes it from the jobMap, so something
+ // went wrong here. We can't return as this is reading messages for all jobs
+ // so just log it and move on.
+ log.G(ctx).WithFields(logrus.Fields{
+ "code": code,
+ "overlapped": overlapped,
+ }).Warn("tried to write to a closed queue")
+ continue
+ }
+ } else {
+ log.G(ctx).Warn("received a message for a job not present in the mapping")
+ }
+ }
+}
+
+func parseMessage(code uint32, overlapped uintptr) (interface{}, error) {
+ // Check code and parse out relevant information related to that notification
+ // that we care about. For now all we handle is the message that all processes
+ // in the job have exited.
+ switch code {
+ case winapi.JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO:
+ return MsgAllProcessesExited{}, nil
+ // Other messages for completeness and a check to make sure that if we fall
+ // into the default case that this is a code we don't know how to handle.
+ case winapi.JOB_OBJECT_MSG_END_OF_JOB_TIME:
+ case winapi.JOB_OBJECT_MSG_END_OF_PROCESS_TIME:
+ case winapi.JOB_OBJECT_MSG_ACTIVE_PROCESS_LIMIT:
+ case winapi.JOB_OBJECT_MSG_NEW_PROCESS:
+ case winapi.JOB_OBJECT_MSG_EXIT_PROCESS:
+ case winapi.JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS:
+ case winapi.JOB_OBJECT_MSG_PROCESS_MEMORY_LIMIT:
+ case winapi.JOB_OBJECT_MSG_JOB_MEMORY_LIMIT:
+ case winapi.JOB_OBJECT_MSG_NOTIFICATION_LIMIT:
+ default:
+ return nil, fmt.Errorf("unknown job notification type: %d", code)
+ }
+ return MsgUnimplemented{}, nil
+}
+
+// Assigns an IO completion port to get notified of events for the registered job
+// object.
+func attachIOCP(job windows.Handle, iocp windows.Handle) error {
+ info := winapi.JOBOBJECT_ASSOCIATE_COMPLETION_PORT{
+ CompletionKey: job,
+ CompletionPort: iocp,
+ }
+ _, err := windows.SetInformationJobObject(job, windows.JobObjectAssociateCompletionPortInformation, uintptr(unsafe.Pointer(&info)), uint32(unsafe.Sizeof(info)))
+ return err
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go
new file mode 100644
index 000000000..4a224fbec
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go
@@ -0,0 +1,669 @@
+//go:build windows
+
+package jobobject
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "os"
+ "path/filepath"
+ "sync"
+ "sync/atomic"
+ "unsafe"
+
+ "github.com/Microsoft/hcsshim/internal/queue"
+ "github.com/Microsoft/hcsshim/internal/winapi"
+ "golang.org/x/sys/windows"
+)
+
+// JobObject is a high level wrapper around a Windows job object. Holds a handle to
+// the job, a queue to receive iocp notifications about the lifecycle
+// of the job and a mutex for synchronized handle access.
+type JobObject struct {
+ handle windows.Handle
+ // All accesses to this MUST be done atomically except in `Open` as the object
+ // is being created in the function. 1 signifies that this job is currently a silo.
+ silo uint32
+ mq *queue.MessageQueue
+ handleLock sync.RWMutex
+}
+
+// JobLimits represents the resource constraints that can be applied to a job object.
+type JobLimits struct {
+ CPULimit uint32
+ CPUWeight uint32
+ MemoryLimitInBytes uint64
+ MaxIOPS int64
+ MaxBandwidth int64
+}
+
+type CPURateControlType uint32
+
+const (
+ WeightBased CPURateControlType = iota
+ RateBased
+)
+
+// Processor resource controls
+const (
+ cpuLimitMin = 1
+ cpuLimitMax = 10000
+ cpuWeightMin = 1
+ cpuWeightMax = 9
+)
+
+var (
+ ErrAlreadyClosed = errors.New("the handle has already been closed")
+ ErrNotRegistered = errors.New("job is not registered to receive notifications")
+ ErrNotSilo = errors.New("job is not a silo")
+)
+
+// Options represents the set of configurable options when making or opening a job object.
+type Options struct {
+ // `Name` specifies the name of the job object if a named job object is desired.
+ Name string
+ // `Notifications` specifies if the job will be registered to receive notifications.
+ // Defaults to false.
+ Notifications bool
+ // `UseNTVariant` specifies if we should use the `Nt` variant of Open/CreateJobObject.
+ // Defaults to false.
+ UseNTVariant bool
+ // `Silo` specifies to promote the job to a silo. This additionally sets the flag
+ // JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE as it is required for the upgrade to complete.
+ Silo bool
+ // `IOTracking` enables tracking I/O statistics on the job object. More specifically this
+ // calls SetInformationJobObject with the JobObjectIoAttribution class.
+ EnableIOTracking bool
+}
+
+// Create creates a job object.
+//
+// If options.Name is an empty string, the job will not be assigned a name.
+//
+// If options.Notifications are not enabled `PollNotifications` will return immediately with error `errNotRegistered`.
+//
+// If `options` is nil, use default option values.
+//
+// Returns a JobObject structure and an error if there is one.
+func Create(ctx context.Context, options *Options) (_ *JobObject, err error) {
+ if options == nil {
+ options = &Options{}
+ }
+
+ var jobName *winapi.UnicodeString
+ if options.Name != "" {
+ jobName, err = winapi.NewUnicodeString(options.Name)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ var jobHandle windows.Handle
+ if options.UseNTVariant {
+ oa := winapi.ObjectAttributes{
+ Length: unsafe.Sizeof(winapi.ObjectAttributes{}),
+ ObjectName: jobName,
+ Attributes: 0,
+ }
+ status := winapi.NtCreateJobObject(&jobHandle, winapi.JOB_OBJECT_ALL_ACCESS, &oa)
+ if status != 0 {
+ return nil, winapi.RtlNtStatusToDosError(status)
+ }
+ } else {
+ var jobNameBuf *uint16
+ if jobName != nil && jobName.Buffer != nil {
+ jobNameBuf = jobName.Buffer
+ }
+ jobHandle, err = windows.CreateJobObject(nil, jobNameBuf)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ defer func() {
+ if err != nil {
+ windows.Close(jobHandle)
+ }
+ }()
+
+ job := &JobObject{
+ handle: jobHandle,
+ }
+
+ // If the IOCP we'll be using to receive messages for all jobs hasn't been
+ // created, create it and start polling.
+ if options.Notifications {
+ mq, err := setupNotifications(ctx, job)
+ if err != nil {
+ return nil, err
+ }
+ job.mq = mq
+ }
+
+ if options.EnableIOTracking {
+ if err := enableIOTracking(jobHandle); err != nil {
+ return nil, err
+ }
+ }
+
+ if options.Silo {
+ // This is a required setting for upgrading to a silo.
+ if err := job.SetTerminateOnLastHandleClose(); err != nil {
+ return nil, err
+ }
+ if err := job.PromoteToSilo(); err != nil {
+ return nil, err
+ }
+ }
+
+ return job, nil
+}
+
+// Open opens an existing job object with name provided in `options`. If no name is provided
+// return an error since we need to know what job object to open.
+//
+// If options.Notifications is false `PollNotifications` will return immediately with error `errNotRegistered`.
+//
+// Returns a JobObject structure and an error if there is one.
+func Open(ctx context.Context, options *Options) (_ *JobObject, err error) {
+ if options == nil || options.Name == "" {
+ return nil, errors.New("no job object name specified to open")
+ }
+
+ unicodeJobName, err := winapi.NewUnicodeString(options.Name)
+ if err != nil {
+ return nil, err
+ }
+
+ var jobHandle windows.Handle
+ if options.UseNTVariant {
+ oa := winapi.ObjectAttributes{
+ Length: unsafe.Sizeof(winapi.ObjectAttributes{}),
+ ObjectName: unicodeJobName,
+ Attributes: 0,
+ }
+ status := winapi.NtOpenJobObject(&jobHandle, winapi.JOB_OBJECT_ALL_ACCESS, &oa)
+ if status != 0 {
+ return nil, winapi.RtlNtStatusToDosError(status)
+ }
+ } else {
+ jobHandle, err = winapi.OpenJobObject(winapi.JOB_OBJECT_ALL_ACCESS, 0, unicodeJobName.Buffer)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ defer func() {
+ if err != nil {
+ windows.Close(jobHandle)
+ }
+ }()
+
+ job := &JobObject{
+ handle: jobHandle,
+ }
+
+ if isJobSilo(jobHandle) {
+ job.silo = 1
+ }
+
+ // If the IOCP we'll be using to receive messages for all jobs hasn't been
+ // created, create it and start polling.
+ if options.Notifications {
+ mq, err := setupNotifications(ctx, job)
+ if err != nil {
+ return nil, err
+ }
+ job.mq = mq
+ }
+
+ return job, nil
+}
+
+// helper function to setup notifications for creating/opening a job object
+func setupNotifications(ctx context.Context, job *JobObject) (*queue.MessageQueue, error) {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return nil, ErrAlreadyClosed
+ }
+
+ ioInitOnce.Do(func() {
+ h, err := windows.CreateIoCompletionPort(windows.InvalidHandle, 0, 0, 0xffffffff)
+ if err != nil {
+ initIOErr = err
+ return
+ }
+ ioCompletionPort = h
+ go pollIOCP(ctx, h)
+ })
+
+ if initIOErr != nil {
+ return nil, initIOErr
+ }
+
+ mq := queue.NewMessageQueue()
+ jobMap.Store(uintptr(job.handle), mq)
+ if err := attachIOCP(job.handle, ioCompletionPort); err != nil {
+ jobMap.Delete(uintptr(job.handle))
+ return nil, fmt.Errorf("failed to attach job to IO completion port: %w", err)
+ }
+ return mq, nil
+}
+
+// PollNotification will poll for a job object notification. This call should only be called once
+// per job (ideally in a goroutine loop) and will block if there is not a notification ready.
+// This call will return immediately with error `ErrNotRegistered` if the job was not registered
+// to receive notifications during `Create`. Internally, messages will be queued and there
+// is no worry of messages being dropped.
+func (job *JobObject) PollNotification() (interface{}, error) {
+ if job.mq == nil {
+ return nil, ErrNotRegistered
+ }
+ return job.mq.Dequeue()
+}
+
+// UpdateProcThreadAttribute updates the passed in ProcThreadAttributeList to contain what is necessary to
+// launch a process in a job at creation time. This can be used to avoid having to call Assign() after a process
+// has already started running.
+func (job *JobObject) UpdateProcThreadAttribute(attrList *windows.ProcThreadAttributeListContainer) error {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+
+ if err := attrList.Update(
+ winapi.PROC_THREAD_ATTRIBUTE_JOB_LIST,
+ unsafe.Pointer(&job.handle),
+ unsafe.Sizeof(job.handle),
+ ); err != nil {
+ return fmt.Errorf("failed to update proc thread attributes for job object: %w", err)
+ }
+
+ return nil
+}
+
+// Close closes the job object handle.
+func (job *JobObject) Close() error {
+ job.handleLock.Lock()
+ defer job.handleLock.Unlock()
+
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+
+ if err := windows.Close(job.handle); err != nil {
+ return err
+ }
+
+ if job.mq != nil {
+ job.mq.Close()
+ }
+ // Handles now invalid so if the map entry to receive notifications for this job still
+ // exists remove it so we can stop receiving notifications.
+ if _, ok := jobMap.Load(uintptr(job.handle)); ok {
+ jobMap.Delete(uintptr(job.handle))
+ }
+
+ job.handle = 0
+ return nil
+}
+
+// Assign assigns a process to the job object.
+func (job *JobObject) Assign(pid uint32) error {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+
+ if pid == 0 {
+ return errors.New("invalid pid: 0")
+ }
+ hProc, err := windows.OpenProcess(winapi.PROCESS_ALL_ACCESS, true, pid)
+ if err != nil {
+ return err
+ }
+ defer windows.Close(hProc)
+ return windows.AssignProcessToJobObject(job.handle, hProc)
+}
+
+// Terminate terminates the job, essentially calls TerminateProcess on every process in the
+// job.
+func (job *JobObject) Terminate(exitCode uint32) error {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+ return windows.TerminateJobObject(job.handle, exitCode)
+}
+
+// Pids returns all of the process IDs in the job object.
+func (job *JobObject) Pids() ([]uint32, error) {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return nil, ErrAlreadyClosed
+ }
+
+ info := winapi.JOBOBJECT_BASIC_PROCESS_ID_LIST{}
+ err := winapi.QueryInformationJobObject(
+ job.handle,
+ winapi.JobObjectBasicProcessIdList,
+ unsafe.Pointer(&info),
+ uint32(unsafe.Sizeof(info)),
+ nil,
+ )
+
+ // This is either the case where there is only one process or no processes in
+ // the job. Any other case will result in ERROR_MORE_DATA. Check if info.NumberOfProcessIdsInList
+ // is 1 and just return this, otherwise return an empty slice.
+ if err == nil {
+ if info.NumberOfProcessIdsInList == 1 {
+ return []uint32{uint32(info.ProcessIdList[0])}, nil
+ }
+ // Return empty slice instead of nil to play well with the caller of this.
+ // Do not return an error if no processes are running inside the job
+ return []uint32{}, nil
+ }
+
+ if err != winapi.ERROR_MORE_DATA {
+ return nil, fmt.Errorf("failed initial query for PIDs in job object: %w", err)
+ }
+
+ jobBasicProcessIDListSize := unsafe.Sizeof(info) + (unsafe.Sizeof(info.ProcessIdList[0]) * uintptr(info.NumberOfAssignedProcesses-1))
+ buf := make([]byte, jobBasicProcessIDListSize)
+ if err = winapi.QueryInformationJobObject(
+ job.handle,
+ winapi.JobObjectBasicProcessIdList,
+ unsafe.Pointer(&buf[0]),
+ uint32(len(buf)),
+ nil,
+ ); err != nil {
+ return nil, fmt.Errorf("failed to query for PIDs in job object: %w", err)
+ }
+
+ bufInfo := (*winapi.JOBOBJECT_BASIC_PROCESS_ID_LIST)(unsafe.Pointer(&buf[0]))
+ pids := make([]uint32, bufInfo.NumberOfProcessIdsInList)
+ for i, bufPid := range bufInfo.AllPids() {
+ pids[i] = uint32(bufPid)
+ }
+ return pids, nil
+}
+
+// QueryMemoryStats gets the memory stats for the job object.
+func (job *JobObject) QueryMemoryStats() (*winapi.JOBOBJECT_MEMORY_USAGE_INFORMATION, error) {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return nil, ErrAlreadyClosed
+ }
+
+ info := winapi.JOBOBJECT_MEMORY_USAGE_INFORMATION{}
+ if err := winapi.QueryInformationJobObject(
+ job.handle,
+ winapi.JobObjectMemoryUsageInformation,
+ unsafe.Pointer(&info),
+ uint32(unsafe.Sizeof(info)),
+ nil,
+ ); err != nil {
+ return nil, fmt.Errorf("failed to query for job object memory stats: %w", err)
+ }
+ return &info, nil
+}
+
+// QueryProcessorStats gets the processor stats for the job object.
+func (job *JobObject) QueryProcessorStats() (*winapi.JOBOBJECT_BASIC_ACCOUNTING_INFORMATION, error) {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return nil, ErrAlreadyClosed
+ }
+
+ info := winapi.JOBOBJECT_BASIC_ACCOUNTING_INFORMATION{}
+ if err := winapi.QueryInformationJobObject(
+ job.handle,
+ winapi.JobObjectBasicAccountingInformation,
+ unsafe.Pointer(&info),
+ uint32(unsafe.Sizeof(info)),
+ nil,
+ ); err != nil {
+ return nil, fmt.Errorf("failed to query for job object process stats: %w", err)
+ }
+ return &info, nil
+}
+
+// QueryStorageStats gets the storage (I/O) stats for the job object. This call will error
+// if either `EnableIOTracking` wasn't set to true on creation of the job, or SetIOTracking()
+// hasn't been called since creation of the job.
+func (job *JobObject) QueryStorageStats() (*winapi.JOBOBJECT_IO_ATTRIBUTION_INFORMATION, error) {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return nil, ErrAlreadyClosed
+ }
+
+ info := winapi.JOBOBJECT_IO_ATTRIBUTION_INFORMATION{
+ ControlFlags: winapi.JOBOBJECT_IO_ATTRIBUTION_CONTROL_ENABLE,
+ }
+ if err := winapi.QueryInformationJobObject(
+ job.handle,
+ winapi.JobObjectIoAttribution,
+ unsafe.Pointer(&info),
+ uint32(unsafe.Sizeof(info)),
+ nil,
+ ); err != nil {
+ return nil, fmt.Errorf("failed to query for job object storage stats: %w", err)
+ }
+ return &info, nil
+}
+
+// ApplyFileBinding makes a file binding using the Bind Filter from target to root. If the job has
+// not been upgraded to a silo this call will fail. The binding is only applied and visible for processes
+// running in the job, any processes on the host or in another job will not be able to see the binding.
+func (job *JobObject) ApplyFileBinding(root, target string, readOnly bool) error {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+
+ if !job.isSilo() {
+ return ErrNotSilo
+ }
+
+ // The parent directory needs to exist for the bind to work. MkdirAll stats and
+ // returns nil if the directory exists internally so we should be fine to mkdirall
+ // every time.
+ if err := os.MkdirAll(filepath.Dir(root), 0); err != nil {
+ return err
+ }
+
+ rootPtr, err := windows.UTF16PtrFromString(root)
+ if err != nil {
+ return err
+ }
+
+ targetPtr, err := windows.UTF16PtrFromString(target)
+ if err != nil {
+ return err
+ }
+
+ flags := winapi.BINDFLT_FLAG_USE_CURRENT_SILO_MAPPING
+ if readOnly {
+ flags |= winapi.BINDFLT_FLAG_READ_ONLY_MAPPING
+ }
+
+ if err := winapi.BfSetupFilter(
+ job.handle,
+ flags,
+ rootPtr,
+ targetPtr,
+ nil,
+ 0,
+ ); err != nil {
+ return fmt.Errorf("failed to bind target %q to root %q for job object: %w", target, root, err)
+ }
+ return nil
+}
+
+// isJobSilo is a helper to determine if a job object that was opened is a silo. This should ONLY be called
+// from `Open` and any callers in this package afterwards should use `job.isSilo()`
+func isJobSilo(h windows.Handle) bool {
+ // None of the information from the structure that this info class expects will be used, this is just used as
+ // the call will fail if the job hasn't been upgraded to a silo so we can use this to tell when we open a job
+ // if it's a silo or not. Because none of the info matters simply define a dummy struct with the size that the call
+ // expects which is 16 bytes.
+ type isSiloObj struct {
+ _ [16]byte
+ }
+ var siloInfo isSiloObj
+ err := winapi.QueryInformationJobObject(
+ h,
+ winapi.JobObjectSiloBasicInformation,
+ unsafe.Pointer(&siloInfo),
+ uint32(unsafe.Sizeof(siloInfo)),
+ nil,
+ )
+ return err == nil
+}
+
+// PromoteToSilo promotes a job object to a silo. There must be no running processess
+// in the job for this to succeed. If the job is already a silo this is a no-op.
+func (job *JobObject) PromoteToSilo() error {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+
+ if job.isSilo() {
+ return nil
+ }
+
+ pids, err := job.Pids()
+ if err != nil {
+ return err
+ }
+
+ if len(pids) != 0 {
+ return fmt.Errorf("job cannot have running processes to be promoted to a silo, found %d running processes", len(pids))
+ }
+
+ _, err = windows.SetInformationJobObject(
+ job.handle,
+ winapi.JobObjectCreateSilo,
+ 0,
+ 0,
+ )
+ if err != nil {
+ return fmt.Errorf("failed to promote job to silo: %w", err)
+ }
+
+ atomic.StoreUint32(&job.silo, 1)
+ return nil
+}
+
+// isSilo returns if the job object is a silo.
+func (job *JobObject) isSilo() bool {
+ return atomic.LoadUint32(&job.silo) == 1
+}
+
+// QueryPrivateWorkingSet returns the private working set size for the job. This is calculated by adding up the
+// private working set for every process running in the job.
+func (job *JobObject) QueryPrivateWorkingSet() (uint64, error) {
+ pids, err := job.Pids()
+ if err != nil {
+ return 0, err
+ }
+
+ openAndQueryWorkingSet := func(pid uint32) (uint64, error) {
+ h, err := windows.OpenProcess(windows.PROCESS_QUERY_LIMITED_INFORMATION, false, pid)
+ if err != nil {
+ // Continue to the next if OpenProcess doesn't return a valid handle (fails). Handles a
+ // case where one of the pids in the job exited before we open.
+ return 0, nil
+ }
+ defer func() {
+ _ = windows.Close(h)
+ }()
+ // Check if the process is actually running in the job still. There's a small chance
+ // that the process could have exited and had its pid re-used between grabbing the pids
+ // in the job and opening the handle to it above.
+ var inJob int32
+ if err := winapi.IsProcessInJob(h, job.handle, &inJob); err != nil {
+ // This shouldn't fail unless we have incorrect access rights which we control
+ // here so probably best to error out if this failed.
+ return 0, err
+ }
+ // Don't report stats for this process as it's not running in the job. This shouldn't be
+ // an error condition though.
+ if inJob == 0 {
+ return 0, nil
+ }
+
+ var vmCounters winapi.VM_COUNTERS_EX2
+ status := winapi.NtQueryInformationProcess(
+ h,
+ winapi.ProcessVmCounters,
+ unsafe.Pointer(&vmCounters),
+ uint32(unsafe.Sizeof(vmCounters)),
+ nil,
+ )
+ if !winapi.NTSuccess(status) {
+ return 0, fmt.Errorf("failed to query information for process: %w", winapi.RtlNtStatusToDosError(status))
+ }
+ return uint64(vmCounters.PrivateWorkingSetSize), nil
+ }
+
+ var jobWorkingSetSize uint64
+ for _, pid := range pids {
+ workingSet, err := openAndQueryWorkingSet(pid)
+ if err != nil {
+ return 0, err
+ }
+ jobWorkingSetSize += workingSet
+ }
+
+ return jobWorkingSetSize, nil
+}
+
+// SetIOTracking enables IO tracking for processes in the job object.
+// This enables use of the QueryStorageStats method.
+func (job *JobObject) SetIOTracking() error {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+
+ return enableIOTracking(job.handle)
+}
+
+func enableIOTracking(job windows.Handle) error {
+ info := winapi.JOBOBJECT_IO_ATTRIBUTION_INFORMATION{
+ ControlFlags: winapi.JOBOBJECT_IO_ATTRIBUTION_CONTROL_ENABLE,
+ }
+ if _, err := windows.SetInformationJobObject(
+ job,
+ winapi.JobObjectIoAttribution,
+ uintptr(unsafe.Pointer(&info)),
+ uint32(unsafe.Sizeof(info)),
+ ); err != nil {
+ return fmt.Errorf("failed to enable IO tracking on job object: %w", err)
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go
new file mode 100644
index 000000000..03f71d9a4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go
@@ -0,0 +1,317 @@
+//go:build windows
+
+package jobobject
+
+import (
+ "errors"
+ "fmt"
+ "unsafe"
+
+ "github.com/Microsoft/hcsshim/internal/winapi"
+ "golang.org/x/sys/windows"
+)
+
+const (
+ memoryLimitMax uint64 = 0xffffffffffffffff
+)
+
+func isFlagSet(flag, controlFlags uint32) bool {
+ return (flag & controlFlags) == flag
+}
+
+// SetResourceLimits sets resource limits on the job object (cpu, memory, storage).
+func (job *JobObject) SetResourceLimits(limits *JobLimits) error {
+ // Go through and check what limits were specified and apply them to the job.
+ if limits.MemoryLimitInBytes != 0 {
+ if err := job.SetMemoryLimit(limits.MemoryLimitInBytes); err != nil {
+ return fmt.Errorf("failed to set job object memory limit: %w", err)
+ }
+ }
+
+ if limits.CPULimit != 0 {
+ if err := job.SetCPULimit(RateBased, limits.CPULimit); err != nil {
+ return fmt.Errorf("failed to set job object cpu limit: %w", err)
+ }
+ } else if limits.CPUWeight != 0 {
+ if err := job.SetCPULimit(WeightBased, limits.CPUWeight); err != nil {
+ return fmt.Errorf("failed to set job object cpu limit: %w", err)
+ }
+ }
+
+ if limits.MaxBandwidth != 0 || limits.MaxIOPS != 0 {
+ if err := job.SetIOLimit(limits.MaxBandwidth, limits.MaxIOPS); err != nil {
+ return fmt.Errorf("failed to set io limit on job object: %w", err)
+ }
+ }
+ return nil
+}
+
+// SetTerminateOnLastHandleClose sets the job object flag that specifies that the job should terminate
+// all processes in the job on the last open handle being closed.
+func (job *JobObject) SetTerminateOnLastHandleClose() error {
+ info, err := job.getExtendedInformation()
+ if err != nil {
+ return err
+ }
+ info.BasicLimitInformation.LimitFlags |= windows.JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE
+ return job.setExtendedInformation(info)
+}
+
+// SetMemoryLimit sets the memory limit of the job object based on the given `memoryLimitInBytes`.
+func (job *JobObject) SetMemoryLimit(memoryLimitInBytes uint64) error {
+ if memoryLimitInBytes >= memoryLimitMax {
+ return errors.New("memory limit specified exceeds the max size")
+ }
+
+ info, err := job.getExtendedInformation()
+ if err != nil {
+ return err
+ }
+
+ info.JobMemoryLimit = uintptr(memoryLimitInBytes)
+ info.BasicLimitInformation.LimitFlags |= windows.JOB_OBJECT_LIMIT_JOB_MEMORY
+ return job.setExtendedInformation(info)
+}
+
+// GetMemoryLimit gets the memory limit in bytes of the job object.
+func (job *JobObject) GetMemoryLimit() (uint64, error) {
+ info, err := job.getExtendedInformation()
+ if err != nil {
+ return 0, err
+ }
+ return uint64(info.JobMemoryLimit), nil
+}
+
+// SetCPULimit sets the CPU limit depending on the specified `CPURateControlType` to
+// `rateControlValue` for the job object.
+func (job *JobObject) SetCPULimit(rateControlType CPURateControlType, rateControlValue uint32) error {
+ cpuInfo, err := job.getCPURateControlInformation()
+ if err != nil {
+ return err
+ }
+ switch rateControlType {
+ case WeightBased:
+ if rateControlValue < cpuWeightMin || rateControlValue > cpuWeightMax {
+ return fmt.Errorf("processor weight value of `%d` is invalid", rateControlValue)
+ }
+ cpuInfo.ControlFlags |= winapi.JOB_OBJECT_CPU_RATE_CONTROL_ENABLE | winapi.JOB_OBJECT_CPU_RATE_CONTROL_WEIGHT_BASED
+ cpuInfo.Value = rateControlValue
+ case RateBased:
+ if rateControlValue < cpuLimitMin || rateControlValue > cpuLimitMax {
+ return fmt.Errorf("processor rate of `%d` is invalid", rateControlValue)
+ }
+ cpuInfo.ControlFlags |= winapi.JOB_OBJECT_CPU_RATE_CONTROL_ENABLE | winapi.JOB_OBJECT_CPU_RATE_CONTROL_HARD_CAP
+ cpuInfo.Value = rateControlValue
+ default:
+ return errors.New("invalid job object cpu rate control type")
+ }
+ return job.setCPURateControlInfo(cpuInfo)
+}
+
+// GetCPULimit gets the cpu limits for the job object.
+// `rateControlType` is used to indicate what type of cpu limit to query for.
+func (job *JobObject) GetCPULimit(rateControlType CPURateControlType) (uint32, error) {
+ info, err := job.getCPURateControlInformation()
+ if err != nil {
+ return 0, err
+ }
+
+ if !isFlagSet(winapi.JOB_OBJECT_CPU_RATE_CONTROL_ENABLE, info.ControlFlags) {
+ return 0, errors.New("the job does not have cpu rate control enabled")
+ }
+
+ switch rateControlType {
+ case WeightBased:
+ if !isFlagSet(winapi.JOB_OBJECT_CPU_RATE_CONTROL_WEIGHT_BASED, info.ControlFlags) {
+ return 0, errors.New("cannot get cpu weight for job object without cpu weight option set")
+ }
+ case RateBased:
+ if !isFlagSet(winapi.JOB_OBJECT_CPU_RATE_CONTROL_HARD_CAP, info.ControlFlags) {
+ return 0, errors.New("cannot get cpu rate hard cap for job object without cpu rate hard cap option set")
+ }
+ default:
+ return 0, errors.New("invalid job object cpu rate control type")
+ }
+ return info.Value, nil
+}
+
+// SetCPUAffinity sets the processor affinity for the job object.
+// The affinity is passed in as a bitmask.
+func (job *JobObject) SetCPUAffinity(affinityBitMask uint64) error {
+ info, err := job.getExtendedInformation()
+ if err != nil {
+ return err
+ }
+ info.BasicLimitInformation.LimitFlags |= uint32(windows.JOB_OBJECT_LIMIT_AFFINITY)
+ info.BasicLimitInformation.Affinity = uintptr(affinityBitMask)
+ return job.setExtendedInformation(info)
+}
+
+// GetCPUAffinity gets the processor affinity for the job object.
+// The returned affinity is a bitmask.
+func (job *JobObject) GetCPUAffinity() (uint64, error) {
+ info, err := job.getExtendedInformation()
+ if err != nil {
+ return 0, err
+ }
+ return uint64(info.BasicLimitInformation.Affinity), nil
+}
+
+// SetIOLimit sets the IO limits specified on the job object.
+func (job *JobObject) SetIOLimit(maxBandwidth, maxIOPS int64) error {
+ ioInfo, err := job.getIOLimit()
+ if err != nil {
+ return err
+ }
+ ioInfo.ControlFlags |= winapi.JOB_OBJECT_IO_RATE_CONTROL_ENABLE
+ if maxBandwidth != 0 {
+ ioInfo.MaxBandwidth = maxBandwidth
+ }
+ if maxIOPS != 0 {
+ ioInfo.MaxIops = maxIOPS
+ }
+ return job.setIORateControlInfo(ioInfo)
+}
+
+// GetIOMaxBandwidthLimit gets the max bandwidth for the job object.
+func (job *JobObject) GetIOMaxBandwidthLimit() (int64, error) {
+ info, err := job.getIOLimit()
+ if err != nil {
+ return 0, err
+ }
+ return info.MaxBandwidth, nil
+}
+
+// GetIOMaxIopsLimit gets the max iops for the job object.
+func (job *JobObject) GetIOMaxIopsLimit() (int64, error) {
+ info, err := job.getIOLimit()
+ if err != nil {
+ return 0, err
+ }
+ return info.MaxIops, nil
+}
+
+// Helper function for getting a job object's extended information.
+func (job *JobObject) getExtendedInformation() (*windows.JOBOBJECT_EXTENDED_LIMIT_INFORMATION, error) {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return nil, ErrAlreadyClosed
+ }
+
+ info := windows.JOBOBJECT_EXTENDED_LIMIT_INFORMATION{}
+ if err := winapi.QueryInformationJobObject(
+ job.handle,
+ windows.JobObjectExtendedLimitInformation,
+ unsafe.Pointer(&info),
+ uint32(unsafe.Sizeof(info)),
+ nil,
+ ); err != nil {
+ return nil, fmt.Errorf("query %v returned error: %w", info, err)
+ }
+ return &info, nil
+}
+
+// Helper function for getting a job object's CPU rate control information.
+func (job *JobObject) getCPURateControlInformation() (*winapi.JOBOBJECT_CPU_RATE_CONTROL_INFORMATION, error) {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return nil, ErrAlreadyClosed
+ }
+
+ info := winapi.JOBOBJECT_CPU_RATE_CONTROL_INFORMATION{}
+ if err := winapi.QueryInformationJobObject(
+ job.handle,
+ windows.JobObjectCpuRateControlInformation,
+ unsafe.Pointer(&info),
+ uint32(unsafe.Sizeof(info)),
+ nil,
+ ); err != nil {
+ return nil, fmt.Errorf("query %v returned error: %w", info, err)
+ }
+ return &info, nil
+}
+
+// Helper function for setting a job object's extended information.
+func (job *JobObject) setExtendedInformation(info *windows.JOBOBJECT_EXTENDED_LIMIT_INFORMATION) error {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+
+ if _, err := windows.SetInformationJobObject(
+ job.handle,
+ windows.JobObjectExtendedLimitInformation,
+ uintptr(unsafe.Pointer(info)),
+ uint32(unsafe.Sizeof(*info)),
+ ); err != nil {
+ return fmt.Errorf("failed to set Extended info %v on job object: %w", info, err)
+ }
+ return nil
+}
+
+// Helper function for querying job handle for IO limit information.
+func (job *JobObject) getIOLimit() (*winapi.JOBOBJECT_IO_RATE_CONTROL_INFORMATION, error) {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return nil, ErrAlreadyClosed
+ }
+
+ ioInfo := &winapi.JOBOBJECT_IO_RATE_CONTROL_INFORMATION{}
+ var blockCount uint32 = 1
+
+ if _, err := winapi.QueryIoRateControlInformationJobObject(
+ job.handle,
+ nil,
+ &ioInfo,
+ &blockCount,
+ ); err != nil {
+ return nil, fmt.Errorf("query %v returned error: %w", ioInfo, err)
+ }
+
+ if !isFlagSet(winapi.JOB_OBJECT_IO_RATE_CONTROL_ENABLE, ioInfo.ControlFlags) {
+ return nil, fmt.Errorf("query %v cannot get IO limits for job object without IO rate control option set", ioInfo)
+ }
+ return ioInfo, nil
+}
+
+// Helper function for setting a job object's IO rate control information.
+func (job *JobObject) setIORateControlInfo(ioInfo *winapi.JOBOBJECT_IO_RATE_CONTROL_INFORMATION) error {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+
+ if _, err := winapi.SetIoRateControlInformationJobObject(job.handle, ioInfo); err != nil {
+ return fmt.Errorf("failed to set IO limit info %v on job object: %w", ioInfo, err)
+ }
+ return nil
+}
+
+// Helper function for setting a job object's CPU rate control information.
+func (job *JobObject) setCPURateControlInfo(cpuInfo *winapi.JOBOBJECT_CPU_RATE_CONTROL_INFORMATION) error {
+ job.handleLock.RLock()
+ defer job.handleLock.RUnlock()
+
+ if job.handle == 0 {
+ return ErrAlreadyClosed
+ }
+ if _, err := windows.SetInformationJobObject(
+ job.handle,
+ windows.JobObjectCpuRateControlInformation,
+ uintptr(unsafe.Pointer(cpuInfo)),
+ uint32(unsafe.Sizeof(cpuInfo)),
+ ); err != nil {
+ return fmt.Errorf("failed to set cpu limit info %v on job object: %w", cpuInfo, err)
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/log/context.go b/vendor/github.com/Microsoft/hcsshim/internal/log/context.go
new file mode 100644
index 000000000..d17d909d9
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/log/context.go
@@ -0,0 +1,118 @@
+package log
+
+import (
+ "context"
+
+ "github.com/sirupsen/logrus"
+ "go.opencensus.io/trace"
+)
+
+type entryContextKeyType int
+
+const _entryContextKey entryContextKeyType = iota
+
+var (
+ // L is the default, blank logging entry. WithField and co. all return a copy
+ // of the original entry, so this will not leak fields between calls.
+ //
+ // Do NOT modify fields directly, as that will corrupt state for all users and
+ // is not thread safe.
+ // Instead, use `L.With*` or `L.Dup()`. Or `G(context.Background())`.
+ L = logrus.NewEntry(logrus.StandardLogger())
+
+ // G is an alias for GetEntry
+ G = GetEntry
+
+ // S is an alias for SetEntry
+ S = SetEntry
+
+ // U is an alias for UpdateContext
+ U = UpdateContext
+)
+
+// GetEntry returns a `logrus.Entry` stored in the context, if one exists.
+// Otherwise, it returns a default entry that points to the current context.
+//
+// Note: if the a new entry is returned, it will reference the passed in context.
+// However, existing contexts may be stored in parent contexts and additionally reference
+// earlier contexts.
+// Use `UpdateContext` to update the entry and context.
+func GetEntry(ctx context.Context) *logrus.Entry {
+ entry := fromContext(ctx)
+
+ if entry == nil {
+ entry = L.WithContext(ctx)
+ }
+
+ return entry
+}
+
+// SetEntry updates the log entry in the context with the provided fields, and
+// returns both. It is equivalent to:
+//
+// entry := GetEntry(ctx).WithFields(fields)
+// ctx = WithContext(ctx, entry)
+//
+// See WithContext for more information.
+func SetEntry(ctx context.Context, fields logrus.Fields) (context.Context, *logrus.Entry) {
+ e := GetEntry(ctx)
+ if len(fields) > 0 {
+ e = e.WithFields(fields)
+ }
+ return WithContext(ctx, e)
+}
+
+// UpdateContext extracts the log entry from the context, and, if the entry's
+// context points to a parent's of the current context, ands the entry
+// to the most recent context. It is equivalent to:
+//
+// entry := GetEntry(ctx)
+// ctx = WithContext(ctx, entry)
+//
+// This allows the entry to reference the most recent context and any new
+// values (such as span contexts) added to it.
+//
+// See WithContext for more information.
+func UpdateContext(ctx context.Context) context.Context {
+ // there is no way to check its ctx (and not one of its parents) that contains `e`
+ // so, at a slight cost, force add `e` to the context
+ ctx, _ = WithContext(ctx, GetEntry(ctx))
+ return ctx
+}
+
+// WithContext returns a context that contains the provided log entry.
+// The entry can be extracted with `GetEntry` (`G`)
+//
+// The entry in the context is a copy of `entry` (generated by `entry.WithContext`)
+func WithContext(ctx context.Context, entry *logrus.Entry) (context.Context, *logrus.Entry) {
+ // regardless of the order, entry.Context != GetEntry(ctx)
+ // here, the returned entry will reference the supplied context
+ entry = entry.WithContext(ctx)
+ ctx = context.WithValue(ctx, _entryContextKey, entry)
+
+ return ctx, entry
+}
+
+// Copy extracts the tracing Span and logging entry from the src Context, if they
+// exist, and adds them to the dst Context.
+//
+// This is useful to share tracing and logging between contexts, but not the
+// cancellation. For example, if the src Context has been cancelled but cleanup
+// operations triggered by the cancellation require a non-cancelled context to
+// execute.
+func Copy(dst context.Context, src context.Context) context.Context {
+ if s := trace.FromContext(src); s != nil {
+ dst = trace.NewContext(dst, s)
+ }
+
+ if e := fromContext(src); e != nil {
+ dst, _ = WithContext(dst, e)
+ }
+
+ return dst
+}
+
+func fromContext(ctx context.Context) *logrus.Entry {
+ e, _ := ctx.Value(_entryContextKey).(*logrus.Entry)
+ return e
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/log/format.go b/vendor/github.com/Microsoft/hcsshim/internal/log/format.go
new file mode 100644
index 000000000..6d69c15b9
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/log/format.go
@@ -0,0 +1,114 @@
+package log
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "net"
+ "reflect"
+ "time"
+
+ "github.com/sirupsen/logrus"
+ "google.golang.org/protobuf/encoding/protojson"
+ "google.golang.org/protobuf/proto"
+)
+
+// TimeFormat is [time.RFC3339Nano] with nanoseconds padded using
+// zeros to ensure the formatted time is always the same number of
+// characters.
+// Based on RFC3339NanoFixed from github.com/containerd/log
+const TimeFormat = "2006-01-02T15:04:05.000000000Z07:00"
+
+func FormatTime(t time.Time) string {
+ return t.Format(TimeFormat)
+}
+
+// DurationFormat formats a [time.Duration] log entry.
+//
+// A nil value signals an error with the formatting.
+type DurationFormat func(time.Duration) interface{}
+
+func DurationFormatString(d time.Duration) interface{} { return d.String() }
+func DurationFormatSeconds(d time.Duration) interface{} { return d.Seconds() }
+func DurationFormatMilliseconds(d time.Duration) interface{} { return d.Milliseconds() }
+
+// FormatIO formats net.Conn and other types that have an `Addr()` or `Name()`.
+//
+// See FormatEnabled for more information.
+func FormatIO(ctx context.Context, v interface{}) string {
+ m := make(map[string]string)
+ m["type"] = reflect.TypeOf(v).String()
+
+ switch t := v.(type) {
+ case net.Conn:
+ m["localAddress"] = formatAddr(t.LocalAddr())
+ m["remoteAddress"] = formatAddr(t.RemoteAddr())
+ case interface{ Addr() net.Addr }:
+ m["address"] = formatAddr(t.Addr())
+ default:
+ return Format(ctx, t)
+ }
+
+ return Format(ctx, m)
+}
+
+func formatAddr(a net.Addr) string {
+ return a.Network() + "://" + a.String()
+}
+
+// Format formats an object into a JSON string, without any indendtation or
+// HTML escapes.
+// Context is used to output a log waring if the conversion fails.
+//
+// This is intended primarily for `trace.StringAttribute()`
+func Format(ctx context.Context, v interface{}) string {
+ b, err := encode(v)
+ if err != nil {
+ // logging errors aren't really warning worthy, and can potentially spam a lot of logs out
+ G(ctx).WithFields(logrus.Fields{
+ logrus.ErrorKey: err,
+ "type": fmt.Sprintf("%T", v),
+ }).Debug("could not format value")
+ return ""
+ }
+
+ return string(b)
+}
+
+func encode(v interface{}) (_ []byte, err error) {
+ if m, ok := v.(proto.Message); ok {
+ // use canonical JSON encoding for protobufs (instead of [encoding/json])
+ // https://protobuf.dev/programming-guides/proto3/#json
+ var b []byte
+ b, err = protojson.MarshalOptions{
+ AllowPartial: true,
+ // protobuf defaults to camel case for JSON encoding; use proto field name instead (snake case)
+ UseProtoNames: true,
+ }.Marshal(m)
+ if err == nil {
+ // the protojson marshaller tries to unmarshal anypb.Any fields, which can
+ // fail for types encoded with "github.com/containerd/typeurl/v2"
+ // we can try creating a dedicated protoregistry.MessageTypeResolver that uses typeurl, but, its
+ // more robust to fall back on json marshalling for errors in general
+ return b, nil
+ }
+
+ }
+
+ buf := &bytes.Buffer{}
+ enc := json.NewEncoder(buf)
+ enc.SetEscapeHTML(false)
+ enc.SetIndent("", "")
+
+ if jErr := enc.Encode(v); jErr != nil {
+ if err != nil {
+ // TODO (go1.20): use multierror via fmt.Errorf("...: %w; ...: %w", ...)
+ return nil, fmt.Errorf("protojson encoding: %v; json encoding: %w", err, jErr)
+ }
+ return nil, fmt.Errorf("json encoding: %w", jErr)
+ }
+
+ // encoder.Encode appends a newline to the end
+ return bytes.TrimSpace(buf.Bytes()), nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/log/hook.go b/vendor/github.com/Microsoft/hcsshim/internal/log/hook.go
new file mode 100644
index 000000000..bb547a329
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/log/hook.go
@@ -0,0 +1,173 @@
+package log
+
+import (
+ "bytes"
+ "reflect"
+ "time"
+
+ "github.com/Microsoft/hcsshim/internal/logfields"
+ "github.com/sirupsen/logrus"
+ "go.opencensus.io/trace"
+)
+
+const nullString = "null"
+
+// Hook intercepts and formats a [logrus.Entry] before it logged.
+//
+// The shim either outputs the logs through an ETW hook, discarding the (formatted) output
+// or logs output to a pipe for logging binaries to consume.
+// The Linux GCS outputs logrus entries over stdout, which is then consumed and re-output
+// by the shim.
+type Hook struct {
+ // EncodeAsJSON formats structs, maps, arrays, slices, and [bytes.Buffer] as JSON.
+ // Variables of [bytes.Buffer] will be converted to []byte.
+ //
+ // Default is false.
+ EncodeAsJSON bool
+
+ // FormatTime specifies the format for [time.Time] variables.
+ // An empty string disables formatting.
+ // When disabled, the fall back will the JSON encoding, if enabled.
+ //
+ // Default is [TimeFormat].
+ TimeFormat string
+
+ // Duration format converts a [time.Duration] fields to an appropriate encoding.
+ // nil disables formatting.
+ // When disabled, the fall back will the JSON encoding, if enabled.
+ //
+ // Default is [DurationFormatString], which appends a duration unit after the value.
+ DurationFormat DurationFormat
+
+ // AddSpanContext adds [logfields.TraceID] and [logfields.SpanID] fields to
+ // the entry from the span context stored in [logrus.Entry.Context], if it exists.
+ AddSpanContext bool
+}
+
+var _ logrus.Hook = &Hook{}
+
+func NewHook() *Hook {
+ return &Hook{
+ TimeFormat: TimeFormat,
+ DurationFormat: DurationFormatString,
+ AddSpanContext: true,
+ }
+}
+
+func (h *Hook) Levels() []logrus.Level {
+ return logrus.AllLevels
+}
+
+func (h *Hook) Fire(e *logrus.Entry) (err error) {
+ // JSON encode, if necessary, then add span information
+ h.encode(e)
+ h.addSpanContext(e)
+
+ return nil
+}
+
+// encode loops through all the fields in the [logrus.Entry] and encodes them according to
+// the settings in [Hook].
+// If [Hook.TimeFormat] is non-empty, it will be passed to [time.Time.Format] for
+// fields of type [time.Time].
+//
+// If [Hook.EncodeAsJSON] is true, then fields that are not numeric, boolean, strings, or
+// errors will be encoded via a [json.Marshal] (with HTML escaping disabled).
+// Chanel- and function-typed fields, as well as unsafe pointers are left alone and not encoded.
+//
+// If [Hook.TimeFormat] and [Hook.DurationFormat] are empty and [Hook.EncodeAsJSON] is false,
+// then this is a no-op.
+func (h *Hook) encode(e *logrus.Entry) {
+ d := e.Data
+
+ formatTime := h.TimeFormat != ""
+ formatDuration := h.DurationFormat != nil
+ if !(h.EncodeAsJSON || formatTime || formatDuration) {
+ return
+ }
+
+ for k, v := range d {
+ // encode types with dedicated formatting options first
+
+ if vv, ok := v.(time.Time); formatTime && ok {
+ d[k] = vv.Format(h.TimeFormat)
+ continue
+ }
+
+ if vv, ok := v.(time.Duration); formatDuration && ok {
+ d[k] = h.DurationFormat(vv)
+ continue
+ }
+
+ // general case JSON encoding
+
+ if !h.EncodeAsJSON {
+ continue
+ }
+
+ switch vv := v.(type) {
+ // built in types
+ // "json" marshals errors as "{}", so leave alone here
+ case bool, string, error, uintptr,
+ int8, int16, int32, int64, int,
+ uint8, uint32, uint64, uint,
+ float32, float64:
+ continue
+
+ // Rather than setting d[k] = vv.String(), JSON encode []byte value, since it
+ // may be a binary payload and not representable as a string.
+ // `case bytes.Buffer,*bytes.Buffer:` resolves `vv` to `interface{}`,
+ // so cannot use `vv.Bytes`.
+ // Could move to below the `reflect.Indirect()` call below, but
+ // that would require additional typematching and dereferencing.
+ // Easier to keep these duplicate branches here.
+ case bytes.Buffer:
+ v = vv.Bytes()
+ case *bytes.Buffer:
+ v = vv.Bytes()
+ }
+
+ // dereference pointer or interface variables
+ rv := reflect.Indirect(reflect.ValueOf(v))
+ // check if `v` is a null pointer
+ if !rv.IsValid() {
+ d[k] = nullString
+ continue
+ }
+
+ switch rv.Kind() {
+ case reflect.Map, reflect.Struct, reflect.Array, reflect.Slice:
+ default:
+ // Bool, [U]?Int*, Float*, Complex*, Uintptr, String: encoded as normal
+ // Chan, Func: not supported by json
+ // Interface, Pointer: dereferenced above
+ // UnsafePointer: not supported by json, not safe to de-reference; leave alone
+ continue
+ }
+
+ b, err := encode(v)
+ if err != nil {
+ // Errors are written to stderr (ie, to `panic.log`) and stops the remaining
+ // hooks (ie, exporting to ETW) from firing. So add encoding errors to
+ // the entry data to be written out, but keep on processing.
+ d[k+"-"+logrus.ErrorKey] = err.Error()
+ // keep the original `v` as the value,
+ continue
+ }
+ d[k] = string(b)
+ }
+}
+
+func (h *Hook) addSpanContext(e *logrus.Entry) {
+ ctx := e.Context
+ if !h.AddSpanContext || ctx == nil {
+ return
+ }
+ span := trace.FromContext(ctx)
+ if span == nil {
+ return
+ }
+ sctx := span.SpanContext()
+ e.Data[logfields.TraceID] = sctx.TraceID.String()
+ e.Data[logfields.SpanID] = sctx.SpanID.String()
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/log/nopformatter.go b/vendor/github.com/Microsoft/hcsshim/internal/log/nopformatter.go
new file mode 100644
index 000000000..909ba68b2
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/log/nopformatter.go
@@ -0,0 +1,12 @@
+package log
+
+import (
+ "github.com/sirupsen/logrus"
+)
+
+type NopFormatter struct{}
+
+var _ logrus.Formatter = NopFormatter{}
+
+// Format does nothing and returns a nil slice.
+func (NopFormatter) Format(*logrus.Entry) ([]byte, error) { return nil, nil }
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/log/scrub.go b/vendor/github.com/Microsoft/hcsshim/internal/log/scrub.go
new file mode 100644
index 000000000..5a960e0d3
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/log/scrub.go
@@ -0,0 +1,184 @@
+package log
+
+import (
+ "bytes"
+ "encoding/json"
+ "errors"
+ "sync/atomic"
+
+ hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
+)
+
+// This package scrubs objects of potentially sensitive information to pass to logging
+
+type genMap = map[string]interface{}
+type scrubberFunc func(genMap) error
+
+const _scrubbedReplacement = ""
+
+var (
+ ErrUnknownType = errors.New("encoded object is of unknown type")
+
+ // case sensitive keywords, so "env" is not a substring on "Environment"
+ _scrubKeywords = [][]byte{[]byte("env"), []byte("Environment")}
+
+ _scrub int32
+)
+
+// SetScrubbing enables scrubbing
+func SetScrubbing(enable bool) {
+ v := int32(0) // cant convert from bool to int32 directly
+ if enable {
+ v = 1
+ }
+ atomic.StoreInt32(&_scrub, v)
+}
+
+// IsScrubbingEnabled checks if scrubbing is enabled
+func IsScrubbingEnabled() bool {
+ v := atomic.LoadInt32(&_scrub)
+ return v != 0
+}
+
+// ScrubProcessParameters scrubs HCS Create Process requests with config parameters of
+// type internal/hcs/schema2.ScrubProcessParameters (aka hcsshema.ScrubProcessParameters)
+func ScrubProcessParameters(s string) (string, error) {
+ // todo: deal with v1 ProcessConfig
+ b := []byte(s)
+ if !IsScrubbingEnabled() || !hasKeywords(b) || !json.Valid(b) {
+ return s, nil
+ }
+
+ pp := hcsschema.ProcessParameters{}
+ if err := json.Unmarshal(b, &pp); err != nil {
+ return "", err
+ }
+ pp.Environment = map[string]string{_scrubbedReplacement: _scrubbedReplacement}
+
+ b, err := encode(pp)
+ if err != nil {
+ return "", err
+ }
+ return string(b), nil
+}
+
+// ScrubBridgeCreate scrubs requests sent over the bridge of type
+// internal/gcs/protocol.containerCreate wrapping an internal/hcsoci.linuxHostedSystem
+func ScrubBridgeCreate(b []byte) ([]byte, error) {
+ return scrubBytes(b, scrubBridgeCreate)
+}
+
+func scrubBridgeCreate(m genMap) error {
+ if !isRequestBase(m) {
+ return ErrUnknownType
+ }
+ if ss, ok := m["ContainerConfig"]; ok {
+ // ContainerConfig is a json encoded struct passed as a regular string field
+ s, ok := ss.(string)
+ if !ok {
+ return ErrUnknownType
+ }
+ b, err := scrubBytes([]byte(s), scrubLinuxHostedSystem)
+ if err != nil {
+ return err
+ }
+ m["ContainerConfig"] = string(b)
+ return nil
+ }
+ return ErrUnknownType
+}
+
+func scrubLinuxHostedSystem(m genMap) error {
+ if m, ok := index(m, "OciSpecification"); ok { //nolint:govet // shadow
+ if _, ok := m["annotations"]; ok {
+ m["annotations"] = map[string]string{_scrubbedReplacement: _scrubbedReplacement}
+ }
+ if m, ok := index(m, "process"); ok { //nolint:govet // shadow
+ if _, ok := m["env"]; ok {
+ m["env"] = []string{_scrubbedReplacement}
+ return nil
+ }
+ }
+ }
+ return ErrUnknownType
+}
+
+// ScrubBridgeExecProcess scrubs requests sent over the bridge of type
+// internal/gcs/protocol.containerExecuteProcess
+func ScrubBridgeExecProcess(b []byte) ([]byte, error) {
+ return scrubBytes(b, scrubExecuteProcess)
+}
+
+func scrubExecuteProcess(m genMap) error {
+ if !isRequestBase(m) {
+ return ErrUnknownType
+ }
+ if m, ok := index(m, "Settings"); ok { //nolint:govet // shadow
+ if ss, ok := m["ProcessParameters"]; ok {
+ // ProcessParameters is a json encoded struct passed as a regular sting field
+ s, ok := ss.(string)
+ if !ok {
+ return ErrUnknownType
+ }
+
+ s, err := ScrubProcessParameters(s)
+ if err != nil {
+ return err
+ }
+
+ m["ProcessParameters"] = s
+ return nil
+ }
+ }
+ return ErrUnknownType
+}
+
+func scrubBytes(b []byte, scrub scrubberFunc) ([]byte, error) {
+ if !IsScrubbingEnabled() || !hasKeywords(b) || !json.Valid(b) {
+ return b, nil
+ }
+
+ m := make(genMap)
+ if err := json.Unmarshal(b, &m); err != nil {
+ return nil, err
+ }
+
+ // could use regexp, but if the env strings contain braces, the regexp fails
+ // parsing into individual structs would require access to private structs
+ if err := scrub(m); err != nil {
+ return nil, err
+ }
+
+ b, err := encode(m)
+ if err != nil {
+ return nil, err
+ }
+
+ return b, nil
+}
+
+func isRequestBase(m genMap) bool {
+ // neither of these are (currently) `omitempty`
+ _, a := m["ActivityId"]
+ _, c := m["ContainerId"]
+ return a && c
+}
+
+// combination `m, ok := m[s]` and `m, ok := m.(genMap)`
+func index(m genMap, s string) (genMap, bool) {
+ if m, ok := m[s]; ok {
+ mm, ok := m.(genMap)
+ return mm, ok
+ }
+
+ return m, false
+}
+
+func hasKeywords(b []byte) bool {
+ for _, bb := range _scrubKeywords {
+ if bytes.Contains(b, bb) {
+ return true
+ }
+ }
+ return false
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go b/vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go
new file mode 100644
index 000000000..3e175e522
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go
@@ -0,0 +1,61 @@
+package logfields
+
+const (
+ // Identifiers
+
+ Name = "name"
+ Namespace = "namespace"
+ Operation = "operation"
+
+ ID = "id"
+ SandboxID = "sid"
+ ContainerID = "cid"
+ ExecID = "eid"
+ ProcessID = "pid"
+ TaskID = "tid"
+ UVMID = "uvm-id"
+
+ // networking and IO
+
+ File = "file"
+ Path = "path"
+ Bytes = "bytes"
+ Pipe = "pipe"
+
+ // Common Misc
+
+ Attempt = "attemptNo"
+ JSON = "json"
+
+ // Time
+
+ StartTime = "startTime"
+ EndTime = "endTime"
+ Duration = "duration"
+ Timeout = "timeout"
+
+ // Keys/values
+
+ Field = "field"
+ Key = "key"
+ OCIAnnotation = "oci-annotation"
+ Value = "value"
+ Options = "options"
+
+ // Golang type's
+
+ ExpectedType = "expected-type"
+ Bool = "bool"
+ Uint32 = "uint32"
+ Uint64 = "uint64"
+
+ // runhcs
+
+ VMShimOperation = "vmshim-op"
+
+ // logging and tracing
+
+ TraceID = "traceID"
+ SpanID = "spanID"
+ ParentSpanID = "parentSpanID"
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/longpath/longpath.go b/vendor/github.com/Microsoft/hcsshim/internal/longpath/longpath.go
new file mode 100644
index 000000000..e5b8b85e0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/longpath/longpath.go
@@ -0,0 +1,24 @@
+package longpath
+
+import (
+ "path/filepath"
+ "strings"
+)
+
+// LongAbs makes a path absolute and returns it in NT long path form.
+func LongAbs(path string) (string, error) {
+ if strings.HasPrefix(path, `\\?\`) || strings.HasPrefix(path, `\\.\`) {
+ return path, nil
+ }
+ if !filepath.IsAbs(path) {
+ absPath, err := filepath.Abs(path)
+ if err != nil {
+ return "", err
+ }
+ path = absPath
+ }
+ if strings.HasPrefix(path, `\\`) {
+ return `\\?\UNC\` + path[2:], nil
+ }
+ return `\\?\` + path, nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/memory/pool.go b/vendor/github.com/Microsoft/hcsshim/internal/memory/pool.go
new file mode 100644
index 000000000..1ef5814d7
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/memory/pool.go
@@ -0,0 +1,316 @@
+package memory
+
+import (
+ "github.com/pkg/errors"
+)
+
+const (
+ minimumClassSize = MiB
+ maximumClassSize = 4 * GiB
+ memoryClassNumber = 7
+)
+
+var (
+ ErrInvalidMemoryClass = errors.New("invalid memory class")
+ ErrEarlyMerge = errors.New("not all children have been freed")
+ ErrEmptyPoolOperation = errors.New("operation on empty pool")
+)
+
+// GetMemoryClassType returns the minimum memory class type that can hold a device of
+// a given size. The smallest class is 1MB and the largest one is 4GB with 2 bit offset
+// intervals in between, for a total of 7 different classes. This function does not
+// do a validity check
+func GetMemoryClassType(s uint64) classType {
+ s = (s - 1) >> 20
+ memCls := uint32(0)
+ for s > 0 {
+ s = s >> 2
+ memCls++
+ }
+ return classType(memCls)
+}
+
+// GetMemoryClassSize returns size in bytes for a given memory class
+func GetMemoryClassSize(memCls classType) (uint64, error) {
+ if memCls >= memoryClassNumber {
+ return 0, ErrInvalidMemoryClass
+ }
+ return minimumClassSize << (2 * memCls), nil
+}
+
+// region represents a contiguous memory block
+type region struct {
+ // parent region that has been split into 4
+ parent *region
+ class classType
+ // offset represents offset in bytes
+ offset uint64
+}
+
+// memoryPool tracks free and busy (used) memory regions
+type memoryPool struct {
+ free map[uint64]*region
+ busy map[uint64]*region
+}
+
+// PoolAllocator implements a memory allocation strategy similar to buddy-malloc https://github.com/evanw/buddy-malloc/blob/master/buddy-malloc.c
+// We borrow the idea of spanning a tree of fixed size regions on top of a contiguous memory
+// space.
+//
+// There are a total of 7 different region sizes that can be allocated, with the smallest
+// being 1MB and the largest 4GB (the default maximum size of a Virtual PMem device).
+//
+// For efficiency and to reduce fragmentation an entire region is allocated when requested.
+// When there's no available region of requested size, we try to allocate more memory for
+// this particular size by splitting the next available larger region into smaller ones, e.g.
+// if there's no region available for size class 0, we try splitting a region from class 1,
+// then class 2 etc, until we are able to do so or hit the upper limit.
+type PoolAllocator struct {
+ pools [memoryClassNumber]*memoryPool
+}
+
+var _ MappedRegion = ®ion{}
+var _ Allocator = &PoolAllocator{}
+
+func (r *region) Offset() uint64 {
+ return r.offset
+}
+
+func (r *region) Size() uint64 {
+ sz, err := GetMemoryClassSize(r.class)
+ if err != nil {
+ panic(err)
+ }
+ return sz
+}
+
+func (r *region) Type() classType {
+ return r.class
+}
+
+func newEmptyMemoryPool() *memoryPool {
+ return &memoryPool{
+ free: make(map[uint64]*region),
+ busy: make(map[uint64]*region),
+ }
+}
+
+func NewPoolMemoryAllocator() PoolAllocator {
+ pa := PoolAllocator{}
+ p := newEmptyMemoryPool()
+ // by default we allocate a single region with maximum possible size (class type)
+ p.free[0] = ®ion{
+ class: memoryClassNumber - 1,
+ offset: 0,
+ }
+ pa.pools[memoryClassNumber-1] = p
+ return pa
+}
+
+// Allocate checks memory region pool for the given `size` and returns a free region with
+// minimal offset, if none available tries expanding matched memory pool.
+//
+// Internally it's done via moving a region from free pool into a busy pool
+func (pa *PoolAllocator) Allocate(size uint64) (MappedRegion, error) {
+ memCls := GetMemoryClassType(size)
+ if memCls >= memoryClassNumber {
+ return nil, ErrInvalidMemoryClass
+ }
+
+ // find region with the smallest offset
+ nextCls, nextOffset, err := pa.findNextOffset(memCls)
+ if err != nil {
+ return nil, err
+ }
+
+ // this means that there are no more regions for the current class, try expanding
+ if nextCls != memCls {
+ if err := pa.split(memCls); err != nil {
+ if err == ErrInvalidMemoryClass {
+ return nil, ErrNotEnoughSpace
+ }
+ return nil, err
+ }
+ }
+
+ if err := pa.markBusy(memCls, nextOffset); err != nil {
+ return nil, err
+ }
+
+ // by this point memory pool for memCls should have been created,
+ // either prior or during split call
+ if r := pa.pools[memCls].busy[nextOffset]; r != nil {
+ return r, nil
+ }
+
+ return nil, ErrNotEnoughSpace
+}
+
+// Release marks a memory region of class `memCls` and offset `offset` as free and tries to merge smaller regions into
+// a bigger one
+func (pa *PoolAllocator) Release(reg MappedRegion) error {
+ mp := pa.pools[reg.Type()]
+ if mp == nil {
+ return ErrEmptyPoolOperation
+ }
+
+ err := pa.markFree(reg.Type(), reg.Offset())
+ if err != nil {
+ return err
+ }
+
+ n := mp.free[reg.Offset()]
+ if n == nil {
+ return ErrNotAllocated
+ }
+ if err := pa.merge(n.parent); err != nil {
+ if err != ErrEarlyMerge {
+ return err
+ }
+ }
+ return nil
+}
+
+// findNextOffset finds next region location for a given memCls
+func (pa *PoolAllocator) findNextOffset(memCls classType) (classType, uint64, error) {
+ for mc := memCls; mc < memoryClassNumber; mc++ {
+ pi := pa.pools[mc]
+ if pi == nil || len(pi.free) == 0 {
+ continue
+ }
+
+ target := uint64(maximumClassSize)
+ for offset := range pi.free {
+ if offset < target {
+ target = offset
+ }
+ }
+ return mc, target, nil
+ }
+ return 0, 0, ErrNotEnoughSpace
+}
+
+// split tries to recursively split a bigger memory region into smaller ones until it succeeds or hits the upper limit
+func (pa *PoolAllocator) split(clsType classType) error {
+ nextClsType := clsType + 1
+ if nextClsType >= memoryClassNumber {
+ return ErrInvalidMemoryClass
+ }
+
+ nextPool := pa.pools[nextClsType]
+ if nextPool == nil {
+ nextPool = newEmptyMemoryPool()
+ pa.pools[nextClsType] = nextPool
+ }
+
+ cls, offset, err := pa.findNextOffset(nextClsType)
+ if err != nil {
+ return err
+ }
+ // not enough memory in the next class, try to recursively expand
+ if cls != nextClsType {
+ if err := pa.split(nextClsType); err != nil {
+ return err
+ }
+ }
+
+ if err := pa.markBusy(nextClsType, offset); err != nil {
+ return err
+ }
+
+ // memCls validity has been checked already, we can ignore the error
+ clsSize, _ := GetMemoryClassSize(clsType)
+
+ nextReg := nextPool.busy[offset]
+ if nextReg == nil {
+ return ErrNotAllocated
+ }
+
+ // expand memCls
+ cp := pa.pools[clsType]
+ if cp == nil {
+ cp = newEmptyMemoryPool()
+ pa.pools[clsType] = cp
+ }
+ // create 4 smaller regions
+ for i := uint64(0); i < 4; i++ {
+ offset := nextReg.offset + i*clsSize
+ reg := ®ion{
+ parent: nextReg,
+ class: clsType,
+ offset: offset,
+ }
+ cp.free[offset] = reg
+ }
+ return nil
+}
+
+func (pa *PoolAllocator) merge(parent *region) error {
+ // nothing to merge
+ if parent == nil {
+ return nil
+ }
+
+ childCls := parent.class - 1
+ childPool := pa.pools[childCls]
+ // no child nodes to merge, try to merge parent
+ if childPool == nil {
+ return pa.merge(parent.parent)
+ }
+
+ childSize, err := GetMemoryClassSize(childCls)
+ if err != nil {
+ return err
+ }
+
+ // check if all the child nodes are free
+ var children []*region
+ for i := uint64(0); i < 4; i++ {
+ child, free := childPool.free[parent.offset+i*childSize]
+ if !free {
+ return ErrEarlyMerge
+ }
+ children = append(children, child)
+ }
+
+ // at this point all the child nodes will be free and we can merge
+ for _, child := range children {
+ delete(childPool.free, child.offset)
+ }
+
+ if err := pa.markFree(parent.class, parent.offset); err != nil {
+ return err
+ }
+
+ return pa.merge(parent.parent)
+}
+
+// markFree internally moves a region with `offset` from busy to free map
+func (pa *PoolAllocator) markFree(memCls classType, offset uint64) error {
+ clsPool := pa.pools[memCls]
+ if clsPool == nil {
+ return ErrEmptyPoolOperation
+ }
+
+ if reg, exists := clsPool.busy[offset]; exists {
+ clsPool.free[offset] = reg
+ delete(clsPool.busy, offset)
+ return nil
+ }
+ return ErrNotAllocated
+}
+
+// markBusy internally moves a region with `offset` from free to busy map
+func (pa *PoolAllocator) markBusy(memCls classType, offset uint64) error {
+ clsPool := pa.pools[memCls]
+ if clsPool == nil {
+ return ErrEmptyPoolOperation
+ }
+
+ if reg, exists := clsPool.free[offset]; exists {
+ clsPool.busy[offset] = reg
+ delete(clsPool.free, offset)
+ return nil
+ }
+ return ErrNotAllocated
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/memory/types.go b/vendor/github.com/Microsoft/hcsshim/internal/memory/types.go
new file mode 100644
index 000000000..d6cdb8cc4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/memory/types.go
@@ -0,0 +1,28 @@
+package memory
+
+import "github.com/pkg/errors"
+
+type classType uint32
+
+const (
+ MiB = 1024 * 1024
+ GiB = 1024 * MiB
+)
+
+var (
+ ErrNotEnoughSpace = errors.New("not enough space")
+ ErrNotAllocated = errors.New("no memory allocated at the given offset")
+)
+
+// MappedRegion represents a memory block with an offset
+type MappedRegion interface {
+ Offset() uint64
+ Size() uint64
+ Type() classType
+}
+
+// Allocator is an interface for memory allocation
+type Allocator interface {
+ Allocate(uint64) (MappedRegion, error)
+ Release(MappedRegion) error
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/mergemaps/merge.go b/vendor/github.com/Microsoft/hcsshim/internal/mergemaps/merge.go
new file mode 100644
index 000000000..7e95efb30
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/mergemaps/merge.go
@@ -0,0 +1,52 @@
+package mergemaps
+
+import "encoding/json"
+
+// Merge recursively merges map `fromMap` into map `ToMap`. Any pre-existing values
+// in ToMap are overwritten. Values in fromMap are added to ToMap.
+// From http://stackoverflow.com/questions/40491438/merging-two-json-strings-in-golang
+func Merge(fromMap, ToMap interface{}) interface{} {
+ switch fromMap := fromMap.(type) {
+ case map[string]interface{}:
+ ToMap, ok := ToMap.(map[string]interface{})
+ if !ok {
+ return fromMap
+ }
+ for keyToMap, valueToMap := range ToMap {
+ if valueFromMap, ok := fromMap[keyToMap]; ok {
+ fromMap[keyToMap] = Merge(valueFromMap, valueToMap)
+ } else {
+ fromMap[keyToMap] = valueToMap
+ }
+ }
+ case nil:
+ // merge(nil, map[string]interface{...}) -> map[string]interface{...}
+ ToMap, ok := ToMap.(map[string]interface{})
+ if ok {
+ return ToMap
+ }
+ }
+ return fromMap
+}
+
+// MergeJSON merges the contents of a JSON string into an object representation,
+// returning a new object suitable for translating to JSON.
+func MergeJSON(object interface{}, additionalJSON []byte) (interface{}, error) {
+ if len(additionalJSON) == 0 {
+ return object, nil
+ }
+ objectJSON, err := json.Marshal(object)
+ if err != nil {
+ return nil, err
+ }
+ var objectMap, newMap map[string]interface{}
+ err = json.Unmarshal(objectJSON, &objectMap)
+ if err != nil {
+ return nil, err
+ }
+ err = json.Unmarshal(additionalJSON, &newMap)
+ if err != nil {
+ return nil, err
+ }
+ return Merge(newMap, objectMap), nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/oc/errors.go b/vendor/github.com/Microsoft/hcsshim/internal/oc/errors.go
new file mode 100644
index 000000000..71df25b8d
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/oc/errors.go
@@ -0,0 +1,69 @@
+package oc
+
+import (
+ "errors"
+ "io"
+ "net"
+ "os"
+
+ "github.com/containerd/containerd/errdefs"
+ "google.golang.org/grpc/codes"
+ "google.golang.org/grpc/status"
+)
+
+// todo: break import cycle with "internal/hcs/errors.go" and reference errors defined there
+// todo: add errors defined in "internal/guest/gcserror" (Hresult does not implement error)
+
+func toStatusCode(err error) codes.Code {
+ // checks if err implements GRPCStatus() *"google.golang.org/grpc/status".Status,
+ // wraps an error defined in "github.com/containerd/containerd/errdefs", or is a
+ // context timeout or cancelled error
+ if s, ok := status.FromError(errdefs.ToGRPC(err)); ok {
+ return s.Code()
+ }
+
+ switch {
+ // case isAny(err):
+ // return codes.Cancelled
+ case isAny(err, os.ErrInvalid):
+ return codes.InvalidArgument
+ case isAny(err, os.ErrDeadlineExceeded):
+ return codes.DeadlineExceeded
+ case isAny(err, os.ErrNotExist):
+ return codes.NotFound
+ case isAny(err, os.ErrExist):
+ return codes.AlreadyExists
+ case isAny(err, os.ErrPermission):
+ return codes.PermissionDenied
+ // case isAny(err):
+ // return codes.ResourceExhausted
+ case isAny(err, os.ErrClosed, net.ErrClosed, io.ErrClosedPipe, io.ErrShortBuffer):
+ return codes.FailedPrecondition
+ // case isAny(err):
+ // return codes.Aborted
+ // case isAny(err):
+ // return codes.OutOfRange
+ // case isAny(err):
+ // return codes.Unimplemented
+ case isAny(err, io.ErrNoProgress):
+ return codes.Internal
+ // case isAny(err):
+ // return codes.Unavailable
+ case isAny(err, io.ErrShortWrite, io.ErrUnexpectedEOF):
+ return codes.DataLoss
+ // case isAny(err):
+ // return codes.Unauthenticated
+ default:
+ return codes.Unknown
+ }
+}
+
+// isAny returns true if errors.Is is true for any of the provided errors, errs.
+func isAny(err error, errs ...error) bool {
+ for _, e := range errs {
+ if errors.Is(err, e) {
+ return true
+ }
+ }
+ return false
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go b/vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go
new file mode 100644
index 000000000..28f8f43a9
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go
@@ -0,0 +1,86 @@
+package oc
+
+import (
+ "github.com/sirupsen/logrus"
+ "go.opencensus.io/trace"
+ "google.golang.org/grpc/codes"
+
+ "github.com/Microsoft/hcsshim/internal/log"
+ "github.com/Microsoft/hcsshim/internal/logfields"
+)
+
+const spanMessage = "Span"
+
+var _errorCodeKey = logrus.ErrorKey + "Code"
+
+// LogrusExporter is an OpenCensus `trace.Exporter` that exports
+// `trace.SpanData` to logrus output.
+type LogrusExporter struct{}
+
+var _ trace.Exporter = &LogrusExporter{}
+
+// ExportSpan exports `s` based on the the following rules:
+//
+// 1. All output will contain `s.Attributes`, `s.SpanKind`, `s.TraceID`,
+// `s.SpanID`, and `s.ParentSpanID` for correlation
+//
+// 2. Any calls to .Annotate will not be supported.
+//
+// 3. The span itself will be written at `logrus.InfoLevel` unless
+// `s.Status.Code != 0` in which case it will be written at `logrus.ErrorLevel`
+// providing `s.Status.Message` as the error value.
+func (le *LogrusExporter) ExportSpan(s *trace.SpanData) {
+ if s.DroppedAnnotationCount > 0 {
+ logrus.WithFields(logrus.Fields{
+ "name": s.Name,
+ logfields.TraceID: s.TraceID.String(),
+ logfields.SpanID: s.SpanID.String(),
+ "dropped": s.DroppedAttributeCount,
+ "maxAttributes": len(s.Attributes),
+ }).Warning("span had dropped attributes")
+ }
+
+ entry := log.L.Dup()
+ // Combine all span annotations with span data (eg, trace ID, span ID, parent span ID,
+ // error, status code)
+ // (OC) Span attributes are guaranteed to be strings, bools, or int64s, so we can
+ // can skip overhead in entry.WithFields() and add them directly to entry.Data.
+ // Preallocate ahead of time, since we should add, at most, 10 additional entries
+ data := make(logrus.Fields, len(entry.Data)+len(s.Attributes)+10)
+
+ // Default log entry may have prexisting/application-wide data
+ for k, v := range entry.Data {
+ data[k] = v
+ }
+ for k, v := range s.Attributes {
+ data[k] = v
+ }
+
+ data[logfields.Name] = s.Name
+ data[logfields.TraceID] = s.TraceID.String()
+ data[logfields.SpanID] = s.SpanID.String()
+ data[logfields.ParentSpanID] = s.ParentSpanID.String()
+ data[logfields.StartTime] = s.StartTime
+ data[logfields.EndTime] = s.EndTime
+ data[logfields.Duration] = s.EndTime.Sub(s.StartTime)
+ if sk := spanKindToString(s.SpanKind); sk != "" {
+ data["spanKind"] = sk
+ }
+
+ level := logrus.InfoLevel
+ if s.Status.Code != 0 {
+ level = logrus.ErrorLevel
+
+ // don't overwrite an existing "error" or "errorCode" attributes
+ if _, ok := data[logrus.ErrorKey]; !ok {
+ data[logrus.ErrorKey] = s.Status.Message
+ }
+ if _, ok := data[_errorCodeKey]; !ok {
+ data[_errorCodeKey] = codes.Code(s.Status.Code).String()
+ }
+ }
+
+ entry.Data = data
+ entry.Time = s.StartTime
+ entry.Log(level, spanMessage)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go b/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go
new file mode 100644
index 000000000..726078432
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go
@@ -0,0 +1,58 @@
+package oc
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/log"
+ "go.opencensus.io/trace"
+)
+
+var DefaultSampler = trace.AlwaysSample()
+
+// SetSpanStatus sets `span.SetStatus` to the proper status depending on `err`. If
+// `err` is `nil` assumes `trace.StatusCodeOk`.
+func SetSpanStatus(span *trace.Span, err error) {
+ status := trace.Status{}
+ if err != nil {
+ status.Code = int32(toStatusCode(err))
+ status.Message = err.Error()
+ }
+ span.SetStatus(status)
+}
+
+// StartSpan wraps "go.opencensus.io/trace".StartSpan, but, if the span is sampling,
+// adds a log entry to the context that points to the newly created span.
+func StartSpan(ctx context.Context, name string, o ...trace.StartOption) (context.Context, *trace.Span) {
+ ctx, s := trace.StartSpan(ctx, name, o...)
+ return update(ctx, s)
+}
+
+// StartSpanWithRemoteParent wraps "go.opencensus.io/trace".StartSpanWithRemoteParent.
+//
+// See StartSpan for more information.
+func StartSpanWithRemoteParent(ctx context.Context, name string, parent trace.SpanContext, o ...trace.StartOption) (context.Context, *trace.Span) {
+ ctx, s := trace.StartSpanWithRemoteParent(ctx, name, parent, o...)
+ return update(ctx, s)
+}
+
+func update(ctx context.Context, s *trace.Span) (context.Context, *trace.Span) {
+ if s.IsRecordingEvents() {
+ ctx = log.UpdateContext(ctx)
+ }
+
+ return ctx, s
+}
+
+var WithServerSpanKind = trace.WithSpanKind(trace.SpanKindServer)
+var WithClientSpanKind = trace.WithSpanKind(trace.SpanKindClient)
+
+func spanKindToString(sk int) string {
+ switch sk {
+ case trace.SpanKindClient:
+ return "client"
+ case trace.SpanKindServer:
+ return "server"
+ default:
+ return ""
+ }
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/protocol/guestrequest/types.go b/vendor/github.com/Microsoft/hcsshim/internal/protocol/guestrequest/types.go
new file mode 100644
index 000000000..4f441803b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/protocol/guestrequest/types.go
@@ -0,0 +1,76 @@
+package guestrequest
+
+// These are constants for v2 schema modify requests.
+
+type RequestType string
+type ResourceType string
+
+// RequestType const.
+const (
+ RequestTypeAdd RequestType = "Add"
+ RequestTypeRemove RequestType = "Remove"
+ RequestTypePreAdd RequestType = "PreAdd" // For networking
+ RequestTypeUpdate RequestType = "Update"
+)
+
+type SignalValueWCOW string
+
+const (
+ SignalValueWCOWCtrlC SignalValueWCOW = "CtrlC"
+ SignalValueWCOWCtrlBreak SignalValueWCOW = "CtrlBreak"
+ SignalValueWCOWCtrlClose SignalValueWCOW = "CtrlClose"
+ SignalValueWCOWCtrlLogOff SignalValueWCOW = "CtrlLogOff"
+ SignalValueWCOWCtrlShutdown SignalValueWCOW = "CtrlShutdown"
+)
+
+// ModificationRequest is for modify commands passed to the guest.
+type ModificationRequest struct {
+ RequestType RequestType `json:"RequestType,omitempty"`
+ ResourceType ResourceType `json:"ResourceType,omitempty"`
+ Settings interface{} `json:"Settings,omitempty"`
+}
+
+type NetworkModifyRequest struct {
+ AdapterId string `json:"AdapterId,omitempty"` //nolint:stylecheck
+ RequestType RequestType `json:"RequestType,omitempty"`
+ Settings interface{} `json:"Settings,omitempty"`
+}
+
+type RS4NetworkModifyRequest struct {
+ AdapterInstanceId string `json:"AdapterInstanceId,omitempty"` //nolint:stylecheck
+ RequestType RequestType `json:"RequestType,omitempty"`
+ Settings interface{} `json:"Settings,omitempty"`
+}
+
+var (
+ // V5 GUIDs for SCSI controllers
+ // These GUIDs are created with namespace GUID "d422512d-2bf2-4752-809d-7b82b5fcb1b4"
+ // and index as names. For example, first GUID is created like this:
+ // guid.NewV5("d422512d-2bf2-4752-809d-7b82b5fcb1b4", []byte("0"))
+ ScsiControllerGuids = []string{
+ "df6d0690-79e5-55b6-a5ec-c1e2f77f580a",
+ "0110f83b-de10-5172-a266-78bca56bf50a",
+ "b5d2d8d4-3a75-51bf-945b-3444dc6b8579",
+ "305891a9-b251-5dfe-91a2-c25d9212275b",
+ }
+)
+
+// constants for v2 schema ProcessModifyRequest
+
+// Operation type for [hcsschema.ProcessModifyRequest].
+type ProcessModifyOperation string
+
+const (
+ ModifyProcessConsoleSize ProcessModifyOperation = "ConsoleSize"
+ CloseProcessHandle ProcessModifyOperation = "CloseHandle"
+)
+
+// Standard IO handle(s) to close for [hcsschema.CloseHandle] in [hcsschema.ProcessModifyRequest].
+type STDIOHandle string
+
+const (
+ STDInHandle STDIOHandle = "StdIn"
+ STDOutHandle STDIOHandle = "StdOut"
+ STDErrHandle STDIOHandle = "StdErr"
+ AllHandles STDIOHandle = "All"
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go b/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go
new file mode 100644
index 000000000..4eb9bb9f1
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/queue/mq.go
@@ -0,0 +1,92 @@
+package queue
+
+import (
+ "errors"
+ "sync"
+)
+
+var ErrQueueClosed = errors.New("the queue is closed for reading and writing")
+
+// MessageQueue represents a threadsafe message queue to be used to retrieve or
+// write messages to.
+type MessageQueue struct {
+ m *sync.RWMutex
+ c *sync.Cond
+ messages []interface{}
+ closed bool
+}
+
+// NewMessageQueue returns a new MessageQueue.
+func NewMessageQueue() *MessageQueue {
+ m := &sync.RWMutex{}
+ return &MessageQueue{
+ m: m,
+ c: sync.NewCond(m),
+ messages: []interface{}{},
+ }
+}
+
+// Enqueue writes `msg` to the queue.
+func (mq *MessageQueue) Enqueue(msg interface{}) error {
+ mq.m.Lock()
+ defer mq.m.Unlock()
+
+ if mq.closed {
+ return ErrQueueClosed
+ }
+ mq.messages = append(mq.messages, msg)
+ // Signal a waiter that there is now a value available in the queue.
+ mq.c.Signal()
+ return nil
+}
+
+// Dequeue will read a value from the queue and remove it. If the queue
+// is empty, this will block until the queue is closed or a value gets enqueued.
+func (mq *MessageQueue) Dequeue() (interface{}, error) {
+ mq.m.Lock()
+ defer mq.m.Unlock()
+
+ for !mq.closed && mq.size() == 0 {
+ mq.c.Wait()
+ }
+
+ // We got woken up, check if it's because the queue got closed.
+ if mq.closed {
+ return nil, ErrQueueClosed
+ }
+
+ val := mq.messages[0]
+ mq.messages[0] = nil
+ mq.messages = mq.messages[1:]
+ return val, nil
+}
+
+// Size returns the size of the queue.
+func (mq *MessageQueue) Size() int {
+ mq.m.RLock()
+ defer mq.m.RUnlock()
+ return mq.size()
+}
+
+// Nonexported size check to check if the queue is empty inside already locked functions.
+func (mq *MessageQueue) size() int {
+ return len(mq.messages)
+}
+
+// Close closes the queue for future writes or reads. Any attempts to read or write from the
+// queue after close will return ErrQueueClosed. This is safe to call multiple times.
+func (mq *MessageQueue) Close() {
+ mq.m.Lock()
+ defer mq.m.Unlock()
+
+ // Already closed, noop
+ if mq.closed {
+ return
+ }
+
+ mq.messages = nil
+ mq.closed = true
+ // If there's anybody currently waiting on a value from Dequeue, we need to
+ // broadcast so the read(s) can return ErrQueueClosed.
+ mq.c.Broadcast()
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/safefile/do.go b/vendor/github.com/Microsoft/hcsshim/internal/safefile/do.go
new file mode 100644
index 000000000..f211d25e7
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/safefile/do.go
@@ -0,0 +1 @@
+package safefile
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go b/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go
new file mode 100644
index 000000000..70368533b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go
@@ -0,0 +1,403 @@
+//go:build windows
+
+package safefile
+
+import (
+ "errors"
+ "io"
+ "os"
+ "path/filepath"
+ "strings"
+ "syscall"
+ "unicode/utf16"
+ "unsafe"
+
+ "github.com/Microsoft/hcsshim/internal/longpath"
+ "github.com/Microsoft/hcsshim/internal/winapi"
+
+ winio "github.com/Microsoft/go-winio"
+)
+
+func OpenRoot(path string) (*os.File, error) {
+ longpath, err := longpath.LongAbs(path)
+ if err != nil {
+ return nil, err
+ }
+ return winio.OpenForBackup(longpath, syscall.GENERIC_READ, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE, syscall.OPEN_EXISTING)
+}
+
+func cleanGoStringRelativePath(path string) (string, error) {
+ path = filepath.Clean(path)
+ if strings.Contains(path, ":") {
+ // Since alternate data streams must follow the file they
+ // are attached to, finding one here (out of order) is invalid.
+ return "", errors.New("path contains invalid character `:`")
+ }
+ fspath := filepath.FromSlash(path)
+ if len(fspath) > 0 && fspath[0] == '\\' {
+ return "", errors.New("expected relative path")
+ }
+ return fspath, nil
+}
+
+func ntRelativePath(path string) ([]uint16, error) {
+ fspath, err := cleanGoStringRelativePath(path)
+ if err != nil {
+ return nil, err
+ }
+
+ path16 := utf16.Encode(([]rune)(fspath))
+ if len(path16) > 32767 {
+ return nil, syscall.ENAMETOOLONG
+ }
+
+ return path16, nil
+}
+
+// openRelativeInternal opens a relative path from the given root, failing if
+// any of the intermediate path components are reparse points.
+func openRelativeInternal(path string, root *os.File, accessMask uint32, shareFlags uint32, createDisposition uint32, flags uint32) (*os.File, error) {
+ var (
+ h uintptr
+ iosb winapi.IOStatusBlock
+ oa winapi.ObjectAttributes
+ )
+
+ cleanRelativePath, err := cleanGoStringRelativePath(path)
+ if err != nil {
+ return nil, err
+ }
+
+ if root == nil || root.Fd() == 0 {
+ return nil, errors.New("missing root directory")
+ }
+
+ pathUnicode, err := winapi.NewUnicodeString(cleanRelativePath)
+ if err != nil {
+ return nil, err
+ }
+
+ oa.Length = unsafe.Sizeof(oa)
+ oa.ObjectName = pathUnicode
+ oa.RootDirectory = uintptr(root.Fd())
+ oa.Attributes = winapi.OBJ_DONT_REPARSE
+ status := winapi.NtCreateFile(
+ &h,
+ accessMask|syscall.SYNCHRONIZE,
+ &oa,
+ &iosb,
+ nil,
+ 0,
+ shareFlags,
+ createDisposition,
+ winapi.FILE_OPEN_FOR_BACKUP_INTENT|winapi.FILE_SYNCHRONOUS_IO_NONALERT|flags,
+ nil,
+ 0,
+ )
+ if status != 0 {
+ return nil, winapi.RtlNtStatusToDosError(status)
+ }
+
+ fullPath, err := longpath.LongAbs(filepath.Join(root.Name(), path))
+ if err != nil {
+ syscall.Close(syscall.Handle(h))
+ return nil, err
+ }
+
+ return os.NewFile(h, fullPath), nil
+}
+
+// OpenRelative opens a relative path from the given root, failing if
+// any of the intermediate path components are reparse points.
+func OpenRelative(path string, root *os.File, accessMask uint32, shareFlags uint32, createDisposition uint32, flags uint32) (*os.File, error) {
+ f, err := openRelativeInternal(path, root, accessMask, shareFlags, createDisposition, flags)
+ if err != nil {
+ err = &os.PathError{Op: "open", Path: filepath.Join(root.Name(), path), Err: err}
+ }
+ return f, err
+}
+
+// LinkRelative creates a hard link from oldname to newname (relative to oldroot
+// and newroot), failing if any of the intermediate path components are reparse
+// points.
+func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os.File) error {
+ // Open the old file.
+ oldf, err := openRelativeInternal(
+ oldname,
+ oldroot,
+ syscall.FILE_WRITE_ATTRIBUTES,
+ syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
+ winapi.FILE_OPEN,
+ 0,
+ )
+ if err != nil {
+ return &os.LinkError{Op: "link", Old: filepath.Join(oldroot.Name(), oldname), New: filepath.Join(newroot.Name(), newname), Err: err}
+ }
+ defer oldf.Close()
+
+ // Open the parent of the new file.
+ var parent *os.File
+ parentPath := filepath.Dir(newname)
+ if parentPath != "." {
+ parent, err = openRelativeInternal(
+ parentPath,
+ newroot,
+ syscall.GENERIC_READ,
+ syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
+ winapi.FILE_OPEN,
+ winapi.FILE_DIRECTORY_FILE)
+ if err != nil {
+ return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(newroot.Name(), newname), Err: err}
+ }
+ defer parent.Close()
+
+ fi, err := winio.GetFileBasicInfo(parent)
+ if err != nil {
+ return err
+ }
+ if (fi.FileAttributes & syscall.FILE_ATTRIBUTE_REPARSE_POINT) != 0 {
+ return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(newroot.Name(), newname), Err: winapi.RtlNtStatusToDosError(winapi.STATUS_REPARSE_POINT_ENCOUNTERED)}
+ }
+ } else {
+ parent = newroot
+ }
+
+ // Issue an NT call to create the link. This will be safe because NT will
+ // not open any more directories to create the link, so it cannot walk any
+ // more reparse points.
+ newbase := filepath.Base(newname)
+ newbase16, err := ntRelativePath(newbase)
+ if err != nil {
+ return err
+ }
+
+ size := int(unsafe.Offsetof(winapi.FileLinkInformation{}.FileName)) + len(newbase16)*2
+ linkinfoBuffer := winapi.LocalAlloc(0, size)
+ defer winapi.LocalFree(linkinfoBuffer)
+
+ linkinfo := (*winapi.FileLinkInformation)(unsafe.Pointer(linkinfoBuffer))
+ linkinfo.RootDirectory = parent.Fd()
+ linkinfo.FileNameLength = uint32(len(newbase16) * 2)
+ copy(winapi.Uint16BufferToSlice(&linkinfo.FileName[0], len(newbase16)), newbase16)
+
+ var iosb winapi.IOStatusBlock
+ status := winapi.NtSetInformationFile(
+ oldf.Fd(),
+ &iosb,
+ linkinfoBuffer,
+ uint32(size),
+ winapi.FileLinkInformationClass,
+ )
+ if status != 0 {
+ return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(parent.Name(), newbase), Err: winapi.RtlNtStatusToDosError(status)}
+ }
+
+ return nil
+}
+
+// deleteOnClose marks a file to be deleted when the handle is closed.
+func deleteOnClose(f *os.File) error {
+ disposition := winapi.FileDispositionInformationEx{Flags: winapi.FILE_DISPOSITION_DELETE}
+ var iosb winapi.IOStatusBlock
+ status := winapi.NtSetInformationFile(
+ f.Fd(),
+ &iosb,
+ uintptr(unsafe.Pointer(&disposition)),
+ uint32(unsafe.Sizeof(disposition)),
+ winapi.FileDispositionInformationExClass,
+ )
+ if status != 0 {
+ return winapi.RtlNtStatusToDosError(status)
+ }
+ return nil
+}
+
+// clearReadOnly clears the readonly attribute on a file.
+func clearReadOnly(f *os.File) error {
+ bi, err := winio.GetFileBasicInfo(f)
+ if err != nil {
+ return err
+ }
+ if bi.FileAttributes&syscall.FILE_ATTRIBUTE_READONLY == 0 {
+ return nil
+ }
+ sbi := winio.FileBasicInfo{
+ FileAttributes: bi.FileAttributes &^ syscall.FILE_ATTRIBUTE_READONLY,
+ }
+ if sbi.FileAttributes == 0 {
+ sbi.FileAttributes = syscall.FILE_ATTRIBUTE_NORMAL
+ }
+ return winio.SetFileBasicInfo(f, &sbi)
+}
+
+// RemoveRelative removes a file or directory relative to a root, failing if any
+// intermediate path components are reparse points.
+func RemoveRelative(path string, root *os.File) error {
+ f, err := openRelativeInternal(
+ path,
+ root,
+ winapi.FILE_READ_ATTRIBUTES|winapi.FILE_WRITE_ATTRIBUTES|winapi.DELETE,
+ syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
+ winapi.FILE_OPEN,
+ winapi.FILE_OPEN_REPARSE_POINT)
+ if err == nil {
+ defer f.Close()
+ err = deleteOnClose(f)
+ if err == syscall.ERROR_ACCESS_DENIED {
+ // Maybe the file is marked readonly. Clear the bit and retry.
+ _ = clearReadOnly(f)
+ err = deleteOnClose(f)
+ }
+ }
+ if err != nil {
+ return &os.PathError{Op: "remove", Path: filepath.Join(root.Name(), path), Err: err}
+ }
+ return nil
+}
+
+// RemoveAllRelative removes a directory tree relative to a root, failing if any
+// intermediate path components are reparse points.
+func RemoveAllRelative(path string, root *os.File) error {
+ fi, err := LstatRelative(path, root)
+ if err != nil {
+ if os.IsNotExist(err) {
+ return nil
+ }
+ return err
+ }
+ fileAttributes := fi.Sys().(*syscall.Win32FileAttributeData).FileAttributes
+ if fileAttributes&syscall.FILE_ATTRIBUTE_DIRECTORY == 0 || fileAttributes&syscall.FILE_ATTRIBUTE_REPARSE_POINT != 0 {
+ // If this is a reparse point, it can't have children. Simple remove will do.
+ err := RemoveRelative(path, root)
+ if err == nil || os.IsNotExist(err) {
+ return nil
+ }
+ return err
+ }
+
+ // It is necessary to use os.Open as Readdirnames does not work with
+ // OpenRelative. This is safe because the above LstatRelative fails
+ // if the target is outside the root, and we know this is not a
+ // symlink from the above FILE_ATTRIBUTE_REPARSE_POINT check.
+ fd, err := os.Open(filepath.Join(root.Name(), path))
+ if err != nil {
+ if os.IsNotExist(err) {
+ // Race. It was deleted between the Lstat and Open.
+ // Return nil per RemoveAll's docs.
+ return nil
+ }
+ return err
+ }
+
+ // Remove contents & return first error.
+ for {
+ names, err1 := fd.Readdirnames(100)
+ for _, name := range names {
+ if err2 := RemoveAllRelative(path+string(os.PathSeparator)+name, root); err == nil {
+ err = err2
+ }
+ }
+ if err1 == io.EOF {
+ // Readdirnames has no more files to return
+ break
+ }
+ // If Readdirnames returned an error, use it.
+ if err == nil {
+ err = err1
+ }
+ if len(names) == 0 {
+ break
+ }
+ }
+ fd.Close()
+
+ // Remove directory.
+ err1 := RemoveRelative(path, root)
+ if err1 == nil || os.IsNotExist(err1) {
+ return nil
+ }
+ if err == nil {
+ err = err1
+ }
+ return err
+}
+
+// MkdirRelative creates a directory relative to a root, failing if any
+// intermediate path components are reparse points.
+func MkdirRelative(path string, root *os.File) error {
+ f, err := openRelativeInternal(
+ path,
+ root,
+ 0,
+ syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
+ winapi.FILE_CREATE,
+ winapi.FILE_DIRECTORY_FILE)
+ if err == nil {
+ f.Close()
+ } else {
+ err = &os.PathError{Op: "mkdir", Path: filepath.Join(root.Name(), path), Err: err}
+ }
+ return err
+}
+
+// MkdirAllRelative creates each directory in the path relative to a root, failing if
+// any existing intermediate path components are reparse points.
+func MkdirAllRelative(path string, root *os.File) error {
+ pathParts := strings.Split(filepath.Clean(path), (string)(filepath.Separator))
+ for index := range pathParts {
+ partialPath := filepath.Join(pathParts[0 : index+1]...)
+ stat, err := LstatRelative(partialPath, root)
+
+ if err != nil {
+ if os.IsNotExist(err) {
+ if err := MkdirRelative(partialPath, root); err != nil {
+ return err
+ }
+ continue
+ }
+ return err
+ }
+
+ if !stat.IsDir() {
+ fullPath := filepath.Join(root.Name(), partialPath)
+ return &os.PathError{Op: "mkdir", Path: fullPath, Err: syscall.ENOTDIR}
+ }
+ }
+
+ return nil
+}
+
+// LstatRelative performs a stat operation on a file relative to a root, failing
+// if any intermediate path components are reparse points.
+func LstatRelative(path string, root *os.File) (os.FileInfo, error) {
+ f, err := openRelativeInternal(
+ path,
+ root,
+ winapi.FILE_READ_ATTRIBUTES,
+ syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
+ winapi.FILE_OPEN,
+ winapi.FILE_OPEN_REPARSE_POINT)
+ if err != nil {
+ return nil, &os.PathError{Op: "stat", Path: filepath.Join(root.Name(), path), Err: err}
+ }
+ defer f.Close()
+ return f.Stat()
+}
+
+// EnsureNotReparsePointRelative validates that a given file (relative to a
+// root) and all intermediate path components are not a reparse points.
+func EnsureNotReparsePointRelative(path string, root *os.File) error {
+ // Perform an open with OBJ_DONT_REPARSE but without specifying FILE_OPEN_REPARSE_POINT.
+ f, err := OpenRelative(
+ path,
+ root,
+ 0,
+ syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE,
+ winapi.FILE_OPEN,
+ 0)
+ if err != nil {
+ return err
+ }
+ f.Close()
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/security/grantvmgroupaccess.go b/vendor/github.com/Microsoft/hcsshim/internal/security/grantvmgroupaccess.go
new file mode 100644
index 000000000..7dfa1e594
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/security/grantvmgroupaccess.go
@@ -0,0 +1,186 @@
+//go:build windows
+// +build windows
+
+package security
+
+import (
+ "fmt"
+ "os"
+ "syscall"
+ "unsafe"
+)
+
+type (
+ accessMask uint32
+ accessMode uint32
+ desiredAccess uint32
+ inheritMode uint32
+ objectType uint32
+ shareMode uint32
+ securityInformation uint32
+ trusteeForm uint32
+ trusteeType uint32
+)
+
+type explicitAccess struct {
+ accessPermissions accessMask
+ accessMode accessMode
+ inheritance inheritMode
+ trustee trustee
+}
+
+type trustee struct {
+ multipleTrustee *trustee
+ multipleTrusteeOperation int32
+ trusteeForm trusteeForm
+ trusteeType trusteeType
+ name uintptr
+}
+
+const (
+ AccessMaskNone accessMask = 0
+ AccessMaskRead accessMask = 1 << 31 // GENERIC_READ
+ AccessMaskWrite accessMask = 1 << 30 // GENERIC_WRITE
+ AccessMaskExecute accessMask = 1 << 29 // GENERIC_EXECUTE
+ AccessMaskAll accessMask = 1 << 28 // GENERIC_ALL
+
+ accessMaskDesiredPermission = AccessMaskRead
+
+ accessModeGrant accessMode = 1
+
+ desiredAccessReadControl desiredAccess = 0x20000
+ desiredAccessWriteDac desiredAccess = 0x40000
+
+ gvmga = "GrantVmGroupAccess:"
+
+ inheritModeNoInheritance inheritMode = 0x0
+ inheritModeSubContainersAndObjectsInherit inheritMode = 0x3
+
+ objectTypeFileObject objectType = 0x1
+
+ securityInformationDACL securityInformation = 0x4
+
+ shareModeRead shareMode = 0x1
+ shareModeWrite shareMode = 0x2
+
+ //nolint:stylecheck // ST1003
+ sidVmGroup = "S-1-5-83-0"
+
+ trusteeFormIsSid trusteeForm = 0
+
+ trusteeTypeWellKnownGroup trusteeType = 5
+)
+
+// GrantVmGroupAccess sets the DACL for a specified file or directory to
+// include Grant ACE entries for the VM Group SID. This is a golang re-
+// implementation of the same function in vmcompute, just not exported in
+// RS5. Which kind of sucks. Sucks a lot :/
+func GrantVmGroupAccess(name string) error { //nolint:stylecheck // ST1003
+ return GrantVmGroupAccessWithMask(name, accessMaskDesiredPermission)
+}
+
+// GrantVmGroupAccessWithMask sets the desired DACL for a specified file or
+// directory.
+func GrantVmGroupAccessWithMask(name string, access accessMask) error { //nolint:stylecheck // ST1003
+ if access == 0 || access<<4 != 0 {
+ return fmt.Errorf("invalid access mask: 0x%08x", access)
+ }
+ // Stat (to determine if `name` is a directory).
+ s, err := os.Stat(name)
+ if err != nil {
+ return fmt.Errorf("%s os.Stat %s: %w", gvmga, name, err)
+ }
+
+ // Get a handle to the file/directory. Must defer Close on success.
+ fd, err := createFile(name, s.IsDir())
+ if err != nil {
+ return err // Already wrapped
+ }
+ defer func() {
+ _ = syscall.CloseHandle(fd)
+ }()
+
+ // Get the current DACL and Security Descriptor. Must defer LocalFree on success.
+ ot := objectTypeFileObject
+ si := securityInformationDACL
+ sd := uintptr(0)
+ origDACL := uintptr(0)
+ if err := getSecurityInfo(fd, uint32(ot), uint32(si), nil, nil, &origDACL, nil, &sd); err != nil {
+ return fmt.Errorf("%s GetSecurityInfo %s: %w", gvmga, name, err)
+ }
+ defer func() {
+ _, _ = syscall.LocalFree((syscall.Handle)(unsafe.Pointer(sd)))
+ }()
+
+ // Generate a new DACL which is the current DACL with the required ACEs added.
+ // Must defer LocalFree on success.
+ newDACL, err := generateDACLWithAcesAdded(name, s.IsDir(), access, origDACL)
+ if err != nil {
+ return err // Already wrapped
+ }
+ defer func() {
+ _, _ = syscall.LocalFree((syscall.Handle)(unsafe.Pointer(newDACL)))
+ }()
+
+ // And finally use SetSecurityInfo to apply the updated DACL.
+ if err := setSecurityInfo(fd, uint32(ot), uint32(si), uintptr(0), uintptr(0), newDACL, uintptr(0)); err != nil {
+ return fmt.Errorf("%s SetSecurityInfo %s: %w", gvmga, name, err)
+ }
+
+ return nil
+}
+
+// createFile is a helper function to call [Nt]CreateFile to get a handle to
+// the file or directory.
+func createFile(name string, isDir bool) (syscall.Handle, error) {
+ namep, err := syscall.UTF16FromString(name)
+ if err != nil {
+ return 0, fmt.Errorf("syscall.UTF16FromString %s: %w", name, err)
+ }
+ da := uint32(desiredAccessReadControl | desiredAccessWriteDac)
+ sm := uint32(shareModeRead | shareModeWrite)
+ fa := uint32(syscall.FILE_ATTRIBUTE_NORMAL)
+ if isDir {
+ fa = uint32(fa | syscall.FILE_FLAG_BACKUP_SEMANTICS)
+ }
+ fd, err := syscall.CreateFile(&namep[0], da, sm, nil, syscall.OPEN_EXISTING, fa, 0)
+ if err != nil {
+ return 0, fmt.Errorf("%s syscall.CreateFile %s: %w", gvmga, name, err)
+ }
+ return fd, nil
+}
+
+// generateDACLWithAcesAdded generates a new DACL with the two needed ACEs added.
+// The caller is responsible for LocalFree of the returned DACL on success.
+func generateDACLWithAcesAdded(name string, isDir bool, desiredAccess accessMask, origDACL uintptr) (uintptr, error) {
+ // Generate pointers to the SIDs based on the string SIDs
+ sid, err := syscall.StringToSid(sidVmGroup)
+ if err != nil {
+ return 0, fmt.Errorf("%s syscall.StringToSid %s %s: %w", gvmga, name, sidVmGroup, err)
+ }
+
+ inheritance := inheritModeNoInheritance
+ if isDir {
+ inheritance = inheritModeSubContainersAndObjectsInherit
+ }
+
+ eaArray := []explicitAccess{
+ {
+ accessPermissions: desiredAccess,
+ accessMode: accessModeGrant,
+ inheritance: inheritance,
+ trustee: trustee{
+ trusteeForm: trusteeFormIsSid,
+ trusteeType: trusteeTypeWellKnownGroup,
+ name: uintptr(unsafe.Pointer(sid)),
+ },
+ },
+ }
+
+ modifiedDACL := uintptr(0)
+ if err := setEntriesInAcl(uintptr(uint32(1)), uintptr(unsafe.Pointer(&eaArray[0])), origDACL, &modifiedDACL); err != nil {
+ return 0, fmt.Errorf("%s SetEntriesInAcl %s: %w", gvmga, name, err)
+ }
+
+ return modifiedDACL, nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/security/syscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/security/syscall_windows.go
new file mode 100644
index 000000000..71326e4e4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/security/syscall_windows.go
@@ -0,0 +1,7 @@
+package security
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go syscall_windows.go
+
+//sys getSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, ppsidOwner **uintptr, ppsidGroup **uintptr, ppDacl *uintptr, ppSacl *uintptr, ppSecurityDescriptor *uintptr) (win32err error) = advapi32.GetSecurityInfo
+//sys setSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, psidOwner uintptr, psidGroup uintptr, pDacl uintptr, pSacl uintptr) (win32err error) = advapi32.SetSecurityInfo
+//sys setEntriesInAcl(count uintptr, pListOfEEs uintptr, oldAcl uintptr, newAcl *uintptr) (win32err error) = advapi32.SetEntriesInAclW
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/security/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/security/zsyscall_windows.go
new file mode 100644
index 000000000..26c986b88
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/security/zsyscall_windows.go
@@ -0,0 +1,72 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package security
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
+
+ procGetSecurityInfo = modadvapi32.NewProc("GetSecurityInfo")
+ procSetEntriesInAclW = modadvapi32.NewProc("SetEntriesInAclW")
+ procSetSecurityInfo = modadvapi32.NewProc("SetSecurityInfo")
+)
+
+func getSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, ppsidOwner **uintptr, ppsidGroup **uintptr, ppDacl *uintptr, ppSacl *uintptr, ppSecurityDescriptor *uintptr) (win32err error) {
+ r0, _, _ := syscall.Syscall9(procGetSecurityInfo.Addr(), 8, uintptr(handle), uintptr(objectType), uintptr(si), uintptr(unsafe.Pointer(ppsidOwner)), uintptr(unsafe.Pointer(ppsidGroup)), uintptr(unsafe.Pointer(ppDacl)), uintptr(unsafe.Pointer(ppSacl)), uintptr(unsafe.Pointer(ppSecurityDescriptor)), 0)
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func setEntriesInAcl(count uintptr, pListOfEEs uintptr, oldAcl uintptr, newAcl *uintptr) (win32err error) {
+ r0, _, _ := syscall.Syscall6(procSetEntriesInAclW.Addr(), 4, uintptr(count), uintptr(pListOfEEs), uintptr(oldAcl), uintptr(unsafe.Pointer(newAcl)), 0, 0)
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func setSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, psidOwner uintptr, psidGroup uintptr, pDacl uintptr, pSacl uintptr) (win32err error) {
+ r0, _, _ := syscall.Syscall9(procSetSecurityInfo.Addr(), 7, uintptr(handle), uintptr(objectType), uintptr(si), uintptr(psidOwner), uintptr(psidGroup), uintptr(pDacl), uintptr(pSacl), 0, 0)
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/timeout/timeout.go b/vendor/github.com/Microsoft/hcsshim/internal/timeout/timeout.go
new file mode 100644
index 000000000..eaf39fa51
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/timeout/timeout.go
@@ -0,0 +1,74 @@
+package timeout
+
+import (
+ "os"
+ "strconv"
+ "time"
+)
+
+var (
+ // defaultTimeout is the timeout for most operations that is not overridden.
+ defaultTimeout = 4 * time.Minute
+
+ // defaultTimeoutTestdRetry is the retry loop timeout for testd to respond
+ // for a disk to come online in LCOW.
+ defaultTimeoutTestdRetry = 5 * time.Second
+)
+
+// External variables for HCSShim consumers to use.
+var (
+ // SystemCreate is the timeout for creating a compute system
+ SystemCreate time.Duration = defaultTimeout
+
+ // SystemStart is the timeout for starting a compute system
+ SystemStart time.Duration = defaultTimeout
+
+ // SystemPause is the timeout for pausing a compute system
+ SystemPause time.Duration = defaultTimeout
+
+ // SystemResume is the timeout for resuming a compute system
+ SystemResume time.Duration = defaultTimeout
+
+ // SystemSave is the timeout for saving a compute system
+ SystemSave time.Duration = defaultTimeout
+
+ // SyscallWatcher is the timeout before warning of a potential stuck platform syscall.
+ SyscallWatcher time.Duration = defaultTimeout
+
+ // Tar2VHD is the timeout for the tar2vhd operation to complete
+ Tar2VHD time.Duration = defaultTimeout
+
+ // ExternalCommandToStart is the timeout for external commands to start
+ ExternalCommandToStart = defaultTimeout
+
+ // ExternalCommandToComplete is the timeout for external commands to complete.
+ // Generally this means copying data from their stdio pipes.
+ ExternalCommandToComplete = defaultTimeout
+
+ // TestDRetryLoop is the timeout for testd retry loop when onlining a SCSI disk in LCOW
+ TestDRetryLoop = defaultTimeoutTestdRetry
+)
+
+func init() {
+ SystemCreate = durationFromEnvironment("HCSSHIM_TIMEOUT_SYSTEMCREATE", SystemCreate)
+ SystemStart = durationFromEnvironment("HCSSHIM_TIMEOUT_SYSTEMSTART", SystemStart)
+ SystemPause = durationFromEnvironment("HCSSHIM_TIMEOUT_SYSTEMPAUSE", SystemPause)
+ SystemResume = durationFromEnvironment("HCSSHIM_TIMEOUT_SYSTEMRESUME", SystemResume)
+ SystemSave = durationFromEnvironment("HCSSHIM_TIMEOUT_SYSTEMSAVE", SystemSave)
+ SyscallWatcher = durationFromEnvironment("HCSSHIM_TIMEOUT_SYSCALLWATCHER", SyscallWatcher)
+ Tar2VHD = durationFromEnvironment("HCSSHIM_TIMEOUT_TAR2VHD", Tar2VHD)
+ ExternalCommandToStart = durationFromEnvironment("HCSSHIM_TIMEOUT_EXTERNALCOMMANDSTART", ExternalCommandToStart)
+ ExternalCommandToComplete = durationFromEnvironment("HCSSHIM_TIMEOUT_EXTERNALCOMMANDCOMPLETE", ExternalCommandToComplete)
+ TestDRetryLoop = durationFromEnvironment("HCSSHIM_TIMEOUT_TESTDRETRYLOOP", TestDRetryLoop)
+}
+
+func durationFromEnvironment(env string, defaultValue time.Duration) time.Duration {
+ envTimeout := os.Getenv(env)
+ if len(envTimeout) > 0 {
+ e, err := strconv.Atoi(envTimeout)
+ if err == nil && e > 0 {
+ return time.Second * time.Duration(e)
+ }
+ }
+ return defaultValue
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/doc.go
new file mode 100644
index 000000000..9dd00c812
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/doc.go
@@ -0,0 +1 @@
+package vmcompute
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go
new file mode 100644
index 000000000..79b14ef97
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go
@@ -0,0 +1,637 @@
+//go:build windows
+
+package vmcompute
+
+import (
+ gcontext "context"
+ "syscall"
+ "time"
+
+ "github.com/sirupsen/logrus"
+ "go.opencensus.io/trace"
+
+ "github.com/Microsoft/hcsshim/internal/interop"
+ "github.com/Microsoft/hcsshim/internal/log"
+ "github.com/Microsoft/hcsshim/internal/logfields"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/Microsoft/hcsshim/internal/timeout"
+)
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go vmcompute.go
+
+//sys hcsEnumerateComputeSystems(query string, computeSystems **uint16, result **uint16) (hr error) = vmcompute.HcsEnumerateComputeSystems?
+//sys hcsCreateComputeSystem(id string, configuration string, identity syscall.Handle, computeSystem *HcsSystem, result **uint16) (hr error) = vmcompute.HcsCreateComputeSystem?
+//sys hcsOpenComputeSystem(id string, computeSystem *HcsSystem, result **uint16) (hr error) = vmcompute.HcsOpenComputeSystem?
+//sys hcsCloseComputeSystem(computeSystem HcsSystem) (hr error) = vmcompute.HcsCloseComputeSystem?
+//sys hcsStartComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsStartComputeSystem?
+//sys hcsShutdownComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsShutdownComputeSystem?
+//sys hcsTerminateComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsTerminateComputeSystem?
+//sys hcsPauseComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsPauseComputeSystem?
+//sys hcsResumeComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsResumeComputeSystem?
+//sys hcsGetComputeSystemProperties(computeSystem HcsSystem, propertyQuery string, properties **uint16, result **uint16) (hr error) = vmcompute.HcsGetComputeSystemProperties?
+//sys hcsModifyComputeSystem(computeSystem HcsSystem, configuration string, result **uint16) (hr error) = vmcompute.HcsModifyComputeSystem?
+//sys hcsModifyServiceSettings(settings string, result **uint16) (hr error) = vmcompute.HcsModifyServiceSettings?
+//sys hcsRegisterComputeSystemCallback(computeSystem HcsSystem, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) = vmcompute.HcsRegisterComputeSystemCallback?
+//sys hcsUnregisterComputeSystemCallback(callbackHandle HcsCallback) (hr error) = vmcompute.HcsUnregisterComputeSystemCallback?
+//sys hcsSaveComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsSaveComputeSystem?
+
+//sys hcsCreateProcess(computeSystem HcsSystem, processParameters string, processInformation *HcsProcessInformation, process *HcsProcess, result **uint16) (hr error) = vmcompute.HcsCreateProcess?
+//sys hcsOpenProcess(computeSystem HcsSystem, pid uint32, process *HcsProcess, result **uint16) (hr error) = vmcompute.HcsOpenProcess?
+//sys hcsCloseProcess(process HcsProcess) (hr error) = vmcompute.HcsCloseProcess?
+//sys hcsTerminateProcess(process HcsProcess, result **uint16) (hr error) = vmcompute.HcsTerminateProcess?
+//sys hcsSignalProcess(process HcsProcess, options string, result **uint16) (hr error) = vmcompute.HcsSignalProcess?
+//sys hcsGetProcessInfo(process HcsProcess, processInformation *HcsProcessInformation, result **uint16) (hr error) = vmcompute.HcsGetProcessInfo?
+//sys hcsGetProcessProperties(process HcsProcess, processProperties **uint16, result **uint16) (hr error) = vmcompute.HcsGetProcessProperties?
+//sys hcsModifyProcess(process HcsProcess, settings string, result **uint16) (hr error) = vmcompute.HcsModifyProcess?
+//sys hcsGetServiceProperties(propertyQuery string, properties **uint16, result **uint16) (hr error) = vmcompute.HcsGetServiceProperties?
+//sys hcsRegisterProcessCallback(process HcsProcess, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) = vmcompute.HcsRegisterProcessCallback?
+//sys hcsUnregisterProcessCallback(callbackHandle HcsCallback) (hr error) = vmcompute.HcsUnregisterProcessCallback?
+
+// errVmcomputeOperationPending is an error encountered when the operation is being completed asynchronously
+const errVmcomputeOperationPending = syscall.Errno(0xC0370103)
+
+// HcsSystem is the handle associated with a created compute system.
+type HcsSystem syscall.Handle
+
+// HcsProcess is the handle associated with a created process in a compute
+// system.
+type HcsProcess syscall.Handle
+
+// HcsCallback is the handle associated with the function to call when events
+// occur.
+type HcsCallback syscall.Handle
+
+// HcsProcessInformation is the structure used when creating or getting process
+// info.
+type HcsProcessInformation struct {
+ // ProcessId is the pid of the created process.
+ ProcessId uint32
+ _ uint32 // reserved padding
+ // StdInput is the handle associated with the stdin of the process.
+ StdInput syscall.Handle
+ // StdOutput is the handle associated with the stdout of the process.
+ StdOutput syscall.Handle
+ // StdError is the handle associated with the stderr of the process.
+ StdError syscall.Handle
+}
+
+func execute(ctx gcontext.Context, timeout time.Duration, f func() error) error {
+ now := time.Now()
+ if timeout > 0 {
+ var cancel gcontext.CancelFunc
+ ctx, cancel = gcontext.WithTimeout(ctx, timeout)
+ defer cancel()
+ }
+
+ // if ctx already has prior deadlines, the shortest timeout takes precedence and is used.
+ // find the true timeout for reporting
+ //
+ // this is mostly an issue with (*UtilityVM).Start(context.Context), which sets its
+ // own (2 minute) timeout.
+ deadline, ok := ctx.Deadline()
+ trueTimeout := timeout
+ if ok {
+ trueTimeout = deadline.Sub(now)
+ log.G(ctx).WithFields(logrus.Fields{
+ logfields.Timeout: trueTimeout,
+ "desiredTimeout": timeout,
+ }).Trace("Executing syscall with deadline")
+ }
+
+ done := make(chan error, 1)
+ go func() {
+ done <- f()
+ }()
+ select {
+ case <-ctx.Done():
+ if ctx.Err() == gcontext.DeadlineExceeded {
+ log.G(ctx).WithField(logfields.Timeout, trueTimeout).
+ Warning("Syscall did not complete within operation timeout. This may indicate a platform issue. " +
+ "If it appears to be making no forward progress, obtain the stacks and see if there is a syscall " +
+ "stuck in the platform API for a significant length of time.")
+ }
+ return ctx.Err()
+ case err := <-done:
+ return err
+ }
+}
+
+func HcsEnumerateComputeSystems(ctx gcontext.Context, query string) (computeSystems, result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsEnumerateComputeSystems")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+ span.AddAttributes(trace.StringAttribute("query", query))
+
+ return computeSystems, result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var (
+ computeSystemsp *uint16
+ resultp *uint16
+ )
+ err := hcsEnumerateComputeSystems(query, &computeSystemsp, &resultp)
+ if computeSystemsp != nil {
+ computeSystems = interop.ConvertAndFreeCoTaskMemString(computeSystemsp)
+ }
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsCreateComputeSystem(ctx gcontext.Context, id string, configuration string, identity syscall.Handle) (computeSystem HcsSystem, result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsCreateComputeSystem")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ if hr != errVmcomputeOperationPending {
+ oc.SetSpanStatus(span, hr)
+ }
+ }()
+ span.AddAttributes(
+ trace.StringAttribute("id", id),
+ trace.StringAttribute("configuration", configuration))
+
+ return computeSystem, result, execute(ctx, timeout.SystemCreate, func() error {
+ var resultp *uint16
+ err := hcsCreateComputeSystem(id, configuration, identity, &computeSystem, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsOpenComputeSystem(ctx gcontext.Context, id string) (computeSystem HcsSystem, result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsOpenComputeSystem")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+
+ return computeSystem, result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsOpenComputeSystem(id, &computeSystem, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsCloseComputeSystem(ctx gcontext.Context, computeSystem HcsSystem) (hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsCloseComputeSystem")
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, hr) }()
+
+ return execute(ctx, timeout.SyscallWatcher, func() error {
+ return hcsCloseComputeSystem(computeSystem)
+ })
+}
+
+func HcsStartComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsStartComputeSystem")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ if hr != errVmcomputeOperationPending {
+ oc.SetSpanStatus(span, hr)
+ }
+ }()
+ span.AddAttributes(trace.StringAttribute("options", options))
+
+ return result, execute(ctx, timeout.SystemStart, func() error {
+ var resultp *uint16
+ err := hcsStartComputeSystem(computeSystem, options, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsShutdownComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsShutdownComputeSystem")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ if hr != errVmcomputeOperationPending {
+ oc.SetSpanStatus(span, hr)
+ }
+ }()
+ span.AddAttributes(trace.StringAttribute("options", options))
+
+ return result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsShutdownComputeSystem(computeSystem, options, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsTerminateComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsTerminateComputeSystem")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ if hr != errVmcomputeOperationPending {
+ oc.SetSpanStatus(span, hr)
+ }
+ }()
+ span.AddAttributes(trace.StringAttribute("options", options))
+
+ return result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsTerminateComputeSystem(computeSystem, options, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsPauseComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsPauseComputeSystem")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ if hr != errVmcomputeOperationPending {
+ oc.SetSpanStatus(span, hr)
+ }
+ }()
+ span.AddAttributes(trace.StringAttribute("options", options))
+
+ return result, execute(ctx, timeout.SystemPause, func() error {
+ var resultp *uint16
+ err := hcsPauseComputeSystem(computeSystem, options, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsResumeComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsResumeComputeSystem")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ if hr != errVmcomputeOperationPending {
+ oc.SetSpanStatus(span, hr)
+ }
+ }()
+ span.AddAttributes(trace.StringAttribute("options", options))
+
+ return result, execute(ctx, timeout.SystemResume, func() error {
+ var resultp *uint16
+ err := hcsResumeComputeSystem(computeSystem, options, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsGetComputeSystemProperties(ctx gcontext.Context, computeSystem HcsSystem, propertyQuery string) (properties, result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsGetComputeSystemProperties")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+ span.AddAttributes(trace.StringAttribute("propertyQuery", propertyQuery))
+
+ return properties, result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var (
+ propertiesp *uint16
+ resultp *uint16
+ )
+ err := hcsGetComputeSystemProperties(computeSystem, propertyQuery, &propertiesp, &resultp)
+ if propertiesp != nil {
+ properties = interop.ConvertAndFreeCoTaskMemString(propertiesp)
+ }
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsModifyComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, configuration string) (result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsModifyComputeSystem")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+ span.AddAttributes(trace.StringAttribute("configuration", configuration))
+
+ return result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsModifyComputeSystem(computeSystem, configuration, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsModifyServiceSettings(ctx gcontext.Context, settings string) (result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsModifyServiceSettings")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+ span.AddAttributes(trace.StringAttribute("settings", settings))
+
+ return result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsModifyServiceSettings(settings, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsRegisterComputeSystemCallback(ctx gcontext.Context, computeSystem HcsSystem, callback uintptr, context uintptr) (callbackHandle HcsCallback, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsRegisterComputeSystemCallback")
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, hr) }()
+
+ return callbackHandle, execute(ctx, timeout.SyscallWatcher, func() error {
+ return hcsRegisterComputeSystemCallback(computeSystem, callback, context, &callbackHandle)
+ })
+}
+
+func HcsUnregisterComputeSystemCallback(ctx gcontext.Context, callbackHandle HcsCallback) (hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsUnregisterComputeSystemCallback")
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, hr) }()
+
+ return execute(ctx, timeout.SyscallWatcher, func() error {
+ return hcsUnregisterComputeSystemCallback(callbackHandle)
+ })
+}
+
+func HcsCreateProcess(ctx gcontext.Context, computeSystem HcsSystem, processParameters string) (processInformation HcsProcessInformation, process HcsProcess, result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsCreateProcess")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+ if span.IsRecordingEvents() {
+ // wont handle v1 process parameters
+ if s, err := log.ScrubProcessParameters(processParameters); err == nil {
+ span.AddAttributes(trace.StringAttribute("processParameters", s))
+ }
+ }
+
+ return processInformation, process, result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsCreateProcess(computeSystem, processParameters, &processInformation, &process, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsOpenProcess(ctx gcontext.Context, computeSystem HcsSystem, pid uint32) (process HcsProcess, result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsOpenProcess")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+ span.AddAttributes(trace.Int64Attribute("pid", int64(pid)))
+
+ return process, result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsOpenProcess(computeSystem, pid, &process, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsCloseProcess(ctx gcontext.Context, process HcsProcess) (hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsCloseProcess")
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, hr) }()
+
+ return execute(ctx, timeout.SyscallWatcher, func() error {
+ return hcsCloseProcess(process)
+ })
+}
+
+func HcsTerminateProcess(ctx gcontext.Context, process HcsProcess) (result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsTerminateProcess")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+
+ return result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsTerminateProcess(process, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsSignalProcess(ctx gcontext.Context, process HcsProcess, options string) (result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsSignalProcess")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+ span.AddAttributes(trace.StringAttribute("options", options))
+
+ return result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsSignalProcess(process, options, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsGetProcessInfo(ctx gcontext.Context, process HcsProcess) (processInformation HcsProcessInformation, result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsGetProcessInfo")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+
+ return processInformation, result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsGetProcessInfo(process, &processInformation, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsGetProcessProperties(ctx gcontext.Context, process HcsProcess) (processProperties, result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsGetProcessProperties")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+
+ return processProperties, result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var (
+ processPropertiesp *uint16
+ resultp *uint16
+ )
+ err := hcsGetProcessProperties(process, &processPropertiesp, &resultp)
+ if processPropertiesp != nil {
+ processProperties = interop.ConvertAndFreeCoTaskMemString(processPropertiesp)
+ }
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsModifyProcess(ctx gcontext.Context, process HcsProcess, settings string) (result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsModifyProcess")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+ span.AddAttributes(trace.StringAttribute("settings", settings))
+
+ return result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsModifyProcess(process, settings, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsGetServiceProperties(ctx gcontext.Context, propertyQuery string) (properties, result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsGetServiceProperties")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ oc.SetSpanStatus(span, hr)
+ }()
+ span.AddAttributes(trace.StringAttribute("propertyQuery", propertyQuery))
+
+ return properties, result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var (
+ propertiesp *uint16
+ resultp *uint16
+ )
+ err := hcsGetServiceProperties(propertyQuery, &propertiesp, &resultp)
+ if propertiesp != nil {
+ properties = interop.ConvertAndFreeCoTaskMemString(propertiesp)
+ }
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
+
+func HcsRegisterProcessCallback(ctx gcontext.Context, process HcsProcess, callback uintptr, context uintptr) (callbackHandle HcsCallback, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsRegisterProcessCallback")
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, hr) }()
+
+ return callbackHandle, execute(ctx, timeout.SyscallWatcher, func() error {
+ return hcsRegisterProcessCallback(process, callback, context, &callbackHandle)
+ })
+}
+
+func HcsUnregisterProcessCallback(ctx gcontext.Context, callbackHandle HcsCallback) (hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsUnregisterProcessCallback")
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, hr) }()
+
+ return execute(ctx, timeout.SyscallWatcher, func() error {
+ return hcsUnregisterProcessCallback(callbackHandle)
+ })
+}
+
+func HcsSaveComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) {
+ ctx, span := oc.StartSpan(ctx, "HcsSaveComputeSystem")
+ defer span.End()
+ defer func() {
+ if result != "" {
+ span.AddAttributes(trace.StringAttribute("result", result))
+ }
+ if hr != errVmcomputeOperationPending {
+ oc.SetSpanStatus(span, hr)
+ }
+ }()
+
+ return result, execute(ctx, timeout.SyscallWatcher, func() error {
+ var resultp *uint16
+ err := hcsSaveComputeSystem(computeSystem, options, &resultp)
+ if resultp != nil {
+ result = interop.ConvertAndFreeCoTaskMemString(resultp)
+ }
+ return err
+ })
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go
new file mode 100644
index 000000000..42368872b
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go
@@ -0,0 +1,610 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package vmcompute
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modvmcompute = windows.NewLazySystemDLL("vmcompute.dll")
+
+ procHcsCloseComputeSystem = modvmcompute.NewProc("HcsCloseComputeSystem")
+ procHcsCloseProcess = modvmcompute.NewProc("HcsCloseProcess")
+ procHcsCreateComputeSystem = modvmcompute.NewProc("HcsCreateComputeSystem")
+ procHcsCreateProcess = modvmcompute.NewProc("HcsCreateProcess")
+ procHcsEnumerateComputeSystems = modvmcompute.NewProc("HcsEnumerateComputeSystems")
+ procHcsGetComputeSystemProperties = modvmcompute.NewProc("HcsGetComputeSystemProperties")
+ procHcsGetProcessInfo = modvmcompute.NewProc("HcsGetProcessInfo")
+ procHcsGetProcessProperties = modvmcompute.NewProc("HcsGetProcessProperties")
+ procHcsGetServiceProperties = modvmcompute.NewProc("HcsGetServiceProperties")
+ procHcsModifyComputeSystem = modvmcompute.NewProc("HcsModifyComputeSystem")
+ procHcsModifyProcess = modvmcompute.NewProc("HcsModifyProcess")
+ procHcsModifyServiceSettings = modvmcompute.NewProc("HcsModifyServiceSettings")
+ procHcsOpenComputeSystem = modvmcompute.NewProc("HcsOpenComputeSystem")
+ procHcsOpenProcess = modvmcompute.NewProc("HcsOpenProcess")
+ procHcsPauseComputeSystem = modvmcompute.NewProc("HcsPauseComputeSystem")
+ procHcsRegisterComputeSystemCallback = modvmcompute.NewProc("HcsRegisterComputeSystemCallback")
+ procHcsRegisterProcessCallback = modvmcompute.NewProc("HcsRegisterProcessCallback")
+ procHcsResumeComputeSystem = modvmcompute.NewProc("HcsResumeComputeSystem")
+ procHcsSaveComputeSystem = modvmcompute.NewProc("HcsSaveComputeSystem")
+ procHcsShutdownComputeSystem = modvmcompute.NewProc("HcsShutdownComputeSystem")
+ procHcsSignalProcess = modvmcompute.NewProc("HcsSignalProcess")
+ procHcsStartComputeSystem = modvmcompute.NewProc("HcsStartComputeSystem")
+ procHcsTerminateComputeSystem = modvmcompute.NewProc("HcsTerminateComputeSystem")
+ procHcsTerminateProcess = modvmcompute.NewProc("HcsTerminateProcess")
+ procHcsUnregisterComputeSystemCallback = modvmcompute.NewProc("HcsUnregisterComputeSystemCallback")
+ procHcsUnregisterProcessCallback = modvmcompute.NewProc("HcsUnregisterProcessCallback")
+)
+
+func hcsCloseComputeSystem(computeSystem HcsSystem) (hr error) {
+ hr = procHcsCloseComputeSystem.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsCloseComputeSystem.Addr(), 1, uintptr(computeSystem), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsCloseProcess(process HcsProcess) (hr error) {
+ hr = procHcsCloseProcess.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsCloseProcess.Addr(), 1, uintptr(process), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsCreateComputeSystem(id string, configuration string, identity syscall.Handle, computeSystem *HcsSystem, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(configuration)
+ if hr != nil {
+ return
+ }
+ return _hcsCreateComputeSystem(_p0, _p1, identity, computeSystem, result)
+}
+
+func _hcsCreateComputeSystem(id *uint16, configuration *uint16, identity syscall.Handle, computeSystem *HcsSystem, result **uint16) (hr error) {
+ hr = procHcsCreateComputeSystem.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procHcsCreateComputeSystem.Addr(), 5, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(configuration)), uintptr(identity), uintptr(unsafe.Pointer(computeSystem)), uintptr(unsafe.Pointer(result)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsCreateProcess(computeSystem HcsSystem, processParameters string, processInformation *HcsProcessInformation, process *HcsProcess, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(processParameters)
+ if hr != nil {
+ return
+ }
+ return _hcsCreateProcess(computeSystem, _p0, processInformation, process, result)
+}
+
+func _hcsCreateProcess(computeSystem HcsSystem, processParameters *uint16, processInformation *HcsProcessInformation, process *HcsProcess, result **uint16) (hr error) {
+ hr = procHcsCreateProcess.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procHcsCreateProcess.Addr(), 5, uintptr(computeSystem), uintptr(unsafe.Pointer(processParameters)), uintptr(unsafe.Pointer(processInformation)), uintptr(unsafe.Pointer(process)), uintptr(unsafe.Pointer(result)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsEnumerateComputeSystems(query string, computeSystems **uint16, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(query)
+ if hr != nil {
+ return
+ }
+ return _hcsEnumerateComputeSystems(_p0, computeSystems, result)
+}
+
+func _hcsEnumerateComputeSystems(query *uint16, computeSystems **uint16, result **uint16) (hr error) {
+ hr = procHcsEnumerateComputeSystems.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsEnumerateComputeSystems.Addr(), 3, uintptr(unsafe.Pointer(query)), uintptr(unsafe.Pointer(computeSystems)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsGetComputeSystemProperties(computeSystem HcsSystem, propertyQuery string, properties **uint16, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(propertyQuery)
+ if hr != nil {
+ return
+ }
+ return _hcsGetComputeSystemProperties(computeSystem, _p0, properties, result)
+}
+
+func _hcsGetComputeSystemProperties(computeSystem HcsSystem, propertyQuery *uint16, properties **uint16, result **uint16) (hr error) {
+ hr = procHcsGetComputeSystemProperties.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procHcsGetComputeSystemProperties.Addr(), 4, uintptr(computeSystem), uintptr(unsafe.Pointer(propertyQuery)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsGetProcessInfo(process HcsProcess, processInformation *HcsProcessInformation, result **uint16) (hr error) {
+ hr = procHcsGetProcessInfo.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsGetProcessInfo.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(processInformation)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsGetProcessProperties(process HcsProcess, processProperties **uint16, result **uint16) (hr error) {
+ hr = procHcsGetProcessProperties.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsGetProcessProperties.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(processProperties)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsGetServiceProperties(propertyQuery string, properties **uint16, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(propertyQuery)
+ if hr != nil {
+ return
+ }
+ return _hcsGetServiceProperties(_p0, properties, result)
+}
+
+func _hcsGetServiceProperties(propertyQuery *uint16, properties **uint16, result **uint16) (hr error) {
+ hr = procHcsGetServiceProperties.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsGetServiceProperties.Addr(), 3, uintptr(unsafe.Pointer(propertyQuery)), uintptr(unsafe.Pointer(properties)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsModifyComputeSystem(computeSystem HcsSystem, configuration string, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(configuration)
+ if hr != nil {
+ return
+ }
+ return _hcsModifyComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsModifyComputeSystem(computeSystem HcsSystem, configuration *uint16, result **uint16) (hr error) {
+ hr = procHcsModifyComputeSystem.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsModifyComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(configuration)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsModifyProcess(process HcsProcess, settings string, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(settings)
+ if hr != nil {
+ return
+ }
+ return _hcsModifyProcess(process, _p0, result)
+}
+
+func _hcsModifyProcess(process HcsProcess, settings *uint16, result **uint16) (hr error) {
+ hr = procHcsModifyProcess.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsModifyProcess.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsModifyServiceSettings(settings string, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(settings)
+ if hr != nil {
+ return
+ }
+ return _hcsModifyServiceSettings(_p0, result)
+}
+
+func _hcsModifyServiceSettings(settings *uint16, result **uint16) (hr error) {
+ hr = procHcsModifyServiceSettings.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsModifyServiceSettings.Addr(), 2, uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsOpenComputeSystem(id string, computeSystem *HcsSystem, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ return _hcsOpenComputeSystem(_p0, computeSystem, result)
+}
+
+func _hcsOpenComputeSystem(id *uint16, computeSystem *HcsSystem, result **uint16) (hr error) {
+ hr = procHcsOpenComputeSystem.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsOpenComputeSystem.Addr(), 3, uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(computeSystem)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsOpenProcess(computeSystem HcsSystem, pid uint32, process *HcsProcess, result **uint16) (hr error) {
+ hr = procHcsOpenProcess.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procHcsOpenProcess.Addr(), 4, uintptr(computeSystem), uintptr(pid), uintptr(unsafe.Pointer(process)), uintptr(unsafe.Pointer(result)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsPauseComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(options)
+ if hr != nil {
+ return
+ }
+ return _hcsPauseComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsPauseComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+ hr = procHcsPauseComputeSystem.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsPauseComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsRegisterComputeSystemCallback(computeSystem HcsSystem, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) {
+ hr = procHcsRegisterComputeSystemCallback.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procHcsRegisterComputeSystemCallback.Addr(), 4, uintptr(computeSystem), uintptr(callback), uintptr(context), uintptr(unsafe.Pointer(callbackHandle)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsRegisterProcessCallback(process HcsProcess, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) {
+ hr = procHcsRegisterProcessCallback.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procHcsRegisterProcessCallback.Addr(), 4, uintptr(process), uintptr(callback), uintptr(context), uintptr(unsafe.Pointer(callbackHandle)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsResumeComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(options)
+ if hr != nil {
+ return
+ }
+ return _hcsResumeComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsResumeComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+ hr = procHcsResumeComputeSystem.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsResumeComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsSaveComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(options)
+ if hr != nil {
+ return
+ }
+ return _hcsSaveComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsSaveComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+ hr = procHcsSaveComputeSystem.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsSaveComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsShutdownComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(options)
+ if hr != nil {
+ return
+ }
+ return _hcsShutdownComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsShutdownComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+ hr = procHcsShutdownComputeSystem.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsShutdownComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsSignalProcess(process HcsProcess, options string, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(options)
+ if hr != nil {
+ return
+ }
+ return _hcsSignalProcess(process, _p0, result)
+}
+
+func _hcsSignalProcess(process HcsProcess, options *uint16, result **uint16) (hr error) {
+ hr = procHcsSignalProcess.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsSignalProcess.Addr(), 3, uintptr(process), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsStartComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(options)
+ if hr != nil {
+ return
+ }
+ return _hcsStartComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsStartComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+ hr = procHcsStartComputeSystem.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsStartComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsTerminateComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(options)
+ if hr != nil {
+ return
+ }
+ return _hcsTerminateComputeSystem(computeSystem, _p0, result)
+}
+
+func _hcsTerminateComputeSystem(computeSystem HcsSystem, options *uint16, result **uint16) (hr error) {
+ hr = procHcsTerminateComputeSystem.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsTerminateComputeSystem.Addr(), 3, uintptr(computeSystem), uintptr(unsafe.Pointer(options)), uintptr(unsafe.Pointer(result)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsTerminateProcess(process HcsProcess, result **uint16) (hr error) {
+ hr = procHcsTerminateProcess.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsTerminateProcess.Addr(), 2, uintptr(process), uintptr(unsafe.Pointer(result)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsUnregisterComputeSystemCallback(callbackHandle HcsCallback) (hr error) {
+ hr = procHcsUnregisterComputeSystemCallback.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsUnregisterComputeSystemCallback.Addr(), 1, uintptr(callbackHandle), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func hcsUnregisterProcessCallback(callbackHandle HcsCallback) (hr error) {
+ hr = procHcsUnregisterProcessCallback.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procHcsUnregisterProcessCallback.Addr(), 1, uintptr(callbackHandle), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go
new file mode 100644
index 000000000..e12253c94
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go
@@ -0,0 +1,29 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// ActivateLayer will find the layer with the given id and mount it's filesystem.
+// For a read/write layer, the mounted filesystem will appear as a volume on the
+// host, while a read-only layer is generally expected to be a no-op.
+// An activated layer must later be deactivated via DeactivateLayer.
+func ActivateLayer(ctx context.Context, path string) (err error) {
+ title := "hcsshim::ActivateLayer"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("path", path))
+
+ err = activateLayer(&stdDriverInfo, path)
+ if err != nil {
+ return hcserror.New(err, title, "")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayerreader.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayerreader.go
new file mode 100644
index 000000000..792f13f59
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayerreader.go
@@ -0,0 +1,216 @@
+package wclayer
+
+import (
+ "errors"
+ "io"
+ "os"
+ "path/filepath"
+ "strings"
+ "syscall"
+
+ "github.com/Microsoft/go-winio"
+ "github.com/Microsoft/hcsshim/internal/longpath"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+type baseLayerReader struct {
+ s *trace.Span
+ root string
+ result chan *fileEntry
+ proceed chan bool
+ currentFile *os.File
+ backupReader *winio.BackupFileReader
+}
+
+func newBaseLayerReader(root string, s *trace.Span) (r *baseLayerReader) {
+ r = &baseLayerReader{
+ s: s,
+ root: root,
+ result: make(chan *fileEntry),
+ proceed: make(chan bool),
+ }
+ go r.walk()
+ return r
+}
+
+func (r *baseLayerReader) walkUntilCancelled() error {
+ root, err := longpath.LongAbs(r.root)
+ if err != nil {
+ return err
+ }
+
+ r.root = root
+
+ err = filepath.Walk(filepath.Join(r.root, filesPath), func(path string, info os.FileInfo, err error) error {
+ if err != nil {
+ return err
+ }
+
+ // Indirect fix for https://github.com/moby/moby/issues/32838#issuecomment-343610048.
+ // Handle failure from what may be a golang bug in the conversion of
+ // UTF16 to UTF8 in files which are left in the recycle bin. Os.Lstat
+ // which is called by filepath.Walk will fail when a filename contains
+ // unicode characters. Skip the recycle bin regardless which is goodness.
+ if strings.EqualFold(path, filepath.Join(r.root, `Files\$Recycle.Bin`)) && info.IsDir() {
+ return filepath.SkipDir
+ }
+
+ r.result <- &fileEntry{path, info, nil}
+ if !<-r.proceed {
+ return errorIterationCanceled
+ }
+
+ return nil
+ })
+
+ if err == errorIterationCanceled {
+ return nil
+ }
+
+ if err != nil {
+ return err
+ }
+
+ utilityVMAbsPath := filepath.Join(r.root, UtilityVMPath)
+ utilityVMFilesAbsPath := filepath.Join(r.root, UtilityVMFilesPath)
+
+ // Ignore a UtilityVM without Files, that's not _really_ a UtiltyVM
+ if _, err = os.Lstat(utilityVMFilesAbsPath); err != nil {
+ if os.IsNotExist(err) {
+ return io.EOF
+ }
+ return err
+ }
+
+ err = filepath.Walk(utilityVMAbsPath, func(path string, info os.FileInfo, err error) error {
+ if err != nil {
+ return err
+ }
+
+ if path != utilityVMAbsPath && path != utilityVMFilesAbsPath && !hasPathPrefix(path, utilityVMFilesAbsPath) {
+ if info.IsDir() {
+ return filepath.SkipDir
+ }
+ return nil
+ }
+
+ r.result <- &fileEntry{path, info, nil}
+ if !<-r.proceed {
+ return errorIterationCanceled
+ }
+
+ return nil
+ })
+
+ if err == errorIterationCanceled {
+ return nil
+ }
+
+ if err != nil {
+ return err
+ }
+
+ return io.EOF
+}
+
+func (r *baseLayerReader) walk() {
+ defer close(r.result)
+ if !<-r.proceed {
+ return
+ }
+
+ err := r.walkUntilCancelled()
+ if err != nil {
+ for {
+ r.result <- &fileEntry{err: err}
+ if !<-r.proceed {
+ return
+ }
+ }
+ }
+}
+
+func (r *baseLayerReader) reset() {
+ if r.backupReader != nil {
+ r.backupReader.Close()
+ r.backupReader = nil
+ }
+ if r.currentFile != nil {
+ r.currentFile.Close()
+ r.currentFile = nil
+ }
+}
+
+func (r *baseLayerReader) Next() (path string, size int64, fileInfo *winio.FileBasicInfo, err error) {
+ r.reset()
+ r.proceed <- true
+ fe := <-r.result
+ if fe == nil {
+ err = errors.New("BaseLayerReader closed")
+ return
+ }
+ if fe.err != nil {
+ err = fe.err
+ return
+ }
+
+ path, err = filepath.Rel(r.root, fe.path)
+ if err != nil {
+ return
+ }
+
+ f, err := openFileOrDir(fe.path, syscall.GENERIC_READ, syscall.OPEN_EXISTING)
+ if err != nil {
+ return
+ }
+ defer func() {
+ if f != nil {
+ f.Close()
+ }
+ }()
+
+ fileInfo, err = winio.GetFileBasicInfo(f)
+ if err != nil {
+ return
+ }
+
+ size = fe.fi.Size()
+ r.backupReader = winio.NewBackupFileReader(f, true)
+
+ r.currentFile = f
+ f = nil
+ return
+}
+
+func (r *baseLayerReader) LinkInfo() (uint32, *winio.FileIDInfo, error) {
+ fileStandardInfo, err := winio.GetFileStandardInfo(r.currentFile)
+ if err != nil {
+ return 0, nil, err
+ }
+ fileIDInfo, err := winio.GetFileID(r.currentFile)
+ if err != nil {
+ return 0, nil, err
+ }
+ return fileStandardInfo.NumberOfLinks, fileIDInfo, nil
+}
+
+func (r *baseLayerReader) Read(b []byte) (int, error) {
+ if r.backupReader == nil {
+ return 0, io.EOF
+ }
+ return r.backupReader.Read(b)
+}
+
+func (r *baseLayerReader) Close() (err error) {
+ defer r.s.End()
+ defer func() {
+ oc.SetSpanStatus(r.s, err)
+ close(r.proceed)
+ }()
+ r.proceed <- false
+ // The r.result channel will be closed once walk() returns
+ <-r.result
+ r.reset()
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayerwriter.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayerwriter.go
new file mode 100644
index 000000000..aea8b421e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayerwriter.go
@@ -0,0 +1,183 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+ "errors"
+ "os"
+ "path/filepath"
+ "syscall"
+
+ "github.com/Microsoft/go-winio"
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/Microsoft/hcsshim/internal/safefile"
+ "github.com/Microsoft/hcsshim/internal/winapi"
+ "go.opencensus.io/trace"
+)
+
+type baseLayerWriter struct {
+ ctx context.Context
+ s *trace.Span
+
+ root *os.File
+ f *os.File
+ bw *winio.BackupFileWriter
+ err error
+ hasUtilityVM bool
+ dirInfo []dirInfo
+}
+
+type dirInfo struct {
+ path string
+ fileInfo winio.FileBasicInfo
+}
+
+// reapplyDirectoryTimes reapplies directory modification, creation, etc. times
+// after processing of the directory tree has completed. The times are expected
+// to be ordered such that parent directories come before child directories.
+func reapplyDirectoryTimes(root *os.File, dis []dirInfo) error {
+ for i := range dis {
+ di := &dis[len(dis)-i-1] // reverse order: process child directories first
+ f, err := safefile.OpenRelative(di.path, root, syscall.GENERIC_READ|syscall.GENERIC_WRITE, syscall.FILE_SHARE_READ, winapi.FILE_OPEN, winapi.FILE_DIRECTORY_FILE|syscall.FILE_FLAG_OPEN_REPARSE_POINT)
+ if err != nil {
+ return err
+ }
+
+ err = winio.SetFileBasicInfo(f, &di.fileInfo)
+ f.Close()
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func (w *baseLayerWriter) closeCurrentFile() error {
+ if w.f != nil {
+ err := w.bw.Close()
+ err2 := w.f.Close()
+ w.f = nil
+ w.bw = nil
+ if err != nil {
+ return err
+ }
+ if err2 != nil {
+ return err2
+ }
+ }
+ return nil
+}
+
+func (w *baseLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) (err error) {
+ defer func() {
+ if err != nil {
+ w.err = err
+ }
+ }()
+
+ err = w.closeCurrentFile()
+ if err != nil {
+ return err
+ }
+
+ if filepath.ToSlash(name) == `UtilityVM/Files` {
+ w.hasUtilityVM = true
+ }
+
+ var f *os.File
+ defer func() {
+ if f != nil {
+ f.Close()
+ }
+ }()
+
+ extraFlags := uint32(0)
+ if fileInfo.FileAttributes&syscall.FILE_ATTRIBUTE_DIRECTORY != 0 {
+ extraFlags |= winapi.FILE_DIRECTORY_FILE
+ w.dirInfo = append(w.dirInfo, dirInfo{name, *fileInfo})
+ }
+
+ mode := uint32(syscall.GENERIC_READ | syscall.GENERIC_WRITE | winio.WRITE_DAC | winio.WRITE_OWNER | winio.ACCESS_SYSTEM_SECURITY)
+ f, err = safefile.OpenRelative(name, w.root, mode, syscall.FILE_SHARE_READ, winapi.FILE_CREATE, extraFlags)
+ if err != nil {
+ return hcserror.New(err, "Failed to safefile.OpenRelative", name)
+ }
+
+ err = winio.SetFileBasicInfo(f, fileInfo)
+ if err != nil {
+ return hcserror.New(err, "Failed to SetFileBasicInfo", name)
+ }
+
+ w.f = f
+ w.bw = winio.NewBackupFileWriter(f, true)
+ f = nil
+ return nil
+}
+
+func (w *baseLayerWriter) AddLink(name string, target string) (err error) {
+ defer func() {
+ if err != nil {
+ w.err = err
+ }
+ }()
+
+ err = w.closeCurrentFile()
+ if err != nil {
+ return err
+ }
+
+ return safefile.LinkRelative(target, w.root, name, w.root)
+}
+
+func (w *baseLayerWriter) Remove(name string) error {
+ return errors.New("base layer cannot have tombstones")
+}
+
+func (w *baseLayerWriter) Write(b []byte) (int, error) {
+ n, err := w.bw.Write(b)
+ if err != nil {
+ w.err = err
+ }
+ return n, err
+}
+
+func (w *baseLayerWriter) Close() (err error) {
+ defer w.s.End()
+ defer func() { oc.SetSpanStatus(w.s, err) }()
+ defer func() {
+ w.root.Close()
+ w.root = nil
+ }()
+
+ err = w.closeCurrentFile()
+ if err != nil {
+ return err
+ }
+ if w.err == nil {
+ // Restore the file times of all the directories, since they may have
+ // been modified by creating child directories.
+ err = reapplyDirectoryTimes(w.root, w.dirInfo)
+ if err != nil {
+ return err
+ }
+
+ err = ProcessBaseLayer(w.ctx, w.root.Name())
+ if err != nil {
+ return err
+ }
+
+ if w.hasUtilityVM {
+ err := safefile.EnsureNotReparsePointRelative("UtilityVM", w.root)
+ if err != nil {
+ return err
+ }
+ err = ProcessUtilityVMImage(w.ctx, filepath.Join(w.root.Name(), "UtilityVM"))
+ if err != nil {
+ return err
+ }
+ }
+ }
+ return w.err
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/converttobaselayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/converttobaselayer.go
new file mode 100644
index 000000000..c542f556c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/converttobaselayer.go
@@ -0,0 +1,157 @@
+package wclayer
+
+import (
+ "context"
+ "fmt"
+ "os"
+ "path/filepath"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/longpath"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/Microsoft/hcsshim/internal/safefile"
+ "github.com/Microsoft/hcsshim/internal/winapi"
+ "github.com/pkg/errors"
+ "go.opencensus.io/trace"
+ "golang.org/x/sys/windows"
+)
+
+var hiveNames = []string{"DEFAULT", "SAM", "SECURITY", "SOFTWARE", "SYSTEM"}
+
+// Ensure the given file exists as an ordinary file, and create a minimal hive file if not.
+func ensureHive(path string, root *os.File) (err error) {
+ _, err = safefile.LstatRelative(path, root)
+ if err != nil && !os.IsNotExist(err) {
+ return fmt.Errorf("accessing %s: %w", path, err)
+ }
+
+ version := windows.RtlGetVersion()
+ if version == nil {
+ return fmt.Errorf("failed to get OS version")
+ }
+
+ var fullPath string
+ fullPath, err = longpath.LongAbs(filepath.Join(root.Name(), path))
+ if err != nil {
+ return fmt.Errorf("getting path: %w", err)
+ }
+
+ var key winapi.ORHKey
+ err = winapi.ORCreateHive(&key)
+ if err != nil {
+ return fmt.Errorf("creating hive: %w", err)
+ }
+
+ defer func() {
+ closeErr := winapi.ORCloseHive(key)
+ if closeErr != nil && err == nil {
+ err = fmt.Errorf("closing hive key: %w", closeErr)
+ }
+ }()
+
+ err = winapi.ORSaveHive(key, fullPath, version.MajorVersion, version.MinorVersion)
+ if err != nil {
+ return fmt.Errorf("saving hive: %w", err)
+ }
+
+ return nil
+}
+
+func ensureBaseLayer(root *os.File) (hasUtilityVM bool, err error) {
+ // The base layer registry hives will be copied from here
+ const hiveSourcePath = "Files\\Windows\\System32\\config"
+ if err = safefile.MkdirAllRelative(hiveSourcePath, root); err != nil {
+ return
+ }
+
+ for _, hiveName := range hiveNames {
+ hivePath := filepath.Join(hiveSourcePath, hiveName)
+ if err = ensureHive(hivePath, root); err != nil {
+ return
+ }
+ }
+
+ stat, err := safefile.LstatRelative(UtilityVMFilesPath, root)
+
+ if os.IsNotExist(err) {
+ return false, nil
+ }
+
+ if err != nil {
+ return
+ }
+
+ if !stat.Mode().IsDir() {
+ fullPath := filepath.Join(root.Name(), UtilityVMFilesPath)
+ return false, errors.Errorf("%s has unexpected file mode %s", fullPath, stat.Mode().String())
+ }
+
+ const bcdRelativePath = "EFI\\Microsoft\\Boot\\BCD"
+
+ // Just check that this exists as a regular file. If it exists but is not a valid registry hive,
+ // ProcessUtilityVMImage will complain:
+ // "The registry could not read in, or write out, or flush, one of the files that contain the system's image of the registry."
+ bcdPath := filepath.Join(UtilityVMFilesPath, bcdRelativePath)
+
+ stat, err = safefile.LstatRelative(bcdPath, root)
+ if err != nil {
+ return false, errors.Wrapf(err, "UtilityVM must contain '%s'", bcdRelativePath)
+ }
+
+ if !stat.Mode().IsRegular() {
+ fullPath := filepath.Join(root.Name(), bcdPath)
+ return false, errors.Errorf("%s has unexpected file mode %s", fullPath, stat.Mode().String())
+ }
+
+ return true, nil
+}
+
+func convertToBaseLayer(ctx context.Context, root *os.File) error {
+ hasUtilityVM, err := ensureBaseLayer(root)
+
+ if err != nil {
+ return err
+ }
+
+ if err := ProcessBaseLayer(ctx, root.Name()); err != nil {
+ return err
+ }
+
+ if !hasUtilityVM {
+ return nil
+ }
+
+ err = safefile.EnsureNotReparsePointRelative(UtilityVMPath, root)
+ if err != nil {
+ return err
+ }
+
+ utilityVMPath := filepath.Join(root.Name(), UtilityVMPath)
+ return ProcessUtilityVMImage(ctx, utilityVMPath)
+}
+
+// ConvertToBaseLayer processes a candidate base layer, i.e. a directory
+// containing the desired file content under Files/, and optionally the
+// desired file content for a UtilityVM under UtilityVM/Files/
+func ConvertToBaseLayer(ctx context.Context, path string) (err error) {
+ title := "hcsshim::ConvertToBaseLayer"
+ ctx, span := trace.StartSpan(ctx, title)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("path", path))
+
+ root, err := safefile.OpenRoot(path)
+ if err != nil {
+ return hcserror.New(err, title+" - failed", "")
+ }
+ defer func() {
+ if err2 := root.Close(); err == nil && err2 != nil {
+ err = hcserror.New(err2, title+" - failed", "")
+ }
+ }()
+
+ if err = convertToBaseLayer(ctx, root); err != nil {
+ return hcserror.New(err, title+" - failed", "")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go
new file mode 100644
index 000000000..932475723
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go
@@ -0,0 +1,29 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// CreateLayer creates a new, empty, read-only layer on the filesystem based on
+// the parent layer provided.
+func CreateLayer(ctx context.Context, path, parent string) (err error) {
+ title := "hcsshim::CreateLayer"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("path", path),
+ trace.StringAttribute("parent", parent))
+
+ err = createLayer(&stdDriverInfo, path, parent)
+ if err != nil {
+ return hcserror.New(err, title, "")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go
new file mode 100644
index 000000000..5c9d5d250
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go
@@ -0,0 +1,36 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+ "strings"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// CreateScratchLayer creates and populates new read-write layer for use by a container.
+// This requires the full list of paths to all parent layers up to the base
+func CreateScratchLayer(ctx context.Context, path string, parentLayerPaths []string) (err error) {
+ title := "hcsshim::CreateScratchLayer"
+ ctx, span := oc.StartSpan(ctx, title)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("path", path),
+ trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
+
+ // Generate layer descriptors
+ layers, err := layerPathsToDescriptors(ctx, parentLayerPaths)
+ if err != nil {
+ return err
+ }
+
+ err = createSandboxLayer(&stdDriverInfo, path, 0, layers)
+ if err != nil {
+ return hcserror.New(err, title, "")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go
new file mode 100644
index 000000000..e3bc77cbc
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go
@@ -0,0 +1,26 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// DeactivateLayer will dismount a layer that was mounted via ActivateLayer.
+func DeactivateLayer(ctx context.Context, path string) (err error) {
+ title := "hcsshim::DeactivateLayer"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("path", path))
+
+ err = deactivateLayer(&stdDriverInfo, path)
+ if err != nil {
+ return hcserror.New(err, title+"- failed", "")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go
new file mode 100644
index 000000000..d0a59efe1
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go
@@ -0,0 +1,27 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// DestroyLayer will remove the on-disk files representing the layer with the given
+// path, including that layer's containing folder, if any.
+func DestroyLayer(ctx context.Context, path string) (err error) {
+ title := "hcsshim::DestroyLayer"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("path", path))
+
+ err = destroyLayer(&stdDriverInfo, path)
+ if err != nil {
+ return hcserror.New(err, title, "")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/doc.go
new file mode 100644
index 000000000..dd1d55580
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/doc.go
@@ -0,0 +1,4 @@
+// Package wclayer provides bindings to HCS's legacy layer management API and
+// provides a higher level interface around these calls for container layer
+// management.
+package wclayer
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go
new file mode 100644
index 000000000..e2ec27ad0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go
@@ -0,0 +1,142 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+ "os"
+ "path/filepath"
+ "syscall"
+ "unsafe"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/Microsoft/hcsshim/osversion"
+ "go.opencensus.io/trace"
+)
+
+// ExpandScratchSize expands the size of a layer to at least size bytes.
+func ExpandScratchSize(ctx context.Context, path string, size uint64) (err error) {
+ title := "hcsshim::ExpandScratchSize"
+ ctx, span := oc.StartSpan(ctx, title)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("path", path),
+ trace.Int64Attribute("size", int64(size)))
+
+ err = expandSandboxSize(&stdDriverInfo, path, size)
+ if err != nil {
+ return hcserror.New(err, title, "")
+ }
+
+ // Manually expand the volume now in order to work around bugs in 19H1 and
+ // prerelease versions of Vb. Remove once this is fixed in Windows.
+ if build := osversion.Build(); build >= osversion.V19H1 && build < 19020 {
+ err = expandSandboxVolume(ctx, path)
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+type virtualStorageType struct {
+ DeviceID uint32
+ VendorID [16]byte
+}
+
+type openVersion2 struct {
+ GetInfoOnly int32 // bool but 4-byte aligned
+ ReadOnly int32 // bool but 4-byte aligned
+ ResiliencyGUID [16]byte // GUID
+}
+
+type openVirtualDiskParameters struct {
+ Version uint32 // Must always be set to 2
+ Version2 openVersion2
+}
+
+func attachVhd(path string) (syscall.Handle, error) {
+ var (
+ defaultType virtualStorageType
+ handle syscall.Handle
+ )
+ parameters := openVirtualDiskParameters{Version: 2}
+ err := openVirtualDisk(
+ &defaultType,
+ path,
+ 0,
+ 0,
+ ¶meters,
+ &handle)
+ if err != nil {
+ return 0, &os.PathError{Op: "OpenVirtualDisk", Path: path, Err: err}
+ }
+ err = attachVirtualDisk(handle, 0, 0, 0, 0, 0)
+ if err != nil {
+ syscall.Close(handle)
+ return 0, &os.PathError{Op: "AttachVirtualDisk", Path: path, Err: err}
+ }
+ return handle, nil
+}
+
+func expandSandboxVolume(ctx context.Context, path string) error {
+ // Mount the sandbox VHD temporarily.
+ vhdPath := filepath.Join(path, "sandbox.vhdx")
+ vhd, err := attachVhd(vhdPath)
+ if err != nil {
+ return &os.PathError{Op: "OpenVirtualDisk", Path: vhdPath, Err: err}
+ }
+ defer syscall.Close(vhd)
+
+ // Open the volume.
+ volumePath, err := GetLayerMountPath(ctx, path)
+ if err != nil {
+ return err
+ }
+ if volumePath[len(volumePath)-1] == '\\' {
+ volumePath = volumePath[:len(volumePath)-1]
+ }
+ volume, err := os.OpenFile(volumePath, os.O_RDWR, 0)
+ if err != nil {
+ return err
+ }
+ defer volume.Close()
+
+ // Get the volume's underlying partition size in NTFS clusters.
+ var (
+ partitionSize int64
+ bytes uint32
+ )
+ const _IOCTL_DISK_GET_LENGTH_INFO = 0x0007405C
+ err = syscall.DeviceIoControl(syscall.Handle(volume.Fd()), _IOCTL_DISK_GET_LENGTH_INFO, nil, 0, (*byte)(unsafe.Pointer(&partitionSize)), 8, &bytes, nil)
+ if err != nil {
+ return &os.PathError{Op: "IOCTL_DISK_GET_LENGTH_INFO", Path: volume.Name(), Err: err}
+ }
+ const (
+ clusterSize = 4096
+ sectorSize = 512
+ )
+ targetClusters := partitionSize / clusterSize
+
+ // Get the volume's current size in NTFS clusters.
+ var volumeSize int64
+ err = getDiskFreeSpaceEx(volume.Name()+"\\", nil, &volumeSize, nil)
+ if err != nil {
+ return &os.PathError{Op: "GetDiskFreeSpaceEx", Path: volume.Name(), Err: err}
+ }
+ volumeClusters := volumeSize / clusterSize
+
+ // Only resize the volume if there is space to grow, otherwise this will
+ // fail with invalid parameter. NTFS reserves one cluster.
+ if volumeClusters+1 < targetClusters {
+ targetSectors := targetClusters * (clusterSize / sectorSize)
+ const _FSCTL_EXTEND_VOLUME = 0x000900F0
+ err = syscall.DeviceIoControl(syscall.Handle(volume.Fd()), _FSCTL_EXTEND_VOLUME, (*byte)(unsafe.Pointer(&targetSectors)), 8, nil, 0, &bytes, nil)
+ if err != nil {
+ return &os.PathError{Op: "FSCTL_EXTEND_VOLUME", Path: volume.Name(), Err: err}
+ }
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go
new file mode 100644
index 000000000..d4c677aab
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go
@@ -0,0 +1,107 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+ "os"
+ "strings"
+
+ "github.com/Microsoft/go-winio"
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// ExportLayer will create a folder at exportFolderPath and fill that folder with
+// the transport format version of the layer identified by layerId. This transport
+// format includes any metadata required for later importing the layer (using
+// ImportLayer), and requires the full list of parent layer paths in order to
+// perform the export.
+func ExportLayer(ctx context.Context, path string, exportFolderPath string, parentLayerPaths []string) (err error) {
+ title := "hcsshim::ExportLayer"
+ ctx, span := oc.StartSpan(ctx, title)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("path", path),
+ trace.StringAttribute("exportFolderPath", exportFolderPath),
+ trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
+
+ // Generate layer descriptors
+ layers, err := layerPathsToDescriptors(ctx, parentLayerPaths)
+ if err != nil {
+ return err
+ }
+
+ err = exportLayer(&stdDriverInfo, path, exportFolderPath, layers)
+ if err != nil {
+ return hcserror.New(err, title, "")
+ }
+ return nil
+}
+
+// LayerReader is an interface that supports reading an existing container image layer.
+type LayerReader interface {
+ // Next advances to the next file and returns the name, size, and file info
+ Next() (string, int64, *winio.FileBasicInfo, error)
+ // LinkInfo returns the number of links and the file identifier for the current file.
+ LinkInfo() (uint32, *winio.FileIDInfo, error)
+ // Read reads data from the current file, in the format of a Win32 backup stream, and
+ // returns the number of bytes read.
+ Read(b []byte) (int, error)
+ // Close finishes the layer reading process and releases any resources.
+ Close() error
+}
+
+// NewLayerReader returns a new layer reader for reading the contents of an on-disk layer.
+// The caller must have taken the SeBackupPrivilege privilege
+// to call this and any methods on the resulting LayerReader.
+func NewLayerReader(ctx context.Context, path string, parentLayerPaths []string) (_ LayerReader, err error) {
+ ctx, span := oc.StartSpan(ctx, "hcsshim::NewLayerReader")
+ defer func() {
+ if err != nil {
+ oc.SetSpanStatus(span, err)
+ span.End()
+ }
+ }()
+ span.AddAttributes(
+ trace.StringAttribute("path", path),
+ trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
+
+ if len(parentLayerPaths) == 0 {
+ // This is a base layer. It gets exported differently.
+ return newBaseLayerReader(path, span), nil
+ }
+
+ exportPath, err := os.MkdirTemp("", "hcs")
+ if err != nil {
+ return nil, err
+ }
+ err = ExportLayer(ctx, path, exportPath, parentLayerPaths)
+ if err != nil {
+ os.RemoveAll(exportPath)
+ return nil, err
+ }
+ return &legacyLayerReaderWrapper{
+ ctx: ctx,
+ s: span,
+ legacyLayerReader: newLegacyLayerReader(exportPath),
+ }, nil
+}
+
+type legacyLayerReaderWrapper struct {
+ ctx context.Context
+ s *trace.Span
+
+ *legacyLayerReader
+}
+
+func (r *legacyLayerReaderWrapper) Close() (err error) {
+ defer r.s.End()
+ defer func() { oc.SetSpanStatus(r.s, err) }()
+
+ err = r.legacyLayerReader.Close()
+ os.RemoveAll(r.root)
+ return err
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go
new file mode 100644
index 000000000..715e06e37
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go
@@ -0,0 +1,52 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+ "syscall"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/log"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// GetLayerMountPath will look for a mounted layer with the given path and return
+// the path at which that layer can be accessed. This path may be a volume path
+// if the layer is a mounted read-write layer, otherwise it is expected to be the
+// folder path at which the layer is stored.
+func GetLayerMountPath(ctx context.Context, path string) (_ string, err error) {
+ title := "hcsshim::GetLayerMountPath"
+ ctx, span := oc.StartSpan(ctx, title)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("path", path))
+
+ var mountPathLength uintptr = 0
+
+ // Call the procedure itself.
+ log.G(ctx).Debug("Calling proc (1)")
+ err = getLayerMountPath(&stdDriverInfo, path, &mountPathLength, nil)
+ if err != nil {
+ return "", hcserror.New(err, title, "(first call)")
+ }
+
+ // Allocate a mount path of the returned length.
+ if mountPathLength == 0 {
+ return "", nil
+ }
+ mountPathp := make([]uint16, mountPathLength)
+ mountPathp[0] = 0
+
+ // Call the procedure again
+ log.G(ctx).Debug("Calling proc (2)")
+ err = getLayerMountPath(&stdDriverInfo, path, &mountPathLength, &mountPathp[0])
+ if err != nil {
+ return "", hcserror.New(err, title, "(second call)")
+ }
+
+ mountPath := syscall.UTF16ToString(mountPathp[0:])
+ span.AddAttributes(trace.StringAttribute("mountPath", mountPath))
+ return mountPath, nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go
new file mode 100644
index 000000000..5e400fb20
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go
@@ -0,0 +1,31 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/interop"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// GetSharedBaseImages will enumerate the images stored in the common central
+// image store and return descriptive info about those images for the purpose
+// of registering them with the graphdriver, graph, and tagstore.
+func GetSharedBaseImages(ctx context.Context) (_ string, err error) {
+ title := "hcsshim::GetSharedBaseImages"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+
+ var buffer *uint16
+ err = getBaseImages(&buffer)
+ if err != nil {
+ return "", hcserror.New(err, title, "")
+ }
+ imageData := interop.ConvertAndFreeCoTaskMemString(buffer)
+ span.AddAttributes(trace.StringAttribute("imageData", imageData))
+ return imageData, nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go
new file mode 100644
index 000000000..20217ed81
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go
@@ -0,0 +1,28 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// GrantVmAccess adds access to a file for a given VM
+func GrantVmAccess(ctx context.Context, vmid string, filepath string) (err error) {
+ title := "hcsshim::GrantVmAccess"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("vm-id", vmid),
+ trace.StringAttribute("path", filepath))
+
+ err = grantVmAccess(vmid, filepath)
+ if err != nil {
+ return hcserror.New(err, title, "")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go
new file mode 100644
index 000000000..50f669a26
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go
@@ -0,0 +1,167 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+ "os"
+ "path/filepath"
+ "strings"
+
+ "github.com/Microsoft/go-winio"
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "github.com/Microsoft/hcsshim/internal/safefile"
+ "go.opencensus.io/trace"
+)
+
+// ImportLayer will take the contents of the folder at importFolderPath and import
+// that into a layer with the id layerId. Note that in order to correctly populate
+// the layer and interperet the transport format, all parent layers must already
+// be present on the system at the paths provided in parentLayerPaths.
+func ImportLayer(ctx context.Context, path string, importFolderPath string, parentLayerPaths []string) (err error) {
+ title := "hcsshim::ImportLayer"
+ ctx, span := oc.StartSpan(ctx, title)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("path", path),
+ trace.StringAttribute("importFolderPath", importFolderPath),
+ trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
+
+ // Generate layer descriptors
+ layers, err := layerPathsToDescriptors(ctx, parentLayerPaths)
+ if err != nil {
+ return err
+ }
+
+ err = importLayer(&stdDriverInfo, path, importFolderPath, layers)
+ if err != nil {
+ return hcserror.New(err, title, "")
+ }
+ return nil
+}
+
+// LayerWriter is an interface that supports writing a new container image layer.
+type LayerWriter interface {
+ // Add adds a file to the layer with given metadata.
+ Add(name string, fileInfo *winio.FileBasicInfo) error
+ // AddLink adds a hard link to the layer. The target must already have been added.
+ AddLink(name string, target string) error
+ // Remove removes a file that was present in a parent layer from the layer.
+ Remove(name string) error
+ // Write writes data to the current file. The data must be in the format of a Win32
+ // backup stream.
+ Write(b []byte) (int, error)
+ // Close finishes the layer writing process and releases any resources.
+ Close() error
+}
+
+type legacyLayerWriterWrapper struct {
+ ctx context.Context
+ s *trace.Span
+
+ *legacyLayerWriter
+ path string
+ parentLayerPaths []string
+}
+
+func (r *legacyLayerWriterWrapper) Close() (err error) {
+ defer r.s.End()
+ defer func() { oc.SetSpanStatus(r.s, err) }()
+ defer os.RemoveAll(r.root.Name())
+ defer r.legacyLayerWriter.CloseRoots()
+
+ err = r.legacyLayerWriter.Close()
+ if err != nil {
+ return err
+ }
+
+ if err = ImportLayer(r.ctx, r.destRoot.Name(), r.path, r.parentLayerPaths); err != nil {
+ return err
+ }
+ for _, name := range r.Tombstones {
+ if err = safefile.RemoveRelative(name, r.destRoot); err != nil && !os.IsNotExist(err) {
+ return err
+ }
+ }
+ // Add any hard links that were collected.
+ for _, lnk := range r.PendingLinks {
+ if err = safefile.RemoveRelative(lnk.Path, r.destRoot); err != nil && !os.IsNotExist(err) {
+ return err
+ }
+ if err = safefile.LinkRelative(lnk.Target, lnk.TargetRoot, lnk.Path, r.destRoot); err != nil {
+ return err
+ }
+ }
+
+ // The reapplyDirectoryTimes must be called AFTER we are done with Tombstone
+ // deletion and hard link creation. This is because Tombstone deletion and hard link
+ // creation updates the directory last write timestamps so that will change the
+ // timestamps added by the `Add` call. Some container applications depend on the
+ // correctness of these timestamps and so we should change the timestamps back to
+ // the original value (i.e the value provided in the Add call) after this
+ // processing is done.
+ err = reapplyDirectoryTimes(r.destRoot, r.changedDi)
+ if err != nil {
+ return err
+ }
+
+ // Prepare the utility VM for use if one is present in the layer.
+ if r.HasUtilityVM {
+ err := safefile.EnsureNotReparsePointRelative("UtilityVM", r.destRoot)
+ if err != nil {
+ return err
+ }
+ err = ProcessUtilityVMImage(r.ctx, filepath.Join(r.destRoot.Name(), "UtilityVM"))
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// NewLayerWriter returns a new layer writer for creating a layer on disk.
+// The caller must have taken the SeBackupPrivilege and SeRestorePrivilege privileges
+// to call this and any methods on the resulting LayerWriter.
+func NewLayerWriter(ctx context.Context, path string, parentLayerPaths []string) (_ LayerWriter, err error) {
+ ctx, span := oc.StartSpan(ctx, "hcsshim::NewLayerWriter")
+ defer func() {
+ if err != nil {
+ oc.SetSpanStatus(span, err)
+ span.End()
+ }
+ }()
+ span.AddAttributes(
+ trace.StringAttribute("path", path),
+ trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
+
+ if len(parentLayerPaths) == 0 {
+ // This is a base layer. It gets imported differently.
+ f, err := safefile.OpenRoot(path)
+ if err != nil {
+ return nil, err
+ }
+ return &baseLayerWriter{
+ ctx: ctx,
+ s: span,
+ root: f,
+ }, nil
+ }
+
+ importPath, err := os.MkdirTemp("", "hcs")
+ if err != nil {
+ return nil, err
+ }
+ w, err := newLegacyLayerWriter(importPath, parentLayerPaths, path)
+ if err != nil {
+ return nil, err
+ }
+ return &legacyLayerWriterWrapper{
+ ctx: ctx,
+ s: span,
+ legacyLayerWriter: w,
+ path: importPath,
+ parentLayerPaths: parentLayerPaths,
+ }, nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go
new file mode 100644
index 000000000..4d82977ea
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go
@@ -0,0 +1,30 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// LayerExists will return true if a layer with the given id exists and is known
+// to the system.
+func LayerExists(ctx context.Context, path string) (_ bool, err error) {
+ title := "hcsshim::LayerExists"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("path", path))
+
+ // Call the procedure itself.
+ var exists uint32
+ err = layerExists(&stdDriverInfo, path, &exists)
+ if err != nil {
+ return false, hcserror.New(err, title, "")
+ }
+ span.AddAttributes(trace.BoolAttribute("layer-exists", exists != 0))
+ return exists != 0, nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go
new file mode 100644
index 000000000..d4805f144
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go
@@ -0,0 +1,24 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+ "path/filepath"
+
+ "github.com/Microsoft/go-winio/pkg/guid"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// LayerID returns the layer ID of a layer on disk.
+func LayerID(ctx context.Context, path string) (_ guid.GUID, err error) {
+ title := "hcsshim::LayerID"
+ ctx, span := oc.StartSpan(ctx, title)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("path", path))
+
+ _, file := filepath.Split(path)
+ return NameToGuid(ctx, file)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go
new file mode 100644
index 000000000..ee17dd3d1
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go
@@ -0,0 +1,127 @@
+//go:build windows
+
+package wclayer
+
+// This file contains utility functions to support storage (graph) related
+// functionality.
+
+import (
+ "context"
+ "fmt"
+ "os"
+ "path/filepath"
+ "strconv"
+ "syscall"
+
+ "github.com/Microsoft/go-winio/pkg/guid"
+ "github.com/sirupsen/logrus"
+)
+
+/*
+To pass into syscall, we need a struct matching the following:
+
+enum GraphDriverType
+{
+ DiffDriver,
+ FilterDriver
+};
+
+struct DriverInfo {
+ GraphDriverType Flavour;
+ LPCWSTR HomeDir;
+};
+*/
+
+type driverInfo struct {
+ Flavour int
+ HomeDirp *uint16
+}
+
+var (
+ utf16EmptyString uint16
+ stdDriverInfo = driverInfo{1, &utf16EmptyString}
+)
+
+/*
+To pass into syscall, we need a struct matching the following:
+
+typedef struct _WC_LAYER_DESCRIPTOR {
+
+ //
+ // The ID of the layer
+ //
+
+ GUID LayerId;
+
+ //
+ // Additional flags
+ //
+
+ union {
+ struct {
+ ULONG Reserved : 31;
+ ULONG Dirty : 1; // Created from sandbox as a result of snapshot
+ };
+ ULONG Value;
+ } Flags;
+
+ //
+ // Path to the layer root directory, null-terminated
+ //
+
+ PCWSTR Path;
+
+} WC_LAYER_DESCRIPTOR, *PWC_LAYER_DESCRIPTOR;
+*/
+type WC_LAYER_DESCRIPTOR struct {
+ LayerId guid.GUID
+ Flags uint32
+ Pathp *uint16
+}
+
+func layerPathsToDescriptors(ctx context.Context, parentLayerPaths []string) ([]WC_LAYER_DESCRIPTOR, error) {
+ // Array of descriptors that gets constructed.
+ var layers []WC_LAYER_DESCRIPTOR
+
+ for i := 0; i < len(parentLayerPaths); i++ {
+ g, err := LayerID(ctx, parentLayerPaths[i])
+ if err != nil {
+ logrus.WithError(err).Debug("Failed to convert name to guid")
+ return nil, err
+ }
+
+ p, err := syscall.UTF16PtrFromString(parentLayerPaths[i])
+ if err != nil {
+ logrus.WithError(err).Debug("Failed conversion of parentLayerPath to pointer")
+ return nil, err
+ }
+
+ layers = append(layers, WC_LAYER_DESCRIPTOR{
+ LayerId: g,
+ Flags: 0,
+ Pathp: p,
+ })
+ }
+
+ return layers, nil
+}
+
+// GetLayerUvmBuild looks for a file named `uvmbuildversion` at `layerPath\uvmbuildversion` and returns the
+// build number of the UVM from that file.
+func GetLayerUvmBuild(layerPath string) (uint16, error) {
+ data, err := os.ReadFile(filepath.Join(layerPath, UvmBuildFileName))
+ if err != nil {
+ return 0, err
+ }
+ ver, err := strconv.ParseUint(string(data), 10, 16)
+ if err != nil {
+ return 0, err
+ }
+ return uint16(ver), nil
+}
+
+// WriteLayerUvmBuildFile writes a file at path `layerPath\uvmbuildversion` that contains the given `build`
+// version for future reference.
+func WriteLayerUvmBuildFile(layerPath string, build uint16) error {
+ return os.WriteFile(filepath.Join(layerPath, UvmBuildFileName), []byte(fmt.Sprintf("%d", build)), 0777)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go
new file mode 100644
index 000000000..807d83310
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go
@@ -0,0 +1,832 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "bufio"
+ "encoding/binary"
+ "errors"
+ "fmt"
+ "io"
+ "os"
+ "path/filepath"
+ "strings"
+ "syscall"
+
+ "github.com/Microsoft/go-winio"
+ "github.com/Microsoft/hcsshim/internal/longpath"
+ "github.com/Microsoft/hcsshim/internal/safefile"
+ "github.com/Microsoft/hcsshim/internal/winapi"
+)
+
+var errorIterationCanceled = errors.New("")
+
+var mutatedUtilityVMFiles = map[string]bool{
+ `EFI\Microsoft\Boot\BCD`: true,
+ `EFI\Microsoft\Boot\BCD.LOG`: true,
+ `EFI\Microsoft\Boot\BCD.LOG1`: true,
+ `EFI\Microsoft\Boot\BCD.LOG2`: true,
+}
+
+const (
+ filesPath = `Files`
+ HivesPath = `Hives`
+ UtilityVMPath = `UtilityVM`
+ UtilityVMFilesPath = `UtilityVM\Files`
+ RegFilesPath = `Files\Windows\System32\config`
+ BcdFilePath = `UtilityVM\Files\EFI\Microsoft\Boot\BCD`
+ BootMgrFilePath = `UtilityVM\Files\EFI\Microsoft\Boot\bootmgfw.efi`
+ ContainerBaseVhd = `blank-base.vhdx`
+ ContainerScratchVhd = `blank.vhdx`
+ UtilityVMBaseVhd = `SystemTemplateBase.vhdx`
+ UtilityVMScratchVhd = `SystemTemplate.vhdx`
+ LayoutFileName = `layout`
+ UvmBuildFileName = `uvmbuildversion`
+)
+
+func openFileOrDir(path string, mode uint32, createDisposition uint32) (file *os.File, err error) {
+ return winio.OpenForBackup(path, mode, syscall.FILE_SHARE_READ, createDisposition)
+}
+
+func hasPathPrefix(p, prefix string) bool {
+ return strings.HasPrefix(p, prefix) && len(p) > len(prefix) && p[len(prefix)] == '\\'
+}
+
+type fileEntry struct {
+ path string
+ fi os.FileInfo
+ err error
+}
+
+type legacyLayerReader struct {
+ root string
+ result chan *fileEntry
+ proceed chan bool
+ currentFile *os.File
+ backupReader *winio.BackupFileReader
+}
+
+// newLegacyLayerReader returns a new LayerReader that can read the Windows
+// container layer transport format from disk.
+func newLegacyLayerReader(root string) *legacyLayerReader {
+ r := &legacyLayerReader{
+ root: root,
+ result: make(chan *fileEntry),
+ proceed: make(chan bool),
+ }
+ go r.walk()
+ return r
+}
+
+func readTombstones(path string) (map[string]([]string), error) {
+ tf, err := os.Open(filepath.Join(path, "tombstones.txt"))
+ if err != nil {
+ return nil, err
+ }
+ defer tf.Close()
+ s := bufio.NewScanner(tf)
+ if !s.Scan() || s.Text() != "\xef\xbb\xbfVersion 1.0" {
+ return nil, errors.New("invalid tombstones file")
+ }
+
+ ts := make(map[string]([]string))
+ for s.Scan() {
+ t := filepath.Join(filesPath, s.Text()[1:]) // skip leading `\`
+ dir := filepath.Dir(t)
+ ts[dir] = append(ts[dir], t)
+ }
+ if err = s.Err(); err != nil {
+ return nil, err
+ }
+
+ return ts, nil
+}
+
+func (r *legacyLayerReader) walkUntilCancelled() error {
+ root, err := longpath.LongAbs(r.root)
+ if err != nil {
+ return err
+ }
+
+ r.root = root
+ ts, err := readTombstones(r.root)
+ if err != nil {
+ return err
+ }
+
+ err = filepath.Walk(r.root, func(path string, info os.FileInfo, err error) error {
+ if err != nil {
+ return err
+ }
+
+ // Indirect fix for https://github.com/moby/moby/issues/32838#issuecomment-343610048.
+ // Handle failure from what may be a golang bug in the conversion of
+ // UTF16 to UTF8 in files which are left in the recycle bin. Os.Lstat
+ // which is called by filepath.Walk will fail when a filename contains
+ // unicode characters. Skip the recycle bin regardless which is goodness.
+ if strings.EqualFold(path, filepath.Join(r.root, `Files\$Recycle.Bin`)) && info.IsDir() {
+ return filepath.SkipDir
+ }
+
+ if path == r.root || path == filepath.Join(r.root, "tombstones.txt") || strings.HasSuffix(path, ".$wcidirs$") {
+ return nil
+ }
+
+ r.result <- &fileEntry{path, info, nil}
+ if !<-r.proceed {
+ return errorIterationCanceled
+ }
+
+ // List all the tombstones.
+ if info.IsDir() {
+ relPath, err := filepath.Rel(r.root, path)
+ if err != nil {
+ return err
+ }
+ if dts, ok := ts[relPath]; ok {
+ for _, t := range dts {
+ r.result <- &fileEntry{filepath.Join(r.root, t), nil, nil}
+ if !<-r.proceed {
+ return errorIterationCanceled
+ }
+ }
+ }
+ }
+ return nil
+ })
+ if err == errorIterationCanceled {
+ return nil
+ }
+ if err == nil {
+ return io.EOF
+ }
+ return err
+}
+
+func (r *legacyLayerReader) walk() {
+ defer close(r.result)
+ if !<-r.proceed {
+ return
+ }
+
+ err := r.walkUntilCancelled()
+ if err != nil {
+ for {
+ r.result <- &fileEntry{err: err}
+ if !<-r.proceed {
+ return
+ }
+ }
+ }
+}
+
+func (r *legacyLayerReader) reset() {
+ if r.backupReader != nil {
+ r.backupReader.Close()
+ r.backupReader = nil
+ }
+ if r.currentFile != nil {
+ r.currentFile.Close()
+ r.currentFile = nil
+ }
+}
+
+func findBackupStreamSize(r io.Reader) (int64, error) {
+ br := winio.NewBackupStreamReader(r)
+ for {
+ hdr, err := br.Next()
+ if err != nil {
+ if err == io.EOF {
+ err = nil
+ }
+ return 0, err
+ }
+ if hdr.Id == winio.BackupData {
+ return hdr.Size, nil
+ }
+ }
+}
+
+func (r *legacyLayerReader) Next() (path string, size int64, fileInfo *winio.FileBasicInfo, err error) {
+ r.reset()
+ r.proceed <- true
+ fe := <-r.result
+ if fe == nil {
+ err = errors.New("LegacyLayerReader closed")
+ return
+ }
+ if fe.err != nil {
+ err = fe.err
+ return
+ }
+
+ path, err = filepath.Rel(r.root, fe.path)
+ if err != nil {
+ return
+ }
+
+ if fe.fi == nil {
+ // This is a tombstone. Return a nil fileInfo.
+ return
+ }
+
+ if fe.fi.IsDir() && hasPathPrefix(path, filesPath) {
+ fe.path += ".$wcidirs$"
+ }
+
+ f, err := openFileOrDir(fe.path, syscall.GENERIC_READ, syscall.OPEN_EXISTING)
+ if err != nil {
+ return
+ }
+ defer func() {
+ if f != nil {
+ f.Close()
+ }
+ }()
+
+ fileInfo, err = winio.GetFileBasicInfo(f)
+ if err != nil {
+ return
+ }
+
+ if !hasPathPrefix(path, filesPath) {
+ size = fe.fi.Size()
+ r.backupReader = winio.NewBackupFileReader(f, false)
+ if path == HivesPath || path == filesPath {
+ // The Hives directory has a non-deterministic file time because of the
+ // nature of the import process. Use the times from System_Delta.
+ var g *os.File
+ g, err = os.Open(filepath.Join(r.root, HivesPath, `System_Delta`))
+ if err != nil {
+ return
+ }
+ attr := fileInfo.FileAttributes
+ fileInfo, err = winio.GetFileBasicInfo(g)
+ g.Close()
+ if err != nil {
+ return
+ }
+ fileInfo.FileAttributes = attr
+ }
+
+ // The creation time and access time get reset for files outside of the Files path.
+ fileInfo.CreationTime = fileInfo.LastWriteTime
+ fileInfo.LastAccessTime = fileInfo.LastWriteTime
+ } else {
+ // The file attributes are written before the backup stream.
+ var attr uint32
+ err = binary.Read(f, binary.LittleEndian, &attr)
+ if err != nil {
+ return
+ }
+ fileInfo.FileAttributes = attr
+ beginning := int64(4)
+
+ // Find the accurate file size.
+ if !fe.fi.IsDir() {
+ size, err = findBackupStreamSize(f)
+ if err != nil {
+ err = &os.PathError{Op: "findBackupStreamSize", Path: fe.path, Err: err}
+ return
+ }
+ }
+
+ // Return back to the beginning of the backup stream.
+ _, err = f.Seek(beginning, 0)
+ if err != nil {
+ return
+ }
+ }
+
+ r.currentFile = f
+ f = nil
+ return
+}
+
+func (r *legacyLayerReader) LinkInfo() (uint32, *winio.FileIDInfo, error) {
+ fileStandardInfo, err := winio.GetFileStandardInfo(r.currentFile)
+ if err != nil {
+ return 0, nil, err
+ }
+ fileIDInfo, err := winio.GetFileID(r.currentFile)
+ if err != nil {
+ return 0, nil, err
+ }
+ return fileStandardInfo.NumberOfLinks, fileIDInfo, nil
+}
+
+func (r *legacyLayerReader) Read(b []byte) (int, error) {
+ if r.backupReader == nil {
+ if r.currentFile == nil {
+ return 0, io.EOF
+ }
+ return r.currentFile.Read(b)
+ }
+ return r.backupReader.Read(b)
+}
+
+func (r *legacyLayerReader) Seek(offset int64, whence int) (int64, error) {
+ if r.backupReader == nil {
+ if r.currentFile == nil {
+ return 0, errors.New("no current file")
+ }
+ return r.currentFile.Seek(offset, whence)
+ }
+ return 0, errors.New("seek not supported on this stream")
+}
+
+func (r *legacyLayerReader) Close() error {
+ r.proceed <- false
+ <-r.result
+ r.reset()
+ return nil
+}
+
+type pendingLink struct {
+ Path, Target string
+ TargetRoot *os.File
+}
+
+type pendingDir struct {
+ Path string
+ Root *os.File
+}
+
+type legacyLayerWriter struct {
+ root *os.File
+ destRoot *os.File
+ parentRoots []*os.File
+ currentFile *os.File
+ bufWriter *bufio.Writer
+ currentFileName string
+ currentFileRoot *os.File
+ backupWriter *winio.BackupFileWriter
+ Tombstones []string
+ HasUtilityVM bool
+ changedDi []dirInfo
+ addedFiles map[string]bool
+ PendingLinks []pendingLink
+ pendingDirs []pendingDir
+ currentIsDir bool
+}
+
+// newLegacyLayerWriter returns a LayerWriter that can write the container layer
+// transport format to disk.
+func newLegacyLayerWriter(root string, parentRoots []string, destRoot string) (w *legacyLayerWriter, err error) {
+ w = &legacyLayerWriter{
+ addedFiles: make(map[string]bool),
+ }
+ defer func() {
+ if err != nil {
+ w.CloseRoots()
+ w = nil
+ }
+ }()
+ w.root, err = safefile.OpenRoot(root)
+ if err != nil {
+ return
+ }
+ w.destRoot, err = safefile.OpenRoot(destRoot)
+ if err != nil {
+ return
+ }
+ for _, r := range parentRoots {
+ f, err := safefile.OpenRoot(r)
+ if err != nil {
+ return w, err
+ }
+ w.parentRoots = append(w.parentRoots, f)
+ }
+ w.bufWriter = bufio.NewWriterSize(io.Discard, 65536)
+ return
+}
+
+func (w *legacyLayerWriter) CloseRoots() {
+ if w.root != nil {
+ w.root.Close()
+ w.root = nil
+ }
+ if w.destRoot != nil {
+ w.destRoot.Close()
+ w.destRoot = nil
+ }
+ for i := range w.parentRoots {
+ _ = w.parentRoots[i].Close()
+ }
+ w.parentRoots = nil
+}
+
+func (w *legacyLayerWriter) initUtilityVM() error {
+ if !w.HasUtilityVM {
+ err := safefile.MkdirRelative(UtilityVMPath, w.destRoot)
+ if err != nil {
+ return err
+ }
+ // Server 2016 does not support multiple layers for the utility VM, so
+ // clone the utility VM from the parent layer into this layer. Use hard
+ // links to avoid unnecessary copying, since most of the files are
+ // immutable.
+ err = cloneTree(w.parentRoots[0], w.destRoot, UtilityVMFilesPath, mutatedUtilityVMFiles)
+ if err != nil {
+ return fmt.Errorf("cloning the parent utility VM image failed: %s", err)
+ }
+ w.HasUtilityVM = true
+ }
+ return nil
+}
+
+func (w *legacyLayerWriter) reset() error {
+ err := w.bufWriter.Flush()
+ if err != nil {
+ return err
+ }
+ w.bufWriter.Reset(io.Discard)
+ if w.currentIsDir {
+ r := w.currentFile
+ br := winio.NewBackupStreamReader(r)
+ // Seek to the beginning of the backup stream, skipping the fileattrs
+ if _, err := r.Seek(4, io.SeekStart); err != nil {
+ return err
+ }
+
+ for {
+ bhdr, err := br.Next()
+ if err == io.EOF {
+ // end of backupstream data
+ break
+ }
+ if err != nil {
+ return err
+ }
+ switch bhdr.Id {
+ case winio.BackupReparseData:
+ // The current file is a `.$wcidirs$` metadata file that
+ // describes a directory reparse point. Delete the placeholder
+ // directory to prevent future files being added into the
+ // destination of the reparse point during the ImportLayer call
+ if err := safefile.RemoveRelative(w.currentFileName, w.currentFileRoot); err != nil {
+ return err
+ }
+ w.pendingDirs = append(w.pendingDirs, pendingDir{Path: w.currentFileName, Root: w.currentFileRoot})
+ default:
+ // ignore all other stream types, as we only care about directory reparse points
+ }
+ }
+ w.currentIsDir = false
+ }
+ if w.backupWriter != nil {
+ w.backupWriter.Close()
+ w.backupWriter = nil
+ }
+ if w.currentFile != nil {
+ w.currentFile.Close()
+ w.currentFile = nil
+ w.currentFileName = ""
+ w.currentFileRoot = nil
+ }
+ return nil
+}
+
+// copyFileWithMetadata copies a file using the backup/restore APIs in order to preserve metadata
+func copyFileWithMetadata(srcRoot, destRoot *os.File, subPath string, isDir bool) (fileInfo *winio.FileBasicInfo, err error) {
+ src, err := safefile.OpenRelative(
+ subPath,
+ srcRoot,
+ syscall.GENERIC_READ|winio.ACCESS_SYSTEM_SECURITY,
+ syscall.FILE_SHARE_READ,
+ winapi.FILE_OPEN,
+ winapi.FILE_OPEN_REPARSE_POINT)
+ if err != nil {
+ return nil, err
+ }
+ defer src.Close()
+ srcr := winio.NewBackupFileReader(src, true)
+ defer srcr.Close()
+
+ fileInfo, err = winio.GetFileBasicInfo(src)
+ if err != nil {
+ return nil, err
+ }
+
+ extraFlags := uint32(0)
+ if isDir {
+ extraFlags |= winapi.FILE_DIRECTORY_FILE
+ }
+ dest, err := safefile.OpenRelative(
+ subPath,
+ destRoot,
+ syscall.GENERIC_READ|syscall.GENERIC_WRITE|winio.WRITE_DAC|winio.WRITE_OWNER|winio.ACCESS_SYSTEM_SECURITY,
+ syscall.FILE_SHARE_READ,
+ winapi.FILE_CREATE,
+ extraFlags)
+ if err != nil {
+ return nil, err
+ }
+ defer dest.Close()
+
+ err = winio.SetFileBasicInfo(dest, fileInfo)
+ if err != nil {
+ return nil, err
+ }
+
+ destw := winio.NewBackupFileWriter(dest, true)
+ defer func() {
+ cerr := destw.Close()
+ if err == nil {
+ err = cerr
+ }
+ }()
+
+ _, err = io.Copy(destw, srcr)
+ if err != nil {
+ return nil, err
+ }
+
+ return fileInfo, nil
+}
+
+// cloneTree clones a directory tree using hard links. It skips hard links for
+// the file names in the provided map and just copies those files.
+func cloneTree(srcRoot *os.File, destRoot *os.File, subPath string, mutatedFiles map[string]bool) error {
+ var di []dirInfo
+ err := safefile.EnsureNotReparsePointRelative(subPath, srcRoot)
+ if err != nil {
+ return err
+ }
+ err = filepath.Walk(filepath.Join(srcRoot.Name(), subPath), func(srcFilePath string, info os.FileInfo, err error) error {
+ if err != nil {
+ return err
+ }
+
+ relPath, err := filepath.Rel(srcRoot.Name(), srcFilePath)
+ if err != nil {
+ return err
+ }
+
+ fileAttributes := info.Sys().(*syscall.Win32FileAttributeData).FileAttributes
+ // Directories, reparse points, and files that will be mutated during
+ // utility VM import must be copied. All other files can be hard linked.
+ isReparsePoint := fileAttributes&syscall.FILE_ATTRIBUTE_REPARSE_POINT != 0
+ // In go1.9, FileInfo.IsDir() returns false if the directory is also a symlink.
+ // See: https://github.com/golang/go/commit/1989921aef60c83e6f9127a8448fb5ede10e9acc
+ // Fixes the problem by checking syscall.FILE_ATTRIBUTE_DIRECTORY directly
+ isDir := fileAttributes&syscall.FILE_ATTRIBUTE_DIRECTORY != 0
+
+ if isDir || isReparsePoint || mutatedFiles[relPath] {
+ fi, err := copyFileWithMetadata(srcRoot, destRoot, relPath, isDir)
+ if err != nil {
+ return err
+ }
+ if isDir {
+ di = append(di, dirInfo{path: relPath, fileInfo: *fi})
+ }
+ } else {
+ err = safefile.LinkRelative(relPath, srcRoot, relPath, destRoot)
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+ })
+ if err != nil {
+ return err
+ }
+
+ return reapplyDirectoryTimes(destRoot, di)
+}
+
+func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) error {
+ if err := w.reset(); err != nil {
+ return err
+ }
+
+ if name == UtilityVMPath {
+ return w.initUtilityVM()
+ }
+
+ if (fileInfo.FileAttributes & syscall.FILE_ATTRIBUTE_DIRECTORY) != 0 {
+ w.changedDi = append(w.changedDi, dirInfo{path: name, fileInfo: *fileInfo})
+ }
+
+ name = filepath.Clean(name)
+ if hasPathPrefix(name, UtilityVMPath) {
+ if !w.HasUtilityVM {
+ return errors.New("missing UtilityVM directory")
+ }
+ if !hasPathPrefix(name, UtilityVMFilesPath) && name != UtilityVMFilesPath {
+ return errors.New("invalid UtilityVM layer")
+ }
+ createDisposition := uint32(winapi.FILE_OPEN)
+ if (fileInfo.FileAttributes & syscall.FILE_ATTRIBUTE_DIRECTORY) != 0 {
+ st, err := safefile.LstatRelative(name, w.destRoot)
+ if err != nil && !os.IsNotExist(err) {
+ return err
+ }
+ if st != nil {
+ // Delete the existing file/directory if it is not the same type as this directory.
+ existingAttr := st.Sys().(*syscall.Win32FileAttributeData).FileAttributes
+ if (uint32(fileInfo.FileAttributes)^existingAttr)&(syscall.FILE_ATTRIBUTE_DIRECTORY|syscall.FILE_ATTRIBUTE_REPARSE_POINT) != 0 {
+ if err = safefile.RemoveAllRelative(name, w.destRoot); err != nil {
+ return err
+ }
+ st = nil
+ }
+ }
+ if st == nil {
+ if err = safefile.MkdirRelative(name, w.destRoot); err != nil {
+ return err
+ }
+ }
+ } else {
+ // Overwrite any existing hard link.
+ err := safefile.RemoveRelative(name, w.destRoot)
+ if err != nil && !os.IsNotExist(err) {
+ return err
+ }
+ createDisposition = winapi.FILE_CREATE
+ }
+
+ f, err := safefile.OpenRelative(
+ name,
+ w.destRoot,
+ syscall.GENERIC_READ|syscall.GENERIC_WRITE|winio.WRITE_DAC|winio.WRITE_OWNER|winio.ACCESS_SYSTEM_SECURITY,
+ syscall.FILE_SHARE_READ,
+ createDisposition,
+ winapi.FILE_OPEN_REPARSE_POINT,
+ )
+ if err != nil {
+ return err
+ }
+ defer func() {
+ if f != nil {
+ f.Close()
+ _ = safefile.RemoveRelative(name, w.destRoot)
+ }
+ }()
+
+ err = winio.SetFileBasicInfo(f, fileInfo)
+ if err != nil {
+ return err
+ }
+
+ w.backupWriter = winio.NewBackupFileWriter(f, true)
+ w.bufWriter.Reset(w.backupWriter)
+ w.currentFile = f
+ w.currentFileName = name
+ w.currentFileRoot = w.destRoot
+ w.addedFiles[name] = true
+ f = nil
+ return nil
+ }
+
+ fname := name
+ if (fileInfo.FileAttributes & syscall.FILE_ATTRIBUTE_DIRECTORY) != 0 {
+ err := safefile.MkdirRelative(name, w.root)
+ if err != nil {
+ return err
+ }
+ fname += ".$wcidirs$"
+ w.currentIsDir = true
+ }
+
+ f, err := safefile.OpenRelative(fname, w.root, syscall.GENERIC_READ|syscall.GENERIC_WRITE, syscall.FILE_SHARE_READ, winapi.FILE_CREATE, 0)
+ if err != nil {
+ return err
+ }
+ defer func() {
+ if f != nil {
+ f.Close()
+ _ = safefile.RemoveRelative(fname, w.root)
+ }
+ }()
+
+ strippedFi := *fileInfo
+ strippedFi.FileAttributes = 0
+ err = winio.SetFileBasicInfo(f, &strippedFi)
+ if err != nil {
+ return err
+ }
+
+ if hasPathPrefix(name, HivesPath) {
+ w.backupWriter = winio.NewBackupFileWriter(f, false)
+ w.bufWriter.Reset(w.backupWriter)
+ } else {
+ w.bufWriter.Reset(f)
+ // The file attributes are written before the stream.
+ err = binary.Write(w.bufWriter, binary.LittleEndian, uint32(fileInfo.FileAttributes))
+ if err != nil {
+ w.bufWriter.Reset(io.Discard)
+ return err
+ }
+ }
+
+ w.currentFile = f
+ w.currentFileName = name
+ w.currentFileRoot = w.root
+ w.addedFiles[name] = true
+ f = nil
+ return nil
+}
+
+func (w *legacyLayerWriter) AddLink(name string, target string) error {
+ if err := w.reset(); err != nil {
+ return err
+ }
+
+ target = filepath.Clean(target)
+ var roots []*os.File
+ if hasPathPrefix(target, filesPath) {
+ // Look for cross-layer hard link targets in the parent layers, since
+ // nothing is in the destination path yet.
+ roots = w.parentRoots
+ } else if hasPathPrefix(target, UtilityVMFilesPath) {
+ // Since the utility VM is fully cloned into the destination path
+ // already, look for cross-layer hard link targets directly in the
+ // destination path.
+ roots = []*os.File{w.destRoot}
+ }
+
+ if roots == nil || (!hasPathPrefix(name, filesPath) && !hasPathPrefix(name, UtilityVMFilesPath)) {
+ return errors.New("invalid hard link in layer")
+ }
+
+ // Try to find the target of the link in a previously added file. If that
+ // fails, search in parent layers.
+ var selectedRoot *os.File
+ if _, ok := w.addedFiles[target]; ok {
+ selectedRoot = w.destRoot
+ } else {
+ for _, r := range roots {
+ if _, err := safefile.LstatRelative(target, r); err != nil {
+ if !os.IsNotExist(err) {
+ return err
+ }
+ } else {
+ selectedRoot = r
+ break
+ }
+ }
+ if selectedRoot == nil {
+ return fmt.Errorf("failed to find link target for '%s' -> '%s'", name, target)
+ }
+ }
+
+ // The link can't be written until after the ImportLayer call.
+ w.PendingLinks = append(w.PendingLinks, pendingLink{
+ Path: name,
+ Target: target,
+ TargetRoot: selectedRoot,
+ })
+ w.addedFiles[name] = true
+ return nil
+}
+
+func (w *legacyLayerWriter) Remove(name string) error {
+ name = filepath.Clean(name)
+ if hasPathPrefix(name, filesPath) {
+ w.Tombstones = append(w.Tombstones, name)
+ } else if hasPathPrefix(name, UtilityVMFilesPath) {
+ err := w.initUtilityVM()
+ if err != nil {
+ return err
+ }
+ // Make sure the path exists; os.RemoveAll will not fail if the file is
+ // already gone, and this needs to be a fatal error for diagnostics
+ // purposes.
+ if _, err := safefile.LstatRelative(name, w.destRoot); err != nil {
+ return err
+ }
+ err = safefile.RemoveAllRelative(name, w.destRoot)
+ if err != nil {
+ return err
+ }
+ } else {
+ return fmt.Errorf("invalid tombstone %s", name)
+ }
+
+ return nil
+}
+
+func (w *legacyLayerWriter) Write(b []byte) (int, error) {
+ if w.backupWriter == nil && w.currentFile == nil {
+ return 0, errors.New("closed")
+ }
+ return w.bufWriter.Write(b)
+}
+
+func (w *legacyLayerWriter) Close() error {
+ if err := w.reset(); err != nil {
+ return err
+ }
+ if err := safefile.RemoveRelative("tombstones.txt", w.root); err != nil && !os.IsNotExist(err) {
+ return err
+ }
+ for _, pd := range w.pendingDirs {
+ err := safefile.MkdirRelative(pd.Path, pd.Root)
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go
new file mode 100644
index 000000000..c45fa2750
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go
@@ -0,0 +1,31 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+
+ "github.com/Microsoft/go-winio/pkg/guid"
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// NameToGuid converts the given string into a GUID using the algorithm in the
+// Host Compute Service, ensuring GUIDs generated with the same string are common
+// across all clients.
+func NameToGuid(ctx context.Context, name string) (_ guid.GUID, err error) {
+ title := "hcsshim::NameToGuid"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("objectName", name))
+
+ var id guid.GUID
+ err = nameToGuid(name, &id)
+ if err != nil {
+ return guid.GUID{}, hcserror.New(err, title, "")
+ }
+ span.AddAttributes(trace.StringAttribute("guid", id.String()))
+ return id, nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go
new file mode 100644
index 000000000..b66e07124
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go
@@ -0,0 +1,46 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+ "strings"
+ "sync"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+var prepareLayerLock sync.Mutex
+
+// PrepareLayer finds a mounted read-write layer matching path and enables the
+// the filesystem filter for use on that layer. This requires the paths to all
+// parent layers, and is necessary in order to view or interact with the layer
+// as an actual filesystem (reading and writing files, creating directories, etc).
+// Disabling the filter must be done via UnprepareLayer.
+func PrepareLayer(ctx context.Context, path string, parentLayerPaths []string) (err error) {
+ title := "hcsshim::PrepareLayer"
+ ctx, span := oc.StartSpan(ctx, title)
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(
+ trace.StringAttribute("path", path),
+ trace.StringAttribute("parentLayerPaths", strings.Join(parentLayerPaths, ", ")))
+
+ // Generate layer descriptors
+ layers, err := layerPathsToDescriptors(ctx, parentLayerPaths)
+ if err != nil {
+ return err
+ }
+
+ // This lock is a temporary workaround for a Windows bug. Only allowing one
+ // call to prepareLayer at a time vastly reduces the chance of a timeout.
+ prepareLayerLock.Lock()
+ defer prepareLayerLock.Unlock()
+ err = prepareLayer(&stdDriverInfo, path, layers)
+ if err != nil {
+ return hcserror.New(err, title, "")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go
new file mode 100644
index 000000000..7c49cbda4
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go
@@ -0,0 +1,43 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+ "os"
+
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// ProcessBaseLayer post-processes a base layer that has had its files extracted.
+// The files should have been extracted to \Files.
+func ProcessBaseLayer(ctx context.Context, path string) (err error) {
+ title := "hcsshim::ProcessBaseLayer"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("path", path))
+
+ err = processBaseImage(path)
+ if err != nil {
+ return &os.PathError{Op: title, Path: path, Err: err}
+ }
+ return nil
+}
+
+// ProcessUtilityVMImage post-processes a utility VM image that has had its files extracted.
+// The files should have been extracted to \Files.
+func ProcessUtilityVMImage(ctx context.Context, path string) (err error) {
+ title := "hcsshim::ProcessUtilityVMImage"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("path", path))
+
+ err = processUtilityImage(path)
+ if err != nil {
+ return &os.PathError{Op: title, Path: path, Err: err}
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go
new file mode 100644
index 000000000..fe20702c1
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go
@@ -0,0 +1,27 @@
+//go:build windows
+
+package wclayer
+
+import (
+ "context"
+
+ "github.com/Microsoft/hcsshim/internal/hcserror"
+ "github.com/Microsoft/hcsshim/internal/oc"
+ "go.opencensus.io/trace"
+)
+
+// UnprepareLayer disables the filesystem filter for the read-write layer with
+// the given id.
+func UnprepareLayer(ctx context.Context, path string) (err error) {
+ title := "hcsshim::UnprepareLayer"
+ ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck
+ defer span.End()
+ defer func() { oc.SetSpanStatus(span, err) }()
+ span.AddAttributes(trace.StringAttribute("path", path))
+
+ err = unprepareLayer(&stdDriverInfo, path)
+ if err != nil {
+ return hcserror.New(err, title, "")
+ }
+ return nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go
new file mode 100644
index 000000000..39682b817
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go
@@ -0,0 +1,34 @@
+//go:build windows
+
+package wclayer
+
+import "github.com/Microsoft/go-winio/pkg/guid"
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go wclayer.go
+
+//sys activateLayer(info *driverInfo, id string) (hr error) = vmcompute.ActivateLayer?
+//sys copyLayer(info *driverInfo, srcId string, dstId string, descriptors []WC_LAYER_DESCRIPTOR) (hr error) = vmcompute.CopyLayer?
+//sys createLayer(info *driverInfo, id string, parent string) (hr error) = vmcompute.CreateLayer?
+//sys createSandboxLayer(info *driverInfo, id string, parent uintptr, descriptors []WC_LAYER_DESCRIPTOR) (hr error) = vmcompute.CreateSandboxLayer?
+//sys expandSandboxSize(info *driverInfo, id string, size uint64) (hr error) = vmcompute.ExpandSandboxSize?
+//sys deactivateLayer(info *driverInfo, id string) (hr error) = vmcompute.DeactivateLayer?
+//sys destroyLayer(info *driverInfo, id string) (hr error) = vmcompute.DestroyLayer?
+//sys exportLayer(info *driverInfo, id string, path string, descriptors []WC_LAYER_DESCRIPTOR) (hr error) = vmcompute.ExportLayer?
+//sys getLayerMountPath(info *driverInfo, id string, length *uintptr, buffer *uint16) (hr error) = vmcompute.GetLayerMountPath?
+//sys getBaseImages(buffer **uint16) (hr error) = vmcompute.GetBaseImages?
+//sys importLayer(info *driverInfo, id string, path string, descriptors []WC_LAYER_DESCRIPTOR) (hr error) = vmcompute.ImportLayer?
+//sys layerExists(info *driverInfo, id string, exists *uint32) (hr error) = vmcompute.LayerExists?
+//sys nameToGuid(name string, guid *_guid) (hr error) = vmcompute.NameToGuid?
+//sys prepareLayer(info *driverInfo, id string, descriptors []WC_LAYER_DESCRIPTOR) (hr error) = vmcompute.PrepareLayer?
+//sys unprepareLayer(info *driverInfo, id string) (hr error) = vmcompute.UnprepareLayer?
+//sys processBaseImage(path string) (hr error) = vmcompute.ProcessBaseImage?
+//sys processUtilityImage(path string) (hr error) = vmcompute.ProcessUtilityImage?
+
+//sys grantVmAccess(vmid string, filepath string) (hr error) = vmcompute.GrantVmAccess?
+
+//sys openVirtualDisk(virtualStorageType *virtualStorageType, path string, virtualDiskAccessMask uint32, flags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (err error) [failretval != 0] = virtdisk.OpenVirtualDisk
+//sys attachVirtualDisk(handle syscall.Handle, sd uintptr, flags uint32, providerFlags uint32, params uintptr, overlapped uintptr) (err error) [failretval != 0] = virtdisk.AttachVirtualDisk
+
+//sys getDiskFreeSpaceEx(directoryName string, freeBytesAvailableToCaller *int64, totalNumberOfBytes *int64, totalNumberOfFreeBytes *int64) (err error) = GetDiskFreeSpaceExW
+
+type _guid = guid.GUID
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/zsyscall_windows.go
new file mode 100644
index 000000000..0cb509c46
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/zsyscall_windows.go
@@ -0,0 +1,578 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package wclayer
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+ modvirtdisk = windows.NewLazySystemDLL("virtdisk.dll")
+ modvmcompute = windows.NewLazySystemDLL("vmcompute.dll")
+
+ procGetDiskFreeSpaceExW = modkernel32.NewProc("GetDiskFreeSpaceExW")
+ procAttachVirtualDisk = modvirtdisk.NewProc("AttachVirtualDisk")
+ procOpenVirtualDisk = modvirtdisk.NewProc("OpenVirtualDisk")
+ procActivateLayer = modvmcompute.NewProc("ActivateLayer")
+ procCopyLayer = modvmcompute.NewProc("CopyLayer")
+ procCreateLayer = modvmcompute.NewProc("CreateLayer")
+ procCreateSandboxLayer = modvmcompute.NewProc("CreateSandboxLayer")
+ procDeactivateLayer = modvmcompute.NewProc("DeactivateLayer")
+ procDestroyLayer = modvmcompute.NewProc("DestroyLayer")
+ procExpandSandboxSize = modvmcompute.NewProc("ExpandSandboxSize")
+ procExportLayer = modvmcompute.NewProc("ExportLayer")
+ procGetBaseImages = modvmcompute.NewProc("GetBaseImages")
+ procGetLayerMountPath = modvmcompute.NewProc("GetLayerMountPath")
+ procGrantVmAccess = modvmcompute.NewProc("GrantVmAccess")
+ procImportLayer = modvmcompute.NewProc("ImportLayer")
+ procLayerExists = modvmcompute.NewProc("LayerExists")
+ procNameToGuid = modvmcompute.NewProc("NameToGuid")
+ procPrepareLayer = modvmcompute.NewProc("PrepareLayer")
+ procProcessBaseImage = modvmcompute.NewProc("ProcessBaseImage")
+ procProcessUtilityImage = modvmcompute.NewProc("ProcessUtilityImage")
+ procUnprepareLayer = modvmcompute.NewProc("UnprepareLayer")
+)
+
+func getDiskFreeSpaceEx(directoryName string, freeBytesAvailableToCaller *int64, totalNumberOfBytes *int64, totalNumberOfFreeBytes *int64) (err error) {
+ var _p0 *uint16
+ _p0, err = syscall.UTF16PtrFromString(directoryName)
+ if err != nil {
+ return
+ }
+ return _getDiskFreeSpaceEx(_p0, freeBytesAvailableToCaller, totalNumberOfBytes, totalNumberOfFreeBytes)
+}
+
+func _getDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *int64, totalNumberOfBytes *int64, totalNumberOfFreeBytes *int64) (err error) {
+ r1, _, e1 := syscall.Syscall6(procGetDiskFreeSpaceExW.Addr(), 4, uintptr(unsafe.Pointer(directoryName)), uintptr(unsafe.Pointer(freeBytesAvailableToCaller)), uintptr(unsafe.Pointer(totalNumberOfBytes)), uintptr(unsafe.Pointer(totalNumberOfFreeBytes)), 0, 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func attachVirtualDisk(handle syscall.Handle, sd uintptr, flags uint32, providerFlags uint32, params uintptr, overlapped uintptr) (err error) {
+ r1, _, e1 := syscall.Syscall6(procAttachVirtualDisk.Addr(), 6, uintptr(handle), uintptr(sd), uintptr(flags), uintptr(providerFlags), uintptr(params), uintptr(overlapped))
+ if r1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func openVirtualDisk(virtualStorageType *virtualStorageType, path string, virtualDiskAccessMask uint32, flags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (err error) {
+ var _p0 *uint16
+ _p0, err = syscall.UTF16PtrFromString(path)
+ if err != nil {
+ return
+ }
+ return _openVirtualDisk(virtualStorageType, _p0, virtualDiskAccessMask, flags, parameters, handle)
+}
+
+func _openVirtualDisk(virtualStorageType *virtualStorageType, path *uint16, virtualDiskAccessMask uint32, flags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (err error) {
+ r1, _, e1 := syscall.Syscall6(procOpenVirtualDisk.Addr(), 6, uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(flags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(handle)))
+ if r1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func activateLayer(info *driverInfo, id string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ return _activateLayer(info, _p0)
+}
+
+func _activateLayer(info *driverInfo, id *uint16) (hr error) {
+ hr = procActivateLayer.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procActivateLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func copyLayer(info *driverInfo, srcId string, dstId string, descriptors []WC_LAYER_DESCRIPTOR) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(srcId)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(dstId)
+ if hr != nil {
+ return
+ }
+ return _copyLayer(info, _p0, _p1, descriptors)
+}
+
+func _copyLayer(info *driverInfo, srcId *uint16, dstId *uint16, descriptors []WC_LAYER_DESCRIPTOR) (hr error) {
+ hr = procCopyLayer.Find()
+ if hr != nil {
+ return
+ }
+ var _p2 *WC_LAYER_DESCRIPTOR
+ if len(descriptors) > 0 {
+ _p2 = &descriptors[0]
+ }
+ r0, _, _ := syscall.Syscall6(procCopyLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(srcId)), uintptr(unsafe.Pointer(dstId)), uintptr(unsafe.Pointer(_p2)), uintptr(len(descriptors)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func createLayer(info *driverInfo, id string, parent string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(parent)
+ if hr != nil {
+ return
+ }
+ return _createLayer(info, _p0, _p1)
+}
+
+func _createLayer(info *driverInfo, id *uint16, parent *uint16) (hr error) {
+ hr = procCreateLayer.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procCreateLayer.Addr(), 3, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(parent)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func createSandboxLayer(info *driverInfo, id string, parent uintptr, descriptors []WC_LAYER_DESCRIPTOR) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ return _createSandboxLayer(info, _p0, parent, descriptors)
+}
+
+func _createSandboxLayer(info *driverInfo, id *uint16, parent uintptr, descriptors []WC_LAYER_DESCRIPTOR) (hr error) {
+ hr = procCreateSandboxLayer.Find()
+ if hr != nil {
+ return
+ }
+ var _p1 *WC_LAYER_DESCRIPTOR
+ if len(descriptors) > 0 {
+ _p1 = &descriptors[0]
+ }
+ r0, _, _ := syscall.Syscall6(procCreateSandboxLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(parent), uintptr(unsafe.Pointer(_p1)), uintptr(len(descriptors)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func deactivateLayer(info *driverInfo, id string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ return _deactivateLayer(info, _p0)
+}
+
+func _deactivateLayer(info *driverInfo, id *uint16) (hr error) {
+ hr = procDeactivateLayer.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procDeactivateLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func destroyLayer(info *driverInfo, id string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ return _destroyLayer(info, _p0)
+}
+
+func _destroyLayer(info *driverInfo, id *uint16) (hr error) {
+ hr = procDestroyLayer.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procDestroyLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func expandSandboxSize(info *driverInfo, id string, size uint64) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ return _expandSandboxSize(info, _p0, size)
+}
+
+func _expandSandboxSize(info *driverInfo, id *uint16, size uint64) (hr error) {
+ hr = procExpandSandboxSize.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procExpandSandboxSize.Addr(), 3, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(size))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func exportLayer(info *driverInfo, id string, path string, descriptors []WC_LAYER_DESCRIPTOR) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(path)
+ if hr != nil {
+ return
+ }
+ return _exportLayer(info, _p0, _p1, descriptors)
+}
+
+func _exportLayer(info *driverInfo, id *uint16, path *uint16, descriptors []WC_LAYER_DESCRIPTOR) (hr error) {
+ hr = procExportLayer.Find()
+ if hr != nil {
+ return
+ }
+ var _p2 *WC_LAYER_DESCRIPTOR
+ if len(descriptors) > 0 {
+ _p2 = &descriptors[0]
+ }
+ r0, _, _ := syscall.Syscall6(procExportLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(_p2)), uintptr(len(descriptors)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func getBaseImages(buffer **uint16) (hr error) {
+ hr = procGetBaseImages.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procGetBaseImages.Addr(), 1, uintptr(unsafe.Pointer(buffer)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func getLayerMountPath(info *driverInfo, id string, length *uintptr, buffer *uint16) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ return _getLayerMountPath(info, _p0, length, buffer)
+}
+
+func _getLayerMountPath(info *driverInfo, id *uint16, length *uintptr, buffer *uint16) (hr error) {
+ hr = procGetLayerMountPath.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procGetLayerMountPath.Addr(), 4, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(length)), uintptr(unsafe.Pointer(buffer)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func grantVmAccess(vmid string, filepath string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(vmid)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(filepath)
+ if hr != nil {
+ return
+ }
+ return _grantVmAccess(_p0, _p1)
+}
+
+func _grantVmAccess(vmid *uint16, filepath *uint16) (hr error) {
+ hr = procGrantVmAccess.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procGrantVmAccess.Addr(), 2, uintptr(unsafe.Pointer(vmid)), uintptr(unsafe.Pointer(filepath)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func importLayer(info *driverInfo, id string, path string, descriptors []WC_LAYER_DESCRIPTOR) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(path)
+ if hr != nil {
+ return
+ }
+ return _importLayer(info, _p0, _p1, descriptors)
+}
+
+func _importLayer(info *driverInfo, id *uint16, path *uint16, descriptors []WC_LAYER_DESCRIPTOR) (hr error) {
+ hr = procImportLayer.Find()
+ if hr != nil {
+ return
+ }
+ var _p2 *WC_LAYER_DESCRIPTOR
+ if len(descriptors) > 0 {
+ _p2 = &descriptors[0]
+ }
+ r0, _, _ := syscall.Syscall6(procImportLayer.Addr(), 5, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(_p2)), uintptr(len(descriptors)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func layerExists(info *driverInfo, id string, exists *uint32) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ return _layerExists(info, _p0, exists)
+}
+
+func _layerExists(info *driverInfo, id *uint16, exists *uint32) (hr error) {
+ hr = procLayerExists.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procLayerExists.Addr(), 3, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(exists)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func nameToGuid(name string, guid *_guid) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(name)
+ if hr != nil {
+ return
+ }
+ return _nameToGuid(_p0, guid)
+}
+
+func _nameToGuid(name *uint16, guid *_guid) (hr error) {
+ hr = procNameToGuid.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procNameToGuid.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(guid)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func prepareLayer(info *driverInfo, id string, descriptors []WC_LAYER_DESCRIPTOR) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ return _prepareLayer(info, _p0, descriptors)
+}
+
+func _prepareLayer(info *driverInfo, id *uint16, descriptors []WC_LAYER_DESCRIPTOR) (hr error) {
+ hr = procPrepareLayer.Find()
+ if hr != nil {
+ return
+ }
+ var _p1 *WC_LAYER_DESCRIPTOR
+ if len(descriptors) > 0 {
+ _p1 = &descriptors[0]
+ }
+ r0, _, _ := syscall.Syscall6(procPrepareLayer.Addr(), 4, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), uintptr(unsafe.Pointer(_p1)), uintptr(len(descriptors)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func processBaseImage(path string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(path)
+ if hr != nil {
+ return
+ }
+ return _processBaseImage(_p0)
+}
+
+func _processBaseImage(path *uint16) (hr error) {
+ hr = procProcessBaseImage.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procProcessBaseImage.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func processUtilityImage(path string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(path)
+ if hr != nil {
+ return
+ }
+ return _processUtilityImage(_p0)
+}
+
+func _processUtilityImage(path *uint16) (hr error) {
+ hr = procProcessUtilityImage.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procProcessUtilityImage.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func unprepareLayer(info *driverInfo, id string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(id)
+ if hr != nil {
+ return
+ }
+ return _unprepareLayer(info, _p0)
+}
+
+func _unprepareLayer(info *driverInfo, id *uint16) (hr error) {
+ hr = procUnprepareLayer.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procUnprepareLayer.Addr(), 2, uintptr(unsafe.Pointer(info)), uintptr(unsafe.Pointer(id)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/bindflt.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/bindflt.go
new file mode 100644
index 000000000..559d44325
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/bindflt.go
@@ -0,0 +1,19 @@
+package winapi
+
+const (
+ BINDFLT_FLAG_READ_ONLY_MAPPING uint32 = 0x00000001
+ BINDFLT_FLAG_MERGED_BIND_MAPPING uint32 = 0x00000002
+ BINDFLT_FLAG_USE_CURRENT_SILO_MAPPING uint32 = 0x00000004
+)
+
+// HRESULT
+// BfSetupFilter(
+// _In_opt_ HANDLE JobHandle,
+// _In_ ULONG Flags,
+// _In_ LPCWSTR VirtualizationRootPath,
+// _In_ LPCWSTR VirtualizationTargetPath,
+// _In_reads_opt_( VirtualizationExceptionPathCount ) LPCWSTR* VirtualizationExceptionPaths,
+// _In_opt_ ULONG VirtualizationExceptionPathCount
+// );
+//
+//sys BfSetupFilter(jobHandle windows.Handle, flags uint32, virtRootPath *uint16, virtTargetPath *uint16, virtExceptions **uint16, virtExceptionPathCount uint32) (hr error) = bindfltapi.BfSetupFilter?
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/cimfs.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/cimfs.go
new file mode 100644
index 000000000..d04bffc1f
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/cimfs.go
@@ -0,0 +1,45 @@
+package winapi
+
+import (
+ "unsafe"
+
+ "github.com/Microsoft/go-winio/pkg/guid"
+ "golang.org/x/sys/windows"
+)
+
+type g = guid.GUID
+type FsHandle uintptr
+type StreamHandle uintptr
+
+type CimFsFileMetadata struct {
+ Attributes uint32
+ FileSize int64
+
+ CreationTime windows.Filetime
+ LastWriteTime windows.Filetime
+ ChangeTime windows.Filetime
+ LastAccessTime windows.Filetime
+
+ SecurityDescriptorBuffer unsafe.Pointer
+ SecurityDescriptorSize uint32
+
+ ReparseDataBuffer unsafe.Pointer
+ ReparseDataSize uint32
+
+ ExtendedAttributes unsafe.Pointer
+ EACount uint32
+}
+
+//sys CimMountImage(imagePath string, fsName string, flags uint32, volumeID *g) (hr error) = cimfs.CimMountImage?
+//sys CimDismountImage(volumeID *g) (hr error) = cimfs.CimDismountImage?
+
+//sys CimCreateImage(imagePath string, oldFSName *uint16, newFSName *uint16, cimFSHandle *FsHandle) (hr error) = cimfs.CimCreateImage?
+//sys CimCloseImage(cimFSHandle FsHandle) (hr error) = cimfs.CimCloseImage?
+//sys CimCommitImage(cimFSHandle FsHandle) (hr error) = cimfs.CimCommitImage?
+
+//sys CimCreateFile(cimFSHandle FsHandle, path string, file *CimFsFileMetadata, cimStreamHandle *StreamHandle) (hr error) = cimfs.CimCreateFile?
+//sys CimCloseStream(cimStreamHandle StreamHandle) (hr error) = cimfs.CimCloseStream?
+//sys CimWriteStream(cimStreamHandle StreamHandle, buffer uintptr, bufferSize uint32) (hr error) = cimfs.CimWriteStream?
+//sys CimDeletePath(cimFSHandle FsHandle, path string) (hr error) = cimfs.CimDeletePath?
+//sys CimCreateHardLink(cimFSHandle FsHandle, newPath string, oldPath string) (hr error) = cimfs.CimCreateHardLink?
+//sys CimCreateAlternateStream(cimFSHandle FsHandle, path string, size uint64, cimStreamHandle *StreamHandle) (hr error) = cimfs.CimCreateAlternateStream?
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/console.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/console.go
new file mode 100644
index 000000000..4547cdd8e
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/console.go
@@ -0,0 +1,46 @@
+//go:build windows
+
+package winapi
+
+import (
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+const PSEUDOCONSOLE_INHERIT_CURSOR = 0x1
+
+// CreatePseudoConsole creates a windows pseudo console.
+func CreatePseudoConsole(size windows.Coord, hInput windows.Handle, hOutput windows.Handle, dwFlags uint32, hpcon *windows.Handle) error {
+ // We need this wrapper as the function takes a COORD struct and not a pointer to one, so we need to cast to something beforehand.
+ return createPseudoConsole(*((*uint32)(unsafe.Pointer(&size))), hInput, hOutput, 0, hpcon)
+}
+
+// ResizePseudoConsole resizes the internal buffers of the pseudo console to the width and height specified in `size`.
+func ResizePseudoConsole(hpcon windows.Handle, size windows.Coord) error {
+ // We need this wrapper as the function takes a COORD struct and not a pointer to one, so we need to cast to something beforehand.
+ return resizePseudoConsole(hpcon, *((*uint32)(unsafe.Pointer(&size))))
+}
+
+// HRESULT WINAPI CreatePseudoConsole(
+// _In_ COORD size,
+// _In_ HANDLE hInput,
+// _In_ HANDLE hOutput,
+// _In_ DWORD dwFlags,
+// _Out_ HPCON* phPC
+// );
+//
+//sys createPseudoConsole(size uint32, hInput windows.Handle, hOutput windows.Handle, dwFlags uint32, hpcon *windows.Handle) (hr error) = kernel32.CreatePseudoConsole
+
+// void WINAPI ClosePseudoConsole(
+// _In_ HPCON hPC
+// );
+//
+//sys ClosePseudoConsole(hpc windows.Handle) = kernel32.ClosePseudoConsole
+
+// HRESULT WINAPI ResizePseudoConsole(
+// _In_ HPCON hPC ,
+// _In_ COORD size
+// );
+//
+//sys resizePseudoConsole(hPc windows.Handle, size uint32) (hr error) = kernel32.ResizePseudoConsole
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go
new file mode 100644
index 000000000..7875466ca
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go
@@ -0,0 +1,15 @@
+//go:build windows
+
+package winapi
+
+import "github.com/Microsoft/go-winio/pkg/guid"
+
+//sys CMGetDeviceIDListSize(pulLen *uint32, pszFilter *byte, uFlags uint32) (hr error) = cfgmgr32.CM_Get_Device_ID_List_SizeA
+//sys CMGetDeviceIDList(pszFilter *byte, buffer *byte, bufferLen uint32, uFlags uint32) (hr error)= cfgmgr32.CM_Get_Device_ID_ListA
+//sys CMLocateDevNode(pdnDevInst *uint32, pDeviceID string, uFlags uint32) (hr error) = cfgmgr32.CM_Locate_DevNodeW
+//sys CMGetDevNodeProperty(dnDevInst uint32, propertyKey *DevPropKey, propertyType *uint32, propertyBuffer *uint16, propertyBufferSize *uint32, uFlags uint32) (hr error) = cfgmgr32.CM_Get_DevNode_PropertyW
+
+type DevPropKey struct {
+ Fmtid guid.GUID
+ Pid uint32
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/doc.go
new file mode 100644
index 000000000..9acc0bfc1
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/doc.go
@@ -0,0 +1,3 @@
+// Package winapi contains various low-level bindings to Windows APIs. It can
+// be thought of as an extension to golang.org/x/sys/windows.
+package winapi
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/elevation.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/elevation.go
new file mode 100644
index 000000000..40cbf8712
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/elevation.go
@@ -0,0 +1,11 @@
+//go:build windows
+
+package winapi
+
+import (
+ "golang.org/x/sys/windows"
+)
+
+func IsElevated() bool {
+ return windows.GetCurrentProcessToken().IsElevated()
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go
new file mode 100644
index 000000000..49ce924cb
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go
@@ -0,0 +1,17 @@
+//go:build windows
+
+package winapi
+
+import "syscall"
+
+//sys RtlNtStatusToDosError(status uint32) (winerr error) = ntdll.RtlNtStatusToDosError
+
+const (
+ STATUS_REPARSE_POINT_ENCOUNTERED = 0xC000050B
+ ERROR_NO_MORE_ITEMS = 0x103
+ ERROR_MORE_DATA syscall.Errno = 234
+)
+
+func NTSuccess(status uint32) bool {
+ return status == 0
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go
new file mode 100644
index 000000000..3dcb3faa0
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go
@@ -0,0 +1,115 @@
+//go:build windows
+
+package winapi
+
+//sys CopyFileW(existingFileName *uint16, newFileName *uint16, failIfExists int32) (err error) = kernel32.CopyFileW
+//sys NtCreateFile(handle *uintptr, accessMask uint32, oa *ObjectAttributes, iosb *IOStatusBlock, allocationSize *uint64, fileAttributes uint32, shareAccess uint32, createDisposition uint32, createOptions uint32, eaBuffer *byte, eaLength uint32) (status uint32) = ntdll.NtCreateFile
+//sys NtSetInformationFile(handle uintptr, iosb *IOStatusBlock, information uintptr, length uint32, class uint32) (status uint32) = ntdll.NtSetInformationFile
+
+//sys NtOpenDirectoryObject(handle *uintptr, accessMask uint32, oa *ObjectAttributes) (status uint32) = ntdll.NtOpenDirectoryObject
+//sys NtQueryDirectoryObject(handle uintptr, buffer *byte, length uint32, singleEntry bool, restartScan bool, context *uint32, returnLength *uint32)(status uint32) = ntdll.NtQueryDirectoryObject
+
+const (
+ FileLinkInformationClass = 11
+ FileDispositionInformationExClass = 64
+
+ FILE_READ_ATTRIBUTES = 0x0080
+ FILE_WRITE_ATTRIBUTES = 0x0100
+ DELETE = 0x10000
+
+ FILE_OPEN = 1
+ FILE_CREATE = 2
+
+ FILE_LIST_DIRECTORY = 0x00000001
+ FILE_DIRECTORY_FILE = 0x00000001
+ FILE_SYNCHRONOUS_IO_NONALERT = 0x00000020
+ FILE_OPEN_FOR_BACKUP_INTENT = 0x00004000
+ FILE_OPEN_REPARSE_POINT = 0x00200000
+
+ FILE_DISPOSITION_DELETE = 0x00000001
+
+ OBJ_DONT_REPARSE = 0x1000
+
+ STATUS_MORE_ENTRIES = 0x105
+ STATUS_NO_MORE_ENTRIES = 0x8000001a
+)
+
+// Select entries from FILE_INFO_BY_HANDLE_CLASS.
+//
+// C declaration:
+//
+// typedef enum _FILE_INFO_BY_HANDLE_CLASS {
+// FileBasicInfo,
+// FileStandardInfo,
+// FileNameInfo,
+// FileRenameInfo,
+// FileDispositionInfo,
+// FileAllocationInfo,
+// FileEndOfFileInfo,
+// FileStreamInfo,
+// FileCompressionInfo,
+// FileAttributeTagInfo,
+// FileIdBothDirectoryInfo,
+// FileIdBothDirectoryRestartInfo,
+// FileIoPriorityHintInfo,
+// FileRemoteProtocolInfo,
+// FileFullDirectoryInfo,
+// FileFullDirectoryRestartInfo,
+// FileStorageInfo,
+// FileAlignmentInfo,
+// FileIdInfo,
+// FileIdExtdDirectoryInfo,
+// FileIdExtdDirectoryRestartInfo,
+// FileDispositionInfoEx,
+// FileRenameInfoEx,
+// FileCaseSensitiveInfo,
+// FileNormalizedNameInfo,
+// MaximumFileInfoByHandleClass
+// } FILE_INFO_BY_HANDLE_CLASS, *PFILE_INFO_BY_HANDLE_CLASS;
+//
+// Documentation: https://docs.microsoft.com/en-us/windows/win32/api/minwinbase/ne-minwinbase-file_info_by_handle_class
+const (
+ FileIdInfo = 18
+)
+
+type FileDispositionInformationEx struct {
+ Flags uintptr
+}
+
+type IOStatusBlock struct {
+ Status, Information uintptr
+}
+
+type ObjectAttributes struct {
+ Length uintptr
+ RootDirectory uintptr
+ ObjectName *UnicodeString
+ Attributes uintptr
+ SecurityDescriptor uintptr
+ SecurityQoS uintptr
+}
+
+type ObjectDirectoryInformation struct {
+ Name UnicodeString
+ TypeName UnicodeString
+}
+
+type FileLinkInformation struct {
+ ReplaceIfExists bool
+ RootDirectory uintptr
+ FileNameLength uint32
+ FileName [1]uint16
+}
+
+// C declaration:
+//
+// typedef struct _FILE_ID_INFO {
+// ULONGLONG VolumeSerialNumber;
+// FILE_ID_128 FileId;
+// } FILE_ID_INFO, *PFILE_ID_INFO;
+//
+// Documentation: https://docs.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-file_id_info
+type FILE_ID_INFO struct {
+ VolumeSerialNumber uint64
+ FileID [16]byte
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
new file mode 100644
index 000000000..b0deb5c72
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
@@ -0,0 +1,222 @@
+//go:build windows
+
+package winapi
+
+import (
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+// Messages that can be received from an assigned io completion port.
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_associate_completion_port
+const (
+ JOB_OBJECT_MSG_END_OF_JOB_TIME uint32 = 1
+ JOB_OBJECT_MSG_END_OF_PROCESS_TIME uint32 = 2
+ JOB_OBJECT_MSG_ACTIVE_PROCESS_LIMIT uint32 = 3
+ JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO uint32 = 4
+ JOB_OBJECT_MSG_NEW_PROCESS uint32 = 6
+ JOB_OBJECT_MSG_EXIT_PROCESS uint32 = 7
+ JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS uint32 = 8
+ JOB_OBJECT_MSG_PROCESS_MEMORY_LIMIT uint32 = 9
+ JOB_OBJECT_MSG_JOB_MEMORY_LIMIT uint32 = 10
+ JOB_OBJECT_MSG_NOTIFICATION_LIMIT uint32 = 11
+)
+
+// Access rights for creating or opening job objects.
+//
+// https://docs.microsoft.com/en-us/windows/win32/procthread/job-object-security-and-access-rights
+const (
+ JOB_OBJECT_QUERY = 0x0004
+ JOB_OBJECT_ALL_ACCESS = 0x1F001F
+)
+
+// IO limit flags
+//
+// https://docs.microsoft.com/en-us/windows/win32/api/jobapi2/ns-jobapi2-jobobject_io_rate_control_information
+const JOB_OBJECT_IO_RATE_CONTROL_ENABLE = 0x1
+
+const JOBOBJECT_IO_ATTRIBUTION_CONTROL_ENABLE uint32 = 0x1
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_cpu_rate_control_information
+const (
+ JOB_OBJECT_CPU_RATE_CONTROL_ENABLE uint32 = 1 << iota
+ JOB_OBJECT_CPU_RATE_CONTROL_WEIGHT_BASED
+ JOB_OBJECT_CPU_RATE_CONTROL_HARD_CAP
+ JOB_OBJECT_CPU_RATE_CONTROL_NOTIFY
+ JOB_OBJECT_CPU_RATE_CONTROL_MIN_MAX_RATE
+)
+
+// JobObjectInformationClass values. Used for a call to QueryInformationJobObject
+//
+// https://docs.microsoft.com/en-us/windows/win32/api/jobapi2/nf-jobapi2-queryinformationjobobject
+const (
+ JobObjectBasicAccountingInformation uint32 = 1
+ JobObjectBasicProcessIdList uint32 = 3
+ JobObjectBasicAndIoAccountingInformation uint32 = 8
+ JobObjectLimitViolationInformation uint32 = 13
+ JobObjectMemoryUsageInformation uint32 = 28
+ JobObjectNotificationLimitInformation2 uint32 = 33
+ JobObjectCreateSilo uint32 = 35
+ JobObjectSiloBasicInformation uint32 = 36
+ JobObjectIoAttribution uint32 = 42
+)
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_limit_information
+type JOBOBJECT_BASIC_LIMIT_INFORMATION struct {
+ PerProcessUserTimeLimit int64
+ PerJobUserTimeLimit int64
+ LimitFlags uint32
+ MinimumWorkingSetSize uintptr
+ MaximumWorkingSetSize uintptr
+ ActiveProcessLimit uint32
+ Affinity uintptr
+ PriorityClass uint32
+ SchedulingClass uint32
+}
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_cpu_rate_control_information
+type JOBOBJECT_CPU_RATE_CONTROL_INFORMATION struct {
+ ControlFlags uint32
+ Value uint32
+}
+
+// https://docs.microsoft.com/en-us/windows/win32/api/jobapi2/ns-jobapi2-jobobject_io_rate_control_information
+type JOBOBJECT_IO_RATE_CONTROL_INFORMATION struct {
+ MaxIops int64
+ MaxBandwidth int64
+ ReservationIops int64
+ BaseIOSize uint32
+ VolumeName string
+ ControlFlags uint32
+}
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_process_id_list
+type JOBOBJECT_BASIC_PROCESS_ID_LIST struct {
+ NumberOfAssignedProcesses uint32
+ NumberOfProcessIdsInList uint32
+ ProcessIdList [1]uintptr
+}
+
+// AllPids returns all the process Ids in the job object.
+func (p *JOBOBJECT_BASIC_PROCESS_ID_LIST) AllPids() []uintptr {
+ return (*[(1 << 27) - 1]uintptr)(unsafe.Pointer(&p.ProcessIdList[0]))[:p.NumberOfProcessIdsInList:p.NumberOfProcessIdsInList]
+}
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_accounting_information
+type JOBOBJECT_BASIC_ACCOUNTING_INFORMATION struct {
+ TotalUserTime int64
+ TotalKernelTime int64
+ ThisPeriodTotalUserTime int64
+ ThisPeriodTotalKernelTime int64
+ TotalPageFaultCount uint32
+ TotalProcesses uint32
+ ActiveProcesses uint32
+ TotalTerminateProcesses uint32
+}
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_and_io_accounting_information
+type JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION struct {
+ BasicInfo JOBOBJECT_BASIC_ACCOUNTING_INFORMATION
+ IoInfo windows.IO_COUNTERS
+}
+
+// typedef struct _JOBOBJECT_MEMORY_USAGE_INFORMATION {
+// ULONG64 JobMemory;
+// ULONG64 PeakJobMemoryUsed;
+// } JOBOBJECT_MEMORY_USAGE_INFORMATION, *PJOBOBJECT_MEMORY_USAGE_INFORMATION;
+type JOBOBJECT_MEMORY_USAGE_INFORMATION struct {
+ JobMemory uint64
+ PeakJobMemoryUsed uint64
+}
+
+// typedef struct _JOBOBJECT_IO_ATTRIBUTION_STATS {
+// ULONG_PTR IoCount;
+// ULONGLONG TotalNonOverlappedQueueTime;
+// ULONGLONG TotalNonOverlappedServiceTime;
+// ULONGLONG TotalSize;
+// } JOBOBJECT_IO_ATTRIBUTION_STATS, *PJOBOBJECT_IO_ATTRIBUTION_STATS;
+type JOBOBJECT_IO_ATTRIBUTION_STATS struct {
+ IoCount uintptr
+ TotalNonOverlappedQueueTime uint64
+ TotalNonOverlappedServiceTime uint64
+ TotalSize uint64
+}
+
+// typedef struct _JOBOBJECT_IO_ATTRIBUTION_INFORMATION {
+// ULONG ControlFlags;
+// JOBOBJECT_IO_ATTRIBUTION_STATS ReadStats;
+// JOBOBJECT_IO_ATTRIBUTION_STATS WriteStats;
+// } JOBOBJECT_IO_ATTRIBUTION_INFORMATION, *PJOBOBJECT_IO_ATTRIBUTION_INFORMATION;
+type JOBOBJECT_IO_ATTRIBUTION_INFORMATION struct {
+ ControlFlags uint32
+ ReadStats JOBOBJECT_IO_ATTRIBUTION_STATS
+ WriteStats JOBOBJECT_IO_ATTRIBUTION_STATS
+}
+
+// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_associate_completion_port
+type JOBOBJECT_ASSOCIATE_COMPLETION_PORT struct {
+ CompletionKey windows.Handle
+ CompletionPort windows.Handle
+}
+
+// BOOL IsProcessInJob(
+// HANDLE ProcessHandle,
+// HANDLE JobHandle,
+// PBOOL Result
+// );
+//
+//sys IsProcessInJob(procHandle windows.Handle, jobHandle windows.Handle, result *int32) (err error) = kernel32.IsProcessInJob
+
+// BOOL QueryInformationJobObject(
+// HANDLE hJob,
+// JOBOBJECTINFOCLASS JobObjectInformationClass,
+// LPVOID lpJobObjectInformation,
+// DWORD cbJobObjectInformationLength,
+// LPDWORD lpReturnLength
+// );
+//
+//sys QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo unsafe.Pointer, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) = kernel32.QueryInformationJobObject
+
+// HANDLE OpenJobObjectW(
+// DWORD dwDesiredAccess,
+// BOOL bInheritHandle,
+// LPCWSTR lpName
+// );
+//
+//sys OpenJobObject(desiredAccess uint32, inheritHandle int32, lpName *uint16) (handle windows.Handle, err error) = kernel32.OpenJobObjectW
+
+// DWORD SetIoRateControlInformationJobObject(
+// HANDLE hJob,
+// JOBOBJECT_IO_RATE_CONTROL_INFORMATION *IoRateControlInfo
+// );
+//
+//sys SetIoRateControlInformationJobObject(jobHandle windows.Handle, ioRateControlInfo *JOBOBJECT_IO_RATE_CONTROL_INFORMATION) (ret uint32, err error) = kernel32.SetIoRateControlInformationJobObject
+
+// DWORD QueryIoRateControlInformationJobObject(
+// HANDLE hJob,
+// PCWSTR VolumeName,
+// JOBOBJECT_IO_RATE_CONTROL_INFORMATION **InfoBlocks,
+// ULONG *InfoBlockCount
+// );
+//
+//sys QueryIoRateControlInformationJobObject(jobHandle windows.Handle, volumeName *uint16, ioRateControlInfo **JOBOBJECT_IO_RATE_CONTROL_INFORMATION, infoBlockCount *uint32) (ret uint32, err error) = kernel32.QueryIoRateControlInformationJobObject
+
+// NTSTATUS
+// NtOpenJobObject (
+// _Out_ PHANDLE JobHandle,
+// _In_ ACCESS_MASK DesiredAccess,
+// _In_ POBJECT_ATTRIBUTES ObjectAttributes
+// );
+//
+//sys NtOpenJobObject(jobHandle *windows.Handle, desiredAccess uint32, objAttributes *ObjectAttributes) (status uint32) = ntdll.NtOpenJobObject
+
+// NTSTATUS
+// NTAPI
+// NtCreateJobObject (
+// _Out_ PHANDLE JobHandle,
+// _In_ ACCESS_MASK DesiredAccess,
+// _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
+// );
+//
+//sys NtCreateJobObject(jobHandle *windows.Handle, desiredAccess uint32, objAttributes *ObjectAttributes) (status uint32) = ntdll.NtCreateJobObject
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/logon.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/logon.go
new file mode 100644
index 000000000..b6e7cfd46
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/logon.go
@@ -0,0 +1,30 @@
+package winapi
+
+// BOOL LogonUserA(
+// LPCWSTR lpszUsername,
+// LPCWSTR lpszDomain,
+// LPCWSTR lpszPassword,
+// DWORD dwLogonType,
+// DWORD dwLogonProvider,
+// PHANDLE phToken
+// );
+//
+//sys LogonUser(username *uint16, domain *uint16, password *uint16, logonType uint32, logonProvider uint32, token *windows.Token) (err error) = advapi32.LogonUserW
+
+// Logon types
+const (
+ LOGON32_LOGON_INTERACTIVE uint32 = 2
+ LOGON32_LOGON_NETWORK uint32 = 3
+ LOGON32_LOGON_BATCH uint32 = 4
+ LOGON32_LOGON_SERVICE uint32 = 5
+ LOGON32_LOGON_UNLOCK uint32 = 7
+ LOGON32_LOGON_NETWORK_CLEARTEXT uint32 = 8
+ LOGON32_LOGON_NEW_CREDENTIALS uint32 = 9
+)
+
+// Logon providers
+const (
+ LOGON32_PROVIDER_DEFAULT uint32 = 0
+ LOGON32_PROVIDER_WINNT40 uint32 = 2
+ LOGON32_PROVIDER_WINNT50 uint32 = 3
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/memory.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/memory.go
new file mode 100644
index 000000000..53f62948c
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/memory.go
@@ -0,0 +1,4 @@
+package winapi
+
+//sys LocalAlloc(flags uint32, size int) (ptr uintptr) = kernel32.LocalAlloc
+//sys LocalFree(ptr uintptr) = kernel32.LocalFree
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/net.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/net.go
new file mode 100644
index 000000000..f37910024
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/net.go
@@ -0,0 +1,3 @@
+package winapi
+
+//sys SetJobCompartmentId(handle windows.Handle, compartmentId uint32) (win32Err error) = iphlpapi.SetJobCompartmentId
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/offlinereg.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/offlinereg.go
new file mode 100644
index 000000000..c578b3d31
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/offlinereg.go
@@ -0,0 +1,37 @@
+package winapi
+
+// Offline registry management API
+
+type ORHKey uintptr
+
+type RegType uint32
+
+const (
+ // Registry value types: https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-value-types
+ REG_TYPE_NONE RegType = 0
+ REG_TYPE_SZ RegType = 1
+ REG_TYPE_EXPAND_SZ RegType = 2
+ REG_TYPE_BINARY RegType = 3
+ REG_TYPE_DWORD RegType = 4
+ REG_TYPE_DWORD_LITTLE_ENDIAN RegType = 4
+ REG_TYPE_DWORD_BIG_ENDIAN RegType = 5
+ REG_TYPE_LINK RegType = 6
+ REG_TYPE_MULTI_SZ RegType = 7
+ REG_TYPE_RESOURCE_LIST RegType = 8
+ REG_TYPE_FULL_RESOURCE_DESCRIPTOR RegType = 9
+ REG_TYPE_RESOURCE_REQUIREMENTS_LIST RegType = 10
+ REG_TYPE_QWORD RegType = 11
+ REG_TYPE_QWORD_LITTLE_ENDIAN RegType = 11
+)
+
+//sys ORCreateHive(key *ORHKey) (win32err error) = offreg.ORCreateHive
+//sys ORMergeHives(hiveHandles []ORHKey, result *ORHKey) (win32err error) = offreg.ORMergeHives
+//sys OROpenHive(hivePath string, result *ORHKey) (win32err error) = offreg.OROpenHive
+//sys ORCloseHive(handle ORHKey) (win32err error) = offreg.ORCloseHive
+//sys ORSaveHive(handle ORHKey, hivePath string, osMajorVersion uint32, osMinorVersion uint32) (win32err error) = offreg.ORSaveHive
+//sys OROpenKey(handle ORHKey, subKey string, result *ORHKey) (win32err error) = offreg.OROpenKey
+//sys ORCloseKey(handle ORHKey) (win32err error) = offreg.ORCloseKey
+//sys ORCreateKey(handle ORHKey, subKey string, class uintptr, options uint32, securityDescriptor uintptr, result *ORHKey, disposition *uint32) (win32err error) = offreg.ORCreateKey
+//sys ORDeleteKey(handle ORHKey, subKey string) (win32err error) = offreg.ORDeleteKey
+//sys ORGetValue(handle ORHKey, subKey string, value string, valueType *uint32, data *byte, dataLen *uint32) (win32err error) = offreg.ORGetValue
+//sys ORSetValue(handle ORHKey, valueName string, valueType uint32, data *byte, dataLen uint32) (win32err error) = offreg.ORSetValue
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go
new file mode 100644
index 000000000..c6a149b55
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go
@@ -0,0 +1,12 @@
+package winapi
+
+// DWORD SearchPathW(
+// LPCWSTR lpPath,
+// LPCWSTR lpFileName,
+// LPCWSTR lpExtension,
+// DWORD nBufferLength,
+// LPWSTR lpBuffer,
+// LPWSTR *lpFilePart
+// );
+//
+//sys SearchPath(lpPath *uint16, lpFileName *uint16, lpExtension *uint16, nBufferLength uint32, lpBuffer *uint16, lpFilePath *uint16) (size uint32, err error) = kernel32.SearchPathW
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
new file mode 100644
index 000000000..f4ae94cfa
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
@@ -0,0 +1,61 @@
+package winapi
+
+const PROCESS_ALL_ACCESS uint32 = 2097151
+
+const (
+ PROC_THREAD_ATTRIBUTE_PSEUDOCONSOLE = 0x20016
+ PROC_THREAD_ATTRIBUTE_JOB_LIST = 0x2000D
+)
+
+// ProcessVmCounters corresponds to the _VM_COUNTERS_EX and _VM_COUNTERS_EX2 structures.
+const ProcessVmCounters = 3
+
+// __kernel_entry NTSTATUS NtQueryInformationProcess(
+// [in] HANDLE ProcessHandle,
+// [in] PROCESSINFOCLASS ProcessInformationClass,
+// [out] PVOID ProcessInformation,
+// [in] ULONG ProcessInformationLength,
+// [out, optional] PULONG ReturnLength
+// );
+//
+//sys NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo unsafe.Pointer, processInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQueryInformationProcess
+
+// typedef struct _VM_COUNTERS_EX {
+// SIZE_T PeakVirtualSize;
+// SIZE_T VirtualSize;
+// ULONG PageFaultCount;
+// SIZE_T PeakWorkingSetSize;
+// SIZE_T WorkingSetSize;
+// SIZE_T QuotaPeakPagedPoolUsage;
+// SIZE_T QuotaPagedPoolUsage;
+// SIZE_T QuotaPeakNonPagedPoolUsage;
+// SIZE_T QuotaNonPagedPoolUsage;
+// SIZE_T PagefileUsage;
+// SIZE_T PeakPagefileUsage;
+// SIZE_T PrivateUsage;
+// } VM_COUNTERS_EX, *PVM_COUNTERS_EX;
+type VM_COUNTERS_EX struct {
+ PeakVirtualSize uintptr
+ VirtualSize uintptr
+ PageFaultCount uint32
+ PeakWorkingSetSize uintptr
+ WorkingSetSize uintptr
+ QuotaPeakPagedPoolUsage uintptr
+ QuotaPagedPoolUsage uintptr
+ QuotaPeakNonPagedPoolUsage uintptr
+ QuotaNonPagedPoolUsage uintptr
+ PagefileUsage uintptr
+ PeakPagefileUsage uintptr
+ PrivateUsage uintptr
+}
+
+// typedef struct _VM_COUNTERS_EX2 {
+// VM_COUNTERS_EX CountersEx;
+// SIZE_T PrivateWorkingSetSize;
+// SIZE_T SharedCommitUsage;
+// } VM_COUNTERS_EX2, *PVM_COUNTERS_EX2;
+type VM_COUNTERS_EX2 struct {
+ CountersEx VM_COUNTERS_EX
+ PrivateWorkingSetSize uintptr
+ SharedCommitUsage uintptr
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/processor.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/processor.go
new file mode 100644
index 000000000..ce79ac2cd
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/processor.go
@@ -0,0 +1,7 @@
+package winapi
+
+// Get count from all processor groups.
+// https://docs.microsoft.com/en-us/windows/win32/procthread/processor-groups
+const ALL_PROCESSOR_GROUPS = 0xFFFF
+
+//sys GetActiveProcessorCount(groupNumber uint16) (amount uint32) = kernel32.GetActiveProcessorCount
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
new file mode 100644
index 000000000..cb494aaa6
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
@@ -0,0 +1,55 @@
+//go:build windows
+
+package winapi
+
+import "golang.org/x/sys/windows"
+
+const SystemProcessInformation = 5
+
+const STATUS_INFO_LENGTH_MISMATCH = 0xC0000004
+
+// __kernel_entry NTSTATUS NtQuerySystemInformation(
+// SYSTEM_INFORMATION_CLASS SystemInformationClass,
+// PVOID SystemInformation,
+// ULONG SystemInformationLength,
+// PULONG ReturnLength
+// );
+//
+//sys NtQuerySystemInformation(systemInfoClass int, systemInformation unsafe.Pointer, systemInfoLength uint32, returnLength *uint32) (status uint32) = ntdll.NtQuerySystemInformation
+
+type SYSTEM_PROCESS_INFORMATION struct {
+ NextEntryOffset uint32 // ULONG
+ NumberOfThreads uint32 // ULONG
+ WorkingSetPrivateSize int64 // LARGE_INTEGER
+ HardFaultCount uint32 // ULONG
+ NumberOfThreadsHighWatermark uint32 // ULONG
+ CycleTime uint64 // ULONGLONG
+ CreateTime int64 // LARGE_INTEGER
+ UserTime int64 // LARGE_INTEGER
+ KernelTime int64 // LARGE_INTEGER
+ ImageName UnicodeString // UNICODE_STRING
+ BasePriority int32 // KPRIORITY
+ UniqueProcessID windows.Handle // HANDLE
+ InheritedFromUniqueProcessID windows.Handle // HANDLE
+ HandleCount uint32 // ULONG
+ SessionID uint32 // ULONG
+ UniqueProcessKey *uint32 // ULONG_PTR
+ PeakVirtualSize uintptr // SIZE_T
+ VirtualSize uintptr // SIZE_T
+ PageFaultCount uint32 // ULONG
+ PeakWorkingSetSize uintptr // SIZE_T
+ WorkingSetSize uintptr // SIZE_T
+ QuotaPeakPagedPoolUsage uintptr // SIZE_T
+ QuotaPagedPoolUsage uintptr // SIZE_T
+ QuotaPeakNonPagedPoolUsage uintptr // SIZE_T
+ QuotaNonPagedPoolUsage uintptr // SIZE_T
+ PagefileUsage uintptr // SIZE_T
+ PeakPagefileUsage uintptr // SIZE_T
+ PrivatePageCount uintptr // SIZE_T
+ ReadOperationCount int64 // LARGE_INTEGER
+ WriteOperationCount int64 // LARGE_INTEGER
+ OtherOperationCount int64 // LARGE_INTEGER
+ ReadTransferCount int64 // LARGE_INTEGER
+ WriteTransferCount int64 // LARGE_INTEGER
+ OtherTransferCount int64 // LARGE_INTEGER
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/thread.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/thread.go
new file mode 100644
index 000000000..f23141a83
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/thread.go
@@ -0,0 +1,13 @@
+package winapi
+
+// HANDLE CreateRemoteThread(
+// HANDLE hProcess,
+// LPSECURITY_ATTRIBUTES lpThreadAttributes,
+// SIZE_T dwStackSize,
+// LPTHREAD_START_ROUTINE lpStartAddress,
+// LPVOID lpParameter,
+// DWORD dwCreationFlags,
+// LPDWORD lpThreadId
+// );
+//
+//sys CreateRemoteThread(process windows.Handle, sa *windows.SecurityAttributes, stackSize uint32, startAddr uintptr, parameter uintptr, creationFlags uint32, threadID *uint32) (handle windows.Handle, err error) = kernel32.CreateRemoteThread
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/user.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/user.go
new file mode 100644
index 000000000..84d4cc294
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/user.go
@@ -0,0 +1,194 @@
+//go:build windows
+
+package winapi
+
+import (
+ "syscall"
+
+ "golang.org/x/sys/windows"
+)
+
+const UserNameCharLimit = 20
+
+const (
+ USER_PRIV_GUEST uint32 = iota
+ USER_PRIV_USER
+ USER_PRIV_ADMIN
+)
+
+const (
+ UF_NORMAL_ACCOUNT = 0x00200
+ UF_DONT_EXPIRE_PASSWD = 0x10000
+)
+
+const NERR_UserNotFound = syscall.Errno(0x8AD)
+
+// typedef struct _LOCALGROUP_MEMBERS_INFO_0 {
+// PSID lgrmi0_sid;
+// } LOCALGROUP_MEMBERS_INFO_0, *PLOCALGROUP_MEMBERS_INFO_0, *LPLOCALGROUP_MEMBERS_INFO_0;
+type LocalGroupMembersInfo0 struct {
+ Sid *windows.SID
+}
+
+// typedef struct _LOCALGROUP_INFO_1 {
+// LPWSTR lgrpi1_name;
+// LPWSTR lgrpi1_comment;
+// } LOCALGROUP_INFO_1, *PLOCALGROUP_INFO_1, *LPLOCALGROUP_INFO_1;
+type LocalGroupInfo1 struct {
+ Name *uint16
+ Comment *uint16
+}
+
+// typedef struct _USER_INFO_1 {
+// LPWSTR usri1_name;
+// LPWSTR usri1_password;
+// DWORD usri1_password_age;
+// DWORD usri1_priv;
+// LPWSTR usri1_home_dir;
+// LPWSTR usri1_comment;
+// DWORD usri1_flags;
+// LPWSTR usri1_script_path;
+// } USER_INFO_1, *PUSER_INFO_1, *LPUSER_INFO_1;
+type UserInfo1 struct {
+ Name *uint16
+ Password *uint16
+ PasswordAge uint32
+ Priv uint32
+ HomeDir *uint16
+ Comment *uint16
+ Flags uint32
+ ScriptPath *uint16
+}
+
+// NET_API_STATUS NET_API_FUNCTION NetLocalGroupGetInfo(
+// [in] LPCWSTR servername,
+// [in] LPCWSTR groupname,
+// [in] DWORD level,
+// [out] LPBYTE *bufptr
+// );
+//
+//sys netLocalGroupGetInfo(serverName *uint16, groupName *uint16, level uint32, bufptr **byte) (status error) = netapi32.NetLocalGroupGetInfo
+
+// NetLocalGroupGetInfo is a slightly go friendlier wrapper around the NetLocalGroupGetInfo function. Instead of taking in *uint16's, it takes in
+// go strings and does the conversion internally.
+func NetLocalGroupGetInfo(serverName, groupName string, level uint32, bufPtr **byte) (err error) {
+ var (
+ serverNameUTF16 *uint16
+ groupNameUTF16 *uint16
+ )
+ if serverName != "" {
+ serverNameUTF16, err = windows.UTF16PtrFromString(serverName)
+ if err != nil {
+ return err
+ }
+ }
+ if groupName != "" {
+ groupNameUTF16, err = windows.UTF16PtrFromString(groupName)
+ if err != nil {
+ return err
+ }
+ }
+ return netLocalGroupGetInfo(
+ serverNameUTF16,
+ groupNameUTF16,
+ level,
+ bufPtr,
+ )
+}
+
+// NET_API_STATUS NET_API_FUNCTION NetUserAdd(
+// [in] LPCWSTR servername,
+// [in] DWORD level,
+// [in] LPBYTE buf,
+// [out] LPDWORD parm_err
+// );
+//
+//sys netUserAdd(serverName *uint16, level uint32, buf *byte, parm_err *uint32) (status error) = netapi32.NetUserAdd
+
+// NetUserAdd is a slightly go friendlier wrapper around the NetUserAdd function. Instead of taking in *uint16's, it takes in
+// go strings and does the conversion internally.
+func NetUserAdd(serverName string, level uint32, buf *byte, parm_err *uint32) (err error) {
+ var serverNameUTF16 *uint16
+ if serverName != "" {
+ serverNameUTF16, err = windows.UTF16PtrFromString(serverName)
+ if err != nil {
+ return err
+ }
+ }
+ return netUserAdd(
+ serverNameUTF16,
+ level,
+ buf,
+ parm_err,
+ )
+}
+
+// NET_API_STATUS NET_API_FUNCTION NetUserDel(
+// [in] LPCWSTR servername,
+// [in] LPCWSTR username
+// );
+//
+//sys netUserDel(serverName *uint16, username *uint16) (status error) = netapi32.NetUserDel
+
+// NetUserDel is a slightly go friendlier wrapper around the NetUserDel function. Instead of taking in *uint16's, it takes in
+// go strings and does the conversion internally.
+func NetUserDel(serverName, userName string) (err error) {
+ var (
+ serverNameUTF16 *uint16
+ userNameUTF16 *uint16
+ )
+ if serverName != "" {
+ serverNameUTF16, err = windows.UTF16PtrFromString(serverName)
+ if err != nil {
+ return err
+ }
+ }
+ if userName != "" {
+ userNameUTF16, err = windows.UTF16PtrFromString(userName)
+ if err != nil {
+ return err
+ }
+ }
+ return netUserDel(
+ serverNameUTF16,
+ userNameUTF16,
+ )
+}
+
+// NET_API_STATUS NET_API_FUNCTION NetLocalGroupAddMembers(
+// [in] LPCWSTR servername,
+// [in] LPCWSTR groupname,
+// [in] DWORD level,
+// [in] LPBYTE buf,
+// [in] DWORD totalentries
+// );
+//
+//sys netLocalGroupAddMembers(serverName *uint16, groupName *uint16, level uint32, buf *byte, totalEntries uint32) (status error) = netapi32.NetLocalGroupAddMembers
+
+// NetLocalGroupAddMembers is a slightly go friendlier wrapper around the NetLocalGroupAddMembers function. Instead of taking in *uint16's, it takes in
+// go strings and does the conversion internally.
+func NetLocalGroupAddMembers(serverName, groupName string, level uint32, buf *byte, totalEntries uint32) (err error) {
+ var (
+ serverNameUTF16 *uint16
+ groupNameUTF16 *uint16
+ )
+ if serverName != "" {
+ serverNameUTF16, err = windows.UTF16PtrFromString(serverName)
+ if err != nil {
+ return err
+ }
+ }
+ if groupName != "" {
+ groupNameUTF16, err = windows.UTF16PtrFromString(groupName)
+ if err != nil {
+ return err
+ }
+ }
+ return netLocalGroupAddMembers(
+ serverNameUTF16,
+ groupNameUTF16,
+ level,
+ buf,
+ totalEntries,
+ )
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go
new file mode 100644
index 000000000..93d633d49
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go
@@ -0,0 +1,88 @@
+//go:build windows
+
+package winapi
+
+import (
+ "errors"
+ "reflect"
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+// Uint16BufferToSlice wraps a uint16 pointer-and-length into a slice
+// for easier interop with Go APIs
+func Uint16BufferToSlice(buffer *uint16, bufferLength int) (result []uint16) {
+ hdr := (*reflect.SliceHeader)(unsafe.Pointer(&result))
+ hdr.Data = uintptr(unsafe.Pointer(buffer))
+ hdr.Cap = bufferLength
+ hdr.Len = bufferLength
+
+ return
+}
+
+// UnicodeString corresponds to UNICODE_STRING win32 struct defined here
+// https://docs.microsoft.com/en-us/windows/win32/api/ntdef/ns-ntdef-_unicode_string
+type UnicodeString struct {
+ Length uint16
+ MaximumLength uint16
+ Buffer *uint16
+}
+
+// NTSTRSAFE_UNICODE_STRING_MAX_CCH is a constant defined in ntstrsafe.h. This value
+// denotes the maximum number of wide chars a path can have.
+const NTSTRSAFE_UNICODE_STRING_MAX_CCH = 32767
+
+// String converts a UnicodeString to a golang string
+func (uni UnicodeString) String() string {
+ // UnicodeString is not guaranteed to be null terminated, therefore
+ // use the UnicodeString's Length field
+ return windows.UTF16ToString(Uint16BufferToSlice(uni.Buffer, int(uni.Length/2)))
+}
+
+// NewUnicodeString allocates a new UnicodeString and copies `s` into
+// the buffer of the new UnicodeString.
+func NewUnicodeString(s string) (*UnicodeString, error) {
+ buf, err := windows.UTF16FromString(s)
+ if err != nil {
+ return nil, err
+ }
+
+ if len(buf) > NTSTRSAFE_UNICODE_STRING_MAX_CCH {
+ return nil, syscall.ENAMETOOLONG
+ }
+
+ uni := &UnicodeString{
+ // The length is in bytes and should not include the trailing null character.
+ Length: uint16((len(buf) - 1) * 2),
+ MaximumLength: uint16((len(buf) - 1) * 2),
+ Buffer: &buf[0],
+ }
+ return uni, nil
+}
+
+// ConvertStringSetToSlice is a helper function used to convert the contents of
+// `buf` into a string slice. `buf` contains a set of null terminated strings
+// with an additional null at the end to indicate the end of the set.
+func ConvertStringSetToSlice(buf []byte) ([]string, error) {
+ var results []string
+ prev := 0
+ for i := range buf {
+ if buf[i] == 0 {
+ if prev == i {
+ // found two null characters in a row, return result
+ return results, nil
+ }
+ results = append(results, string(buf[prev:i]))
+ prev = i + 1
+ }
+ }
+ return nil, errors.New("string set malformed: missing null terminator at end of buffer")
+}
+
+// ParseUtf16LE parses a UTF-16LE byte array into a string (without passing
+// through a uint16 or rune array).
+func ParseUtf16LE(b []byte) string {
+ return windows.UTF16PtrToString((*uint16)(unsafe.Pointer(&b[0])))
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go
new file mode 100644
index 000000000..6a90e3a69
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go
@@ -0,0 +1,3 @@
+package winapi
+
+//go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go ./*.go
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
new file mode 100644
index 000000000..b5b9fcccc
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
@@ -0,0 +1,791 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package winapi
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
+ modbindfltapi = windows.NewLazySystemDLL("bindfltapi.dll")
+ modcfgmgr32 = windows.NewLazySystemDLL("cfgmgr32.dll")
+ modcimfs = windows.NewLazySystemDLL("cimfs.dll")
+ modiphlpapi = windows.NewLazySystemDLL("iphlpapi.dll")
+ modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
+ modnetapi32 = windows.NewLazySystemDLL("netapi32.dll")
+ modntdll = windows.NewLazySystemDLL("ntdll.dll")
+ modoffreg = windows.NewLazySystemDLL("offreg.dll")
+
+ procLogonUserW = modadvapi32.NewProc("LogonUserW")
+ procBfSetupFilter = modbindfltapi.NewProc("BfSetupFilter")
+ procCM_Get_DevNode_PropertyW = modcfgmgr32.NewProc("CM_Get_DevNode_PropertyW")
+ procCM_Get_Device_ID_ListA = modcfgmgr32.NewProc("CM_Get_Device_ID_ListA")
+ procCM_Get_Device_ID_List_SizeA = modcfgmgr32.NewProc("CM_Get_Device_ID_List_SizeA")
+ procCM_Locate_DevNodeW = modcfgmgr32.NewProc("CM_Locate_DevNodeW")
+ procCimCloseImage = modcimfs.NewProc("CimCloseImage")
+ procCimCloseStream = modcimfs.NewProc("CimCloseStream")
+ procCimCommitImage = modcimfs.NewProc("CimCommitImage")
+ procCimCreateAlternateStream = modcimfs.NewProc("CimCreateAlternateStream")
+ procCimCreateFile = modcimfs.NewProc("CimCreateFile")
+ procCimCreateHardLink = modcimfs.NewProc("CimCreateHardLink")
+ procCimCreateImage = modcimfs.NewProc("CimCreateImage")
+ procCimDeletePath = modcimfs.NewProc("CimDeletePath")
+ procCimDismountImage = modcimfs.NewProc("CimDismountImage")
+ procCimMountImage = modcimfs.NewProc("CimMountImage")
+ procCimWriteStream = modcimfs.NewProc("CimWriteStream")
+ procSetJobCompartmentId = modiphlpapi.NewProc("SetJobCompartmentId")
+ procClosePseudoConsole = modkernel32.NewProc("ClosePseudoConsole")
+ procCopyFileW = modkernel32.NewProc("CopyFileW")
+ procCreatePseudoConsole = modkernel32.NewProc("CreatePseudoConsole")
+ procCreateRemoteThread = modkernel32.NewProc("CreateRemoteThread")
+ procGetActiveProcessorCount = modkernel32.NewProc("GetActiveProcessorCount")
+ procIsProcessInJob = modkernel32.NewProc("IsProcessInJob")
+ procLocalAlloc = modkernel32.NewProc("LocalAlloc")
+ procLocalFree = modkernel32.NewProc("LocalFree")
+ procOpenJobObjectW = modkernel32.NewProc("OpenJobObjectW")
+ procQueryInformationJobObject = modkernel32.NewProc("QueryInformationJobObject")
+ procQueryIoRateControlInformationJobObject = modkernel32.NewProc("QueryIoRateControlInformationJobObject")
+ procResizePseudoConsole = modkernel32.NewProc("ResizePseudoConsole")
+ procSearchPathW = modkernel32.NewProc("SearchPathW")
+ procSetIoRateControlInformationJobObject = modkernel32.NewProc("SetIoRateControlInformationJobObject")
+ procNetLocalGroupAddMembers = modnetapi32.NewProc("NetLocalGroupAddMembers")
+ procNetLocalGroupGetInfo = modnetapi32.NewProc("NetLocalGroupGetInfo")
+ procNetUserAdd = modnetapi32.NewProc("NetUserAdd")
+ procNetUserDel = modnetapi32.NewProc("NetUserDel")
+ procNtCreateFile = modntdll.NewProc("NtCreateFile")
+ procNtCreateJobObject = modntdll.NewProc("NtCreateJobObject")
+ procNtOpenDirectoryObject = modntdll.NewProc("NtOpenDirectoryObject")
+ procNtOpenJobObject = modntdll.NewProc("NtOpenJobObject")
+ procNtQueryDirectoryObject = modntdll.NewProc("NtQueryDirectoryObject")
+ procNtQueryInformationProcess = modntdll.NewProc("NtQueryInformationProcess")
+ procNtQuerySystemInformation = modntdll.NewProc("NtQuerySystemInformation")
+ procNtSetInformationFile = modntdll.NewProc("NtSetInformationFile")
+ procRtlNtStatusToDosError = modntdll.NewProc("RtlNtStatusToDosError")
+ procORCloseHive = modoffreg.NewProc("ORCloseHive")
+ procORCloseKey = modoffreg.NewProc("ORCloseKey")
+ procORCreateHive = modoffreg.NewProc("ORCreateHive")
+ procORCreateKey = modoffreg.NewProc("ORCreateKey")
+ procORDeleteKey = modoffreg.NewProc("ORDeleteKey")
+ procORGetValue = modoffreg.NewProc("ORGetValue")
+ procORMergeHives = modoffreg.NewProc("ORMergeHives")
+ procOROpenHive = modoffreg.NewProc("OROpenHive")
+ procOROpenKey = modoffreg.NewProc("OROpenKey")
+ procORSaveHive = modoffreg.NewProc("ORSaveHive")
+ procORSetValue = modoffreg.NewProc("ORSetValue")
+)
+
+func LogonUser(username *uint16, domain *uint16, password *uint16, logonType uint32, logonProvider uint32, token *windows.Token) (err error) {
+ r1, _, e1 := syscall.Syscall6(procLogonUserW.Addr(), 6, uintptr(unsafe.Pointer(username)), uintptr(unsafe.Pointer(domain)), uintptr(unsafe.Pointer(password)), uintptr(logonType), uintptr(logonProvider), uintptr(unsafe.Pointer(token)))
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func BfSetupFilter(jobHandle windows.Handle, flags uint32, virtRootPath *uint16, virtTargetPath *uint16, virtExceptions **uint16, virtExceptionPathCount uint32) (hr error) {
+ hr = procBfSetupFilter.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procBfSetupFilter.Addr(), 6, uintptr(jobHandle), uintptr(flags), uintptr(unsafe.Pointer(virtRootPath)), uintptr(unsafe.Pointer(virtTargetPath)), uintptr(unsafe.Pointer(virtExceptions)), uintptr(virtExceptionPathCount))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CMGetDevNodeProperty(dnDevInst uint32, propertyKey *DevPropKey, propertyType *uint32, propertyBuffer *uint16, propertyBufferSize *uint32, uFlags uint32) (hr error) {
+ r0, _, _ := syscall.Syscall6(procCM_Get_DevNode_PropertyW.Addr(), 6, uintptr(dnDevInst), uintptr(unsafe.Pointer(propertyKey)), uintptr(unsafe.Pointer(propertyType)), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(unsafe.Pointer(propertyBufferSize)), uintptr(uFlags))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CMGetDeviceIDList(pszFilter *byte, buffer *byte, bufferLen uint32, uFlags uint32) (hr error) {
+ r0, _, _ := syscall.Syscall6(procCM_Get_Device_ID_ListA.Addr(), 4, uintptr(unsafe.Pointer(pszFilter)), uintptr(unsafe.Pointer(buffer)), uintptr(bufferLen), uintptr(uFlags), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CMGetDeviceIDListSize(pulLen *uint32, pszFilter *byte, uFlags uint32) (hr error) {
+ r0, _, _ := syscall.Syscall(procCM_Get_Device_ID_List_SizeA.Addr(), 3, uintptr(unsafe.Pointer(pulLen)), uintptr(unsafe.Pointer(pszFilter)), uintptr(uFlags))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CMLocateDevNode(pdnDevInst *uint32, pDeviceID string, uFlags uint32) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(pDeviceID)
+ if hr != nil {
+ return
+ }
+ return _CMLocateDevNode(pdnDevInst, _p0, uFlags)
+}
+
+func _CMLocateDevNode(pdnDevInst *uint32, pDeviceID *uint16, uFlags uint32) (hr error) {
+ r0, _, _ := syscall.Syscall(procCM_Locate_DevNodeW.Addr(), 3, uintptr(unsafe.Pointer(pdnDevInst)), uintptr(unsafe.Pointer(pDeviceID)), uintptr(uFlags))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CimCloseImage(cimFSHandle FsHandle) (hr error) {
+ hr = procCimCloseImage.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procCimCloseImage.Addr(), 1, uintptr(cimFSHandle), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CimCloseStream(cimStreamHandle StreamHandle) (hr error) {
+ hr = procCimCloseStream.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procCimCloseStream.Addr(), 1, uintptr(cimStreamHandle), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CimCommitImage(cimFSHandle FsHandle) (hr error) {
+ hr = procCimCommitImage.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procCimCommitImage.Addr(), 1, uintptr(cimFSHandle), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CimCreateAlternateStream(cimFSHandle FsHandle, path string, size uint64, cimStreamHandle *StreamHandle) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(path)
+ if hr != nil {
+ return
+ }
+ return _CimCreateAlternateStream(cimFSHandle, _p0, size, cimStreamHandle)
+}
+
+func _CimCreateAlternateStream(cimFSHandle FsHandle, path *uint16, size uint64, cimStreamHandle *StreamHandle) (hr error) {
+ hr = procCimCreateAlternateStream.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procCimCreateAlternateStream.Addr(), 4, uintptr(cimFSHandle), uintptr(unsafe.Pointer(path)), uintptr(size), uintptr(unsafe.Pointer(cimStreamHandle)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CimCreateFile(cimFSHandle FsHandle, path string, file *CimFsFileMetadata, cimStreamHandle *StreamHandle) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(path)
+ if hr != nil {
+ return
+ }
+ return _CimCreateFile(cimFSHandle, _p0, file, cimStreamHandle)
+}
+
+func _CimCreateFile(cimFSHandle FsHandle, path *uint16, file *CimFsFileMetadata, cimStreamHandle *StreamHandle) (hr error) {
+ hr = procCimCreateFile.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procCimCreateFile.Addr(), 4, uintptr(cimFSHandle), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(file)), uintptr(unsafe.Pointer(cimStreamHandle)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CimCreateHardLink(cimFSHandle FsHandle, newPath string, oldPath string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(newPath)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(oldPath)
+ if hr != nil {
+ return
+ }
+ return _CimCreateHardLink(cimFSHandle, _p0, _p1)
+}
+
+func _CimCreateHardLink(cimFSHandle FsHandle, newPath *uint16, oldPath *uint16) (hr error) {
+ hr = procCimCreateHardLink.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procCimCreateHardLink.Addr(), 3, uintptr(cimFSHandle), uintptr(unsafe.Pointer(newPath)), uintptr(unsafe.Pointer(oldPath)))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CimCreateImage(imagePath string, oldFSName *uint16, newFSName *uint16, cimFSHandle *FsHandle) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(imagePath)
+ if hr != nil {
+ return
+ }
+ return _CimCreateImage(_p0, oldFSName, newFSName, cimFSHandle)
+}
+
+func _CimCreateImage(imagePath *uint16, oldFSName *uint16, newFSName *uint16, cimFSHandle *FsHandle) (hr error) {
+ hr = procCimCreateImage.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procCimCreateImage.Addr(), 4, uintptr(unsafe.Pointer(imagePath)), uintptr(unsafe.Pointer(oldFSName)), uintptr(unsafe.Pointer(newFSName)), uintptr(unsafe.Pointer(cimFSHandle)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CimDeletePath(cimFSHandle FsHandle, path string) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(path)
+ if hr != nil {
+ return
+ }
+ return _CimDeletePath(cimFSHandle, _p0)
+}
+
+func _CimDeletePath(cimFSHandle FsHandle, path *uint16) (hr error) {
+ hr = procCimDeletePath.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procCimDeletePath.Addr(), 2, uintptr(cimFSHandle), uintptr(unsafe.Pointer(path)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CimDismountImage(volumeID *g) (hr error) {
+ hr = procCimDismountImage.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procCimDismountImage.Addr(), 1, uintptr(unsafe.Pointer(volumeID)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CimMountImage(imagePath string, fsName string, flags uint32, volumeID *g) (hr error) {
+ var _p0 *uint16
+ _p0, hr = syscall.UTF16PtrFromString(imagePath)
+ if hr != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, hr = syscall.UTF16PtrFromString(fsName)
+ if hr != nil {
+ return
+ }
+ return _CimMountImage(_p0, _p1, flags, volumeID)
+}
+
+func _CimMountImage(imagePath *uint16, fsName *uint16, flags uint32, volumeID *g) (hr error) {
+ hr = procCimMountImage.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall6(procCimMountImage.Addr(), 4, uintptr(unsafe.Pointer(imagePath)), uintptr(unsafe.Pointer(fsName)), uintptr(flags), uintptr(unsafe.Pointer(volumeID)), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CimWriteStream(cimStreamHandle StreamHandle, buffer uintptr, bufferSize uint32) (hr error) {
+ hr = procCimWriteStream.Find()
+ if hr != nil {
+ return
+ }
+ r0, _, _ := syscall.Syscall(procCimWriteStream.Addr(), 3, uintptr(cimStreamHandle), uintptr(buffer), uintptr(bufferSize))
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func SetJobCompartmentId(handle windows.Handle, compartmentId uint32) (win32Err error) {
+ r0, _, _ := syscall.Syscall(procSetJobCompartmentId.Addr(), 2, uintptr(handle), uintptr(compartmentId), 0)
+ if r0 != 0 {
+ win32Err = syscall.Errno(r0)
+ }
+ return
+}
+
+func ClosePseudoConsole(hpc windows.Handle) {
+ syscall.Syscall(procClosePseudoConsole.Addr(), 1, uintptr(hpc), 0, 0)
+ return
+}
+
+func CopyFileW(existingFileName *uint16, newFileName *uint16, failIfExists int32) (err error) {
+ r1, _, e1 := syscall.Syscall(procCopyFileW.Addr(), 3, uintptr(unsafe.Pointer(existingFileName)), uintptr(unsafe.Pointer(newFileName)), uintptr(failIfExists))
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func createPseudoConsole(size uint32, hInput windows.Handle, hOutput windows.Handle, dwFlags uint32, hpcon *windows.Handle) (hr error) {
+ r0, _, _ := syscall.Syscall6(procCreatePseudoConsole.Addr(), 5, uintptr(size), uintptr(hInput), uintptr(hOutput), uintptr(dwFlags), uintptr(unsafe.Pointer(hpcon)), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func CreateRemoteThread(process windows.Handle, sa *windows.SecurityAttributes, stackSize uint32, startAddr uintptr, parameter uintptr, creationFlags uint32, threadID *uint32) (handle windows.Handle, err error) {
+ r0, _, e1 := syscall.Syscall9(procCreateRemoteThread.Addr(), 7, uintptr(process), uintptr(unsafe.Pointer(sa)), uintptr(stackSize), uintptr(startAddr), uintptr(parameter), uintptr(creationFlags), uintptr(unsafe.Pointer(threadID)), 0, 0)
+ handle = windows.Handle(r0)
+ if handle == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func GetActiveProcessorCount(groupNumber uint16) (amount uint32) {
+ r0, _, _ := syscall.Syscall(procGetActiveProcessorCount.Addr(), 1, uintptr(groupNumber), 0, 0)
+ amount = uint32(r0)
+ return
+}
+
+func IsProcessInJob(procHandle windows.Handle, jobHandle windows.Handle, result *int32) (err error) {
+ r1, _, e1 := syscall.Syscall(procIsProcessInJob.Addr(), 3, uintptr(procHandle), uintptr(jobHandle), uintptr(unsafe.Pointer(result)))
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func LocalAlloc(flags uint32, size int) (ptr uintptr) {
+ r0, _, _ := syscall.Syscall(procLocalAlloc.Addr(), 2, uintptr(flags), uintptr(size), 0)
+ ptr = uintptr(r0)
+ return
+}
+
+func LocalFree(ptr uintptr) {
+ syscall.Syscall(procLocalFree.Addr(), 1, uintptr(ptr), 0, 0)
+ return
+}
+
+func OpenJobObject(desiredAccess uint32, inheritHandle int32, lpName *uint16) (handle windows.Handle, err error) {
+ r0, _, e1 := syscall.Syscall(procOpenJobObjectW.Addr(), 3, uintptr(desiredAccess), uintptr(inheritHandle), uintptr(unsafe.Pointer(lpName)))
+ handle = windows.Handle(r0)
+ if handle == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo unsafe.Pointer, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) {
+ r1, _, e1 := syscall.Syscall6(procQueryInformationJobObject.Addr(), 5, uintptr(jobHandle), uintptr(infoClass), uintptr(jobObjectInfo), uintptr(jobObjectInformationLength), uintptr(unsafe.Pointer(lpReturnLength)), 0)
+ if r1 == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func QueryIoRateControlInformationJobObject(jobHandle windows.Handle, volumeName *uint16, ioRateControlInfo **JOBOBJECT_IO_RATE_CONTROL_INFORMATION, infoBlockCount *uint32) (ret uint32, err error) {
+ r0, _, e1 := syscall.Syscall6(procQueryIoRateControlInformationJobObject.Addr(), 4, uintptr(jobHandle), uintptr(unsafe.Pointer(volumeName)), uintptr(unsafe.Pointer(ioRateControlInfo)), uintptr(unsafe.Pointer(infoBlockCount)), 0, 0)
+ ret = uint32(r0)
+ if ret == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func resizePseudoConsole(hPc windows.Handle, size uint32) (hr error) {
+ r0, _, _ := syscall.Syscall(procResizePseudoConsole.Addr(), 2, uintptr(hPc), uintptr(size), 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
+
+func SearchPath(lpPath *uint16, lpFileName *uint16, lpExtension *uint16, nBufferLength uint32, lpBuffer *uint16, lpFilePath *uint16) (size uint32, err error) {
+ r0, _, e1 := syscall.Syscall6(procSearchPathW.Addr(), 6, uintptr(unsafe.Pointer(lpPath)), uintptr(unsafe.Pointer(lpFileName)), uintptr(unsafe.Pointer(lpExtension)), uintptr(nBufferLength), uintptr(unsafe.Pointer(lpBuffer)), uintptr(unsafe.Pointer(lpFilePath)))
+ size = uint32(r0)
+ if size == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func SetIoRateControlInformationJobObject(jobHandle windows.Handle, ioRateControlInfo *JOBOBJECT_IO_RATE_CONTROL_INFORMATION) (ret uint32, err error) {
+ r0, _, e1 := syscall.Syscall(procSetIoRateControlInformationJobObject.Addr(), 2, uintptr(jobHandle), uintptr(unsafe.Pointer(ioRateControlInfo)), 0)
+ ret = uint32(r0)
+ if ret == 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func netLocalGroupAddMembers(serverName *uint16, groupName *uint16, level uint32, buf *byte, totalEntries uint32) (status error) {
+ r0, _, _ := syscall.Syscall6(procNetLocalGroupAddMembers.Addr(), 5, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(groupName)), uintptr(level), uintptr(unsafe.Pointer(buf)), uintptr(totalEntries), 0)
+ if r0 != 0 {
+ status = syscall.Errno(r0)
+ }
+ return
+}
+
+func netLocalGroupGetInfo(serverName *uint16, groupName *uint16, level uint32, bufptr **byte) (status error) {
+ r0, _, _ := syscall.Syscall6(procNetLocalGroupGetInfo.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(groupName)), uintptr(level), uintptr(unsafe.Pointer(bufptr)), 0, 0)
+ if r0 != 0 {
+ status = syscall.Errno(r0)
+ }
+ return
+}
+
+func netUserAdd(serverName *uint16, level uint32, buf *byte, parm_err *uint32) (status error) {
+ r0, _, _ := syscall.Syscall6(procNetUserAdd.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(level), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(parm_err)), 0, 0)
+ if r0 != 0 {
+ status = syscall.Errno(r0)
+ }
+ return
+}
+
+func netUserDel(serverName *uint16, username *uint16) (status error) {
+ r0, _, _ := syscall.Syscall(procNetUserDel.Addr(), 2, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(username)), 0)
+ if r0 != 0 {
+ status = syscall.Errno(r0)
+ }
+ return
+}
+
+func NtCreateFile(handle *uintptr, accessMask uint32, oa *ObjectAttributes, iosb *IOStatusBlock, allocationSize *uint64, fileAttributes uint32, shareAccess uint32, createDisposition uint32, createOptions uint32, eaBuffer *byte, eaLength uint32) (status uint32) {
+ r0, _, _ := syscall.Syscall12(procNtCreateFile.Addr(), 11, uintptr(unsafe.Pointer(handle)), uintptr(accessMask), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(allocationSize)), uintptr(fileAttributes), uintptr(shareAccess), uintptr(createDisposition), uintptr(createOptions), uintptr(unsafe.Pointer(eaBuffer)), uintptr(eaLength), 0)
+ status = uint32(r0)
+ return
+}
+
+func NtCreateJobObject(jobHandle *windows.Handle, desiredAccess uint32, objAttributes *ObjectAttributes) (status uint32) {
+ r0, _, _ := syscall.Syscall(procNtCreateJobObject.Addr(), 3, uintptr(unsafe.Pointer(jobHandle)), uintptr(desiredAccess), uintptr(unsafe.Pointer(objAttributes)))
+ status = uint32(r0)
+ return
+}
+
+func NtOpenDirectoryObject(handle *uintptr, accessMask uint32, oa *ObjectAttributes) (status uint32) {
+ r0, _, _ := syscall.Syscall(procNtOpenDirectoryObject.Addr(), 3, uintptr(unsafe.Pointer(handle)), uintptr(accessMask), uintptr(unsafe.Pointer(oa)))
+ status = uint32(r0)
+ return
+}
+
+func NtOpenJobObject(jobHandle *windows.Handle, desiredAccess uint32, objAttributes *ObjectAttributes) (status uint32) {
+ r0, _, _ := syscall.Syscall(procNtOpenJobObject.Addr(), 3, uintptr(unsafe.Pointer(jobHandle)), uintptr(desiredAccess), uintptr(unsafe.Pointer(objAttributes)))
+ status = uint32(r0)
+ return
+}
+
+func NtQueryDirectoryObject(handle uintptr, buffer *byte, length uint32, singleEntry bool, restartScan bool, context *uint32, returnLength *uint32) (status uint32) {
+ var _p0 uint32
+ if singleEntry {
+ _p0 = 1
+ }
+ var _p1 uint32
+ if restartScan {
+ _p1 = 1
+ }
+ r0, _, _ := syscall.Syscall9(procNtQueryDirectoryObject.Addr(), 7, uintptr(handle), uintptr(unsafe.Pointer(buffer)), uintptr(length), uintptr(_p0), uintptr(_p1), uintptr(unsafe.Pointer(context)), uintptr(unsafe.Pointer(returnLength)), 0, 0)
+ status = uint32(r0)
+ return
+}
+
+func NtQueryInformationProcess(processHandle windows.Handle, processInfoClass uint32, processInfo unsafe.Pointer, processInfoLength uint32, returnLength *uint32) (status uint32) {
+ r0, _, _ := syscall.Syscall6(procNtQueryInformationProcess.Addr(), 5, uintptr(processHandle), uintptr(processInfoClass), uintptr(processInfo), uintptr(processInfoLength), uintptr(unsafe.Pointer(returnLength)), 0)
+ status = uint32(r0)
+ return
+}
+
+func NtQuerySystemInformation(systemInfoClass int, systemInformation unsafe.Pointer, systemInfoLength uint32, returnLength *uint32) (status uint32) {
+ r0, _, _ := syscall.Syscall6(procNtQuerySystemInformation.Addr(), 4, uintptr(systemInfoClass), uintptr(systemInformation), uintptr(systemInfoLength), uintptr(unsafe.Pointer(returnLength)), 0, 0)
+ status = uint32(r0)
+ return
+}
+
+func NtSetInformationFile(handle uintptr, iosb *IOStatusBlock, information uintptr, length uint32, class uint32) (status uint32) {
+ r0, _, _ := syscall.Syscall6(procNtSetInformationFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(iosb)), uintptr(information), uintptr(length), uintptr(class), 0)
+ status = uint32(r0)
+ return
+}
+
+func RtlNtStatusToDosError(status uint32) (winerr error) {
+ r0, _, _ := syscall.Syscall(procRtlNtStatusToDosError.Addr(), 1, uintptr(status), 0, 0)
+ if r0 != 0 {
+ winerr = syscall.Errno(r0)
+ }
+ return
+}
+
+func ORCloseHive(handle ORHKey) (win32err error) {
+ r0, _, _ := syscall.Syscall(procORCloseHive.Addr(), 1, uintptr(handle), 0, 0)
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func ORCloseKey(handle ORHKey) (win32err error) {
+ r0, _, _ := syscall.Syscall(procORCloseKey.Addr(), 1, uintptr(handle), 0, 0)
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func ORCreateHive(key *ORHKey) (win32err error) {
+ r0, _, _ := syscall.Syscall(procORCreateHive.Addr(), 1, uintptr(unsafe.Pointer(key)), 0, 0)
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func ORCreateKey(handle ORHKey, subKey string, class uintptr, options uint32, securityDescriptor uintptr, result *ORHKey, disposition *uint32) (win32err error) {
+ var _p0 *uint16
+ _p0, win32err = syscall.UTF16PtrFromString(subKey)
+ if win32err != nil {
+ return
+ }
+ return _ORCreateKey(handle, _p0, class, options, securityDescriptor, result, disposition)
+}
+
+func _ORCreateKey(handle ORHKey, subKey *uint16, class uintptr, options uint32, securityDescriptor uintptr, result *ORHKey, disposition *uint32) (win32err error) {
+ r0, _, _ := syscall.Syscall9(procORCreateKey.Addr(), 7, uintptr(handle), uintptr(unsafe.Pointer(subKey)), uintptr(class), uintptr(options), uintptr(securityDescriptor), uintptr(unsafe.Pointer(result)), uintptr(unsafe.Pointer(disposition)), 0, 0)
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func ORDeleteKey(handle ORHKey, subKey string) (win32err error) {
+ var _p0 *uint16
+ _p0, win32err = syscall.UTF16PtrFromString(subKey)
+ if win32err != nil {
+ return
+ }
+ return _ORDeleteKey(handle, _p0)
+}
+
+func _ORDeleteKey(handle ORHKey, subKey *uint16) (win32err error) {
+ r0, _, _ := syscall.Syscall(procORDeleteKey.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(subKey)), 0)
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func ORGetValue(handle ORHKey, subKey string, value string, valueType *uint32, data *byte, dataLen *uint32) (win32err error) {
+ var _p0 *uint16
+ _p0, win32err = syscall.UTF16PtrFromString(subKey)
+ if win32err != nil {
+ return
+ }
+ var _p1 *uint16
+ _p1, win32err = syscall.UTF16PtrFromString(value)
+ if win32err != nil {
+ return
+ }
+ return _ORGetValue(handle, _p0, _p1, valueType, data, dataLen)
+}
+
+func _ORGetValue(handle ORHKey, subKey *uint16, value *uint16, valueType *uint32, data *byte, dataLen *uint32) (win32err error) {
+ r0, _, _ := syscall.Syscall6(procORGetValue.Addr(), 6, uintptr(handle), uintptr(unsafe.Pointer(subKey)), uintptr(unsafe.Pointer(value)), uintptr(unsafe.Pointer(valueType)), uintptr(unsafe.Pointer(data)), uintptr(unsafe.Pointer(dataLen)))
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func ORMergeHives(hiveHandles []ORHKey, result *ORHKey) (win32err error) {
+ var _p0 *ORHKey
+ if len(hiveHandles) > 0 {
+ _p0 = &hiveHandles[0]
+ }
+ r0, _, _ := syscall.Syscall(procORMergeHives.Addr(), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(hiveHandles)), uintptr(unsafe.Pointer(result)))
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func OROpenHive(hivePath string, result *ORHKey) (win32err error) {
+ var _p0 *uint16
+ _p0, win32err = syscall.UTF16PtrFromString(hivePath)
+ if win32err != nil {
+ return
+ }
+ return _OROpenHive(_p0, result)
+}
+
+func _OROpenHive(hivePath *uint16, result *ORHKey) (win32err error) {
+ r0, _, _ := syscall.Syscall(procOROpenHive.Addr(), 2, uintptr(unsafe.Pointer(hivePath)), uintptr(unsafe.Pointer(result)), 0)
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func OROpenKey(handle ORHKey, subKey string, result *ORHKey) (win32err error) {
+ var _p0 *uint16
+ _p0, win32err = syscall.UTF16PtrFromString(subKey)
+ if win32err != nil {
+ return
+ }
+ return _OROpenKey(handle, _p0, result)
+}
+
+func _OROpenKey(handle ORHKey, subKey *uint16, result *ORHKey) (win32err error) {
+ r0, _, _ := syscall.Syscall(procOROpenKey.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(subKey)), uintptr(unsafe.Pointer(result)))
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func ORSaveHive(handle ORHKey, hivePath string, osMajorVersion uint32, osMinorVersion uint32) (win32err error) {
+ var _p0 *uint16
+ _p0, win32err = syscall.UTF16PtrFromString(hivePath)
+ if win32err != nil {
+ return
+ }
+ return _ORSaveHive(handle, _p0, osMajorVersion, osMinorVersion)
+}
+
+func _ORSaveHive(handle ORHKey, hivePath *uint16, osMajorVersion uint32, osMinorVersion uint32) (win32err error) {
+ r0, _, _ := syscall.Syscall6(procORSaveHive.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(hivePath)), uintptr(osMajorVersion), uintptr(osMinorVersion), 0, 0)
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
+
+func ORSetValue(handle ORHKey, valueName string, valueType uint32, data *byte, dataLen uint32) (win32err error) {
+ var _p0 *uint16
+ _p0, win32err = syscall.UTF16PtrFromString(valueName)
+ if win32err != nil {
+ return
+ }
+ return _ORSetValue(handle, _p0, valueType, data, dataLen)
+}
+
+func _ORSetValue(handle ORHKey, valueName *uint16, valueType uint32, data *byte, dataLen uint32) (win32err error) {
+ r0, _, _ := syscall.Syscall6(procORSetValue.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(valueName)), uintptr(valueType), uintptr(unsafe.Pointer(data)), uintptr(dataLen), 0)
+ if r0 != 0 {
+ win32err = syscall.Errno(r0)
+ }
+ return
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/layer.go b/vendor/github.com/Microsoft/hcsshim/layer.go
new file mode 100644
index 000000000..7e9c9fbbe
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/layer.go
@@ -0,0 +1,113 @@
+//go:build windows
+
+package hcsshim
+
+import (
+ "context"
+ "crypto/sha1"
+ "path/filepath"
+
+ "github.com/Microsoft/go-winio/pkg/guid"
+ "github.com/Microsoft/hcsshim/internal/wclayer"
+)
+
+func layerPath(info *DriverInfo, id string) string {
+ return filepath.Join(info.HomeDir, id)
+}
+
+func ActivateLayer(info DriverInfo, id string) error {
+ return wclayer.ActivateLayer(context.Background(), layerPath(&info, id))
+}
+func CreateLayer(info DriverInfo, id, parent string) error {
+ return wclayer.CreateLayer(context.Background(), layerPath(&info, id), parent)
+}
+
+// New clients should use CreateScratchLayer instead. Kept in to preserve API compatibility.
+func CreateSandboxLayer(info DriverInfo, layerId, parentId string, parentLayerPaths []string) error {
+ return wclayer.CreateScratchLayer(context.Background(), layerPath(&info, layerId), parentLayerPaths)
+}
+func CreateScratchLayer(info DriverInfo, layerId, parentId string, parentLayerPaths []string) error {
+ return wclayer.CreateScratchLayer(context.Background(), layerPath(&info, layerId), parentLayerPaths)
+}
+func DeactivateLayer(info DriverInfo, id string) error {
+ return wclayer.DeactivateLayer(context.Background(), layerPath(&info, id))
+}
+
+func DestroyLayer(info DriverInfo, id string) error {
+ return wclayer.DestroyLayer(context.Background(), layerPath(&info, id))
+}
+
+// New clients should use ExpandScratchSize instead. Kept in to preserve API compatibility.
+func ExpandSandboxSize(info DriverInfo, layerId string, size uint64) error {
+ return wclayer.ExpandScratchSize(context.Background(), layerPath(&info, layerId), size)
+}
+func ExpandScratchSize(info DriverInfo, layerId string, size uint64) error {
+ return wclayer.ExpandScratchSize(context.Background(), layerPath(&info, layerId), size)
+}
+func ExportLayer(info DriverInfo, layerId string, exportFolderPath string, parentLayerPaths []string) error {
+ return wclayer.ExportLayer(context.Background(), layerPath(&info, layerId), exportFolderPath, parentLayerPaths)
+}
+func GetLayerMountPath(info DriverInfo, id string) (string, error) {
+ return wclayer.GetLayerMountPath(context.Background(), layerPath(&info, id))
+}
+func GetSharedBaseImages() (imageData string, err error) {
+ return wclayer.GetSharedBaseImages(context.Background())
+}
+func ImportLayer(info DriverInfo, layerID string, importFolderPath string, parentLayerPaths []string) error {
+ return wclayer.ImportLayer(context.Background(), layerPath(&info, layerID), importFolderPath, parentLayerPaths)
+}
+func LayerExists(info DriverInfo, id string) (bool, error) {
+ return wclayer.LayerExists(context.Background(), layerPath(&info, id))
+}
+func PrepareLayer(info DriverInfo, layerId string, parentLayerPaths []string) error {
+ return wclayer.PrepareLayer(context.Background(), layerPath(&info, layerId), parentLayerPaths)
+}
+func ProcessBaseLayer(path string) error {
+ return wclayer.ProcessBaseLayer(context.Background(), path)
+}
+func ProcessUtilityVMImage(path string) error {
+ return wclayer.ProcessUtilityVMImage(context.Background(), path)
+}
+func UnprepareLayer(info DriverInfo, layerId string) error {
+ return wclayer.UnprepareLayer(context.Background(), layerPath(&info, layerId))
+}
+func ConvertToBaseLayer(path string) error {
+ return wclayer.ConvertToBaseLayer(context.Background(), path)
+}
+
+type DriverInfo struct {
+ Flavour int
+ HomeDir string
+}
+
+type GUID [16]byte
+
+func NameToGuid(name string) (id GUID, err error) {
+ g, err := wclayer.NameToGuid(context.Background(), name)
+ return g.ToWindowsArray(), err
+}
+
+func NewGUID(source string) *GUID {
+ h := sha1.Sum([]byte(source))
+ var g GUID
+ copy(g[0:], h[0:16])
+ return &g
+}
+
+func (g *GUID) ToString() string {
+ return guid.FromWindowsArray(*g).String()
+}
+
+type LayerReader = wclayer.LayerReader
+
+func NewLayerReader(info DriverInfo, layerID string, parentLayerPaths []string) (LayerReader, error) {
+ return wclayer.NewLayerReader(context.Background(), layerPath(&info, layerID), parentLayerPaths)
+}
+
+type LayerWriter = wclayer.LayerWriter
+
+func NewLayerWriter(info DriverInfo, layerID string, parentLayerPaths []string) (LayerWriter, error) {
+ return wclayer.NewLayerWriter(context.Background(), layerPath(&info, layerID), parentLayerPaths)
+}
+
+type WC_LAYER_DESCRIPTOR = wclayer.WC_LAYER_DESCRIPTOR
diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go b/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go
new file mode 100644
index 000000000..3227ebe89
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go
@@ -0,0 +1,74 @@
+package osversion
+
+import (
+ "fmt"
+ "sync"
+
+ "golang.org/x/sys/windows"
+ "golang.org/x/sys/windows/registry"
+)
+
+// OSVersion is a wrapper for Windows version information
+// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx
+type OSVersion struct {
+ Version uint32
+ MajorVersion uint8
+ MinorVersion uint8
+ Build uint16
+}
+
+var (
+ osv OSVersion
+ once sync.Once
+)
+
+// Get gets the operating system version on Windows.
+// The calling application must be manifested to get the correct version information.
+func Get() OSVersion {
+ once.Do(func() {
+ v := *windows.RtlGetVersion()
+ osv = OSVersion{}
+ osv.MajorVersion = uint8(v.MajorVersion)
+ osv.MinorVersion = uint8(v.MinorVersion)
+ osv.Build = uint16(v.BuildNumber)
+ // Fill version value so that existing clients don't break
+ osv.Version = v.BuildNumber << 16
+ osv.Version = osv.Version | (uint32(v.MinorVersion) << 8)
+ osv.Version = osv.Version | v.MajorVersion
+ })
+ return osv
+}
+
+// Build gets the build-number on Windows
+// The calling application must be manifested to get the correct version information.
+func Build() uint16 {
+ return Get().Build
+}
+
+// String returns the OSVersion formatted as a string. It implements the
+// [fmt.Stringer] interface.
+func (osv OSVersion) String() string {
+ return fmt.Sprintf("%d.%d.%d", osv.MajorVersion, osv.MinorVersion, osv.Build)
+}
+
+// ToString returns the OSVersion formatted as a string.
+//
+// Deprecated: use [OSVersion.String].
+func (osv OSVersion) ToString() string {
+ return osv.String()
+}
+
+// Running `cmd /c ver` shows something like "10.0.20348.1000". The last component ("1000") is the revision
+// number
+func BuildRevision() (uint32, error) {
+ k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
+ if err != nil {
+ return 0, fmt.Errorf("open `CurrentVersion` registry key: %w", err)
+ }
+ defer k.Close()
+ s, _, err := k.GetIntegerValue("UBR")
+ if err != nil {
+ return 0, fmt.Errorf("read `UBR` from registry: %w", err)
+ }
+ return uint32(s), nil
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/platform_compat_windows.go b/vendor/github.com/Microsoft/hcsshim/osversion/platform_compat_windows.go
new file mode 100644
index 000000000..f8d411ad7
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/osversion/platform_compat_windows.go
@@ -0,0 +1,35 @@
+package osversion
+
+// List of stable ABI compliant ltsc releases
+// Note: List must be sorted in ascending order
+var compatLTSCReleases = []uint16{
+ V21H2Server,
+}
+
+// CheckHostAndContainerCompat checks if given host and container
+// OS versions are compatible.
+// It includes support for stable ABI compliant versions as well.
+// Every release after WS 2022 will support the previous ltsc
+// container image. Stable ABI is in preview mode for windows 11 client.
+// Refer: https://learn.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/version-compatibility?tabs=windows-server-2022%2Cwindows-10#windows-server-host-os-compatibility
+func CheckHostAndContainerCompat(host, ctr OSVersion) bool {
+ // check major minor versions of host and guest
+ if host.MajorVersion != ctr.MajorVersion ||
+ host.MinorVersion != ctr.MinorVersion {
+ return false
+ }
+
+ // If host is < WS 2022, exact version match is required
+ if host.Build < V21H2Server {
+ return host.Build == ctr.Build
+ }
+
+ var supportedLtscRelease uint16
+ for i := len(compatLTSCReleases) - 1; i >= 0; i-- {
+ if host.Build >= compatLTSCReleases[i] {
+ supportedLtscRelease = compatLTSCReleases[i]
+ break
+ }
+ }
+ return ctr.Build >= supportedLtscRelease && ctr.Build <= host.Build
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go b/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go
new file mode 100644
index 000000000..446369591
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go
@@ -0,0 +1,84 @@
+package osversion
+
+// Windows Client and Server build numbers.
+//
+// See:
+// https://learn.microsoft.com/en-us/windows/release-health/release-information
+// https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info
+// https://learn.microsoft.com/en-us/windows/release-health/windows11-release-information
+const (
+ // RS1 (version 1607, codename "Redstone 1") corresponds to Windows Server
+ // 2016 (ltsc2016) and Windows 10 (Anniversary Update).
+ RS1 = 14393
+ // V1607 (version 1607, codename "Redstone 1") is an alias for [RS1].
+ V1607 = RS1
+ // LTSC2016 (Windows Server 2016) is an alias for [RS1].
+ LTSC2016 = RS1
+
+ // RS2 (version 1703, codename "Redstone 2") was a client-only update, and
+ // corresponds to Windows 10 (Creators Update).
+ RS2 = 15063
+ // V1703 (version 1703, codename "Redstone 2") is an alias for [RS2].
+ V1703 = RS2
+
+ // RS3 (version 1709, codename "Redstone 3") corresponds to Windows Server
+ // 1709 (Semi-Annual Channel (SAC)), and Windows 10 (Fall Creators Update).
+ RS3 = 16299
+ // V1709 (version 1709, codename "Redstone 3") is an alias for [RS3].
+ V1709 = RS3
+
+ // RS4 (version 1803, codename "Redstone 4") corresponds to Windows Server
+ // 1803 (Semi-Annual Channel (SAC)), and Windows 10 (April 2018 Update).
+ RS4 = 17134
+ // V1803 (version 1803, codename "Redstone 4") is an alias for [RS4].
+ V1803 = RS4
+
+ // RS5 (version 1809, codename "Redstone 5") corresponds to Windows Server
+ // 2019 (ltsc2019), and Windows 10 (October 2018 Update).
+ RS5 = 17763
+ // V1809 (version 1809, codename "Redstone 5") is an alias for [RS5].
+ V1809 = RS5
+ // LTSC2019 (Windows Server 2019) is an alias for [RS5].
+ LTSC2019 = RS5
+
+ // V19H1 (version 1903, codename 19H1) corresponds to Windows Server 1903 (semi-annual
+ // channel).
+ V19H1 = 18362
+ // V1903 (version 1903) is an alias for [V19H1].
+ V1903 = V19H1
+
+ // V19H2 (version 1909, codename 19H2) corresponds to Windows Server 1909 (semi-annual
+ // channel).
+ V19H2 = 18363
+ // V1909 (version 1909) is an alias for [V19H2].
+ V1909 = V19H2
+
+ // V20H1 (version 2004, codename 20H1) corresponds to Windows Server 2004 (semi-annual
+ // channel).
+ V20H1 = 19041
+ // V2004 (version 2004) is an alias for [V20H1].
+ V2004 = V20H1
+
+ // V20H2 corresponds to Windows Server 20H2 (semi-annual channel).
+ V20H2 = 19042
+
+ // V21H1 corresponds to Windows Server 21H1 (semi-annual channel).
+ V21H1 = 19043
+
+ // V21H2Win10 corresponds to Windows 10 (November 2021 Update).
+ V21H2Win10 = 19044
+
+ // V21H2Server corresponds to Windows Server 2022 (ltsc2022).
+ V21H2Server = 20348
+ // LTSC2022 (Windows Server 2022) is an alias for [V21H2Server]
+ LTSC2022 = V21H2Server
+
+ // V21H2Win11 corresponds to Windows 11 (original release).
+ V21H2Win11 = 22000
+
+ // V22H2Win10 corresponds to Windows 10 (2022 Update).
+ V22H2Win10 = 19045
+
+ // V22H2Win11 corresponds to Windows 11 (2022 Update).
+ V22H2Win11 = 22621
+)
diff --git a/vendor/github.com/Microsoft/hcsshim/process.go b/vendor/github.com/Microsoft/hcsshim/process.go
new file mode 100644
index 000000000..44df91cde
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/process.go
@@ -0,0 +1,100 @@
+//go:build windows
+
+package hcsshim
+
+import (
+ "context"
+ "io"
+ "sync"
+ "time"
+
+ "github.com/Microsoft/hcsshim/internal/hcs"
+)
+
+// ContainerError is an error encountered in HCS
+type process struct {
+ p *hcs.Process
+ waitOnce sync.Once
+ waitCh chan struct{}
+ waitErr error
+}
+
+// Pid returns the process ID of the process within the container.
+func (process *process) Pid() int {
+ return process.p.Pid()
+}
+
+// Kill signals the process to terminate but does not wait for it to finish terminating.
+func (process *process) Kill() error {
+ found, err := process.p.Kill(context.Background())
+ if err != nil {
+ return convertProcessError(err, process)
+ }
+ if !found {
+ return &ProcessError{Process: process, Err: ErrElementNotFound, Operation: "hcsshim::Process::Kill"}
+ }
+ return nil
+}
+
+// Wait waits for the process to exit.
+func (process *process) Wait() error {
+ return convertProcessError(process.p.Wait(), process)
+}
+
+// WaitTimeout waits for the process to exit or the duration to elapse. It returns
+// false if timeout occurs.
+func (process *process) WaitTimeout(timeout time.Duration) error {
+ process.waitOnce.Do(func() {
+ process.waitCh = make(chan struct{})
+ go func() {
+ process.waitErr = process.Wait()
+ close(process.waitCh)
+ }()
+ })
+ t := time.NewTimer(timeout)
+ defer t.Stop()
+ select {
+ case <-t.C:
+ return &ProcessError{Process: process, Err: ErrTimeout, Operation: "hcsshim::Process::Wait"}
+ case <-process.waitCh:
+ return process.waitErr
+ }
+}
+
+// ExitCode returns the exit code of the process. The process must have
+// already terminated.
+func (process *process) ExitCode() (int, error) {
+ code, err := process.p.ExitCode()
+ if err != nil {
+ err = convertProcessError(err, process)
+ }
+ return code, err
+}
+
+// ResizeConsole resizes the console of the process.
+func (process *process) ResizeConsole(width, height uint16) error {
+ return convertProcessError(process.p.ResizeConsole(context.Background(), width, height), process)
+}
+
+// Stdio returns the stdin, stdout, and stderr pipes, respectively. Closing
+// these pipes does not close the underlying pipes; it should be possible to
+// call this multiple times to get multiple interfaces.
+func (process *process) Stdio() (io.WriteCloser, io.ReadCloser, io.ReadCloser, error) {
+ stdin, stdout, stderr, err := process.p.StdioLegacy()
+ if err != nil {
+ err = convertProcessError(err, process)
+ }
+ return stdin, stdout, stderr, err
+}
+
+// CloseStdin closes the write side of the stdin pipe so that the process is
+// notified on the read side that there is no more data in stdin.
+func (process *process) CloseStdin() error {
+ return convertProcessError(process.p.CloseStdin(context.Background()), process)
+}
+
+// Close cleans up any state associated with the process but does not kill
+// or wait on it.
+func (process *process) Close() error {
+ return convertProcessError(process.p.Close(), process)
+}
diff --git a/vendor/github.com/Microsoft/hcsshim/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/zsyscall_windows.go
new file mode 100644
index 000000000..9b619b6e6
--- /dev/null
+++ b/vendor/github.com/Microsoft/hcsshim/zsyscall_windows.go
@@ -0,0 +1,57 @@
+//go:build windows
+
+// Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
+
+package hcsshim
+
+import (
+ "syscall"
+ "unsafe"
+
+ "golang.org/x/sys/windows"
+)
+
+var _ unsafe.Pointer
+
+// Do the interface allocations only once for common
+// Errno values.
+const (
+ errnoERROR_IO_PENDING = 997
+)
+
+var (
+ errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
+ errERROR_EINVAL error = syscall.EINVAL
+)
+
+// errnoErr returns common boxed Errno values, to prevent
+// allocations at runtime.
+func errnoErr(e syscall.Errno) error {
+ switch e {
+ case 0:
+ return errERROR_EINVAL
+ case errnoERROR_IO_PENDING:
+ return errERROR_IO_PENDING
+ }
+ // TODO: add more here, after collecting data on the common
+ // error values see on Windows. (perhaps when running
+ // all.bat?)
+ return e
+}
+
+var (
+ modiphlpapi = windows.NewLazySystemDLL("iphlpapi.dll")
+
+ procSetCurrentThreadCompartmentId = modiphlpapi.NewProc("SetCurrentThreadCompartmentId")
+)
+
+func SetCurrentThreadCompartmentId(compartmentId uint32) (hr error) {
+ r0, _, _ := syscall.Syscall(procSetCurrentThreadCompartmentId.Addr(), 1, uintptr(compartmentId), 0, 0)
+ if int32(r0) < 0 {
+ if r0&0x1fff0000 == 0x00070000 {
+ r0 &= 0xffff
+ }
+ hr = syscall.Errno(r0)
+ }
+ return
+}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
index 604aeffde..f1f9ba4ec 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/token_provider.go
@@ -2,6 +2,7 @@ package ec2metadata
import (
"fmt"
+ "github.com/aws/aws-sdk-go/aws"
"net/http"
"sync/atomic"
"time"
@@ -65,7 +66,9 @@ func (t *tokenProvider) fetchTokenHandler(r *request.Request) {
switch requestFailureError.StatusCode() {
case http.StatusForbidden, http.StatusNotFound, http.StatusMethodNotAllowed:
atomic.StoreUint32(&t.disabled, 1)
- t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError))
+ if t.client.Config.LogLevel.Matches(aws.LogDebugWithDeprecated) {
+ t.client.Config.Logger.Log(fmt.Sprintf("WARN: failed to get session token, falling back to IMDSv1: %v", requestFailureError))
+ }
case http.StatusBadRequest:
r.Error = requestFailureError
}
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
index fdd6c505c..6bd644944 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
@@ -3450,6 +3450,9 @@ var awsPartition = partition{
endpointKey{
Region: "ap-southeast-3",
}: endpoint{},
+ endpointKey{
+ Region: "ap-southeast-4",
+ }: endpoint{},
endpointKey{
Region: "ca-central-1",
}: endpoint{},
@@ -3477,6 +3480,9 @@ var awsPartition = partition{
endpointKey{
Region: "eu-west-3",
}: endpoint{},
+ endpointKey{
+ Region: "il-central-1",
+ }: endpoint{},
endpointKey{
Region: "me-central-1",
}: endpoint{},
@@ -19307,12 +19313,18 @@ var awsPartition = partition{
},
"m2": service{
Endpoints: serviceEndpoints{
+ endpointKey{
+ Region: "af-south-1",
+ }: endpoint{},
endpointKey{
Region: "ap-northeast-1",
}: endpoint{},
endpointKey{
Region: "ap-northeast-2",
}: endpoint{},
+ endpointKey{
+ Region: "ap-northeast-3",
+ }: endpoint{},
endpointKey{
Region: "ap-south-1",
}: endpoint{},
@@ -19332,6 +19344,12 @@ var awsPartition = partition{
endpointKey{
Region: "eu-central-1",
}: endpoint{},
+ endpointKey{
+ Region: "eu-north-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "eu-south-1",
+ }: endpoint{},
endpointKey{
Region: "eu-west-1",
}: endpoint{},
@@ -21746,6 +21764,14 @@ var awsPartition = partition{
Region: "il-central-1",
},
},
+ endpointKey{
+ Region: "me-central-1",
+ }: endpoint{
+ Hostname: "oidc.me-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-central-1",
+ },
+ },
endpointKey{
Region: "me-south-1",
}: endpoint{
@@ -22881,6 +22907,14 @@ var awsPartition = partition{
Region: "il-central-1",
},
},
+ endpointKey{
+ Region: "me-central-1",
+ }: endpoint{
+ Hostname: "portal.sso.me-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "me-central-1",
+ },
+ },
endpointKey{
Region: "me-south-1",
}: endpoint{
@@ -27572,21 +27606,81 @@ var awsPartition = partition{
endpointKey{
Region: "eu-west-3",
}: endpoint{},
+ endpointKey{
+ Region: "fips-us-east-1",
+ }: endpoint{
+ Hostname: "securitylake-fips.us-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-1",
+ },
+ Deprecated: boxedTrue,
+ },
+ endpointKey{
+ Region: "fips-us-east-2",
+ }: endpoint{
+ Hostname: "securitylake-fips.us-east-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-east-2",
+ },
+ Deprecated: boxedTrue,
+ },
+ endpointKey{
+ Region: "fips-us-west-1",
+ }: endpoint{
+ Hostname: "securitylake-fips.us-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-1",
+ },
+ Deprecated: boxedTrue,
+ },
+ endpointKey{
+ Region: "fips-us-west-2",
+ }: endpoint{
+ Hostname: "securitylake-fips.us-west-2.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-west-2",
+ },
+ Deprecated: boxedTrue,
+ },
endpointKey{
Region: "sa-east-1",
}: endpoint{},
endpointKey{
Region: "us-east-1",
}: endpoint{},
+ endpointKey{
+ Region: "us-east-1",
+ Variant: fipsVariant,
+ }: endpoint{
+ Hostname: "securitylake-fips.us-east-1.amazonaws.com",
+ },
endpointKey{
Region: "us-east-2",
}: endpoint{},
+ endpointKey{
+ Region: "us-east-2",
+ Variant: fipsVariant,
+ }: endpoint{
+ Hostname: "securitylake-fips.us-east-2.amazonaws.com",
+ },
endpointKey{
Region: "us-west-1",
}: endpoint{},
+ endpointKey{
+ Region: "us-west-1",
+ Variant: fipsVariant,
+ }: endpoint{
+ Hostname: "securitylake-fips.us-west-1.amazonaws.com",
+ },
endpointKey{
Region: "us-west-2",
}: endpoint{},
+ endpointKey{
+ Region: "us-west-2",
+ Variant: fipsVariant,
+ }: endpoint{
+ Hostname: "securitylake-fips.us-west-2.amazonaws.com",
+ },
},
},
"serverlessrepo": service{
@@ -30286,6 +30380,9 @@ var awsPartition = partition{
endpointKey{
Region: "il-central-1",
}: endpoint{},
+ endpointKey{
+ Region: "me-central-1",
+ }: endpoint{},
endpointKey{
Region: "me-south-1",
}: endpoint{},
@@ -35413,6 +35510,29 @@ var awscnPartition = partition{
}: endpoint{},
},
},
+ "iottwinmaker": service{
+ Endpoints: serviceEndpoints{
+ endpointKey{
+ Region: "api-cn-north-1",
+ }: endpoint{
+ Hostname: "api.iottwinmaker.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ endpointKey{
+ Region: "cn-north-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "data-cn-north-1",
+ }: endpoint{
+ Hostname: "data.iottwinmaker.cn-north-1.amazonaws.com.cn",
+ CredentialScope: credentialScope{
+ Region: "cn-north-1",
+ },
+ },
+ },
+ },
"kafka": service{
Endpoints: serviceEndpoints{
endpointKey{
@@ -43626,6 +43746,19 @@ var awsisoPartition = partition{
}: endpoint{},
},
},
+ "guardduty": service{
+ IsRegionalized: boxedTrue,
+ Defaults: endpointDefaults{
+ defaultKey{}: endpoint{
+ Protocols: []string{"https"},
+ },
+ },
+ Endpoints: serviceEndpoints{
+ endpointKey{
+ Region: "us-iso-east-1",
+ }: endpoint{},
+ },
+ },
"health": service{
Endpoints: serviceEndpoints{
endpointKey{
diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go
index 60703e5b9..945a8b45e 100644
--- a/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go
@@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
-const SDKVersion = "1.49.13"
+const SDKVersion = "1.50.0"
diff --git a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
index ccc59011d..3ec976ab4 100644
--- a/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
+++ b/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
@@ -35610,6 +35610,10 @@ func (c *EC2) DetachVolumeRequest(input *DetachVolumeInput) (req *request.Reques
// When a volume with an Amazon Web Services Marketplace product code is detached
// from an instance, the product code is no longer associated with the instance.
//
+// You can't detach or force detach volumes that are attached to Amazon ECS
+// or Fargate tasks. Attempting to do this results in the UnsupportedOperationException
+// exception with the Unable to detach volume attached to ECS tasks error message.
+//
// For more information, see Detach an Amazon EBS volume (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html)
// in the Amazon Elastic Compute Cloud User Guide.
//
@@ -91802,10 +91806,9 @@ type DescribeCapacityBlockOfferingsInput struct {
// InstanceType is a required field
InstanceType *string `type:"string" required:"true"`
- // The maximum number of results to return for the request in a single page.
- // The remaining results can be seen by sending another request with the returned
- // nextToken value. This value can be between 5 and 500. If maxResults is given
- // a larger value than 500, you receive an error.
+ // The maximum number of items to return for this request. To get the next page
+ // of items, make another request with the token returned in the output. For
+ // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination).
MaxResults *int64 `min:"1" type:"integer"`
// The token to use to retrieve the next page of results.
@@ -91970,10 +91973,9 @@ type DescribeCapacityReservationFleetsInput struct {
// prioritized is supported.
Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"`
- // The maximum number of results to return for the request in a single page.
- // The remaining results can be seen by sending another request with the returned
- // nextToken value. This value can be between 5 and 500. If maxResults is given
- // a larger value than 500, you receive an error.
+ // The maximum number of items to return for this request. To get the next page
+ // of items, make another request with the token returned in the output. For
+ // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination).
MaxResults *int64 `min:"1" type:"integer"`
// The token to use to retrieve the next page of results.
@@ -92157,10 +92159,9 @@ type DescribeCapacityReservationsInput struct {
// the Capacity Reservation was created.
Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"`
- // The maximum number of results to return for the request in a single page.
- // The remaining results can be seen by sending another request with the returned
- // nextToken value. This value can be between 5 and 500. If maxResults is given
- // a larger value than 500, you receive an error.
+ // The maximum number of items to return for this request. To get the next page
+ // of items, make another request with the token returned in the output. For
+ // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination).
MaxResults *int64 `min:"1" type:"integer"`
// The token to use to retrieve the next page of results.
@@ -117035,6 +117036,9 @@ func (s *EbsInfo) SetNvmeSupport(v string) *EbsInfo {
type EbsInstanceBlockDevice struct {
_ struct{} `type:"structure"`
+ // The ARN of the Amazon ECS or Fargate task to which the volume is attached.
+ AssociatedResource *string `locationName:"associatedResource" type:"string"`
+
// The time stamp when the attachment initiated.
AttachTime *time.Time `locationName:"attachTime" type:"timestamp"`
@@ -117046,6 +117050,12 @@ type EbsInstanceBlockDevice struct {
// The ID of the EBS volume.
VolumeId *string `locationName:"volumeId" type:"string"`
+
+ // The ID of the Amazon Web Services account that owns the volume.
+ //
+ // This parameter is returned only for volumes that are attached to Fargate
+ // tasks.
+ VolumeOwnerId *string `locationName:"volumeOwnerId" type:"string"`
}
// String returns the string representation.
@@ -117066,6 +117076,12 @@ func (s EbsInstanceBlockDevice) GoString() string {
return s.String()
}
+// SetAssociatedResource sets the AssociatedResource field's value.
+func (s *EbsInstanceBlockDevice) SetAssociatedResource(v string) *EbsInstanceBlockDevice {
+ s.AssociatedResource = &v
+ return s
+}
+
// SetAttachTime sets the AttachTime field's value.
func (s *EbsInstanceBlockDevice) SetAttachTime(v time.Time) *EbsInstanceBlockDevice {
s.AttachTime = &v
@@ -117090,6 +117106,12 @@ func (s *EbsInstanceBlockDevice) SetVolumeId(v string) *EbsInstanceBlockDevice {
return s
}
+// SetVolumeOwnerId sets the VolumeOwnerId field's value.
+func (s *EbsInstanceBlockDevice) SetVolumeOwnerId(v string) *EbsInstanceBlockDevice {
+ s.VolumeOwnerId = &v
+ return s
+}
+
// Describes information used to set up an EBS volume specified in a block device
// mapping.
type EbsInstanceBlockDeviceSpecification struct {
@@ -119410,6 +119432,8 @@ type EnableSnapshotBlockPublicAccessInput struct {
// public sharing. However, snapshots that are already publicly shared, remain
// publicly available.
//
+ // unblocked is not a valid value for EnableSnapshotBlockPublicAccess.
+ //
// State is a required field
State *string `type:"string" required:"true" enum:"SnapshotBlockPublicAccessState"`
}
@@ -124312,12 +124336,9 @@ type GetCapacityReservationUsageInput struct {
// it is UnauthorizedOperation.
DryRun *bool `type:"boolean"`
- // The maximum number of results to return for the request in a single page.
- // The remaining results can be seen by sending another request with the returned
- // nextToken value. This value can be between 5 and 500. If maxResults is given
- // a larger value than 500, you receive an error.
- //
- // Valid range: Minimum value of 1. Maximum value of 1000.
+ // The maximum number of items to return for this request. To get the next page
+ // of items, make another request with the token returned in the output. For
+ // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination).
MaxResults *int64 `min:"1" type:"integer"`
// The token to use to retrieve the next page of results.
@@ -125239,10 +125260,9 @@ type GetGroupsForCapacityReservationInput struct {
// it is UnauthorizedOperation.
DryRun *bool `type:"boolean"`
- // The maximum number of results to return for the request in a single page.
- // The remaining results can be seen by sending another request with the returned
- // nextToken value. This value can be between 5 and 500. If maxResults is given
- // a larger value than 500, you receive an error.
+ // The maximum number of items to return for this request. To get the next page
+ // of items, make another request with the token returned in the output. For
+ // more information, see Pagination (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination).
MaxResults *int64 `min:"1" type:"integer"`
// The token to use to retrieve the next page of results.
@@ -128047,8 +128067,6 @@ type GetSpotPlacementScoresInput struct {
TargetCapacity *int64 `min:"1" type:"integer" required:"true"`
// The unit for the target capacity.
- //
- // Default: units (translates to number of instances)
TargetCapacityUnitType *string `type:"string" enum:"TargetCapacityUnitType"`
}
@@ -135206,22 +135224,21 @@ type InstanceMetadataOptionsRequest struct {
// Possible values: Integers from 1 to 64
HttpPutResponseHopLimit *int64 `type:"integer"`
- // IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional
- // (in other words, set the use of IMDSv2 to optional) or required (in other
- // words, set the use of IMDSv2 to required).
+ // Indicates whether IMDSv2 is required.
//
- // * optional - When IMDSv2 is optional, you can choose to retrieve instance
- // metadata with or without a session token in your request. If you retrieve
- // the IAM role credentials without a token, the IMDSv1 role credentials
- // are returned. If you retrieve the IAM role credentials using a valid session
- // token, the IMDSv2 role credentials are returned.
+ // * optional - IMDSv2 is optional. You can choose whether to send a session
+ // token in your instance metadata retrieval requests. If you retrieve IAM
+ // role credentials without a session token, you receive the IMDSv1 role
+ // credentials. If you retrieve IAM role credentials using a valid session
+ // token, you receive the IMDSv2 role credentials.
//
- // * required - When IMDSv2 is required, you must send a session token with
- // any instance metadata retrieval requests. In this state, retrieving the
+ // * required - IMDSv2 is required. You must send a session token in your
+ // instance metadata retrieval requests. With this option, retrieving the
// IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials
// are not available.
//
- // Default: optional
+ // Default: If the value of ImdsSupport for the Amazon Machine Image (AMI) for
+ // your instance is v2.0, the default is required.
HttpTokens *string `type:"string" enum:"HttpTokensState"`
// Set to enabled to allow access to instance tags from the instance metadata.
@@ -135303,22 +135320,18 @@ type InstanceMetadataOptionsResponse struct {
// Possible values: Integers from 1 to 64
HttpPutResponseHopLimit *int64 `locationName:"httpPutResponseHopLimit" type:"integer"`
- // IMDSv2 uses token-backed sessions. Indicates whether the use of HTTP tokens
- // is optional (in other words, indicates whether the use of IMDSv2 is optional)
- // or required (in other words, indicates whether the use of IMDSv2 is required).
+ // Indicates whether IMDSv2 is required.
//
- // * optional - When IMDSv2 is optional, you can choose to retrieve instance
- // metadata with or without a session token in your request. If you retrieve
- // the IAM role credentials without a token, the IMDSv1 role credentials
- // are returned. If you retrieve the IAM role credentials using a valid session
- // token, the IMDSv2 role credentials are returned.
+ // * optional - IMDSv2 is optional. You can choose whether to send a session
+ // token in your instance metadata retrieval requests. If you retrieve IAM
+ // role credentials without a session token, you receive the IMDSv1 role
+ // credentials. If you retrieve IAM role credentials using a valid session
+ // token, you receive the IMDSv2 role credentials.
//
- // * required - When IMDSv2 is required, you must send a session token with
- // any instance metadata retrieval requests. In this state, retrieving the
+ // * required - IMDSv2 is required. You must send a session token in your
+ // instance metadata retrieval requests. With this option, retrieving the
// IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials
// are not available.
- //
- // Default: optional
HttpTokens *string `locationName:"httpTokens" type:"string" enum:"HttpTokensState"`
// Indicates whether access to instance tags from the instance metadata is enabled
@@ -148257,7 +148270,8 @@ type ModifyInstanceAttributeInput struct {
// Modifies the DeleteOnTermination attribute for volumes that are currently
// attached. The volume must be owned by the caller. If no value is specified
// for DeleteOnTermination, the default is true and the volume is deleted when
- // the instance is terminated.
+ // the instance is terminated. You can't modify the DeleteOnTermination attribute
+ // for volumes that are attached to Fargate tasks.
//
// To add instance store volumes to an Amazon EBS-backed instance, you must
// add them when you launch the instance. For more information, see Update the
@@ -149117,22 +149131,21 @@ type ModifyInstanceMetadataOptionsInput struct {
// Possible values: Integers from 1 to 64
HttpPutResponseHopLimit *int64 `type:"integer"`
- // IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional
- // (in other words, set the use of IMDSv2 to optional) or required (in other
- // words, set the use of IMDSv2 to required).
+ // Indicates whether IMDSv2 is required.
//
- // * optional - When IMDSv2 is optional, you can choose to retrieve instance
- // metadata with or without a session token in your request. If you retrieve
- // the IAM role credentials without a token, the IMDSv1 role credentials
- // are returned. If you retrieve the IAM role credentials using a valid session
- // token, the IMDSv2 role credentials are returned.
+ // * optional - IMDSv2 is optional. You can choose whether to send a session
+ // token in your instance metadata retrieval requests. If you retrieve IAM
+ // role credentials without a session token, you receive the IMDSv1 role
+ // credentials. If you retrieve IAM role credentials using a valid session
+ // token, you receive the IMDSv2 role credentials.
//
- // * required - When IMDSv2 is required, you must send a session token with
- // any instance metadata retrieval requests. In this state, retrieving the
+ // * required - IMDSv2 is required. You must send a session token in your
+ // instance metadata retrieval requests. With this option, retrieving the
// IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials
// are not available.
//
- // Default: optional
+ // Default: If the value of ImdsSupport for the Amazon Machine Image (AMI) for
+ // your instance is v2.0, the default is required.
HttpTokens *string `type:"string" enum:"HttpTokensState"`
// The ID of the instance.
@@ -172348,6 +172361,11 @@ type ScheduledInstancesNetworkInterface struct {
// for eth0, and can only be assigned to a new network interface, not an existing
// one. You cannot specify more than one network interface in the request. If
// launching into a default subnet, the default value is true.
+ //
+ // Starting on February 1, 2024, Amazon Web Services will charge for all public
+ // IPv4 addresses, including public IPv4 addresses associated with running instances
+ // and Elastic IP addresses. For more information, see the Public IPv4 Address
+ // tab on the Amazon VPC pricing page (http://aws.amazon.com/vpc/pricing/).
AssociatePublicIpAddress *bool `type:"boolean"`
// Indicates whether to delete the interface when the instance is terminated.
@@ -175740,10 +175758,10 @@ type SpotFleetRequestConfigData struct {
// TargetCapacity is a required field
TargetCapacity *int64 `locationName:"targetCapacity" type:"integer" required:"true"`
- // The unit for the target capacity. TargetCapacityUnitType can only be specified
- // when InstanceRequirements is specified.
+ // The unit for the target capacity. You can specify this parameter only when
+ // using attribute-based instance type selection.
//
- // Default: units (translates to number of instances)
+ // Default: units (the number of instances)
TargetCapacityUnitType *string `locationName:"targetCapacityUnitType" type:"string" enum:"TargetCapacityUnitType"`
// Indicates whether running Spot Instances are terminated when the Spot Fleet
@@ -177618,8 +177636,8 @@ type StateReason struct {
// the Spot price exceeded available capacity or because of an increase in
// the Spot price.
//
- // * Client.InstanceInitiatedShutdown: The instance was shut down using the
- // shutdown -h command from the instance.
+ // * Client.InstanceInitiatedShutdown: The instance was shut down from the
+ // operating system of the instance.
//
// * Client.InstanceTerminated: The instance was terminated or rebooted during
// AMI creation.
@@ -178755,7 +178773,7 @@ func (s *TagSpecification) SetTags(v []*Tag) *TagSpecification {
type TargetCapacitySpecification struct {
_ struct{} `type:"structure"`
- // The default TotalTargetCapacity, which is either Spot or On-Demand.
+ // The default target capacity type.
DefaultTargetCapacityType *string `locationName:"defaultTargetCapacityType" type:"string" enum:"DefaultTargetCapacityType"`
// The number of On-Demand units to request. If you specify a target capacity
@@ -178766,13 +178784,10 @@ type TargetCapacitySpecification struct {
// for On-Demand units, you cannot specify a target capacity for Spot units.
SpotTargetCapacity *int64 `locationName:"spotTargetCapacity" type:"integer"`
- // The unit for the target capacity. TargetCapacityUnitType can only be specified
- // when InstanceRequirements is specified.
- //
- // Default: units (translates to number of instances)
+ // The unit for the target capacity.
TargetCapacityUnitType *string `locationName:"targetCapacityUnitType" type:"string" enum:"TargetCapacityUnitType"`
- // The number of units to request, filled using DefaultTargetCapacityType.
+ // The number of units to request, filled the default target capacity type.
TotalTargetCapacity *int64 `locationName:"totalTargetCapacity" type:"integer"`
}
@@ -178836,13 +178851,13 @@ func (s *TargetCapacitySpecification) SetTotalTargetCapacity(v int64) *TargetCap
// On-Demand Instances and Spot Instances in your request, EC2 Fleet will launch
// instances until it reaches the maximum amount that you're willing to pay.
// When the maximum amount you're willing to pay is reached, the fleet stops
-// launching instances even if it hasn’t met the target capacity. The MaxTotalPrice
+// launching instances even if it hasn't met the target capacity. The MaxTotalPrice
// parameters are located in OnDemandOptionsRequest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_OnDemandOptionsRequest)
// and SpotOptionsRequest (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_SpotOptionsRequest).
type TargetCapacitySpecificationRequest struct {
_ struct{} `type:"structure"`
- // The default TotalTargetCapacity, which is either Spot or On-Demand.
+ // The default target capacity type.
DefaultTargetCapacityType *string `type:"string" enum:"DefaultTargetCapacityType"`
// The number of On-Demand units to request.
@@ -178851,13 +178866,14 @@ type TargetCapacitySpecificationRequest struct {
// The number of Spot units to request.
SpotTargetCapacity *int64 `type:"integer"`
- // The unit for the target capacity. TargetCapacityUnitType can only be specified
- // when InstanceRequirements is specified.
+ // The unit for the target capacity. You can specify this parameter only when
+ // using attributed-based instance type selection.
//
- // Default: units (translates to number of instances)
+ // Default: units (the number of instances)
TargetCapacityUnitType *string `type:"string" enum:"TargetCapacityUnitType"`
- // The number of units to request, filled using DefaultTargetCapacityType.
+ // The number of units to request, filled using the default target capacity
+ // type.
//
// TotalTargetCapacity is a required field
TotalTargetCapacity *int64 `type:"integer" required:"true"`
@@ -186470,6 +186486,9 @@ func (s *Volume) SetVolumeType(v string) *Volume {
type VolumeAttachment struct {
_ struct{} `type:"structure"`
+ // The ARN of the Amazon ECS or Fargate task to which the volume is attached.
+ AssociatedResource *string `locationName:"associatedResource" type:"string"`
+
// The time stamp when the attachment initiated.
AttachTime *time.Time `locationName:"attachTime" type:"timestamp"`
@@ -186477,11 +186496,22 @@ type VolumeAttachment struct {
DeleteOnTermination *bool `locationName:"deleteOnTermination" type:"boolean"`
// The device name.
+ //
+ // If the volume is attached to a Fargate task, this parameter returns null.
Device *string `locationName:"device" type:"string"`
// The ID of the instance.
+ //
+ // If the volume is attached to a Fargate task, this parameter returns null.
InstanceId *string `locationName:"instanceId" type:"string"`
+ // The service principal of Amazon Web Services service that owns the underlying
+ // instance to which the volume is attached.
+ //
+ // This parameter is returned only for volumes that are attached to Fargate
+ // tasks.
+ InstanceOwningService *string `locationName:"instanceOwningService" type:"string"`
+
// The attachment state of the volume.
State *string `locationName:"status" type:"string" enum:"VolumeAttachmentState"`
@@ -186507,6 +186537,12 @@ func (s VolumeAttachment) GoString() string {
return s.String()
}
+// SetAssociatedResource sets the AssociatedResource field's value.
+func (s *VolumeAttachment) SetAssociatedResource(v string) *VolumeAttachment {
+ s.AssociatedResource = &v
+ return s
+}
+
// SetAttachTime sets the AttachTime field's value.
func (s *VolumeAttachment) SetAttachTime(v time.Time) *VolumeAttachment {
s.AttachTime = &v
@@ -186531,6 +186567,12 @@ func (s *VolumeAttachment) SetInstanceId(v string) *VolumeAttachment {
return s
}
+// SetInstanceOwningService sets the InstanceOwningService field's value.
+func (s *VolumeAttachment) SetInstanceOwningService(v string) *VolumeAttachment {
+ s.InstanceOwningService = &v
+ return s
+}
+
// SetState sets the State field's value.
func (s *VolumeAttachment) SetState(v string) *VolumeAttachment {
s.State = &v
@@ -194445,6 +194487,12 @@ const (
// InstanceTypeR7iMetal48xl is a InstanceType enum value
InstanceTypeR7iMetal48xl = "r7i.metal-48xl"
+
+ // InstanceTypeR7izMetal16xl is a InstanceType enum value
+ InstanceTypeR7izMetal16xl = "r7iz.metal-16xl"
+
+ // InstanceTypeR7izMetal32xl is a InstanceType enum value
+ InstanceTypeR7izMetal32xl = "r7iz.metal-32xl"
)
// InstanceType_Values returns all elements of the InstanceType enum
@@ -195231,6 +195279,8 @@ func InstanceType_Values() []string {
InstanceTypeM7iMetal48xl,
InstanceTypeR7iMetal24xl,
InstanceTypeR7iMetal48xl,
+ InstanceTypeR7izMetal16xl,
+ InstanceTypeR7izMetal32xl,
}
}
diff --git a/vendor/github.com/containerd/cgroups/v3/LICENSE b/vendor/github.com/containerd/cgroups/v3/LICENSE
new file mode 100644
index 000000000..261eeb9e9
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v3/LICENSE
@@ -0,0 +1,201 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/doc.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/doc.go
new file mode 100644
index 000000000..e51e12f80
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/doc.go
@@ -0,0 +1,17 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package stats
diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.go b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.go
new file mode 100644
index 000000000..75206889b
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.go
@@ -0,0 +1,1959 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// protoc-gen-go v1.28.1
+// protoc v3.21.5
+// source: github.com/containerd/cgroups/cgroup1/stats/metrics.proto
+
+package stats
+
+import (
+ protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+ protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+ reflect "reflect"
+ sync "sync"
+)
+
+const (
+ // Verify that this generated code is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+ // Verify that runtime/protoimpl is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type Metrics struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Hugetlb []*HugetlbStat `protobuf:"bytes,1,rep,name=hugetlb,proto3" json:"hugetlb,omitempty"`
+ Pids *PidsStat `protobuf:"bytes,2,opt,name=pids,proto3" json:"pids,omitempty"`
+ CPU *CPUStat `protobuf:"bytes,3,opt,name=cpu,proto3" json:"cpu,omitempty"`
+ Memory *MemoryStat `protobuf:"bytes,4,opt,name=memory,proto3" json:"memory,omitempty"`
+ Blkio *BlkIOStat `protobuf:"bytes,5,opt,name=blkio,proto3" json:"blkio,omitempty"`
+ Rdma *RdmaStat `protobuf:"bytes,6,opt,name=rdma,proto3" json:"rdma,omitempty"`
+ Network []*NetworkStat `protobuf:"bytes,7,rep,name=network,proto3" json:"network,omitempty"`
+ CgroupStats *CgroupStats `protobuf:"bytes,8,opt,name=cgroup_stats,json=cgroupStats,proto3" json:"cgroup_stats,omitempty"`
+ MemoryOomControl *MemoryOomControl `protobuf:"bytes,9,opt,name=memory_oom_control,json=memoryOomControl,proto3" json:"memory_oom_control,omitempty"`
+}
+
+func (x *Metrics) Reset() {
+ *x = Metrics{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[0]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *Metrics) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Metrics) ProtoMessage() {}
+
+func (x *Metrics) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[0]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use Metrics.ProtoReflect.Descriptor instead.
+func (*Metrics) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Metrics) GetHugetlb() []*HugetlbStat {
+ if x != nil {
+ return x.Hugetlb
+ }
+ return nil
+}
+
+func (x *Metrics) GetPids() *PidsStat {
+ if x != nil {
+ return x.Pids
+ }
+ return nil
+}
+
+func (x *Metrics) GetCPU() *CPUStat {
+ if x != nil {
+ return x.CPU
+ }
+ return nil
+}
+
+func (x *Metrics) GetMemory() *MemoryStat {
+ if x != nil {
+ return x.Memory
+ }
+ return nil
+}
+
+func (x *Metrics) GetBlkio() *BlkIOStat {
+ if x != nil {
+ return x.Blkio
+ }
+ return nil
+}
+
+func (x *Metrics) GetRdma() *RdmaStat {
+ if x != nil {
+ return x.Rdma
+ }
+ return nil
+}
+
+func (x *Metrics) GetNetwork() []*NetworkStat {
+ if x != nil {
+ return x.Network
+ }
+ return nil
+}
+
+func (x *Metrics) GetCgroupStats() *CgroupStats {
+ if x != nil {
+ return x.CgroupStats
+ }
+ return nil
+}
+
+func (x *Metrics) GetMemoryOomControl() *MemoryOomControl {
+ if x != nil {
+ return x.MemoryOomControl
+ }
+ return nil
+}
+
+type HugetlbStat struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Usage uint64 `protobuf:"varint,1,opt,name=usage,proto3" json:"usage,omitempty"`
+ Max uint64 `protobuf:"varint,2,opt,name=max,proto3" json:"max,omitempty"`
+ Failcnt uint64 `protobuf:"varint,3,opt,name=failcnt,proto3" json:"failcnt,omitempty"`
+ Pagesize string `protobuf:"bytes,4,opt,name=pagesize,proto3" json:"pagesize,omitempty"`
+}
+
+func (x *HugetlbStat) Reset() {
+ *x = HugetlbStat{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[1]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *HugetlbStat) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*HugetlbStat) ProtoMessage() {}
+
+func (x *HugetlbStat) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[1]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use HugetlbStat.ProtoReflect.Descriptor instead.
+func (*HugetlbStat) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *HugetlbStat) GetUsage() uint64 {
+ if x != nil {
+ return x.Usage
+ }
+ return 0
+}
+
+func (x *HugetlbStat) GetMax() uint64 {
+ if x != nil {
+ return x.Max
+ }
+ return 0
+}
+
+func (x *HugetlbStat) GetFailcnt() uint64 {
+ if x != nil {
+ return x.Failcnt
+ }
+ return 0
+}
+
+func (x *HugetlbStat) GetPagesize() string {
+ if x != nil {
+ return x.Pagesize
+ }
+ return ""
+}
+
+type PidsStat struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Current uint64 `protobuf:"varint,1,opt,name=current,proto3" json:"current,omitempty"`
+ Limit uint64 `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"`
+}
+
+func (x *PidsStat) Reset() {
+ *x = PidsStat{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[2]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *PidsStat) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PidsStat) ProtoMessage() {}
+
+func (x *PidsStat) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[2]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use PidsStat.ProtoReflect.Descriptor instead.
+func (*PidsStat) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *PidsStat) GetCurrent() uint64 {
+ if x != nil {
+ return x.Current
+ }
+ return 0
+}
+
+func (x *PidsStat) GetLimit() uint64 {
+ if x != nil {
+ return x.Limit
+ }
+ return 0
+}
+
+type CPUStat struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Usage *CPUUsage `protobuf:"bytes,1,opt,name=usage,proto3" json:"usage,omitempty"`
+ Throttling *Throttle `protobuf:"bytes,2,opt,name=throttling,proto3" json:"throttling,omitempty"`
+}
+
+func (x *CPUStat) Reset() {
+ *x = CPUStat{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[3]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *CPUStat) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CPUStat) ProtoMessage() {}
+
+func (x *CPUStat) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[3]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use CPUStat.ProtoReflect.Descriptor instead.
+func (*CPUStat) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *CPUStat) GetUsage() *CPUUsage {
+ if x != nil {
+ return x.Usage
+ }
+ return nil
+}
+
+func (x *CPUStat) GetThrottling() *Throttle {
+ if x != nil {
+ return x.Throttling
+ }
+ return nil
+}
+
+type CPUUsage struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // values in nanoseconds
+ Total uint64 `protobuf:"varint,1,opt,name=total,proto3" json:"total,omitempty"`
+ Kernel uint64 `protobuf:"varint,2,opt,name=kernel,proto3" json:"kernel,omitempty"`
+ User uint64 `protobuf:"varint,3,opt,name=user,proto3" json:"user,omitempty"`
+ PerCPU []uint64 `protobuf:"varint,4,rep,packed,name=per_cpu,json=perCpu,proto3" json:"per_cpu,omitempty"`
+}
+
+func (x *CPUUsage) Reset() {
+ *x = CPUUsage{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[4]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *CPUUsage) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CPUUsage) ProtoMessage() {}
+
+func (x *CPUUsage) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[4]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use CPUUsage.ProtoReflect.Descriptor instead.
+func (*CPUUsage) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *CPUUsage) GetTotal() uint64 {
+ if x != nil {
+ return x.Total
+ }
+ return 0
+}
+
+func (x *CPUUsage) GetKernel() uint64 {
+ if x != nil {
+ return x.Kernel
+ }
+ return 0
+}
+
+func (x *CPUUsage) GetUser() uint64 {
+ if x != nil {
+ return x.User
+ }
+ return 0
+}
+
+func (x *CPUUsage) GetPerCPU() []uint64 {
+ if x != nil {
+ return x.PerCPU
+ }
+ return nil
+}
+
+type Throttle struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Periods uint64 `protobuf:"varint,1,opt,name=periods,proto3" json:"periods,omitempty"`
+ ThrottledPeriods uint64 `protobuf:"varint,2,opt,name=throttled_periods,json=throttledPeriods,proto3" json:"throttled_periods,omitempty"`
+ ThrottledTime uint64 `protobuf:"varint,3,opt,name=throttled_time,json=throttledTime,proto3" json:"throttled_time,omitempty"`
+}
+
+func (x *Throttle) Reset() {
+ *x = Throttle{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[5]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *Throttle) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Throttle) ProtoMessage() {}
+
+func (x *Throttle) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[5]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use Throttle.ProtoReflect.Descriptor instead.
+func (*Throttle) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *Throttle) GetPeriods() uint64 {
+ if x != nil {
+ return x.Periods
+ }
+ return 0
+}
+
+func (x *Throttle) GetThrottledPeriods() uint64 {
+ if x != nil {
+ return x.ThrottledPeriods
+ }
+ return 0
+}
+
+func (x *Throttle) GetThrottledTime() uint64 {
+ if x != nil {
+ return x.ThrottledTime
+ }
+ return 0
+}
+
+type MemoryStat struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Cache uint64 `protobuf:"varint,1,opt,name=cache,proto3" json:"cache,omitempty"`
+ RSS uint64 `protobuf:"varint,2,opt,name=rss,proto3" json:"rss,omitempty"`
+ RSSHuge uint64 `protobuf:"varint,3,opt,name=rss_huge,json=rssHuge,proto3" json:"rss_huge,omitempty"`
+ MappedFile uint64 `protobuf:"varint,4,opt,name=mapped_file,json=mappedFile,proto3" json:"mapped_file,omitempty"`
+ Dirty uint64 `protobuf:"varint,5,opt,name=dirty,proto3" json:"dirty,omitempty"`
+ Writeback uint64 `protobuf:"varint,6,opt,name=writeback,proto3" json:"writeback,omitempty"`
+ PgPgIn uint64 `protobuf:"varint,7,opt,name=pg_pg_in,json=pgPgIn,proto3" json:"pg_pg_in,omitempty"`
+ PgPgOut uint64 `protobuf:"varint,8,opt,name=pg_pg_out,json=pgPgOut,proto3" json:"pg_pg_out,omitempty"`
+ PgFault uint64 `protobuf:"varint,9,opt,name=pg_fault,json=pgFault,proto3" json:"pg_fault,omitempty"`
+ PgMajFault uint64 `protobuf:"varint,10,opt,name=pg_maj_fault,json=pgMajFault,proto3" json:"pg_maj_fault,omitempty"`
+ InactiveAnon uint64 `protobuf:"varint,11,opt,name=inactive_anon,json=inactiveAnon,proto3" json:"inactive_anon,omitempty"`
+ ActiveAnon uint64 `protobuf:"varint,12,opt,name=active_anon,json=activeAnon,proto3" json:"active_anon,omitempty"`
+ InactiveFile uint64 `protobuf:"varint,13,opt,name=inactive_file,json=inactiveFile,proto3" json:"inactive_file,omitempty"`
+ ActiveFile uint64 `protobuf:"varint,14,opt,name=active_file,json=activeFile,proto3" json:"active_file,omitempty"`
+ Unevictable uint64 `protobuf:"varint,15,opt,name=unevictable,proto3" json:"unevictable,omitempty"`
+ HierarchicalMemoryLimit uint64 `protobuf:"varint,16,opt,name=hierarchical_memory_limit,json=hierarchicalMemoryLimit,proto3" json:"hierarchical_memory_limit,omitempty"`
+ HierarchicalSwapLimit uint64 `protobuf:"varint,17,opt,name=hierarchical_swap_limit,json=hierarchicalSwapLimit,proto3" json:"hierarchical_swap_limit,omitempty"`
+ TotalCache uint64 `protobuf:"varint,18,opt,name=total_cache,json=totalCache,proto3" json:"total_cache,omitempty"`
+ TotalRSS uint64 `protobuf:"varint,19,opt,name=total_rss,json=totalRss,proto3" json:"total_rss,omitempty"`
+ TotalRSSHuge uint64 `protobuf:"varint,20,opt,name=total_rss_huge,json=totalRssHuge,proto3" json:"total_rss_huge,omitempty"`
+ TotalMappedFile uint64 `protobuf:"varint,21,opt,name=total_mapped_file,json=totalMappedFile,proto3" json:"total_mapped_file,omitempty"`
+ TotalDirty uint64 `protobuf:"varint,22,opt,name=total_dirty,json=totalDirty,proto3" json:"total_dirty,omitempty"`
+ TotalWriteback uint64 `protobuf:"varint,23,opt,name=total_writeback,json=totalWriteback,proto3" json:"total_writeback,omitempty"`
+ TotalPgPgIn uint64 `protobuf:"varint,24,opt,name=total_pg_pg_in,json=totalPgPgIn,proto3" json:"total_pg_pg_in,omitempty"`
+ TotalPgPgOut uint64 `protobuf:"varint,25,opt,name=total_pg_pg_out,json=totalPgPgOut,proto3" json:"total_pg_pg_out,omitempty"`
+ TotalPgFault uint64 `protobuf:"varint,26,opt,name=total_pg_fault,json=totalPgFault,proto3" json:"total_pg_fault,omitempty"`
+ TotalPgMajFault uint64 `protobuf:"varint,27,opt,name=total_pg_maj_fault,json=totalPgMajFault,proto3" json:"total_pg_maj_fault,omitempty"`
+ TotalInactiveAnon uint64 `protobuf:"varint,28,opt,name=total_inactive_anon,json=totalInactiveAnon,proto3" json:"total_inactive_anon,omitempty"`
+ TotalActiveAnon uint64 `protobuf:"varint,29,opt,name=total_active_anon,json=totalActiveAnon,proto3" json:"total_active_anon,omitempty"`
+ TotalInactiveFile uint64 `protobuf:"varint,30,opt,name=total_inactive_file,json=totalInactiveFile,proto3" json:"total_inactive_file,omitempty"`
+ TotalActiveFile uint64 `protobuf:"varint,31,opt,name=total_active_file,json=totalActiveFile,proto3" json:"total_active_file,omitempty"`
+ TotalUnevictable uint64 `protobuf:"varint,32,opt,name=total_unevictable,json=totalUnevictable,proto3" json:"total_unevictable,omitempty"`
+ Usage *MemoryEntry `protobuf:"bytes,33,opt,name=usage,proto3" json:"usage,omitempty"`
+ Swap *MemoryEntry `protobuf:"bytes,34,opt,name=swap,proto3" json:"swap,omitempty"`
+ Kernel *MemoryEntry `protobuf:"bytes,35,opt,name=kernel,proto3" json:"kernel,omitempty"`
+ KernelTCP *MemoryEntry `protobuf:"bytes,36,opt,name=kernel_tcp,json=kernelTcp,proto3" json:"kernel_tcp,omitempty"`
+}
+
+func (x *MemoryStat) Reset() {
+ *x = MemoryStat{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[6]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *MemoryStat) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MemoryStat) ProtoMessage() {}
+
+func (x *MemoryStat) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[6]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use MemoryStat.ProtoReflect.Descriptor instead.
+func (*MemoryStat) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *MemoryStat) GetCache() uint64 {
+ if x != nil {
+ return x.Cache
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetRSS() uint64 {
+ if x != nil {
+ return x.RSS
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetRSSHuge() uint64 {
+ if x != nil {
+ return x.RSSHuge
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetMappedFile() uint64 {
+ if x != nil {
+ return x.MappedFile
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetDirty() uint64 {
+ if x != nil {
+ return x.Dirty
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetWriteback() uint64 {
+ if x != nil {
+ return x.Writeback
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetPgPgIn() uint64 {
+ if x != nil {
+ return x.PgPgIn
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetPgPgOut() uint64 {
+ if x != nil {
+ return x.PgPgOut
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetPgFault() uint64 {
+ if x != nil {
+ return x.PgFault
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetPgMajFault() uint64 {
+ if x != nil {
+ return x.PgMajFault
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetInactiveAnon() uint64 {
+ if x != nil {
+ return x.InactiveAnon
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetActiveAnon() uint64 {
+ if x != nil {
+ return x.ActiveAnon
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetInactiveFile() uint64 {
+ if x != nil {
+ return x.InactiveFile
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetActiveFile() uint64 {
+ if x != nil {
+ return x.ActiveFile
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetUnevictable() uint64 {
+ if x != nil {
+ return x.Unevictable
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetHierarchicalMemoryLimit() uint64 {
+ if x != nil {
+ return x.HierarchicalMemoryLimit
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetHierarchicalSwapLimit() uint64 {
+ if x != nil {
+ return x.HierarchicalSwapLimit
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalCache() uint64 {
+ if x != nil {
+ return x.TotalCache
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalRSS() uint64 {
+ if x != nil {
+ return x.TotalRSS
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalRSSHuge() uint64 {
+ if x != nil {
+ return x.TotalRSSHuge
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalMappedFile() uint64 {
+ if x != nil {
+ return x.TotalMappedFile
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalDirty() uint64 {
+ if x != nil {
+ return x.TotalDirty
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalWriteback() uint64 {
+ if x != nil {
+ return x.TotalWriteback
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalPgPgIn() uint64 {
+ if x != nil {
+ return x.TotalPgPgIn
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalPgPgOut() uint64 {
+ if x != nil {
+ return x.TotalPgPgOut
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalPgFault() uint64 {
+ if x != nil {
+ return x.TotalPgFault
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalPgMajFault() uint64 {
+ if x != nil {
+ return x.TotalPgMajFault
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalInactiveAnon() uint64 {
+ if x != nil {
+ return x.TotalInactiveAnon
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalActiveAnon() uint64 {
+ if x != nil {
+ return x.TotalActiveAnon
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalInactiveFile() uint64 {
+ if x != nil {
+ return x.TotalInactiveFile
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalActiveFile() uint64 {
+ if x != nil {
+ return x.TotalActiveFile
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetTotalUnevictable() uint64 {
+ if x != nil {
+ return x.TotalUnevictable
+ }
+ return 0
+}
+
+func (x *MemoryStat) GetUsage() *MemoryEntry {
+ if x != nil {
+ return x.Usage
+ }
+ return nil
+}
+
+func (x *MemoryStat) GetSwap() *MemoryEntry {
+ if x != nil {
+ return x.Swap
+ }
+ return nil
+}
+
+func (x *MemoryStat) GetKernel() *MemoryEntry {
+ if x != nil {
+ return x.Kernel
+ }
+ return nil
+}
+
+func (x *MemoryStat) GetKernelTCP() *MemoryEntry {
+ if x != nil {
+ return x.KernelTCP
+ }
+ return nil
+}
+
+type MemoryEntry struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Limit uint64 `protobuf:"varint,1,opt,name=limit,proto3" json:"limit,omitempty"`
+ Usage uint64 `protobuf:"varint,2,opt,name=usage,proto3" json:"usage,omitempty"`
+ Max uint64 `protobuf:"varint,3,opt,name=max,proto3" json:"max,omitempty"`
+ Failcnt uint64 `protobuf:"varint,4,opt,name=failcnt,proto3" json:"failcnt,omitempty"`
+}
+
+func (x *MemoryEntry) Reset() {
+ *x = MemoryEntry{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[7]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *MemoryEntry) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MemoryEntry) ProtoMessage() {}
+
+func (x *MemoryEntry) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[7]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use MemoryEntry.ProtoReflect.Descriptor instead.
+func (*MemoryEntry) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *MemoryEntry) GetLimit() uint64 {
+ if x != nil {
+ return x.Limit
+ }
+ return 0
+}
+
+func (x *MemoryEntry) GetUsage() uint64 {
+ if x != nil {
+ return x.Usage
+ }
+ return 0
+}
+
+func (x *MemoryEntry) GetMax() uint64 {
+ if x != nil {
+ return x.Max
+ }
+ return 0
+}
+
+func (x *MemoryEntry) GetFailcnt() uint64 {
+ if x != nil {
+ return x.Failcnt
+ }
+ return 0
+}
+
+type MemoryOomControl struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ OomKillDisable uint64 `protobuf:"varint,1,opt,name=oom_kill_disable,json=oomKillDisable,proto3" json:"oom_kill_disable,omitempty"`
+ UnderOom uint64 `protobuf:"varint,2,opt,name=under_oom,json=underOom,proto3" json:"under_oom,omitempty"`
+ OomKill uint64 `protobuf:"varint,3,opt,name=oom_kill,json=oomKill,proto3" json:"oom_kill,omitempty"`
+}
+
+func (x *MemoryOomControl) Reset() {
+ *x = MemoryOomControl{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[8]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *MemoryOomControl) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MemoryOomControl) ProtoMessage() {}
+
+func (x *MemoryOomControl) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[8]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use MemoryOomControl.ProtoReflect.Descriptor instead.
+func (*MemoryOomControl) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *MemoryOomControl) GetOomKillDisable() uint64 {
+ if x != nil {
+ return x.OomKillDisable
+ }
+ return 0
+}
+
+func (x *MemoryOomControl) GetUnderOom() uint64 {
+ if x != nil {
+ return x.UnderOom
+ }
+ return 0
+}
+
+func (x *MemoryOomControl) GetOomKill() uint64 {
+ if x != nil {
+ return x.OomKill
+ }
+ return 0
+}
+
+type BlkIOStat struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ IoServiceBytesRecursive []*BlkIOEntry `protobuf:"bytes,1,rep,name=io_service_bytes_recursive,json=ioServiceBytesRecursive,proto3" json:"io_service_bytes_recursive,omitempty"`
+ IoServicedRecursive []*BlkIOEntry `protobuf:"bytes,2,rep,name=io_serviced_recursive,json=ioServicedRecursive,proto3" json:"io_serviced_recursive,omitempty"`
+ IoQueuedRecursive []*BlkIOEntry `protobuf:"bytes,3,rep,name=io_queued_recursive,json=ioQueuedRecursive,proto3" json:"io_queued_recursive,omitempty"`
+ IoServiceTimeRecursive []*BlkIOEntry `protobuf:"bytes,4,rep,name=io_service_time_recursive,json=ioServiceTimeRecursive,proto3" json:"io_service_time_recursive,omitempty"`
+ IoWaitTimeRecursive []*BlkIOEntry `protobuf:"bytes,5,rep,name=io_wait_time_recursive,json=ioWaitTimeRecursive,proto3" json:"io_wait_time_recursive,omitempty"`
+ IoMergedRecursive []*BlkIOEntry `protobuf:"bytes,6,rep,name=io_merged_recursive,json=ioMergedRecursive,proto3" json:"io_merged_recursive,omitempty"`
+ IoTimeRecursive []*BlkIOEntry `protobuf:"bytes,7,rep,name=io_time_recursive,json=ioTimeRecursive,proto3" json:"io_time_recursive,omitempty"`
+ SectorsRecursive []*BlkIOEntry `protobuf:"bytes,8,rep,name=sectors_recursive,json=sectorsRecursive,proto3" json:"sectors_recursive,omitempty"`
+}
+
+func (x *BlkIOStat) Reset() {
+ *x = BlkIOStat{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[9]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *BlkIOStat) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BlkIOStat) ProtoMessage() {}
+
+func (x *BlkIOStat) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[9]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use BlkIOStat.ProtoReflect.Descriptor instead.
+func (*BlkIOStat) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *BlkIOStat) GetIoServiceBytesRecursive() []*BlkIOEntry {
+ if x != nil {
+ return x.IoServiceBytesRecursive
+ }
+ return nil
+}
+
+func (x *BlkIOStat) GetIoServicedRecursive() []*BlkIOEntry {
+ if x != nil {
+ return x.IoServicedRecursive
+ }
+ return nil
+}
+
+func (x *BlkIOStat) GetIoQueuedRecursive() []*BlkIOEntry {
+ if x != nil {
+ return x.IoQueuedRecursive
+ }
+ return nil
+}
+
+func (x *BlkIOStat) GetIoServiceTimeRecursive() []*BlkIOEntry {
+ if x != nil {
+ return x.IoServiceTimeRecursive
+ }
+ return nil
+}
+
+func (x *BlkIOStat) GetIoWaitTimeRecursive() []*BlkIOEntry {
+ if x != nil {
+ return x.IoWaitTimeRecursive
+ }
+ return nil
+}
+
+func (x *BlkIOStat) GetIoMergedRecursive() []*BlkIOEntry {
+ if x != nil {
+ return x.IoMergedRecursive
+ }
+ return nil
+}
+
+func (x *BlkIOStat) GetIoTimeRecursive() []*BlkIOEntry {
+ if x != nil {
+ return x.IoTimeRecursive
+ }
+ return nil
+}
+
+func (x *BlkIOStat) GetSectorsRecursive() []*BlkIOEntry {
+ if x != nil {
+ return x.SectorsRecursive
+ }
+ return nil
+}
+
+type BlkIOEntry struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Op string `protobuf:"bytes,1,opt,name=op,proto3" json:"op,omitempty"`
+ Device string `protobuf:"bytes,2,opt,name=device,proto3" json:"device,omitempty"`
+ Major uint64 `protobuf:"varint,3,opt,name=major,proto3" json:"major,omitempty"`
+ Minor uint64 `protobuf:"varint,4,opt,name=minor,proto3" json:"minor,omitempty"`
+ Value uint64 `protobuf:"varint,5,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *BlkIOEntry) Reset() {
+ *x = BlkIOEntry{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[10]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *BlkIOEntry) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BlkIOEntry) ProtoMessage() {}
+
+func (x *BlkIOEntry) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[10]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use BlkIOEntry.ProtoReflect.Descriptor instead.
+func (*BlkIOEntry) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *BlkIOEntry) GetOp() string {
+ if x != nil {
+ return x.Op
+ }
+ return ""
+}
+
+func (x *BlkIOEntry) GetDevice() string {
+ if x != nil {
+ return x.Device
+ }
+ return ""
+}
+
+func (x *BlkIOEntry) GetMajor() uint64 {
+ if x != nil {
+ return x.Major
+ }
+ return 0
+}
+
+func (x *BlkIOEntry) GetMinor() uint64 {
+ if x != nil {
+ return x.Minor
+ }
+ return 0
+}
+
+func (x *BlkIOEntry) GetValue() uint64 {
+ if x != nil {
+ return x.Value
+ }
+ return 0
+}
+
+type RdmaStat struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Current []*RdmaEntry `protobuf:"bytes,1,rep,name=current,proto3" json:"current,omitempty"`
+ Limit []*RdmaEntry `protobuf:"bytes,2,rep,name=limit,proto3" json:"limit,omitempty"`
+}
+
+func (x *RdmaStat) Reset() {
+ *x = RdmaStat{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[11]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *RdmaStat) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RdmaStat) ProtoMessage() {}
+
+func (x *RdmaStat) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[11]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use RdmaStat.ProtoReflect.Descriptor instead.
+func (*RdmaStat) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *RdmaStat) GetCurrent() []*RdmaEntry {
+ if x != nil {
+ return x.Current
+ }
+ return nil
+}
+
+func (x *RdmaStat) GetLimit() []*RdmaEntry {
+ if x != nil {
+ return x.Limit
+ }
+ return nil
+}
+
+type RdmaEntry struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Device string `protobuf:"bytes,1,opt,name=device,proto3" json:"device,omitempty"`
+ HcaHandles uint32 `protobuf:"varint,2,opt,name=hca_handles,json=hcaHandles,proto3" json:"hca_handles,omitempty"`
+ HcaObjects uint32 `protobuf:"varint,3,opt,name=hca_objects,json=hcaObjects,proto3" json:"hca_objects,omitempty"`
+}
+
+func (x *RdmaEntry) Reset() {
+ *x = RdmaEntry{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[12]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *RdmaEntry) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RdmaEntry) ProtoMessage() {}
+
+func (x *RdmaEntry) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[12]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use RdmaEntry.ProtoReflect.Descriptor instead.
+func (*RdmaEntry) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *RdmaEntry) GetDevice() string {
+ if x != nil {
+ return x.Device
+ }
+ return ""
+}
+
+func (x *RdmaEntry) GetHcaHandles() uint32 {
+ if x != nil {
+ return x.HcaHandles
+ }
+ return 0
+}
+
+func (x *RdmaEntry) GetHcaObjects() uint32 {
+ if x != nil {
+ return x.HcaObjects
+ }
+ return 0
+}
+
+type NetworkStat struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+ RxBytes uint64 `protobuf:"varint,2,opt,name=rx_bytes,json=rxBytes,proto3" json:"rx_bytes,omitempty"`
+ RxPackets uint64 `protobuf:"varint,3,opt,name=rx_packets,json=rxPackets,proto3" json:"rx_packets,omitempty"`
+ RxErrors uint64 `protobuf:"varint,4,opt,name=rx_errors,json=rxErrors,proto3" json:"rx_errors,omitempty"`
+ RxDropped uint64 `protobuf:"varint,5,opt,name=rx_dropped,json=rxDropped,proto3" json:"rx_dropped,omitempty"`
+ TxBytes uint64 `protobuf:"varint,6,opt,name=tx_bytes,json=txBytes,proto3" json:"tx_bytes,omitempty"`
+ TxPackets uint64 `protobuf:"varint,7,opt,name=tx_packets,json=txPackets,proto3" json:"tx_packets,omitempty"`
+ TxErrors uint64 `protobuf:"varint,8,opt,name=tx_errors,json=txErrors,proto3" json:"tx_errors,omitempty"`
+ TxDropped uint64 `protobuf:"varint,9,opt,name=tx_dropped,json=txDropped,proto3" json:"tx_dropped,omitempty"`
+}
+
+func (x *NetworkStat) Reset() {
+ *x = NetworkStat{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[13]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *NetworkStat) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*NetworkStat) ProtoMessage() {}
+
+func (x *NetworkStat) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[13]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use NetworkStat.ProtoReflect.Descriptor instead.
+func (*NetworkStat) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *NetworkStat) GetName() string {
+ if x != nil {
+ return x.Name
+ }
+ return ""
+}
+
+func (x *NetworkStat) GetRxBytes() uint64 {
+ if x != nil {
+ return x.RxBytes
+ }
+ return 0
+}
+
+func (x *NetworkStat) GetRxPackets() uint64 {
+ if x != nil {
+ return x.RxPackets
+ }
+ return 0
+}
+
+func (x *NetworkStat) GetRxErrors() uint64 {
+ if x != nil {
+ return x.RxErrors
+ }
+ return 0
+}
+
+func (x *NetworkStat) GetRxDropped() uint64 {
+ if x != nil {
+ return x.RxDropped
+ }
+ return 0
+}
+
+func (x *NetworkStat) GetTxBytes() uint64 {
+ if x != nil {
+ return x.TxBytes
+ }
+ return 0
+}
+
+func (x *NetworkStat) GetTxPackets() uint64 {
+ if x != nil {
+ return x.TxPackets
+ }
+ return 0
+}
+
+func (x *NetworkStat) GetTxErrors() uint64 {
+ if x != nil {
+ return x.TxErrors
+ }
+ return 0
+}
+
+func (x *NetworkStat) GetTxDropped() uint64 {
+ if x != nil {
+ return x.TxDropped
+ }
+ return 0
+}
+
+// CgroupStats exports per-cgroup statistics.
+type CgroupStats struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // number of tasks sleeping
+ NrSleeping uint64 `protobuf:"varint,1,opt,name=nr_sleeping,json=nrSleeping,proto3" json:"nr_sleeping,omitempty"`
+ // number of tasks running
+ NrRunning uint64 `protobuf:"varint,2,opt,name=nr_running,json=nrRunning,proto3" json:"nr_running,omitempty"`
+ // number of tasks in stopped state
+ NrStopped uint64 `protobuf:"varint,3,opt,name=nr_stopped,json=nrStopped,proto3" json:"nr_stopped,omitempty"`
+ // number of tasks in uninterruptible state
+ NrUninterruptible uint64 `protobuf:"varint,4,opt,name=nr_uninterruptible,json=nrUninterruptible,proto3" json:"nr_uninterruptible,omitempty"`
+ // number of tasks waiting on IO
+ NrIoWait uint64 `protobuf:"varint,5,opt,name=nr_io_wait,json=nrIoWait,proto3" json:"nr_io_wait,omitempty"`
+}
+
+func (x *CgroupStats) Reset() {
+ *x = CgroupStats{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[14]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *CgroupStats) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CgroupStats) ProtoMessage() {}
+
+func (x *CgroupStats) ProtoReflect() protoreflect.Message {
+ mi := &file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[14]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use CgroupStats.ProtoReflect.Descriptor instead.
+func (*CgroupStats) Descriptor() ([]byte, []int) {
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP(), []int{14}
+}
+
+func (x *CgroupStats) GetNrSleeping() uint64 {
+ if x != nil {
+ return x.NrSleeping
+ }
+ return 0
+}
+
+func (x *CgroupStats) GetNrRunning() uint64 {
+ if x != nil {
+ return x.NrRunning
+ }
+ return 0
+}
+
+func (x *CgroupStats) GetNrStopped() uint64 {
+ if x != nil {
+ return x.NrStopped
+ }
+ return 0
+}
+
+func (x *CgroupStats) GetNrUninterruptible() uint64 {
+ if x != nil {
+ return x.NrUninterruptible
+ }
+ return 0
+}
+
+func (x *CgroupStats) GetNrIoWait() uint64 {
+ if x != nil {
+ return x.NrIoWait
+ }
+ return 0
+}
+
+var File_github_com_containerd_cgroups_cgroup1_stats_metrics_proto protoreflect.FileDescriptor
+
+var file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDesc = []byte{
+ 0x0a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e,
+ 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2f,
+ 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x2f, 0x6d, 0x65,
+ 0x74, 0x72, 0x69, 0x63, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x6f, 0x2e,
+ 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75,
+ 0x70, 0x73, 0x2e, 0x76, 0x31, 0x22, 0xcd, 0x04, 0x0a, 0x07, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63,
+ 0x73, 0x12, 0x3f, 0x0a, 0x07, 0x68, 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62, 0x18, 0x01, 0x20, 0x03,
+ 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65,
+ 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x75,
+ 0x67, 0x65, 0x74, 0x6c, 0x62, 0x53, 0x74, 0x61, 0x74, 0x52, 0x07, 0x68, 0x75, 0x67, 0x65, 0x74,
+ 0x6c, 0x62, 0x12, 0x36, 0x0a, 0x04, 0x70, 0x69, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
+ 0x32, 0x22, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64,
+ 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x69, 0x64, 0x73,
+ 0x53, 0x74, 0x61, 0x74, 0x52, 0x04, 0x70, 0x69, 0x64, 0x73, 0x12, 0x33, 0x0a, 0x03, 0x63, 0x70,
+ 0x75, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e,
+ 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e,
+ 0x76, 0x31, 0x2e, 0x43, 0x50, 0x55, 0x53, 0x74, 0x61, 0x74, 0x52, 0x03, 0x63, 0x70, 0x75, 0x12,
+ 0x3c, 0x0a, 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
+ 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e,
+ 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72,
+ 0x79, 0x53, 0x74, 0x61, 0x74, 0x52, 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x12, 0x39, 0x0a,
+ 0x05, 0x62, 0x6c, 0x6b, 0x69, 0x6f, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69,
+ 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72,
+ 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x53, 0x74, 0x61,
+ 0x74, 0x52, 0x05, 0x62, 0x6c, 0x6b, 0x69, 0x6f, 0x12, 0x36, 0x0a, 0x04, 0x72, 0x64, 0x6d, 0x61,
+ 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74,
+ 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76,
+ 0x31, 0x2e, 0x52, 0x64, 0x6d, 0x61, 0x53, 0x74, 0x61, 0x74, 0x52, 0x04, 0x72, 0x64, 0x6d, 0x61,
+ 0x12, 0x3f, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x07, 0x20, 0x03, 0x28,
+ 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72,
+ 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4e, 0x65, 0x74,
+ 0x77, 0x6f, 0x72, 0x6b, 0x53, 0x74, 0x61, 0x74, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72,
+ 0x6b, 0x12, 0x48, 0x0a, 0x0c, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74,
+ 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e,
+ 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e,
+ 0x76, 0x31, 0x2e, 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x74, 0x61, 0x74, 0x73, 0x52, 0x0b,
+ 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x74, 0x61, 0x74, 0x73, 0x12, 0x58, 0x0a, 0x12, 0x6d,
+ 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x5f, 0x6f, 0x6f, 0x6d, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f,
+ 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e,
+ 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e,
+ 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x4f, 0x6f, 0x6d, 0x43, 0x6f, 0x6e, 0x74,
+ 0x72, 0x6f, 0x6c, 0x52, 0x10, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x4f, 0x6f, 0x6d, 0x43, 0x6f,
+ 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x22, 0x6b, 0x0a, 0x0b, 0x48, 0x75, 0x67, 0x65, 0x74, 0x6c, 0x62,
+ 0x53, 0x74, 0x61, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20,
+ 0x01, 0x28, 0x04, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x61,
+ 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x6d, 0x61, 0x78, 0x12, 0x18, 0x0a, 0x07,
+ 0x66, 0x61, 0x69, 0x6c, 0x63, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x66,
+ 0x61, 0x69, 0x6c, 0x63, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x67, 0x65, 0x73, 0x69,
+ 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, 0x73, 0x69,
+ 0x7a, 0x65, 0x22, 0x3a, 0x0a, 0x08, 0x50, 0x69, 0x64, 0x73, 0x53, 0x74, 0x61, 0x74, 0x12, 0x18,
+ 0x0a, 0x07, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52,
+ 0x07, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x69, 0x6d, 0x69,
+ 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x22, 0x87,
+ 0x01, 0x0a, 0x07, 0x43, 0x50, 0x55, 0x53, 0x74, 0x61, 0x74, 0x12, 0x38, 0x0a, 0x05, 0x75, 0x73,
+ 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x6f, 0x2e, 0x63,
+ 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70,
+ 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x50, 0x55, 0x55, 0x73, 0x61, 0x67, 0x65, 0x52, 0x05, 0x75,
+ 0x73, 0x61, 0x67, 0x65, 0x12, 0x42, 0x0a, 0x0a, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x69,
+ 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f,
+ 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73,
+ 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x52, 0x0a, 0x74, 0x68,
+ 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x69, 0x6e, 0x67, 0x22, 0x65, 0x0a, 0x08, 0x43, 0x50, 0x55, 0x55,
+ 0x73, 0x61, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x18, 0x01, 0x20,
+ 0x01, 0x28, 0x04, 0x52, 0x05, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x6b, 0x65,
+ 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x6b, 0x65, 0x72, 0x6e,
+ 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04,
+ 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x12, 0x17, 0x0a, 0x07, 0x70, 0x65, 0x72, 0x5f, 0x63, 0x70,
+ 0x75, 0x18, 0x04, 0x20, 0x03, 0x28, 0x04, 0x52, 0x06, 0x70, 0x65, 0x72, 0x43, 0x70, 0x75, 0x22,
+ 0x78, 0x0a, 0x08, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x70,
+ 0x65, 0x72, 0x69, 0x6f, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x70, 0x65,
+ 0x72, 0x69, 0x6f, 0x64, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c,
+ 0x65, 0x64, 0x5f, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04,
+ 0x52, 0x10, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x64, 0x50, 0x65, 0x72, 0x69, 0x6f,
+ 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x64, 0x5f,
+ 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x74, 0x68, 0x72, 0x6f,
+ 0x74, 0x74, 0x6c, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x22, 0x94, 0x0b, 0x0a, 0x0a, 0x4d, 0x65,
+ 0x6d, 0x6f, 0x72, 0x79, 0x53, 0x74, 0x61, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x61, 0x63, 0x68,
+ 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x63, 0x61, 0x63, 0x68, 0x65, 0x12, 0x10,
+ 0x0a, 0x03, 0x72, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x72, 0x73, 0x73,
+ 0x12, 0x19, 0x0a, 0x08, 0x72, 0x73, 0x73, 0x5f, 0x68, 0x75, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01,
+ 0x28, 0x04, 0x52, 0x07, 0x72, 0x73, 0x73, 0x48, 0x75, 0x67, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6d,
+ 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04,
+ 0x52, 0x0a, 0x6d, 0x61, 0x70, 0x70, 0x65, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05,
+ 0x64, 0x69, 0x72, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x64, 0x69, 0x72,
+ 0x74, 0x79, 0x12, 0x1c, 0x0a, 0x09, 0x77, 0x72, 0x69, 0x74, 0x65, 0x62, 0x61, 0x63, 0x6b, 0x18,
+ 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x77, 0x72, 0x69, 0x74, 0x65, 0x62, 0x61, 0x63, 0x6b,
+ 0x12, 0x18, 0x0a, 0x08, 0x70, 0x67, 0x5f, 0x70, 0x67, 0x5f, 0x69, 0x6e, 0x18, 0x07, 0x20, 0x01,
+ 0x28, 0x04, 0x52, 0x06, 0x70, 0x67, 0x50, 0x67, 0x49, 0x6e, 0x12, 0x1a, 0x0a, 0x09, 0x70, 0x67,
+ 0x5f, 0x70, 0x67, 0x5f, 0x6f, 0x75, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x70,
+ 0x67, 0x50, 0x67, 0x4f, 0x75, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x67, 0x5f, 0x66, 0x61, 0x75,
+ 0x6c, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x70, 0x67, 0x46, 0x61, 0x75, 0x6c,
+ 0x74, 0x12, 0x20, 0x0a, 0x0c, 0x70, 0x67, 0x5f, 0x6d, 0x61, 0x6a, 0x5f, 0x66, 0x61, 0x75, 0x6c,
+ 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x70, 0x67, 0x4d, 0x61, 0x6a, 0x46, 0x61,
+ 0x75, 0x6c, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f,
+ 0x61, 0x6e, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x69, 0x6e, 0x61, 0x63,
+ 0x74, 0x69, 0x76, 0x65, 0x41, 0x6e, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x63, 0x74, 0x69,
+ 0x76, 0x65, 0x5f, 0x61, 0x6e, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x61,
+ 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x6e, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x61,
+ 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x04,
+ 0x52, 0x0c, 0x69, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1f,
+ 0x0a, 0x0b, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0e, 0x20,
+ 0x01, 0x28, 0x04, 0x52, 0x0a, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12,
+ 0x20, 0x0a, 0x0b, 0x75, 0x6e, 0x65, 0x76, 0x69, 0x63, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x0f,
+ 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x75, 0x6e, 0x65, 0x76, 0x69, 0x63, 0x74, 0x61, 0x62, 0x6c,
+ 0x65, 0x12, 0x3a, 0x0a, 0x19, 0x68, 0x69, 0x65, 0x72, 0x61, 0x72, 0x63, 0x68, 0x69, 0x63, 0x61,
+ 0x6c, 0x5f, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x10,
+ 0x20, 0x01, 0x28, 0x04, 0x52, 0x17, 0x68, 0x69, 0x65, 0x72, 0x61, 0x72, 0x63, 0x68, 0x69, 0x63,
+ 0x61, 0x6c, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x36, 0x0a,
+ 0x17, 0x68, 0x69, 0x65, 0x72, 0x61, 0x72, 0x63, 0x68, 0x69, 0x63, 0x61, 0x6c, 0x5f, 0x73, 0x77,
+ 0x61, 0x70, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x11, 0x20, 0x01, 0x28, 0x04, 0x52, 0x15,
+ 0x68, 0x69, 0x65, 0x72, 0x61, 0x72, 0x63, 0x68, 0x69, 0x63, 0x61, 0x6c, 0x53, 0x77, 0x61, 0x70,
+ 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x63,
+ 0x61, 0x63, 0x68, 0x65, 0x18, 0x12, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x74, 0x6f, 0x74, 0x61,
+ 0x6c, 0x43, 0x61, 0x63, 0x68, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f,
+ 0x72, 0x73, 0x73, 0x18, 0x13, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x74, 0x6f, 0x74, 0x61, 0x6c,
+ 0x52, 0x73, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x72, 0x73, 0x73,
+ 0x5f, 0x68, 0x75, 0x67, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x74, 0x6f, 0x74,
+ 0x61, 0x6c, 0x52, 0x73, 0x73, 0x48, 0x75, 0x67, 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x74, 0x6f, 0x74,
+ 0x61, 0x6c, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x15,
+ 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x4d, 0x61, 0x70, 0x70, 0x65,
+ 0x64, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x64,
+ 0x69, 0x72, 0x74, 0x79, 0x18, 0x16, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x74, 0x6f, 0x74, 0x61,
+ 0x6c, 0x44, 0x69, 0x72, 0x74, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f,
+ 0x77, 0x72, 0x69, 0x74, 0x65, 0x62, 0x61, 0x63, 0x6b, 0x18, 0x17, 0x20, 0x01, 0x28, 0x04, 0x52,
+ 0x0e, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x57, 0x72, 0x69, 0x74, 0x65, 0x62, 0x61, 0x63, 0x6b, 0x12,
+ 0x23, 0x0a, 0x0e, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x67, 0x5f, 0x70, 0x67, 0x5f, 0x69,
+ 0x6e, 0x18, 0x18, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x67,
+ 0x50, 0x67, 0x49, 0x6e, 0x12, 0x25, 0x0a, 0x0f, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x67,
+ 0x5f, 0x70, 0x67, 0x5f, 0x6f, 0x75, 0x74, 0x18, 0x19, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0c, 0x74,
+ 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x67, 0x50, 0x67, 0x4f, 0x75, 0x74, 0x12, 0x24, 0x0a, 0x0e, 0x74,
+ 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x67, 0x5f, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x1a, 0x20,
+ 0x01, 0x28, 0x04, 0x52, 0x0c, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x67, 0x46, 0x61, 0x75, 0x6c,
+ 0x74, 0x12, 0x2b, 0x0a, 0x12, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x67, 0x5f, 0x6d, 0x61,
+ 0x6a, 0x5f, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x74,
+ 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x67, 0x4d, 0x61, 0x6a, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x2e,
+ 0x0a, 0x13, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x69, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65,
+ 0x5f, 0x61, 0x6e, 0x6f, 0x6e, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x04, 0x52, 0x11, 0x74, 0x6f, 0x74,
+ 0x61, 0x6c, 0x49, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x6e, 0x6f, 0x6e, 0x12, 0x2a,
+ 0x0a, 0x11, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x61,
+ 0x6e, 0x6f, 0x6e, 0x18, 0x1d, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x74, 0x6f, 0x74, 0x61, 0x6c,
+ 0x41, 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x6e, 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x13, 0x74, 0x6f,
+ 0x74, 0x61, 0x6c, 0x5f, 0x69, 0x6e, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x66, 0x69, 0x6c,
+ 0x65, 0x18, 0x1e, 0x20, 0x01, 0x28, 0x04, 0x52, 0x11, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x49, 0x6e,
+ 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x74, 0x6f,
+ 0x74, 0x61, 0x6c, 0x5f, 0x61, 0x63, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18,
+ 0x1f, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x41, 0x63, 0x74, 0x69,
+ 0x76, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f,
+ 0x75, 0x6e, 0x65, 0x76, 0x69, 0x63, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x20, 0x20, 0x01, 0x28,
+ 0x04, 0x52, 0x10, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x55, 0x6e, 0x65, 0x76, 0x69, 0x63, 0x74, 0x61,
+ 0x62, 0x6c, 0x65, 0x12, 0x3b, 0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x18, 0x21, 0x20, 0x01,
+ 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65,
+ 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65,
+ 0x6d, 0x6f, 0x72, 0x79, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65,
+ 0x12, 0x39, 0x0a, 0x04, 0x73, 0x77, 0x61, 0x70, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25,
+ 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63,
+ 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79,
+ 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x73, 0x77, 0x61, 0x70, 0x12, 0x3d, 0x0a, 0x06, 0x6b,
+ 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x23, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x6f,
+ 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f,
+ 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x45, 0x6e, 0x74,
+ 0x72, 0x79, 0x52, 0x06, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x12, 0x44, 0x0a, 0x0a, 0x6b, 0x65,
+ 0x72, 0x6e, 0x65, 0x6c, 0x5f, 0x74, 0x63, 0x70, 0x18, 0x24, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25,
+ 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63,
+ 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79,
+ 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x54, 0x63, 0x70,
+ 0x22, 0x65, 0x0a, 0x0b, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
+ 0x14, 0x0a, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05,
+ 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02,
+ 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x75, 0x73, 0x61, 0x67, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6d,
+ 0x61, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x03, 0x6d, 0x61, 0x78, 0x12, 0x18, 0x0a,
+ 0x07, 0x66, 0x61, 0x69, 0x6c, 0x63, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07,
+ 0x66, 0x61, 0x69, 0x6c, 0x63, 0x6e, 0x74, 0x22, 0x74, 0x0a, 0x10, 0x4d, 0x65, 0x6d, 0x6f, 0x72,
+ 0x79, 0x4f, 0x6f, 0x6d, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x12, 0x28, 0x0a, 0x10, 0x6f,
+ 0x6f, 0x6d, 0x5f, 0x6b, 0x69, 0x6c, 0x6c, 0x5f, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x18,
+ 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0e, 0x6f, 0x6f, 0x6d, 0x4b, 0x69, 0x6c, 0x6c, 0x44, 0x69,
+ 0x73, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x75, 0x6e, 0x64, 0x65, 0x72, 0x5f, 0x6f,
+ 0x6f, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x75, 0x6e, 0x64, 0x65, 0x72, 0x4f,
+ 0x6f, 0x6d, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x6f, 0x6d, 0x5f, 0x6b, 0x69, 0x6c, 0x6c, 0x18, 0x03,
+ 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6f, 0x6f, 0x6d, 0x4b, 0x69, 0x6c, 0x6c, 0x22, 0xd5, 0x05,
+ 0x0a, 0x09, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x53, 0x74, 0x61, 0x74, 0x12, 0x61, 0x0a, 0x1a, 0x69,
+ 0x6f, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x5f,
+ 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
+ 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e,
+ 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f,
+ 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x17, 0x69, 0x6f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+ 0x42, 0x79, 0x74, 0x65, 0x73, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x12, 0x58,
+ 0x0a, 0x15, 0x69, 0x6f, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x64, 0x5f, 0x72, 0x65,
+ 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e,
+ 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67,
+ 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e,
+ 0x74, 0x72, 0x79, 0x52, 0x13, 0x69, 0x6f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x64, 0x52,
+ 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x12, 0x54, 0x0a, 0x13, 0x69, 0x6f, 0x5f, 0x71,
+ 0x75, 0x65, 0x75, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18,
+ 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61,
+ 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31,
+ 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x69, 0x6f, 0x51,
+ 0x75, 0x65, 0x75, 0x65, 0x64, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x12, 0x5f,
+ 0x0a, 0x19, 0x69, 0x6f, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x74, 0x69, 0x6d,
+ 0x65, 0x5f, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28,
+ 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72,
+ 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b,
+ 0x49, 0x4f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x16, 0x69, 0x6f, 0x53, 0x65, 0x72, 0x76, 0x69,
+ 0x63, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x12,
+ 0x59, 0x0a, 0x16, 0x69, 0x6f, 0x5f, 0x77, 0x61, 0x69, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x5f,
+ 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32,
+ 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e,
+ 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f,
+ 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x13, 0x69, 0x6f, 0x57, 0x61, 0x69, 0x74, 0x54, 0x69, 0x6d,
+ 0x65, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x12, 0x54, 0x0a, 0x13, 0x69, 0x6f,
+ 0x5f, 0x6d, 0x65, 0x72, 0x67, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76,
+ 0x65, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e,
+ 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e,
+ 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x69,
+ 0x6f, 0x4d, 0x65, 0x72, 0x67, 0x65, 0x64, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65,
+ 0x12, 0x50, 0x0a, 0x11, 0x69, 0x6f, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x72, 0x65, 0x63, 0x75,
+ 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x6f,
+ 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f,
+ 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e, 0x74, 0x72,
+ 0x79, 0x52, 0x0f, 0x69, 0x6f, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69,
+ 0x76, 0x65, 0x12, 0x51, 0x0a, 0x11, 0x73, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x5f, 0x72, 0x65,
+ 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e,
+ 0x69, 0x6f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67,
+ 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e,
+ 0x74, 0x72, 0x79, 0x52, 0x10, 0x73, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x52, 0x65, 0x63, 0x75,
+ 0x72, 0x73, 0x69, 0x76, 0x65, 0x22, 0x76, 0x0a, 0x0a, 0x42, 0x6c, 0x6b, 0x49, 0x4f, 0x45, 0x6e,
+ 0x74, 0x72, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x6f, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+ 0x02, 0x6f, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x18, 0x02, 0x20,
+ 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6d,
+ 0x61, 0x6a, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x6d, 0x61, 0x6a, 0x6f,
+ 0x72, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04,
+ 0x52, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+ 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x84, 0x01,
+ 0x0a, 0x08, 0x52, 0x64, 0x6d, 0x61, 0x53, 0x74, 0x61, 0x74, 0x12, 0x3d, 0x0a, 0x07, 0x63, 0x75,
+ 0x72, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x6f,
+ 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f,
+ 0x75, 0x70, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x64, 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79,
+ 0x52, 0x07, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x39, 0x0a, 0x05, 0x6c, 0x69, 0x6d,
+ 0x69, 0x74, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x6f, 0x2e, 0x63, 0x6f,
+ 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73,
+ 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x64, 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x05, 0x6c,
+ 0x69, 0x6d, 0x69, 0x74, 0x22, 0x65, 0x0a, 0x09, 0x52, 0x64, 0x6d, 0x61, 0x45, 0x6e, 0x74, 0x72,
+ 0x79, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+ 0x09, 0x52, 0x06, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x63, 0x61,
+ 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a,
+ 0x68, 0x63, 0x61, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x68, 0x63,
+ 0x61, 0x5f, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52,
+ 0x0a, 0x68, 0x63, 0x61, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x22, 0x8d, 0x02, 0x0a, 0x0b,
+ 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x53, 0x74, 0x61, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e,
+ 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
+ 0x19, 0x0a, 0x08, 0x72, 0x78, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28,
+ 0x04, 0x52, 0x07, 0x72, 0x78, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x78,
+ 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09,
+ 0x72, 0x78, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x78, 0x5f,
+ 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x72, 0x78,
+ 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x78, 0x5f, 0x64, 0x72, 0x6f,
+ 0x70, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x72, 0x78, 0x44, 0x72,
+ 0x6f, 0x70, 0x70, 0x65, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x78, 0x5f, 0x62, 0x79, 0x74, 0x65,
+ 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x74, 0x78, 0x42, 0x79, 0x74, 0x65, 0x73,
+ 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x78, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x18, 0x07,
+ 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x74, 0x78, 0x50, 0x61, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x12,
+ 0x1b, 0x0a, 0x09, 0x74, 0x78, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x08, 0x20, 0x01,
+ 0x28, 0x04, 0x52, 0x08, 0x74, 0x78, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x1d, 0x0a, 0x0a,
+ 0x74, 0x78, 0x5f, 0x64, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x18, 0x09, 0x20, 0x01, 0x28, 0x04,
+ 0x52, 0x09, 0x74, 0x78, 0x44, 0x72, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x22, 0xb9, 0x01, 0x0a, 0x0b,
+ 0x43, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x53, 0x74, 0x61, 0x74, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x6e,
+ 0x72, 0x5f, 0x73, 0x6c, 0x65, 0x65, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04,
+ 0x52, 0x0a, 0x6e, 0x72, 0x53, 0x6c, 0x65, 0x65, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x1d, 0x0a, 0x0a,
+ 0x6e, 0x72, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04,
+ 0x52, 0x09, 0x6e, 0x72, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x6e,
+ 0x72, 0x5f, 0x73, 0x74, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52,
+ 0x09, 0x6e, 0x72, 0x53, 0x74, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x12, 0x2d, 0x0a, 0x12, 0x6e, 0x72,
+ 0x5f, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x72, 0x75, 0x70, 0x74, 0x69, 0x62, 0x6c, 0x65,
+ 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x11, 0x6e, 0x72, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65,
+ 0x72, 0x72, 0x75, 0x70, 0x74, 0x69, 0x62, 0x6c, 0x65, 0x12, 0x1c, 0x0a, 0x0a, 0x6e, 0x72, 0x5f,
+ 0x69, 0x6f, 0x5f, 0x77, 0x61, 0x69, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x08, 0x6e,
+ 0x72, 0x49, 0x6f, 0x57, 0x61, 0x69, 0x74, 0x42, 0x2d, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75,
+ 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64,
+ 0x2f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x2f, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x31,
+ 0x2f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var (
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescOnce sync.Once
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescData = file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDesc
+)
+
+func file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescGZIP() []byte {
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescOnce.Do(func() {
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescData = protoimpl.X.CompressGZIP(file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescData)
+ })
+ return file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDescData
+}
+
+var file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes = make([]protoimpl.MessageInfo, 15)
+var file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_goTypes = []interface{}{
+ (*Metrics)(nil), // 0: io.containerd.cgroups.v1.Metrics
+ (*HugetlbStat)(nil), // 1: io.containerd.cgroups.v1.HugetlbStat
+ (*PidsStat)(nil), // 2: io.containerd.cgroups.v1.PidsStat
+ (*CPUStat)(nil), // 3: io.containerd.cgroups.v1.CPUStat
+ (*CPUUsage)(nil), // 4: io.containerd.cgroups.v1.CPUUsage
+ (*Throttle)(nil), // 5: io.containerd.cgroups.v1.Throttle
+ (*MemoryStat)(nil), // 6: io.containerd.cgroups.v1.MemoryStat
+ (*MemoryEntry)(nil), // 7: io.containerd.cgroups.v1.MemoryEntry
+ (*MemoryOomControl)(nil), // 8: io.containerd.cgroups.v1.MemoryOomControl
+ (*BlkIOStat)(nil), // 9: io.containerd.cgroups.v1.BlkIOStat
+ (*BlkIOEntry)(nil), // 10: io.containerd.cgroups.v1.BlkIOEntry
+ (*RdmaStat)(nil), // 11: io.containerd.cgroups.v1.RdmaStat
+ (*RdmaEntry)(nil), // 12: io.containerd.cgroups.v1.RdmaEntry
+ (*NetworkStat)(nil), // 13: io.containerd.cgroups.v1.NetworkStat
+ (*CgroupStats)(nil), // 14: io.containerd.cgroups.v1.CgroupStats
+}
+var file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_depIdxs = []int32{
+ 1, // 0: io.containerd.cgroups.v1.Metrics.hugetlb:type_name -> io.containerd.cgroups.v1.HugetlbStat
+ 2, // 1: io.containerd.cgroups.v1.Metrics.pids:type_name -> io.containerd.cgroups.v1.PidsStat
+ 3, // 2: io.containerd.cgroups.v1.Metrics.cpu:type_name -> io.containerd.cgroups.v1.CPUStat
+ 6, // 3: io.containerd.cgroups.v1.Metrics.memory:type_name -> io.containerd.cgroups.v1.MemoryStat
+ 9, // 4: io.containerd.cgroups.v1.Metrics.blkio:type_name -> io.containerd.cgroups.v1.BlkIOStat
+ 11, // 5: io.containerd.cgroups.v1.Metrics.rdma:type_name -> io.containerd.cgroups.v1.RdmaStat
+ 13, // 6: io.containerd.cgroups.v1.Metrics.network:type_name -> io.containerd.cgroups.v1.NetworkStat
+ 14, // 7: io.containerd.cgroups.v1.Metrics.cgroup_stats:type_name -> io.containerd.cgroups.v1.CgroupStats
+ 8, // 8: io.containerd.cgroups.v1.Metrics.memory_oom_control:type_name -> io.containerd.cgroups.v1.MemoryOomControl
+ 4, // 9: io.containerd.cgroups.v1.CPUStat.usage:type_name -> io.containerd.cgroups.v1.CPUUsage
+ 5, // 10: io.containerd.cgroups.v1.CPUStat.throttling:type_name -> io.containerd.cgroups.v1.Throttle
+ 7, // 11: io.containerd.cgroups.v1.MemoryStat.usage:type_name -> io.containerd.cgroups.v1.MemoryEntry
+ 7, // 12: io.containerd.cgroups.v1.MemoryStat.swap:type_name -> io.containerd.cgroups.v1.MemoryEntry
+ 7, // 13: io.containerd.cgroups.v1.MemoryStat.kernel:type_name -> io.containerd.cgroups.v1.MemoryEntry
+ 7, // 14: io.containerd.cgroups.v1.MemoryStat.kernel_tcp:type_name -> io.containerd.cgroups.v1.MemoryEntry
+ 10, // 15: io.containerd.cgroups.v1.BlkIOStat.io_service_bytes_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry
+ 10, // 16: io.containerd.cgroups.v1.BlkIOStat.io_serviced_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry
+ 10, // 17: io.containerd.cgroups.v1.BlkIOStat.io_queued_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry
+ 10, // 18: io.containerd.cgroups.v1.BlkIOStat.io_service_time_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry
+ 10, // 19: io.containerd.cgroups.v1.BlkIOStat.io_wait_time_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry
+ 10, // 20: io.containerd.cgroups.v1.BlkIOStat.io_merged_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry
+ 10, // 21: io.containerd.cgroups.v1.BlkIOStat.io_time_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry
+ 10, // 22: io.containerd.cgroups.v1.BlkIOStat.sectors_recursive:type_name -> io.containerd.cgroups.v1.BlkIOEntry
+ 12, // 23: io.containerd.cgroups.v1.RdmaStat.current:type_name -> io.containerd.cgroups.v1.RdmaEntry
+ 12, // 24: io.containerd.cgroups.v1.RdmaStat.limit:type_name -> io.containerd.cgroups.v1.RdmaEntry
+ 25, // [25:25] is the sub-list for method output_type
+ 25, // [25:25] is the sub-list for method input_type
+ 25, // [25:25] is the sub-list for extension type_name
+ 25, // [25:25] is the sub-list for extension extendee
+ 0, // [0:25] is the sub-list for field type_name
+}
+
+func init() { file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_init() }
+func file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_init() {
+ if File_github_com_containerd_cgroups_cgroup1_stats_metrics_proto != nil {
+ return
+ }
+ if !protoimpl.UnsafeEnabled {
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*Metrics); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*HugetlbStat); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*PidsStat); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*CPUStat); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*CPUUsage); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*Throttle); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*MemoryStat); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*MemoryEntry); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*MemoryOomControl); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*BlkIOStat); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*BlkIOEntry); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*RdmaStat); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*RdmaEntry); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*NetworkStat); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*CgroupStats); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ }
+ type x struct{}
+ out := protoimpl.TypeBuilder{
+ File: protoimpl.DescBuilder{
+ GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+ RawDescriptor: file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDesc,
+ NumEnums: 0,
+ NumMessages: 15,
+ NumExtensions: 0,
+ NumServices: 0,
+ },
+ GoTypes: file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_goTypes,
+ DependencyIndexes: file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_depIdxs,
+ MessageInfos: file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_msgTypes,
+ }.Build()
+ File_github_com_containerd_cgroups_cgroup1_stats_metrics_proto = out.File
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_rawDesc = nil
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_goTypes = nil
+ file_github_com_containerd_cgroups_cgroup1_stats_metrics_proto_depIdxs = nil
+}
diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.txt b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.txt
new file mode 100644
index 000000000..7e4313ea5
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.txt
@@ -0,0 +1,771 @@
+file {
+ name: "github.com/containerd/cgroups/cgroup1/stats/metrics.proto"
+ package: "io.containerd.cgroups.v1"
+ message_type {
+ name: "Metrics"
+ field {
+ name: "hugetlb"
+ number: 1
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.HugetlbStat"
+ json_name: "hugetlb"
+ }
+ field {
+ name: "pids"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.PidsStat"
+ json_name: "pids"
+ }
+ field {
+ name: "cpu"
+ number: 3
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.CPUStat"
+ json_name: "cpu"
+ }
+ field {
+ name: "memory"
+ number: 4
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.MemoryStat"
+ json_name: "memory"
+ }
+ field {
+ name: "blkio"
+ number: 5
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.BlkIOStat"
+ json_name: "blkio"
+ }
+ field {
+ name: "rdma"
+ number: 6
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.RdmaStat"
+ json_name: "rdma"
+ }
+ field {
+ name: "network"
+ number: 7
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.NetworkStat"
+ json_name: "network"
+ }
+ field {
+ name: "cgroup_stats"
+ number: 8
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.CgroupStats"
+ json_name: "cgroupStats"
+ }
+ field {
+ name: "memory_oom_control"
+ number: 9
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.MemoryOomControl"
+ json_name: "memoryOomControl"
+ }
+ }
+ message_type {
+ name: "HugetlbStat"
+ field {
+ name: "usage"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "usage"
+ }
+ field {
+ name: "max"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "max"
+ }
+ field {
+ name: "failcnt"
+ number: 3
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "failcnt"
+ }
+ field {
+ name: "pagesize"
+ number: 4
+ label: LABEL_OPTIONAL
+ type: TYPE_STRING
+ json_name: "pagesize"
+ }
+ }
+ message_type {
+ name: "PidsStat"
+ field {
+ name: "current"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "current"
+ }
+ field {
+ name: "limit"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "limit"
+ }
+ }
+ message_type {
+ name: "CPUStat"
+ field {
+ name: "usage"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.CPUUsage"
+ json_name: "usage"
+ }
+ field {
+ name: "throttling"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.Throttle"
+ json_name: "throttling"
+ }
+ }
+ message_type {
+ name: "CPUUsage"
+ field {
+ name: "total"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "total"
+ }
+ field {
+ name: "kernel"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "kernel"
+ }
+ field {
+ name: "user"
+ number: 3
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "user"
+ }
+ field {
+ name: "per_cpu"
+ number: 4
+ label: LABEL_REPEATED
+ type: TYPE_UINT64
+ json_name: "perCpu"
+ }
+ }
+ message_type {
+ name: "Throttle"
+ field {
+ name: "periods"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "periods"
+ }
+ field {
+ name: "throttled_periods"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "throttledPeriods"
+ }
+ field {
+ name: "throttled_time"
+ number: 3
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "throttledTime"
+ }
+ }
+ message_type {
+ name: "MemoryStat"
+ field {
+ name: "cache"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "cache"
+ }
+ field {
+ name: "rss"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "rss"
+ }
+ field {
+ name: "rss_huge"
+ number: 3
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "rssHuge"
+ }
+ field {
+ name: "mapped_file"
+ number: 4
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "mappedFile"
+ }
+ field {
+ name: "dirty"
+ number: 5
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "dirty"
+ }
+ field {
+ name: "writeback"
+ number: 6
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "writeback"
+ }
+ field {
+ name: "pg_pg_in"
+ number: 7
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "pgPgIn"
+ }
+ field {
+ name: "pg_pg_out"
+ number: 8
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "pgPgOut"
+ }
+ field {
+ name: "pg_fault"
+ number: 9
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "pgFault"
+ }
+ field {
+ name: "pg_maj_fault"
+ number: 10
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "pgMajFault"
+ }
+ field {
+ name: "inactive_anon"
+ number: 11
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "inactiveAnon"
+ }
+ field {
+ name: "active_anon"
+ number: 12
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "activeAnon"
+ }
+ field {
+ name: "inactive_file"
+ number: 13
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "inactiveFile"
+ }
+ field {
+ name: "active_file"
+ number: 14
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "activeFile"
+ }
+ field {
+ name: "unevictable"
+ number: 15
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "unevictable"
+ }
+ field {
+ name: "hierarchical_memory_limit"
+ number: 16
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "hierarchicalMemoryLimit"
+ }
+ field {
+ name: "hierarchical_swap_limit"
+ number: 17
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "hierarchicalSwapLimit"
+ }
+ field {
+ name: "total_cache"
+ number: 18
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalCache"
+ }
+ field {
+ name: "total_rss"
+ number: 19
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalRss"
+ }
+ field {
+ name: "total_rss_huge"
+ number: 20
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalRssHuge"
+ }
+ field {
+ name: "total_mapped_file"
+ number: 21
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalMappedFile"
+ }
+ field {
+ name: "total_dirty"
+ number: 22
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalDirty"
+ }
+ field {
+ name: "total_writeback"
+ number: 23
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalWriteback"
+ }
+ field {
+ name: "total_pg_pg_in"
+ number: 24
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalPgPgIn"
+ }
+ field {
+ name: "total_pg_pg_out"
+ number: 25
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalPgPgOut"
+ }
+ field {
+ name: "total_pg_fault"
+ number: 26
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalPgFault"
+ }
+ field {
+ name: "total_pg_maj_fault"
+ number: 27
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalPgMajFault"
+ }
+ field {
+ name: "total_inactive_anon"
+ number: 28
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalInactiveAnon"
+ }
+ field {
+ name: "total_active_anon"
+ number: 29
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalActiveAnon"
+ }
+ field {
+ name: "total_inactive_file"
+ number: 30
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalInactiveFile"
+ }
+ field {
+ name: "total_active_file"
+ number: 31
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalActiveFile"
+ }
+ field {
+ name: "total_unevictable"
+ number: 32
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "totalUnevictable"
+ }
+ field {
+ name: "usage"
+ number: 33
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.MemoryEntry"
+ json_name: "usage"
+ }
+ field {
+ name: "swap"
+ number: 34
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.MemoryEntry"
+ json_name: "swap"
+ }
+ field {
+ name: "kernel"
+ number: 35
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.MemoryEntry"
+ json_name: "kernel"
+ }
+ field {
+ name: "kernel_tcp"
+ number: 36
+ label: LABEL_OPTIONAL
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.MemoryEntry"
+ json_name: "kernelTcp"
+ }
+ }
+ message_type {
+ name: "MemoryEntry"
+ field {
+ name: "limit"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "limit"
+ }
+ field {
+ name: "usage"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "usage"
+ }
+ field {
+ name: "max"
+ number: 3
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "max"
+ }
+ field {
+ name: "failcnt"
+ number: 4
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "failcnt"
+ }
+ }
+ message_type {
+ name: "MemoryOomControl"
+ field {
+ name: "oom_kill_disable"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "oomKillDisable"
+ }
+ field {
+ name: "under_oom"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "underOom"
+ }
+ field {
+ name: "oom_kill"
+ number: 3
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "oomKill"
+ }
+ }
+ message_type {
+ name: "BlkIOStat"
+ field {
+ name: "io_service_bytes_recursive"
+ number: 1
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.BlkIOEntry"
+ json_name: "ioServiceBytesRecursive"
+ }
+ field {
+ name: "io_serviced_recursive"
+ number: 2
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.BlkIOEntry"
+ json_name: "ioServicedRecursive"
+ }
+ field {
+ name: "io_queued_recursive"
+ number: 3
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.BlkIOEntry"
+ json_name: "ioQueuedRecursive"
+ }
+ field {
+ name: "io_service_time_recursive"
+ number: 4
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.BlkIOEntry"
+ json_name: "ioServiceTimeRecursive"
+ }
+ field {
+ name: "io_wait_time_recursive"
+ number: 5
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.BlkIOEntry"
+ json_name: "ioWaitTimeRecursive"
+ }
+ field {
+ name: "io_merged_recursive"
+ number: 6
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.BlkIOEntry"
+ json_name: "ioMergedRecursive"
+ }
+ field {
+ name: "io_time_recursive"
+ number: 7
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.BlkIOEntry"
+ json_name: "ioTimeRecursive"
+ }
+ field {
+ name: "sectors_recursive"
+ number: 8
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.BlkIOEntry"
+ json_name: "sectorsRecursive"
+ }
+ }
+ message_type {
+ name: "BlkIOEntry"
+ field {
+ name: "op"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_STRING
+ json_name: "op"
+ }
+ field {
+ name: "device"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_STRING
+ json_name: "device"
+ }
+ field {
+ name: "major"
+ number: 3
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "major"
+ }
+ field {
+ name: "minor"
+ number: 4
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "minor"
+ }
+ field {
+ name: "value"
+ number: 5
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "value"
+ }
+ }
+ message_type {
+ name: "RdmaStat"
+ field {
+ name: "current"
+ number: 1
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.RdmaEntry"
+ json_name: "current"
+ }
+ field {
+ name: "limit"
+ number: 2
+ label: LABEL_REPEATED
+ type: TYPE_MESSAGE
+ type_name: ".io.containerd.cgroups.v1.RdmaEntry"
+ json_name: "limit"
+ }
+ }
+ message_type {
+ name: "RdmaEntry"
+ field {
+ name: "device"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_STRING
+ json_name: "device"
+ }
+ field {
+ name: "hca_handles"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT32
+ json_name: "hcaHandles"
+ }
+ field {
+ name: "hca_objects"
+ number: 3
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT32
+ json_name: "hcaObjects"
+ }
+ }
+ message_type {
+ name: "NetworkStat"
+ field {
+ name: "name"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_STRING
+ json_name: "name"
+ }
+ field {
+ name: "rx_bytes"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "rxBytes"
+ }
+ field {
+ name: "rx_packets"
+ number: 3
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "rxPackets"
+ }
+ field {
+ name: "rx_errors"
+ number: 4
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "rxErrors"
+ }
+ field {
+ name: "rx_dropped"
+ number: 5
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "rxDropped"
+ }
+ field {
+ name: "tx_bytes"
+ number: 6
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "txBytes"
+ }
+ field {
+ name: "tx_packets"
+ number: 7
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "txPackets"
+ }
+ field {
+ name: "tx_errors"
+ number: 8
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "txErrors"
+ }
+ field {
+ name: "tx_dropped"
+ number: 9
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "txDropped"
+ }
+ }
+ message_type {
+ name: "CgroupStats"
+ field {
+ name: "nr_sleeping"
+ number: 1
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "nrSleeping"
+ }
+ field {
+ name: "nr_running"
+ number: 2
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "nrRunning"
+ }
+ field {
+ name: "nr_stopped"
+ number: 3
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "nrStopped"
+ }
+ field {
+ name: "nr_uninterruptible"
+ number: 4
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "nrUninterruptible"
+ }
+ field {
+ name: "nr_io_wait"
+ number: 5
+ label: LABEL_OPTIONAL
+ type: TYPE_UINT64
+ json_name: "nrIoWait"
+ }
+ }
+ options {
+ go_package: "github.com/containerd/cgroups/cgroup1/stats"
+ }
+ syntax: "proto3"
+}
diff --git a/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.proto b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.proto
new file mode 100644
index 000000000..e6e4444b1
--- /dev/null
+++ b/vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.proto
@@ -0,0 +1,158 @@
+syntax = "proto3";
+
+package io.containerd.cgroups.v1;
+
+option go_package = "github.com/containerd/cgroups/cgroup1/stats";
+
+message Metrics {
+ repeated HugetlbStat hugetlb = 1;
+ PidsStat pids = 2;
+ CPUStat cpu = 3;
+ MemoryStat memory = 4;
+ BlkIOStat blkio = 5;
+ RdmaStat rdma = 6;
+ repeated NetworkStat network = 7;
+ CgroupStats cgroup_stats = 8;
+ MemoryOomControl memory_oom_control = 9;
+}
+
+message HugetlbStat {
+ uint64 usage = 1;
+ uint64 max = 2;
+ uint64 failcnt = 3;
+ string pagesize = 4;
+}
+
+message PidsStat {
+ uint64 current = 1;
+ uint64 limit = 2;
+}
+
+message CPUStat {
+ CPUUsage usage = 1;
+ Throttle throttling = 2;
+}
+
+message CPUUsage {
+ // values in nanoseconds
+ uint64 total = 1;
+ uint64 kernel = 2;
+ uint64 user = 3;
+ repeated uint64 per_cpu = 4;
+
+}
+
+message Throttle {
+ uint64 periods = 1;
+ uint64 throttled_periods = 2;
+ uint64 throttled_time = 3;
+}
+
+message MemoryStat {
+ uint64 cache = 1;
+ uint64 rss = 2;
+ uint64 rss_huge = 3;
+ uint64 mapped_file = 4;
+ uint64 dirty = 5;
+ uint64 writeback = 6;
+ uint64 pg_pg_in = 7;
+ uint64 pg_pg_out = 8;
+ uint64 pg_fault = 9;
+ uint64 pg_maj_fault = 10;
+ uint64 inactive_anon = 11;
+ uint64 active_anon = 12;
+ uint64 inactive_file = 13;
+ uint64 active_file = 14;
+ uint64 unevictable = 15;
+ uint64 hierarchical_memory_limit = 16;
+ uint64 hierarchical_swap_limit = 17;
+ uint64 total_cache = 18;
+ uint64 total_rss = 19;
+ uint64 total_rss_huge = 20;
+ uint64 total_mapped_file = 21;
+ uint64 total_dirty = 22;
+ uint64 total_writeback = 23;
+ uint64 total_pg_pg_in = 24;
+ uint64 total_pg_pg_out = 25;
+ uint64 total_pg_fault = 26;
+ uint64 total_pg_maj_fault = 27;
+ uint64 total_inactive_anon = 28;
+ uint64 total_active_anon = 29;
+ uint64 total_inactive_file = 30;
+ uint64 total_active_file = 31;
+ uint64 total_unevictable = 32;
+ MemoryEntry usage = 33;
+ MemoryEntry swap = 34;
+ MemoryEntry kernel = 35;
+ MemoryEntry kernel_tcp = 36;
+
+}
+
+message MemoryEntry {
+ uint64 limit = 1;
+ uint64 usage = 2;
+ uint64 max = 3;
+ uint64 failcnt = 4;
+}
+
+message MemoryOomControl {
+ uint64 oom_kill_disable = 1;
+ uint64 under_oom = 2;
+ uint64 oom_kill = 3;
+}
+
+message BlkIOStat {
+ repeated BlkIOEntry io_service_bytes_recursive = 1;
+ repeated BlkIOEntry io_serviced_recursive = 2;
+ repeated BlkIOEntry io_queued_recursive = 3;
+ repeated BlkIOEntry io_service_time_recursive = 4;
+ repeated BlkIOEntry io_wait_time_recursive = 5;
+ repeated BlkIOEntry io_merged_recursive = 6;
+ repeated BlkIOEntry io_time_recursive = 7;
+ repeated BlkIOEntry sectors_recursive = 8;
+}
+
+message BlkIOEntry {
+ string op = 1;
+ string device = 2;
+ uint64 major = 3;
+ uint64 minor = 4;
+ uint64 value = 5;
+}
+
+message RdmaStat {
+ repeated RdmaEntry current = 1;
+ repeated RdmaEntry limit = 2;
+}
+
+message RdmaEntry {
+ string device = 1;
+ uint32 hca_handles = 2;
+ uint32 hca_objects = 3;
+}
+
+message NetworkStat {
+ string name = 1;
+ uint64 rx_bytes = 2;
+ uint64 rx_packets = 3;
+ uint64 rx_errors = 4;
+ uint64 rx_dropped = 5;
+ uint64 tx_bytes = 6;
+ uint64 tx_packets = 7;
+ uint64 tx_errors = 8;
+ uint64 tx_dropped = 9;
+}
+
+// CgroupStats exports per-cgroup statistics.
+message CgroupStats {
+ // number of tasks sleeping
+ uint64 nr_sleeping = 1;
+ // number of tasks running
+ uint64 nr_running = 2;
+ // number of tasks in stopped state
+ uint64 nr_stopped = 3;
+ // number of tasks in uninterruptible state
+ uint64 nr_uninterruptible = 4;
+ // number of tasks waiting on IO
+ uint64 nr_io_wait = 5;
+}
diff --git a/vendor/github.com/containerd/containerd/LICENSE b/vendor/github.com/containerd/containerd/LICENSE
new file mode 100644
index 000000000..584149b6e
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/LICENSE
@@ -0,0 +1,191 @@
+
+ Apache License
+ Version 2.0, January 2004
+ https://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ Copyright The containerd Authors
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/containerd/containerd/NOTICE b/vendor/github.com/containerd/containerd/NOTICE
new file mode 100644
index 000000000..8915f0277
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/NOTICE
@@ -0,0 +1,16 @@
+Docker
+Copyright 2012-2015 Docker, Inc.
+
+This product includes software developed at Docker, Inc. (https://www.docker.com).
+
+The following is courtesy of our legal counsel:
+
+
+Use and transfer of Docker may be subject to certain restrictions by the
+United States and other governments.
+It is your responsibility to ensure that your use and/or transfer does not
+violate applicable laws.
+
+For more information, please see https://www.bis.doc.gov
+
+See also https://www.apache.org/dev/crypto.html and/or seek legal counsel.
diff --git a/vendor/github.com/containerd/containerd/errdefs/errors.go b/vendor/github.com/containerd/containerd/errdefs/errors.go
new file mode 100644
index 000000000..876225597
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/errdefs/errors.go
@@ -0,0 +1,92 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+// Package errdefs defines the common errors used throughout containerd
+// packages.
+//
+// Use with fmt.Errorf to add context to an error.
+//
+// To detect an error class, use the IsXXX functions to tell whether an error
+// is of a certain type.
+//
+// The functions ToGRPC and FromGRPC can be used to map server-side and
+// client-side errors to the correct types.
+package errdefs
+
+import (
+ "context"
+ "errors"
+)
+
+// Definitions of common error types used throughout containerd. All containerd
+// errors returned by most packages will map into one of these errors classes.
+// Packages should return errors of these types when they want to instruct a
+// client to take a particular action.
+//
+// For the most part, we just try to provide local grpc errors. Most conditions
+// map very well to those defined by grpc.
+var (
+ ErrUnknown = errors.New("unknown") // used internally to represent a missed mapping.
+ ErrInvalidArgument = errors.New("invalid argument")
+ ErrNotFound = errors.New("not found")
+ ErrAlreadyExists = errors.New("already exists")
+ ErrFailedPrecondition = errors.New("failed precondition")
+ ErrUnavailable = errors.New("unavailable")
+ ErrNotImplemented = errors.New("not implemented") // represents not supported and unimplemented
+)
+
+// IsInvalidArgument returns true if the error is due to an invalid argument
+func IsInvalidArgument(err error) bool {
+ return errors.Is(err, ErrInvalidArgument)
+}
+
+// IsNotFound returns true if the error is due to a missing object
+func IsNotFound(err error) bool {
+ return errors.Is(err, ErrNotFound)
+}
+
+// IsAlreadyExists returns true if the error is due to an already existing
+// metadata item
+func IsAlreadyExists(err error) bool {
+ return errors.Is(err, ErrAlreadyExists)
+}
+
+// IsFailedPrecondition returns true if an operation could not proceed to the
+// lack of a particular condition
+func IsFailedPrecondition(err error) bool {
+ return errors.Is(err, ErrFailedPrecondition)
+}
+
+// IsUnavailable returns true if the error is due to a resource being unavailable
+func IsUnavailable(err error) bool {
+ return errors.Is(err, ErrUnavailable)
+}
+
+// IsNotImplemented returns true if the error is due to not being implemented
+func IsNotImplemented(err error) bool {
+ return errors.Is(err, ErrNotImplemented)
+}
+
+// IsCanceled returns true if the error is due to `context.Canceled`.
+func IsCanceled(err error) bool {
+ return errors.Is(err, context.Canceled)
+}
+
+// IsDeadlineExceeded returns true if the error is due to
+// `context.DeadlineExceeded`.
+func IsDeadlineExceeded(err error) bool {
+ return errors.Is(err, context.DeadlineExceeded)
+}
diff --git a/vendor/github.com/containerd/containerd/errdefs/grpc.go b/vendor/github.com/containerd/containerd/errdefs/grpc.go
new file mode 100644
index 000000000..7a9b33e05
--- /dev/null
+++ b/vendor/github.com/containerd/containerd/errdefs/grpc.go
@@ -0,0 +1,147 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package errdefs
+
+import (
+ "context"
+ "fmt"
+ "strings"
+
+ "google.golang.org/grpc/codes"
+ "google.golang.org/grpc/status"
+)
+
+// ToGRPC will attempt to map the backend containerd error into a grpc error,
+// using the original error message as a description.
+//
+// Further information may be extracted from certain errors depending on their
+// type.
+//
+// If the error is unmapped, the original error will be returned to be handled
+// by the regular grpc error handling stack.
+func ToGRPC(err error) error {
+ if err == nil {
+ return nil
+ }
+
+ if isGRPCError(err) {
+ // error has already been mapped to grpc
+ return err
+ }
+
+ switch {
+ case IsInvalidArgument(err):
+ return status.Errorf(codes.InvalidArgument, err.Error())
+ case IsNotFound(err):
+ return status.Errorf(codes.NotFound, err.Error())
+ case IsAlreadyExists(err):
+ return status.Errorf(codes.AlreadyExists, err.Error())
+ case IsFailedPrecondition(err):
+ return status.Errorf(codes.FailedPrecondition, err.Error())
+ case IsUnavailable(err):
+ return status.Errorf(codes.Unavailable, err.Error())
+ case IsNotImplemented(err):
+ return status.Errorf(codes.Unimplemented, err.Error())
+ case IsCanceled(err):
+ return status.Errorf(codes.Canceled, err.Error())
+ case IsDeadlineExceeded(err):
+ return status.Errorf(codes.DeadlineExceeded, err.Error())
+ }
+
+ return err
+}
+
+// ToGRPCf maps the error to grpc error codes, assembling the formatting string
+// and combining it with the target error string.
+//
+// This is equivalent to errdefs.ToGRPC(fmt.Errorf("%s: %w", fmt.Sprintf(format, args...), err))
+func ToGRPCf(err error, format string, args ...interface{}) error {
+ return ToGRPC(fmt.Errorf("%s: %w", fmt.Sprintf(format, args...), err))
+}
+
+// FromGRPC returns the underlying error from a grpc service based on the grpc error code
+func FromGRPC(err error) error {
+ if err == nil {
+ return nil
+ }
+
+ var cls error // divide these into error classes, becomes the cause
+
+ switch code(err) {
+ case codes.InvalidArgument:
+ cls = ErrInvalidArgument
+ case codes.AlreadyExists:
+ cls = ErrAlreadyExists
+ case codes.NotFound:
+ cls = ErrNotFound
+ case codes.Unavailable:
+ cls = ErrUnavailable
+ case codes.FailedPrecondition:
+ cls = ErrFailedPrecondition
+ case codes.Unimplemented:
+ cls = ErrNotImplemented
+ case codes.Canceled:
+ cls = context.Canceled
+ case codes.DeadlineExceeded:
+ cls = context.DeadlineExceeded
+ default:
+ cls = ErrUnknown
+ }
+
+ msg := rebaseMessage(cls, err)
+ if msg != "" {
+ err = fmt.Errorf("%s: %w", msg, cls)
+ } else {
+ err = cls
+ }
+
+ return err
+}
+
+// rebaseMessage removes the repeats for an error at the end of an error
+// string. This will happen when taking an error over grpc then remapping it.
+//
+// Effectively, we just remove the string of cls from the end of err if it
+// appears there.
+func rebaseMessage(cls error, err error) string {
+ desc := errDesc(err)
+ clss := cls.Error()
+ if desc == clss {
+ return ""
+ }
+
+ return strings.TrimSuffix(desc, ": "+clss)
+}
+
+func isGRPCError(err error) bool {
+ _, ok := status.FromError(err)
+ return ok
+}
+
+func code(err error) codes.Code {
+ if s, ok := status.FromError(err); ok {
+ return s.Code()
+ }
+ return codes.Unknown
+}
+
+func errDesc(err error) string {
+ if s, ok := status.FromError(err); ok {
+ return s.Message()
+ }
+ return err.Error()
+}
diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/LICENSE b/vendor/github.com/containerd/stargz-snapshotter/estargz/LICENSE
new file mode 100644
index 000000000..d64569567
--- /dev/null
+++ b/vendor/github.com/containerd/stargz-snapshotter/estargz/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/build.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/build.go
new file mode 100644
index 000000000..6aba0ef1f
--- /dev/null
+++ b/vendor/github.com/containerd/stargz-snapshotter/estargz/build.go
@@ -0,0 +1,689 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+/*
+ Copyright 2019 The Go Authors. All rights reserved.
+ Use of this source code is governed by a BSD-style
+ license that can be found in the LICENSE file.
+*/
+
+package estargz
+
+import (
+ "archive/tar"
+ "bytes"
+ "compress/gzip"
+ "context"
+ "errors"
+ "fmt"
+ "io"
+ "os"
+ "path"
+ "runtime"
+ "strings"
+ "sync"
+
+ "github.com/containerd/stargz-snapshotter/estargz/errorutil"
+ "github.com/klauspost/compress/zstd"
+ digest "github.com/opencontainers/go-digest"
+ "golang.org/x/sync/errgroup"
+)
+
+type options struct {
+ chunkSize int
+ compressionLevel int
+ prioritizedFiles []string
+ missedPrioritizedFiles *[]string
+ compression Compression
+ ctx context.Context
+ minChunkSize int
+}
+
+type Option func(o *options) error
+
+// WithChunkSize option specifies the chunk size of eStargz blob to build.
+func WithChunkSize(chunkSize int) Option {
+ return func(o *options) error {
+ o.chunkSize = chunkSize
+ return nil
+ }
+}
+
+// WithCompressionLevel option specifies the gzip compression level.
+// The default is gzip.BestCompression.
+// This option will be ignored if WithCompression option is used.
+// See also: https://godoc.org/compress/gzip#pkg-constants
+func WithCompressionLevel(level int) Option {
+ return func(o *options) error {
+ o.compressionLevel = level
+ return nil
+ }
+}
+
+// WithPrioritizedFiles option specifies the list of prioritized files.
+// These files must be complete paths that are absolute or relative to "/"
+// For example, all of "foo/bar", "/foo/bar", "./foo/bar" and "../foo/bar"
+// are treated as "/foo/bar".
+func WithPrioritizedFiles(files []string) Option {
+ return func(o *options) error {
+ o.prioritizedFiles = files
+ return nil
+ }
+}
+
+// WithAllowPrioritizeNotFound makes Build continue the execution even if some
+// of prioritized files specified by WithPrioritizedFiles option aren't found
+// in the input tar. Instead, this records all missed file names to the passed
+// slice.
+func WithAllowPrioritizeNotFound(missedFiles *[]string) Option {
+ return func(o *options) error {
+ if missedFiles == nil {
+ return fmt.Errorf("WithAllowPrioritizeNotFound: slice must be passed")
+ }
+ o.missedPrioritizedFiles = missedFiles
+ return nil
+ }
+}
+
+// WithCompression specifies compression algorithm to be used.
+// Default is gzip.
+func WithCompression(compression Compression) Option {
+ return func(o *options) error {
+ o.compression = compression
+ return nil
+ }
+}
+
+// WithContext specifies a context that can be used for clean canceleration.
+func WithContext(ctx context.Context) Option {
+ return func(o *options) error {
+ o.ctx = ctx
+ return nil
+ }
+}
+
+// WithMinChunkSize option specifies the minimal number of bytes of data
+// must be written in one gzip stream.
+// By increasing this number, one gzip stream can contain multiple files
+// and it hopefully leads to smaller result blob.
+// NOTE: This adds a TOC property that old reader doesn't understand.
+func WithMinChunkSize(minChunkSize int) Option {
+ return func(o *options) error {
+ o.minChunkSize = minChunkSize
+ return nil
+ }
+}
+
+// Blob is an eStargz blob.
+type Blob struct {
+ io.ReadCloser
+ diffID digest.Digester
+ tocDigest digest.Digest
+}
+
+// DiffID returns the digest of uncompressed blob.
+// It is only valid to call DiffID after Close.
+func (b *Blob) DiffID() digest.Digest {
+ return b.diffID.Digest()
+}
+
+// TOCDigest returns the digest of uncompressed TOC JSON.
+func (b *Blob) TOCDigest() digest.Digest {
+ return b.tocDigest
+}
+
+// Build builds an eStargz blob which is an extended version of stargz, from a blob (gzip, zstd
+// or plain tar) passed through the argument. If there are some prioritized files are listed in
+// the option, these files are grouped as "prioritized" and can be used for runtime optimization
+// (e.g. prefetch). This function builds a blob in parallel, with dividing that blob into several
+// (at least the number of runtime.GOMAXPROCS(0)) sub-blobs.
+func Build(tarBlob *io.SectionReader, opt ...Option) (_ *Blob, rErr error) {
+ var opts options
+ opts.compressionLevel = gzip.BestCompression // BestCompression by default
+ for _, o := range opt {
+ if err := o(&opts); err != nil {
+ return nil, err
+ }
+ }
+ if opts.compression == nil {
+ opts.compression = newGzipCompressionWithLevel(opts.compressionLevel)
+ }
+ layerFiles := newTempFiles()
+ ctx := opts.ctx
+ if ctx == nil {
+ ctx = context.Background()
+ }
+ done := make(chan struct{})
+ defer close(done)
+ go func() {
+ select {
+ case <-done:
+ // nop
+ case <-ctx.Done():
+ layerFiles.CleanupAll()
+ }
+ }()
+ defer func() {
+ if rErr != nil {
+ if err := layerFiles.CleanupAll(); err != nil {
+ rErr = fmt.Errorf("failed to cleanup tmp files: %v: %w", err, rErr)
+ }
+ }
+ if cErr := ctx.Err(); cErr != nil {
+ rErr = fmt.Errorf("error from context %q: %w", cErr, rErr)
+ }
+ }()
+ tarBlob, err := decompressBlob(tarBlob, layerFiles)
+ if err != nil {
+ return nil, err
+ }
+ entries, err := sortEntries(tarBlob, opts.prioritizedFiles, opts.missedPrioritizedFiles)
+ if err != nil {
+ return nil, err
+ }
+ var tarParts [][]*entry
+ if opts.minChunkSize > 0 {
+ // Each entry needs to know the size of the current gzip stream so they
+ // cannot be processed in parallel.
+ tarParts = [][]*entry{entries}
+ } else {
+ tarParts = divideEntries(entries, runtime.GOMAXPROCS(0))
+ }
+ writers := make([]*Writer, len(tarParts))
+ payloads := make([]*os.File, len(tarParts))
+ var mu sync.Mutex
+ var eg errgroup.Group
+ for i, parts := range tarParts {
+ i, parts := i, parts
+ // builds verifiable stargz sub-blobs
+ eg.Go(func() error {
+ esgzFile, err := layerFiles.TempFile("", "esgzdata")
+ if err != nil {
+ return err
+ }
+ sw := NewWriterWithCompressor(esgzFile, opts.compression)
+ sw.ChunkSize = opts.chunkSize
+ sw.MinChunkSize = opts.minChunkSize
+ if sw.needsOpenGzEntries == nil {
+ sw.needsOpenGzEntries = make(map[string]struct{})
+ }
+ for _, f := range []string{PrefetchLandmark, NoPrefetchLandmark} {
+ sw.needsOpenGzEntries[f] = struct{}{}
+ }
+ if err := sw.AppendTar(readerFromEntries(parts...)); err != nil {
+ return err
+ }
+ mu.Lock()
+ writers[i] = sw
+ payloads[i] = esgzFile
+ mu.Unlock()
+ return nil
+ })
+ }
+ if err := eg.Wait(); err != nil {
+ rErr = err
+ return nil, err
+ }
+ tocAndFooter, tocDgst, err := closeWithCombine(writers...)
+ if err != nil {
+ rErr = err
+ return nil, err
+ }
+ var rs []io.Reader
+ for _, p := range payloads {
+ fs, err := fileSectionReader(p)
+ if err != nil {
+ return nil, err
+ }
+ rs = append(rs, fs)
+ }
+ diffID := digest.Canonical.Digester()
+ pr, pw := io.Pipe()
+ go func() {
+ r, err := opts.compression.Reader(io.TeeReader(io.MultiReader(append(rs, tocAndFooter)...), pw))
+ if err != nil {
+ pw.CloseWithError(err)
+ return
+ }
+ defer r.Close()
+ if _, err := io.Copy(diffID.Hash(), r); err != nil {
+ pw.CloseWithError(err)
+ return
+ }
+ pw.Close()
+ }()
+ return &Blob{
+ ReadCloser: readCloser{
+ Reader: pr,
+ closeFunc: layerFiles.CleanupAll,
+ },
+ tocDigest: tocDgst,
+ diffID: diffID,
+ }, nil
+}
+
+// closeWithCombine takes unclosed Writers and close them. This also returns the
+// toc that combined all Writers into.
+// Writers doesn't write TOC and footer to the underlying writers so they can be
+// combined into a single eStargz and tocAndFooter returned by this function can
+// be appended at the tail of that combined blob.
+func closeWithCombine(ws ...*Writer) (tocAndFooterR io.Reader, tocDgst digest.Digest, err error) {
+ if len(ws) == 0 {
+ return nil, "", fmt.Errorf("at least one writer must be passed")
+ }
+ for _, w := range ws {
+ if w.closed {
+ return nil, "", fmt.Errorf("writer must be unclosed")
+ }
+ defer func(w *Writer) { w.closed = true }(w)
+ if err := w.closeGz(); err != nil {
+ return nil, "", err
+ }
+ if err := w.bw.Flush(); err != nil {
+ return nil, "", err
+ }
+ }
+ var (
+ mtoc = new(JTOC)
+ currentOffset int64
+ )
+ mtoc.Version = ws[0].toc.Version
+ for _, w := range ws {
+ for _, e := range w.toc.Entries {
+ // Recalculate Offset of non-empty files/chunks
+ if (e.Type == "reg" && e.Size > 0) || e.Type == "chunk" {
+ e.Offset += currentOffset
+ }
+ mtoc.Entries = append(mtoc.Entries, e)
+ }
+ if w.toc.Version > mtoc.Version {
+ mtoc.Version = w.toc.Version
+ }
+ currentOffset += w.cw.n
+ }
+
+ return tocAndFooter(ws[0].compressor, mtoc, currentOffset)
+}
+
+func tocAndFooter(compressor Compressor, toc *JTOC, offset int64) (io.Reader, digest.Digest, error) {
+ buf := new(bytes.Buffer)
+ tocDigest, err := compressor.WriteTOCAndFooter(buf, offset, toc, nil)
+ if err != nil {
+ return nil, "", err
+ }
+ return buf, tocDigest, nil
+}
+
+// divideEntries divides passed entries to the parts at least the number specified by the
+// argument.
+func divideEntries(entries []*entry, minPartsNum int) (set [][]*entry) {
+ var estimatedSize int64
+ for _, e := range entries {
+ estimatedSize += e.header.Size
+ }
+ unitSize := estimatedSize / int64(minPartsNum)
+ var (
+ nextEnd = unitSize
+ offset int64
+ )
+ set = append(set, []*entry{})
+ for _, e := range entries {
+ set[len(set)-1] = append(set[len(set)-1], e)
+ offset += e.header.Size
+ if offset > nextEnd {
+ set = append(set, []*entry{})
+ nextEnd += unitSize
+ }
+ }
+ return
+}
+
+var errNotFound = errors.New("not found")
+
+// sortEntries reads the specified tar blob and returns a list of tar entries.
+// If some of prioritized files are specified, the list starts from these
+// files with keeping the order specified by the argument.
+func sortEntries(in io.ReaderAt, prioritized []string, missedPrioritized *[]string) ([]*entry, error) {
+
+ // Import tar file.
+ intar, err := importTar(in)
+ if err != nil {
+ return nil, fmt.Errorf("failed to sort: %w", err)
+ }
+
+ // Sort the tar file respecting to the prioritized files list.
+ sorted := &tarFile{}
+ for _, l := range prioritized {
+ if err := moveRec(l, intar, sorted); err != nil {
+ if errors.Is(err, errNotFound) && missedPrioritized != nil {
+ *missedPrioritized = append(*missedPrioritized, l)
+ continue // allow not found
+ }
+ return nil, fmt.Errorf("failed to sort tar entries: %w", err)
+ }
+ }
+ if len(prioritized) == 0 {
+ sorted.add(&entry{
+ header: &tar.Header{
+ Name: NoPrefetchLandmark,
+ Typeflag: tar.TypeReg,
+ Size: int64(len([]byte{landmarkContents})),
+ },
+ payload: bytes.NewReader([]byte{landmarkContents}),
+ })
+ } else {
+ sorted.add(&entry{
+ header: &tar.Header{
+ Name: PrefetchLandmark,
+ Typeflag: tar.TypeReg,
+ Size: int64(len([]byte{landmarkContents})),
+ },
+ payload: bytes.NewReader([]byte{landmarkContents}),
+ })
+ }
+
+ // Dump all entry and concatinate them.
+ return append(sorted.dump(), intar.dump()...), nil
+}
+
+// readerFromEntries returns a reader of tar archive that contains entries passed
+// through the arguments.
+func readerFromEntries(entries ...*entry) io.Reader {
+ pr, pw := io.Pipe()
+ go func() {
+ tw := tar.NewWriter(pw)
+ defer tw.Close()
+ for _, entry := range entries {
+ if err := tw.WriteHeader(entry.header); err != nil {
+ pw.CloseWithError(fmt.Errorf("Failed to write tar header: %v", err))
+ return
+ }
+ if _, err := io.Copy(tw, entry.payload); err != nil {
+ pw.CloseWithError(fmt.Errorf("Failed to write tar payload: %v", err))
+ return
+ }
+ }
+ pw.Close()
+ }()
+ return pr
+}
+
+func importTar(in io.ReaderAt) (*tarFile, error) {
+ tf := &tarFile{}
+ pw, err := newCountReadSeeker(in)
+ if err != nil {
+ return nil, fmt.Errorf("failed to make position watcher: %w", err)
+ }
+ tr := tar.NewReader(pw)
+
+ // Walk through all nodes.
+ for {
+ // Fetch and parse next header.
+ h, err := tr.Next()
+ if err != nil {
+ if err == io.EOF {
+ break
+ }
+ return nil, fmt.Errorf("failed to parse tar file, %w", err)
+ }
+ switch cleanEntryName(h.Name) {
+ case PrefetchLandmark, NoPrefetchLandmark:
+ // Ignore existing landmark
+ continue
+ }
+
+ // Add entry. If it already exists, replace it.
+ if _, ok := tf.get(h.Name); ok {
+ tf.remove(h.Name)
+ }
+ tf.add(&entry{
+ header: h,
+ payload: io.NewSectionReader(in, pw.currentPos(), h.Size),
+ })
+ }
+
+ return tf, nil
+}
+
+func moveRec(name string, in *tarFile, out *tarFile) error {
+ name = cleanEntryName(name)
+ if name == "" { // root directory. stop recursion.
+ if e, ok := in.get(name); ok {
+ // entry of the root directory exists. we should move it as well.
+ // this case will occur if tar entries are prefixed with "./", "/", etc.
+ out.add(e)
+ in.remove(name)
+ }
+ return nil
+ }
+
+ _, okIn := in.get(name)
+ _, okOut := out.get(name)
+ if !okIn && !okOut {
+ return fmt.Errorf("file: %q: %w", name, errNotFound)
+ }
+
+ parent, _ := path.Split(strings.TrimSuffix(name, "/"))
+ if err := moveRec(parent, in, out); err != nil {
+ return err
+ }
+ if e, ok := in.get(name); ok && e.header.Typeflag == tar.TypeLink {
+ if err := moveRec(e.header.Linkname, in, out); err != nil {
+ return err
+ }
+ }
+ if e, ok := in.get(name); ok {
+ out.add(e)
+ in.remove(name)
+ }
+ return nil
+}
+
+type entry struct {
+ header *tar.Header
+ payload io.ReadSeeker
+}
+
+type tarFile struct {
+ index map[string]*entry
+ stream []*entry
+}
+
+func (f *tarFile) add(e *entry) {
+ if f.index == nil {
+ f.index = make(map[string]*entry)
+ }
+ f.index[cleanEntryName(e.header.Name)] = e
+ f.stream = append(f.stream, e)
+}
+
+func (f *tarFile) remove(name string) {
+ name = cleanEntryName(name)
+ if f.index != nil {
+ delete(f.index, name)
+ }
+ var filtered []*entry
+ for _, e := range f.stream {
+ if cleanEntryName(e.header.Name) == name {
+ continue
+ }
+ filtered = append(filtered, e)
+ }
+ f.stream = filtered
+}
+
+func (f *tarFile) get(name string) (e *entry, ok bool) {
+ if f.index == nil {
+ return nil, false
+ }
+ e, ok = f.index[cleanEntryName(name)]
+ return
+}
+
+func (f *tarFile) dump() []*entry {
+ return f.stream
+}
+
+type readCloser struct {
+ io.Reader
+ closeFunc func() error
+}
+
+func (rc readCloser) Close() error {
+ return rc.closeFunc()
+}
+
+func fileSectionReader(file *os.File) (*io.SectionReader, error) {
+ info, err := file.Stat()
+ if err != nil {
+ return nil, err
+ }
+ return io.NewSectionReader(file, 0, info.Size()), nil
+}
+
+func newTempFiles() *tempFiles {
+ return &tempFiles{}
+}
+
+type tempFiles struct {
+ files []*os.File
+ filesMu sync.Mutex
+ cleanupOnce sync.Once
+}
+
+func (tf *tempFiles) TempFile(dir, pattern string) (*os.File, error) {
+ f, err := os.CreateTemp(dir, pattern)
+ if err != nil {
+ return nil, err
+ }
+ tf.filesMu.Lock()
+ tf.files = append(tf.files, f)
+ tf.filesMu.Unlock()
+ return f, nil
+}
+
+func (tf *tempFiles) CleanupAll() (err error) {
+ tf.cleanupOnce.Do(func() {
+ err = tf.cleanupAll()
+ })
+ return
+}
+
+func (tf *tempFiles) cleanupAll() error {
+ tf.filesMu.Lock()
+ defer tf.filesMu.Unlock()
+ var allErr []error
+ for _, f := range tf.files {
+ if err := f.Close(); err != nil {
+ allErr = append(allErr, err)
+ }
+ if err := os.Remove(f.Name()); err != nil {
+ allErr = append(allErr, err)
+ }
+ }
+ tf.files = nil
+ return errorutil.Aggregate(allErr)
+}
+
+func newCountReadSeeker(r io.ReaderAt) (*countReadSeeker, error) {
+ pos := int64(0)
+ return &countReadSeeker{r: r, cPos: &pos}, nil
+}
+
+type countReadSeeker struct {
+ r io.ReaderAt
+ cPos *int64
+
+ mu sync.Mutex
+}
+
+func (cr *countReadSeeker) Read(p []byte) (int, error) {
+ cr.mu.Lock()
+ defer cr.mu.Unlock()
+
+ n, err := cr.r.ReadAt(p, *cr.cPos)
+ if err == nil {
+ *cr.cPos += int64(n)
+ }
+ return n, err
+}
+
+func (cr *countReadSeeker) Seek(offset int64, whence int) (int64, error) {
+ cr.mu.Lock()
+ defer cr.mu.Unlock()
+
+ switch whence {
+ default:
+ return 0, fmt.Errorf("Unknown whence: %v", whence)
+ case io.SeekStart:
+ case io.SeekCurrent:
+ offset += *cr.cPos
+ case io.SeekEnd:
+ return 0, fmt.Errorf("Unsupported whence: %v", whence)
+ }
+
+ if offset < 0 {
+ return 0, fmt.Errorf("invalid offset")
+ }
+ *cr.cPos = offset
+ return offset, nil
+}
+
+func (cr *countReadSeeker) currentPos() int64 {
+ cr.mu.Lock()
+ defer cr.mu.Unlock()
+
+ return *cr.cPos
+}
+
+func decompressBlob(org *io.SectionReader, tmp *tempFiles) (*io.SectionReader, error) {
+ if org.Size() < 4 {
+ return org, nil
+ }
+ src := make([]byte, 4)
+ if _, err := org.Read(src); err != nil && err != io.EOF {
+ return nil, err
+ }
+ var dR io.Reader
+ if bytes.Equal([]byte{0x1F, 0x8B, 0x08}, src[:3]) {
+ // gzip
+ dgR, err := gzip.NewReader(io.NewSectionReader(org, 0, org.Size()))
+ if err != nil {
+ return nil, err
+ }
+ defer dgR.Close()
+ dR = io.Reader(dgR)
+ } else if bytes.Equal([]byte{0x28, 0xb5, 0x2f, 0xfd}, src[:4]) {
+ // zstd
+ dzR, err := zstd.NewReader(io.NewSectionReader(org, 0, org.Size()))
+ if err != nil {
+ return nil, err
+ }
+ defer dzR.Close()
+ dR = io.Reader(dzR)
+ } else {
+ // uncompressed
+ return io.NewSectionReader(org, 0, org.Size()), nil
+ }
+ b, err := tmp.TempFile("", "uncompresseddata")
+ if err != nil {
+ return nil, err
+ }
+ if _, err := io.Copy(b, dR); err != nil {
+ return nil, err
+ }
+ return fileSectionReader(b)
+}
diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/errorutil/errors.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/errorutil/errors.go
new file mode 100644
index 000000000..6de78b02d
--- /dev/null
+++ b/vendor/github.com/containerd/stargz-snapshotter/estargz/errorutil/errors.go
@@ -0,0 +1,40 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package errorutil
+
+import (
+ "errors"
+ "fmt"
+ "strings"
+)
+
+// Aggregate combines a list of errors into a single new error.
+func Aggregate(errs []error) error {
+ switch len(errs) {
+ case 0:
+ return nil
+ case 1:
+ return errs[0]
+ default:
+ points := make([]string, len(errs)+1)
+ points[0] = fmt.Sprintf("%d error(s) occurred:", len(errs))
+ for i, err := range errs {
+ points[i+1] = fmt.Sprintf("* %s", err)
+ }
+ return errors.New(strings.Join(points, "\n\t"))
+ }
+}
diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go
new file mode 100644
index 000000000..f4d554655
--- /dev/null
+++ b/vendor/github.com/containerd/stargz-snapshotter/estargz/estargz.go
@@ -0,0 +1,1223 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+/*
+ Copyright 2019 The Go Authors. All rights reserved.
+ Use of this source code is governed by a BSD-style
+ license that can be found in the LICENSE file.
+*/
+
+package estargz
+
+import (
+ "bufio"
+ "bytes"
+ "compress/gzip"
+ "crypto/sha256"
+ "errors"
+ "fmt"
+ "hash"
+ "io"
+ "os"
+ "path"
+ "sort"
+ "strings"
+ "sync"
+ "time"
+
+ "github.com/containerd/stargz-snapshotter/estargz/errorutil"
+ digest "github.com/opencontainers/go-digest"
+ "github.com/vbatts/tar-split/archive/tar"
+)
+
+// A Reader permits random access reads from a stargz file.
+type Reader struct {
+ sr *io.SectionReader
+ toc *JTOC
+ tocDigest digest.Digest
+
+ // m stores all non-chunk entries, keyed by name.
+ m map[string]*TOCEntry
+
+ // chunks stores all TOCEntry values for regular files that
+ // are split up. For a file with a single chunk, it's only
+ // stored in m.
+ chunks map[string][]*TOCEntry
+
+ decompressor Decompressor
+}
+
+type openOpts struct {
+ tocOffset int64
+ decompressors []Decompressor
+ telemetry *Telemetry
+}
+
+// OpenOption is an option used during opening the layer
+type OpenOption func(o *openOpts) error
+
+// WithTOCOffset option specifies the offset of TOC
+func WithTOCOffset(tocOffset int64) OpenOption {
+ return func(o *openOpts) error {
+ o.tocOffset = tocOffset
+ return nil
+ }
+}
+
+// WithDecompressors option specifies decompressors to use.
+// Default is gzip-based decompressor.
+func WithDecompressors(decompressors ...Decompressor) OpenOption {
+ return func(o *openOpts) error {
+ o.decompressors = decompressors
+ return nil
+ }
+}
+
+// WithTelemetry option specifies the telemetry hooks
+func WithTelemetry(telemetry *Telemetry) OpenOption {
+ return func(o *openOpts) error {
+ o.telemetry = telemetry
+ return nil
+ }
+}
+
+// MeasureLatencyHook is a func which takes start time and records the diff
+type MeasureLatencyHook func(time.Time)
+
+// Telemetry is a struct which defines telemetry hooks. By implementing these hooks you should be able to record
+// the latency metrics of the respective steps of estargz open operation. To be used with estargz.OpenWithTelemetry(...)
+type Telemetry struct {
+ GetFooterLatency MeasureLatencyHook // measure time to get stargz footer (in milliseconds)
+ GetTocLatency MeasureLatencyHook // measure time to GET TOC JSON (in milliseconds)
+ DeserializeTocLatency MeasureLatencyHook // measure time to deserialize TOC JSON (in milliseconds)
+}
+
+// Open opens a stargz file for reading.
+// The behavior is configurable using options.
+//
+// Note that each entry name is normalized as the path that is relative to root.
+func Open(sr *io.SectionReader, opt ...OpenOption) (*Reader, error) {
+ var opts openOpts
+ for _, o := range opt {
+ if err := o(&opts); err != nil {
+ return nil, err
+ }
+ }
+
+ gzipCompressors := []Decompressor{new(GzipDecompressor), new(LegacyGzipDecompressor)}
+ decompressors := append(gzipCompressors, opts.decompressors...)
+
+ // Determine the size to fetch. Try to fetch as many bytes as possible.
+ fetchSize := maxFooterSize(sr.Size(), decompressors...)
+ if maybeTocOffset := opts.tocOffset; maybeTocOffset > fetchSize {
+ if maybeTocOffset > sr.Size() {
+ return nil, fmt.Errorf("blob size %d is smaller than the toc offset", sr.Size())
+ }
+ fetchSize = sr.Size() - maybeTocOffset
+ }
+
+ start := time.Now() // before getting layer footer
+ footer := make([]byte, fetchSize)
+ if _, err := sr.ReadAt(footer, sr.Size()-fetchSize); err != nil {
+ return nil, fmt.Errorf("error reading footer: %v", err)
+ }
+ if opts.telemetry != nil && opts.telemetry.GetFooterLatency != nil {
+ opts.telemetry.GetFooterLatency(start)
+ }
+
+ var allErr []error
+ var found bool
+ var r *Reader
+ for _, d := range decompressors {
+ fSize := d.FooterSize()
+ fOffset := positive(int64(len(footer)) - fSize)
+ maybeTocBytes := footer[:fOffset]
+ _, tocOffset, tocSize, err := d.ParseFooter(footer[fOffset:])
+ if err != nil {
+ allErr = append(allErr, err)
+ continue
+ }
+ if tocOffset >= 0 && tocSize <= 0 {
+ tocSize = sr.Size() - tocOffset - fSize
+ }
+ if tocOffset >= 0 && tocSize < int64(len(maybeTocBytes)) {
+ maybeTocBytes = maybeTocBytes[:tocSize]
+ }
+ r, err = parseTOC(d, sr, tocOffset, tocSize, maybeTocBytes, opts)
+ if err == nil {
+ found = true
+ break
+ }
+ allErr = append(allErr, err)
+ }
+ if !found {
+ return nil, errorutil.Aggregate(allErr)
+ }
+ if err := r.initFields(); err != nil {
+ return nil, fmt.Errorf("failed to initialize fields of entries: %v", err)
+ }
+ return r, nil
+}
+
+// OpenFooter extracts and parses footer from the given blob.
+// only supports gzip-based eStargz.
+func OpenFooter(sr *io.SectionReader) (tocOffset int64, footerSize int64, rErr error) {
+ if sr.Size() < FooterSize && sr.Size() < legacyFooterSize {
+ return 0, 0, fmt.Errorf("blob size %d is smaller than the footer size", sr.Size())
+ }
+ var footer [FooterSize]byte
+ if _, err := sr.ReadAt(footer[:], sr.Size()-FooterSize); err != nil {
+ return 0, 0, fmt.Errorf("error reading footer: %v", err)
+ }
+ var allErr []error
+ for _, d := range []Decompressor{new(GzipDecompressor), new(LegacyGzipDecompressor)} {
+ fSize := d.FooterSize()
+ fOffset := positive(int64(len(footer)) - fSize)
+ _, tocOffset, _, err := d.ParseFooter(footer[fOffset:])
+ if err == nil {
+ return tocOffset, fSize, err
+ }
+ allErr = append(allErr, err)
+ }
+ return 0, 0, errorutil.Aggregate(allErr)
+}
+
+// initFields populates the Reader from r.toc after decoding it from
+// JSON.
+//
+// Unexported fields are populated and TOCEntry fields that were
+// implicit in the JSON are populated.
+func (r *Reader) initFields() error {
+ r.m = make(map[string]*TOCEntry, len(r.toc.Entries))
+ r.chunks = make(map[string][]*TOCEntry)
+ var lastPath string
+ uname := map[int]string{}
+ gname := map[int]string{}
+ var lastRegEnt *TOCEntry
+ var chunkTopIndex int
+ for i, ent := range r.toc.Entries {
+ ent.Name = cleanEntryName(ent.Name)
+ switch ent.Type {
+ case "reg", "chunk":
+ if ent.Offset != r.toc.Entries[chunkTopIndex].Offset {
+ chunkTopIndex = i
+ }
+ ent.chunkTopIndex = chunkTopIndex
+ }
+ if ent.Type == "reg" {
+ lastRegEnt = ent
+ }
+ if ent.Type == "chunk" {
+ ent.Name = lastPath
+ r.chunks[ent.Name] = append(r.chunks[ent.Name], ent)
+ if ent.ChunkSize == 0 && lastRegEnt != nil {
+ ent.ChunkSize = lastRegEnt.Size - ent.ChunkOffset
+ }
+ } else {
+ lastPath = ent.Name
+
+ if ent.Uname != "" {
+ uname[ent.UID] = ent.Uname
+ } else {
+ ent.Uname = uname[ent.UID]
+ }
+ if ent.Gname != "" {
+ gname[ent.GID] = ent.Gname
+ } else {
+ ent.Gname = uname[ent.GID]
+ }
+
+ ent.modTime, _ = time.Parse(time.RFC3339, ent.ModTime3339)
+
+ if ent.Type == "dir" {
+ ent.NumLink++ // Parent dir links to this directory
+ }
+ r.m[ent.Name] = ent
+ }
+ if ent.Type == "reg" && ent.ChunkSize > 0 && ent.ChunkSize < ent.Size {
+ r.chunks[ent.Name] = make([]*TOCEntry, 0, ent.Size/ent.ChunkSize+1)
+ r.chunks[ent.Name] = append(r.chunks[ent.Name], ent)
+ }
+ if ent.ChunkSize == 0 && ent.Size != 0 {
+ ent.ChunkSize = ent.Size
+ }
+ }
+
+ // Populate children, add implicit directories:
+ for _, ent := range r.toc.Entries {
+ if ent.Type == "chunk" {
+ continue
+ }
+ // add "foo/":
+ // add "foo" child to "" (creating "" if necessary)
+ //
+ // add "foo/bar/":
+ // add "bar" child to "foo" (creating "foo" if necessary)
+ //
+ // add "foo/bar.txt":
+ // add "bar.txt" child to "foo" (creating "foo" if necessary)
+ //
+ // add "a/b/c/d/e/f.txt":
+ // create "a/b/c/d/e" node
+ // add "f.txt" child to "e"
+
+ name := ent.Name
+ pdirName := parentDir(name)
+ if name == pdirName {
+ // This entry and its parent are the same.
+ // Ignore this for avoiding infinite loop of the reference.
+ // The example case where this can occur is when tar contains the root
+ // directory itself (e.g. "./", "/").
+ continue
+ }
+ pdir := r.getOrCreateDir(pdirName)
+ ent.NumLink++ // at least one name(ent.Name) references this entry.
+ if ent.Type == "hardlink" {
+ org, err := r.getSource(ent)
+ if err != nil {
+ return err
+ }
+ org.NumLink++ // original entry is referenced by this ent.Name.
+ ent = org
+ }
+ pdir.addChild(path.Base(name), ent)
+ }
+
+ lastOffset := r.sr.Size()
+ for i := len(r.toc.Entries) - 1; i >= 0; i-- {
+ e := r.toc.Entries[i]
+ if e.isDataType() {
+ e.nextOffset = lastOffset
+ }
+ if e.Offset != 0 && e.InnerOffset == 0 {
+ lastOffset = e.Offset
+ }
+ }
+
+ return nil
+}
+
+func (r *Reader) getSource(ent *TOCEntry) (_ *TOCEntry, err error) {
+ if ent.Type == "hardlink" {
+ org, ok := r.m[cleanEntryName(ent.LinkName)]
+ if !ok {
+ return nil, fmt.Errorf("%q is a hardlink but the linkname %q isn't found", ent.Name, ent.LinkName)
+ }
+ ent, err = r.getSource(org)
+ if err != nil {
+ return nil, err
+ }
+ }
+ return ent, nil
+}
+
+func parentDir(p string) string {
+ dir, _ := path.Split(p)
+ return strings.TrimSuffix(dir, "/")
+}
+
+func (r *Reader) getOrCreateDir(d string) *TOCEntry {
+ e, ok := r.m[d]
+ if !ok {
+ e = &TOCEntry{
+ Name: d,
+ Type: "dir",
+ Mode: 0755,
+ NumLink: 2, // The directory itself(.) and the parent link to this directory.
+ }
+ r.m[d] = e
+ if d != "" {
+ pdir := r.getOrCreateDir(parentDir(d))
+ pdir.addChild(path.Base(d), e)
+ }
+ }
+ return e
+}
+
+func (r *Reader) TOCDigest() digest.Digest {
+ return r.tocDigest
+}
+
+// VerifyTOC checks that the TOC JSON in the passed blob matches the
+// passed digests and that the TOC JSON contains digests for all chunks
+// contained in the blob. If the verification succceeds, this function
+// returns TOCEntryVerifier which holds all chunk digests in the stargz blob.
+func (r *Reader) VerifyTOC(tocDigest digest.Digest) (TOCEntryVerifier, error) {
+ // Verify the digest of TOC JSON
+ if r.tocDigest != tocDigest {
+ return nil, fmt.Errorf("invalid TOC JSON %q; want %q", r.tocDigest, tocDigest)
+ }
+ return r.Verifiers()
+}
+
+// Verifiers returns TOCEntryVerifier of this chunk. Use VerifyTOC instead in most cases
+// because this doesn't verify TOC.
+func (r *Reader) Verifiers() (TOCEntryVerifier, error) {
+ chunkDigestMap := make(map[int64]digest.Digest) // map from chunk offset to the chunk digest
+ regDigestMap := make(map[int64]digest.Digest) // map from chunk offset to the reg file digest
+ var chunkDigestMapIncomplete bool
+ var regDigestMapIncomplete bool
+ var containsChunk bool
+ for _, e := range r.toc.Entries {
+ if e.Type != "reg" && e.Type != "chunk" {
+ continue
+ }
+
+ // offset must be unique in stargz blob
+ _, dOK := chunkDigestMap[e.Offset]
+ _, rOK := regDigestMap[e.Offset]
+ if dOK || rOK {
+ return nil, fmt.Errorf("offset %d found twice", e.Offset)
+ }
+
+ if e.Type == "reg" {
+ if e.Size == 0 {
+ continue // ignores empty file
+ }
+
+ // record the digest of regular file payload
+ if e.Digest != "" {
+ d, err := digest.Parse(e.Digest)
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse regular file digest %q: %w", e.Digest, err)
+ }
+ regDigestMap[e.Offset] = d
+ } else {
+ regDigestMapIncomplete = true
+ }
+ } else {
+ containsChunk = true // this layer contains "chunk" entries.
+ }
+
+ // "reg" also can contain ChunkDigest (e.g. when "reg" is the first entry of
+ // chunked file)
+ if e.ChunkDigest != "" {
+ d, err := digest.Parse(e.ChunkDigest)
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse chunk digest %q: %w", e.ChunkDigest, err)
+ }
+ chunkDigestMap[e.Offset] = d
+ } else {
+ chunkDigestMapIncomplete = true
+ }
+ }
+
+ if chunkDigestMapIncomplete {
+ // Though some chunk digests are not found, if this layer doesn't contain
+ // "chunk"s and all digest of "reg" files are recorded, we can use them instead.
+ if !containsChunk && !regDigestMapIncomplete {
+ return &verifier{digestMap: regDigestMap}, nil
+ }
+ return nil, fmt.Errorf("some ChunkDigest not found in TOC JSON")
+ }
+
+ return &verifier{digestMap: chunkDigestMap}, nil
+}
+
+// verifier is an implementation of TOCEntryVerifier which holds verifiers keyed by
+// offset of the chunk.
+type verifier struct {
+ digestMap map[int64]digest.Digest
+ digestMapMu sync.Mutex
+}
+
+// Verifier returns a content verifier specified by TOCEntry.
+func (v *verifier) Verifier(ce *TOCEntry) (digest.Verifier, error) {
+ v.digestMapMu.Lock()
+ defer v.digestMapMu.Unlock()
+ d, ok := v.digestMap[ce.Offset]
+ if !ok {
+ return nil, fmt.Errorf("verifier for offset=%d,size=%d hasn't been registered",
+ ce.Offset, ce.ChunkSize)
+ }
+ return d.Verifier(), nil
+}
+
+// ChunkEntryForOffset returns the TOCEntry containing the byte of the
+// named file at the given offset within the file.
+// Name must be absolute path or one that is relative to root.
+func (r *Reader) ChunkEntryForOffset(name string, offset int64) (e *TOCEntry, ok bool) {
+ name = cleanEntryName(name)
+ e, ok = r.Lookup(name)
+ if !ok || !e.isDataType() {
+ return nil, false
+ }
+ ents := r.chunks[name]
+ if len(ents) < 2 {
+ if offset >= e.ChunkSize {
+ return nil, false
+ }
+ return e, true
+ }
+ i := sort.Search(len(ents), func(i int) bool {
+ e := ents[i]
+ return e.ChunkOffset >= offset || (offset > e.ChunkOffset && offset < e.ChunkOffset+e.ChunkSize)
+ })
+ if i == len(ents) {
+ return nil, false
+ }
+ return ents[i], true
+}
+
+// Lookup returns the Table of Contents entry for the given path.
+//
+// To get the root directory, use the empty string.
+// Path must be absolute path or one that is relative to root.
+func (r *Reader) Lookup(path string) (e *TOCEntry, ok bool) {
+ path = cleanEntryName(path)
+ if r == nil {
+ return
+ }
+ e, ok = r.m[path]
+ if ok && e.Type == "hardlink" {
+ var err error
+ e, err = r.getSource(e)
+ if err != nil {
+ return nil, false
+ }
+ }
+ return
+}
+
+// OpenFile returns the reader of the specified file payload.
+//
+// Name must be absolute path or one that is relative to root.
+func (r *Reader) OpenFile(name string) (*io.SectionReader, error) {
+ fr, err := r.newFileReader(name)
+ if err != nil {
+ return nil, err
+ }
+ return io.NewSectionReader(fr, 0, fr.size), nil
+}
+
+func (r *Reader) newFileReader(name string) (*fileReader, error) {
+ name = cleanEntryName(name)
+ ent, ok := r.Lookup(name)
+ if !ok {
+ // TODO: come up with some error plan. This is lazy:
+ return nil, &os.PathError{
+ Path: name,
+ Op: "OpenFile",
+ Err: os.ErrNotExist,
+ }
+ }
+ if ent.Type != "reg" {
+ return nil, &os.PathError{
+ Path: name,
+ Op: "OpenFile",
+ Err: errors.New("not a regular file"),
+ }
+ }
+ return &fileReader{
+ r: r,
+ size: ent.Size,
+ ents: r.getChunks(ent),
+ }, nil
+}
+
+func (r *Reader) OpenFileWithPreReader(name string, preRead func(*TOCEntry, io.Reader) error) (*io.SectionReader, error) {
+ fr, err := r.newFileReader(name)
+ if err != nil {
+ return nil, err
+ }
+ fr.preRead = preRead
+ return io.NewSectionReader(fr, 0, fr.size), nil
+}
+
+func (r *Reader) getChunks(ent *TOCEntry) []*TOCEntry {
+ if ents, ok := r.chunks[ent.Name]; ok {
+ return ents
+ }
+ return []*TOCEntry{ent}
+}
+
+type fileReader struct {
+ r *Reader
+ size int64
+ ents []*TOCEntry // 1 or more reg/chunk entries
+ preRead func(*TOCEntry, io.Reader) error
+}
+
+func (fr *fileReader) ReadAt(p []byte, off int64) (n int, err error) {
+ if off >= fr.size {
+ return 0, io.EOF
+ }
+ if off < 0 {
+ return 0, errors.New("invalid offset")
+ }
+ var i int
+ if len(fr.ents) > 1 {
+ i = sort.Search(len(fr.ents), func(i int) bool {
+ return fr.ents[i].ChunkOffset >= off
+ })
+ if i == len(fr.ents) {
+ i = len(fr.ents) - 1
+ }
+ }
+ ent := fr.ents[i]
+ if ent.ChunkOffset > off {
+ if i == 0 {
+ return 0, errors.New("internal error; first chunk offset is non-zero")
+ }
+ ent = fr.ents[i-1]
+ }
+
+ // If ent is a chunk of a large file, adjust the ReadAt
+ // offset by the chunk's offset.
+ off -= ent.ChunkOffset
+
+ finalEnt := fr.ents[len(fr.ents)-1]
+ compressedOff := ent.Offset
+ // compressedBytesRemain is the number of compressed bytes in this
+ // file remaining, over 1+ chunks.
+ compressedBytesRemain := finalEnt.NextOffset() - compressedOff
+
+ sr := io.NewSectionReader(fr.r.sr, compressedOff, compressedBytesRemain)
+
+ const maxRead = 2 << 20
+ var bufSize = maxRead
+ if compressedBytesRemain < maxRead {
+ bufSize = int(compressedBytesRemain)
+ }
+
+ br := bufio.NewReaderSize(sr, bufSize)
+ if _, err := br.Peek(bufSize); err != nil {
+ return 0, fmt.Errorf("fileReader.ReadAt.peek: %v", err)
+ }
+
+ dr, err := fr.r.decompressor.Reader(br)
+ if err != nil {
+ return 0, fmt.Errorf("fileReader.ReadAt.decompressor.Reader: %v", err)
+ }
+ defer dr.Close()
+
+ if fr.preRead == nil {
+ if n, err := io.CopyN(io.Discard, dr, ent.InnerOffset+off); n != ent.InnerOffset+off || err != nil {
+ return 0, fmt.Errorf("discard of %d bytes != %v, %v", ent.InnerOffset+off, n, err)
+ }
+ return io.ReadFull(dr, p)
+ }
+
+ var retN int
+ var retErr error
+ var found bool
+ var nr int64
+ for _, e := range fr.r.toc.Entries[ent.chunkTopIndex:] {
+ if !e.isDataType() {
+ continue
+ }
+ if e.Offset != fr.r.toc.Entries[ent.chunkTopIndex].Offset {
+ break
+ }
+ if in, err := io.CopyN(io.Discard, dr, e.InnerOffset-nr); err != nil || in != e.InnerOffset-nr {
+ return 0, fmt.Errorf("discard of remaining %d bytes != %v, %v", e.InnerOffset-nr, in, err)
+ }
+ nr = e.InnerOffset
+ if e == ent {
+ found = true
+ if n, err := io.CopyN(io.Discard, dr, off); n != off || err != nil {
+ return 0, fmt.Errorf("discard of offset %d bytes != %v, %v", off, n, err)
+ }
+ retN, retErr = io.ReadFull(dr, p)
+ nr += off + int64(retN)
+ continue
+ }
+ cr := &countReader{r: io.LimitReader(dr, e.ChunkSize)}
+ if err := fr.preRead(e, cr); err != nil {
+ return 0, fmt.Errorf("failed to pre read: %w", err)
+ }
+ nr += cr.n
+ }
+ if !found {
+ return 0, fmt.Errorf("fileReader.ReadAt: target entry not found")
+ }
+ return retN, retErr
+}
+
+// A Writer writes stargz files.
+//
+// Use NewWriter to create a new Writer.
+type Writer struct {
+ bw *bufio.Writer
+ cw *countWriter
+ toc *JTOC
+ diffHash hash.Hash // SHA-256 of uncompressed tar
+
+ closed bool
+ gz io.WriteCloser
+ lastUsername map[int]string
+ lastGroupname map[int]string
+ compressor Compressor
+
+ uncompressedCounter *countWriteFlusher
+
+ // ChunkSize optionally controls the maximum number of bytes
+ // of data of a regular file that can be written in one gzip
+ // stream before a new gzip stream is started.
+ // Zero means to use a default, currently 4 MiB.
+ ChunkSize int
+
+ // MinChunkSize optionally controls the minimum number of bytes
+ // of data must be written in one gzip stream before a new gzip
+ // NOTE: This adds a TOC property that stargz snapshotter < v0.13.0 doesn't understand.
+ MinChunkSize int
+
+ needsOpenGzEntries map[string]struct{}
+}
+
+// currentCompressionWriter writes to the current w.gz field, which can
+// change throughout writing a tar entry.
+//
+// Additionally, it updates w's SHA-256 of the uncompressed bytes
+// of the tar file.
+type currentCompressionWriter struct{ w *Writer }
+
+func (ccw currentCompressionWriter) Write(p []byte) (int, error) {
+ ccw.w.diffHash.Write(p)
+ if ccw.w.gz == nil {
+ if err := ccw.w.condOpenGz(); err != nil {
+ return 0, err
+ }
+ }
+ return ccw.w.gz.Write(p)
+}
+
+func (w *Writer) chunkSize() int {
+ if w.ChunkSize <= 0 {
+ return 4 << 20
+ }
+ return w.ChunkSize
+}
+
+// Unpack decompresses the given estargz blob and returns a ReadCloser of the tar blob.
+// TOC JSON and footer are removed.
+func Unpack(sr *io.SectionReader, c Decompressor) (io.ReadCloser, error) {
+ footerSize := c.FooterSize()
+ if sr.Size() < footerSize {
+ return nil, fmt.Errorf("blob is too small; %d < %d", sr.Size(), footerSize)
+ }
+ footerOffset := sr.Size() - footerSize
+ footer := make([]byte, footerSize)
+ if _, err := sr.ReadAt(footer, footerOffset); err != nil {
+ return nil, err
+ }
+ blobPayloadSize, _, _, err := c.ParseFooter(footer)
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse footer: %w", err)
+ }
+ if blobPayloadSize < 0 {
+ blobPayloadSize = sr.Size()
+ }
+ return c.Reader(io.LimitReader(sr, blobPayloadSize))
+}
+
+// NewWriter returns a new stargz writer (gzip-based) writing to w.
+//
+// The writer must be closed to write its trailing table of contents.
+func NewWriter(w io.Writer) *Writer {
+ return NewWriterLevel(w, gzip.BestCompression)
+}
+
+// NewWriterLevel returns a new stargz writer (gzip-based) writing to w.
+// The compression level is configurable.
+//
+// The writer must be closed to write its trailing table of contents.
+func NewWriterLevel(w io.Writer, compressionLevel int) *Writer {
+ return NewWriterWithCompressor(w, NewGzipCompressorWithLevel(compressionLevel))
+}
+
+// NewWriterWithCompressor returns a new stargz writer writing to w.
+// The compression method is configurable.
+//
+// The writer must be closed to write its trailing table of contents.
+func NewWriterWithCompressor(w io.Writer, c Compressor) *Writer {
+ bw := bufio.NewWriter(w)
+ cw := &countWriter{w: bw}
+ return &Writer{
+ bw: bw,
+ cw: cw,
+ toc: &JTOC{Version: 1},
+ diffHash: sha256.New(),
+ compressor: c,
+ uncompressedCounter: &countWriteFlusher{},
+ }
+}
+
+// Close writes the stargz's table of contents and flushes all the
+// buffers, returning any error.
+func (w *Writer) Close() (digest.Digest, error) {
+ if w.closed {
+ return "", nil
+ }
+ defer func() { w.closed = true }()
+
+ if err := w.closeGz(); err != nil {
+ return "", err
+ }
+
+ // Write the TOC index and footer.
+ tocDigest, err := w.compressor.WriteTOCAndFooter(w.cw, w.cw.n, w.toc, w.diffHash)
+ if err != nil {
+ return "", err
+ }
+ if err := w.bw.Flush(); err != nil {
+ return "", err
+ }
+
+ return tocDigest, nil
+}
+
+func (w *Writer) closeGz() error {
+ if w.closed {
+ return errors.New("write on closed Writer")
+ }
+ if w.gz != nil {
+ if err := w.gz.Close(); err != nil {
+ return err
+ }
+ w.gz = nil
+ }
+ return nil
+}
+
+func (w *Writer) flushGz() error {
+ if w.closed {
+ return errors.New("flush on closed Writer")
+ }
+ if w.gz != nil {
+ if f, ok := w.gz.(interface {
+ Flush() error
+ }); ok {
+ return f.Flush()
+ }
+ }
+ return nil
+}
+
+// nameIfChanged returns name, unless it was the already the value of (*mp)[id],
+// in which case it returns the empty string.
+func (w *Writer) nameIfChanged(mp *map[int]string, id int, name string) string {
+ if name == "" {
+ return ""
+ }
+ if *mp == nil {
+ *mp = make(map[int]string)
+ }
+ if (*mp)[id] == name {
+ return ""
+ }
+ (*mp)[id] = name
+ return name
+}
+
+func (w *Writer) condOpenGz() (err error) {
+ if w.gz == nil {
+ w.gz, err = w.compressor.Writer(w.cw)
+ if w.gz != nil {
+ w.gz = w.uncompressedCounter.register(w.gz)
+ }
+ }
+ return
+}
+
+// AppendTar reads the tar or tar.gz file from r and appends
+// each of its contents to w.
+//
+// The input r can optionally be gzip compressed but the output will
+// always be compressed by the specified compressor.
+func (w *Writer) AppendTar(r io.Reader) error {
+ return w.appendTar(r, false)
+}
+
+// AppendTarLossLess reads the tar or tar.gz file from r and appends
+// each of its contents to w.
+//
+// The input r can optionally be gzip compressed but the output will
+// always be compressed by the specified compressor.
+//
+// The difference of this func with AppendTar is that this writes
+// the input tar stream into w without any modification (e.g. to header bytes).
+//
+// Note that if the input tar stream already contains TOC JSON, this returns
+// error because w cannot overwrite the TOC JSON to the one generated by w without
+// lossy modification. To avoid this error, if the input stream is known to be stargz/estargz,
+// you shoud decompress it and remove TOC JSON in advance.
+func (w *Writer) AppendTarLossLess(r io.Reader) error {
+ return w.appendTar(r, true)
+}
+
+func (w *Writer) appendTar(r io.Reader, lossless bool) error {
+ var src io.Reader
+ br := bufio.NewReader(r)
+ if isGzip(br) {
+ zr, _ := gzip.NewReader(br)
+ src = zr
+ } else {
+ src = io.Reader(br)
+ }
+ dst := currentCompressionWriter{w}
+ var tw *tar.Writer
+ if !lossless {
+ tw = tar.NewWriter(dst) // use tar writer only when this isn't lossless mode.
+ }
+ tr := tar.NewReader(src)
+ if lossless {
+ tr.RawAccounting = true
+ }
+ prevOffset := w.cw.n
+ var prevOffsetUncompressed int64
+ for {
+ h, err := tr.Next()
+ if err == io.EOF {
+ if lossless {
+ if remain := tr.RawBytes(); len(remain) > 0 {
+ // Collect the remaining null bytes.
+ // https://github.com/vbatts/tar-split/blob/80a436fd6164c557b131f7c59ed69bd81af69761/concept/main.go#L49-L53
+ if _, err := dst.Write(remain); err != nil {
+ return err
+ }
+ }
+ }
+ break
+ }
+ if err != nil {
+ return fmt.Errorf("error reading from source tar: tar.Reader.Next: %v", err)
+ }
+ if cleanEntryName(h.Name) == TOCTarName {
+ // It is possible for a layer to be "stargzified" twice during the
+ // distribution lifecycle. So we reserve "TOCTarName" here to avoid
+ // duplicated entries in the resulting layer.
+ if lossless {
+ // We cannot handle this in lossless way.
+ return fmt.Errorf("existing TOC JSON is not allowed; decompress layer before append")
+ }
+ continue
+ }
+
+ xattrs := make(map[string][]byte)
+ const xattrPAXRecordsPrefix = "SCHILY.xattr."
+ if h.PAXRecords != nil {
+ for k, v := range h.PAXRecords {
+ if strings.HasPrefix(k, xattrPAXRecordsPrefix) {
+ xattrs[k[len(xattrPAXRecordsPrefix):]] = []byte(v)
+ }
+ }
+ }
+ ent := &TOCEntry{
+ Name: h.Name,
+ Mode: h.Mode,
+ UID: h.Uid,
+ GID: h.Gid,
+ Uname: w.nameIfChanged(&w.lastUsername, h.Uid, h.Uname),
+ Gname: w.nameIfChanged(&w.lastGroupname, h.Gid, h.Gname),
+ ModTime3339: formatModtime(h.ModTime),
+ Xattrs: xattrs,
+ }
+ if err := w.condOpenGz(); err != nil {
+ return err
+ }
+ if tw != nil {
+ if err := tw.WriteHeader(h); err != nil {
+ return err
+ }
+ } else {
+ if _, err := dst.Write(tr.RawBytes()); err != nil {
+ return err
+ }
+ }
+ switch h.Typeflag {
+ case tar.TypeLink:
+ ent.Type = "hardlink"
+ ent.LinkName = h.Linkname
+ case tar.TypeSymlink:
+ ent.Type = "symlink"
+ ent.LinkName = h.Linkname
+ case tar.TypeDir:
+ ent.Type = "dir"
+ case tar.TypeReg:
+ ent.Type = "reg"
+ ent.Size = h.Size
+ case tar.TypeChar:
+ ent.Type = "char"
+ ent.DevMajor = int(h.Devmajor)
+ ent.DevMinor = int(h.Devminor)
+ case tar.TypeBlock:
+ ent.Type = "block"
+ ent.DevMajor = int(h.Devmajor)
+ ent.DevMinor = int(h.Devminor)
+ case tar.TypeFifo:
+ ent.Type = "fifo"
+ default:
+ return fmt.Errorf("unsupported input tar entry %q", h.Typeflag)
+ }
+
+ // We need to keep a reference to the TOC entry for regular files, so that we
+ // can fill the digest later.
+ var regFileEntry *TOCEntry
+ var payloadDigest digest.Digester
+ if h.Typeflag == tar.TypeReg {
+ regFileEntry = ent
+ payloadDigest = digest.Canonical.Digester()
+ }
+
+ if h.Typeflag == tar.TypeReg && ent.Size > 0 {
+ var written int64
+ totalSize := ent.Size // save it before we destroy ent
+ tee := io.TeeReader(tr, payloadDigest.Hash())
+ for written < totalSize {
+ chunkSize := int64(w.chunkSize())
+ remain := totalSize - written
+ if remain < chunkSize {
+ chunkSize = remain
+ } else {
+ ent.ChunkSize = chunkSize
+ }
+
+ // We flush the underlying compression writer here to correctly calculate "w.cw.n".
+ if err := w.flushGz(); err != nil {
+ return err
+ }
+ if w.needsOpenGz(ent) || w.cw.n-prevOffset >= int64(w.MinChunkSize) {
+ if err := w.closeGz(); err != nil {
+ return err
+ }
+ ent.Offset = w.cw.n
+ prevOffset = ent.Offset
+ prevOffsetUncompressed = w.uncompressedCounter.n
+ } else {
+ ent.Offset = prevOffset
+ ent.InnerOffset = w.uncompressedCounter.n - prevOffsetUncompressed
+ }
+
+ ent.ChunkOffset = written
+ chunkDigest := digest.Canonical.Digester()
+
+ if err := w.condOpenGz(); err != nil {
+ return err
+ }
+
+ teeChunk := io.TeeReader(tee, chunkDigest.Hash())
+ var out io.Writer
+ if tw != nil {
+ out = tw
+ } else {
+ out = dst
+ }
+ if _, err := io.CopyN(out, teeChunk, chunkSize); err != nil {
+ return fmt.Errorf("error copying %q: %v", h.Name, err)
+ }
+ ent.ChunkDigest = chunkDigest.Digest().String()
+ w.toc.Entries = append(w.toc.Entries, ent)
+ written += chunkSize
+ ent = &TOCEntry{
+ Name: h.Name,
+ Type: "chunk",
+ }
+ }
+ } else {
+ w.toc.Entries = append(w.toc.Entries, ent)
+ }
+ if payloadDigest != nil {
+ regFileEntry.Digest = payloadDigest.Digest().String()
+ }
+ if tw != nil {
+ if err := tw.Flush(); err != nil {
+ return err
+ }
+ }
+ }
+ remainDest := io.Discard
+ if lossless {
+ remainDest = dst // Preserve the remaining bytes in lossless mode
+ }
+ _, err := io.Copy(remainDest, src)
+ return err
+}
+
+func (w *Writer) needsOpenGz(ent *TOCEntry) bool {
+ if ent.Type != "reg" {
+ return false
+ }
+ if w.needsOpenGzEntries == nil {
+ return false
+ }
+ _, ok := w.needsOpenGzEntries[ent.Name]
+ return ok
+}
+
+// DiffID returns the SHA-256 of the uncompressed tar bytes.
+// It is only valid to call DiffID after Close.
+func (w *Writer) DiffID() string {
+ return fmt.Sprintf("sha256:%x", w.diffHash.Sum(nil))
+}
+
+func maxFooterSize(blobSize int64, decompressors ...Decompressor) (res int64) {
+ for _, d := range decompressors {
+ if s := d.FooterSize(); res < s && s <= blobSize {
+ res = s
+ }
+ }
+ return
+}
+
+func parseTOC(d Decompressor, sr *io.SectionReader, tocOff, tocSize int64, tocBytes []byte, opts openOpts) (*Reader, error) {
+ if tocOff < 0 {
+ // This means that TOC isn't contained in the blob.
+ // We pass nil reader to ParseTOC and expect that ParseTOC acquire TOC from
+ // the external location.
+ start := time.Now()
+ toc, tocDgst, err := d.ParseTOC(nil)
+ if err != nil {
+ return nil, err
+ }
+ if opts.telemetry != nil && opts.telemetry.GetTocLatency != nil {
+ opts.telemetry.GetTocLatency(start)
+ }
+ if opts.telemetry != nil && opts.telemetry.DeserializeTocLatency != nil {
+ opts.telemetry.DeserializeTocLatency(start)
+ }
+ return &Reader{
+ sr: sr,
+ toc: toc,
+ tocDigest: tocDgst,
+ decompressor: d,
+ }, nil
+ }
+ if len(tocBytes) > 0 {
+ start := time.Now()
+ toc, tocDgst, err := d.ParseTOC(bytes.NewReader(tocBytes))
+ if err == nil {
+ if opts.telemetry != nil && opts.telemetry.DeserializeTocLatency != nil {
+ opts.telemetry.DeserializeTocLatency(start)
+ }
+ return &Reader{
+ sr: sr,
+ toc: toc,
+ tocDigest: tocDgst,
+ decompressor: d,
+ }, nil
+ }
+ }
+
+ start := time.Now()
+ tocBytes = make([]byte, tocSize)
+ if _, err := sr.ReadAt(tocBytes, tocOff); err != nil {
+ return nil, fmt.Errorf("error reading %d byte TOC targz: %v", len(tocBytes), err)
+ }
+ if opts.telemetry != nil && opts.telemetry.GetTocLatency != nil {
+ opts.telemetry.GetTocLatency(start)
+ }
+ start = time.Now()
+ toc, tocDgst, err := d.ParseTOC(bytes.NewReader(tocBytes))
+ if err != nil {
+ return nil, err
+ }
+ if opts.telemetry != nil && opts.telemetry.DeserializeTocLatency != nil {
+ opts.telemetry.DeserializeTocLatency(start)
+ }
+ return &Reader{
+ sr: sr,
+ toc: toc,
+ tocDigest: tocDgst,
+ decompressor: d,
+ }, nil
+}
+
+func formatModtime(t time.Time) string {
+ if t.IsZero() || t.Unix() == 0 {
+ return ""
+ }
+ return t.UTC().Round(time.Second).Format(time.RFC3339)
+}
+
+func cleanEntryName(name string) string {
+ // Use path.Clean to consistently deal with path separators across platforms.
+ return strings.TrimPrefix(path.Clean("/"+name), "/")
+}
+
+// countWriter counts how many bytes have been written to its wrapped
+// io.Writer.
+type countWriter struct {
+ w io.Writer
+ n int64
+}
+
+func (cw *countWriter) Write(p []byte) (n int, err error) {
+ n, err = cw.w.Write(p)
+ cw.n += int64(n)
+ return
+}
+
+type countWriteFlusher struct {
+ io.WriteCloser
+ n int64
+}
+
+func (wc *countWriteFlusher) register(w io.WriteCloser) io.WriteCloser {
+ wc.WriteCloser = w
+ return wc
+}
+
+func (wc *countWriteFlusher) Write(p []byte) (n int, err error) {
+ n, err = wc.WriteCloser.Write(p)
+ wc.n += int64(n)
+ return
+}
+
+func (wc *countWriteFlusher) Flush() error {
+ if f, ok := wc.WriteCloser.(interface {
+ Flush() error
+ }); ok {
+ return f.Flush()
+ }
+ return nil
+}
+
+func (wc *countWriteFlusher) Close() error {
+ err := wc.WriteCloser.Close()
+ wc.WriteCloser = nil
+ return err
+}
+
+// isGzip reports whether br is positioned right before an upcoming gzip stream.
+// It does not consume any bytes from br.
+func isGzip(br *bufio.Reader) bool {
+ const (
+ gzipID1 = 0x1f
+ gzipID2 = 0x8b
+ gzipDeflate = 8
+ )
+ peek, _ := br.Peek(3)
+ return len(peek) >= 3 && peek[0] == gzipID1 && peek[1] == gzipID2 && peek[2] == gzipDeflate
+}
+
+func positive(n int64) int64 {
+ if n < 0 {
+ return 0
+ }
+ return n
+}
+
+type countReader struct {
+ r io.Reader
+ n int64
+}
+
+func (cr *countReader) Read(p []byte) (n int, err error) {
+ n, err = cr.r.Read(p)
+ cr.n += int64(n)
+ return
+}
diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go
new file mode 100644
index 000000000..f24afe32f
--- /dev/null
+++ b/vendor/github.com/containerd/stargz-snapshotter/estargz/gzip.go
@@ -0,0 +1,237 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+/*
+ Copyright 2019 The Go Authors. All rights reserved.
+ Use of this source code is governed by a BSD-style
+ license that can be found in the LICENSE file.
+*/
+
+package estargz
+
+import (
+ "archive/tar"
+ "bytes"
+ "compress/gzip"
+ "encoding/binary"
+ "encoding/json"
+ "fmt"
+ "hash"
+ "io"
+ "strconv"
+
+ digest "github.com/opencontainers/go-digest"
+)
+
+type gzipCompression struct {
+ *GzipCompressor
+ *GzipDecompressor
+}
+
+func newGzipCompressionWithLevel(level int) Compression {
+ return &gzipCompression{
+ &GzipCompressor{level},
+ &GzipDecompressor{},
+ }
+}
+
+func NewGzipCompressor() *GzipCompressor {
+ return &GzipCompressor{gzip.BestCompression}
+}
+
+func NewGzipCompressorWithLevel(level int) *GzipCompressor {
+ return &GzipCompressor{level}
+}
+
+type GzipCompressor struct {
+ compressionLevel int
+}
+
+func (gc *GzipCompressor) Writer(w io.Writer) (WriteFlushCloser, error) {
+ return gzip.NewWriterLevel(w, gc.compressionLevel)
+}
+
+func (gc *GzipCompressor) WriteTOCAndFooter(w io.Writer, off int64, toc *JTOC, diffHash hash.Hash) (digest.Digest, error) {
+ tocJSON, err := json.MarshalIndent(toc, "", "\t")
+ if err != nil {
+ return "", err
+ }
+ gz, _ := gzip.NewWriterLevel(w, gc.compressionLevel)
+ gw := io.Writer(gz)
+ if diffHash != nil {
+ gw = io.MultiWriter(gz, diffHash)
+ }
+ tw := tar.NewWriter(gw)
+ if err := tw.WriteHeader(&tar.Header{
+ Typeflag: tar.TypeReg,
+ Name: TOCTarName,
+ Size: int64(len(tocJSON)),
+ }); err != nil {
+ return "", err
+ }
+ if _, err := tw.Write(tocJSON); err != nil {
+ return "", err
+ }
+
+ if err := tw.Close(); err != nil {
+ return "", err
+ }
+ if err := gz.Close(); err != nil {
+ return "", err
+ }
+ if _, err := w.Write(gzipFooterBytes(off)); err != nil {
+ return "", err
+ }
+ return digest.FromBytes(tocJSON), nil
+}
+
+// gzipFooterBytes returns the 51 bytes footer.
+func gzipFooterBytes(tocOff int64) []byte {
+ buf := bytes.NewBuffer(make([]byte, 0, FooterSize))
+ gz, _ := gzip.NewWriterLevel(buf, gzip.NoCompression) // MUST be NoCompression to keep 51 bytes
+
+ // Extra header indicating the offset of TOCJSON
+ // https://tools.ietf.org/html/rfc1952#section-2.3.1.1
+ header := make([]byte, 4)
+ header[0], header[1] = 'S', 'G'
+ subfield := fmt.Sprintf("%016xSTARGZ", tocOff)
+ binary.LittleEndian.PutUint16(header[2:4], uint16(len(subfield))) // little-endian per RFC1952
+ gz.Header.Extra = append(header, []byte(subfield)...)
+ gz.Close()
+ if buf.Len() != FooterSize {
+ panic(fmt.Sprintf("footer buffer = %d, not %d", buf.Len(), FooterSize))
+ }
+ return buf.Bytes()
+}
+
+type GzipDecompressor struct{}
+
+func (gz *GzipDecompressor) Reader(r io.Reader) (io.ReadCloser, error) {
+ return gzip.NewReader(r)
+}
+
+func (gz *GzipDecompressor) ParseTOC(r io.Reader) (toc *JTOC, tocDgst digest.Digest, err error) {
+ return parseTOCEStargz(r)
+}
+
+func (gz *GzipDecompressor) ParseFooter(p []byte) (blobPayloadSize, tocOffset, tocSize int64, err error) {
+ if len(p) != FooterSize {
+ return 0, 0, 0, fmt.Errorf("invalid length %d cannot be parsed", len(p))
+ }
+ zr, err := gzip.NewReader(bytes.NewReader(p))
+ if err != nil {
+ return 0, 0, 0, err
+ }
+ defer zr.Close()
+ extra := zr.Header.Extra
+ si1, si2, subfieldlen, subfield := extra[0], extra[1], extra[2:4], extra[4:]
+ if si1 != 'S' || si2 != 'G' {
+ return 0, 0, 0, fmt.Errorf("invalid subfield IDs: %q, %q; want E, S", si1, si2)
+ }
+ if slen := binary.LittleEndian.Uint16(subfieldlen); slen != uint16(16+len("STARGZ")) {
+ return 0, 0, 0, fmt.Errorf("invalid length of subfield %d; want %d", slen, 16+len("STARGZ"))
+ }
+ if string(subfield[16:]) != "STARGZ" {
+ return 0, 0, 0, fmt.Errorf("STARGZ magic string must be included in the footer subfield")
+ }
+ tocOffset, err = strconv.ParseInt(string(subfield[:16]), 16, 64)
+ if err != nil {
+ return 0, 0, 0, fmt.Errorf("legacy: failed to parse toc offset: %w", err)
+ }
+ return tocOffset, tocOffset, 0, nil
+}
+
+func (gz *GzipDecompressor) FooterSize() int64 {
+ return FooterSize
+}
+
+func (gz *GzipDecompressor) DecompressTOC(r io.Reader) (tocJSON io.ReadCloser, err error) {
+ return decompressTOCEStargz(r)
+}
+
+type LegacyGzipDecompressor struct{}
+
+func (gz *LegacyGzipDecompressor) Reader(r io.Reader) (io.ReadCloser, error) {
+ return gzip.NewReader(r)
+}
+
+func (gz *LegacyGzipDecompressor) ParseTOC(r io.Reader) (toc *JTOC, tocDgst digest.Digest, err error) {
+ return parseTOCEStargz(r)
+}
+
+func (gz *LegacyGzipDecompressor) ParseFooter(p []byte) (blobPayloadSize, tocOffset, tocSize int64, err error) {
+ if len(p) != legacyFooterSize {
+ return 0, 0, 0, fmt.Errorf("legacy: invalid length %d cannot be parsed", len(p))
+ }
+ zr, err := gzip.NewReader(bytes.NewReader(p))
+ if err != nil {
+ return 0, 0, 0, fmt.Errorf("legacy: failed to get footer gzip reader: %w", err)
+ }
+ defer zr.Close()
+ extra := zr.Header.Extra
+ if len(extra) != 16+len("STARGZ") {
+ return 0, 0, 0, fmt.Errorf("legacy: invalid stargz's extra field size")
+ }
+ if string(extra[16:]) != "STARGZ" {
+ return 0, 0, 0, fmt.Errorf("legacy: magic string STARGZ not found")
+ }
+ tocOffset, err = strconv.ParseInt(string(extra[:16]), 16, 64)
+ if err != nil {
+ return 0, 0, 0, fmt.Errorf("legacy: failed to parse toc offset: %w", err)
+ }
+ return tocOffset, tocOffset, 0, nil
+}
+
+func (gz *LegacyGzipDecompressor) FooterSize() int64 {
+ return legacyFooterSize
+}
+
+func (gz *LegacyGzipDecompressor) DecompressTOC(r io.Reader) (tocJSON io.ReadCloser, err error) {
+ return decompressTOCEStargz(r)
+}
+
+func parseTOCEStargz(r io.Reader) (toc *JTOC, tocDgst digest.Digest, err error) {
+ tr, err := decompressTOCEStargz(r)
+ if err != nil {
+ return nil, "", err
+ }
+ dgstr := digest.Canonical.Digester()
+ toc = new(JTOC)
+ if err := json.NewDecoder(io.TeeReader(tr, dgstr.Hash())).Decode(&toc); err != nil {
+ return nil, "", fmt.Errorf("error decoding TOC JSON: %v", err)
+ }
+ if err := tr.Close(); err != nil {
+ return nil, "", err
+ }
+ return toc, dgstr.Digest(), nil
+}
+
+func decompressTOCEStargz(r io.Reader) (tocJSON io.ReadCloser, err error) {
+ zr, err := gzip.NewReader(r)
+ if err != nil {
+ return nil, fmt.Errorf("malformed TOC gzip header: %v", err)
+ }
+ zr.Multistream(false)
+ tr := tar.NewReader(zr)
+ h, err := tr.Next()
+ if err != nil {
+ return nil, fmt.Errorf("failed to find tar header in TOC gzip stream: %v", err)
+ }
+ if h.Name != TOCTarName {
+ return nil, fmt.Errorf("TOC tar entry had name %q; expected %q", h.Name, TOCTarName)
+ }
+ return readCloser{tr, zr.Close}, nil
+}
diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go
new file mode 100644
index 000000000..0ca6fd75f
--- /dev/null
+++ b/vendor/github.com/containerd/stargz-snapshotter/estargz/testutil.go
@@ -0,0 +1,2366 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+/*
+ Copyright 2019 The Go Authors. All rights reserved.
+ Use of this source code is governed by a BSD-style
+ license that can be found in the LICENSE file.
+*/
+
+package estargz
+
+import (
+ "archive/tar"
+ "bytes"
+ "compress/gzip"
+ "crypto/sha256"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "math/rand"
+ "os"
+ "path/filepath"
+ "reflect"
+ "sort"
+ "strings"
+ "testing"
+ "time"
+
+ "github.com/containerd/stargz-snapshotter/estargz/errorutil"
+ "github.com/klauspost/compress/zstd"
+ digest "github.com/opencontainers/go-digest"
+)
+
+func init() {
+ rand.Seed(time.Now().UnixNano())
+}
+
+// TestingController is Compression with some helper methods necessary for testing.
+type TestingController interface {
+ Compression
+ TestStreams(t *testing.T, b []byte, streams []int64)
+ DiffIDOf(*testing.T, []byte) string
+ String() string
+}
+
+// CompressionTestSuite tests this pkg with controllers can build valid eStargz blobs and parse them.
+func CompressionTestSuite(t *testing.T, controllers ...TestingControllerFactory) {
+ t.Run("testBuild", func(t *testing.T) { t.Parallel(); testBuild(t, controllers...) })
+ t.Run("testDigestAndVerify", func(t *testing.T) { t.Parallel(); testDigestAndVerify(t, controllers...) })
+ t.Run("testWriteAndOpen", func(t *testing.T) { t.Parallel(); testWriteAndOpen(t, controllers...) })
+}
+
+type TestingControllerFactory func() TestingController
+
+const (
+ uncompressedType int = iota
+ gzipType
+ zstdType
+)
+
+var srcCompressions = []int{
+ uncompressedType,
+ gzipType,
+ zstdType,
+}
+
+var allowedPrefix = [4]string{"", "./", "/", "../"}
+
+// testBuild tests the resulting stargz blob built by this pkg has the same
+// contents as the normal stargz blob.
+func testBuild(t *testing.T, controllers ...TestingControllerFactory) {
+ tests := []struct {
+ name string
+ chunkSize int
+ minChunkSize []int
+ in []tarEntry
+ }{
+ {
+ name: "regfiles and directories",
+ chunkSize: 4,
+ in: tarOf(
+ file("foo", "test1"),
+ dir("foo2/"),
+ file("foo2/bar", "test2", xAttr(map[string]string{"test": "sample"})),
+ ),
+ },
+ {
+ name: "empty files",
+ chunkSize: 4,
+ in: tarOf(
+ file("foo", "tttttt"),
+ file("foo_empty", ""),
+ file("foo2", "tttttt"),
+ file("foo_empty2", ""),
+ file("foo3", "tttttt"),
+ file("foo_empty3", ""),
+ file("foo4", "tttttt"),
+ file("foo_empty4", ""),
+ file("foo5", "tttttt"),
+ file("foo_empty5", ""),
+ file("foo6", "tttttt"),
+ ),
+ },
+ {
+ name: "various files",
+ chunkSize: 4,
+ minChunkSize: []int{0, 64000},
+ in: tarOf(
+ file("baz.txt", "bazbazbazbazbazbazbaz"),
+ file("foo1.txt", "a"),
+ file("bar/foo2.txt", "b"),
+ file("foo3.txt", "c"),
+ symlink("barlink", "test/bar.txt"),
+ dir("test/"),
+ dir("dev/"),
+ blockdev("dev/testblock", 3, 4),
+ fifo("dev/testfifo"),
+ chardev("dev/testchar1", 5, 6),
+ file("test/bar.txt", "testbartestbar", xAttr(map[string]string{"test2": "sample2"})),
+ dir("test2/"),
+ link("test2/bazlink", "baz.txt"),
+ chardev("dev/testchar2", 1, 2),
+ ),
+ },
+ {
+ name: "no contents",
+ chunkSize: 4,
+ in: tarOf(
+ file("baz.txt", ""),
+ symlink("barlink", "test/bar.txt"),
+ dir("test/"),
+ dir("dev/"),
+ blockdev("dev/testblock", 3, 4),
+ fifo("dev/testfifo"),
+ chardev("dev/testchar1", 5, 6),
+ file("test/bar.txt", "", xAttr(map[string]string{"test2": "sample2"})),
+ dir("test2/"),
+ link("test2/bazlink", "baz.txt"),
+ chardev("dev/testchar2", 1, 2),
+ ),
+ },
+ }
+ for _, tt := range tests {
+ if len(tt.minChunkSize) == 0 {
+ tt.minChunkSize = []int{0}
+ }
+ for _, srcCompression := range srcCompressions {
+ srcCompression := srcCompression
+ for _, newCL := range controllers {
+ newCL := newCL
+ for _, srcTarFormat := range []tar.Format{tar.FormatUSTAR, tar.FormatPAX, tar.FormatGNU} {
+ srcTarFormat := srcTarFormat
+ for _, prefix := range allowedPrefix {
+ prefix := prefix
+ for _, minChunkSize := range tt.minChunkSize {
+ minChunkSize := minChunkSize
+ t.Run(tt.name+"-"+fmt.Sprintf("compression=%v,prefix=%q,src=%d,format=%s,minChunkSize=%d", newCL(), prefix, srcCompression, srcTarFormat, minChunkSize), func(t *testing.T) {
+ tarBlob := buildTar(t, tt.in, prefix, srcTarFormat)
+ // Test divideEntries()
+ entries, err := sortEntries(tarBlob, nil, nil) // identical order
+ if err != nil {
+ t.Fatalf("failed to parse tar: %v", err)
+ }
+ var merged []*entry
+ for _, part := range divideEntries(entries, 4) {
+ merged = append(merged, part...)
+ }
+ if !reflect.DeepEqual(entries, merged) {
+ for _, e := range entries {
+ t.Logf("Original: %v", e.header)
+ }
+ for _, e := range merged {
+ t.Logf("Merged: %v", e.header)
+ }
+ t.Errorf("divided entries couldn't be merged")
+ return
+ }
+
+ // Prepare sample data
+ cl1 := newCL()
+ wantBuf := new(bytes.Buffer)
+ sw := NewWriterWithCompressor(wantBuf, cl1)
+ sw.MinChunkSize = minChunkSize
+ sw.ChunkSize = tt.chunkSize
+ if err := sw.AppendTar(tarBlob); err != nil {
+ t.Fatalf("failed to append tar to want stargz: %v", err)
+ }
+ if _, err := sw.Close(); err != nil {
+ t.Fatalf("failed to prepare want stargz: %v", err)
+ }
+ wantData := wantBuf.Bytes()
+ want, err := Open(io.NewSectionReader(
+ bytes.NewReader(wantData), 0, int64(len(wantData))),
+ WithDecompressors(cl1),
+ )
+ if err != nil {
+ t.Fatalf("failed to parse the want stargz: %v", err)
+ }
+
+ // Prepare testing data
+ var opts []Option
+ if minChunkSize > 0 {
+ opts = append(opts, WithMinChunkSize(minChunkSize))
+ }
+ cl2 := newCL()
+ rc, err := Build(compressBlob(t, tarBlob, srcCompression),
+ append(opts, WithChunkSize(tt.chunkSize), WithCompression(cl2))...)
+ if err != nil {
+ t.Fatalf("failed to build stargz: %v", err)
+ }
+ defer rc.Close()
+ gotBuf := new(bytes.Buffer)
+ if _, err := io.Copy(gotBuf, rc); err != nil {
+ t.Fatalf("failed to copy built stargz blob: %v", err)
+ }
+ gotData := gotBuf.Bytes()
+ got, err := Open(io.NewSectionReader(
+ bytes.NewReader(gotBuf.Bytes()), 0, int64(len(gotData))),
+ WithDecompressors(cl2),
+ )
+ if err != nil {
+ t.Fatalf("failed to parse the got stargz: %v", err)
+ }
+
+ // Check DiffID is properly calculated
+ rc.Close()
+ diffID := rc.DiffID()
+ wantDiffID := cl2.DiffIDOf(t, gotData)
+ if diffID.String() != wantDiffID {
+ t.Errorf("DiffID = %q; want %q", diffID, wantDiffID)
+ }
+
+ // Compare as stargz
+ if !isSameVersion(t, cl1, wantData, cl2, gotData) {
+ t.Errorf("built stargz hasn't same json")
+ return
+ }
+ if !isSameEntries(t, want, got) {
+ t.Errorf("built stargz isn't same as the original")
+ return
+ }
+
+ // Compare as tar.gz
+ if !isSameTarGz(t, cl1, wantData, cl2, gotData) {
+ t.Errorf("built stargz isn't same tar.gz")
+ return
+ }
+ })
+ }
+ }
+ }
+ }
+ }
+ }
+}
+
+func isSameTarGz(t *testing.T, cla TestingController, a []byte, clb TestingController, b []byte) bool {
+ aGz, err := cla.Reader(bytes.NewReader(a))
+ if err != nil {
+ t.Fatalf("failed to read A")
+ }
+ defer aGz.Close()
+ bGz, err := clb.Reader(bytes.NewReader(b))
+ if err != nil {
+ t.Fatalf("failed to read B")
+ }
+ defer bGz.Close()
+
+ // Same as tar's Next() method but ignores landmarks and TOCJSON file
+ next := func(r *tar.Reader) (h *tar.Header, err error) {
+ for {
+ if h, err = r.Next(); err != nil {
+ return
+ }
+ if h.Name != PrefetchLandmark &&
+ h.Name != NoPrefetchLandmark &&
+ h.Name != TOCTarName {
+ return
+ }
+ }
+ }
+
+ aTar := tar.NewReader(aGz)
+ bTar := tar.NewReader(bGz)
+ for {
+ // Fetch and parse next header.
+ aH, aErr := next(aTar)
+ bH, bErr := next(bTar)
+ if aErr != nil || bErr != nil {
+ if aErr == io.EOF && bErr == io.EOF {
+ break
+ }
+ t.Fatalf("Failed to parse tar file: A: %v, B: %v", aErr, bErr)
+ }
+ if !reflect.DeepEqual(aH, bH) {
+ t.Logf("different header (A = %v; B = %v)", aH, bH)
+ return false
+
+ }
+ aFile, err := io.ReadAll(aTar)
+ if err != nil {
+ t.Fatal("failed to read tar payload of A")
+ }
+ bFile, err := io.ReadAll(bTar)
+ if err != nil {
+ t.Fatal("failed to read tar payload of B")
+ }
+ if !bytes.Equal(aFile, bFile) {
+ t.Logf("different tar payload (A = %q; B = %q)", string(a), string(b))
+ return false
+ }
+ }
+
+ return true
+}
+
+func isSameVersion(t *testing.T, cla TestingController, a []byte, clb TestingController, b []byte) bool {
+ aJTOC, _, err := parseStargz(io.NewSectionReader(bytes.NewReader(a), 0, int64(len(a))), cla)
+ if err != nil {
+ t.Fatalf("failed to parse A: %v", err)
+ }
+ bJTOC, _, err := parseStargz(io.NewSectionReader(bytes.NewReader(b), 0, int64(len(b))), clb)
+ if err != nil {
+ t.Fatalf("failed to parse B: %v", err)
+ }
+ t.Logf("A: TOCJSON: %v", dumpTOCJSON(t, aJTOC))
+ t.Logf("B: TOCJSON: %v", dumpTOCJSON(t, bJTOC))
+ return aJTOC.Version == bJTOC.Version
+}
+
+func isSameEntries(t *testing.T, a, b *Reader) bool {
+ aroot, ok := a.Lookup("")
+ if !ok {
+ t.Fatalf("failed to get root of A")
+ }
+ broot, ok := b.Lookup("")
+ if !ok {
+ t.Fatalf("failed to get root of B")
+ }
+ aEntry := stargzEntry{aroot, a}
+ bEntry := stargzEntry{broot, b}
+ return contains(t, aEntry, bEntry) && contains(t, bEntry, aEntry)
+}
+
+func compressBlob(t *testing.T, src *io.SectionReader, srcCompression int) *io.SectionReader {
+ buf := new(bytes.Buffer)
+ var w io.WriteCloser
+ var err error
+ if srcCompression == gzipType {
+ w = gzip.NewWriter(buf)
+ } else if srcCompression == zstdType {
+ w, err = zstd.NewWriter(buf)
+ if err != nil {
+ t.Fatalf("failed to init zstd writer: %v", err)
+ }
+ } else {
+ return src
+ }
+ src.Seek(0, io.SeekStart)
+ if _, err := io.Copy(w, src); err != nil {
+ t.Fatalf("failed to compress source")
+ }
+ if err := w.Close(); err != nil {
+ t.Fatalf("failed to finalize compress source")
+ }
+ data := buf.Bytes()
+ return io.NewSectionReader(bytes.NewReader(data), 0, int64(len(data)))
+
+}
+
+type stargzEntry struct {
+ e *TOCEntry
+ r *Reader
+}
+
+// contains checks if all child entries in "b" are also contained in "a".
+// This function also checks if the files/chunks contain the same contents among "a" and "b".
+func contains(t *testing.T, a, b stargzEntry) bool {
+ ae, ar := a.e, a.r
+ be, br := b.e, b.r
+ t.Logf("Comparing: %q vs %q", ae.Name, be.Name)
+ if !equalEntry(ae, be) {
+ t.Logf("%q != %q: entry: a: %v, b: %v", ae.Name, be.Name, ae, be)
+ return false
+ }
+ if ae.Type == "dir" {
+ t.Logf("Directory: %q vs %q: %v vs %v", ae.Name, be.Name,
+ allChildrenName(ae), allChildrenName(be))
+ iscontain := true
+ ae.ForeachChild(func(aBaseName string, aChild *TOCEntry) bool {
+ // Walk through all files on this stargz file.
+
+ if aChild.Name == PrefetchLandmark ||
+ aChild.Name == NoPrefetchLandmark {
+ return true // Ignore landmarks
+ }
+
+ // Ignore a TOCEntry of "./" (formated as "" by stargz lib) on root directory
+ // because this points to the root directory itself.
+ if aChild.Name == "" && ae.Name == "" {
+ return true
+ }
+
+ bChild, ok := be.LookupChild(aBaseName)
+ if !ok {
+ t.Logf("%q (base: %q): not found in b: %v",
+ ae.Name, aBaseName, allChildrenName(be))
+ iscontain = false
+ return false
+ }
+
+ childcontain := contains(t, stargzEntry{aChild, a.r}, stargzEntry{bChild, b.r})
+ if !childcontain {
+ t.Logf("%q != %q: non-equal dir", ae.Name, be.Name)
+ iscontain = false
+ return false
+ }
+ return true
+ })
+ return iscontain
+ } else if ae.Type == "reg" {
+ af, err := ar.OpenFile(ae.Name)
+ if err != nil {
+ t.Fatalf("failed to open file %q on A: %v", ae.Name, err)
+ }
+ bf, err := br.OpenFile(be.Name)
+ if err != nil {
+ t.Fatalf("failed to open file %q on B: %v", be.Name, err)
+ }
+
+ var nr int64
+ for nr < ae.Size {
+ abytes, anext, aok := readOffset(t, af, nr, a)
+ bbytes, bnext, bok := readOffset(t, bf, nr, b)
+ if !aok && !bok {
+ break
+ } else if !(aok && bok) || anext != bnext {
+ t.Logf("%q != %q (offset=%d): chunk existence a=%v vs b=%v, anext=%v vs bnext=%v",
+ ae.Name, be.Name, nr, aok, bok, anext, bnext)
+ return false
+ }
+ nr = anext
+ if !bytes.Equal(abytes, bbytes) {
+ t.Logf("%q != %q: different contents %v vs %v",
+ ae.Name, be.Name, string(abytes), string(bbytes))
+ return false
+ }
+ }
+ return true
+ }
+
+ return true
+}
+
+func allChildrenName(e *TOCEntry) (children []string) {
+ e.ForeachChild(func(baseName string, _ *TOCEntry) bool {
+ children = append(children, baseName)
+ return true
+ })
+ return
+}
+
+func equalEntry(a, b *TOCEntry) bool {
+ // Here, we selectively compare fileds that we are interested in.
+ return a.Name == b.Name &&
+ a.Type == b.Type &&
+ a.Size == b.Size &&
+ a.ModTime3339 == b.ModTime3339 &&
+ a.Stat().ModTime().Equal(b.Stat().ModTime()) && // modTime time.Time
+ a.LinkName == b.LinkName &&
+ a.Mode == b.Mode &&
+ a.UID == b.UID &&
+ a.GID == b.GID &&
+ a.Uname == b.Uname &&
+ a.Gname == b.Gname &&
+ (a.Offset >= 0) == (b.Offset >= 0) &&
+ (a.NextOffset() > 0) == (b.NextOffset() > 0) &&
+ a.DevMajor == b.DevMajor &&
+ a.DevMinor == b.DevMinor &&
+ a.NumLink == b.NumLink &&
+ reflect.DeepEqual(a.Xattrs, b.Xattrs) &&
+ // chunk-related infomations aren't compared in this function.
+ // ChunkOffset int64 `json:"chunkOffset,omitempty"`
+ // ChunkSize int64 `json:"chunkSize,omitempty"`
+ // children map[string]*TOCEntry
+ a.Digest == b.Digest
+}
+
+func readOffset(t *testing.T, r *io.SectionReader, offset int64, e stargzEntry) ([]byte, int64, bool) {
+ ce, ok := e.r.ChunkEntryForOffset(e.e.Name, offset)
+ if !ok {
+ return nil, 0, false
+ }
+ data := make([]byte, ce.ChunkSize)
+ t.Logf("Offset: %v, NextOffset: %v", ce.Offset, ce.NextOffset())
+ n, err := r.ReadAt(data, ce.ChunkOffset)
+ if err != nil {
+ t.Fatalf("failed to read file payload of %q (offset:%d,size:%d): %v",
+ e.e.Name, ce.ChunkOffset, ce.ChunkSize, err)
+ }
+ if int64(n) != ce.ChunkSize {
+ t.Fatalf("unexpected copied data size %d; want %d",
+ n, ce.ChunkSize)
+ }
+ return data[:n], offset + ce.ChunkSize, true
+}
+
+func dumpTOCJSON(t *testing.T, tocJSON *JTOC) string {
+ jtocData, err := json.Marshal(*tocJSON)
+ if err != nil {
+ t.Fatalf("failed to marshal TOC JSON: %v", err)
+ }
+ buf := new(bytes.Buffer)
+ if _, err := io.Copy(buf, bytes.NewReader(jtocData)); err != nil {
+ t.Fatalf("failed to read toc json blob: %v", err)
+ }
+ return buf.String()
+}
+
+const chunkSize = 3
+
+// type check func(t *testing.T, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, compressionLevel int)
+type check func(t *testing.T, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory)
+
+// testDigestAndVerify runs specified checks against sample stargz blobs.
+func testDigestAndVerify(t *testing.T, controllers ...TestingControllerFactory) {
+ tests := []struct {
+ name string
+ tarInit func(t *testing.T, dgstMap map[string]digest.Digest) (blob []tarEntry)
+ checks []check
+ minChunkSize []int
+ }{
+ {
+ name: "no-regfile",
+ tarInit: func(t *testing.T, dgstMap map[string]digest.Digest) (blob []tarEntry) {
+ return tarOf(
+ dir("test/"),
+ )
+ },
+ checks: []check{
+ checkStargzTOC,
+ checkVerifyTOC,
+ checkVerifyInvalidStargzFail(buildTar(t, tarOf(
+ dir("test2/"), // modified
+ ), allowedPrefix[0])),
+ },
+ },
+ {
+ name: "small-files",
+ tarInit: func(t *testing.T, dgstMap map[string]digest.Digest) (blob []tarEntry) {
+ return tarOf(
+ regDigest(t, "baz.txt", "", dgstMap),
+ regDigest(t, "foo.txt", "a", dgstMap),
+ dir("test/"),
+ regDigest(t, "test/bar.txt", "bbb", dgstMap),
+ )
+ },
+ minChunkSize: []int{0, 64000},
+ checks: []check{
+ checkStargzTOC,
+ checkVerifyTOC,
+ checkVerifyInvalidStargzFail(buildTar(t, tarOf(
+ file("baz.txt", ""),
+ file("foo.txt", "M"), // modified
+ dir("test/"),
+ file("test/bar.txt", "bbb"),
+ ), allowedPrefix[0])),
+ // checkVerifyInvalidTOCEntryFail("foo.txt"), // TODO
+ checkVerifyBrokenContentFail("foo.txt"),
+ },
+ },
+ {
+ name: "big-files",
+ tarInit: func(t *testing.T, dgstMap map[string]digest.Digest) (blob []tarEntry) {
+ return tarOf(
+ regDigest(t, "baz.txt", "bazbazbazbazbazbazbaz", dgstMap),
+ regDigest(t, "foo.txt", "a", dgstMap),
+ dir("test/"),
+ regDigest(t, "test/bar.txt", "testbartestbar", dgstMap),
+ )
+ },
+ checks: []check{
+ checkStargzTOC,
+ checkVerifyTOC,
+ checkVerifyInvalidStargzFail(buildTar(t, tarOf(
+ file("baz.txt", "bazbazbazMMMbazbazbaz"), // modified
+ file("foo.txt", "a"),
+ dir("test/"),
+ file("test/bar.txt", "testbartestbar"),
+ ), allowedPrefix[0])),
+ checkVerifyInvalidTOCEntryFail("test/bar.txt"),
+ checkVerifyBrokenContentFail("test/bar.txt"),
+ },
+ },
+ {
+ name: "with-non-regfiles",
+ minChunkSize: []int{0, 64000},
+ tarInit: func(t *testing.T, dgstMap map[string]digest.Digest) (blob []tarEntry) {
+ return tarOf(
+ regDigest(t, "baz.txt", "bazbazbazbazbazbazbaz", dgstMap),
+ regDigest(t, "foo.txt", "a", dgstMap),
+ regDigest(t, "bar/foo2.txt", "b", dgstMap),
+ regDigest(t, "foo3.txt", "c", dgstMap),
+ symlink("barlink", "test/bar.txt"),
+ dir("test/"),
+ regDigest(t, "test/bar.txt", "testbartestbar", dgstMap),
+ dir("test2/"),
+ link("test2/bazlink", "baz.txt"),
+ )
+ },
+ checks: []check{
+ checkStargzTOC,
+ checkVerifyTOC,
+ checkVerifyInvalidStargzFail(buildTar(t, tarOf(
+ file("baz.txt", "bazbazbazbazbazbazbaz"),
+ file("foo.txt", "a"),
+ file("bar/foo2.txt", "b"),
+ file("foo3.txt", "c"),
+ symlink("barlink", "test/bar.txt"),
+ dir("test/"),
+ file("test/bar.txt", "testbartestbar"),
+ dir("test2/"),
+ link("test2/bazlink", "foo.txt"), // modified
+ ), allowedPrefix[0])),
+ checkVerifyInvalidTOCEntryFail("test/bar.txt"),
+ checkVerifyBrokenContentFail("test/bar.txt"),
+ },
+ },
+ }
+
+ for _, tt := range tests {
+ if len(tt.minChunkSize) == 0 {
+ tt.minChunkSize = []int{0}
+ }
+ for _, srcCompression := range srcCompressions {
+ srcCompression := srcCompression
+ for _, newCL := range controllers {
+ newCL := newCL
+ for _, prefix := range allowedPrefix {
+ prefix := prefix
+ for _, srcTarFormat := range []tar.Format{tar.FormatUSTAR, tar.FormatPAX, tar.FormatGNU} {
+ srcTarFormat := srcTarFormat
+ for _, minChunkSize := range tt.minChunkSize {
+ minChunkSize := minChunkSize
+ t.Run(tt.name+"-"+fmt.Sprintf("compression=%v,prefix=%q,format=%s,minChunkSize=%d", newCL(), prefix, srcTarFormat, minChunkSize), func(t *testing.T) {
+ // Get original tar file and chunk digests
+ dgstMap := make(map[string]digest.Digest)
+ tarBlob := buildTar(t, tt.tarInit(t, dgstMap), prefix, srcTarFormat)
+
+ cl := newCL()
+ rc, err := Build(compressBlob(t, tarBlob, srcCompression),
+ WithChunkSize(chunkSize), WithCompression(cl))
+ if err != nil {
+ t.Fatalf("failed to convert stargz: %v", err)
+ }
+ tocDigest := rc.TOCDigest()
+ defer rc.Close()
+ buf := new(bytes.Buffer)
+ if _, err := io.Copy(buf, rc); err != nil {
+ t.Fatalf("failed to copy built stargz blob: %v", err)
+ }
+ newStargz := buf.Bytes()
+ // NoPrefetchLandmark is added during `Bulid`, which is expected behaviour.
+ dgstMap[chunkID(NoPrefetchLandmark, 0, int64(len([]byte{landmarkContents})))] = digest.FromBytes([]byte{landmarkContents})
+
+ for _, check := range tt.checks {
+ check(t, newStargz, tocDigest, dgstMap, cl, newCL)
+ }
+ })
+ }
+ }
+ }
+ }
+ }
+ }
+}
+
+// checkStargzTOC checks the TOC JSON of the passed stargz has the expected
+// digest and contains valid chunks. It walks all entries in the stargz and
+// checks all chunk digests stored to the TOC JSON match the actual contents.
+func checkStargzTOC(t *testing.T, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory) {
+ sgz, err := Open(
+ io.NewSectionReader(bytes.NewReader(sgzData), 0, int64(len(sgzData))),
+ WithDecompressors(controller),
+ )
+ if err != nil {
+ t.Errorf("failed to parse converted stargz: %v", err)
+ return
+ }
+ digestMapTOC, err := listDigests(io.NewSectionReader(
+ bytes.NewReader(sgzData), 0, int64(len(sgzData))),
+ controller,
+ )
+ if err != nil {
+ t.Fatalf("failed to list digest: %v", err)
+ }
+ found := make(map[string]bool)
+ for id := range dgstMap {
+ found[id] = false
+ }
+ zr, err := controller.Reader(bytes.NewReader(sgzData))
+ if err != nil {
+ t.Fatalf("failed to decompress converted stargz: %v", err)
+ }
+ defer zr.Close()
+ tr := tar.NewReader(zr)
+ for {
+ h, err := tr.Next()
+ if err != nil {
+ if err != io.EOF {
+ t.Errorf("failed to read tar entry: %v", err)
+ return
+ }
+ break
+ }
+ if h.Name == TOCTarName {
+ // Check the digest of TOC JSON based on the actual contents
+ // It's sure that TOC JSON exists in this archive because
+ // Open succeeded.
+ dgstr := digest.Canonical.Digester()
+ if _, err := io.Copy(dgstr.Hash(), tr); err != nil {
+ t.Fatalf("failed to calculate digest of TOC JSON: %v",
+ err)
+ }
+ if dgstr.Digest() != tocDigest {
+ t.Errorf("invalid TOC JSON %q; want %q", tocDigest, dgstr.Digest())
+ }
+ continue
+ }
+ if _, ok := sgz.Lookup(h.Name); !ok {
+ t.Errorf("lost stargz entry %q in the converted TOC", h.Name)
+ return
+ }
+ var n int64
+ for n < h.Size {
+ ce, ok := sgz.ChunkEntryForOffset(h.Name, n)
+ if !ok {
+ t.Errorf("lost chunk %q(offset=%d) in the converted TOC",
+ h.Name, n)
+ return
+ }
+
+ // Get the original digest to make sure the file contents are kept unchanged
+ // from the original tar, during the whole conversion steps.
+ id := chunkID(h.Name, n, ce.ChunkSize)
+ want, ok := dgstMap[id]
+ if !ok {
+ t.Errorf("Unexpected chunk %q(offset=%d,size=%d): %v",
+ h.Name, n, ce.ChunkSize, dgstMap)
+ return
+ }
+ found[id] = true
+
+ // Check the file contents
+ dgstr := digest.Canonical.Digester()
+ if _, err := io.CopyN(dgstr.Hash(), tr, ce.ChunkSize); err != nil {
+ t.Fatalf("failed to calculate digest of %q (offset=%d,size=%d)",
+ h.Name, n, ce.ChunkSize)
+ }
+ if want != dgstr.Digest() {
+ t.Errorf("Invalid contents in converted stargz %q: %q; want %q",
+ h.Name, dgstr.Digest(), want)
+ return
+ }
+
+ // Check the digest stored in TOC JSON
+ dgstTOC, ok := digestMapTOC[ce.Offset]
+ if !ok {
+ t.Errorf("digest of %q(offset=%d,size=%d,chunkOffset=%d) isn't registered",
+ h.Name, ce.Offset, ce.ChunkSize, ce.ChunkOffset)
+ }
+ if want != dgstTOC {
+ t.Errorf("Invalid digest in TOCEntry %q: %q; want %q",
+ h.Name, dgstTOC, want)
+ return
+ }
+
+ n += ce.ChunkSize
+ }
+ }
+
+ for id, ok := range found {
+ if !ok {
+ t.Errorf("required chunk %q not found in the converted stargz: %v", id, found)
+ }
+ }
+}
+
+// checkVerifyTOC checks the verification works for the TOC JSON of the passed
+// stargz. It walks all entries in the stargz and checks the verifications for
+// all chunks work.
+func checkVerifyTOC(t *testing.T, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory) {
+ sgz, err := Open(
+ io.NewSectionReader(bytes.NewReader(sgzData), 0, int64(len(sgzData))),
+ WithDecompressors(controller),
+ )
+ if err != nil {
+ t.Errorf("failed to parse converted stargz: %v", err)
+ return
+ }
+ ev, err := sgz.VerifyTOC(tocDigest)
+ if err != nil {
+ t.Errorf("failed to verify stargz: %v", err)
+ return
+ }
+
+ found := make(map[string]bool)
+ for id := range dgstMap {
+ found[id] = false
+ }
+ zr, err := controller.Reader(bytes.NewReader(sgzData))
+ if err != nil {
+ t.Fatalf("failed to decompress converted stargz: %v", err)
+ }
+ defer zr.Close()
+ tr := tar.NewReader(zr)
+ for {
+ h, err := tr.Next()
+ if err != nil {
+ if err != io.EOF {
+ t.Errorf("failed to read tar entry: %v", err)
+ return
+ }
+ break
+ }
+ if h.Name == TOCTarName {
+ continue
+ }
+ if _, ok := sgz.Lookup(h.Name); !ok {
+ t.Errorf("lost stargz entry %q in the converted TOC", h.Name)
+ return
+ }
+ var n int64
+ for n < h.Size {
+ ce, ok := sgz.ChunkEntryForOffset(h.Name, n)
+ if !ok {
+ t.Errorf("lost chunk %q(offset=%d) in the converted TOC",
+ h.Name, n)
+ return
+ }
+
+ v, err := ev.Verifier(ce)
+ if err != nil {
+ t.Errorf("failed to get verifier for %q(offset=%d)", h.Name, n)
+ }
+
+ found[chunkID(h.Name, n, ce.ChunkSize)] = true
+
+ // Check the file contents
+ if _, err := io.CopyN(v, tr, ce.ChunkSize); err != nil {
+ t.Fatalf("failed to get chunk of %q (offset=%d,size=%d)",
+ h.Name, n, ce.ChunkSize)
+ }
+ if !v.Verified() {
+ t.Errorf("Invalid contents in converted stargz %q (should be succeeded)",
+ h.Name)
+ return
+ }
+ n += ce.ChunkSize
+ }
+ }
+
+ for id, ok := range found {
+ if !ok {
+ t.Errorf("required chunk %q not found in the converted stargz: %v", id, found)
+ }
+ }
+}
+
+// checkVerifyInvalidTOCEntryFail checks if misconfigured TOC JSON can be
+// detected during the verification and the verification returns an error.
+func checkVerifyInvalidTOCEntryFail(filename string) check {
+ return func(t *testing.T, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory) {
+ funcs := map[string]rewriteFunc{
+ "lost digest in a entry": func(t *testing.T, toc *JTOC, sgz *io.SectionReader) {
+ var found bool
+ for _, e := range toc.Entries {
+ if cleanEntryName(e.Name) == filename {
+ if e.Type != "reg" && e.Type != "chunk" {
+ t.Fatalf("entry %q to break must be regfile or chunk", filename)
+ }
+ if e.ChunkDigest == "" {
+ t.Fatalf("entry %q is already invalid", filename)
+ }
+ e.ChunkDigest = ""
+ found = true
+ }
+ }
+ if !found {
+ t.Fatalf("rewrite target not found")
+ }
+ },
+ "duplicated entry offset": func(t *testing.T, toc *JTOC, sgz *io.SectionReader) {
+ var (
+ sampleEntry *TOCEntry
+ targetEntry *TOCEntry
+ )
+ for _, e := range toc.Entries {
+ if e.Type == "reg" || e.Type == "chunk" {
+ if cleanEntryName(e.Name) == filename {
+ targetEntry = e
+ } else {
+ sampleEntry = e
+ }
+ }
+ }
+ if sampleEntry == nil {
+ t.Fatalf("TOC must contain at least one regfile or chunk entry other than the rewrite target")
+ }
+ if targetEntry == nil {
+ t.Fatalf("rewrite target not found")
+ }
+ targetEntry.Offset = sampleEntry.Offset
+ },
+ }
+
+ for name, rFunc := range funcs {
+ t.Run(name, func(t *testing.T) {
+ newSgz, newTocDigest := rewriteTOCJSON(t, io.NewSectionReader(bytes.NewReader(sgzData), 0, int64(len(sgzData))), rFunc, controller)
+ buf := new(bytes.Buffer)
+ if _, err := io.Copy(buf, newSgz); err != nil {
+ t.Fatalf("failed to get converted stargz")
+ }
+ isgz := buf.Bytes()
+
+ sgz, err := Open(
+ io.NewSectionReader(bytes.NewReader(isgz), 0, int64(len(isgz))),
+ WithDecompressors(controller),
+ )
+ if err != nil {
+ t.Fatalf("failed to parse converted stargz: %v", err)
+ return
+ }
+ _, err = sgz.VerifyTOC(newTocDigest)
+ if err == nil {
+ t.Errorf("must fail for invalid TOC")
+ return
+ }
+ })
+ }
+ }
+}
+
+// checkVerifyInvalidStargzFail checks if the verification detects that the
+// given stargz file doesn't match to the expected digest and returns error.
+func checkVerifyInvalidStargzFail(invalid *io.SectionReader) check {
+ return func(t *testing.T, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory) {
+ cl := newController()
+ rc, err := Build(invalid, WithChunkSize(chunkSize), WithCompression(cl))
+ if err != nil {
+ t.Fatalf("failed to convert stargz: %v", err)
+ }
+ defer rc.Close()
+ buf := new(bytes.Buffer)
+ if _, err := io.Copy(buf, rc); err != nil {
+ t.Fatalf("failed to copy built stargz blob: %v", err)
+ }
+ mStargz := buf.Bytes()
+
+ sgz, err := Open(
+ io.NewSectionReader(bytes.NewReader(mStargz), 0, int64(len(mStargz))),
+ WithDecompressors(cl),
+ )
+ if err != nil {
+ t.Fatalf("failed to parse converted stargz: %v", err)
+ return
+ }
+ _, err = sgz.VerifyTOC(tocDigest)
+ if err == nil {
+ t.Errorf("must fail for invalid TOC")
+ return
+ }
+ }
+}
+
+// checkVerifyBrokenContentFail checks if the verifier detects broken contents
+// that doesn't match to the expected digest and returns error.
+func checkVerifyBrokenContentFail(filename string) check {
+ return func(t *testing.T, sgzData []byte, tocDigest digest.Digest, dgstMap map[string]digest.Digest, controller TestingController, newController TestingControllerFactory) {
+ // Parse stargz file
+ sgz, err := Open(
+ io.NewSectionReader(bytes.NewReader(sgzData), 0, int64(len(sgzData))),
+ WithDecompressors(controller),
+ )
+ if err != nil {
+ t.Fatalf("failed to parse converted stargz: %v", err)
+ return
+ }
+ ev, err := sgz.VerifyTOC(tocDigest)
+ if err != nil {
+ t.Fatalf("failed to verify stargz: %v", err)
+ return
+ }
+
+ // Open the target file
+ sr, err := sgz.OpenFile(filename)
+ if err != nil {
+ t.Fatalf("failed to open file %q", filename)
+ }
+ ce, ok := sgz.ChunkEntryForOffset(filename, 0)
+ if !ok {
+ t.Fatalf("lost chunk %q(offset=%d) in the converted TOC", filename, 0)
+ return
+ }
+ if ce.ChunkSize == 0 {
+ t.Fatalf("file mustn't be empty")
+ return
+ }
+ data := make([]byte, ce.ChunkSize)
+ if _, err := sr.ReadAt(data, ce.ChunkOffset); err != nil {
+ t.Errorf("failed to get data of a chunk of %q(offset=%q)",
+ filename, ce.ChunkOffset)
+ }
+
+ // Check the broken chunk (must fail)
+ v, err := ev.Verifier(ce)
+ if err != nil {
+ t.Fatalf("failed to get verifier for %q", filename)
+ }
+ broken := append([]byte{^data[0]}, data[1:]...)
+ if _, err := io.CopyN(v, bytes.NewReader(broken), ce.ChunkSize); err != nil {
+ t.Fatalf("failed to get chunk of %q (offset=%d,size=%d)",
+ filename, ce.ChunkOffset, ce.ChunkSize)
+ }
+ if v.Verified() {
+ t.Errorf("verification must fail for broken file chunk %q(org:%q,broken:%q)",
+ filename, data, broken)
+ }
+ }
+}
+
+func chunkID(name string, offset, size int64) string {
+ return fmt.Sprintf("%s-%d-%d", cleanEntryName(name), offset, size)
+}
+
+type rewriteFunc func(t *testing.T, toc *JTOC, sgz *io.SectionReader)
+
+func rewriteTOCJSON(t *testing.T, sgz *io.SectionReader, rewrite rewriteFunc, controller TestingController) (newSgz io.Reader, tocDigest digest.Digest) {
+ decodedJTOC, jtocOffset, err := parseStargz(sgz, controller)
+ if err != nil {
+ t.Fatalf("failed to extract TOC JSON: %v", err)
+ }
+
+ rewrite(t, decodedJTOC, sgz)
+
+ tocFooter, tocDigest, err := tocAndFooter(controller, decodedJTOC, jtocOffset)
+ if err != nil {
+ t.Fatalf("failed to create toc and footer: %v", err)
+ }
+
+ // Reconstruct stargz file with the modified TOC JSON
+ if _, err := sgz.Seek(0, io.SeekStart); err != nil {
+ t.Fatalf("failed to reset the seek position of stargz: %v", err)
+ }
+ return io.MultiReader(
+ io.LimitReader(sgz, jtocOffset), // Original stargz (before TOC JSON)
+ tocFooter, // Rewritten TOC and footer
+ ), tocDigest
+}
+
+func listDigests(sgz *io.SectionReader, controller TestingController) (map[int64]digest.Digest, error) {
+ decodedJTOC, _, err := parseStargz(sgz, controller)
+ if err != nil {
+ return nil, err
+ }
+ digestMap := make(map[int64]digest.Digest)
+ for _, e := range decodedJTOC.Entries {
+ if e.Type == "reg" || e.Type == "chunk" {
+ if e.Type == "reg" && e.Size == 0 {
+ continue // ignores empty file
+ }
+ if e.ChunkDigest == "" {
+ return nil, fmt.Errorf("ChunkDigest of %q(off=%d) not found in TOC JSON",
+ e.Name, e.Offset)
+ }
+ d, err := digest.Parse(e.ChunkDigest)
+ if err != nil {
+ return nil, err
+ }
+ digestMap[e.Offset] = d
+ }
+ }
+ return digestMap, nil
+}
+
+func parseStargz(sgz *io.SectionReader, controller TestingController) (decodedJTOC *JTOC, jtocOffset int64, err error) {
+ fSize := controller.FooterSize()
+ footer := make([]byte, fSize)
+ if _, err := sgz.ReadAt(footer, sgz.Size()-fSize); err != nil {
+ return nil, 0, fmt.Errorf("error reading footer: %w", err)
+ }
+ _, tocOffset, _, err := controller.ParseFooter(footer[positive(int64(len(footer))-fSize):])
+ if err != nil {
+ return nil, 0, fmt.Errorf("failed to parse footer: %w", err)
+ }
+
+ // Decode the TOC JSON
+ var tocReader io.Reader
+ if tocOffset >= 0 {
+ tocReader = io.NewSectionReader(sgz, tocOffset, sgz.Size()-tocOffset-fSize)
+ }
+ decodedJTOC, _, err = controller.ParseTOC(tocReader)
+ if err != nil {
+ return nil, 0, fmt.Errorf("failed to parse TOC: %w", err)
+ }
+ return decodedJTOC, tocOffset, nil
+}
+
+func testWriteAndOpen(t *testing.T, controllers ...TestingControllerFactory) {
+ const content = "Some contents"
+ invalidUtf8 := "\xff\xfe\xfd"
+
+ xAttrFile := xAttr{"foo": "bar", "invalid-utf8": invalidUtf8}
+ sampleOwner := owner{uid: 50, gid: 100}
+
+ data64KB := randomContents(64000)
+
+ tests := []struct {
+ name string
+ chunkSize int
+ minChunkSize int
+ in []tarEntry
+ want []stargzCheck
+ wantNumGz int // expected number of streams
+
+ wantNumGzLossLess int // expected number of streams (> 0) in lossless mode if it's different from wantNumGz
+ wantFailOnLossLess bool
+ wantTOCVersion int // default = 1
+ }{
+ {
+ name: "empty",
+ in: tarOf(),
+ wantNumGz: 2, // (empty tar) + TOC + footer
+ want: checks(
+ numTOCEntries(0),
+ ),
+ },
+ {
+ name: "1dir_1empty_file",
+ in: tarOf(
+ dir("foo/"),
+ file("foo/bar.txt", ""),
+ ),
+ wantNumGz: 3, // dir, TOC, footer
+ want: checks(
+ numTOCEntries(2),
+ hasDir("foo/"),
+ hasFileLen("foo/bar.txt", 0),
+ entryHasChildren("foo", "bar.txt"),
+ hasFileDigest("foo/bar.txt", digestFor("")),
+ ),
+ },
+ {
+ name: "1dir_1file",
+ in: tarOf(
+ dir("foo/"),
+ file("foo/bar.txt", content, xAttrFile),
+ ),
+ wantNumGz: 4, // var dir, foo.txt alone, TOC, footer
+ want: checks(
+ numTOCEntries(2),
+ hasDir("foo/"),
+ hasFileLen("foo/bar.txt", len(content)),
+ hasFileDigest("foo/bar.txt", digestFor(content)),
+ hasFileContentsRange("foo/bar.txt", 0, content),
+ hasFileContentsRange("foo/bar.txt", 1, content[1:]),
+ entryHasChildren("", "foo"),
+ entryHasChildren("foo", "bar.txt"),
+ hasFileXattrs("foo/bar.txt", "foo", "bar"),
+ hasFileXattrs("foo/bar.txt", "invalid-utf8", invalidUtf8),
+ ),
+ },
+ {
+ name: "2meta_2file",
+ in: tarOf(
+ dir("bar/", sampleOwner),
+ dir("foo/", sampleOwner),
+ file("foo/bar.txt", content, sampleOwner),
+ ),
+ wantNumGz: 4, // both dirs, foo.txt alone, TOC, footer
+ want: checks(
+ numTOCEntries(3),
+ hasDir("bar/"),
+ hasDir("foo/"),
+ hasFileLen("foo/bar.txt", len(content)),
+ entryHasChildren("", "bar", "foo"),
+ entryHasChildren("foo", "bar.txt"),
+ hasChunkEntries("foo/bar.txt", 1),
+ hasEntryOwner("bar/", sampleOwner),
+ hasEntryOwner("foo/", sampleOwner),
+ hasEntryOwner("foo/bar.txt", sampleOwner),
+ ),
+ },
+ {
+ name: "3dir",
+ in: tarOf(
+ dir("bar/"),
+ dir("foo/"),
+ dir("foo/bar/"),
+ ),
+ wantNumGz: 3, // 3 dirs, TOC, footer
+ want: checks(
+ hasDirLinkCount("bar/", 2),
+ hasDirLinkCount("foo/", 3),
+ hasDirLinkCount("foo/bar/", 2),
+ ),
+ },
+ {
+ name: "symlink",
+ in: tarOf(
+ dir("foo/"),
+ symlink("foo/bar", "../../x"),
+ ),
+ wantNumGz: 3, // metas + TOC + footer
+ want: checks(
+ numTOCEntries(2),
+ hasSymlink("foo/bar", "../../x"),
+ entryHasChildren("", "foo"),
+ entryHasChildren("foo", "bar"),
+ ),
+ },
+ {
+ name: "chunked_file",
+ chunkSize: 4,
+ in: tarOf(
+ dir("foo/"),
+ file("foo/big.txt", "This "+"is s"+"uch "+"a bi"+"g fi"+"le"),
+ ),
+ wantNumGz: 9, // dir + big.txt(6 chunks) + TOC + footer
+ want: checks(
+ numTOCEntries(7), // 1 for foo dir, 6 for the foo/big.txt file
+ hasDir("foo/"),
+ hasFileLen("foo/big.txt", len("This is such a big file")),
+ hasFileDigest("foo/big.txt", digestFor("This is such a big file")),
+ hasFileContentsRange("foo/big.txt", 0, "This is such a big file"),
+ hasFileContentsRange("foo/big.txt", 1, "his is such a big file"),
+ hasFileContentsRange("foo/big.txt", 2, "is is such a big file"),
+ hasFileContentsRange("foo/big.txt", 3, "s is such a big file"),
+ hasFileContentsRange("foo/big.txt", 4, " is such a big file"),
+ hasFileContentsRange("foo/big.txt", 5, "is such a big file"),
+ hasFileContentsRange("foo/big.txt", 6, "s such a big file"),
+ hasFileContentsRange("foo/big.txt", 7, " such a big file"),
+ hasFileContentsRange("foo/big.txt", 8, "such a big file"),
+ hasFileContentsRange("foo/big.txt", 9, "uch a big file"),
+ hasFileContentsRange("foo/big.txt", 10, "ch a big file"),
+ hasFileContentsRange("foo/big.txt", 11, "h a big file"),
+ hasFileContentsRange("foo/big.txt", 12, " a big file"),
+ hasFileContentsRange("foo/big.txt", len("This is such a big file")-1, ""),
+ hasChunkEntries("foo/big.txt", 6),
+ ),
+ },
+ {
+ name: "recursive",
+ in: tarOf(
+ dir("/", sampleOwner),
+ dir("bar/", sampleOwner),
+ dir("foo/", sampleOwner),
+ file("foo/bar.txt", content, sampleOwner),
+ ),
+ wantNumGz: 4, // dirs, bar.txt alone, TOC, footer
+ want: checks(
+ maxDepth(2), // 0: root directory, 1: "foo/", 2: "bar.txt"
+ ),
+ },
+ {
+ name: "block_char_fifo",
+ in: tarOf(
+ tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error {
+ return w.WriteHeader(&tar.Header{
+ Name: prefix + "b",
+ Typeflag: tar.TypeBlock,
+ Devmajor: 123,
+ Devminor: 456,
+ Format: format,
+ })
+ }),
+ tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error {
+ return w.WriteHeader(&tar.Header{
+ Name: prefix + "c",
+ Typeflag: tar.TypeChar,
+ Devmajor: 111,
+ Devminor: 222,
+ Format: format,
+ })
+ }),
+ tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error {
+ return w.WriteHeader(&tar.Header{
+ Name: prefix + "f",
+ Typeflag: tar.TypeFifo,
+ Format: format,
+ })
+ }),
+ ),
+ wantNumGz: 3,
+ want: checks(
+ lookupMatch("b", &TOCEntry{Name: "b", Type: "block", DevMajor: 123, DevMinor: 456, NumLink: 1}),
+ lookupMatch("c", &TOCEntry{Name: "c", Type: "char", DevMajor: 111, DevMinor: 222, NumLink: 1}),
+ lookupMatch("f", &TOCEntry{Name: "f", Type: "fifo", NumLink: 1}),
+ ),
+ },
+ {
+ name: "modes",
+ in: tarOf(
+ dir("foo1/", 0755|os.ModeDir|os.ModeSetgid),
+ file("foo1/bar1", content, 0700|os.ModeSetuid),
+ file("foo1/bar2", content, 0755|os.ModeSetgid),
+ dir("foo2/", 0755|os.ModeDir|os.ModeSticky),
+ file("foo2/bar3", content, 0755|os.ModeSticky),
+ dir("foo3/", 0755|os.ModeDir),
+ file("foo3/bar4", content, os.FileMode(0700)),
+ file("foo3/bar5", content, os.FileMode(0755)),
+ ),
+ wantNumGz: 8, // dir, bar1 alone, bar2 alone + dir, bar3 alone + dir, bar4 alone, bar5 alone, TOC, footer
+ want: checks(
+ hasMode("foo1/", 0755|os.ModeDir|os.ModeSetgid),
+ hasMode("foo1/bar1", 0700|os.ModeSetuid),
+ hasMode("foo1/bar2", 0755|os.ModeSetgid),
+ hasMode("foo2/", 0755|os.ModeDir|os.ModeSticky),
+ hasMode("foo2/bar3", 0755|os.ModeSticky),
+ hasMode("foo3/", 0755|os.ModeDir),
+ hasMode("foo3/bar4", os.FileMode(0700)),
+ hasMode("foo3/bar5", os.FileMode(0755)),
+ ),
+ },
+ {
+ name: "lossy",
+ in: tarOf(
+ dir("bar/", sampleOwner),
+ dir("foo/", sampleOwner),
+ file("foo/bar.txt", content, sampleOwner),
+ file(TOCTarName, "dummy"), // ignored by the writer. (lossless write returns error)
+ ),
+ wantNumGz: 4, // both dirs, foo.txt alone, TOC, footer
+ want: checks(
+ numTOCEntries(3),
+ hasDir("bar/"),
+ hasDir("foo/"),
+ hasFileLen("foo/bar.txt", len(content)),
+ entryHasChildren("", "bar", "foo"),
+ entryHasChildren("foo", "bar.txt"),
+ hasChunkEntries("foo/bar.txt", 1),
+ hasEntryOwner("bar/", sampleOwner),
+ hasEntryOwner("foo/", sampleOwner),
+ hasEntryOwner("foo/bar.txt", sampleOwner),
+ ),
+ wantFailOnLossLess: true,
+ },
+ {
+ name: "hardlink should be replaced to the destination entry",
+ in: tarOf(
+ dir("foo/"),
+ file("foo/foo1", "test"),
+ link("foolink", "foo/foo1"),
+ ),
+ wantNumGz: 4, // dir, foo1 + link, TOC, footer
+ want: checks(
+ mustSameEntry("foo/foo1", "foolink"),
+ ),
+ },
+ {
+ name: "several_files_in_chunk",
+ minChunkSize: 8000,
+ in: tarOf(
+ dir("foo/"),
+ file("foo/foo1", data64KB),
+ file("foo2", "bb"),
+ file("foo22", "ccc"),
+ dir("bar/"),
+ file("bar/bar.txt", "aaa"),
+ file("foo3", data64KB),
+ ),
+ // NOTE: we assume that the compressed "data64KB" is still larger than 8KB
+ wantNumGz: 4, // dir+foo1, foo2+foo22+dir+bar.txt+foo3, TOC, footer
+ want: checks(
+ numTOCEntries(7), // dir, foo1, foo2, foo22, dir, bar.txt, foo3
+ hasDir("foo/"),
+ hasDir("bar/"),
+ hasFileLen("foo/foo1", len(data64KB)),
+ hasFileLen("foo2", len("bb")),
+ hasFileLen("foo22", len("ccc")),
+ hasFileLen("bar/bar.txt", len("aaa")),
+ hasFileLen("foo3", len(data64KB)),
+ hasFileDigest("foo/foo1", digestFor(data64KB)),
+ hasFileDigest("foo2", digestFor("bb")),
+ hasFileDigest("foo22", digestFor("ccc")),
+ hasFileDigest("bar/bar.txt", digestFor("aaa")),
+ hasFileDigest("foo3", digestFor(data64KB)),
+ hasFileContentsWithPreRead("foo22", 0, "ccc", chunkInfo{"foo2", "bb"}, chunkInfo{"bar/bar.txt", "aaa"}, chunkInfo{"foo3", data64KB}),
+ hasFileContentsRange("foo/foo1", 0, data64KB),
+ hasFileContentsRange("foo2", 0, "bb"),
+ hasFileContentsRange("foo2", 1, "b"),
+ hasFileContentsRange("foo22", 0, "ccc"),
+ hasFileContentsRange("foo22", 1, "cc"),
+ hasFileContentsRange("foo22", 2, "c"),
+ hasFileContentsRange("bar/bar.txt", 0, "aaa"),
+ hasFileContentsRange("bar/bar.txt", 1, "aa"),
+ hasFileContentsRange("bar/bar.txt", 2, "a"),
+ hasFileContentsRange("foo3", 0, data64KB),
+ hasFileContentsRange("foo3", 1, data64KB[1:]),
+ hasFileContentsRange("foo3", 2, data64KB[2:]),
+ hasFileContentsRange("foo3", len(data64KB)/2, data64KB[len(data64KB)/2:]),
+ hasFileContentsRange("foo3", len(data64KB)-1, data64KB[len(data64KB)-1:]),
+ ),
+ },
+ {
+ name: "several_files_in_chunk_chunked",
+ minChunkSize: 8000,
+ chunkSize: 32000,
+ in: tarOf(
+ dir("foo/"),
+ file("foo/foo1", data64KB),
+ file("foo2", "bb"),
+ dir("bar/"),
+ file("foo3", data64KB),
+ ),
+ // NOTE: we assume that the compressed chunk of "data64KB" is still larger than 8KB
+ wantNumGz: 6, // dir+foo1(1), foo1(2), foo2+dir+foo3(1), foo3(2), TOC, footer
+ want: checks(
+ numTOCEntries(7), // dir, foo1(2 chunks), foo2, dir, foo3(2 chunks)
+ hasDir("foo/"),
+ hasDir("bar/"),
+ hasFileLen("foo/foo1", len(data64KB)),
+ hasFileLen("foo2", len("bb")),
+ hasFileLen("foo3", len(data64KB)),
+ hasFileDigest("foo/foo1", digestFor(data64KB)),
+ hasFileDigest("foo2", digestFor("bb")),
+ hasFileDigest("foo3", digestFor(data64KB)),
+ hasFileContentsWithPreRead("foo2", 0, "bb", chunkInfo{"foo3", data64KB[:32000]}),
+ hasFileContentsRange("foo/foo1", 0, data64KB),
+ hasFileContentsRange("foo/foo1", 1, data64KB[1:]),
+ hasFileContentsRange("foo/foo1", 2, data64KB[2:]),
+ hasFileContentsRange("foo/foo1", len(data64KB)/2, data64KB[len(data64KB)/2:]),
+ hasFileContentsRange("foo/foo1", len(data64KB)-1, data64KB[len(data64KB)-1:]),
+ hasFileContentsRange("foo2", 0, "bb"),
+ hasFileContentsRange("foo2", 1, "b"),
+ hasFileContentsRange("foo3", 0, data64KB),
+ hasFileContentsRange("foo3", 1, data64KB[1:]),
+ hasFileContentsRange("foo3", 2, data64KB[2:]),
+ hasFileContentsRange("foo3", len(data64KB)/2, data64KB[len(data64KB)/2:]),
+ hasFileContentsRange("foo3", len(data64KB)-1, data64KB[len(data64KB)-1:]),
+ ),
+ },
+ }
+
+ for _, tt := range tests {
+ for _, newCL := range controllers {
+ newCL := newCL
+ for _, prefix := range allowedPrefix {
+ prefix := prefix
+ for _, srcTarFormat := range []tar.Format{tar.FormatUSTAR, tar.FormatPAX, tar.FormatGNU} {
+ srcTarFormat := srcTarFormat
+ for _, lossless := range []bool{true, false} {
+ t.Run(tt.name+"-"+fmt.Sprintf("compression=%v,prefix=%q,lossless=%v,format=%s", newCL(), prefix, lossless, srcTarFormat), func(t *testing.T) {
+ var tr io.Reader = buildTar(t, tt.in, prefix, srcTarFormat)
+ origTarDgstr := digest.Canonical.Digester()
+ tr = io.TeeReader(tr, origTarDgstr.Hash())
+ var stargzBuf bytes.Buffer
+ cl1 := newCL()
+ w := NewWriterWithCompressor(&stargzBuf, cl1)
+ w.ChunkSize = tt.chunkSize
+ w.MinChunkSize = tt.minChunkSize
+ if lossless {
+ err := w.AppendTarLossLess(tr)
+ if tt.wantFailOnLossLess {
+ if err != nil {
+ return // expected to fail
+ }
+ t.Fatalf("Append wanted to fail on lossless")
+ }
+ if err != nil {
+ t.Fatalf("Append(lossless): %v", err)
+ }
+ } else {
+ if err := w.AppendTar(tr); err != nil {
+ t.Fatalf("Append: %v", err)
+ }
+ }
+ if _, err := w.Close(); err != nil {
+ t.Fatalf("Writer.Close: %v", err)
+ }
+ b := stargzBuf.Bytes()
+
+ if lossless {
+ // Check if the result blob reserves original tar metadata
+ rc, err := Unpack(io.NewSectionReader(bytes.NewReader(b), 0, int64(len(b))), cl1)
+ if err != nil {
+ t.Errorf("failed to decompress blob: %v", err)
+ return
+ }
+ defer rc.Close()
+ resultDgstr := digest.Canonical.Digester()
+ if _, err := io.Copy(resultDgstr.Hash(), rc); err != nil {
+ t.Errorf("failed to read result decompressed blob: %v", err)
+ return
+ }
+ if resultDgstr.Digest() != origTarDgstr.Digest() {
+ t.Errorf("lossy compression occurred: digest=%v; want %v",
+ resultDgstr.Digest(), origTarDgstr.Digest())
+ return
+ }
+ }
+
+ diffID := w.DiffID()
+ wantDiffID := cl1.DiffIDOf(t, b)
+ if diffID != wantDiffID {
+ t.Errorf("DiffID = %q; want %q", diffID, wantDiffID)
+ }
+
+ telemetry, checkCalled := newCalledTelemetry()
+ sr := io.NewSectionReader(bytes.NewReader(b), 0, int64(len(b)))
+ r, err := Open(
+ sr,
+ WithDecompressors(cl1),
+ WithTelemetry(telemetry),
+ )
+ if err != nil {
+ t.Fatalf("stargz.Open: %v", err)
+ }
+ wantTOCVersion := 1
+ if tt.wantTOCVersion > 0 {
+ wantTOCVersion = tt.wantTOCVersion
+ }
+ if r.toc.Version != wantTOCVersion {
+ t.Fatalf("invalid TOC Version %d; wanted %d", r.toc.Version, wantTOCVersion)
+ }
+
+ footerSize := cl1.FooterSize()
+ footerOffset := sr.Size() - footerSize
+ footer := make([]byte, footerSize)
+ if _, err := sr.ReadAt(footer, footerOffset); err != nil {
+ t.Errorf("failed to read footer: %v", err)
+ }
+ _, tocOffset, _, err := cl1.ParseFooter(footer)
+ if err != nil {
+ t.Errorf("failed to parse footer: %v", err)
+ }
+ if err := checkCalled(tocOffset >= 0); err != nil {
+ t.Errorf("telemetry failure: %v", err)
+ }
+
+ wantNumGz := tt.wantNumGz
+ if lossless && tt.wantNumGzLossLess > 0 {
+ wantNumGz = tt.wantNumGzLossLess
+ }
+ streamOffsets := []int64{0}
+ prevOffset := int64(-1)
+ streams := 0
+ for _, e := range r.toc.Entries {
+ if e.Offset > prevOffset {
+ streamOffsets = append(streamOffsets, e.Offset)
+ prevOffset = e.Offset
+ streams++
+ }
+ }
+ streams++ // TOC
+ if tocOffset >= 0 {
+ // toc is in the blob
+ streamOffsets = append(streamOffsets, tocOffset)
+ }
+ streams++ // footer
+ streamOffsets = append(streamOffsets, footerOffset)
+ if streams != wantNumGz {
+ t.Errorf("number of streams in TOC = %d; want %d", streams, wantNumGz)
+ }
+
+ t.Logf("testing streams: %+v", streamOffsets)
+ cl1.TestStreams(t, b, streamOffsets)
+
+ for _, want := range tt.want {
+ want.check(t, r)
+ }
+ })
+ }
+ }
+ }
+ }
+ }
+}
+
+type chunkInfo struct {
+ name string
+ data string
+}
+
+func newCalledTelemetry() (telemetry *Telemetry, check func(needsGetTOC bool) error) {
+ var getFooterLatencyCalled bool
+ var getTocLatencyCalled bool
+ var deserializeTocLatencyCalled bool
+ return &Telemetry{
+ func(time.Time) { getFooterLatencyCalled = true },
+ func(time.Time) { getTocLatencyCalled = true },
+ func(time.Time) { deserializeTocLatencyCalled = true },
+ }, func(needsGetTOC bool) error {
+ var allErr []error
+ if !getFooterLatencyCalled {
+ allErr = append(allErr, fmt.Errorf("metrics GetFooterLatency isn't called"))
+ }
+ if needsGetTOC {
+ if !getTocLatencyCalled {
+ allErr = append(allErr, fmt.Errorf("metrics GetTocLatency isn't called"))
+ }
+ }
+ if !deserializeTocLatencyCalled {
+ allErr = append(allErr, fmt.Errorf("metrics DeserializeTocLatency isn't called"))
+ }
+ return errorutil.Aggregate(allErr)
+ }
+}
+
+func digestFor(content string) string {
+ sum := sha256.Sum256([]byte(content))
+ return fmt.Sprintf("sha256:%x", sum)
+}
+
+type numTOCEntries int
+
+func (n numTOCEntries) check(t *testing.T, r *Reader) {
+ if r.toc == nil {
+ t.Fatal("nil TOC")
+ }
+ if got, want := len(r.toc.Entries), int(n); got != want {
+ t.Errorf("got %d TOC entries; want %d", got, want)
+ }
+ t.Logf("got TOC entries:")
+ for i, ent := range r.toc.Entries {
+ entj, _ := json.Marshal(ent)
+ t.Logf(" [%d]: %s\n", i, entj)
+ }
+ if t.Failed() {
+ t.FailNow()
+ }
+}
+
+func checks(s ...stargzCheck) []stargzCheck { return s }
+
+type stargzCheck interface {
+ check(t *testing.T, r *Reader)
+}
+
+type stargzCheckFn func(*testing.T, *Reader)
+
+func (f stargzCheckFn) check(t *testing.T, r *Reader) { f(t, r) }
+
+func maxDepth(max int) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ e, ok := r.Lookup("")
+ if !ok {
+ t.Fatal("root directory not found")
+ }
+ d, err := getMaxDepth(t, e, 0, 10*max)
+ if err != nil {
+ t.Errorf("failed to get max depth (wanted %d): %v", max, err)
+ return
+ }
+ if d != max {
+ t.Errorf("invalid depth %d; want %d", d, max)
+ return
+ }
+ })
+}
+
+func getMaxDepth(t *testing.T, e *TOCEntry, current, limit int) (max int, rErr error) {
+ if current > limit {
+ return -1, fmt.Errorf("walkMaxDepth: exceeds limit: current:%d > limit:%d",
+ current, limit)
+ }
+ max = current
+ e.ForeachChild(func(baseName string, ent *TOCEntry) bool {
+ t.Logf("%q(basename:%q) is child of %q\n", ent.Name, baseName, e.Name)
+ d, err := getMaxDepth(t, ent, current+1, limit)
+ if err != nil {
+ rErr = err
+ return false
+ }
+ if d > max {
+ max = d
+ }
+ return true
+ })
+ return
+}
+
+func hasFileLen(file string, wantLen int) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ for _, ent := range r.toc.Entries {
+ if ent.Name == file {
+ if ent.Type != "reg" {
+ t.Errorf("file type of %q is %q; want \"reg\"", file, ent.Type)
+ } else if ent.Size != int64(wantLen) {
+ t.Errorf("file size of %q = %d; want %d", file, ent.Size, wantLen)
+ }
+ return
+ }
+ }
+ t.Errorf("file %q not found", file)
+ })
+}
+
+func hasFileXattrs(file, name, value string) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ for _, ent := range r.toc.Entries {
+ if ent.Name == file {
+ if ent.Type != "reg" {
+ t.Errorf("file type of %q is %q; want \"reg\"", file, ent.Type)
+ }
+ if ent.Xattrs == nil {
+ t.Errorf("file %q has no xattrs", file)
+ return
+ }
+ valueFound, found := ent.Xattrs[name]
+ if !found {
+ t.Errorf("file %q has no xattr %q", file, name)
+ return
+ }
+ if string(valueFound) != value {
+ t.Errorf("file %q has xattr %q with value %q instead of %q", file, name, valueFound, value)
+ }
+
+ return
+ }
+ }
+ t.Errorf("file %q not found", file)
+ })
+}
+
+func hasFileDigest(file string, digest string) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ ent, ok := r.Lookup(file)
+ if !ok {
+ t.Fatalf("didn't find TOCEntry for file %q", file)
+ }
+ if ent.Digest != digest {
+ t.Fatalf("Digest(%q) = %q, want %q", file, ent.Digest, digest)
+ }
+ })
+}
+
+func hasFileContentsWithPreRead(file string, offset int, want string, extra ...chunkInfo) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ extraMap := make(map[string]chunkInfo)
+ for _, e := range extra {
+ extraMap[e.name] = e
+ }
+ var extraNames []string
+ for n := range extraMap {
+ extraNames = append(extraNames, n)
+ }
+ f, err := r.OpenFileWithPreReader(file, func(e *TOCEntry, cr io.Reader) error {
+ t.Logf("On %q: got preread of %q", file, e.Name)
+ ex, ok := extraMap[e.Name]
+ if !ok {
+ t.Fatalf("fail on %q: unexpected entry %q: %+v, %+v", file, e.Name, e, extraNames)
+ }
+ got, err := io.ReadAll(cr)
+ if err != nil {
+ t.Fatalf("fail on %q: failed to read %q: %v", file, e.Name, err)
+ }
+ if ex.data != string(got) {
+ t.Fatalf("fail on %q: unexpected contents of %q: len=%d; want=%d", file, e.Name, len(got), len(ex.data))
+ }
+ delete(extraMap, e.Name)
+ return nil
+ })
+ if err != nil {
+ t.Fatal(err)
+ }
+ got := make([]byte, len(want))
+ n, err := f.ReadAt(got, int64(offset))
+ if err != nil {
+ t.Fatalf("ReadAt(len %d, offset %d, size %d) = %v, %v", len(got), offset, f.Size(), n, err)
+ }
+ if string(got) != want {
+ t.Fatalf("ReadAt(len %d, offset %d) = %q, want %q", len(got), offset, viewContent(got), viewContent([]byte(want)))
+ }
+ if len(extraMap) != 0 {
+ var exNames []string
+ for _, ex := range extraMap {
+ exNames = append(exNames, ex.name)
+ }
+ t.Fatalf("fail on %q: some entries aren't read: %+v", file, exNames)
+ }
+ })
+}
+
+func hasFileContentsRange(file string, offset int, want string) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ f, err := r.OpenFile(file)
+ if err != nil {
+ t.Fatal(err)
+ }
+ got := make([]byte, len(want))
+ n, err := f.ReadAt(got, int64(offset))
+ if err != nil {
+ t.Fatalf("ReadAt(len %d, offset %d) = %v, %v", len(got), offset, n, err)
+ }
+ if string(got) != want {
+ t.Fatalf("ReadAt(len %d, offset %d) = %q, want %q", len(got), offset, viewContent(got), viewContent([]byte(want)))
+ }
+ })
+}
+
+func hasChunkEntries(file string, wantChunks int) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ ent, ok := r.Lookup(file)
+ if !ok {
+ t.Fatalf("no file for %q", file)
+ }
+ if ent.Type != "reg" {
+ t.Fatalf("file %q has unexpected type %q; want reg", file, ent.Type)
+ }
+ chunks := r.getChunks(ent)
+ if len(chunks) != wantChunks {
+ t.Errorf("len(r.getChunks(%q)) = %d; want %d", file, len(chunks), wantChunks)
+ return
+ }
+ f := chunks[0]
+
+ var gotChunks []*TOCEntry
+ var last *TOCEntry
+ for off := int64(0); off < f.Size; off++ {
+ e, ok := r.ChunkEntryForOffset(file, off)
+ if !ok {
+ t.Errorf("no ChunkEntryForOffset at %d", off)
+ return
+ }
+ if last != e {
+ gotChunks = append(gotChunks, e)
+ last = e
+ }
+ }
+ if !reflect.DeepEqual(chunks, gotChunks) {
+ t.Errorf("gotChunks=%d, want=%d; contents mismatch", len(gotChunks), wantChunks)
+ }
+
+ // And verify the NextOffset
+ for i := 0; i < len(gotChunks)-1; i++ {
+ ci := gotChunks[i]
+ cnext := gotChunks[i+1]
+ if ci.NextOffset() != cnext.Offset {
+ t.Errorf("chunk %d NextOffset %d != next chunk's Offset of %d", i, ci.NextOffset(), cnext.Offset)
+ }
+ }
+ })
+}
+
+func entryHasChildren(dir string, want ...string) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ want := append([]string(nil), want...)
+ var got []string
+ ent, ok := r.Lookup(dir)
+ if !ok {
+ t.Fatalf("didn't find TOCEntry for dir node %q", dir)
+ }
+ for baseName := range ent.children {
+ got = append(got, baseName)
+ }
+ sort.Strings(got)
+ sort.Strings(want)
+ if !reflect.DeepEqual(got, want) {
+ t.Errorf("children of %q = %q; want %q", dir, got, want)
+ }
+ })
+}
+
+func hasDir(file string) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ for _, ent := range r.toc.Entries {
+ if ent.Name == cleanEntryName(file) {
+ if ent.Type != "dir" {
+ t.Errorf("file type of %q is %q; want \"dir\"", file, ent.Type)
+ }
+ return
+ }
+ }
+ t.Errorf("directory %q not found", file)
+ })
+}
+
+func hasDirLinkCount(file string, count int) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ for _, ent := range r.toc.Entries {
+ if ent.Name == cleanEntryName(file) {
+ if ent.Type != "dir" {
+ t.Errorf("file type of %q is %q; want \"dir\"", file, ent.Type)
+ return
+ }
+ if ent.NumLink != count {
+ t.Errorf("link count of %q = %d; want %d", file, ent.NumLink, count)
+ }
+ return
+ }
+ }
+ t.Errorf("directory %q not found", file)
+ })
+}
+
+func hasMode(file string, mode os.FileMode) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ for _, ent := range r.toc.Entries {
+ if ent.Name == cleanEntryName(file) {
+ if ent.Stat().Mode() != mode {
+ t.Errorf("invalid mode: got %v; want %v", ent.Stat().Mode(), mode)
+ return
+ }
+ return
+ }
+ }
+ t.Errorf("file %q not found", file)
+ })
+}
+
+func hasSymlink(file, target string) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ for _, ent := range r.toc.Entries {
+ if ent.Name == file {
+ if ent.Type != "symlink" {
+ t.Errorf("file type of %q is %q; want \"symlink\"", file, ent.Type)
+ } else if ent.LinkName != target {
+ t.Errorf("link target of symlink %q is %q; want %q", file, ent.LinkName, target)
+ }
+ return
+ }
+ }
+ t.Errorf("symlink %q not found", file)
+ })
+}
+
+func lookupMatch(name string, want *TOCEntry) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ e, ok := r.Lookup(name)
+ if !ok {
+ t.Fatalf("failed to Lookup entry %q", name)
+ }
+ if !reflect.DeepEqual(e, want) {
+ t.Errorf("entry %q mismatch.\n got: %+v\nwant: %+v\n", name, e, want)
+ }
+
+ })
+}
+
+func hasEntryOwner(entry string, owner owner) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ ent, ok := r.Lookup(strings.TrimSuffix(entry, "/"))
+ if !ok {
+ t.Errorf("entry %q not found", entry)
+ return
+ }
+ if ent.UID != owner.uid || ent.GID != owner.gid {
+ t.Errorf("entry %q has invalid owner (uid:%d, gid:%d) instead of (uid:%d, gid:%d)", entry, ent.UID, ent.GID, owner.uid, owner.gid)
+ return
+ }
+ })
+}
+
+func mustSameEntry(files ...string) stargzCheck {
+ return stargzCheckFn(func(t *testing.T, r *Reader) {
+ var first *TOCEntry
+ for _, f := range files {
+ if first == nil {
+ var ok bool
+ first, ok = r.Lookup(f)
+ if !ok {
+ t.Errorf("unknown first file on Lookup: %q", f)
+ return
+ }
+ }
+
+ // Test Lookup
+ e, ok := r.Lookup(f)
+ if !ok {
+ t.Errorf("unknown file on Lookup: %q", f)
+ return
+ }
+ if e != first {
+ t.Errorf("Lookup: %+v(%p) != %+v(%p)", e, e, first, first)
+ return
+ }
+
+ // Test LookupChild
+ pe, ok := r.Lookup(filepath.Dir(filepath.Clean(f)))
+ if !ok {
+ t.Errorf("failed to get parent of %q", f)
+ return
+ }
+ e, ok = pe.LookupChild(filepath.Base(filepath.Clean(f)))
+ if !ok {
+ t.Errorf("failed to get %q as the child of %+v", f, pe)
+ return
+ }
+ if e != first {
+ t.Errorf("LookupChild: %+v(%p) != %+v(%p)", e, e, first, first)
+ return
+ }
+
+ // Test ForeachChild
+ pe.ForeachChild(func(baseName string, e *TOCEntry) bool {
+ if baseName == filepath.Base(filepath.Clean(f)) {
+ if e != first {
+ t.Errorf("ForeachChild: %+v(%p) != %+v(%p)", e, e, first, first)
+ return false
+ }
+ }
+ return true
+ })
+ }
+ })
+}
+
+func viewContent(c []byte) string {
+ if len(c) < 100 {
+ return string(c)
+ }
+ return string(c[:50]) + "...(omit)..." + string(c[50:100])
+}
+
+func tarOf(s ...tarEntry) []tarEntry { return s }
+
+type tarEntry interface {
+ appendTar(tw *tar.Writer, prefix string, format tar.Format) error
+}
+
+type tarEntryFunc func(*tar.Writer, string, tar.Format) error
+
+func (f tarEntryFunc) appendTar(tw *tar.Writer, prefix string, format tar.Format) error {
+ return f(tw, prefix, format)
+}
+
+func buildTar(t *testing.T, ents []tarEntry, prefix string, opts ...interface{}) *io.SectionReader {
+ format := tar.FormatUnknown
+ for _, opt := range opts {
+ switch v := opt.(type) {
+ case tar.Format:
+ format = v
+ default:
+ panic(fmt.Errorf("unsupported opt for buildTar: %v", opt))
+ }
+ }
+ buf := new(bytes.Buffer)
+ tw := tar.NewWriter(buf)
+ for _, ent := range ents {
+ if err := ent.appendTar(tw, prefix, format); err != nil {
+ t.Fatalf("building input tar: %v", err)
+ }
+ }
+ if err := tw.Close(); err != nil {
+ t.Errorf("closing write of input tar: %v", err)
+ }
+ data := append(buf.Bytes(), make([]byte, 100)...) // append empty bytes at the tail to see lossless works
+ return io.NewSectionReader(bytes.NewReader(data), 0, int64(len(data)))
+}
+
+func dir(name string, opts ...interface{}) tarEntry {
+ return tarEntryFunc(func(tw *tar.Writer, prefix string, format tar.Format) error {
+ var o owner
+ mode := os.FileMode(0755)
+ for _, opt := range opts {
+ switch v := opt.(type) {
+ case owner:
+ o = v
+ case os.FileMode:
+ mode = v
+ default:
+ return errors.New("unsupported opt")
+ }
+ }
+ if !strings.HasSuffix(name, "/") {
+ panic(fmt.Sprintf("missing trailing slash in dir %q ", name))
+ }
+ tm, err := fileModeToTarMode(mode)
+ if err != nil {
+ return err
+ }
+ return tw.WriteHeader(&tar.Header{
+ Typeflag: tar.TypeDir,
+ Name: prefix + name,
+ Mode: tm,
+ Uid: o.uid,
+ Gid: o.gid,
+ Format: format,
+ })
+ })
+}
+
+// xAttr are extended attributes to set on test files created with the file func.
+type xAttr map[string]string
+
+// owner is owner ot set on test files and directories with the file and dir functions.
+type owner struct {
+ uid int
+ gid int
+}
+
+func file(name, contents string, opts ...interface{}) tarEntry {
+ return tarEntryFunc(func(tw *tar.Writer, prefix string, format tar.Format) error {
+ var xattrs xAttr
+ var o owner
+ mode := os.FileMode(0644)
+ for _, opt := range opts {
+ switch v := opt.(type) {
+ case xAttr:
+ xattrs = v
+ case owner:
+ o = v
+ case os.FileMode:
+ mode = v
+ default:
+ return errors.New("unsupported opt")
+ }
+ }
+ if strings.HasSuffix(name, "/") {
+ return fmt.Errorf("bogus trailing slash in file %q", name)
+ }
+ tm, err := fileModeToTarMode(mode)
+ if err != nil {
+ return err
+ }
+ if len(xattrs) > 0 {
+ format = tar.FormatPAX // only PAX supports xattrs
+ }
+ if err := tw.WriteHeader(&tar.Header{
+ Typeflag: tar.TypeReg,
+ Name: prefix + name,
+ Mode: tm,
+ Xattrs: xattrs,
+ Size: int64(len(contents)),
+ Uid: o.uid,
+ Gid: o.gid,
+ Format: format,
+ }); err != nil {
+ return err
+ }
+ _, err = io.WriteString(tw, contents)
+ return err
+ })
+}
+
+func symlink(name, target string) tarEntry {
+ return tarEntryFunc(func(tw *tar.Writer, prefix string, format tar.Format) error {
+ return tw.WriteHeader(&tar.Header{
+ Typeflag: tar.TypeSymlink,
+ Name: prefix + name,
+ Linkname: target,
+ Mode: 0644,
+ Format: format,
+ })
+ })
+}
+
+func link(name string, linkname string) tarEntry {
+ now := time.Now()
+ return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error {
+ return w.WriteHeader(&tar.Header{
+ Typeflag: tar.TypeLink,
+ Name: prefix + name,
+ Linkname: linkname,
+ ModTime: now,
+ Format: format,
+ })
+ })
+}
+
+func chardev(name string, major, minor int64) tarEntry {
+ now := time.Now()
+ return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error {
+ return w.WriteHeader(&tar.Header{
+ Typeflag: tar.TypeChar,
+ Name: prefix + name,
+ Devmajor: major,
+ Devminor: minor,
+ ModTime: now,
+ Format: format,
+ })
+ })
+}
+
+func blockdev(name string, major, minor int64) tarEntry {
+ now := time.Now()
+ return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error {
+ return w.WriteHeader(&tar.Header{
+ Typeflag: tar.TypeBlock,
+ Name: prefix + name,
+ Devmajor: major,
+ Devminor: minor,
+ ModTime: now,
+ Format: format,
+ })
+ })
+}
+func fifo(name string) tarEntry {
+ now := time.Now()
+ return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error {
+ return w.WriteHeader(&tar.Header{
+ Typeflag: tar.TypeFifo,
+ Name: prefix + name,
+ ModTime: now,
+ Format: format,
+ })
+ })
+}
+
+func prefetchLandmark() tarEntry {
+ return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error {
+ if err := w.WriteHeader(&tar.Header{
+ Name: PrefetchLandmark,
+ Typeflag: tar.TypeReg,
+ Size: int64(len([]byte{landmarkContents})),
+ Format: format,
+ }); err != nil {
+ return err
+ }
+ contents := []byte{landmarkContents}
+ if _, err := io.CopyN(w, bytes.NewReader(contents), int64(len(contents))); err != nil {
+ return err
+ }
+ return nil
+ })
+}
+
+func noPrefetchLandmark() tarEntry {
+ return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error {
+ if err := w.WriteHeader(&tar.Header{
+ Name: NoPrefetchLandmark,
+ Typeflag: tar.TypeReg,
+ Size: int64(len([]byte{landmarkContents})),
+ Format: format,
+ }); err != nil {
+ return err
+ }
+ contents := []byte{landmarkContents}
+ if _, err := io.CopyN(w, bytes.NewReader(contents), int64(len(contents))); err != nil {
+ return err
+ }
+ return nil
+ })
+}
+
+func regDigest(t *testing.T, name string, contentStr string, digestMap map[string]digest.Digest) tarEntry {
+ if digestMap == nil {
+ t.Fatalf("digest map mustn't be nil")
+ }
+ content := []byte(contentStr)
+
+ var n int64
+ for n < int64(len(content)) {
+ size := int64(chunkSize)
+ remain := int64(len(content)) - n
+ if remain < size {
+ size = remain
+ }
+ dgstr := digest.Canonical.Digester()
+ if _, err := io.CopyN(dgstr.Hash(), bytes.NewReader(content[n:n+size]), size); err != nil {
+ t.Fatalf("failed to calculate digest of %q (name=%q,offset=%d,size=%d)",
+ string(content[n:n+size]), name, n, size)
+ }
+ digestMap[chunkID(name, n, size)] = dgstr.Digest()
+ n += size
+ }
+
+ return tarEntryFunc(func(w *tar.Writer, prefix string, format tar.Format) error {
+ if err := w.WriteHeader(&tar.Header{
+ Typeflag: tar.TypeReg,
+ Name: prefix + name,
+ Size: int64(len(content)),
+ Format: format,
+ }); err != nil {
+ return err
+ }
+ if _, err := io.CopyN(w, bytes.NewReader(content), int64(len(content))); err != nil {
+ return err
+ }
+ return nil
+ })
+}
+
+var runes = []rune("1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+
+func randomContents(n int) string {
+ b := make([]rune, n)
+ for i := range b {
+ b[i] = runes[rand.Intn(len(runes))]
+ }
+ return string(b)
+}
+
+func fileModeToTarMode(mode os.FileMode) (int64, error) {
+ h, err := tar.FileInfoHeader(fileInfoOnlyMode(mode), "")
+ if err != nil {
+ return 0, err
+ }
+ return h.Mode, nil
+}
+
+// fileInfoOnlyMode is os.FileMode that populates only file mode.
+type fileInfoOnlyMode os.FileMode
+
+func (f fileInfoOnlyMode) Name() string { return "" }
+func (f fileInfoOnlyMode) Size() int64 { return 0 }
+func (f fileInfoOnlyMode) Mode() os.FileMode { return os.FileMode(f) }
+func (f fileInfoOnlyMode) ModTime() time.Time { return time.Now() }
+func (f fileInfoOnlyMode) IsDir() bool { return os.FileMode(f).IsDir() }
+func (f fileInfoOnlyMode) Sys() interface{} { return nil }
+
+func CheckGzipHasStreams(t *testing.T, b []byte, streams []int64) {
+ if len(streams) == 0 {
+ return // nop
+ }
+
+ wants := map[int64]struct{}{}
+ for _, s := range streams {
+ wants[s] = struct{}{}
+ }
+
+ len0 := len(b)
+ br := bytes.NewReader(b)
+ zr := new(gzip.Reader)
+ t.Logf("got gzip streams:")
+ numStreams := 0
+ for {
+ zoff := len0 - br.Len()
+ if err := zr.Reset(br); err != nil {
+ if err == io.EOF {
+ return
+ }
+ t.Fatalf("countStreams(gzip), Reset: %v", err)
+ }
+ zr.Multistream(false)
+ n, err := io.Copy(io.Discard, zr)
+ if err != nil {
+ t.Fatalf("countStreams(gzip), Copy: %v", err)
+ }
+ var extra string
+ if len(zr.Header.Extra) > 0 {
+ extra = fmt.Sprintf("; extra=%q", zr.Header.Extra)
+ }
+ t.Logf(" [%d] at %d in stargz, uncompressed length %d%s", numStreams, zoff, n, extra)
+ delete(wants, int64(zoff))
+ numStreams++
+ }
+}
+
+func GzipDiffIDOf(t *testing.T, b []byte) string {
+ h := sha256.New()
+ zr, err := gzip.NewReader(bytes.NewReader(b))
+ if err != nil {
+ t.Fatalf("diffIDOf(gzip): %v", err)
+ }
+ defer zr.Close()
+ if _, err := io.Copy(h, zr); err != nil {
+ t.Fatalf("diffIDOf(gzip).Copy: %v", err)
+ }
+ return fmt.Sprintf("sha256:%x", h.Sum(nil))
+}
diff --git a/vendor/github.com/containerd/stargz-snapshotter/estargz/types.go b/vendor/github.com/containerd/stargz-snapshotter/estargz/types.go
new file mode 100644
index 000000000..57e0aa614
--- /dev/null
+++ b/vendor/github.com/containerd/stargz-snapshotter/estargz/types.go
@@ -0,0 +1,342 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+/*
+ Copyright 2019 The Go Authors. All rights reserved.
+ Use of this source code is governed by a BSD-style
+ license that can be found in the LICENSE file.
+*/
+
+package estargz
+
+import (
+ "archive/tar"
+ "hash"
+ "io"
+ "os"
+ "path"
+ "time"
+
+ digest "github.com/opencontainers/go-digest"
+)
+
+const (
+ // TOCTarName is the name of the JSON file in the tar archive in the
+ // table of contents gzip stream.
+ TOCTarName = "stargz.index.json"
+
+ // FooterSize is the number of bytes in the footer
+ //
+ // The footer is an empty gzip stream with no compression and an Extra
+ // header of the form "%016xSTARGZ", where the 64 bit hex-encoded
+ // number is the offset to the gzip stream of JSON TOC.
+ //
+ // 51 comes from:
+ //
+ // 10 bytes gzip header
+ // 2 bytes XLEN (length of Extra field) = 26 (4 bytes header + 16 hex digits + len("STARGZ"))
+ // 2 bytes Extra: SI1 = 'S', SI2 = 'G'
+ // 2 bytes Extra: LEN = 22 (16 hex digits + len("STARGZ"))
+ // 22 bytes Extra: subfield = fmt.Sprintf("%016xSTARGZ", offsetOfTOC)
+ // 5 bytes flate header
+ // 8 bytes gzip footer
+ // (End of the eStargz blob)
+ //
+ // NOTE: For Extra fields, subfield IDs SI1='S' SI2='G' is used for eStargz.
+ FooterSize = 51
+
+ // legacyFooterSize is the number of bytes in the legacy stargz footer.
+ //
+ // 47 comes from:
+ //
+ // 10 byte gzip header +
+ // 2 byte (LE16) length of extra, encoding 22 (16 hex digits + len("STARGZ")) == "\x16\x00" +
+ // 22 bytes of extra (fmt.Sprintf("%016xSTARGZ", tocGzipOffset))
+ // 5 byte flate header
+ // 8 byte gzip footer (two little endian uint32s: digest, size)
+ legacyFooterSize = 47
+
+ // TOCJSONDigestAnnotation is an annotation for an image layer. This stores the
+ // digest of the TOC JSON.
+ // This annotation is valid only when it is specified in `.[]layers.annotations`
+ // of an image manifest.
+ TOCJSONDigestAnnotation = "containerd.io/snapshot/stargz/toc.digest"
+
+ // StoreUncompressedSizeAnnotation is an additional annotation key for eStargz to enable lazy
+ // pulling on containers/storage. Stargz Store is required to expose the layer's uncompressed size
+ // to the runtime but current OCI image doesn't ship this information by default. So we store this
+ // to the special annotation.
+ StoreUncompressedSizeAnnotation = "io.containers.estargz.uncompressed-size"
+
+ // PrefetchLandmark is a file entry which indicates the end position of
+ // prefetch in the stargz file.
+ PrefetchLandmark = ".prefetch.landmark"
+
+ // NoPrefetchLandmark is a file entry which indicates that no prefetch should
+ // occur in the stargz file.
+ NoPrefetchLandmark = ".no.prefetch.landmark"
+
+ landmarkContents = 0xf
+)
+
+// JTOC is the JSON-serialized table of contents index of the files in the stargz file.
+type JTOC struct {
+ Version int `json:"version"`
+ Entries []*TOCEntry `json:"entries"`
+}
+
+// TOCEntry is an entry in the stargz file's TOC (Table of Contents).
+type TOCEntry struct {
+ // Name is the tar entry's name. It is the complete path
+ // stored in the tar file, not just the base name.
+ Name string `json:"name"`
+
+ // Type is one of "dir", "reg", "symlink", "hardlink", "char",
+ // "block", "fifo", or "chunk".
+ // The "chunk" type is used for regular file data chunks past the first
+ // TOCEntry; the 2nd chunk and on have only Type ("chunk"), Offset,
+ // ChunkOffset, and ChunkSize populated.
+ Type string `json:"type"`
+
+ // Size, for regular files, is the logical size of the file.
+ Size int64 `json:"size,omitempty"`
+
+ // ModTime3339 is the modification time of the tar entry. Empty
+ // means zero or unknown. Otherwise it's in UTC RFC3339
+ // format. Use the ModTime method to access the time.Time value.
+ ModTime3339 string `json:"modtime,omitempty"`
+ modTime time.Time
+
+ // LinkName, for symlinks and hardlinks, is the link target.
+ LinkName string `json:"linkName,omitempty"`
+
+ // Mode is the permission and mode bits.
+ Mode int64 `json:"mode,omitempty"`
+
+ // UID is the user ID of the owner.
+ UID int `json:"uid,omitempty"`
+
+ // GID is the group ID of the owner.
+ GID int `json:"gid,omitempty"`
+
+ // Uname is the username of the owner.
+ //
+ // In the serialized JSON, this field may only be present for
+ // the first entry with the same UID.
+ Uname string `json:"userName,omitempty"`
+
+ // Gname is the group name of the owner.
+ //
+ // In the serialized JSON, this field may only be present for
+ // the first entry with the same GID.
+ Gname string `json:"groupName,omitempty"`
+
+ // Offset, for regular files, provides the offset in the
+ // stargz file to the file's data bytes. See ChunkOffset and
+ // ChunkSize.
+ Offset int64 `json:"offset,omitempty"`
+
+ // InnerOffset is an optional field indicates uncompressed offset
+ // of this "reg" or "chunk" payload in a stream starts from Offset.
+ // This field enables to put multiple "reg" or "chunk" payloads
+ // in one chunk with having the same Offset but different InnerOffset.
+ InnerOffset int64 `json:"innerOffset,omitempty"`
+
+ nextOffset int64 // the Offset of the next entry with a non-zero Offset
+
+ // DevMajor is the major device number for "char" and "block" types.
+ DevMajor int `json:"devMajor,omitempty"`
+
+ // DevMinor is the major device number for "char" and "block" types.
+ DevMinor int `json:"devMinor,omitempty"`
+
+ // NumLink is the number of entry names pointing to this entry.
+ // Zero means one name references this entry.
+ // This field is calculated during runtime and not recorded in TOC JSON.
+ NumLink int `json:"-"`
+
+ // Xattrs are the extended attribute for the entry.
+ Xattrs map[string][]byte `json:"xattrs,omitempty"`
+
+ // Digest stores the OCI checksum for regular files payload.
+ // It has the form "sha256:abcdef01234....".
+ Digest string `json:"digest,omitempty"`
+
+ // ChunkOffset is non-zero if this is a chunk of a large,
+ // regular file. If so, the Offset is where the gzip header of
+ // ChunkSize bytes at ChunkOffset in Name begin.
+ //
+ // In serialized form, a "chunkSize" JSON field of zero means
+ // that the chunk goes to the end of the file. After reading
+ // from the stargz TOC, though, the ChunkSize is initialized
+ // to a non-zero file for when Type is either "reg" or
+ // "chunk".
+ ChunkOffset int64 `json:"chunkOffset,omitempty"`
+ ChunkSize int64 `json:"chunkSize,omitempty"`
+
+ // ChunkDigest stores an OCI digest of the chunk. This must be formed
+ // as "sha256:0123abcd...".
+ ChunkDigest string `json:"chunkDigest,omitempty"`
+
+ children map[string]*TOCEntry
+
+ // chunkTopIndex is index of the entry where Offset starts in the blob.
+ chunkTopIndex int
+}
+
+// ModTime returns the entry's modification time.
+func (e *TOCEntry) ModTime() time.Time { return e.modTime }
+
+// NextOffset returns the position (relative to the start of the
+// stargz file) of the next gzip boundary after e.Offset.
+func (e *TOCEntry) NextOffset() int64 { return e.nextOffset }
+
+func (e *TOCEntry) addChild(baseName string, child *TOCEntry) {
+ if e.children == nil {
+ e.children = make(map[string]*TOCEntry)
+ }
+ if child.Type == "dir" {
+ e.NumLink++ // Entry ".." in the subdirectory links to this directory
+ }
+ e.children[baseName] = child
+}
+
+// isDataType reports whether TOCEntry is a regular file or chunk (something that
+// contains regular file data).
+func (e *TOCEntry) isDataType() bool { return e.Type == "reg" || e.Type == "chunk" }
+
+// Stat returns a FileInfo value representing e.
+func (e *TOCEntry) Stat() os.FileInfo { return fileInfo{e} }
+
+// ForeachChild calls f for each child item. If f returns false, iteration ends.
+// If e is not a directory, f is not called.
+func (e *TOCEntry) ForeachChild(f func(baseName string, ent *TOCEntry) bool) {
+ for name, ent := range e.children {
+ if !f(name, ent) {
+ return
+ }
+ }
+}
+
+// LookupChild returns the directory e's child by its base name.
+func (e *TOCEntry) LookupChild(baseName string) (child *TOCEntry, ok bool) {
+ child, ok = e.children[baseName]
+ return
+}
+
+// fileInfo implements os.FileInfo using the wrapped *TOCEntry.
+type fileInfo struct{ e *TOCEntry }
+
+var _ os.FileInfo = fileInfo{}
+
+func (fi fileInfo) Name() string { return path.Base(fi.e.Name) }
+func (fi fileInfo) IsDir() bool { return fi.e.Type == "dir" }
+func (fi fileInfo) Size() int64 { return fi.e.Size }
+func (fi fileInfo) ModTime() time.Time { return fi.e.ModTime() }
+func (fi fileInfo) Sys() interface{} { return fi.e }
+func (fi fileInfo) Mode() (m os.FileMode) {
+ // TOCEntry.Mode is tar.Header.Mode so we can understand the these bits using `tar` pkg.
+ m = (&tar.Header{Mode: fi.e.Mode}).FileInfo().Mode() &
+ (os.ModePerm | os.ModeSetuid | os.ModeSetgid | os.ModeSticky)
+ switch fi.e.Type {
+ case "dir":
+ m |= os.ModeDir
+ case "symlink":
+ m |= os.ModeSymlink
+ case "char":
+ m |= os.ModeDevice | os.ModeCharDevice
+ case "block":
+ m |= os.ModeDevice
+ case "fifo":
+ m |= os.ModeNamedPipe
+ }
+ return m
+}
+
+// TOCEntryVerifier holds verifiers that are usable for verifying chunks contained
+// in a eStargz blob.
+type TOCEntryVerifier interface {
+
+ // Verifier provides a content verifier that can be used for verifying the
+ // contents of the specified TOCEntry.
+ Verifier(ce *TOCEntry) (digest.Verifier, error)
+}
+
+// Compression provides the compression helper to be used creating and parsing eStargz.
+// This package provides gzip-based Compression by default, but any compression
+// algorithm (e.g. zstd) can be used as long as it implements Compression.
+type Compression interface {
+ Compressor
+ Decompressor
+}
+
+// Compressor represents the helper mothods to be used for creating eStargz.
+type Compressor interface {
+ // Writer returns WriteCloser to be used for writing a chunk to eStargz.
+ // Everytime a chunk is written, the WriteCloser is closed and Writer is
+ // called again for writing the next chunk.
+ //
+ // The returned writer should implement "Flush() error" function that flushes
+ // any pending compressed data to the underlying writer.
+ Writer(w io.Writer) (WriteFlushCloser, error)
+
+ // WriteTOCAndFooter is called to write JTOC to the passed Writer.
+ // diffHash calculates the DiffID (uncompressed sha256 hash) of the blob
+ // WriteTOCAndFooter can optionally write anything that affects DiffID calculation
+ // (e.g. uncompressed TOC JSON).
+ //
+ // This function returns tocDgst that represents the digest of TOC that will be used
+ // to verify this blob when it's parsed.
+ WriteTOCAndFooter(w io.Writer, off int64, toc *JTOC, diffHash hash.Hash) (tocDgst digest.Digest, err error)
+}
+
+// Decompressor represents the helper mothods to be used for parsing eStargz.
+type Decompressor interface {
+ // Reader returns ReadCloser to be used for decompressing file payload.
+ Reader(r io.Reader) (io.ReadCloser, error)
+
+ // FooterSize returns the size of the footer of this blob.
+ FooterSize() int64
+
+ // ParseFooter parses the footer and returns the offset and (compressed) size of TOC.
+ // payloadBlobSize is the (compressed) size of the blob payload (i.e. the size between
+ // the top until the TOC JSON).
+ //
+ // If tocOffset < 0, we assume that TOC isn't contained in the blob and pass nil reader
+ // to ParseTOC. We expect that ParseTOC acquire TOC from the external location and return it.
+ //
+ // tocSize is optional. If tocSize <= 0, it's by default the size of the range from tocOffset until the beginning of the
+ // footer (blob size - tocOff - FooterSize).
+ // If blobPayloadSize < 0, blobPayloadSize become the blob size.
+ ParseFooter(p []byte) (blobPayloadSize, tocOffset, tocSize int64, err error)
+
+ // ParseTOC parses TOC from the passed reader. The reader provides the partial contents
+ // of the underlying blob that has the range specified by ParseFooter method.
+ //
+ // This function returns tocDgst that represents the digest of TOC that will be used
+ // to verify this blob. This must match to the value returned from
+ // Compressor.WriteTOCAndFooter that is used when creating this blob.
+ //
+ // If tocOffset returned by ParseFooter is < 0, we assume that TOC isn't contained in the blob.
+ // Pass nil reader to ParseTOC then we expect that ParseTOC acquire TOC from the external location
+ // and return it.
+ ParseTOC(r io.Reader) (toc *JTOC, tocDgst digest.Digest, err error)
+}
+
+type WriteFlushCloser interface {
+ io.WriteCloser
+ Flush() error
+}
diff --git a/vendor/github.com/containers/image/v5/directory/directory_dest.go b/vendor/github.com/containers/image/v5/directory/directory_dest.go
new file mode 100644
index 000000000..222723a8f
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/directory/directory_dest.go
@@ -0,0 +1,284 @@
+package directory
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "io"
+ "os"
+ "path/filepath"
+ "runtime"
+
+ "github.com/containers/image/v5/internal/imagedestination/impl"
+ "github.com/containers/image/v5/internal/imagedestination/stubs"
+ "github.com/containers/image/v5/internal/private"
+ "github.com/containers/image/v5/internal/putblobdigest"
+ "github.com/containers/image/v5/internal/signature"
+ "github.com/containers/image/v5/types"
+ "github.com/opencontainers/go-digest"
+ "github.com/sirupsen/logrus"
+)
+
+const version = "Directory Transport Version: 1.1\n"
+
+// ErrNotContainerImageDir indicates that the directory doesn't match the expected contents of a directory created
+// using the 'dir' transport
+var ErrNotContainerImageDir = errors.New("not a containers image directory, don't want to overwrite important data")
+
+type dirImageDestination struct {
+ impl.Compat
+ impl.PropertyMethodsInitialize
+ stubs.NoPutBlobPartialInitialize
+ stubs.AlwaysSupportsSignatures
+
+ ref dirReference
+}
+
+// newImageDestination returns an ImageDestination for writing to a directory.
+func newImageDestination(sys *types.SystemContext, ref dirReference) (private.ImageDestination, error) {
+ desiredLayerCompression := types.PreserveOriginal
+ if sys != nil {
+ if sys.DirForceCompress {
+ desiredLayerCompression = types.Compress
+
+ if sys.DirForceDecompress {
+ return nil, fmt.Errorf("Cannot compress and decompress at the same time")
+ }
+ }
+ if sys.DirForceDecompress {
+ desiredLayerCompression = types.Decompress
+ }
+ }
+
+ // If directory exists check if it is empty
+ // if not empty, check whether the contents match that of a container image directory and overwrite the contents
+ // if the contents don't match throw an error
+ dirExists, err := pathExists(ref.resolvedPath)
+ if err != nil {
+ return nil, fmt.Errorf("checking for path %q: %w", ref.resolvedPath, err)
+ }
+ if dirExists {
+ isEmpty, err := isDirEmpty(ref.resolvedPath)
+ if err != nil {
+ return nil, err
+ }
+
+ if !isEmpty {
+ versionExists, err := pathExists(ref.versionPath())
+ if err != nil {
+ return nil, fmt.Errorf("checking if path exists %q: %w", ref.versionPath(), err)
+ }
+ if versionExists {
+ contents, err := os.ReadFile(ref.versionPath())
+ if err != nil {
+ return nil, err
+ }
+ // check if contents of version file is what we expect it to be
+ if string(contents) != version {
+ return nil, ErrNotContainerImageDir
+ }
+ } else {
+ return nil, ErrNotContainerImageDir
+ }
+ // delete directory contents so that only one image is in the directory at a time
+ if err = removeDirContents(ref.resolvedPath); err != nil {
+ return nil, fmt.Errorf("erasing contents in %q: %w", ref.resolvedPath, err)
+ }
+ logrus.Debugf("overwriting existing container image directory %q", ref.resolvedPath)
+ }
+ } else {
+ // create directory if it doesn't exist
+ if err := os.MkdirAll(ref.resolvedPath, 0755); err != nil {
+ return nil, fmt.Errorf("unable to create directory %q: %w", ref.resolvedPath, err)
+ }
+ }
+ // create version file
+ err = os.WriteFile(ref.versionPath(), []byte(version), 0644)
+ if err != nil {
+ return nil, fmt.Errorf("creating version file %q: %w", ref.versionPath(), err)
+ }
+
+ d := &dirImageDestination{
+ PropertyMethodsInitialize: impl.PropertyMethods(impl.Properties{
+ SupportedManifestMIMETypes: nil,
+ DesiredLayerCompression: desiredLayerCompression,
+ AcceptsForeignLayerURLs: false,
+ MustMatchRuntimeOS: false,
+ IgnoresEmbeddedDockerReference: false, // N/A, DockerReference() returns nil.
+ HasThreadSafePutBlob: true,
+ }),
+ NoPutBlobPartialInitialize: stubs.NoPutBlobPartial(ref),
+
+ ref: ref,
+ }
+ d.Compat = impl.AddCompat(d)
+ return d, nil
+}
+
+// Reference returns the reference used to set up this destination. Note that this should directly correspond to user's intent,
+// e.g. it should use the public hostname instead of the result of resolving CNAMEs or following redirects.
+func (d *dirImageDestination) Reference() types.ImageReference {
+ return d.ref
+}
+
+// Close removes resources associated with an initialized ImageDestination, if any.
+func (d *dirImageDestination) Close() error {
+ return nil
+}
+
+// PutBlobWithOptions writes contents of stream and returns data representing the result.
+// inputInfo.Digest can be optionally provided if known; if provided, and stream is read to the end without error, the digest MUST match the stream contents.
+// inputInfo.Size is the expected length of stream, if known.
+// inputInfo.MediaType describes the blob format, if known.
+// WARNING: The contents of stream are being verified on the fly. Until stream.Read() returns io.EOF, the contents of the data SHOULD NOT be available
+// to any other readers for download using the supplied digest.
+// If stream.Read() at any time, ESPECIALLY at end of input, returns an error, PutBlobWithOptions MUST 1) fail, and 2) delete any data stored so far.
+func (d *dirImageDestination) PutBlobWithOptions(ctx context.Context, stream io.Reader, inputInfo types.BlobInfo, options private.PutBlobOptions) (private.UploadedBlob, error) {
+ blobFile, err := os.CreateTemp(d.ref.path, "dir-put-blob")
+ if err != nil {
+ return private.UploadedBlob{}, err
+ }
+ succeeded := false
+ explicitClosed := false
+ defer func() {
+ if !explicitClosed {
+ blobFile.Close()
+ }
+ if !succeeded {
+ os.Remove(blobFile.Name())
+ }
+ }()
+
+ digester, stream := putblobdigest.DigestIfCanonicalUnknown(stream, inputInfo)
+ // TODO: This can take quite some time, and should ideally be cancellable using ctx.Done().
+ size, err := io.Copy(blobFile, stream)
+ if err != nil {
+ return private.UploadedBlob{}, err
+ }
+ blobDigest := digester.Digest()
+ if inputInfo.Size != -1 && size != inputInfo.Size {
+ return private.UploadedBlob{}, fmt.Errorf("Size mismatch when copying %s, expected %d, got %d", blobDigest, inputInfo.Size, size)
+ }
+ if err := blobFile.Sync(); err != nil {
+ return private.UploadedBlob{}, err
+ }
+
+ // On POSIX systems, blobFile was created with mode 0600, so we need to make it readable.
+ // On Windows, the “permissions of newly created files†argument to syscall.Open is
+ // ignored and the file is already readable; besides, blobFile.Chmod, i.e. syscall.Fchmod,
+ // always fails on Windows.
+ if runtime.GOOS != "windows" {
+ if err := blobFile.Chmod(0644); err != nil {
+ return private.UploadedBlob{}, err
+ }
+ }
+
+ blobPath := d.ref.layerPath(blobDigest)
+ // need to explicitly close the file, since a rename won't otherwise not work on Windows
+ blobFile.Close()
+ explicitClosed = true
+ if err := os.Rename(blobFile.Name(), blobPath); err != nil {
+ return private.UploadedBlob{}, err
+ }
+ succeeded = true
+ return private.UploadedBlob{Digest: blobDigest, Size: size}, nil
+}
+
+// TryReusingBlobWithOptions checks whether the transport already contains, or can efficiently reuse, a blob, and if so, applies it to the current destination
+// (e.g. if the blob is a filesystem layer, this signifies that the changes it describes need to be applied again when composing a filesystem tree).
+// info.Digest must not be empty.
+// If the blob has been successfully reused, returns (true, info, nil).
+// If the transport can not reuse the requested blob, TryReusingBlob returns (false, {}, nil); it returns a non-nil error only on an unexpected failure.
+func (d *dirImageDestination) TryReusingBlobWithOptions(ctx context.Context, info types.BlobInfo, options private.TryReusingBlobOptions) (bool, private.ReusedBlob, error) {
+ if !impl.OriginalBlobMatchesRequiredCompression(options) {
+ return false, private.ReusedBlob{}, nil
+ }
+ if info.Digest == "" {
+ return false, private.ReusedBlob{}, fmt.Errorf("Can not check for a blob with unknown digest")
+ }
+ blobPath := d.ref.layerPath(info.Digest)
+ finfo, err := os.Stat(blobPath)
+ if err != nil && os.IsNotExist(err) {
+ return false, private.ReusedBlob{}, nil
+ }
+ if err != nil {
+ return false, private.ReusedBlob{}, err
+ }
+ return true, private.ReusedBlob{Digest: info.Digest, Size: finfo.Size()}, nil
+}
+
+// PutManifest writes manifest to the destination.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to write the manifest for (when
+// the primary manifest is a manifest list); this should always be nil if the primary manifest is not a manifest list.
+// It is expected but not enforced that the instanceDigest, when specified, matches the digest of `manifest` as generated
+// by `manifest.Digest()`.
+// FIXME? This should also receive a MIME type if known, to differentiate between schema versions.
+// If the destination is in principle available, refuses this manifest type (e.g. it does not recognize the schema),
+// but may accept a different manifest type, the returned error must be an ManifestTypeRejectedError.
+func (d *dirImageDestination) PutManifest(ctx context.Context, manifest []byte, instanceDigest *digest.Digest) error {
+ return os.WriteFile(d.ref.manifestPath(instanceDigest), manifest, 0644)
+}
+
+// PutSignaturesWithFormat writes a set of signatures to the destination.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to write or overwrite the signatures for
+// (when the primary manifest is a manifest list); this should always be nil if the primary manifest is not a manifest list.
+// MUST be called after PutManifest (signatures may reference manifest contents).
+func (d *dirImageDestination) PutSignaturesWithFormat(ctx context.Context, signatures []signature.Signature, instanceDigest *digest.Digest) error {
+ for i, sig := range signatures {
+ blob, err := signature.Blob(sig)
+ if err != nil {
+ return err
+ }
+ if err := os.WriteFile(d.ref.signaturePath(i, instanceDigest), blob, 0644); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// Commit marks the process of storing the image as successful and asks for the image to be persisted.
+// unparsedToplevel contains data about the top-level manifest of the source (which may be a single-arch image or a manifest list
+// if PutManifest was only called for the single-arch image with instanceDigest == nil), primarily to allow lookups by the
+// original manifest list digest, if desired.
+// WARNING: This does not have any transactional semantics:
+// - Uploaded data MAY be visible to others before Commit() is called
+// - Uploaded data MAY be removed or MAY remain around if Close() is called without Commit() (i.e. rollback is allowed but not guaranteed)
+func (d *dirImageDestination) Commit(context.Context, types.UnparsedImage) error {
+ return nil
+}
+
+// returns true if path exists
+func pathExists(path string) (bool, error) {
+ _, err := os.Stat(path)
+ if err == nil {
+ return true, nil
+ }
+ if os.IsNotExist(err) {
+ return false, nil
+ }
+ return false, err
+}
+
+// returns true if directory is empty
+func isDirEmpty(path string) (bool, error) {
+ files, err := os.ReadDir(path)
+ if err != nil {
+ return false, err
+ }
+ return len(files) == 0, nil
+}
+
+// deletes the contents of a directory
+func removeDirContents(path string) error {
+ files, err := os.ReadDir(path)
+ if err != nil {
+ return err
+ }
+
+ for _, file := range files {
+ if err := os.RemoveAll(filepath.Join(path, file.Name())); err != nil {
+ return err
+ }
+ }
+ return nil
+}
diff --git a/vendor/github.com/containers/image/v5/directory/directory_src.go b/vendor/github.com/containers/image/v5/directory/directory_src.go
new file mode 100644
index 000000000..5fc83bb6f
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/directory/directory_src.go
@@ -0,0 +1,102 @@
+package directory
+
+import (
+ "context"
+ "fmt"
+ "io"
+ "os"
+
+ "github.com/containers/image/v5/internal/imagesource/impl"
+ "github.com/containers/image/v5/internal/imagesource/stubs"
+ "github.com/containers/image/v5/internal/manifest"
+ "github.com/containers/image/v5/internal/private"
+ "github.com/containers/image/v5/internal/signature"
+ "github.com/containers/image/v5/types"
+ "github.com/opencontainers/go-digest"
+)
+
+type dirImageSource struct {
+ impl.Compat
+ impl.PropertyMethodsInitialize
+ impl.DoesNotAffectLayerInfosForCopy
+ stubs.NoGetBlobAtInitialize
+
+ ref dirReference
+}
+
+// newImageSource returns an ImageSource reading from an existing directory.
+// The caller must call .Close() on the returned ImageSource.
+func newImageSource(ref dirReference) private.ImageSource {
+ s := &dirImageSource{
+ PropertyMethodsInitialize: impl.PropertyMethods(impl.Properties{
+ HasThreadSafeGetBlob: false,
+ }),
+ NoGetBlobAtInitialize: stubs.NoGetBlobAt(ref),
+
+ ref: ref,
+ }
+ s.Compat = impl.AddCompat(s)
+ return s
+}
+
+// Reference returns the reference used to set up this source, _as specified by the user_
+// (not as the image itself, or its underlying storage, claims). This can be used e.g. to determine which public keys are trusted for this image.
+func (s *dirImageSource) Reference() types.ImageReference {
+ return s.ref
+}
+
+// Close removes resources associated with an initialized ImageSource, if any.
+func (s *dirImageSource) Close() error {
+ return nil
+}
+
+// GetManifest returns the image's manifest along with its MIME type (which may be empty when it can't be determined but the manifest is available).
+// It may use a remote (= slow) service.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to retrieve (when the primary manifest is a manifest list);
+// this never happens if the primary manifest is not a manifest list (e.g. if the source never returns manifest lists).
+func (s *dirImageSource) GetManifest(ctx context.Context, instanceDigest *digest.Digest) ([]byte, string, error) {
+ m, err := os.ReadFile(s.ref.manifestPath(instanceDigest))
+ if err != nil {
+ return nil, "", err
+ }
+ return m, manifest.GuessMIMEType(m), err
+}
+
+// GetBlob returns a stream for the specified blob, and the blob’s size (or -1 if unknown).
+// The Digest field in BlobInfo is guaranteed to be provided, Size may be -1 and MediaType may be optionally provided.
+// May update BlobInfoCache, preferably after it knows for certain that a blob truly exists at a specific location.
+func (s *dirImageSource) GetBlob(ctx context.Context, info types.BlobInfo, cache types.BlobInfoCache) (io.ReadCloser, int64, error) {
+ r, err := os.Open(s.ref.layerPath(info.Digest))
+ if err != nil {
+ return nil, -1, err
+ }
+ fi, err := r.Stat()
+ if err != nil {
+ return nil, -1, err
+ }
+ return r, fi.Size(), nil
+}
+
+// GetSignaturesWithFormat returns the image's signatures. It may use a remote (= slow) service.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to retrieve signatures for
+// (when the primary manifest is a manifest list); this never happens if the primary manifest is not a manifest list
+// (e.g. if the source never returns manifest lists).
+func (s *dirImageSource) GetSignaturesWithFormat(ctx context.Context, instanceDigest *digest.Digest) ([]signature.Signature, error) {
+ signatures := []signature.Signature{}
+ for i := 0; ; i++ {
+ path := s.ref.signaturePath(i, instanceDigest)
+ sigBlob, err := os.ReadFile(path)
+ if err != nil {
+ if os.IsNotExist(err) {
+ break
+ }
+ return nil, err
+ }
+ signature, err := signature.FromBlob(sigBlob)
+ if err != nil {
+ return nil, fmt.Errorf("parsing signature %q: %w", path, err)
+ }
+ signatures = append(signatures, signature)
+ }
+ return signatures, nil
+}
diff --git a/vendor/github.com/containers/image/v5/directory/directory_transport.go b/vendor/github.com/containers/image/v5/directory/directory_transport.go
new file mode 100644
index 000000000..7e3068693
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/directory/directory_transport.go
@@ -0,0 +1,188 @@
+package directory
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "path/filepath"
+ "strings"
+
+ "github.com/containers/image/v5/directory/explicitfilepath"
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/internal/image"
+ "github.com/containers/image/v5/transports"
+ "github.com/containers/image/v5/types"
+ "github.com/opencontainers/go-digest"
+)
+
+func init() {
+ transports.Register(Transport)
+}
+
+// Transport is an ImageTransport for directory paths.
+var Transport = dirTransport{}
+
+type dirTransport struct{}
+
+func (t dirTransport) Name() string {
+ return "dir"
+}
+
+// ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an ImageReference.
+func (t dirTransport) ParseReference(reference string) (types.ImageReference, error) {
+ return NewReference(reference)
+}
+
+// ValidatePolicyConfigurationScope checks that scope is a valid name for a signature.PolicyTransportScopes keys
+// (i.e. a valid PolicyConfigurationIdentity() or PolicyConfigurationNamespaces() return value).
+// It is acceptable to allow an invalid value which will never be matched, it can "only" cause user confusion.
+// scope passed to this function will not be "", that value is always allowed.
+func (t dirTransport) ValidatePolicyConfigurationScope(scope string) error {
+ if !strings.HasPrefix(scope, "/") {
+ return fmt.Errorf("Invalid scope %s: Must be an absolute path", scope)
+ }
+ // Refuse also "/", otherwise "/" and "" would have the same semantics,
+ // and "" could be unexpectedly shadowed by the "/" entry.
+ if scope == "/" {
+ return errors.New(`Invalid scope "/": Use the generic default scope ""`)
+ }
+ cleaned := filepath.Clean(scope)
+ if cleaned != scope {
+ return fmt.Errorf(`Invalid scope %s: Uses non-canonical format, perhaps try %s`, scope, cleaned)
+ }
+ return nil
+}
+
+// dirReference is an ImageReference for directory paths.
+type dirReference struct {
+ // Note that the interpretation of paths below depends on the underlying filesystem state, which may change under us at any time!
+ // Either of the paths may point to a different, or no, inode over time. resolvedPath may contain symbolic links, and so on.
+
+ // Generally we follow the intent of the user, and use the "path" member for filesystem operations (e.g. the user can use a relative path to avoid
+ // being exposed to symlinks and renames in the parent directories to the working directory).
+ // (But in general, we make no attempt to be completely safe against concurrent hostile filesystem modifications.)
+ path string // As specified by the user. May be relative, contain symlinks, etc.
+ resolvedPath string // Absolute path with no symlinks, at least at the time of its creation. Primarily used for policy namespaces.
+}
+
+// There is no directory.ParseReference because it is rather pointless.
+// Callers who need a transport-independent interface will go through
+// dirTransport.ParseReference; callers who intentionally deal with directories
+// can use directory.NewReference.
+
+// NewReference returns a directory reference for a specified path.
+//
+// We do not expose an API supplying the resolvedPath; we could, but recomputing it
+// is generally cheap enough that we prefer being confident about the properties of resolvedPath.
+func NewReference(path string) (types.ImageReference, error) {
+ resolved, err := explicitfilepath.ResolvePathToFullyExplicit(path)
+ if err != nil {
+ return nil, err
+ }
+ return dirReference{path: path, resolvedPath: resolved}, nil
+}
+
+func (ref dirReference) Transport() types.ImageTransport {
+ return Transport
+}
+
+// StringWithinTransport returns a string representation of the reference, which MUST be such that
+// reference.Transport().ParseReference(reference.StringWithinTransport()) returns an equivalent reference.
+// NOTE: The returned string is not promised to be equal to the original input to ParseReference;
+// e.g. default attribute values omitted by the user may be filled in the return value, or vice versa.
+// WARNING: Do not use the return value in the UI to describe an image, it does not contain the Transport().Name() prefix.
+func (ref dirReference) StringWithinTransport() string {
+ return ref.path
+}
+
+// DockerReference returns a Docker reference associated with this reference
+// (fully explicit, i.e. !reference.IsNameOnly, but reflecting user intent,
+// not e.g. after redirect or alias processing), or nil if unknown/not applicable.
+func (ref dirReference) DockerReference() reference.Named {
+ return nil
+}
+
+// PolicyConfigurationIdentity returns a string representation of the reference, suitable for policy lookup.
+// This MUST reflect user intent, not e.g. after processing of third-party redirects or aliases;
+// The value SHOULD be fully explicit about its semantics, with no hidden defaults, AND canonical
+// (i.e. various references with exactly the same semantics should return the same configuration identity)
+// It is fine for the return value to be equal to StringWithinTransport(), and it is desirable but
+// not required/guaranteed that it will be a valid input to Transport().ParseReference().
+// Returns "" if configuration identities for these references are not supported.
+func (ref dirReference) PolicyConfigurationIdentity() string {
+ return ref.resolvedPath
+}
+
+// PolicyConfigurationNamespaces returns a list of other policy configuration namespaces to search
+// for if explicit configuration for PolicyConfigurationIdentity() is not set. The list will be processed
+// in order, terminating on first match, and an implicit "" is always checked at the end.
+// It is STRONGLY recommended for the first element, if any, to be a prefix of PolicyConfigurationIdentity(),
+// and each following element to be a prefix of the element preceding it.
+func (ref dirReference) PolicyConfigurationNamespaces() []string {
+ res := []string{}
+ path := ref.resolvedPath
+ for {
+ lastSlash := strings.LastIndex(path, "/")
+ if lastSlash == -1 || lastSlash == 0 {
+ break
+ }
+ path = path[:lastSlash]
+ res = append(res, path)
+ }
+ // Note that we do not include "/"; it is redundant with the default "" global default,
+ // and rejected by dirTransport.ValidatePolicyConfigurationScope above.
+ return res
+}
+
+// NewImage returns a types.ImageCloser for this reference, possibly specialized for this ImageTransport.
+// The caller must call .Close() on the returned ImageCloser.
+// NOTE: If any kind of signature verification should happen, build an UnparsedImage from the value returned by NewImageSource,
+// verify that UnparsedImage, and convert it into a real Image via image.FromUnparsedImage.
+// WARNING: This may not do the right thing for a manifest list, see image.FromSource for details.
+func (ref dirReference) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) {
+ return image.FromReference(ctx, sys, ref)
+}
+
+// NewImageSource returns a types.ImageSource for this reference.
+// The caller must call .Close() on the returned ImageSource.
+func (ref dirReference) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) {
+ return newImageSource(ref), nil
+}
+
+// NewImageDestination returns a types.ImageDestination for this reference.
+// The caller must call .Close() on the returned ImageDestination.
+func (ref dirReference) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) {
+ return newImageDestination(sys, ref)
+}
+
+// DeleteImage deletes the named image from the registry, if supported.
+func (ref dirReference) DeleteImage(ctx context.Context, sys *types.SystemContext) error {
+ return errors.New("Deleting images not implemented for dir: images")
+}
+
+// manifestPath returns a path for the manifest within a directory using our conventions.
+func (ref dirReference) manifestPath(instanceDigest *digest.Digest) string {
+ if instanceDigest != nil {
+ return filepath.Join(ref.path, instanceDigest.Encoded()+".manifest.json")
+ }
+ return filepath.Join(ref.path, "manifest.json")
+}
+
+// layerPath returns a path for a layer tarball within a directory using our conventions.
+func (ref dirReference) layerPath(digest digest.Digest) string {
+ // FIXME: Should we keep the digest identification?
+ return filepath.Join(ref.path, digest.Encoded())
+}
+
+// signaturePath returns a path for a signature within a directory using our conventions.
+func (ref dirReference) signaturePath(index int, instanceDigest *digest.Digest) string {
+ if instanceDigest != nil {
+ return filepath.Join(ref.path, fmt.Sprintf(instanceDigest.Encoded()+".signature-%d", index+1))
+ }
+ return filepath.Join(ref.path, fmt.Sprintf("signature-%d", index+1))
+}
+
+// versionPath returns a path for the version file within a directory using our conventions.
+func (ref dirReference) versionPath() string {
+ return filepath.Join(ref.path, "version")
+}
diff --git a/vendor/github.com/containers/image/v5/docker/daemon/client.go b/vendor/github.com/containers/image/v5/docker/daemon/client.go
new file mode 100644
index 000000000..2c245f54f
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/docker/daemon/client.go
@@ -0,0 +1,101 @@
+package daemon
+
+import (
+ "net/http"
+ "path/filepath"
+
+ "github.com/containers/image/v5/types"
+ dockerclient "github.com/docker/docker/client"
+ "github.com/docker/go-connections/tlsconfig"
+)
+
+const (
+ // The default API version to be used in case none is explicitly specified
+ defaultAPIVersion = "1.22"
+)
+
+// NewDockerClient initializes a new API client based on the passed SystemContext.
+func newDockerClient(sys *types.SystemContext) (*dockerclient.Client, error) {
+ host := dockerclient.DefaultDockerHost
+ if sys != nil && sys.DockerDaemonHost != "" {
+ host = sys.DockerDaemonHost
+ }
+
+ opts := []dockerclient.Opt{
+ dockerclient.WithHost(host),
+ dockerclient.WithVersion(defaultAPIVersion),
+ }
+
+ // We conditionalize building the TLS configuration only to TLS sockets:
+ //
+ // The dockerclient.Client implementation differentiates between
+ // - Client.proto, which is ~how the connection is establishe (IP / AF_UNIX/Windows)
+ // - Client.scheme, which is what is sent over the connection (HTTP with/without TLS).
+ //
+ // Only Client.proto is set from the URL in dockerclient.WithHost(),
+ // Client.scheme is detected based on a http.Client.TLSClientConfig presence;
+ // dockerclient.WithHTTPClient with a client that has TLSClientConfig set
+ // will, by default, trigger an attempt to use TLS.
+ //
+ // So, don’t use WithHTTPClient for unix:// sockets at all.
+ //
+ // Similarly, if we want to communicate over plain HTTP on a TCP socket (http://),
+ // we also should not set TLSClientConfig. We continue to use WithHTTPClient
+ // with our slightly non-default settings to avoid a behavior change on updates of c/image.
+ //
+ // Alternatively we could use dockerclient.WithScheme to drive the TLS/non-TLS logic
+ // explicitly, but we would still want to set WithHTTPClient (differently) for https:// and http:// ;
+ // so that would not be any simpler.
+ serverURL, err := dockerclient.ParseHostURL(host)
+ if err != nil {
+ return nil, err
+ }
+ switch serverURL.Scheme {
+ case "unix": // Nothing
+ case "http":
+ hc := httpConfig()
+ opts = append(opts, dockerclient.WithHTTPClient(hc))
+ default:
+ hc, err := tlsConfig(sys)
+ if err != nil {
+ return nil, err
+ }
+ opts = append(opts, dockerclient.WithHTTPClient(hc))
+ }
+
+ return dockerclient.NewClientWithOpts(opts...)
+}
+
+func tlsConfig(sys *types.SystemContext) (*http.Client, error) {
+ options := tlsconfig.Options{}
+ if sys != nil && sys.DockerDaemonInsecureSkipTLSVerify {
+ options.InsecureSkipVerify = true
+ }
+
+ if sys != nil && sys.DockerDaemonCertPath != "" {
+ options.CAFile = filepath.Join(sys.DockerDaemonCertPath, "ca.pem")
+ options.CertFile = filepath.Join(sys.DockerDaemonCertPath, "cert.pem")
+ options.KeyFile = filepath.Join(sys.DockerDaemonCertPath, "key.pem")
+ }
+
+ tlsc, err := tlsconfig.Client(options)
+ if err != nil {
+ return nil, err
+ }
+
+ return &http.Client{
+ Transport: &http.Transport{
+ TLSClientConfig: tlsc,
+ },
+ CheckRedirect: dockerclient.CheckRedirect,
+ }, nil
+}
+
+func httpConfig() *http.Client {
+ return &http.Client{
+ Transport: &http.Transport{
+ TLSClientConfig: nil,
+ },
+ CheckRedirect: dockerclient.CheckRedirect,
+ }
+}
diff --git a/vendor/github.com/containers/image/v5/docker/daemon/daemon_dest.go b/vendor/github.com/containers/image/v5/docker/daemon/daemon_dest.go
new file mode 100644
index 000000000..55431db13
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/docker/daemon/daemon_dest.go
@@ -0,0 +1,186 @@
+package daemon
+
+import (
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+
+ "github.com/containers/image/v5/docker/internal/tarfile"
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/internal/private"
+ "github.com/containers/image/v5/types"
+ "github.com/docker/docker/client"
+ "github.com/sirupsen/logrus"
+)
+
+type daemonImageDestination struct {
+ ref daemonReference
+ mustMatchRuntimeOS bool
+ *tarfile.Destination // Implements most of types.ImageDestination
+ archive *tarfile.Writer
+ // For talking to imageLoadGoroutine
+ goroutineCancel context.CancelFunc
+ statusChannel <-chan error
+ writer *io.PipeWriter
+ // Other state
+ committed bool // writer has been closed
+}
+
+// newImageDestination returns a types.ImageDestination for the specified image reference.
+func newImageDestination(ctx context.Context, sys *types.SystemContext, ref daemonReference) (private.ImageDestination, error) {
+ if ref.ref == nil {
+ return nil, fmt.Errorf("Invalid destination docker-daemon:%s: a destination must be a name:tag", ref.StringWithinTransport())
+ }
+ namedTaggedRef, ok := ref.ref.(reference.NamedTagged)
+ if !ok {
+ return nil, fmt.Errorf("Invalid destination docker-daemon:%s: a destination must be a name:tag", ref.StringWithinTransport())
+ }
+
+ var mustMatchRuntimeOS = true
+ if sys != nil && sys.DockerDaemonHost != client.DefaultDockerHost {
+ mustMatchRuntimeOS = false
+ }
+
+ c, err := newDockerClient(sys)
+ if err != nil {
+ return nil, fmt.Errorf("initializing docker engine client: %w", err)
+ }
+
+ reader, writer := io.Pipe()
+ archive := tarfile.NewWriter(writer)
+ // Commit() may never be called, so we may never read from this channel; so, make this buffered to allow imageLoadGoroutine to write status and terminate even if we never read it.
+ statusChannel := make(chan error, 1)
+
+ goroutineContext, goroutineCancel := context.WithCancel(ctx)
+ go imageLoadGoroutine(goroutineContext, c, reader, statusChannel)
+
+ return &daemonImageDestination{
+ ref: ref,
+ mustMatchRuntimeOS: mustMatchRuntimeOS,
+ Destination: tarfile.NewDestination(sys, archive, ref.Transport().Name(), namedTaggedRef),
+ archive: archive,
+ goroutineCancel: goroutineCancel,
+ statusChannel: statusChannel,
+ writer: writer,
+ committed: false,
+ }, nil
+}
+
+// imageLoadGoroutine accepts tar stream on reader, sends it to c, and reports error or success by writing to statusChannel
+func imageLoadGoroutine(ctx context.Context, c *client.Client, reader *io.PipeReader, statusChannel chan<- error) {
+ defer c.Close()
+ err := errors.New("Internal error: unexpected panic in imageLoadGoroutine")
+ defer func() {
+ logrus.Debugf("docker-daemon: sending done, status %v", err)
+ statusChannel <- err
+ }()
+ defer func() {
+ if err == nil {
+ reader.Close()
+ } else {
+ if err := reader.CloseWithError(err); err != nil {
+ logrus.Debugf("imageLoadGoroutine: Error during reader.CloseWithError: %v", err)
+ }
+ }
+ }()
+
+ err = imageLoad(ctx, c, reader)
+}
+
+// imageLoad accepts tar stream on reader and sends it to c
+func imageLoad(ctx context.Context, c *client.Client, reader *io.PipeReader) error {
+ resp, err := c.ImageLoad(ctx, reader, true)
+ if err != nil {
+ return fmt.Errorf("starting a load operation in docker engine: %w", err)
+ }
+ defer resp.Body.Close()
+
+ // jsonError and jsonMessage are small subsets of docker/docker/pkg/jsonmessage.JSONError and JSONMessage,
+ // copied here to minimize dependencies.
+ type jsonError struct {
+ Message string `json:"message,omitempty"`
+ }
+ type jsonMessage struct {
+ Error *jsonError `json:"errorDetail,omitempty"`
+ }
+
+ dec := json.NewDecoder(resp.Body)
+ for {
+ var msg jsonMessage
+ if err := dec.Decode(&msg); err != nil {
+ if err == io.EOF {
+ break
+ }
+ return fmt.Errorf("parsing docker load progress: %w", err)
+ }
+ if msg.Error != nil {
+ return fmt.Errorf("docker engine reported: %s", msg.Error.Message)
+ }
+ }
+ return nil // No error reported = success
+}
+
+// DesiredLayerCompression indicates if layers must be compressed, decompressed or preserved
+func (d *daemonImageDestination) DesiredLayerCompression() types.LayerCompression {
+ return types.PreserveOriginal
+}
+
+// MustMatchRuntimeOS returns true iff the destination can store only images targeted for the current runtime architecture and OS. False otherwise.
+func (d *daemonImageDestination) MustMatchRuntimeOS() bool {
+ return d.mustMatchRuntimeOS
+}
+
+// Close removes resources associated with an initialized ImageDestination, if any.
+func (d *daemonImageDestination) Close() error {
+ if !d.committed {
+ logrus.Debugf("docker-daemon: Closing tar stream to abort loading")
+ // In principle, goroutineCancel() should abort the HTTP request and stop the process from continuing.
+ // In practice, though, various HTTP implementations used by client.Client.ImageLoad() (including
+ // https://github.com/golang/net/blob/master/context/ctxhttp/ctxhttp_pre17.go and the
+ // net/http version with native Context support in Go 1.7) do not always actually immediately cancel
+ // the operation: they may process the HTTP request, or a part of it, to completion in a goroutine, and
+ // return early if the context is canceled without terminating the goroutine at all.
+ // So we need this CloseWithError to terminate sending the HTTP request Body
+ // immediately, and hopefully, through terminating the sending which uses "Transfer-Encoding: chunked"" without sending
+ // the terminating zero-length chunk, prevent the docker daemon from processing the tar stream at all.
+ // Whether that works or not, closing the PipeWriter seems desirable in any case.
+ if err := d.writer.CloseWithError(errors.New("Aborting upload, daemonImageDestination closed without a previous .Commit()")); err != nil {
+ return err
+ }
+ }
+ d.goroutineCancel()
+
+ return nil
+}
+
+func (d *daemonImageDestination) Reference() types.ImageReference {
+ return d.ref
+}
+
+// Commit marks the process of storing the image as successful and asks for the image to be persisted.
+// unparsedToplevel contains data about the top-level manifest of the source (which may be a single-arch image or a manifest list
+// if PutManifest was only called for the single-arch image with instanceDigest == nil), primarily to allow lookups by the
+// original manifest list digest, if desired.
+// WARNING: This does not have any transactional semantics:
+// - Uploaded data MAY be visible to others before Commit() is called
+// - Uploaded data MAY be removed or MAY remain around if Close() is called without Commit() (i.e. rollback is allowed but not guaranteed)
+func (d *daemonImageDestination) Commit(ctx context.Context, unparsedToplevel types.UnparsedImage) error {
+ logrus.Debugf("docker-daemon: Closing tar stream")
+ if err := d.archive.Close(); err != nil {
+ return err
+ }
+ if err := d.writer.Close(); err != nil {
+ return err
+ }
+ d.committed = true // We may still fail, but we are done sending to imageLoadGoroutine.
+
+ logrus.Debugf("docker-daemon: Waiting for status")
+ select {
+ case <-ctx.Done():
+ return ctx.Err()
+ case err := <-d.statusChannel:
+ return err
+ }
+}
diff --git a/vendor/github.com/containers/image/v5/docker/daemon/daemon_src.go b/vendor/github.com/containers/image/v5/docker/daemon/daemon_src.go
new file mode 100644
index 000000000..10923c278
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/docker/daemon/daemon_src.go
@@ -0,0 +1,56 @@
+package daemon
+
+import (
+ "context"
+ "fmt"
+
+ "github.com/containers/image/v5/docker/internal/tarfile"
+ "github.com/containers/image/v5/internal/private"
+ "github.com/containers/image/v5/types"
+)
+
+type daemonImageSource struct {
+ ref daemonReference
+ *tarfile.Source // Implements most of types.ImageSource
+}
+
+// newImageSource returns a types.ImageSource for the specified image reference.
+// The caller must call .Close() on the returned ImageSource.
+//
+// It would be great if we were able to stream the input tar as it is being
+// sent; but Docker sends the top-level manifest, which determines which paths
+// to look for, at the end, so in we will need to seek back and re-read, several times.
+// (We could, perhaps, expect an exact sequence, assume that the first plaintext file
+// is the config, and that the following len(RootFS) files are the layers, but that feels
+// way too brittle.)
+func newImageSource(ctx context.Context, sys *types.SystemContext, ref daemonReference) (private.ImageSource, error) {
+ c, err := newDockerClient(sys)
+ if err != nil {
+ return nil, fmt.Errorf("initializing docker engine client: %w", err)
+ }
+ defer c.Close()
+
+ // Per NewReference(), ref.StringWithinTransport() is either an image ID (config digest), or a !reference.NameOnly() reference.
+ // Either way ImageSave should create a tarball with exactly one image.
+ inputStream, err := c.ImageSave(ctx, []string{ref.StringWithinTransport()})
+ if err != nil {
+ return nil, fmt.Errorf("loading image from docker engine: %w", err)
+ }
+ defer inputStream.Close()
+
+ archive, err := tarfile.NewReaderFromStream(sys, inputStream)
+ if err != nil {
+ return nil, err
+ }
+ src := tarfile.NewSource(archive, true, ref.Transport().Name(), nil, -1)
+ return &daemonImageSource{
+ ref: ref,
+ Source: src,
+ }, nil
+}
+
+// Reference returns the reference used to set up this source, _as specified by the user_
+// (not as the image itself, or its underlying storage, claims). This can be used e.g. to determine which public keys are trusted for this image.
+func (s *daemonImageSource) Reference() types.ImageReference {
+ return s.ref
+}
diff --git a/vendor/github.com/containers/image/v5/docker/daemon/daemon_transport.go b/vendor/github.com/containers/image/v5/docker/daemon/daemon_transport.go
new file mode 100644
index 000000000..9eedff745
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/docker/daemon/daemon_transport.go
@@ -0,0 +1,219 @@
+package daemon
+
+import (
+ "context"
+ "errors"
+ "fmt"
+
+ "github.com/containers/image/v5/docker/policyconfiguration"
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/internal/image"
+ "github.com/containers/image/v5/transports"
+ "github.com/containers/image/v5/types"
+ "github.com/opencontainers/go-digest"
+)
+
+func init() {
+ transports.Register(Transport)
+}
+
+// Transport is an ImageTransport for images managed by a local Docker daemon.
+var Transport = daemonTransport{}
+
+type daemonTransport struct{}
+
+// Name returns the name of the transport, which must be unique among other transports.
+func (t daemonTransport) Name() string {
+ return "docker-daemon"
+}
+
+// ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an ImageReference.
+func (t daemonTransport) ParseReference(reference string) (types.ImageReference, error) {
+ return ParseReference(reference)
+}
+
+// ValidatePolicyConfigurationScope checks that scope is a valid name for a signature.PolicyTransportScopes keys
+// (i.e. a valid PolicyConfigurationIdentity() or PolicyConfigurationNamespaces() return value).
+// It is acceptable to allow an invalid value which will never be matched, it can "only" cause user confusion.
+// scope passed to this function will not be "", that value is always allowed.
+func (t daemonTransport) ValidatePolicyConfigurationScope(scope string) error {
+ // ID values cannot be effectively namespaced, and are clearly invalid host:port values.
+ if _, err := digest.Parse(scope); err == nil {
+ return fmt.Errorf(`docker-daemon: can not use algo:digest value %s as a namespace`, scope)
+ }
+
+ // FIXME? We could be verifying the various character set and length restrictions
+ // from docker/distribution/reference.regexp.go, but other than that there
+ // are few semantically invalid strings.
+ return nil
+}
+
+// daemonReference is an ImageReference for images managed by a local Docker daemon
+// Exactly one of id and ref can be set.
+// For daemonImageSource, both id and ref are acceptable, ref must not be a NameOnly (interpreted as all tags in that repository by the daemon)
+// For daemonImageDestination, it must be a ref, which is NamedTagged.
+// (We could, in principle, also allow storing images without tagging them, and the user would have to refer to them using the docker image ID = config digest.
+// Using the config digest requires the caller to parse the manifest themselves, which is very cumbersome; so, for now, we don’t bother.)
+type daemonReference struct {
+ id digest.Digest
+ ref reference.Named // !reference.IsNameOnly
+}
+
+// ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an ImageReference.
+func ParseReference(refString string) (types.ImageReference, error) {
+ // This is intended to be compatible with reference.ParseAnyReference, but more strict about refusing some of the ambiguous cases.
+ // In particular, this rejects unprefixed digest values (64 hex chars), and sha256 digest prefixes (sha256:fewer-than-64-hex-chars).
+
+ // digest:hexstring is structurally the same as a reponame:tag (meaning docker.io/library/reponame:tag).
+ // reference.ParseAnyReference interprets such strings as digests.
+ if dgst, err := digest.Parse(refString); err == nil {
+ // The daemon explicitly refuses to tag images with a reponame equal to digest.Canonical - but _only_ this digest name.
+ // Other digest references are ambiguous, so refuse them.
+ if dgst.Algorithm() != digest.Canonical {
+ return nil, fmt.Errorf("Invalid docker-daemon: reference %s: only digest algorithm %s accepted", refString, digest.Canonical)
+ }
+ return NewReference(dgst, nil)
+ }
+
+ ref, err := reference.ParseNormalizedNamed(refString) // This also rejects unprefixed digest values
+ if err != nil {
+ return nil, err
+ }
+ if reference.FamiliarName(ref) == digest.Canonical.String() {
+ return nil, fmt.Errorf("Invalid docker-daemon: reference %s: The %s repository name is reserved for (non-shortened) digest references", refString, digest.Canonical)
+ }
+ return NewReference("", ref)
+}
+
+// NewReference returns a docker-daemon reference for either the supplied image ID (config digest) or the supplied reference (which must satisfy !reference.IsNameOnly)
+func NewReference(id digest.Digest, ref reference.Named) (types.ImageReference, error) {
+ if id != "" && ref != nil {
+ return nil, errors.New("docker-daemon: reference must not have an image ID and a reference string specified at the same time")
+ }
+ if ref != nil {
+ if reference.IsNameOnly(ref) {
+ return nil, fmt.Errorf("docker-daemon: reference %s has neither a tag nor a digest", reference.FamiliarString(ref))
+ }
+ // A github.com/distribution/reference value can have a tag and a digest at the same time!
+ // Most versions of docker/reference do not handle that (ignoring the tag), so reject such input.
+ // This MAY be accepted in the future.
+ // (Even if it were supported, the semantics of policy namespaces are unclear - should we drop
+ // the tag or the digest first?)
+ _, isTagged := ref.(reference.NamedTagged)
+ _, isDigested := ref.(reference.Canonical)
+ if isTagged && isDigested {
+ return nil, fmt.Errorf("docker-daemon: references with both a tag and digest are currently not supported")
+ }
+ }
+ return daemonReference{
+ id: id,
+ ref: ref,
+ }, nil
+}
+
+func (ref daemonReference) Transport() types.ImageTransport {
+ return Transport
+}
+
+// StringWithinTransport returns a string representation of the reference, which MUST be such that
+// reference.Transport().ParseReference(reference.StringWithinTransport()) returns an equivalent reference.
+// NOTE: The returned string is not promised to be equal to the original input to ParseReference;
+// e.g. default attribute values omitted by the user may be filled in the return value, or vice versa.
+// WARNING: Do not use the return value in the UI to describe an image, it does not contain the Transport().Name() prefix;
+// instead, see transports.ImageName().
+func (ref daemonReference) StringWithinTransport() string {
+ switch {
+ case ref.id != "":
+ return ref.id.String()
+ case ref.ref != nil:
+ return reference.FamiliarString(ref.ref)
+ default: // Coverage: Should never happen, NewReference above should refuse such values.
+ panic("Internal inconsistency: daemonReference has empty id and nil ref")
+ }
+}
+
+// DockerReference returns a Docker reference associated with this reference
+// (fully explicit, i.e. !reference.IsNameOnly, but reflecting user intent,
+// not e.g. after redirect or alias processing), or nil if unknown/not applicable.
+func (ref daemonReference) DockerReference() reference.Named {
+ return ref.ref // May be nil
+}
+
+// PolicyConfigurationIdentity returns a string representation of the reference, suitable for policy lookup.
+// This MUST reflect user intent, not e.g. after processing of third-party redirects or aliases;
+// The value SHOULD be fully explicit about its semantics, with no hidden defaults, AND canonical
+// (i.e. various references with exactly the same semantics should return the same configuration identity)
+// It is fine for the return value to be equal to StringWithinTransport(), and it is desirable but
+// not required/guaranteed that it will be a valid input to Transport().ParseReference().
+// Returns "" if configuration identities for these references are not supported.
+func (ref daemonReference) PolicyConfigurationIdentity() string {
+ // We must allow referring to images in the daemon by image ID, otherwise untagged images would not be accessible.
+ // But the existence of image IDs means that we can’t truly well namespace the input:
+ // a single image can be namespaced either using the name or the ID depending on how it is named.
+ //
+ // That’s fairly unexpected, but we have to cope somehow.
+ //
+ // So, use the ordinary docker/policyconfiguration namespacing for named images.
+ // image IDs all fall into the root namespace.
+ // Users can set up the root namespace to be either untrusted or rejected,
+ // and to set up specific trust for named namespaces. This allows verifying image
+ // identity when a name is known, and unnamed images would be untrusted or rejected.
+ switch {
+ case ref.id != "":
+ return "" // This still allows using the default "" scope to define a global policy for ID-identified images.
+ case ref.ref != nil:
+ res, err := policyconfiguration.DockerReferenceIdentity(ref.ref)
+ if res == "" || err != nil { // Coverage: Should never happen, NewReference above should refuse values which could cause a failure.
+ panic(fmt.Sprintf("Internal inconsistency: policyconfiguration.DockerReferenceIdentity returned %#v, %v", res, err))
+ }
+ return res
+ default: // Coverage: Should never happen, NewReference above should refuse such values.
+ panic("Internal inconsistency: daemonReference has empty id and nil ref")
+ }
+}
+
+// PolicyConfigurationNamespaces returns a list of other policy configuration namespaces to search
+// for if explicit configuration for PolicyConfigurationIdentity() is not set. The list will be processed
+// in order, terminating on first match, and an implicit "" is always checked at the end.
+// It is STRONGLY recommended for the first element, if any, to be a prefix of PolicyConfigurationIdentity(),
+// and each following element to be a prefix of the element preceding it.
+func (ref daemonReference) PolicyConfigurationNamespaces() []string {
+ // See the explanation in daemonReference.PolicyConfigurationIdentity.
+ switch {
+ case ref.id != "":
+ return []string{}
+ case ref.ref != nil:
+ return policyconfiguration.DockerReferenceNamespaces(ref.ref)
+ default: // Coverage: Should never happen, NewReference above should refuse such values.
+ panic("Internal inconsistency: daemonReference has empty id and nil ref")
+ }
+}
+
+// NewImage returns a types.ImageCloser for this reference, possibly specialized for this ImageTransport.
+// The caller must call .Close() on the returned ImageCloser.
+// NOTE: If any kind of signature verification should happen, build an UnparsedImage from the value returned by NewImageSource,
+// verify that UnparsedImage, and convert it into a real Image via image.FromUnparsedImage.
+// WARNING: This may not do the right thing for a manifest list, see image.FromSource for details.
+func (ref daemonReference) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) {
+ return image.FromReference(ctx, sys, ref)
+}
+
+// NewImageSource returns a types.ImageSource for this reference.
+// The caller must call .Close() on the returned ImageSource.
+func (ref daemonReference) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) {
+ return newImageSource(ctx, sys, ref)
+}
+
+// NewImageDestination returns a types.ImageDestination for this reference.
+// The caller must call .Close() on the returned ImageDestination.
+func (ref daemonReference) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) {
+ return newImageDestination(ctx, sys, ref)
+}
+
+// DeleteImage deletes the named image from the registry, if supported.
+func (ref daemonReference) DeleteImage(ctx context.Context, sys *types.SystemContext) error {
+ // Should this just untag the image? Should this stop running containers?
+ // The semantics is not quite as clear as for remote repositories.
+ // The user can run (docker rmi) directly anyway, so, for now(?), punt instead of trying to guess what the user meant.
+ return errors.New("Deleting images not implemented for docker-daemon: images")
+}
diff --git a/vendor/github.com/containers/image/v5/docker/docker_image.go b/vendor/github.com/containers/image/v5/docker/docker_image.go
index 42bbfd95e..93160480e 100644
--- a/vendor/github.com/containers/image/v5/docker/docker_image.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image.go
@@ -123,6 +123,9 @@ func GetDigest(ctx context.Context, sys *types.SystemContext, ref types.ImageRef
if !ok {
return "", errors.New("ref must be a dockerReference")
}
+ if dr.isUnknownDigest {
+ return "", fmt.Errorf("docker: reference %q is for unknown digest case; cannot get digest", dr.StringWithinTransport())
+ }
tagOrDigest, err := dr.tagOrDigest()
if err != nil {
diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
index 774068c27..a9a36f0a3 100644
--- a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
@@ -452,7 +452,15 @@ func (d *dockerImageDestination) TryReusingBlobWithOptions(ctx context.Context,
// but may accept a different manifest type, the returned error must be an ManifestTypeRejectedError.
func (d *dockerImageDestination) PutManifest(ctx context.Context, m []byte, instanceDigest *digest.Digest) error {
var refTail string
- if instanceDigest != nil {
+ // If d.ref.isUnknownDigest=true, then we push without a tag, so get the
+ // digest that will be used
+ if d.ref.isUnknownDigest {
+ digest, err := manifest.Digest(m)
+ if err != nil {
+ return err
+ }
+ refTail = digest.String()
+ } else if instanceDigest != nil {
// If the instanceDigest is provided, then use it as the refTail, because the reference,
// whether it includes a tag or a digest, refers to the list as a whole, and not this
// particular instance.
diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_src.go b/vendor/github.com/containers/image/v5/docker/docker_image_src.go
index 231d5d212..f9d4d6030 100644
--- a/vendor/github.com/containers/image/v5/docker/docker_image_src.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image_src.go
@@ -38,8 +38,8 @@ type dockerImageSource struct {
impl.DoesNotAffectLayerInfosForCopy
stubs.ImplementsGetBlobAt
- logicalRef dockerReference // The reference the user requested.
- physicalRef dockerReference // The actual reference we are accessing (possibly a mirror)
+ logicalRef dockerReference // The reference the user requested. This must satisfy !isUnknownDigest
+ physicalRef dockerReference // The actual reference we are accessing (possibly a mirror). This must satisfy !isUnknownDigest
c *dockerClient
// State
cachedManifest []byte // nil if not loaded yet
@@ -48,7 +48,12 @@ type dockerImageSource struct {
// newImageSource creates a new ImageSource for the specified image reference.
// The caller must call .Close() on the returned ImageSource.
+// The caller must ensure !ref.isUnknownDigest.
func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerReference) (*dockerImageSource, error) {
+ if ref.isUnknownDigest {
+ return nil, fmt.Errorf("reading images from docker: reference %q without a tag or digest is not supported", ref.StringWithinTransport())
+ }
+
registryConfig, err := loadRegistryConfiguration(sys)
if err != nil {
return nil, err
@@ -121,7 +126,7 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerRef
// The caller must call .Close() on the returned ImageSource.
func newImageSourceAttempt(ctx context.Context, sys *types.SystemContext, logicalRef dockerReference, pullSource sysregistriesv2.PullSource,
registryConfig *registryConfiguration) (*dockerImageSource, error) {
- physicalRef, err := newReference(pullSource.Reference)
+ physicalRef, err := newReference(pullSource.Reference, false)
if err != nil {
return nil, err
}
@@ -591,6 +596,10 @@ func (s *dockerImageSource) getSignaturesFromSigstoreAttachments(ctx context.Con
// deleteImage deletes the named image from the registry, if supported.
func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerReference) error {
+ if ref.isUnknownDigest {
+ return fmt.Errorf("Docker reference without a tag or digest cannot be deleted")
+ }
+
registryConfig, err := loadRegistryConfiguration(sys)
if err != nil {
return err
diff --git a/vendor/github.com/containers/image/v5/docker/docker_transport.go b/vendor/github.com/containers/image/v5/docker/docker_transport.go
index 6ae849159..1c89302f4 100644
--- a/vendor/github.com/containers/image/v5/docker/docker_transport.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_transport.go
@@ -12,6 +12,11 @@ import (
"github.com/containers/image/v5/types"
)
+// UnknownDigestSuffix can be appended to a reference when the caller
+// wants to push an image without a tag or digest.
+// NewReferenceUnknownDigest() is called when this const is detected.
+const UnknownDigestSuffix = "@@unknown-digest@@"
+
func init() {
transports.Register(Transport)
}
@@ -43,7 +48,8 @@ func (t dockerTransport) ValidatePolicyConfigurationScope(scope string) error {
// dockerReference is an ImageReference for Docker images.
type dockerReference struct {
- ref reference.Named // By construction we know that !reference.IsNameOnly(ref)
+ ref reference.Named // By construction we know that !reference.IsNameOnly(ref) unless isUnknownDigest=true
+ isUnknownDigest bool
}
// ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an Docker ImageReference.
@@ -51,23 +57,46 @@ func ParseReference(refString string) (types.ImageReference, error) {
if !strings.HasPrefix(refString, "//") {
return nil, fmt.Errorf("docker: image reference %s does not start with //", refString)
}
+ // Check if ref has UnknownDigestSuffix suffixed to it
+ unknownDigest := false
+ if strings.HasSuffix(refString, UnknownDigestSuffix) {
+ unknownDigest = true
+ refString = strings.TrimSuffix(refString, UnknownDigestSuffix)
+ }
ref, err := reference.ParseNormalizedNamed(strings.TrimPrefix(refString, "//"))
if err != nil {
return nil, err
}
+
+ if unknownDigest {
+ if !reference.IsNameOnly(ref) {
+ return nil, fmt.Errorf("docker: image reference %q has unknown digest set but it contains either a tag or digest", ref.String()+UnknownDigestSuffix)
+ }
+ return NewReferenceUnknownDigest(ref)
+ }
+
ref = reference.TagNameOnly(ref)
return NewReference(ref)
}
// NewReference returns a Docker reference for a named reference. The reference must satisfy !reference.IsNameOnly().
func NewReference(ref reference.Named) (types.ImageReference, error) {
- return newReference(ref)
+ return newReference(ref, false)
+}
+
+// NewReferenceUnknownDigest returns a Docker reference for a named reference, which can be used to write images without setting
+// a tag on the registry. The reference must satisfy reference.IsNameOnly()
+func NewReferenceUnknownDigest(ref reference.Named) (types.ImageReference, error) {
+ return newReference(ref, true)
}
// newReference returns a dockerReference for a named reference.
-func newReference(ref reference.Named) (dockerReference, error) {
- if reference.IsNameOnly(ref) {
- return dockerReference{}, fmt.Errorf("Docker reference %s has neither a tag nor a digest", reference.FamiliarString(ref))
+func newReference(ref reference.Named, unknownDigest bool) (dockerReference, error) {
+ if reference.IsNameOnly(ref) && !unknownDigest {
+ return dockerReference{}, fmt.Errorf("Docker reference %s is not for an unknown digest case; tag or digest is needed", reference.FamiliarString(ref))
+ }
+ if !reference.IsNameOnly(ref) && unknownDigest {
+ return dockerReference{}, fmt.Errorf("Docker reference %s is for an unknown digest case but reference has a tag or digest", reference.FamiliarString(ref))
}
// A github.com/distribution/reference value can have a tag and a digest at the same time!
// The docker/distribution API does not really support that (we can’t ask for an image with a specific
@@ -81,7 +110,8 @@ func newReference(ref reference.Named) (dockerReference, error) {
}
return dockerReference{
- ref: ref,
+ ref: ref,
+ isUnknownDigest: unknownDigest,
}, nil
}
@@ -95,7 +125,11 @@ func (ref dockerReference) Transport() types.ImageTransport {
// e.g. default attribute values omitted by the user may be filled in the return value, or vice versa.
// WARNING: Do not use the return value in the UI to describe an image, it does not contain the Transport().Name() prefix.
func (ref dockerReference) StringWithinTransport() string {
- return "//" + reference.FamiliarString(ref.ref)
+ famString := "//" + reference.FamiliarString(ref.ref)
+ if ref.isUnknownDigest {
+ return famString + UnknownDigestSuffix
+ }
+ return famString
}
// DockerReference returns a Docker reference associated with this reference
@@ -113,6 +147,9 @@ func (ref dockerReference) DockerReference() reference.Named {
// not required/guaranteed that it will be a valid input to Transport().ParseReference().
// Returns "" if configuration identities for these references are not supported.
func (ref dockerReference) PolicyConfigurationIdentity() string {
+ if ref.isUnknownDigest {
+ return ref.ref.Name()
+ }
res, err := policyconfiguration.DockerReferenceIdentity(ref.ref)
if res == "" || err != nil { // Coverage: Should never happen, NewReference above should refuse values which could cause a failure.
panic(fmt.Sprintf("Internal inconsistency: policyconfiguration.DockerReferenceIdentity returned %#v, %v", res, err))
@@ -126,7 +163,13 @@ func (ref dockerReference) PolicyConfigurationIdentity() string {
// It is STRONGLY recommended for the first element, if any, to be a prefix of PolicyConfigurationIdentity(),
// and each following element to be a prefix of the element preceding it.
func (ref dockerReference) PolicyConfigurationNamespaces() []string {
- return policyconfiguration.DockerReferenceNamespaces(ref.ref)
+ namespaces := policyconfiguration.DockerReferenceNamespaces(ref.ref)
+ if ref.isUnknownDigest {
+ if len(namespaces) != 0 && namespaces[0] == ref.ref.Name() {
+ namespaces = namespaces[1:]
+ }
+ }
+ return namespaces
}
// NewImage returns a types.ImageCloser for this reference, possibly specialized for this ImageTransport.
@@ -163,6 +206,10 @@ func (ref dockerReference) tagOrDigest() (string, error) {
if ref, ok := ref.ref.(reference.NamedTagged); ok {
return ref.Tag(), nil
}
+
+ if ref.isUnknownDigest {
+ return "", fmt.Errorf("Docker reference %q is for an unknown digest case, has neither a digest nor a tag", reference.FamiliarString(ref.ref))
+ }
// This should not happen, NewReference above refuses reference.IsNameOnly values.
return "", fmt.Errorf("Internal inconsistency: Reference %s unexpectedly has neither a digest nor a tag", reference.FamiliarString(ref.ref))
}
diff --git a/vendor/github.com/containers/image/v5/openshift/openshift-copies.go b/vendor/github.com/containers/image/v5/openshift/openshift-copies.go
new file mode 100644
index 000000000..c6498f6ca
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/openshift/openshift-copies.go
@@ -0,0 +1,1200 @@
+package openshift
+
+import (
+ "crypto/tls"
+ "crypto/x509"
+ "encoding/base64"
+ "errors"
+ "fmt"
+ "net"
+ "net/http"
+ "net/netip"
+ "net/url"
+ "os"
+ "path"
+ "path/filepath"
+ "reflect"
+ "strings"
+ "time"
+
+ "dario.cat/mergo"
+ "github.com/containers/storage/pkg/homedir"
+ "github.com/sirupsen/logrus"
+ "golang.org/x/exp/slices"
+ "gopkg.in/yaml.v3"
+)
+
+// restTLSClientConfig is a modified copy of k8s.io/kubernetes/pkg/client/restclient.TLSClientConfig.
+// restTLSClientConfig contains settings to enable transport layer security
+type restTLSClientConfig struct {
+ // Server requires TLS client certificate authentication
+ CertFile string
+ // Server requires TLS client certificate authentication
+ KeyFile string
+ // Trusted root certificates for server
+ CAFile string
+
+ // CertData holds PEM-encoded bytes (typically read from a client certificate file).
+ // CertData takes precedence over CertFile
+ CertData []byte
+ // KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
+ // KeyData takes precedence over KeyFile
+ KeyData []byte
+ // CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
+ // CAData takes precedence over CAFile
+ CAData []byte
+}
+
+// restConfig is a modified copy of k8s.io/kubernetes/pkg/client/restclient.Config.
+// Config holds the common attributes that can be passed to a Kubernetes client on
+// initialization.
+type restConfig struct {
+ // Host must be a host string, a host:port pair, or a URL to the base of the apiserver.
+ // If a URL is given then the (optional) Path of that URL represents a prefix that must
+ // be appended to all request URIs used to access the apiserver. This allows a frontend
+ // proxy to easily relocate all of the apiserver endpoints.
+ Host string
+
+ // Server requires Basic authentication
+ Username string
+ Password string
+
+ // Server requires Bearer authentication. This client will not attempt to use
+ // refresh tokens for an OAuth2 flow.
+ // TODO: demonstrate an OAuth2 compatible client.
+ BearerToken string
+
+ // TLSClientConfig contains settings to enable transport layer security
+ TLSClientConfig restTLSClientConfig
+
+ // Server should be accessed without verifying the TLS
+ // certificate. For testing only.
+ Insecure bool
+}
+
+// ClientConfig is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.ClientConfig.
+// ClientConfig is used to make it easy to get an api server client
+type clientConfig interface {
+ // ClientConfig returns a complete client config
+ ClientConfig() (*restConfig, error)
+}
+
+// defaultClientConfig is a modified copy of openshift/origin/pkg/cmd/util/clientcmd.DefaultClientConfig.
+func defaultClientConfig() clientConfig {
+ loadingRules := newOpenShiftClientConfigLoadingRules()
+ // REMOVED: Allowing command-line overriding of loadingRules
+ // REMOVED: clientcmd.ConfigOverrides
+
+ clientConfig := newNonInteractiveDeferredLoadingClientConfig(loadingRules)
+
+ return clientConfig
+}
+
+var recommendedHomeFile = path.Join(homedir.Get(), ".kube/config")
+
+// newOpenShiftClientConfigLoadingRules is a modified copy of openshift/origin/pkg/cmd/cli/config.NewOpenShiftClientConfigLoadingRules.
+// NewOpenShiftClientConfigLoadingRules returns file priority loading rules for OpenShift.
+// 1. --config value
+// 2. if KUBECONFIG env var has a value, use it. Otherwise, ~/.kube/config file
+func newOpenShiftClientConfigLoadingRules() *clientConfigLoadingRules {
+ chain := []string{}
+
+ envVarFile := os.Getenv("KUBECONFIG")
+ if len(envVarFile) != 0 {
+ chain = append(chain, filepath.SplitList(envVarFile)...)
+ } else {
+ chain = append(chain, recommendedHomeFile)
+ }
+
+ return &clientConfigLoadingRules{
+ Precedence: chain,
+ // REMOVED: Migration support; run (oc login) to trigger migration
+ }
+}
+
+// deferredLoadingClientConfig is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DeferredLoadingClientConfig.
+// DeferredLoadingClientConfig is a ClientConfig interface that is backed by a set of loading rules
+// It is used in cases where the loading rules may change after you've instantiated them and you want to be sure that
+// the most recent rules are used. This is useful in cases where you bind flags to loading rule parameters before
+// the parse happens and you want your calling code to be ignorant of how the values are being mutated to avoid
+// passing extraneous information down a call stack
+type deferredLoadingClientConfig struct {
+ loadingRules *clientConfigLoadingRules
+
+ clientConfig clientConfig
+}
+
+// NewNonInteractiveDeferredLoadingClientConfig is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.NewNonInteractiveDeferredLoadingClientConfig.
+// NewNonInteractiveDeferredLoadingClientConfig creates a ConfigClientClientConfig using the passed context name
+func newNonInteractiveDeferredLoadingClientConfig(loadingRules *clientConfigLoadingRules) clientConfig {
+ return &deferredLoadingClientConfig{loadingRules: loadingRules}
+}
+
+func (config *deferredLoadingClientConfig) createClientConfig() (clientConfig, error) {
+ if config.clientConfig == nil {
+ // REMOVED: Support for concurrent use in multiple threads.
+ mergedConfig, err := config.loadingRules.Load()
+ if err != nil {
+ return nil, err
+ }
+
+ // REMOVED: Interactive fallback support.
+ mergedClientConfig := newNonInteractiveClientConfig(*mergedConfig)
+
+ config.clientConfig = mergedClientConfig
+ }
+
+ return config.clientConfig, nil
+}
+
+// ClientConfig is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DeferredLoadingClientConfig.ClientConfig.
+// ClientConfig implements ClientConfig
+func (config *deferredLoadingClientConfig) ClientConfig() (*restConfig, error) {
+ mergedClientConfig, err := config.createClientConfig()
+ if err != nil {
+ return nil, err
+ }
+ mergedConfig, err := mergedClientConfig.ClientConfig()
+ if err != nil {
+ return nil, err
+ }
+ // REMOVED: In-cluster service account configuration use.
+
+ return mergedConfig, nil
+}
+
+var (
+ // DefaultCluster is the cluster config used when no other config is specified
+ // TODO: eventually apiserver should start on 443 and be secure by default
+ defaultCluster = clientcmdCluster{Server: "http://localhost:8080"}
+
+ // EnvVarCluster allows overriding the DefaultCluster using an envvar for the server name
+ envVarCluster = clientcmdCluster{Server: os.Getenv("KUBERNETES_MASTER")}
+)
+
+// directClientConfig is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DirectClientConfig.
+// DirectClientConfig is a ClientConfig interface that is backed by a clientcmdapi.Config, options overrides, and an optional fallbackReader for auth information
+type directClientConfig struct {
+ config clientcmdConfig
+}
+
+// newNonInteractiveClientConfig is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.NewNonInteractiveClientConfig.
+// NewNonInteractiveClientConfig creates a DirectClientConfig using the passed context name and does not have a fallback reader for auth information
+func newNonInteractiveClientConfig(config clientcmdConfig) clientConfig {
+ return &directClientConfig{config}
+}
+
+// ClientConfig is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DirectClientConfig.ClientConfig.
+// ClientConfig implements ClientConfig
+func (config *directClientConfig) ClientConfig() (*restConfig, error) {
+ if err := config.ConfirmUsable(); err != nil {
+ return nil, err
+ }
+
+ configAuthInfo := config.getAuthInfo()
+ configClusterInfo := config.getCluster()
+
+ clientConfig := &restConfig{}
+ clientConfig.Host = configClusterInfo.Server
+ if u, err := url.ParseRequestURI(clientConfig.Host); err == nil && u.Opaque == "" && len(u.Path) > 1 {
+ u.RawQuery = ""
+ u.Fragment = ""
+ clientConfig.Host = u.String()
+ }
+
+ // only try to read the auth information if we are secure
+ if isConfigTransportTLS(*clientConfig) {
+ var err error
+ // REMOVED: Support for interactive fallback.
+ userAuthPartialConfig := getUserIdentificationPartialConfig(configAuthInfo)
+ if err = mergo.MergeWithOverwrite(clientConfig, userAuthPartialConfig); err != nil {
+ return nil, err
+ }
+
+ serverAuthPartialConfig, err := getServerIdentificationPartialConfig(configClusterInfo)
+ if err != nil {
+ return nil, err
+ }
+ if err = mergo.MergeWithOverwrite(clientConfig, serverAuthPartialConfig); err != nil {
+ return nil, err
+ }
+ }
+
+ return clientConfig, nil
+}
+
+// getServerIdentificationPartialConfig is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.getServerIdentificationPartialConfig.
+// clientauth.Info object contain both user identification and server identification. We want different precedence orders for
+// both, so we have to split the objects and merge them separately
+// we want this order of precedence for the server identification
+// 1. configClusterInfo (the final result of command line flags and merged .kubeconfig files)
+// 2. configAuthInfo.auth-path (this file can contain information that conflicts with #1, and we want #1 to win the priority)
+// 3. load the ~/.kubernetes_auth file as a default
+func getServerIdentificationPartialConfig(configClusterInfo clientcmdCluster) (*restConfig, error) {
+ mergedConfig := &restConfig{}
+
+ // configClusterInfo holds the information identify the server provided by .kubeconfig
+ configClientConfig := &restConfig{}
+ configClientConfig.TLSClientConfig.CAFile = configClusterInfo.CertificateAuthority
+ configClientConfig.TLSClientConfig.CAData = configClusterInfo.CertificateAuthorityData
+ configClientConfig.Insecure = configClusterInfo.InsecureSkipTLSVerify
+ if err := mergo.MergeWithOverwrite(mergedConfig, configClientConfig); err != nil {
+ return nil, err
+ }
+
+ return mergedConfig, nil
+}
+
+// getUserIdentificationPartialConfig is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.getUserIdentificationPartialConfig.
+// clientauth.Info object contain both user identification and server identification. We want different precedence orders for
+// both, so we have to split the objects and merge them separately
+// we want this order of precedence for user identification
+// 1. configAuthInfo minus auth-path (the final result of command line flags and merged .kubeconfig files)
+// 2. configAuthInfo.auth-path (this file can contain information that conflicts with #1, and we want #1 to win the priority)
+// 3. if there is not enough information to identify the user, load try the ~/.kubernetes_auth file
+// 4. if there is not enough information to identify the user, prompt if possible
+func getUserIdentificationPartialConfig(configAuthInfo clientcmdAuthInfo) *restConfig {
+ mergedConfig := &restConfig{}
+
+ // blindly overwrite existing values based on precedence
+ if len(configAuthInfo.Token) > 0 {
+ mergedConfig.BearerToken = configAuthInfo.Token
+ }
+ if len(configAuthInfo.ClientCertificate) > 0 || len(configAuthInfo.ClientCertificateData) > 0 {
+ mergedConfig.TLSClientConfig.CertFile = configAuthInfo.ClientCertificate
+ mergedConfig.TLSClientConfig.CertData = configAuthInfo.ClientCertificateData
+ mergedConfig.TLSClientConfig.KeyFile = configAuthInfo.ClientKey
+ mergedConfig.TLSClientConfig.KeyData = configAuthInfo.ClientKeyData
+ }
+ if len(configAuthInfo.Username) > 0 || len(configAuthInfo.Password) > 0 {
+ mergedConfig.Username = configAuthInfo.Username
+ mergedConfig.Password = configAuthInfo.Password
+ }
+
+ // REMOVED: prompting for missing information.
+ return mergedConfig
+}
+
+// ConfirmUsable is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DirectClientConfig.ConfirmUsable.
+// ConfirmUsable looks a particular context and determines if that particular part of the config is usable. There might still be errors in the config,
+// but no errors in the sections requested or referenced. It does not return early so that it can find as many errors as possible.
+func (config *directClientConfig) ConfirmUsable() error {
+ var validationErrors []error
+ validationErrors = append(validationErrors, validateAuthInfo(config.getAuthInfoName(), config.getAuthInfo())...)
+ validationErrors = append(validationErrors, validateClusterInfo(config.getClusterName(), config.getCluster())...)
+ // when direct client config is specified, and our only error is that no server is defined, we should
+ // return a standard "no config" error
+ if len(validationErrors) == 1 && validationErrors[0] == errEmptyCluster {
+ return newErrConfigurationInvalid([]error{errEmptyConfig})
+ }
+ return newErrConfigurationInvalid(validationErrors)
+}
+
+// getContextName is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DirectClientConfig.getContextName.
+func (config *directClientConfig) getContextName() string {
+ // REMOVED: overrides support
+ return config.config.CurrentContext
+}
+
+// getAuthInfoName is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DirectClientConfig.getAuthInfoName.
+func (config *directClientConfig) getAuthInfoName() string {
+ // REMOVED: overrides support
+ return config.getContext().AuthInfo
+}
+
+// getClusterName is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DirectClientConfig.getClusterName.
+func (config *directClientConfig) getClusterName() string {
+ // REMOVED: overrides support
+ return config.getContext().Cluster
+}
+
+// getContext is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DirectClientConfig.getContext.
+func (config *directClientConfig) getContext() clientcmdContext {
+ contexts := config.config.Contexts
+ contextName := config.getContextName()
+
+ var mergedContext clientcmdContext
+ if configContext, exists := contexts[contextName]; exists {
+ if err := mergo.MergeWithOverwrite(&mergedContext, configContext); err != nil {
+ logrus.Debugf("Can't merge configContext: %v", err)
+ }
+ }
+ // REMOVED: overrides support
+
+ return mergedContext
+}
+
+var (
+ errEmptyConfig = errors.New("no configuration has been provided")
+ // message is for consistency with old behavior
+ errEmptyCluster = errors.New("cluster has no server defined")
+)
+
+// helper for checking certificate/key/CA
+func validateFileIsReadable(name string) error {
+ answer, err := os.Open(name)
+ defer func() {
+ if err := answer.Close(); err != nil {
+ logrus.Debugf("Error closing %v: %v", name, err)
+ }
+ }()
+ return err
+}
+
+// validateClusterInfo is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DirectClientConfig.validateClusterInfo.
+// validateClusterInfo looks for conflicts and errors in the cluster info
+func validateClusterInfo(clusterName string, clusterInfo clientcmdCluster) []error {
+ var validationErrors []error
+
+ if reflect.DeepEqual(clientcmdCluster{}, clusterInfo) {
+ return []error{errEmptyCluster}
+ }
+
+ if len(clusterInfo.Server) == 0 {
+ if len(clusterName) == 0 {
+ validationErrors = append(validationErrors, errors.New("default cluster has no server defined"))
+ } else {
+ validationErrors = append(validationErrors, fmt.Errorf("no server found for cluster %q", clusterName))
+ }
+ }
+ // Make sure CA data and CA file aren't both specified
+ if len(clusterInfo.CertificateAuthority) != 0 && len(clusterInfo.CertificateAuthorityData) != 0 {
+ validationErrors = append(validationErrors, fmt.Errorf("certificate-authority-data and certificate-authority are both specified for %v. certificate-authority-data will override", clusterName))
+ }
+ if len(clusterInfo.CertificateAuthority) != 0 {
+ err := validateFileIsReadable(clusterInfo.CertificateAuthority)
+ if err != nil {
+ validationErrors = append(validationErrors, fmt.Errorf("unable to read certificate-authority %v for %v due to %v", clusterInfo.CertificateAuthority, clusterName, err))
+ }
+ }
+
+ return validationErrors
+}
+
+// validateAuthInfo is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DirectClientConfig.validateAuthInfo.
+// validateAuthInfo looks for conflicts and errors in the auth info
+func validateAuthInfo(authInfoName string, authInfo clientcmdAuthInfo) []error {
+ var validationErrors []error
+
+ usingAuthPath := false
+ methods := make([]string, 0, 3)
+ if len(authInfo.Token) != 0 {
+ methods = append(methods, "token")
+ }
+ if len(authInfo.Username) != 0 || len(authInfo.Password) != 0 {
+ methods = append(methods, "basicAuth")
+ }
+
+ if len(authInfo.ClientCertificate) != 0 || len(authInfo.ClientCertificateData) != 0 {
+ // Make sure cert data and file aren't both specified
+ if len(authInfo.ClientCertificate) != 0 && len(authInfo.ClientCertificateData) != 0 {
+ validationErrors = append(validationErrors, fmt.Errorf("client-cert-data and client-cert are both specified for %v. client-cert-data will override", authInfoName))
+ }
+ // Make sure key data and file aren't both specified
+ if len(authInfo.ClientKey) != 0 && len(authInfo.ClientKeyData) != 0 {
+ validationErrors = append(validationErrors, fmt.Errorf("client-key-data and client-key are both specified for %v; client-key-data will override", authInfoName))
+ }
+ // Make sure a key is specified
+ if len(authInfo.ClientKey) == 0 && len(authInfo.ClientKeyData) == 0 {
+ validationErrors = append(validationErrors, fmt.Errorf("client-key-data or client-key must be specified for %v to use the clientCert authentication method", authInfoName))
+ }
+
+ if len(authInfo.ClientCertificate) != 0 {
+ err := validateFileIsReadable(authInfo.ClientCertificate)
+ if err != nil {
+ validationErrors = append(validationErrors, fmt.Errorf("unable to read client-cert %v for %v due to %v", authInfo.ClientCertificate, authInfoName, err))
+ }
+ }
+ if len(authInfo.ClientKey) != 0 {
+ err := validateFileIsReadable(authInfo.ClientKey)
+ if err != nil {
+ validationErrors = append(validationErrors, fmt.Errorf("unable to read client-key %v for %v due to %v", authInfo.ClientKey, authInfoName, err))
+ }
+ }
+ }
+
+ // authPath also provides information for the client to identify the server, so allow multiple auth methods in that case
+ if (len(methods) > 1) && (!usingAuthPath) {
+ validationErrors = append(validationErrors, fmt.Errorf("more than one authentication method found for %v; found %v, only one is allowed", authInfoName, methods))
+ }
+
+ return validationErrors
+}
+
+// getAuthInfo is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DirectClientConfig.getAuthInfo.
+func (config *directClientConfig) getAuthInfo() clientcmdAuthInfo {
+ authInfos := config.config.AuthInfos
+ authInfoName := config.getAuthInfoName()
+
+ var mergedAuthInfo clientcmdAuthInfo
+ if configAuthInfo, exists := authInfos[authInfoName]; exists {
+ if err := mergo.MergeWithOverwrite(&mergedAuthInfo, configAuthInfo); err != nil {
+ logrus.Debugf("Can't merge configAuthInfo: %v", err)
+ }
+ }
+ // REMOVED: overrides support
+
+ return mergedAuthInfo
+}
+
+// getCluster is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.DirectClientConfig.getCluster.
+func (config *directClientConfig) getCluster() clientcmdCluster {
+ clusterInfos := config.config.Clusters
+ clusterInfoName := config.getClusterName()
+
+ var mergedClusterInfo clientcmdCluster
+ if err := mergo.MergeWithOverwrite(&mergedClusterInfo, defaultCluster); err != nil {
+ logrus.Debugf("Can't merge defaultCluster: %v", err)
+ }
+ if err := mergo.MergeWithOverwrite(&mergedClusterInfo, envVarCluster); err != nil {
+ logrus.Debugf("Can't merge envVarCluster: %v", err)
+ }
+ if configClusterInfo, exists := clusterInfos[clusterInfoName]; exists {
+ if err := mergo.MergeWithOverwrite(&mergedClusterInfo, configClusterInfo); err != nil {
+ logrus.Debugf("Can't merge configClusterInfo: %v", err)
+ }
+ }
+ // REMOVED: overrides support
+
+ return mergedClusterInfo
+}
+
+// aggregateErr is a modified copy of k8s.io/apimachinery/pkg/util/errors.aggregate.
+// This helper implements the error and Errors interfaces. Keeping it private
+// prevents people from making an aggregate of 0 errors, which is not
+// an error, but does satisfy the error interface.
+type aggregateErr []error
+
+// newAggregate is a modified copy of k8s.io/apimachinery/pkg/util/errors.NewAggregate.
+// NewAggregate converts a slice of errors into an Aggregate interface, which
+// is itself an implementation of the error interface. If the slice is empty,
+// this returns nil.
+// It will check if any of the element of input error list is nil, to avoid
+// nil pointer panic when call Error().
+func newAggregate(errlist []error) error {
+ if len(errlist) == 0 {
+ return nil
+ }
+ // In case of input error list contains nil
+ var errs []error
+ for _, e := range errlist {
+ if e != nil {
+ errs = append(errs, e)
+ }
+ }
+ if len(errs) == 0 {
+ return nil
+ }
+ return aggregateErr(errs)
+}
+
+// Error is a modified copy of k8s.io/apimachinery/pkg/util/errors.aggregate.Error.
+// Error is part of the error interface.
+func (agg aggregateErr) Error() string {
+ if len(agg) == 0 {
+ // This should never happen, really.
+ return ""
+ }
+ if len(agg) == 1 {
+ return agg[0].Error()
+ }
+ result := fmt.Sprintf("[%s", agg[0].Error())
+ for i := 1; i < len(agg); i++ {
+ result += fmt.Sprintf(", %s", agg[i].Error())
+ }
+ result += "]"
+ return result
+}
+
+// REMOVED: aggregateErr.Errors
+
+// errConfigurationInvalid is a modified? copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.errConfigurationInvalid.
+// errConfigurationInvalid is a set of errors indicating the configuration is invalid.
+type errConfigurationInvalid []error
+
+var _ error = errConfigurationInvalid{}
+
+// REMOVED: utilerrors.Aggregate implementation for errConfigurationInvalid.
+
+// newErrConfigurationInvalid is a modified? copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.newErrConfigurationInvalid.
+func newErrConfigurationInvalid(errs []error) error {
+ switch len(errs) {
+ case 0:
+ return nil
+ default:
+ return errConfigurationInvalid(errs)
+ }
+}
+
+// Error implements the error interface
+func (e errConfigurationInvalid) Error() string {
+ return fmt.Sprintf("invalid configuration: %v", newAggregate(e).Error())
+}
+
+// clientConfigLoadingRules is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.ClientConfigLoadingRules
+// ClientConfigLoadingRules is an ExplicitPath and string slice of specific locations that are used for merging together a Config
+// Callers can put the chain together however they want, but we'd recommend:
+// EnvVarPathFiles if set (a list of files if set) OR the HomeDirectoryPath
+// ExplicitPath is special, because if a user specifically requests a certain file be used and error is reported if this file is not present
+type clientConfigLoadingRules struct {
+ Precedence []string
+}
+
+// Load is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.ClientConfigLoadingRules.Load
+// Load starts by running the MigrationRules and then
+// takes the loading rules and returns a Config object based on following rules.
+//
+// - if the ExplicitPath, return the unmerged explicit file
+// - Otherwise, return a merged config based on the Precedence slice
+//
+// A missing ExplicitPath file produces an error. Empty filenames or other missing files are ignored.
+// Read errors or files with non-deserializable content produce errors.
+// The first file to set a particular map key wins and map key's value is never changed.
+// BUT, if you set a struct value that is NOT contained inside of map, the value WILL be changed.
+// This results in some odd looking logic to merge in one direction, merge in the other, and then merge the two.
+// It also means that if two files specify a "red-user", only values from the first file's red-user are used. Even
+// non-conflicting entries from the second file's "red-user" are discarded.
+// Relative paths inside of the .kubeconfig files are resolved against the .kubeconfig file's parent folder
+// and only absolute file paths are returned.
+func (rules *clientConfigLoadingRules) Load() (*clientcmdConfig, error) {
+ errlist := []error{}
+
+ kubeConfigFiles := []string{}
+
+ // REMOVED: explicit path support
+ kubeConfigFiles = append(kubeConfigFiles, rules.Precedence...)
+
+ kubeconfigs := []*clientcmdConfig{}
+ // read and cache the config files so that we only look at them once
+ for _, filename := range kubeConfigFiles {
+ if len(filename) == 0 {
+ // no work to do
+ continue
+ }
+
+ config, err := loadFromFile(filename)
+ if os.IsNotExist(err) {
+ // skip missing files
+ continue
+ }
+ if err != nil {
+ errlist = append(errlist, fmt.Errorf("loading config file \"%s\": %w", filename, err))
+ continue
+ }
+
+ kubeconfigs = append(kubeconfigs, config)
+ }
+
+ // first merge all of our maps
+ mapConfig := clientcmdNewConfig()
+ for _, kubeconfig := range kubeconfigs {
+ if err := mergo.MergeWithOverwrite(mapConfig, kubeconfig); err != nil {
+ return nil, err
+ }
+ }
+
+ // merge all of the struct values in the reverse order so that priority is given correctly
+ // errors are not added to the list the second time
+ nonMapConfig := clientcmdNewConfig()
+ for i := len(kubeconfigs) - 1; i >= 0; i-- {
+ kubeconfig := kubeconfigs[i]
+ if err := mergo.MergeWithOverwrite(nonMapConfig, kubeconfig); err != nil {
+ return nil, err
+ }
+ }
+
+ // since values are overwritten, but maps values are not, we can merge the non-map config on top of the map config and
+ // get the values we expect.
+ config := clientcmdNewConfig()
+ if err := mergo.MergeWithOverwrite(config, mapConfig); err != nil {
+ return nil, err
+ }
+ if err := mergo.MergeWithOverwrite(config, nonMapConfig); err != nil {
+ return nil, err
+ }
+
+ // REMOVED: Possibility to skip this.
+ if err := resolveLocalPaths(config); err != nil {
+ errlist = append(errlist, err)
+ }
+
+ return config, newAggregate(errlist)
+}
+
+// loadFromFile is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.LoadFromFile
+// LoadFromFile takes a filename and deserializes the contents into Config object
+func loadFromFile(filename string) (*clientcmdConfig, error) {
+ kubeconfigBytes, err := os.ReadFile(filename)
+ if err != nil {
+ return nil, err
+ }
+ config, err := load(kubeconfigBytes)
+ if err != nil {
+ return nil, err
+ }
+
+ // set LocationOfOrigin on every Cluster, User, and Context
+ for key, obj := range config.AuthInfos {
+ obj.LocationOfOrigin = filename
+ config.AuthInfos[key] = obj
+ }
+ for key, obj := range config.Clusters {
+ obj.LocationOfOrigin = filename
+ config.Clusters[key] = obj
+ }
+ for key, obj := range config.Contexts {
+ obj.LocationOfOrigin = filename
+ config.Contexts[key] = obj
+ }
+
+ if config.AuthInfos == nil {
+ config.AuthInfos = map[string]*clientcmdAuthInfo{}
+ }
+ if config.Clusters == nil {
+ config.Clusters = map[string]*clientcmdCluster{}
+ }
+ if config.Contexts == nil {
+ config.Contexts = map[string]*clientcmdContext{}
+ }
+
+ return config, nil
+}
+
+// load is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.Load
+// Load takes a byte slice and deserializes the contents into Config object.
+// Encapsulates deserialization without assuming the source is a file.
+func load(data []byte) (*clientcmdConfig, error) {
+ config := clientcmdNewConfig()
+ // if there's no data in a file, return the default object instead of failing (DecodeInto reject empty input)
+ if len(data) == 0 {
+ return config, nil
+ }
+ // Note: This does absolutely no kind/version checking or conversions.
+ if err := yaml.Unmarshal(data, config); err != nil {
+ return nil, err
+ }
+ return config, nil
+}
+
+// resolveLocalPaths is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.ClientConfigLoadingRules.resolveLocalPaths.
+// ResolveLocalPaths resolves all relative paths in the config object with respect to the stanza's LocationOfOrigin
+// this cannot be done directly inside of LoadFromFile because doing so there would make it impossible to load a file without
+// modification of its contents.
+func resolveLocalPaths(config *clientcmdConfig) error {
+ for _, cluster := range config.Clusters {
+ if len(cluster.LocationOfOrigin) == 0 {
+ continue
+ }
+ base, err := filepath.Abs(filepath.Dir(cluster.LocationOfOrigin))
+ if err != nil {
+ return fmt.Errorf("Could not determine the absolute path of config file %s: %w", cluster.LocationOfOrigin, err)
+ }
+
+ if err := resolvePaths(getClusterFileReferences(cluster), base); err != nil {
+ return err
+ }
+ }
+ for _, authInfo := range config.AuthInfos {
+ if len(authInfo.LocationOfOrigin) == 0 {
+ continue
+ }
+ base, err := filepath.Abs(filepath.Dir(authInfo.LocationOfOrigin))
+ if err != nil {
+ return fmt.Errorf("Could not determine the absolute path of config file %s: %w", authInfo.LocationOfOrigin, err)
+ }
+
+ if err := resolvePaths(getAuthInfoFileReferences(authInfo), base); err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+// getClusterFileReferences is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.ClientConfigLoadingRules.GetClusterFileReferences.
+func getClusterFileReferences(cluster *clientcmdCluster) []*string {
+ return []*string{&cluster.CertificateAuthority}
+}
+
+// getAuthInfoFileReferences is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.ClientConfigLoadingRules.GetAuthInfoFileReferences.
+func getAuthInfoFileReferences(authInfo *clientcmdAuthInfo) []*string {
+ return []*string{&authInfo.ClientCertificate, &authInfo.ClientKey}
+}
+
+// resolvePaths is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd.ClientConfigLoadingRules.resolvePaths.
+// ResolvePaths updates the given refs to be absolute paths, relative to the given base directory
+func resolvePaths(refs []*string, base string) error {
+ for _, ref := range refs {
+ // Don't resolve empty paths
+ if len(*ref) > 0 {
+ // Don't resolve absolute paths
+ if !filepath.IsAbs(*ref) {
+ *ref = filepath.Join(base, *ref)
+ }
+ }
+ }
+ return nil
+}
+
+// restClientFor is a modified copy of k8s.io/kubernetes/pkg/client/restclient.RESTClientFor.
+// RESTClientFor returns a RESTClient that satisfies the requested attributes on a client Config
+// object. Note that a RESTClient may require fields that are optional when initializing a Client.
+// A RESTClient created by this method is generic - it expects to operate on an API that follows
+// the Kubernetes conventions, but may not be the Kubernetes API.
+func restClientFor(config *restConfig) (*url.URL, *http.Client, error) {
+ // REMOVED: Configurable GroupVersion, Codec
+ // REMOVED: Configurable versionedAPIPath
+ baseURL, err := defaultServerURLFor(config)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ transport, err := transportFor(config)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ var httpClient *http.Client
+ if transport != http.DefaultTransport {
+ httpClient = &http.Client{Transport: transport}
+ }
+
+ // REMOVED: Configurable QPS, Burst, ContentConfig
+ // REMOVED: Actually returning a RESTClient object.
+ return baseURL, httpClient, nil
+}
+
+// defaultServerURL is a modified copy of k8s.io/kubernetes/pkg/client/restclient.DefaultServerURL.
+// DefaultServerURL converts a host, host:port, or URL string to the default base server API path
+// to use with a Client at a given API version following the standard conventions for a
+// Kubernetes API.
+func defaultServerURL(host string, defaultTLS bool) (*url.URL, error) {
+ if host == "" {
+ return nil, errors.New("host must be a URL or a host:port pair")
+ }
+ base := host
+ hostURL, err := url.Parse(base)
+ if err != nil {
+ return nil, err
+ }
+ if hostURL.Scheme == "" {
+ scheme := "http://"
+ if defaultTLS {
+ scheme = "https://"
+ }
+ hostURL, err = url.Parse(scheme + base)
+ if err != nil {
+ return nil, err
+ }
+ if hostURL.Path != "" && hostURL.Path != "/" {
+ return nil, fmt.Errorf("host must be a URL or a host:port pair: %q", base)
+ }
+ }
+
+ // REMOVED: versionedAPIPath computation.
+ return hostURL, nil
+}
+
+// defaultServerURLFor is a modified copy of k8s.io/kubernetes/pkg/client/restclient.defaultServerURLFor.
+// defaultServerUrlFor is shared between IsConfigTransportTLS and RESTClientFor. It
+// requires Host and Version to be set prior to being called.
+func defaultServerURLFor(config *restConfig) (*url.URL, error) {
+ // TODO: move the default to secure when the apiserver supports TLS by default
+ // config.Insecure is taken to mean "I want HTTPS but don't bother checking the certs against a CA."
+ hasCA := len(config.TLSClientConfig.CAFile) != 0 || len(config.TLSClientConfig.CAData) != 0
+ hasCert := len(config.TLSClientConfig.CertFile) != 0 || len(config.TLSClientConfig.CertData) != 0
+ defaultTLS := hasCA || hasCert || config.Insecure
+ host := config.Host
+ if host == "" {
+ host = "localhost"
+ }
+
+ // REMOVED: Configurable APIPath, GroupVersion
+ return defaultServerURL(host, defaultTLS)
+}
+
+// transportFor is a modified copy of k8s.io/kubernetes/pkg/client/restclient.transportFor.
+// TransportFor returns an http.RoundTripper that will provide the authentication
+// or transport level security defined by the provided Config. Will return the
+// default http.DefaultTransport if no special case behavior is needed.
+func transportFor(config *restConfig) (http.RoundTripper, error) {
+ // REMOVED: separation between restclient.Config and transport.Config, Transport, WrapTransport support
+ return transportNew(config)
+}
+
+// isConfigTransportTLS is a modified copy of k8s.io/kubernetes/pkg/client/restclient.IsConfigTransportTLS.
+// IsConfigTransportTLS returns true if and only if the provided
+// config will result in a protected connection to the server when it
+// is passed to restclient.RESTClientFor(). Use to determine when to
+// send credentials over the wire.
+//
+// Note: the Insecure flag is ignored when testing for this value, so MITM attacks are
+// still possible.
+func isConfigTransportTLS(config restConfig) bool {
+ baseURL, err := defaultServerURLFor(&config)
+ if err != nil {
+ return false
+ }
+ return baseURL.Scheme == "https"
+}
+
+// transportNew is a modified copy of k8s.io/kubernetes/pkg/client/transport.New.
+// New returns an http.RoundTripper that will provide the authentication
+// or transport level security defined by the provided Config.
+func transportNew(config *restConfig) (http.RoundTripper, error) {
+ // REMOVED: custom config.Transport support.
+ // Set transport level security
+
+ var (
+ rt http.RoundTripper
+ err error
+ )
+
+ rt, err = tlsCacheGet(config)
+ if err != nil {
+ return nil, err
+ }
+
+ // REMOVED: HTTPWrappersForConfig(config, rt) in favor of the caller setting HTTP headers itself based on restConfig. Only this inlined check remains.
+ if len(config.Username) != 0 && len(config.BearerToken) != 0 {
+ return nil, errors.New("username/password or bearer token may be set, but not both")
+ }
+
+ return rt, nil
+}
+
+// newProxierWithNoProxyCIDR is a modified copy of k8s.io/apimachinery/pkg/util/net.NewProxierWithNoProxyCIDR.
+// NewProxierWithNoProxyCIDR constructs a Proxier function that respects CIDRs in NO_PROXY and delegates if
+// no matching CIDRs are found
+func newProxierWithNoProxyCIDR(delegate func(req *http.Request) (*url.URL, error)) func(req *http.Request) (*url.URL, error) {
+ // we wrap the default method, so we only need to perform our check if the NO_PROXY envvar has a CIDR in it
+ noProxyEnv := os.Getenv("NO_PROXY")
+ noProxyRules := strings.Split(noProxyEnv, ",")
+
+ cidrs := []netip.Prefix{}
+ for _, noProxyRule := range noProxyRules {
+ prefix, err := netip.ParsePrefix(noProxyRule)
+ if err == nil {
+ cidrs = append(cidrs, prefix)
+ }
+ }
+
+ if len(cidrs) == 0 {
+ return delegate
+ }
+
+ return func(req *http.Request) (*url.URL, error) {
+ host := req.URL.Host
+ // for some urls, the Host is already the host, not the host:port
+ if _, err := netip.ParseAddr(host); err != nil {
+ var err error
+ host, _, err = net.SplitHostPort(req.URL.Host)
+ if err != nil {
+ return delegate(req)
+ }
+ }
+
+ ip, err := netip.ParseAddr(host)
+ if err != nil {
+ return delegate(req)
+ }
+
+ if slices.ContainsFunc(cidrs, func(cidr netip.Prefix) bool {
+ return cidr.Contains(ip)
+ }) {
+ return nil, nil
+ }
+
+ return delegate(req)
+ }
+}
+
+// tlsCacheGet is a modified copy of k8s.io/kubernetes/pkg/client/transport.tlsTransportCache.get.
+func tlsCacheGet(config *restConfig) (http.RoundTripper, error) {
+ // REMOVED: any actual caching
+
+ // Get the TLS options for this client config
+ tlsConfig, err := tlsConfigFor(config)
+ if err != nil {
+ return nil, err
+ }
+ // The options didn't require a custom TLS config
+ if tlsConfig == nil {
+ return http.DefaultTransport, nil
+ }
+
+ // REMOVED: Call to k8s.io/apimachinery/pkg/util/net.SetTransportDefaults; instead of the generic machinery and conditionals, hard-coded the result here.
+ t := &http.Transport{
+ // http.ProxyFromEnvironment doesn't respect CIDRs and that makes it impossible to exclude things like pod and service IPs from proxy settings
+ // ProxierWithNoProxyCIDR allows CIDR rules in NO_PROXY
+ Proxy: newProxierWithNoProxyCIDR(http.ProxyFromEnvironment),
+ TLSHandshakeTimeout: 10 * time.Second,
+ TLSClientConfig: tlsConfig,
+ DialContext: (&net.Dialer{
+ Timeout: 30 * time.Second,
+ KeepAlive: 30 * time.Second,
+ }).DialContext,
+ }
+ // Allow clients to disable http2 if needed.
+ if s := os.Getenv("DISABLE_HTTP2"); len(s) == 0 {
+ t.ForceAttemptHTTP2 = true
+ }
+ return t, nil
+}
+
+// tlsConfigFor is a modified copy of k8s.io/kubernetes/pkg/client/transport.TLSConfigFor.
+// TLSConfigFor returns a tls.Config that will provide the transport level security defined
+// by the provided Config. Will return nil if no transport level security is requested.
+func tlsConfigFor(c *restConfig) (*tls.Config, error) {
+ if !(c.HasCA() || c.HasCertAuth() || c.Insecure) {
+ return nil, nil
+ }
+ if c.HasCA() && c.Insecure {
+ return nil, errors.New("specifying a root certificates file with the insecure flag is not allowed")
+ }
+ if err := loadTLSFiles(c); err != nil {
+ return nil, err
+ }
+
+ tlsConfig := &tls.Config{
+ InsecureSkipVerify: c.Insecure,
+ }
+
+ if c.HasCA() {
+ tlsConfig.RootCAs = rootCertPool(c.TLSClientConfig.CAData)
+ }
+
+ if c.HasCertAuth() {
+ cert, err := tls.X509KeyPair(c.TLSClientConfig.CertData, c.TLSClientConfig.KeyData)
+ if err != nil {
+ return nil, err
+ }
+ tlsConfig.Certificates = []tls.Certificate{cert}
+ }
+
+ return tlsConfig, nil
+}
+
+// loadTLSFiles is a modified copy of k8s.io/kubernetes/pkg/client/transport.loadTLSFiles.
+// loadTLSFiles copies the data from the CertFile, KeyFile, and CAFile fields into the CertData,
+// KeyData, and CAFile fields, or returns an error. If no error is returned, all three fields are
+// either populated or were empty to start.
+func loadTLSFiles(c *restConfig) error {
+ var err error
+ c.TLSClientConfig.CAData, err = dataFromSliceOrFile(c.TLSClientConfig.CAData, c.TLSClientConfig.CAFile)
+ if err != nil {
+ return err
+ }
+
+ c.TLSClientConfig.CertData, err = dataFromSliceOrFile(c.TLSClientConfig.CertData, c.TLSClientConfig.CertFile)
+ if err != nil {
+ return err
+ }
+
+ c.TLSClientConfig.KeyData, err = dataFromSliceOrFile(c.TLSClientConfig.KeyData, c.TLSClientConfig.KeyFile)
+ if err != nil {
+ return err
+ }
+ return nil
+}
+
+// dataFromSliceOrFile is a modified copy of k8s.io/kubernetes/pkg/client/transport.dataFromSliceOrFile.
+// dataFromSliceOrFile returns data from the slice (if non-empty), or from the file,
+// or an error if an error occurred reading the file
+func dataFromSliceOrFile(data []byte, file string) ([]byte, error) {
+ if len(data) > 0 {
+ return data, nil
+ }
+ if len(file) > 0 {
+ fileData, err := os.ReadFile(file)
+ if err != nil {
+ return []byte{}, err
+ }
+ return fileData, nil
+ }
+ return nil, nil
+}
+
+// rootCertPool is a modified copy of k8s.io/kubernetes/pkg/client/transport.rootCertPool.
+// rootCertPool returns nil if caData is empty. When passed along, this will mean "use system CAs".
+// When caData is not empty, it will be the ONLY information used in the CertPool.
+func rootCertPool(caData []byte) *x509.CertPool {
+ // What we really want is a copy of x509.systemRootsPool, but that isn't exposed. It's difficult to build (see the go
+ // code for a look at the platform specific insanity), so we'll use the fact that RootCAs == nil gives us the system values
+ // It doesn't allow trusting either/or, but hopefully that won't be an issue
+ if len(caData) == 0 {
+ return nil
+ }
+
+ // if we have caData, use it
+ certPool := x509.NewCertPool()
+ certPool.AppendCertsFromPEM(caData)
+ return certPool
+}
+
+// HasCA is a modified copy of k8s.io/kubernetes/pkg/client/transport.Config.HasCA.
+// HasCA returns whether the configuration has a certificate authority or not.
+func (c *restConfig) HasCA() bool {
+ return len(c.TLSClientConfig.CAData) > 0 || len(c.TLSClientConfig.CAFile) > 0
+}
+
+// HasCertAuth is a modified copy of k8s.io/kubernetes/pkg/client/transport.Config.HasCertAuth.
+// HasCertAuth returns whether the configuration has certificate authentication or not.
+func (c *restConfig) HasCertAuth() bool {
+ return len(c.TLSClientConfig.CertData) != 0 || len(c.TLSClientConfig.CertFile) != 0
+}
+
+// clientcmdConfig is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api.Config.
+// Config holds the information needed to build connect to remote kubernetes clusters as a given user
+// IMPORTANT if you add fields to this struct, please update IsConfigEmpty()
+type clientcmdConfig struct {
+ // Clusters is a map of referenceable names to cluster configs
+ Clusters clustersMap `yaml:"clusters"`
+ // AuthInfos is a map of referenceable names to user configs
+ AuthInfos authInfosMap `yaml:"users"`
+ // Contexts is a map of referenceable names to context configs
+ Contexts contextsMap `yaml:"contexts"`
+ // CurrentContext is the name of the context that you would like to use by default
+ CurrentContext string `yaml:"current-context"`
+}
+
+type clustersMap map[string]*clientcmdCluster
+
+func (m *clustersMap) UnmarshalYAML(value *yaml.Node) error {
+ var a []v1NamedCluster
+ if err := value.Decode(&a); err != nil {
+ return err
+ }
+ for _, e := range a {
+ cluster := e.Cluster // Allocates a new instance in each iteration
+ (*m)[e.Name] = &cluster
+ }
+ return nil
+}
+
+type authInfosMap map[string]*clientcmdAuthInfo
+
+func (m *authInfosMap) UnmarshalYAML(value *yaml.Node) error {
+ var a []v1NamedAuthInfo
+ if err := value.Decode(&a); err != nil {
+ return err
+ }
+ for _, e := range a {
+ authInfo := e.AuthInfo // Allocates a new instance in each iteration
+ (*m)[e.Name] = &authInfo
+ }
+ return nil
+}
+
+type contextsMap map[string]*clientcmdContext
+
+func (m *contextsMap) UnmarshalYAML(value *yaml.Node) error {
+ var a []v1NamedContext
+ if err := value.Decode(&a); err != nil {
+ return err
+ }
+ for _, e := range a {
+ context := e.Context // Allocates a new instance in each iteration
+ (*m)[e.Name] = &context
+ }
+ return nil
+}
+
+// clientcmdNewConfig is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api.NewConfig.
+// NewConfig is a convenience function that returns a new Config object with non-nil maps
+func clientcmdNewConfig() *clientcmdConfig {
+ return &clientcmdConfig{
+ Clusters: make(map[string]*clientcmdCluster),
+ AuthInfos: make(map[string]*clientcmdAuthInfo),
+ Contexts: make(map[string]*clientcmdContext),
+ }
+}
+
+// yamlBinaryAsBase64String is a []byte that can be stored in yaml as a !!str, not a !!binary
+type yamlBinaryAsBase64String []byte
+
+func (bin *yamlBinaryAsBase64String) UnmarshalText(text []byte) error {
+ res := make([]byte, base64.StdEncoding.DecodedLen(len(text)))
+ n, err := base64.StdEncoding.Decode(res, text)
+ if err != nil {
+ return err
+ }
+ *bin = res[:n]
+ return nil
+}
+
+// clientcmdCluster is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api.Cluster.
+// Cluster contains information about how to communicate with a kubernetes cluster
+type clientcmdCluster struct {
+ // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
+ LocationOfOrigin string
+ // Server is the address of the kubernetes cluster (https://hostname:port).
+ Server string `yaml:"server"`
+ // InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.
+ InsecureSkipTLSVerify bool `yaml:"insecure-skip-tls-verify,omitempty"`
+ // CertificateAuthority is the path to a cert file for the certificate authority.
+ CertificateAuthority string `yaml:"certificate-authority,omitempty"`
+ // CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority
+ CertificateAuthorityData yamlBinaryAsBase64String `yaml:"certificate-authority-data,omitempty"`
+}
+
+// clientcmdAuthInfo is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api.AuthInfo.
+// AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are.
+type clientcmdAuthInfo struct {
+ // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
+ LocationOfOrigin string
+ // ClientCertificate is the path to a client cert file for TLS.
+ ClientCertificate string `yaml:"client-certificate,omitempty"`
+ // ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate
+ ClientCertificateData yamlBinaryAsBase64String `yaml:"client-certificate-data,omitempty"`
+ // ClientKey is the path to a client key file for TLS.
+ ClientKey string `yaml:"client-key,omitempty"`
+ // ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey
+ ClientKeyData yamlBinaryAsBase64String `yaml:"client-key-data,omitempty"`
+ // Token is the bearer token for authentication to the kubernetes cluster.
+ Token string `yaml:"token,omitempty"`
+ // Username is the username for basic authentication to the kubernetes cluster.
+ Username string `yaml:"username,omitempty"`
+ // Password is the password for basic authentication to the kubernetes cluster.
+ Password string `yaml:"password,omitempty"`
+}
+
+// clientcmdContext is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api.Context.
+// Context is a tuple of references to a cluster (how do I communicate with a kubernetes cluster), a user (how do I identify myself), and a namespace (what subset of resources do I want to work with)
+type clientcmdContext struct {
+ // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
+ LocationOfOrigin string
+ // Cluster is the name of the cluster for this context
+ Cluster string `yaml:"cluster"`
+ // AuthInfo is the name of the authInfo for this context
+ AuthInfo string `yaml:"user"`
+ // Namespace is the default namespace to use on unspecified requests
+ Namespace string `yaml:"namespace,omitempty"`
+}
+
+// v1NamedCluster is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api.v1.NamedCluster.
+// NamedCluster relates nicknames to cluster information
+type v1NamedCluster struct {
+ // Name is the nickname for this Cluster
+ Name string `yaml:"name"`
+ // Cluster holds the cluster information
+ Cluster clientcmdCluster `yaml:"cluster"`
+}
+
+// v1NamedContext is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api.v1.NamedContext.
+// NamedContext relates nicknames to context information
+type v1NamedContext struct {
+ // Name is the nickname for this Context
+ Name string `yaml:"name"`
+ // Context holds the context information
+ Context clientcmdContext `yaml:"context"`
+}
+
+// v1NamedAuthInfo is a modified copy of k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api.v1.NamedAuthInfo.
+// NamedAuthInfo relates nicknames to auth information
+type v1NamedAuthInfo struct {
+ // Name is the nickname for this AuthInfo
+ Name string `yaml:"name"`
+ // AuthInfo holds the auth information
+ AuthInfo clientcmdAuthInfo `yaml:"user"`
+}
diff --git a/vendor/github.com/containers/image/v5/openshift/openshift.go b/vendor/github.com/containers/image/v5/openshift/openshift.go
new file mode 100644
index 000000000..2c69afbe9
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/openshift/openshift.go
@@ -0,0 +1,226 @@
+package openshift
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/url"
+ "strings"
+
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/internal/iolimits"
+ "github.com/containers/image/v5/version"
+ "github.com/sirupsen/logrus"
+)
+
+// openshiftClient is configuration for dealing with a single image stream, for reading or writing.
+type openshiftClient struct {
+ ref openshiftReference
+ baseURL *url.URL
+ // Values from Kubernetes configuration
+ httpClient *http.Client
+ bearerToken string // "" if not used
+ username string // "" if not used
+ password string // if username != ""
+}
+
+// newOpenshiftClient creates a new openshiftClient for the specified reference.
+func newOpenshiftClient(ref openshiftReference) (*openshiftClient, error) {
+ // We have already done this parsing in ParseReference, but thrown away
+ // httpClient. So, parse again.
+ // (We could also rework/split restClientFor to "get base URL" to be done
+ // in ParseReference, and "get httpClient" to be done here. But until/unless
+ // we support non-default clusters, this is good enough.)
+
+ // Overall, this is modelled on openshift/origin/pkg/cmd/util/clientcmd.New().ClientConfig() and openshift/origin/pkg/client.
+ cmdConfig := defaultClientConfig()
+ logrus.Debugf("cmdConfig: %#v", cmdConfig)
+ restConfig, err := cmdConfig.ClientConfig()
+ if err != nil {
+ return nil, err
+ }
+ // REMOVED: SetOpenShiftDefaults (values are not overridable in config files, so hard-coded these defaults.)
+ logrus.Debugf("restConfig: %#v", restConfig)
+ baseURL, httpClient, err := restClientFor(restConfig)
+ if err != nil {
+ return nil, err
+ }
+ logrus.Debugf("URL: %#v", *baseURL)
+
+ if httpClient == nil {
+ httpClient = http.DefaultClient
+ }
+
+ return &openshiftClient{
+ ref: ref,
+ baseURL: baseURL,
+ httpClient: httpClient,
+ bearerToken: restConfig.BearerToken,
+ username: restConfig.Username,
+ password: restConfig.Password,
+ }, nil
+}
+
+func (c *openshiftClient) close() {
+ c.httpClient.CloseIdleConnections()
+}
+
+// doRequest performs a correctly authenticated request to a specified path, and returns response body or an error object.
+func (c *openshiftClient) doRequest(ctx context.Context, method, path string, requestBody []byte) ([]byte, error) {
+ requestURL := *c.baseURL
+ requestURL.Path = path
+ var requestBodyReader io.Reader
+ if requestBody != nil {
+ logrus.Debugf("Will send body: %s", requestBody)
+ requestBodyReader = bytes.NewReader(requestBody)
+ }
+ req, err := http.NewRequestWithContext(ctx, method, requestURL.String(), requestBodyReader)
+ if err != nil {
+ return nil, err
+ }
+
+ if len(c.bearerToken) != 0 {
+ req.Header.Set("Authorization", "Bearer "+c.bearerToken)
+ } else if len(c.username) != 0 {
+ req.SetBasicAuth(c.username, c.password)
+ }
+ req.Header.Set("Accept", "application/json, */*")
+ req.Header.Set("User-Agent", fmt.Sprintf("skopeo/%s", version.Version))
+ if requestBody != nil {
+ req.Header.Set("Content-Type", "application/json")
+ }
+
+ logrus.Debugf("%s %s", method, requestURL.Redacted())
+ res, err := c.httpClient.Do(req)
+ if err != nil {
+ return nil, err
+ }
+ defer res.Body.Close()
+ body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxOpenShiftStatusBody)
+ if err != nil {
+ return nil, err
+ }
+ logrus.Debugf("Got body: %s", body)
+ // FIXME: Just throwing this useful information away only to try to guess later...
+ logrus.Debugf("Got content-type: %s", res.Header.Get("Content-Type"))
+
+ var status status
+ statusValid := false
+ if err := json.Unmarshal(body, &status); err == nil && len(status.Status) > 0 {
+ statusValid = true
+ }
+
+ switch {
+ case res.StatusCode == http.StatusSwitchingProtocols: // FIXME?! No idea why this weird case exists in k8s.io/kubernetes/pkg/client/restclient.
+ if statusValid && status.Status != "Success" {
+ return nil, errors.New(status.Message)
+ }
+ case res.StatusCode >= http.StatusOK && res.StatusCode <= http.StatusPartialContent:
+ // OK.
+ default:
+ if statusValid {
+ return nil, errors.New(status.Message)
+ }
+ return nil, fmt.Errorf("HTTP error: status code: %d (%s), body: %s", res.StatusCode, http.StatusText(res.StatusCode), string(body))
+ }
+
+ return body, nil
+}
+
+// getImage loads the specified image object.
+func (c *openshiftClient) getImage(ctx context.Context, imageStreamImageName string) (*image, error) {
+ // FIXME: validate components per validation.IsValidPathSegmentName?
+ path := fmt.Sprintf("/oapi/v1/namespaces/%s/imagestreamimages/%s@%s", c.ref.namespace, c.ref.stream, imageStreamImageName)
+ body, err := c.doRequest(ctx, http.MethodGet, path, nil)
+ if err != nil {
+ return nil, err
+ }
+ // Note: This does absolutely no kind/version checking or conversions.
+ var isi imageStreamImage
+ if err := json.Unmarshal(body, &isi); err != nil {
+ return nil, err
+ }
+ return &isi.Image, nil
+}
+
+// convertDockerImageReference takes an image API DockerImageReference value and returns a reference we can actually use;
+// currently OpenShift stores the cluster-internal service IPs here, which are unusable from the outside.
+func (c *openshiftClient) convertDockerImageReference(ref string) (string, error) {
+ _, repo, gotRepo := strings.Cut(ref, "/")
+ if !gotRepo {
+ return "", fmt.Errorf("Invalid format of docker reference %s: missing '/'", ref)
+ }
+ return reference.Domain(c.ref.dockerReference) + "/" + repo, nil
+}
+
+// These structs are subsets of github.com/openshift/origin/pkg/image/api/v1 and its dependencies.
+type imageStream struct {
+ Status imageStreamStatus `json:"status,omitempty"`
+}
+type imageStreamStatus struct {
+ DockerImageRepository string `json:"dockerImageRepository"`
+ Tags []namedTagEventList `json:"tags,omitempty"`
+}
+type namedTagEventList struct {
+ Tag string `json:"tag"`
+ Items []tagEvent `json:"items"`
+}
+type tagEvent struct {
+ DockerImageReference string `json:"dockerImageReference"`
+ Image string `json:"image"`
+}
+type imageStreamImage struct {
+ Image image `json:"image"`
+}
+type image struct {
+ objectMeta `json:"metadata,omitempty"`
+ DockerImageReference string `json:"dockerImageReference,omitempty"`
+ // DockerImageMetadata runtime.RawExtension `json:"dockerImageMetadata,omitempty"`
+ DockerImageMetadataVersion string `json:"dockerImageMetadataVersion,omitempty"`
+ DockerImageManifest string `json:"dockerImageManifest,omitempty"`
+ // DockerImageLayers []ImageLayer `json:"dockerImageLayers"`
+ Signatures []imageSignature `json:"signatures,omitempty"`
+}
+
+const imageSignatureTypeAtomic string = "atomic"
+
+type imageSignature struct {
+ typeMeta `json:",inline"`
+ objectMeta `json:"metadata,omitempty"`
+ Type string `json:"type"`
+ Content []byte `json:"content"`
+ // Conditions []SignatureCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+ // ImageIdentity string `json:"imageIdentity,omitempty"`
+ // SignedClaims map[string]string `json:"signedClaims,omitempty"`
+ // Created *unversioned.Time `json:"created,omitempty"`
+ // IssuedBy SignatureIssuer `json:"issuedBy,omitempty"`
+ // IssuedTo SignatureSubject `json:"issuedTo,omitempty"`
+}
+type typeMeta struct {
+ Kind string `json:"kind,omitempty"`
+ APIVersion string `json:"apiVersion,omitempty"`
+}
+type objectMeta struct {
+ Name string `json:"name,omitempty"`
+ GenerateName string `json:"generateName,omitempty"`
+ Namespace string `json:"namespace,omitempty"`
+ SelfLink string `json:"selfLink,omitempty"`
+ ResourceVersion string `json:"resourceVersion,omitempty"`
+ Generation int64 `json:"generation,omitempty"`
+ DeletionGracePeriodSeconds *int64 `json:"deletionGracePeriodSeconds,omitempty"`
+ Labels map[string]string `json:"labels,omitempty"`
+ Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// A subset of k8s.io/kubernetes/pkg/api/unversioned/Status
+type status struct {
+ Status string `json:"status,omitempty"`
+ Message string `json:"message,omitempty"`
+ // Reason StatusReason `json:"reason,omitempty"`
+ // Details *StatusDetails `json:"details,omitempty"`
+ Code int32 `json:"code,omitempty"`
+}
diff --git a/vendor/github.com/containers/image/v5/openshift/openshift_dest.go b/vendor/github.com/containers/image/v5/openshift/openshift_dest.go
new file mode 100644
index 000000000..50a5339e1
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/openshift/openshift_dest.go
@@ -0,0 +1,248 @@
+package openshift
+
+import (
+ "bytes"
+ "context"
+ "crypto/rand"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+
+ "github.com/containers/image/v5/docker"
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/internal/blobinfocache"
+ "github.com/containers/image/v5/internal/imagedestination"
+ "github.com/containers/image/v5/internal/imagedestination/impl"
+ "github.com/containers/image/v5/internal/imagedestination/stubs"
+ "github.com/containers/image/v5/internal/private"
+ "github.com/containers/image/v5/internal/set"
+ "github.com/containers/image/v5/internal/signature"
+ "github.com/containers/image/v5/manifest"
+ "github.com/containers/image/v5/types"
+ "github.com/opencontainers/go-digest"
+ "golang.org/x/exp/slices"
+)
+
+type openshiftImageDestination struct {
+ impl.Compat
+ stubs.AlwaysSupportsSignatures
+
+ client *openshiftClient
+ docker private.ImageDestination // The docker/distribution API endpoint
+ // State
+ imageStreamImageName string // "" if not yet known
+}
+
+// newImageDestination creates a new ImageDestination for the specified reference.
+func newImageDestination(ctx context.Context, sys *types.SystemContext, ref openshiftReference) (private.ImageDestination, error) {
+ client, err := newOpenshiftClient(ref)
+ if err != nil {
+ return nil, err
+ }
+
+ // FIXME: Should this always use a digest, not a tag? Uploading to Docker by tag requires the tag _inside_ the manifest to match,
+ // i.e. a single signed image cannot be available under multiple tags. But with types.ImageDestination, we don't know
+ // the manifest digest at this point.
+ dockerRefString := fmt.Sprintf("//%s/%s/%s:%s", reference.Domain(client.ref.dockerReference), client.ref.namespace, client.ref.stream, client.ref.dockerReference.Tag())
+ dockerRef, err := docker.ParseReference(dockerRefString)
+ if err != nil {
+ return nil, err
+ }
+ docker, err := dockerRef.NewImageDestination(ctx, sys)
+ if err != nil {
+ return nil, err
+ }
+
+ d := &openshiftImageDestination{
+ client: client,
+ docker: imagedestination.FromPublic(docker),
+ }
+ d.Compat = impl.AddCompat(d)
+ return d, nil
+}
+
+// Reference returns the reference used to set up this destination. Note that this should directly correspond to user's intent,
+// e.g. it should use the public hostname instead of the result of resolving CNAMEs or following redirects.
+func (d *openshiftImageDestination) Reference() types.ImageReference {
+ return d.client.ref
+}
+
+// Close removes resources associated with an initialized ImageDestination, if any.
+func (d *openshiftImageDestination) Close() error {
+ err := d.docker.Close()
+ d.client.close()
+ return err
+}
+
+func (d *openshiftImageDestination) SupportedManifestMIMETypes() []string {
+ return d.docker.SupportedManifestMIMETypes()
+}
+
+func (d *openshiftImageDestination) DesiredLayerCompression() types.LayerCompression {
+ return types.Compress
+}
+
+// AcceptsForeignLayerURLs returns false iff foreign layers in manifest should be actually
+// uploaded to the image destination, true otherwise.
+func (d *openshiftImageDestination) AcceptsForeignLayerURLs() bool {
+ return true
+}
+
+// MustMatchRuntimeOS returns true iff the destination can store only images targeted for the current runtime architecture and OS. False otherwise.
+func (d *openshiftImageDestination) MustMatchRuntimeOS() bool {
+ return false
+}
+
+// IgnoresEmbeddedDockerReference returns true iff the destination does not care about Image.EmbeddedDockerReferenceConflicts(),
+// and would prefer to receive an unmodified manifest instead of one modified for the destination.
+// Does not make a difference if Reference().DockerReference() is nil.
+func (d *openshiftImageDestination) IgnoresEmbeddedDockerReference() bool {
+ return d.docker.IgnoresEmbeddedDockerReference()
+}
+
+// HasThreadSafePutBlob indicates whether PutBlob can be executed concurrently.
+func (d *openshiftImageDestination) HasThreadSafePutBlob() bool {
+ return false
+}
+
+// SupportsPutBlobPartial returns true if PutBlobPartial is supported.
+func (d *openshiftImageDestination) SupportsPutBlobPartial() bool {
+ return d.docker.SupportsPutBlobPartial()
+}
+
+// PutBlobWithOptions writes contents of stream and returns data representing the result.
+// inputInfo.Digest can be optionally provided if known; if provided, and stream is read to the end without error, the digest MUST match the stream contents.
+// inputInfo.Size is the expected length of stream, if known.
+// inputInfo.MediaType describes the blob format, if known.
+// WARNING: The contents of stream are being verified on the fly. Until stream.Read() returns io.EOF, the contents of the data SHOULD NOT be available
+// to any other readers for download using the supplied digest.
+// If stream.Read() at any time, ESPECIALLY at end of input, returns an error, PutBlobWithOptions MUST 1) fail, and 2) delete any data stored so far.
+func (d *openshiftImageDestination) PutBlobWithOptions(ctx context.Context, stream io.Reader, inputInfo types.BlobInfo, options private.PutBlobOptions) (private.UploadedBlob, error) {
+ return d.docker.PutBlobWithOptions(ctx, stream, inputInfo, options)
+}
+
+// PutBlobPartial attempts to create a blob using the data that is already present
+// at the destination. chunkAccessor is accessed in a non-sequential way to retrieve the missing chunks.
+// It is available only if SupportsPutBlobPartial().
+// Even if SupportsPutBlobPartial() returns true, the call can fail, in which case the caller
+// should fall back to PutBlobWithOptions.
+func (d *openshiftImageDestination) PutBlobPartial(ctx context.Context, chunkAccessor private.BlobChunkAccessor, srcInfo types.BlobInfo, cache blobinfocache.BlobInfoCache2) (private.UploadedBlob, error) {
+ return d.docker.PutBlobPartial(ctx, chunkAccessor, srcInfo, cache)
+}
+
+// TryReusingBlobWithOptions checks whether the transport already contains, or can efficiently reuse, a blob, and if so, applies it to the current destination
+// (e.g. if the blob is a filesystem layer, this signifies that the changes it describes need to be applied again when composing a filesystem tree).
+// info.Digest must not be empty.
+// If the blob has been successfully reused, returns (true, info, nil).
+// If the transport can not reuse the requested blob, TryReusingBlob returns (false, {}, nil); it returns a non-nil error only on an unexpected failure.
+func (d *openshiftImageDestination) TryReusingBlobWithOptions(ctx context.Context, info types.BlobInfo, options private.TryReusingBlobOptions) (bool, private.ReusedBlob, error) {
+ return d.docker.TryReusingBlobWithOptions(ctx, info, options)
+}
+
+// PutManifest writes manifest to the destination.
+// FIXME? This should also receive a MIME type if known, to differentiate between schema versions.
+// If the destination is in principle available, refuses this manifest type (e.g. it does not recognize the schema),
+// but may accept a different manifest type, the returned error must be an ManifestTypeRejectedError.
+func (d *openshiftImageDestination) PutManifest(ctx context.Context, m []byte, instanceDigest *digest.Digest) error {
+ if instanceDigest == nil {
+ manifestDigest, err := manifest.Digest(m)
+ if err != nil {
+ return err
+ }
+ d.imageStreamImageName = manifestDigest.String()
+ }
+ return d.docker.PutManifest(ctx, m, instanceDigest)
+}
+
+// PutSignaturesWithFormat writes a set of signatures to the destination.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to write or overwrite the signatures for
+// (when the primary manifest is a manifest list); this should always be nil if the primary manifest is not a manifest list.
+// MUST be called after PutManifest (signatures may reference manifest contents).
+func (d *openshiftImageDestination) PutSignaturesWithFormat(ctx context.Context, signatures []signature.Signature, instanceDigest *digest.Digest) error {
+ var imageStreamImageName string
+ if instanceDigest == nil {
+ if d.imageStreamImageName == "" {
+ return errors.New("Internal error: Unknown manifest digest, can't add signatures")
+ }
+ imageStreamImageName = d.imageStreamImageName
+ } else {
+ imageStreamImageName = instanceDigest.String()
+ }
+
+ // Because image signatures are a shared resource in Atomic Registry, the default upload
+ // always adds signatures. Eventually we should also allow removing signatures.
+
+ if len(signatures) == 0 {
+ return nil // No need to even read the old state.
+ }
+
+ image, err := d.client.getImage(ctx, imageStreamImageName)
+ if err != nil {
+ return err
+ }
+ existingSigNames := set.New[string]()
+ for _, sig := range image.Signatures {
+ existingSigNames.Add(sig.objectMeta.Name)
+ }
+
+ for _, newSigWithFormat := range signatures {
+ newSigSimple, ok := newSigWithFormat.(signature.SimpleSigning)
+ if !ok {
+ return signature.UnsupportedFormatError(newSigWithFormat)
+ }
+ newSig := newSigSimple.UntrustedSignature()
+
+ if slices.ContainsFunc(image.Signatures, func(existingSig imageSignature) bool {
+ return existingSig.Type == imageSignatureTypeAtomic && bytes.Equal(existingSig.Content, newSig)
+ }) {
+ continue
+ }
+
+ // The API expect us to invent a new unique name. This is racy, but hopefully good enough.
+ var signatureName string
+ for {
+ randBytes := make([]byte, 16)
+ n, err := rand.Read(randBytes)
+ if err != nil || n != 16 {
+ return fmt.Errorf("generating random signature len %d: %w", n, err)
+ }
+ signatureName = fmt.Sprintf("%s@%032x", imageStreamImageName, randBytes)
+ if !existingSigNames.Contains(signatureName) {
+ break
+ }
+ }
+ // Note: This does absolutely no kind/version checking or conversions.
+ sig := imageSignature{
+ typeMeta: typeMeta{
+ Kind: "ImageSignature",
+ APIVersion: "v1",
+ },
+ objectMeta: objectMeta{Name: signatureName},
+ Type: imageSignatureTypeAtomic,
+ Content: newSig,
+ }
+ body, err := json.Marshal(sig)
+ if err != nil {
+ return err
+ }
+ _, err = d.client.doRequest(ctx, http.MethodPost, "/oapi/v1/imagesignatures", body)
+ if err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+// Commit marks the process of storing the image as successful and asks for the image to be persisted.
+// unparsedToplevel contains data about the top-level manifest of the source (which may be a single-arch image or a manifest list
+// if PutManifest was only called for the single-arch image with instanceDigest == nil), primarily to allow lookups by the
+// original manifest list digest, if desired.
+// WARNING: This does not have any transactional semantics:
+// - Uploaded data MAY be visible to others before Commit() is called
+// - Uploaded data MAY be removed or MAY remain around if Close() is called without Commit() (i.e. rollback is allowed but not guaranteed)
+func (d *openshiftImageDestination) Commit(ctx context.Context, unparsedToplevel types.UnparsedImage) error {
+ return d.docker.Commit(ctx, unparsedToplevel)
+}
diff --git a/vendor/github.com/containers/image/v5/openshift/openshift_src.go b/vendor/github.com/containers/image/v5/openshift/openshift_src.go
new file mode 100644
index 000000000..0ac0127ee
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/openshift/openshift_src.go
@@ -0,0 +1,174 @@
+package openshift
+
+import (
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+
+ "github.com/containers/image/v5/docker"
+ "github.com/containers/image/v5/internal/imagesource/impl"
+ "github.com/containers/image/v5/internal/imagesource/stubs"
+ "github.com/containers/image/v5/internal/private"
+ "github.com/containers/image/v5/internal/signature"
+ "github.com/containers/image/v5/types"
+ "github.com/opencontainers/go-digest"
+ "github.com/sirupsen/logrus"
+)
+
+type openshiftImageSource struct {
+ impl.Compat
+ impl.DoesNotAffectLayerInfosForCopy
+ // This is slightly suboptimal. We could forward GetBlobAt(), but we need to call ensureImageIsResolved in SupportsGetBlobAt(),
+ // and that method doesn’t provide a context for timing out. That could actually be fixed (SupportsGetBlobAt is private and we
+ // can change it), but this is a deprecated transport anyway, so for now we just punt.
+ stubs.NoGetBlobAtInitialize
+
+ client *openshiftClient
+ // Values specific to this image
+ sys *types.SystemContext
+ // State
+ docker types.ImageSource // The docker/distribution API endpoint, or nil if not resolved yet
+ imageStreamImageName string // Resolved image identifier, or "" if not known yet
+}
+
+// newImageSource creates a new ImageSource for the specified reference.
+// The caller must call .Close() on the returned ImageSource.
+func newImageSource(sys *types.SystemContext, ref openshiftReference) (private.ImageSource, error) {
+ client, err := newOpenshiftClient(ref)
+ if err != nil {
+ return nil, err
+ }
+
+ s := &openshiftImageSource{
+ NoGetBlobAtInitialize: stubs.NoGetBlobAt(ref),
+
+ client: client,
+ sys: sys,
+ }
+ s.Compat = impl.AddCompat(s)
+ return s, nil
+}
+
+// Reference returns the reference used to set up this source, _as specified by the user_
+// (not as the image itself, or its underlying storage, claims). This can be used e.g. to determine which public keys are trusted for this image.
+func (s *openshiftImageSource) Reference() types.ImageReference {
+ return s.client.ref
+}
+
+// Close removes resources associated with an initialized ImageSource, if any.
+func (s *openshiftImageSource) Close() error {
+ var err error
+ if s.docker != nil {
+ err = s.docker.Close()
+ s.docker = nil
+ }
+
+ s.client.close()
+
+ return err
+}
+
+// GetManifest returns the image's manifest along with its MIME type (which may be empty when it can't be determined but the manifest is available).
+// It may use a remote (= slow) service.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to retrieve (when the primary manifest is a manifest list);
+// this never happens if the primary manifest is not a manifest list (e.g. if the source never returns manifest lists).
+func (s *openshiftImageSource) GetManifest(ctx context.Context, instanceDigest *digest.Digest) ([]byte, string, error) {
+ if err := s.ensureImageIsResolved(ctx); err != nil {
+ return nil, "", err
+ }
+ return s.docker.GetManifest(ctx, instanceDigest)
+}
+
+// HasThreadSafeGetBlob indicates whether GetBlob can be executed concurrently.
+func (s *openshiftImageSource) HasThreadSafeGetBlob() bool {
+ return false
+}
+
+// GetBlob returns a stream for the specified blob, and the blob’s size (or -1 if unknown).
+// The Digest field in BlobInfo is guaranteed to be provided, Size may be -1 and MediaType may be optionally provided.
+// May update BlobInfoCache, preferably after it knows for certain that a blob truly exists at a specific location.
+func (s *openshiftImageSource) GetBlob(ctx context.Context, info types.BlobInfo, cache types.BlobInfoCache) (io.ReadCloser, int64, error) {
+ if err := s.ensureImageIsResolved(ctx); err != nil {
+ return nil, 0, err
+ }
+ return s.docker.GetBlob(ctx, info, cache)
+}
+
+// GetSignaturesWithFormat returns the image's signatures. It may use a remote (= slow) service.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to retrieve signatures for
+// (when the primary manifest is a manifest list); this never happens if the primary manifest is not a manifest list
+// (e.g. if the source never returns manifest lists).
+func (s *openshiftImageSource) GetSignaturesWithFormat(ctx context.Context, instanceDigest *digest.Digest) ([]signature.Signature, error) {
+ var imageStreamImageName string
+ if instanceDigest == nil {
+ if err := s.ensureImageIsResolved(ctx); err != nil {
+ return nil, err
+ }
+ imageStreamImageName = s.imageStreamImageName
+ } else {
+ imageStreamImageName = instanceDigest.String()
+ }
+ image, err := s.client.getImage(ctx, imageStreamImageName)
+ if err != nil {
+ return nil, err
+ }
+ var sigs []signature.Signature
+ for _, sig := range image.Signatures {
+ if sig.Type == imageSignatureTypeAtomic {
+ sigs = append(sigs, signature.SimpleSigningFromBlob(sig.Content))
+ }
+ }
+ return sigs, nil
+}
+
+// ensureImageIsResolved sets up s.docker and s.imageStreamImageName
+func (s *openshiftImageSource) ensureImageIsResolved(ctx context.Context) error {
+ if s.docker != nil {
+ return nil
+ }
+
+ // FIXME: validate components per validation.IsValidPathSegmentName?
+ path := fmt.Sprintf("/oapi/v1/namespaces/%s/imagestreams/%s", s.client.ref.namespace, s.client.ref.stream)
+ body, err := s.client.doRequest(ctx, http.MethodGet, path, nil)
+ if err != nil {
+ return err
+ }
+ // Note: This does absolutely no kind/version checking or conversions.
+ var is imageStream
+ if err := json.Unmarshal(body, &is); err != nil {
+ return err
+ }
+ var te *tagEvent
+ for _, tag := range is.Status.Tags {
+ if tag.Tag != s.client.ref.dockerReference.Tag() {
+ continue
+ }
+ if len(tag.Items) > 0 {
+ te = &tag.Items[0]
+ break
+ }
+ }
+ if te == nil {
+ return errors.New("No matching tag found")
+ }
+ logrus.Debugf("tag event %#v", te)
+ dockerRefString, err := s.client.convertDockerImageReference(te.DockerImageReference)
+ if err != nil {
+ return err
+ }
+ logrus.Debugf("Resolved reference %#v", dockerRefString)
+ dockerRef, err := docker.ParseReference("//" + dockerRefString)
+ if err != nil {
+ return err
+ }
+ d, err := dockerRef.NewImageSource(ctx, s.sys)
+ if err != nil {
+ return err
+ }
+ s.docker = d
+ s.imageStreamImageName = te.Image
+ return nil
+}
diff --git a/vendor/github.com/containers/image/v5/openshift/openshift_transport.go b/vendor/github.com/containers/image/v5/openshift/openshift_transport.go
new file mode 100644
index 000000000..0ba435d56
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/openshift/openshift_transport.go
@@ -0,0 +1,153 @@
+package openshift
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "strings"
+
+ "github.com/containers/image/v5/docker/policyconfiguration"
+ "github.com/containers/image/v5/docker/reference"
+ genericImage "github.com/containers/image/v5/internal/image"
+ "github.com/containers/image/v5/transports"
+ "github.com/containers/image/v5/types"
+ "github.com/containers/storage/pkg/regexp"
+)
+
+func init() {
+ transports.Register(Transport)
+}
+
+// Transport is an ImageTransport for OpenShift registry-hosted images.
+var Transport = openshiftTransport{}
+
+type openshiftTransport struct{}
+
+func (t openshiftTransport) Name() string {
+ return "atomic"
+}
+
+// ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an ImageReference.
+func (t openshiftTransport) ParseReference(reference string) (types.ImageReference, error) {
+ return ParseReference(reference)
+}
+
+// Note that imageNameRegexp is namespace/stream:tag, this
+// is HOSTNAME/namespace/stream:tag or parent prefixes.
+// Keep this in sync with imageNameRegexp!
+var scopeRegexp = regexp.Delayed("^[^/]*(/[^:/]*(/[^:/]*(:[^:/]*)?)?)?$")
+
+// ValidatePolicyConfigurationScope checks that scope is a valid name for a signature.PolicyTransportScopes keys
+// (i.e. a valid PolicyConfigurationIdentity() or PolicyConfigurationNamespaces() return value).
+// It is acceptable to allow an invalid value which will never be matched, it can "only" cause user confusion.
+// scope passed to this function will not be "", that value is always allowed.
+func (t openshiftTransport) ValidatePolicyConfigurationScope(scope string) error {
+ if scopeRegexp.FindStringIndex(scope) == nil {
+ return fmt.Errorf("Invalid scope name %s", scope)
+ }
+ return nil
+}
+
+// openshiftReference is an ImageReference for OpenShift images.
+type openshiftReference struct {
+ dockerReference reference.NamedTagged
+ namespace string // Computed from dockerReference in advance.
+ stream string // Computed from dockerReference in advance.
+}
+
+// ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an OpenShift ImageReference.
+func ParseReference(ref string) (types.ImageReference, error) {
+ r, err := reference.ParseNormalizedNamed(ref)
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse image reference %q: %w", ref, err)
+ }
+ tagged, ok := r.(reference.NamedTagged)
+ if !ok {
+ return nil, fmt.Errorf("invalid image reference %s, expected format: 'hostname/namespace/stream:tag'", ref)
+ }
+ return NewReference(tagged)
+}
+
+// NewReference returns an OpenShift reference for a reference.NamedTagged
+func NewReference(dockerRef reference.NamedTagged) (types.ImageReference, error) {
+ r := strings.SplitN(reference.Path(dockerRef), "/", 3)
+ if len(r) != 2 {
+ return nil, fmt.Errorf("invalid image reference: %s, expected format: 'hostname/namespace/stream:tag'",
+ reference.FamiliarString(dockerRef))
+ }
+ return openshiftReference{
+ namespace: r[0],
+ stream: r[1],
+ dockerReference: dockerRef,
+ }, nil
+}
+
+func (ref openshiftReference) Transport() types.ImageTransport {
+ return Transport
+}
+
+// StringWithinTransport returns a string representation of the reference, which MUST be such that
+// reference.Transport().ParseReference(reference.StringWithinTransport()) returns an equivalent reference.
+// NOTE: The returned string is not promised to be equal to the original input to ParseReference;
+// e.g. default attribute values omitted by the user may be filled in the return value, or vice versa.
+// WARNING: Do not use the return value in the UI to describe an image, it does not contain the Transport().Name() prefix.
+func (ref openshiftReference) StringWithinTransport() string {
+ return reference.FamiliarString(ref.dockerReference)
+}
+
+// DockerReference returns a Docker reference associated with this reference
+// (fully explicit, i.e. !reference.IsNameOnly, but reflecting user intent,
+// not e.g. after redirect or alias processing), or nil if unknown/not applicable.
+func (ref openshiftReference) DockerReference() reference.Named {
+ return ref.dockerReference
+}
+
+// PolicyConfigurationIdentity returns a string representation of the reference, suitable for policy lookup.
+// This MUST reflect user intent, not e.g. after processing of third-party redirects or aliases;
+// The value SHOULD be fully explicit about its semantics, with no hidden defaults, AND canonical
+// (i.e. various references with exactly the same semantics should return the same configuration identity)
+// It is fine for the return value to be equal to StringWithinTransport(), and it is desirable but
+// not required/guaranteed that it will be a valid input to Transport().ParseReference().
+// Returns "" if configuration identities for these references are not supported.
+func (ref openshiftReference) PolicyConfigurationIdentity() string {
+ res, err := policyconfiguration.DockerReferenceIdentity(ref.dockerReference)
+ if res == "" || err != nil { // Coverage: Should never happen, NewReference constructs a valid tagged reference.
+ panic(fmt.Sprintf("Internal inconsistency: policyconfiguration.DockerReferenceIdentity returned %#v, %v", res, err))
+ }
+ return res
+}
+
+// PolicyConfigurationNamespaces returns a list of other policy configuration namespaces to search
+// for if explicit configuration for PolicyConfigurationIdentity() is not set. The list will be processed
+// in order, terminating on first match, and an implicit "" is always checked at the end.
+// It is STRONGLY recommended for the first element, if any, to be a prefix of PolicyConfigurationIdentity(),
+// and each following element to be a prefix of the element preceding it.
+func (ref openshiftReference) PolicyConfigurationNamespaces() []string {
+ return policyconfiguration.DockerReferenceNamespaces(ref.dockerReference)
+}
+
+// NewImage returns a types.ImageCloser for this reference, possibly specialized for this ImageTransport.
+// The caller must call .Close() on the returned ImageCloser.
+// NOTE: If any kind of signature verification should happen, build an UnparsedImage from the value returned by NewImageSource,
+// verify that UnparsedImage, and convert it into a real Image via image.FromUnparsedImage.
+// WARNING: This may not do the right thing for a manifest list, see image.FromSource for details.
+func (ref openshiftReference) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) {
+ return genericImage.FromReference(ctx, sys, ref)
+}
+
+// NewImageSource returns a types.ImageSource for this reference.
+// The caller must call .Close() on the returned ImageSource.
+func (ref openshiftReference) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) {
+ return newImageSource(sys, ref)
+}
+
+// NewImageDestination returns a types.ImageDestination for this reference.
+// The caller must call .Close() on the returned ImageDestination.
+func (ref openshiftReference) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) {
+ return newImageDestination(ctx, sys, ref)
+}
+
+// DeleteImage deletes the named image from the registry, if supported.
+func (ref openshiftReference) DeleteImage(ctx context.Context, sys *types.SystemContext) error {
+ return errors.New("Deleting images not implemented for atomic: images")
+}
diff --git a/vendor/github.com/containers/image/v5/ostree/ostree_dest.go b/vendor/github.com/containers/image/v5/ostree/ostree_dest.go
new file mode 100644
index 000000000..d00a0cdf8
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/ostree/ostree_dest.go
@@ -0,0 +1,517 @@
+//go:build containers_image_ostree
+// +build containers_image_ostree
+
+package ostree
+
+import (
+ "bytes"
+ "context"
+ "encoding/base64"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "runtime"
+ "strconv"
+ "strings"
+ "syscall"
+ "time"
+ "unsafe"
+
+ "github.com/containers/image/v5/internal/imagedestination/impl"
+ "github.com/containers/image/v5/internal/imagedestination/stubs"
+ "github.com/containers/image/v5/internal/private"
+ "github.com/containers/image/v5/internal/putblobdigest"
+ "github.com/containers/image/v5/internal/signature"
+ "github.com/containers/image/v5/manifest"
+ "github.com/containers/image/v5/types"
+ "github.com/containers/storage/pkg/archive"
+ "github.com/klauspost/pgzip"
+ "github.com/opencontainers/go-digest"
+ selinux "github.com/opencontainers/selinux/go-selinux"
+ "github.com/ostreedev/ostree-go/pkg/otbuiltin"
+ "github.com/vbatts/tar-split/tar/asm"
+ "github.com/vbatts/tar-split/tar/storage"
+)
+
+// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 libselinux
+// #include
+// #include
+// #include
+// #include
+// #include
+// #include
+// #include
+// #include
+import "C"
+
+type blobToImport struct {
+ Size int64
+ Digest digest.Digest
+ BlobPath string
+}
+
+type descriptor struct {
+ Size int64 `json:"size"`
+ Digest digest.Digest `json:"digest"`
+}
+
+type fsLayersSchema1 struct {
+ BlobSum digest.Digest `json:"blobSum"`
+}
+
+type manifestSchema struct {
+ LayersDescriptors []descriptor `json:"layers"`
+ FSLayers []fsLayersSchema1 `json:"fsLayers"`
+}
+
+type ostreeImageDestination struct {
+ impl.Compat
+ impl.PropertyMethodsInitialize
+ stubs.NoPutBlobPartialInitialize
+ stubs.AlwaysSupportsSignatures
+
+ ref ostreeReference
+ manifest string
+ schema manifestSchema
+ tmpDirPath string
+ blobs map[string]*blobToImport
+ digest digest.Digest
+ signaturesLen int
+ repo *C.struct_OstreeRepo
+}
+
+// newImageDestination returns an ImageDestination for writing to an existing ostree.
+func newImageDestination(ref ostreeReference, tmpDirPath string) (private.ImageDestination, error) {
+ tmpDirPath = filepath.Join(tmpDirPath, ref.branchName)
+ if err := ensureDirectoryExists(tmpDirPath); err != nil {
+ return nil, err
+ }
+ d := &ostreeImageDestination{
+ PropertyMethodsInitialize: impl.PropertyMethods(impl.Properties{
+ SupportedManifestMIMETypes: []string{manifest.DockerV2Schema2MediaType},
+ DesiredLayerCompression: types.PreserveOriginal,
+ AcceptsForeignLayerURLs: false,
+ MustMatchRuntimeOS: true,
+ IgnoresEmbeddedDockerReference: false, // N/A, DockerReference() returns nil.
+ HasThreadSafePutBlob: false,
+ }),
+ NoPutBlobPartialInitialize: stubs.NoPutBlobPartial(ref),
+
+ ref: ref,
+ manifest: "",
+ schema: manifestSchema{},
+ tmpDirPath: tmpDirPath,
+ blobs: map[string]*blobToImport{},
+ digest: "",
+ signaturesLen: 0,
+ repo: nil,
+ }
+ d.Compat = impl.AddCompat(d)
+ return d, nil
+}
+
+// Reference returns the reference used to set up this destination. Note that this should directly correspond to user's intent,
+// e.g. it should use the public hostname instead of the result of resolving CNAMEs or following redirects.
+func (d *ostreeImageDestination) Reference() types.ImageReference {
+ return d.ref
+}
+
+// Close removes resources associated with an initialized ImageDestination, if any.
+func (d *ostreeImageDestination) Close() error {
+ if d.repo != nil {
+ C.g_object_unref(C.gpointer(d.repo))
+ }
+ return os.RemoveAll(d.tmpDirPath)
+}
+
+// PutBlobWithOptions writes contents of stream and returns data representing the result.
+// inputInfo.Digest can be optionally provided if known; if provided, and stream is read to the end without error, the digest MUST match the stream contents.
+// inputInfo.Size is the expected length of stream, if known.
+// inputInfo.MediaType describes the blob format, if known.
+// WARNING: The contents of stream are being verified on the fly. Until stream.Read() returns io.EOF, the contents of the data SHOULD NOT be available
+// to any other readers for download using the supplied digest.
+// If stream.Read() at any time, ESPECIALLY at end of input, returns an error, PutBlob MUST 1) fail, and 2) delete any data stored so far.
+func (d *ostreeImageDestination) PutBlobWithOptions(ctx context.Context, stream io.Reader, inputInfo types.BlobInfo, options private.PutBlobOptions) (private.UploadedBlob, error) {
+ tmpDir, err := os.MkdirTemp(d.tmpDirPath, "blob")
+ if err != nil {
+ return private.UploadedBlob{}, err
+ }
+
+ blobPath := filepath.Join(tmpDir, "content")
+ blobFile, err := os.Create(blobPath)
+ if err != nil {
+ return private.UploadedBlob{}, err
+ }
+ defer blobFile.Close()
+
+ digester, stream := putblobdigest.DigestIfCanonicalUnknown(stream, inputInfo)
+ // TODO: This can take quite some time, and should ideally be cancellable using ctx.Done().
+ size, err := io.Copy(blobFile, stream)
+ if err != nil {
+ return private.UploadedBlob{}, err
+ }
+ blobDigest := digester.Digest()
+ if inputInfo.Size != -1 && size != inputInfo.Size {
+ return private.UploadedBlob{}, fmt.Errorf("Size mismatch when copying %s, expected %d, got %d", blobDigest, inputInfo.Size, size)
+ }
+ if err := blobFile.Sync(); err != nil {
+ return private.UploadedBlob{}, err
+ }
+
+ hash := blobDigest.Hex()
+ d.blobs[hash] = &blobToImport{Size: size, Digest: blobDigest, BlobPath: blobPath}
+ return private.UploadedBlob{Digest: blobDigest, Size: size}, nil
+}
+
+func fixFiles(selinuxHnd *C.struct_selabel_handle, root string, dir string, usermode bool) error {
+ entries, err := os.ReadDir(dir)
+ if err != nil {
+ return err
+ }
+
+ for _, entry := range entries {
+ fullpath := filepath.Join(dir, entry.Name())
+ if entry.Type()&(os.ModeNamedPipe|os.ModeSocket|os.ModeDevice) != 0 {
+ if err := os.Remove(fullpath); err != nil {
+ return err
+ }
+ continue
+ }
+
+ info, err := entry.Info()
+ if err != nil {
+ return err
+ }
+ if selinuxHnd != nil {
+ relPath, err := filepath.Rel(root, fullpath)
+ if err != nil {
+ return err
+ }
+ // Handle /exports/hostfs as a special case. Files under this directory are copied to the host,
+ // thus we benefit from maintaining the same SELinux label they would have on the host as we could
+ // use hard links instead of copying the files.
+ relPath = fmt.Sprintf("/%s", strings.TrimPrefix(relPath, "exports/hostfs/"))
+
+ relPathC := C.CString(relPath)
+ defer C.free(unsafe.Pointer(relPathC))
+ var context *C.char
+
+ res, err := C.selabel_lookup_raw(selinuxHnd, &context, relPathC, C.int(info.Mode()&os.ModePerm))
+ if int(res) < 0 && err != syscall.ENOENT {
+ return fmt.Errorf("cannot selabel_lookup_raw %s: %w", relPath, err)
+ }
+ if int(res) == 0 {
+ defer C.freecon(context)
+ fullpathC := C.CString(fullpath)
+ defer C.free(unsafe.Pointer(fullpathC))
+ res, err = C.lsetfilecon_raw(fullpathC, context)
+ if int(res) < 0 {
+ return fmt.Errorf("cannot setfilecon_raw %s to %s: %w", fullpath, C.GoString(context), err)
+ }
+ }
+ }
+
+ if entry.IsDir() {
+ if usermode {
+ if err := os.Chmod(fullpath, info.Mode()|0700); err != nil {
+ return err
+ }
+ }
+ err = fixFiles(selinuxHnd, root, fullpath, usermode)
+ if err != nil {
+ return err
+ }
+ } else if usermode && (entry.Type().IsRegular()) {
+ if err := os.Chmod(fullpath, info.Mode()|0600); err != nil {
+ return err
+ }
+ }
+ }
+
+ return nil
+}
+
+func (d *ostreeImageDestination) ostreeCommit(repo *otbuiltin.Repo, branch string, root string, metadata []string) error {
+ opts := otbuiltin.NewCommitOptions()
+ opts.AddMetadataString = metadata
+ opts.Timestamp = time.Now()
+ // OCI layers have no parent OSTree commit
+ opts.Parent = "0000000000000000000000000000000000000000000000000000000000000000"
+ _, err := repo.Commit(root, branch, opts)
+ return err
+}
+
+func generateTarSplitMetadata(output *bytes.Buffer, file string) (digest.Digest, int64, error) {
+ mfz := pgzip.NewWriter(output)
+ defer mfz.Close()
+ metaPacker := storage.NewJSONPacker(mfz)
+
+ stream, err := os.OpenFile(file, os.O_RDONLY, 0)
+ if err != nil {
+ return "", -1, err
+ }
+ defer stream.Close()
+
+ gzReader, err := archive.DecompressStream(stream)
+ if err != nil {
+ return "", -1, err
+ }
+ defer gzReader.Close()
+
+ its, err := asm.NewInputTarStream(gzReader, metaPacker, nil)
+ if err != nil {
+ return "", -1, err
+ }
+
+ digester := digest.Canonical.Digester()
+
+ written, err := io.Copy(digester.Hash(), its)
+ if err != nil {
+ return "", -1, err
+ }
+
+ return digester.Digest(), written, nil
+}
+
+func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle, repo *otbuiltin.Repo, blob *blobToImport) error {
+ // TODO: This can take quite some time, and should ideally be cancellable using a context.Context.
+
+ ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Hex())
+ destinationPath := filepath.Join(d.tmpDirPath, blob.Digest.Hex(), "root")
+ if err := ensureDirectoryExists(destinationPath); err != nil {
+ return err
+ }
+ defer func() {
+ os.Remove(blob.BlobPath)
+ os.RemoveAll(destinationPath)
+ }()
+
+ var tarSplitOutput bytes.Buffer
+ uncompressedDigest, uncompressedSize, err := generateTarSplitMetadata(&tarSplitOutput, blob.BlobPath)
+ if err != nil {
+ return err
+ }
+
+ if os.Getuid() == 0 {
+ if err := archive.UntarPath(blob.BlobPath, destinationPath); err != nil {
+ return err
+ }
+ if err := fixFiles(selinuxHnd, destinationPath, destinationPath, false); err != nil {
+ return err
+ }
+ } else {
+ os.MkdirAll(destinationPath, 0755)
+ if err := exec.Command("tar", "-C", destinationPath, "--no-same-owner", "--no-same-permissions", "--delay-directory-restore", "-xf", blob.BlobPath).Run(); err != nil {
+ return err
+ }
+
+ if err := fixFiles(selinuxHnd, destinationPath, destinationPath, true); err != nil {
+ return err
+ }
+ }
+ return d.ostreeCommit(repo, ostreeBranch, destinationPath, []string{fmt.Sprintf("docker.size=%d", blob.Size),
+ fmt.Sprintf("docker.uncompressed_size=%d", uncompressedSize),
+ fmt.Sprintf("docker.uncompressed_digest=%s", uncompressedDigest.String()),
+ fmt.Sprintf("tarsplit.output=%s", base64.StdEncoding.EncodeToString(tarSplitOutput.Bytes()))})
+
+}
+
+func (d *ostreeImageDestination) importConfig(repo *otbuiltin.Repo, blob *blobToImport) error {
+ ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Hex())
+ destinationPath := filepath.Dir(blob.BlobPath)
+
+ return d.ostreeCommit(repo, ostreeBranch, destinationPath, []string{fmt.Sprintf("docker.size=%d", blob.Size)})
+}
+
+// TryReusingBlobWithOptions checks whether the transport already contains, or can efficiently reuse, a blob, and if so, applies it to the current destination
+// (e.g. if the blob is a filesystem layer, this signifies that the changes it describes need to be applied again when composing a filesystem tree).
+// info.Digest must not be empty.
+// If the blob has been successfully reused, returns (true, info, nil); info must contain at least a digest and size, and may
+// include CompressionOperation and CompressionAlgorithm fields to indicate that a change to the compression type should be
+// reflected in the manifest that will be written.
+// If the transport can not reuse the requested blob, TryReusingBlob returns (false, {}, nil); it returns a non-nil error only on an unexpected failure.
+func (d *ostreeImageDestination) TryReusingBlobWithOptions(ctx context.Context, info types.BlobInfo, options private.TryReusingBlobOptions) (bool, private.ReusedBlob, error) {
+ if !impl.OriginalBlobMatchesRequiredCompression(options) {
+ return false, private.ReusedBlob{}, nil
+ }
+ if d.repo == nil {
+ repo, err := openRepo(d.ref.repo)
+ if err != nil {
+ return false, private.ReusedBlob{}, err
+ }
+ d.repo = repo
+ }
+ branch := fmt.Sprintf("ociimage/%s", info.Digest.Hex())
+
+ found, data, err := readMetadata(d.repo, branch, "docker.uncompressed_digest")
+ if err != nil || !found {
+ return found, private.ReusedBlob{}, err
+ }
+
+ found, data, err = readMetadata(d.repo, branch, "docker.uncompressed_size")
+ if err != nil || !found {
+ return found, private.ReusedBlob{}, err
+ }
+
+ found, data, err = readMetadata(d.repo, branch, "docker.size")
+ if err != nil || !found {
+ return found, private.ReusedBlob{}, err
+ }
+
+ size, err := strconv.ParseInt(data, 10, 64)
+ if err != nil {
+ return false, private.ReusedBlob{}, err
+ }
+
+ return true, private.ReusedBlob{Digest: info.Digest, Size: size}, nil
+}
+
+// PutManifest writes manifest to the destination.
+// The instanceDigest value is expected to always be nil, because this transport does not support manifest lists, so
+// there can be no secondary manifests.
+// FIXME? This should also receive a MIME type if known, to differentiate between schema versions.
+// If the destination is in principle available, refuses this manifest type (e.g. it does not recognize the schema),
+// but may accept a different manifest type, the returned error must be an ManifestTypeRejectedError.
+func (d *ostreeImageDestination) PutManifest(ctx context.Context, manifestBlob []byte, instanceDigest *digest.Digest) error {
+ if instanceDigest != nil {
+ return errors.New(`Manifest lists are not supported by "ostree:"`)
+ }
+
+ d.manifest = string(manifestBlob)
+
+ if err := json.Unmarshal(manifestBlob, &d.schema); err != nil {
+ return err
+ }
+
+ manifestPath := filepath.Join(d.tmpDirPath, d.ref.manifestPath())
+ if err := ensureParentDirectoryExists(manifestPath); err != nil {
+ return err
+ }
+
+ digest, err := manifest.Digest(manifestBlob)
+ if err != nil {
+ return err
+ }
+ d.digest = digest
+
+ return os.WriteFile(manifestPath, manifestBlob, 0644)
+}
+
+// PutSignaturesWithFormat writes a set of signatures to the destination.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to write or overwrite the signatures for
+// (when the primary manifest is a manifest list); this should always be nil if the primary manifest is not a manifest list.
+// MUST be called after PutManifest (signatures may reference manifest contents).
+func (d *ostreeImageDestination) PutSignaturesWithFormat(ctx context.Context, signatures []signature.Signature, instanceDigest *digest.Digest) error {
+ if instanceDigest != nil {
+ return errors.New(`Manifest lists are not supported by "ostree:"`)
+ }
+
+ path := filepath.Join(d.tmpDirPath, d.ref.signaturePath(0))
+ if err := ensureParentDirectoryExists(path); err != nil {
+ return err
+ }
+
+ for i, sig := range signatures {
+ signaturePath := filepath.Join(d.tmpDirPath, d.ref.signaturePath(i))
+ blob, err := signature.Blob(sig)
+ if err != nil {
+ return err
+ }
+ if err := os.WriteFile(signaturePath, blob, 0644); err != nil {
+ return err
+ }
+ }
+ d.signaturesLen = len(signatures)
+ return nil
+}
+
+func (d *ostreeImageDestination) Commit(context.Context, types.UnparsedImage) error {
+ runtime.LockOSThread()
+ defer runtime.UnlockOSThread()
+
+ repo, err := otbuiltin.OpenRepo(d.ref.repo)
+ if err != nil {
+ return err
+ }
+
+ _, err = repo.PrepareTransaction()
+ if err != nil {
+ return err
+ }
+
+ var selinuxHnd *C.struct_selabel_handle
+
+ if os.Getuid() == 0 && selinux.GetEnabled() {
+ selinuxHnd, err = C.selabel_open(C.SELABEL_CTX_FILE, nil, 0)
+ if selinuxHnd == nil {
+ return fmt.Errorf("cannot open the SELinux DB: %w", err)
+ }
+
+ defer C.selabel_close(selinuxHnd)
+ }
+
+ checkLayer := func(hash string) error {
+ blob := d.blobs[hash]
+ // if the blob is not present in d.blobs then it is already stored in OSTree,
+ // and we don't need to import it.
+ if blob == nil {
+ return nil
+ }
+ err := d.importBlob(selinuxHnd, repo, blob)
+ if err != nil {
+ return err
+ }
+
+ delete(d.blobs, hash)
+ return nil
+ }
+ for _, layer := range d.schema.LayersDescriptors {
+ hash := layer.Digest.Hex()
+ if err = checkLayer(hash); err != nil {
+ return err
+ }
+ }
+ for _, layer := range d.schema.FSLayers {
+ hash := layer.BlobSum.Hex()
+ if err = checkLayer(hash); err != nil {
+ return err
+ }
+ }
+
+ // Import the other blobs that are not layers
+ for _, blob := range d.blobs {
+ err := d.importConfig(repo, blob)
+ if err != nil {
+ return err
+ }
+ }
+
+ manifestPath := filepath.Join(d.tmpDirPath, "manifest")
+
+ metadata := []string{fmt.Sprintf("docker.manifest=%s", string(d.manifest)),
+ fmt.Sprintf("signatures=%d", d.signaturesLen),
+ fmt.Sprintf("docker.digest=%s", string(d.digest))}
+ if err := d.ostreeCommit(repo, fmt.Sprintf("ociimage/%s", d.ref.branchName), manifestPath, metadata); err != nil {
+ return err
+ }
+
+ _, err = repo.CommitTransaction()
+ return err
+}
+
+func ensureDirectoryExists(path string) error {
+ if _, err := os.Stat(path); err != nil && os.IsNotExist(err) {
+ if err := os.MkdirAll(path, 0755); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func ensureParentDirectoryExists(path string) error {
+ return ensureDirectoryExists(filepath.Dir(path))
+}
diff --git a/vendor/github.com/containers/image/v5/ostree/ostree_src.go b/vendor/github.com/containers/image/v5/ostree/ostree_src.go
new file mode 100644
index 000000000..9983acc0a
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/ostree/ostree_src.go
@@ -0,0 +1,450 @@
+//go:build containers_image_ostree
+// +build containers_image_ostree
+
+package ostree
+
+import (
+ "bytes"
+ "context"
+ "encoding/base64"
+ "errors"
+ "fmt"
+ "io"
+ "strconv"
+ "strings"
+ "unsafe"
+
+ "github.com/containers/image/v5/internal/imagesource/impl"
+ "github.com/containers/image/v5/internal/imagesource/stubs"
+ "github.com/containers/image/v5/internal/private"
+ "github.com/containers/image/v5/internal/signature"
+ "github.com/containers/image/v5/manifest"
+ "github.com/containers/image/v5/types"
+ "github.com/containers/storage/pkg/ioutils"
+ "github.com/klauspost/pgzip"
+ digest "github.com/opencontainers/go-digest"
+ glib "github.com/ostreedev/ostree-go/pkg/glibobject"
+ "github.com/vbatts/tar-split/tar/asm"
+ "github.com/vbatts/tar-split/tar/storage"
+)
+
+// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1
+// #include
+// #include
+// #include
+// #include
+// #include
+// #include
+import "C"
+
+type ostreeImageSource struct {
+ impl.Compat
+ impl.PropertyMethodsInitialize
+ stubs.NoGetBlobAtInitialize
+
+ ref ostreeReference
+ tmpDir string
+ repo *C.struct_OstreeRepo
+ // get the compressed layer by its uncompressed checksum
+ compressed map[digest.Digest]digest.Digest
+}
+
+// newImageSource returns an ImageSource for reading from an existing directory.
+func newImageSource(tmpDir string, ref ostreeReference) (private.ImageSource, error) {
+ s := &ostreeImageSource{
+ PropertyMethodsInitialize: impl.PropertyMethods(impl.Properties{
+ HasThreadSafeGetBlob: false,
+ }),
+ NoGetBlobAtInitialize: stubs.NoGetBlobAt(ref),
+
+ ref: ref,
+ tmpDir: tmpDir,
+ compressed: nil,
+ }
+ s.Compat = impl.AddCompat(s)
+ return s, nil
+}
+
+// Reference returns the reference used to set up this source.
+func (s *ostreeImageSource) Reference() types.ImageReference {
+ return s.ref
+}
+
+// Close removes resources associated with an initialized ImageSource, if any.
+func (s *ostreeImageSource) Close() error {
+ if s.repo != nil {
+ C.g_object_unref(C.gpointer(s.repo))
+ }
+ return nil
+}
+
+func (s *ostreeImageSource) getBlobUncompressedSize(blob string, isCompressed bool) (int64, error) {
+ var metadataKey string
+ if isCompressed {
+ metadataKey = "docker.uncompressed_size"
+ } else {
+ metadataKey = "docker.size"
+ }
+ b := fmt.Sprintf("ociimage/%s", blob)
+ found, data, err := readMetadata(s.repo, b, metadataKey)
+ if err != nil || !found {
+ return 0, err
+ }
+ return strconv.ParseInt(data, 10, 64)
+}
+
+func (s *ostreeImageSource) getLenSignatures() (int64, error) {
+ b := fmt.Sprintf("ociimage/%s", s.ref.branchName)
+ found, data, err := readMetadata(s.repo, b, "signatures")
+ if err != nil {
+ return -1, err
+ }
+ if !found {
+ // if 'signatures' is not present, just return 0 signatures.
+ return 0, nil
+ }
+ return strconv.ParseInt(data, 10, 64)
+}
+
+func (s *ostreeImageSource) getTarSplitData(blob string) ([]byte, error) {
+ b := fmt.Sprintf("ociimage/%s", blob)
+ found, out, err := readMetadata(s.repo, b, "tarsplit.output")
+ if err != nil || !found {
+ return nil, err
+ }
+ return base64.StdEncoding.DecodeString(out)
+}
+
+// GetManifest returns the image's manifest along with its MIME type (which may be empty when it can't be determined but the manifest is available).
+// It may use a remote (= slow) service.
+// This source implementation does not support manifest lists, so the passed-in instanceDigest should always be nil,
+// as the primary manifest can not be a list, so there can be non-default instances.
+func (s *ostreeImageSource) GetManifest(ctx context.Context, instanceDigest *digest.Digest) ([]byte, string, error) {
+ if instanceDigest != nil {
+ return nil, "", errors.New(`Manifest lists are not supported by "ostree:"`)
+ }
+ if s.repo == nil {
+ repo, err := openRepo(s.ref.repo)
+ if err != nil {
+ return nil, "", err
+ }
+ s.repo = repo
+ }
+
+ b := fmt.Sprintf("ociimage/%s", s.ref.branchName)
+ found, out, err := readMetadata(s.repo, b, "docker.manifest")
+ if err != nil {
+ return nil, "", err
+ }
+ if !found {
+ return nil, "", errors.New("manifest not found")
+ }
+ m := []byte(out)
+ return m, manifest.GuessMIMEType(m), nil
+}
+
+func (s *ostreeImageSource) GetTargetManifest(digest digest.Digest) ([]byte, string, error) {
+ return nil, "", errors.New("manifest lists are not supported by this transport")
+}
+
+func openRepo(path string) (*C.struct_OstreeRepo, error) {
+ var cerr *C.GError
+ cpath := C.CString(path)
+ defer C.free(unsafe.Pointer(cpath))
+ pathc := C.g_file_new_for_path(cpath)
+ defer C.g_object_unref(C.gpointer(pathc))
+ repo := C.ostree_repo_new(pathc)
+ r := glib.GoBool(glib.GBoolean(C.ostree_repo_open(repo, nil, &cerr)))
+ if !r {
+ C.g_object_unref(C.gpointer(repo))
+ return nil, glib.ConvertGError(glib.ToGError(unsafe.Pointer(cerr)))
+ }
+ return repo, nil
+}
+
+type ostreePathFileGetter struct {
+ repo *C.struct_OstreeRepo
+ parentRoot *C.GFile
+}
+
+type ostreeReader struct {
+ stream *C.GFileInputStream
+}
+
+func (o ostreeReader) Close() error {
+ C.g_object_unref(C.gpointer(o.stream))
+ return nil
+}
+func (o ostreeReader) Read(p []byte) (int, error) {
+ var cerr *C.GError
+ instanceCast := C.g_type_check_instance_cast((*C.GTypeInstance)(unsafe.Pointer(o.stream)), C.g_input_stream_get_type())
+ stream := (*C.GInputStream)(unsafe.Pointer(instanceCast))
+
+ b := C.g_input_stream_read_bytes(stream, (C.gsize)(cap(p)), nil, &cerr)
+ if b == nil {
+ return 0, glib.ConvertGError(glib.ToGError(unsafe.Pointer(cerr)))
+ }
+ defer C.g_bytes_unref(b)
+
+ count := int(C.g_bytes_get_size(b))
+ if count == 0 {
+ return 0, io.EOF
+ }
+ data := (*[1 << 30]byte)(unsafe.Pointer(C.g_bytes_get_data(b, nil)))[:count:count]
+ copy(p, data)
+ return count, nil
+}
+
+func readMetadata(repo *C.struct_OstreeRepo, commit, key string) (bool, string, error) {
+ var cerr *C.GError
+ var ref *C.char
+ defer C.free(unsafe.Pointer(ref))
+
+ cCommit := C.CString(commit)
+ defer C.free(unsafe.Pointer(cCommit))
+
+ if !glib.GoBool(glib.GBoolean(C.ostree_repo_resolve_rev(repo, cCommit, C.gboolean(1), &ref, &cerr))) {
+ return false, "", glib.ConvertGError(glib.ToGError(unsafe.Pointer(cerr)))
+ }
+
+ if ref == nil {
+ return false, "", nil
+ }
+
+ var variant *C.GVariant
+ if !glib.GoBool(glib.GBoolean(C.ostree_repo_load_variant(repo, C.OSTREE_OBJECT_TYPE_COMMIT, ref, &variant, &cerr))) {
+ return false, "", glib.ConvertGError(glib.ToGError(unsafe.Pointer(cerr)))
+ }
+ defer C.g_variant_unref(variant)
+ if variant != nil {
+ cKey := C.CString(key)
+ defer C.free(unsafe.Pointer(cKey))
+
+ metadata := C.g_variant_get_child_value(variant, 0)
+ defer C.g_variant_unref(metadata)
+
+ data := C.g_variant_lookup_value(metadata, (*C.gchar)(cKey), nil)
+ if data != nil {
+ defer C.g_variant_unref(data)
+ ptr := (*C.char)(C.g_variant_get_string(data, nil))
+ val := C.GoString(ptr)
+ return true, val, nil
+ }
+ }
+ return false, "", nil
+}
+
+func newOSTreePathFileGetter(repo *C.struct_OstreeRepo, commit string) (*ostreePathFileGetter, error) {
+ var cerr *C.GError
+ var parentRoot *C.GFile
+ cCommit := C.CString(commit)
+ defer C.free(unsafe.Pointer(cCommit))
+ if !glib.GoBool(glib.GBoolean(C.ostree_repo_read_commit(repo, cCommit, &parentRoot, nil, nil, &cerr))) {
+ return &ostreePathFileGetter{}, glib.ConvertGError(glib.ToGError(unsafe.Pointer(cerr)))
+ }
+
+ C.g_object_ref(C.gpointer(repo))
+
+ return &ostreePathFileGetter{repo: repo, parentRoot: parentRoot}, nil
+}
+
+func (o ostreePathFileGetter) Get(filename string) (io.ReadCloser, error) {
+ var file *C.GFile
+ if strings.HasPrefix(filename, "./") {
+ filename = filename[2:]
+ }
+ cfilename := C.CString(filename)
+ defer C.free(unsafe.Pointer(cfilename))
+
+ file = (*C.GFile)(C.g_file_resolve_relative_path(o.parentRoot, cfilename))
+
+ var cerr *C.GError
+ stream := C.g_file_read(file, nil, &cerr)
+ if stream == nil {
+ return nil, glib.ConvertGError(glib.ToGError(unsafe.Pointer(cerr)))
+ }
+
+ return &ostreeReader{stream: stream}, nil
+}
+
+func (o ostreePathFileGetter) Close() {
+ C.g_object_unref(C.gpointer(o.repo))
+ C.g_object_unref(C.gpointer(o.parentRoot))
+}
+
+func (s *ostreeImageSource) readSingleFile(commit, path string) (io.ReadCloser, error) {
+ getter, err := newOSTreePathFileGetter(s.repo, commit)
+ if err != nil {
+ return nil, err
+ }
+ defer getter.Close()
+
+ return getter.Get(path)
+}
+
+// GetBlob returns a stream for the specified blob, and the blob’s size (or -1 if unknown).
+// The Digest field in BlobInfo is guaranteed to be provided, Size may be -1 and MediaType may be optionally provided.
+// May update BlobInfoCache, preferably after it knows for certain that a blob truly exists at a specific location.
+func (s *ostreeImageSource) GetBlob(ctx context.Context, info types.BlobInfo, cache types.BlobInfoCache) (io.ReadCloser, int64, error) {
+
+ blob := info.Digest.Hex()
+
+ // Ensure s.compressed is initialized. It is build by LayerInfosForCopy.
+ if s.compressed == nil {
+ _, err := s.LayerInfosForCopy(ctx, nil)
+ if err != nil {
+ return nil, -1, err
+ }
+
+ }
+ compressedBlob, isCompressed := s.compressed[info.Digest]
+ if isCompressed {
+ blob = compressedBlob.Hex()
+ }
+ branch := fmt.Sprintf("ociimage/%s", blob)
+
+ if s.repo == nil {
+ repo, err := openRepo(s.ref.repo)
+ if err != nil {
+ return nil, 0, err
+ }
+ s.repo = repo
+ }
+
+ layerSize, err := s.getBlobUncompressedSize(blob, isCompressed)
+ if err != nil {
+ return nil, 0, err
+ }
+
+ tarsplit, err := s.getTarSplitData(blob)
+ if err != nil {
+ return nil, 0, err
+ }
+
+ // if tarsplit is nil we are looking at the manifest. Return directly the file in /content
+ if tarsplit == nil {
+ file, err := s.readSingleFile(branch, "/content")
+ if err != nil {
+ return nil, 0, err
+ }
+ return file, layerSize, nil
+ }
+
+ mf := bytes.NewReader(tarsplit)
+ mfz, err := pgzip.NewReader(mf)
+ if err != nil {
+ return nil, 0, err
+ }
+ metaUnpacker := storage.NewJSONUnpacker(mfz)
+
+ getter, err := newOSTreePathFileGetter(s.repo, branch)
+ if err != nil {
+ mfz.Close()
+ return nil, 0, err
+ }
+
+ ots := asm.NewOutputTarStream(getter, metaUnpacker)
+
+ rc := ioutils.NewReadCloserWrapper(ots, func() error {
+ getter.Close()
+ mfz.Close()
+ return ots.Close()
+ })
+ return rc, layerSize, nil
+}
+
+// GetSignaturesWithFormat returns the image's signatures. It may use a remote (= slow) service.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to retrieve signatures for
+// (when the primary manifest is a manifest list); this never happens if the primary manifest is not a manifest list
+// (e.g. if the source never returns manifest lists).
+func (s *ostreeImageSource) GetSignaturesWithFormat(ctx context.Context, instanceDigest *digest.Digest) ([]signature.Signature, error) {
+ if instanceDigest != nil {
+ return nil, errors.New(`Manifest lists are not supported by "ostree:"`)
+ }
+ lenSignatures, err := s.getLenSignatures()
+ if err != nil {
+ return nil, err
+ }
+ branch := fmt.Sprintf("ociimage/%s", s.ref.branchName)
+
+ if s.repo == nil {
+ repo, err := openRepo(s.ref.repo)
+ if err != nil {
+ return nil, err
+ }
+ s.repo = repo
+ }
+
+ signatures := []signature.Signature{}
+ for i := int64(1); i <= lenSignatures; i++ {
+ path := fmt.Sprintf("/signature-%d", i)
+ sigReader, err := s.readSingleFile(branch, path)
+ if err != nil {
+ return nil, err
+ }
+ defer sigReader.Close()
+
+ sigBlob, err := io.ReadAll(sigReader)
+ if err != nil {
+ return nil, err
+ }
+ sig, err := signature.FromBlob(sigBlob)
+ if err != nil {
+ return nil, fmt.Errorf("parsing signature %q: %w", path, err)
+ }
+ signatures = append(signatures, sig)
+ }
+ return signatures, nil
+}
+
+// LayerInfosForCopy returns either nil (meaning the values in the manifest are fine), or updated values for the layer
+// blobsums that are listed in the image's manifest. If values are returned, they should be used when using GetBlob()
+// to read the image's layers.
+// This source implementation does not support manifest lists, so the passed-in instanceDigest should always be nil,
+// as the primary manifest can not be a list, so there can be secondary manifests.
+// The Digest field is guaranteed to be provided; Size may be -1.
+// WARNING: The list may contain duplicates, and they are semantically relevant.
+func (s *ostreeImageSource) LayerInfosForCopy(ctx context.Context, instanceDigest *digest.Digest) ([]types.BlobInfo, error) {
+ if instanceDigest != nil {
+ return nil, errors.New(`Manifest lists are not supported by "ostree:"`)
+ }
+
+ updatedBlobInfos := []types.BlobInfo{}
+ manifestBlob, manifestType, err := s.GetManifest(ctx, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ man, err := manifest.FromBlob(manifestBlob, manifestType)
+
+ s.compressed = make(map[digest.Digest]digest.Digest)
+
+ layerBlobs := man.LayerInfos()
+
+ for _, layerBlob := range layerBlobs {
+ branch := fmt.Sprintf("ociimage/%s", layerBlob.Digest.Hex())
+ found, uncompressedDigestStr, err := readMetadata(s.repo, branch, "docker.uncompressed_digest")
+ if err != nil || !found {
+ return nil, err
+ }
+
+ found, uncompressedSizeStr, err := readMetadata(s.repo, branch, "docker.uncompressed_size")
+ if err != nil || !found {
+ return nil, err
+ }
+
+ uncompressedSize, err := strconv.ParseInt(uncompressedSizeStr, 10, 64)
+ if err != nil {
+ return nil, err
+ }
+ uncompressedDigest := digest.Digest(uncompressedDigestStr)
+ blobInfo := types.BlobInfo{
+ Digest: uncompressedDigest,
+ Size: uncompressedSize,
+ MediaType: layerBlob.MediaType,
+ }
+ s.compressed[uncompressedDigest] = layerBlob.Digest
+ updatedBlobInfos = append(updatedBlobInfos, blobInfo)
+ }
+ return updatedBlobInfos, nil
+}
diff --git a/vendor/github.com/containers/image/v5/ostree/ostree_transport.go b/vendor/github.com/containers/image/v5/ostree/ostree_transport.go
new file mode 100644
index 000000000..d83f85b90
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/ostree/ostree_transport.go
@@ -0,0 +1,242 @@
+//go:build containers_image_ostree
+// +build containers_image_ostree
+
+package ostree
+
+import (
+ "bytes"
+ "context"
+ "errors"
+ "fmt"
+ "os"
+ "path/filepath"
+ "strings"
+
+ "github.com/containers/image/v5/directory/explicitfilepath"
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/internal/image"
+ "github.com/containers/image/v5/transports"
+ "github.com/containers/image/v5/types"
+ "github.com/containers/storage/pkg/regexp"
+)
+
+const defaultOSTreeRepo = "/ostree/repo"
+
+// Transport is an ImageTransport for ostree paths.
+var Transport = ostreeTransport{}
+
+type ostreeTransport struct{}
+
+func (t ostreeTransport) Name() string {
+ return "ostree"
+}
+
+func init() {
+ transports.Register(Transport)
+}
+
+// ValidatePolicyConfigurationScope checks that scope is a valid name for a signature.PolicyTransportScopes keys
+// (i.e. a valid PolicyConfigurationIdentity() or PolicyConfigurationNamespaces() return value).
+// It is acceptable to allow an invalid value which will never be matched, it can "only" cause user confusion.
+// scope passed to this function will not be "", that value is always allowed.
+func (t ostreeTransport) ValidatePolicyConfigurationScope(scope string) error {
+ sep := strings.Index(scope, ":")
+ if sep < 0 {
+ return fmt.Errorf("Invalid ostree: scope %s: Must include a repo", scope)
+ }
+ repo := scope[:sep]
+
+ if !strings.HasPrefix(repo, "/") {
+ return fmt.Errorf("Invalid ostree: scope %s: repository must be an absolute path", scope)
+ }
+ cleaned := filepath.Clean(repo)
+ if cleaned != repo {
+ return fmt.Errorf(`Invalid ostree: scope %s: Uses non-canonical path format, perhaps try with path %s`, scope, cleaned)
+ }
+
+ // FIXME? In the namespaces within a repo,
+ // we could be verifying the various character set and length restrictions
+ // from docker/distribution/reference.regexp.go, but other than that there
+ // are few semantically invalid strings.
+ return nil
+}
+
+// ostreeReference is an ImageReference for ostree paths.
+type ostreeReference struct {
+ image string
+ branchName string
+ repo string
+}
+
+type ostreeImageCloser struct {
+ types.ImageCloser
+ size int64
+}
+
+func (t ostreeTransport) ParseReference(ref string) (types.ImageReference, error) {
+ var repo = ""
+ image, repoPart, gotRepoPart := strings.Cut(ref, "@/")
+ if !gotRepoPart {
+ repo = defaultOSTreeRepo
+ } else {
+ repo = "/" + repoPart
+ }
+
+ return NewReference(image, repo)
+}
+
+// NewReference returns an OSTree reference for a specified repo and image.
+func NewReference(image string, repo string) (types.ImageReference, error) {
+ // image is not _really_ in a containers/image/docker/reference format;
+ // as far as the libOSTree ociimage/* namespace is concerned, it is more or
+ // less an arbitrary string with an implied tag.
+ // Parse the image using reference.ParseNormalizedNamed so that we can
+ // check whether the images has a tag specified and we can add ":latest" if needed
+ ostreeImage, err := reference.ParseNormalizedNamed(image)
+ if err != nil {
+ return nil, err
+ }
+
+ if reference.IsNameOnly(ostreeImage) {
+ image = image + ":latest"
+ }
+
+ resolved, err := explicitfilepath.ResolvePathToFullyExplicit(repo)
+ if err != nil {
+ // With os.IsNotExist(err), the parent directory of repo is also not existent;
+ // that should ordinarily not happen, but it would be a bit weird to reject
+ // references which do not specify a repo just because the implicit defaultOSTreeRepo
+ // does not exist.
+ if os.IsNotExist(err) && repo == defaultOSTreeRepo {
+ resolved = repo
+ } else {
+ return nil, err
+ }
+ }
+ // This is necessary to prevent directory paths returned by PolicyConfigurationNamespaces
+ // from being ambiguous with values of PolicyConfigurationIdentity.
+ if strings.Contains(resolved, ":") {
+ return nil, fmt.Errorf("Invalid OSTree reference %s@%s: path %s contains a colon", image, repo, resolved)
+ }
+
+ return ostreeReference{
+ image: image,
+ branchName: encodeOStreeRef(image),
+ repo: resolved,
+ }, nil
+}
+
+func (ref ostreeReference) Transport() types.ImageTransport {
+ return Transport
+}
+
+// StringWithinTransport returns a string representation of the reference, which MUST be such that
+// reference.Transport().ParseReference(reference.StringWithinTransport()) returns an equivalent reference.
+// NOTE: The returned string is not promised to be equal to the original input to ParseReference;
+// e.g. default attribute values omitted by the user may be filled in the return value, or vice versa.
+// WARNING: Do not use the return value in the UI to describe an image, it does not contain the Transport().Name() prefix.
+func (ref ostreeReference) StringWithinTransport() string {
+ return fmt.Sprintf("%s@%s", ref.image, ref.repo)
+}
+
+// DockerReference returns a Docker reference associated with this reference
+// (fully explicit, i.e. !reference.IsNameOnly, but reflecting user intent,
+// not e.g. after redirect or alias processing), or nil if unknown/not applicable.
+func (ref ostreeReference) DockerReference() reference.Named {
+ return nil
+}
+
+func (ref ostreeReference) PolicyConfigurationIdentity() string {
+ return fmt.Sprintf("%s:%s", ref.repo, ref.image)
+}
+
+// PolicyConfigurationNamespaces returns a list of other policy configuration namespaces to search
+// for if explicit configuration for PolicyConfigurationIdentity() is not set. The list will be processed
+// in order, terminating on first match, and an implicit "" is always checked at the end.
+// It is STRONGLY recommended for the first element, if any, to be a prefix of PolicyConfigurationIdentity(),
+// and each following element to be a prefix of the element preceding it.
+func (ref ostreeReference) PolicyConfigurationNamespaces() []string {
+ repo, _, gotTag := strings.Cut(ref.image, ":")
+ if !gotTag { // Coverage: Should never happen, NewReference above ensures ref.image has a :tag.
+ panic(fmt.Sprintf("Internal inconsistency: ref.image value %q does not have a :tag", ref.image))
+ }
+ name := repo
+ res := []string{}
+ for {
+ res = append(res, fmt.Sprintf("%s:%s", ref.repo, name))
+
+ lastSlash := strings.LastIndex(name, "/")
+ if lastSlash == -1 {
+ break
+ }
+ name = name[:lastSlash]
+ }
+ return res
+}
+
+func (s *ostreeImageCloser) Size() (int64, error) {
+ return s.size, nil
+}
+
+// NewImage returns a types.ImageCloser for this reference, possibly specialized for this ImageTransport.
+// The caller must call .Close() on the returned ImageCloser.
+// NOTE: If any kind of signature verification should happen, build an UnparsedImage from the value returned by NewImageSource,
+// verify that UnparsedImage, and convert it into a real Image via image.FromUnparsedImage.
+func (ref ostreeReference) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) {
+ return image.FromReference(ctx, sys, ref)
+}
+
+// NewImageSource returns a types.ImageSource for this reference.
+// The caller must call .Close() on the returned ImageSource.
+func (ref ostreeReference) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) {
+ var tmpDir string
+ if sys == nil || sys.OSTreeTmpDirPath == "" {
+ tmpDir = os.TempDir()
+ } else {
+ tmpDir = sys.OSTreeTmpDirPath
+ }
+ return newImageSource(tmpDir, ref)
+}
+
+// NewImageDestination returns a types.ImageDestination for this reference.
+// The caller must call .Close() on the returned ImageDestination.
+func (ref ostreeReference) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) {
+ var tmpDir string
+ if sys == nil || sys.OSTreeTmpDirPath == "" {
+ tmpDir = os.TempDir()
+ } else {
+ tmpDir = sys.OSTreeTmpDirPath
+ }
+ return newImageDestination(ref, tmpDir)
+}
+
+// DeleteImage deletes the named image from the registry, if supported.
+func (ref ostreeReference) DeleteImage(ctx context.Context, sys *types.SystemContext) error {
+ return errors.New("Deleting images not implemented for ostree: images")
+}
+
+var ostreeRefRegexp = regexp.Delayed(`^[A-Za-z0-9.-]$`)
+
+func encodeOStreeRef(in string) string {
+ var buffer bytes.Buffer
+ for i := range in {
+ sub := in[i : i+1]
+ if ostreeRefRegexp.MatchString(sub) {
+ buffer.WriteString(sub)
+ } else {
+ buffer.WriteString(fmt.Sprintf("_%02X", sub[0]))
+ }
+
+ }
+ return buffer.String()
+}
+
+// manifestPath returns a path for the manifest within a ostree using our conventions.
+func (ref ostreeReference) manifestPath() string {
+ return filepath.Join("manifest", "manifest.json")
+}
+
+// signaturePath returns a path for a signature within a ostree using our conventions.
+func (ref ostreeReference) signaturePath(index int) string {
+ return filepath.Join("manifest", fmt.Sprintf("signature-%d", index+1))
+}
diff --git a/vendor/github.com/containers/image/v5/sif/load.go b/vendor/github.com/containers/image/v5/sif/load.go
new file mode 100644
index 000000000..70758ad43
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/sif/load.go
@@ -0,0 +1,210 @@
+package sif
+
+import (
+ "bufio"
+ "context"
+ "fmt"
+ "io"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "strings"
+
+ "github.com/sirupsen/logrus"
+ "github.com/sylabs/sif/v2/pkg/sif"
+)
+
+// injectedScriptTargetPath is the path injectedScript should be written to in the created image.
+const injectedScriptTargetPath = "/podman/runscript"
+
+// parseDefFile parses a SIF definition file from reader,
+// and returns non-trivial contents of the %environment and %runscript sections.
+func parseDefFile(reader io.Reader) ([]string, []string, error) {
+ type parserState int
+ const (
+ parsingOther parserState = iota
+ parsingEnvironment
+ parsingRunscript
+ )
+
+ environment := []string{}
+ runscript := []string{}
+
+ state := parsingOther
+ scanner := bufio.NewScanner(reader)
+ for scanner.Scan() {
+ s := strings.TrimSpace(scanner.Text())
+ switch {
+ case s == `%environment`:
+ state = parsingEnvironment
+ case s == `%runscript`:
+ state = parsingRunscript
+ case strings.HasPrefix(s, "%"):
+ state = parsingOther
+ case state == parsingEnvironment:
+ if s != "" && !strings.HasPrefix(s, "#") {
+ environment = append(environment, s)
+ }
+ case state == parsingRunscript:
+ runscript = append(runscript, s)
+ default: // parsingOther: ignore the line
+ }
+ }
+ if err := scanner.Err(); err != nil {
+ return nil, nil, fmt.Errorf("reading lines from SIF definition file object: %w", err)
+ }
+ return environment, runscript, nil
+}
+
+// generateInjectedScript generates a shell script based on
+// SIF definition file %environment and %runscript data, and returns it.
+func generateInjectedScript(environment []string, runscript []string) []byte {
+ script := fmt.Sprintf("#!/bin/bash\n"+
+ "%s\n"+
+ "%s\n", strings.Join(environment, "\n"), strings.Join(runscript, "\n"))
+ return []byte(script)
+}
+
+// processDefFile finds sif.DataDeffile in sifImage, if any,
+// and returns:
+// - the command to run
+// - contents of a script to inject as injectedScriptTargetPath, or nil
+func processDefFile(sifImage *sif.FileImage) (string, []byte, error) {
+ var environment, runscript []string
+
+ desc, err := sifImage.GetDescriptor(sif.WithDataType(sif.DataDeffile))
+ if err == nil {
+ environment, runscript, err = parseDefFile(desc.GetReader())
+ if err != nil {
+ return "", nil, err
+ }
+ }
+
+ var command string
+ var injectedScript []byte
+ if len(environment) == 0 && len(runscript) == 0 {
+ command = "bash"
+ injectedScript = nil
+ } else {
+ injectedScript = generateInjectedScript(environment, runscript)
+ command = injectedScriptTargetPath
+ }
+
+ return command, injectedScript, nil
+}
+
+func writeInjectedScript(extractedRootPath string, injectedScript []byte) error {
+ if injectedScript == nil {
+ return nil
+ }
+ filePath := filepath.Join(extractedRootPath, injectedScriptTargetPath)
+ parentDirPath := filepath.Dir(filePath)
+ if err := os.MkdirAll(parentDirPath, 0755); err != nil {
+ return fmt.Errorf("creating %s: %w", parentDirPath, err)
+ }
+ if err := os.WriteFile(filePath, injectedScript, 0755); err != nil {
+ return fmt.Errorf("writing %s to %s: %w", injectedScriptTargetPath, filePath, err)
+ }
+ return nil
+}
+
+// createTarFromSIFInputs creates a tar file at tarPath, using a squashfs image at squashFSPath.
+// It can also use extractedRootPath and scriptPath, which are allocated for its exclusive use,
+// if necessary.
+func createTarFromSIFInputs(ctx context.Context, tarPath, squashFSPath string, injectedScript []byte, extractedRootPath, scriptPath string) error {
+ // It's safe for the Remove calls to happen even before we create the files, because tempDir is exclusive
+ // for our use.
+ defer os.RemoveAll(extractedRootPath)
+
+ // Almost everything in extractedRootPath comes from squashFSPath.
+ conversionCommand := fmt.Sprintf("unsquashfs -d %s -f %s && tar --acls --xattrs -C %s -cpf %s ./",
+ extractedRootPath, squashFSPath, extractedRootPath, tarPath)
+ script := "#!/bin/sh\n" + conversionCommand + "\n"
+ if err := os.WriteFile(scriptPath, []byte(script), 0755); err != nil {
+ return err
+ }
+ defer os.Remove(scriptPath)
+
+ // On top of squashFSPath, we only add injectedScript, if necessary.
+ if err := writeInjectedScript(extractedRootPath, injectedScript); err != nil {
+ return err
+ }
+
+ logrus.Debugf("Converting squashfs to tar, command: %s ...", conversionCommand)
+ cmd := exec.CommandContext(ctx, "fakeroot", "--", scriptPath)
+ output, err := cmd.CombinedOutput()
+ if err != nil {
+ return fmt.Errorf("converting image: %w, output: %s", err, string(output))
+ }
+ logrus.Debugf("... finished converting squashfs to tar")
+ return nil
+}
+
+// convertSIFToElements processes sifImage and creates/returns
+// the relevant elements for constructing an OCI-like image:
+// - A path to a tar file containing a root filesystem,
+// - A command to run.
+// The returned tar file path is inside tempDir, which can be assumed to be empty
+// at start, and is exclusively used by the current process (i.e. it is safe
+// to use hard-coded relative paths within it).
+func convertSIFToElements(ctx context.Context, sifImage *sif.FileImage, tempDir string) (string, []string, error) {
+ // We could allocate unique names for all of these using os.{CreateTemp,MkdirTemp}, but tempDir is exclusive,
+ // so we can just hard-code a set of unique values here.
+ // We create and/or manage cleanup of these two paths.
+ squashFSPath := filepath.Join(tempDir, "rootfs.squashfs")
+ tarPath := filepath.Join(tempDir, "rootfs.tar")
+ // We only allocate these paths, the user is responsible for cleaning them up.
+ extractedRootPath := filepath.Join(tempDir, "rootfs")
+ scriptPath := filepath.Join(tempDir, "script")
+
+ succeeded := false
+ // It's safe for the Remove calls to happen even before we create the files, because tempDir is exclusive
+ // for our use.
+ // Ideally we would remove squashFSPath immediately after creating extractedRootPath, but we need
+ // to run both creation and consumption of extractedRootPath in the same fakeroot context.
+ // So, overall, this process requires at least 2 compressed copies (SIF and squashFSPath) and 2
+ // uncompressed copies (extractedRootPath and tarPath) of the data, all using up space at the same time.
+ // That's rather unsatisfactory, ideally we would be streaming the data directly from a squashfs parser
+ // reading from the SIF file to a tarball, for 1 compressed and 1 uncompressed copy.
+ defer os.Remove(squashFSPath)
+ defer func() {
+ if !succeeded {
+ os.Remove(tarPath)
+ }
+ }()
+
+ command, injectedScript, err := processDefFile(sifImage)
+ if err != nil {
+ return "", nil, err
+ }
+
+ rootFS, err := sifImage.GetDescriptor(sif.WithPartitionType(sif.PartPrimSys))
+ if err != nil {
+ return "", nil, fmt.Errorf("looking up rootfs from SIF file: %w", err)
+ }
+ // TODO: We'd prefer not to make a full copy of the file here; unsquashfs ≥ 4.4
+ // has an -o option that allows extracting a squashfs from the SIF file directly,
+ // but that version is not currently available in RHEL 8.
+ logrus.Debugf("Creating a temporary squashfs image %s ...", squashFSPath)
+ if err := func() error { // A scope for defer
+ f, err := os.Create(squashFSPath)
+ if err != nil {
+ return err
+ }
+ defer f.Close()
+ // TODO: This can take quite some time, and should ideally be cancellable using ctx.Done().
+ if _, err := io.CopyN(f, rootFS.GetReader(), rootFS.Size()); err != nil {
+ return err
+ }
+ return nil
+ }(); err != nil {
+ return "", nil, err
+ }
+ logrus.Debugf("... finished creating a temporary squashfs image")
+
+ if err := createTarFromSIFInputs(ctx, tarPath, squashFSPath, injectedScript, extractedRootPath, scriptPath); err != nil {
+ return "", nil, err
+ }
+ succeeded = true
+ return tarPath, []string{command}, nil
+}
diff --git a/vendor/github.com/containers/image/v5/sif/src.go b/vendor/github.com/containers/image/v5/sif/src.go
new file mode 100644
index 000000000..261cfbe77
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/sif/src.go
@@ -0,0 +1,206 @@
+package sif
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "os"
+
+ "github.com/containers/image/v5/internal/imagesource/impl"
+ "github.com/containers/image/v5/internal/imagesource/stubs"
+ "github.com/containers/image/v5/internal/private"
+ "github.com/containers/image/v5/internal/tmpdir"
+ "github.com/containers/image/v5/types"
+ "github.com/opencontainers/go-digest"
+ imgspecs "github.com/opencontainers/image-spec/specs-go"
+ imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
+ "github.com/sirupsen/logrus"
+ "github.com/sylabs/sif/v2/pkg/sif"
+)
+
+type sifImageSource struct {
+ impl.Compat
+ impl.PropertyMethodsInitialize
+ impl.NoSignatures
+ impl.DoesNotAffectLayerInfosForCopy
+ stubs.NoGetBlobAtInitialize
+
+ ref sifReference
+ workDir string
+ layerDigest digest.Digest
+ layerSize int64
+ layerFile string
+ config []byte
+ configDigest digest.Digest
+ manifest []byte
+}
+
+// getBlobInfo returns the digest, and size of the provided file.
+func getBlobInfo(path string) (digest.Digest, int64, error) {
+ f, err := os.Open(path)
+ if err != nil {
+ return "", -1, fmt.Errorf("opening %q for reading: %w", path, err)
+ }
+ defer f.Close()
+
+ // TODO: Instead of writing the tar file to disk, and reading
+ // it here again, stream the tar file to a pipe and
+ // compute the digest while writing it to disk.
+ logrus.Debugf("Computing a digest of the SIF conversion output...")
+ digester := digest.Canonical.Digester()
+ // TODO: This can take quite some time, and should ideally be cancellable using ctx.Done().
+ size, err := io.Copy(digester.Hash(), f)
+ if err != nil {
+ return "", -1, fmt.Errorf("reading %q: %w", path, err)
+ }
+ digest := digester.Digest()
+ logrus.Debugf("... finished computing the digest of the SIF conversion output")
+
+ return digest, size, nil
+}
+
+// newImageSource returns an ImageSource for reading from an existing directory.
+// newImageSource extracts SIF objects and saves them in a temp directory.
+func newImageSource(ctx context.Context, sys *types.SystemContext, ref sifReference) (private.ImageSource, error) {
+ sifImg, err := sif.LoadContainerFromPath(ref.file, sif.OptLoadWithFlag(os.O_RDONLY))
+ if err != nil {
+ return nil, fmt.Errorf("loading SIF file: %w", err)
+ }
+ defer func() {
+ _ = sifImg.UnloadContainer()
+ }()
+
+ workDir, err := tmpdir.MkDirBigFileTemp(sys, "sif")
+ if err != nil {
+ return nil, fmt.Errorf("creating temp directory: %w", err)
+ }
+ succeeded := false
+ defer func() {
+ if !succeeded {
+ os.RemoveAll(workDir)
+ }
+ }()
+
+ layerPath, commandLine, err := convertSIFToElements(ctx, sifImg, workDir)
+ if err != nil {
+ return nil, fmt.Errorf("converting rootfs from SquashFS to Tarball: %w", err)
+ }
+
+ layerDigest, layerSize, err := getBlobInfo(layerPath)
+ if err != nil {
+ return nil, fmt.Errorf("gathering blob information: %w", err)
+ }
+
+ created := sifImg.ModifiedAt()
+ config := imgspecv1.Image{
+ Created: &created,
+ Platform: imgspecv1.Platform{
+ Architecture: sifImg.PrimaryArch(),
+ OS: "linux",
+ },
+ Config: imgspecv1.ImageConfig{
+ Cmd: commandLine,
+ },
+ RootFS: imgspecv1.RootFS{
+ Type: "layers",
+ DiffIDs: []digest.Digest{layerDigest},
+ },
+ History: []imgspecv1.History{
+ {
+ Created: &created,
+ CreatedBy: fmt.Sprintf("/bin/sh -c #(nop) ADD file:%s in %c", layerDigest.Hex(), os.PathSeparator),
+ Comment: "imported from SIF, uuid: " + sifImg.ID(),
+ },
+ {
+ Created: &created,
+ CreatedBy: "/bin/sh -c #(nop) CMD [\"bash\"]",
+ EmptyLayer: true,
+ },
+ },
+ }
+ configBytes, err := json.Marshal(&config)
+ if err != nil {
+ return nil, fmt.Errorf("generating configuration blob for %q: %w", ref.resolvedFile, err)
+ }
+ configDigest := digest.Canonical.FromBytes(configBytes)
+
+ manifest := imgspecv1.Manifest{
+ Versioned: imgspecs.Versioned{SchemaVersion: 2},
+ MediaType: imgspecv1.MediaTypeImageManifest,
+ Config: imgspecv1.Descriptor{
+ Digest: configDigest,
+ Size: int64(len(configBytes)),
+ MediaType: imgspecv1.MediaTypeImageConfig,
+ },
+ Layers: []imgspecv1.Descriptor{{
+ Digest: layerDigest,
+ Size: layerSize,
+ MediaType: imgspecv1.MediaTypeImageLayer,
+ }},
+ }
+ manifestBytes, err := json.Marshal(&manifest)
+ if err != nil {
+ return nil, fmt.Errorf("generating manifest for %q: %w", ref.resolvedFile, err)
+ }
+
+ succeeded = true
+ s := &sifImageSource{
+ PropertyMethodsInitialize: impl.PropertyMethods(impl.Properties{
+ HasThreadSafeGetBlob: true,
+ }),
+ NoGetBlobAtInitialize: stubs.NoGetBlobAt(ref),
+
+ ref: ref,
+ workDir: workDir,
+ layerDigest: layerDigest,
+ layerSize: layerSize,
+ layerFile: layerPath,
+ config: configBytes,
+ configDigest: configDigest,
+ manifest: manifestBytes,
+ }
+ s.Compat = impl.AddCompat(s)
+ return s, nil
+}
+
+// Reference returns the reference used to set up this source.
+func (s *sifImageSource) Reference() types.ImageReference {
+ return s.ref
+}
+
+// Close removes resources associated with an initialized ImageSource, if any.
+func (s *sifImageSource) Close() error {
+ return os.RemoveAll(s.workDir)
+}
+
+// GetBlob returns a stream for the specified blob, and the blob’s size (or -1 if unknown).
+// The Digest field in BlobInfo is guaranteed to be provided, Size may be -1 and MediaType may be optionally provided.
+// May update BlobInfoCache, preferably after it knows for certain that a blob truly exists at a specific location.
+func (s *sifImageSource) GetBlob(ctx context.Context, info types.BlobInfo, cache types.BlobInfoCache) (io.ReadCloser, int64, error) {
+ switch info.Digest {
+ case s.configDigest:
+ return io.NopCloser(bytes.NewReader(s.config)), int64(len(s.config)), nil
+ case s.layerDigest:
+ reader, err := os.Open(s.layerFile)
+ if err != nil {
+ return nil, -1, fmt.Errorf("opening %q: %w", s.layerFile, err)
+ }
+ return reader, s.layerSize, nil
+ default:
+ return nil, -1, fmt.Errorf("no blob with digest %q found", info.Digest.String())
+ }
+}
+
+// GetManifest returns the image's manifest along with its MIME type (which may be empty when it can't be determined but the manifest is available).
+// It may use a remote (= slow) service.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to retrieve (when the primary manifest is a manifest list);
+// this never happens if the primary manifest is not a manifest list (e.g. if the source never returns manifest lists).
+func (s *sifImageSource) GetManifest(ctx context.Context, instanceDigest *digest.Digest) ([]byte, string, error) {
+ if instanceDigest != nil {
+ return nil, "", errors.New("manifest lists are not supported by the sif transport")
+ }
+ return s.manifest, imgspecv1.MediaTypeImageManifest, nil
+}
diff --git a/vendor/github.com/containers/image/v5/sif/transport.go b/vendor/github.com/containers/image/v5/sif/transport.go
new file mode 100644
index 000000000..4c0901071
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/sif/transport.go
@@ -0,0 +1,160 @@
+package sif
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "path/filepath"
+ "strings"
+
+ "github.com/containers/image/v5/directory/explicitfilepath"
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/internal/image"
+ "github.com/containers/image/v5/transports"
+ "github.com/containers/image/v5/types"
+)
+
+func init() {
+ transports.Register(Transport)
+}
+
+// Transport is an ImageTransport for SIF images.
+var Transport = sifTransport{}
+
+type sifTransport struct{}
+
+func (t sifTransport) Name() string {
+ return "sif"
+}
+
+// ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an ImageReference.
+func (t sifTransport) ParseReference(reference string) (types.ImageReference, error) {
+ return NewReference(reference)
+}
+
+// ValidatePolicyConfigurationScope checks that scope is a valid name for a signature.PolicyTransportScopes keys
+// (i.e. a valid PolicyConfigurationIdentity() or PolicyConfigurationNamespaces() return value).
+// It is acceptable to allow an invalid value which will never be matched, it can "only" cause user confusion.
+// scope passed to this function will not be "", that value is always allowed.
+func (t sifTransport) ValidatePolicyConfigurationScope(scope string) error {
+ if !strings.HasPrefix(scope, "/") {
+ return fmt.Errorf("Invalid scope %s: Must be an absolute path", scope)
+ }
+ // Refuse also "/", otherwise "/" and "" would have the same semantics,
+ // and "" could be unexpectedly shadowed by the "/" entry.
+ if scope == "/" {
+ return errors.New(`Invalid scope "/": Use the generic default scope ""`)
+ }
+ cleaned := filepath.Clean(scope)
+ if cleaned != scope {
+ return fmt.Errorf(`Invalid scope %s: Uses non-canonical format, perhaps try %s`, scope, cleaned)
+ }
+ return nil
+}
+
+// sifReference is an ImageReference for SIF images.
+type sifReference struct {
+ // Note that the interpretation of paths below depends on the underlying filesystem state, which may change under us at any time!
+ // Either of the paths may point to a different, or no, inode over time. resolvedFile may contain symbolic links, and so on.
+
+ // Generally we follow the intent of the user, and use the "file" member for filesystem operations (e.g. the user can use a relative path to avoid
+ // being exposed to symlinks and renames in the parent directories to the working directory).
+ // (But in general, we make no attempt to be completely safe against concurrent hostile filesystem modifications.)
+ file string // As specified by the user. May be relative, contain symlinks, etc.
+ resolvedFile string // Absolute file path with no symlinks, at least at the time of its creation. Primarily used for policy namespaces.
+}
+
+// There is no sif.ParseReference because it is rather pointless.
+// Callers who need a transport-independent interface will go through
+// sifTransport.ParseReference; callers who intentionally deal with SIF files
+// can use sif.NewReference.
+
+// NewReference returns an image file reference for a specified path.
+func NewReference(file string) (types.ImageReference, error) {
+ // We do not expose an API supplying the resolvedFile; we could, but recomputing it
+ // is generally cheap enough that we prefer being confident about the properties of resolvedFile.
+ resolved, err := explicitfilepath.ResolvePathToFullyExplicit(file)
+ if err != nil {
+ return nil, err
+ }
+ return sifReference{file: file, resolvedFile: resolved}, nil
+}
+
+func (ref sifReference) Transport() types.ImageTransport {
+ return Transport
+}
+
+// StringWithinTransport returns a string representation of the reference, which MUST be such that
+// reference.Transport().ParseReference(reference.StringWithinTransport()) returns an equivalent reference.
+// NOTE: The returned string is not promised to be equal to the original input to ParseReference;
+// e.g. default attribute values omitted by the user may be filled in the return value, or vice versa.
+// WARNING: Do not use the return value in the UI to describe an image, it does not contain the Transport().Name() prefix;
+// instead, see transports.ImageName().
+func (ref sifReference) StringWithinTransport() string {
+ return ref.file
+}
+
+// DockerReference returns a Docker reference associated with this reference
+// (fully explicit, i.e. !reference.IsNameOnly, but reflecting user intent,
+// not e.g. after redirect or alias processing), or nil if unknown/not applicable.
+func (ref sifReference) DockerReference() reference.Named {
+ return nil
+}
+
+// PolicyConfigurationIdentity returns a string representation of the reference, suitable for policy lookup.
+// This MUST reflect user intent, not e.g. after processing of third-party redirects or aliases;
+// The value SHOULD be fully explicit about its semantics, with no hidden defaults, AND canonical
+// (i.e. various references with exactly the same semantics should return the same configuration identity)
+// It is fine for the return value to be equal to StringWithinTransport(), and it is desirable but
+// not required/guaranteed that it will be a valid input to Transport().ParseReference().
+// Returns "" if configuration identities for these references are not supported.
+func (ref sifReference) PolicyConfigurationIdentity() string {
+ return ref.resolvedFile
+}
+
+// PolicyConfigurationNamespaces returns a list of other policy configuration namespaces to search
+// for if explicit configuration for PolicyConfigurationIdentity() is not set. The list will be processed
+// in order, terminating on first match, and an implicit "" is always checked at the end.
+// It is STRONGLY recommended for the first element, if any, to be a prefix of PolicyConfigurationIdentity(),
+// and each following element to be a prefix of the element preceding it.
+func (ref sifReference) PolicyConfigurationNamespaces() []string {
+ res := []string{}
+ path := ref.resolvedFile
+ for {
+ lastSlash := strings.LastIndex(path, "/")
+ if lastSlash == -1 || lastSlash == 0 {
+ break
+ }
+ path = path[:lastSlash]
+ res = append(res, path)
+ }
+ // Note that we do not include "/"; it is redundant with the default "" global default,
+ // and rejected by sifTransport.ValidatePolicyConfigurationScope above.
+ return res
+}
+
+// NewImage returns a types.ImageCloser for this reference, possibly specialized for this ImageTransport.
+// The caller must call .Close() on the returned ImageCloser.
+// NOTE: If any kind of signature verification should happen, build an UnparsedImage from the value returned by NewImageSource,
+// verify that UnparsedImage, and convert it into a real Image via image.FromUnparsedImage.
+// WARNING: This may not do the right thing for a manifest list, see image.FromSource for details.
+func (ref sifReference) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) {
+ return image.FromReference(ctx, sys, ref)
+}
+
+// NewImageSource returns a types.ImageSource for this reference.
+// The caller must call .Close() on the returned ImageSource.
+func (ref sifReference) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) {
+ return newImageSource(ctx, sys, ref)
+}
+
+// NewImageDestination returns a types.ImageDestination for this reference.
+// The caller must call .Close() on the returned ImageDestination.
+func (ref sifReference) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) {
+ return nil, errors.New(`"sif:" locations can only be read from, not written to`)
+}
+
+// DeleteImage deletes the named image from the registry, if supported.
+func (ref sifReference) DeleteImage(ctx context.Context, sys *types.SystemContext) error {
+ return errors.New("Deleting images not implemented for sif: images")
+}
diff --git a/vendor/github.com/containers/image/v5/storage/storage_dest.go b/vendor/github.com/containers/image/v5/storage/storage_dest.go
new file mode 100644
index 000000000..07e1d5e1f
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/storage/storage_dest.go
@@ -0,0 +1,958 @@
+//go:build !containers_image_storage_stub
+// +build !containers_image_storage_stub
+
+package storage
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "os"
+ "path/filepath"
+ "sync"
+ "sync/atomic"
+
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/internal/blobinfocache"
+ "github.com/containers/image/v5/internal/imagedestination/impl"
+ "github.com/containers/image/v5/internal/imagedestination/stubs"
+ "github.com/containers/image/v5/internal/private"
+ "github.com/containers/image/v5/internal/putblobdigest"
+ "github.com/containers/image/v5/internal/set"
+ "github.com/containers/image/v5/internal/signature"
+ "github.com/containers/image/v5/internal/tmpdir"
+ "github.com/containers/image/v5/manifest"
+ "github.com/containers/image/v5/pkg/blobinfocache/none"
+ "github.com/containers/image/v5/types"
+ "github.com/containers/storage"
+ graphdriver "github.com/containers/storage/drivers"
+ "github.com/containers/storage/pkg/archive"
+ "github.com/containers/storage/pkg/chunked"
+ "github.com/containers/storage/pkg/ioutils"
+ digest "github.com/opencontainers/go-digest"
+ imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
+ "github.com/sirupsen/logrus"
+ "golang.org/x/exp/slices"
+)
+
+var (
+ // ErrBlobDigestMismatch could potentially be returned when PutBlob() is given a blob
+ // with a digest-based name that doesn't match its contents.
+ // Deprecated: PutBlob() doesn't do this any more (it just accepts the caller’s value),
+ // and there is no known user of this error.
+ ErrBlobDigestMismatch = errors.New("blob digest mismatch")
+ // ErrBlobSizeMismatch is returned when PutBlob() is given a blob
+ // with an expected size that doesn't match the reader.
+ ErrBlobSizeMismatch = errors.New("blob size mismatch")
+)
+
+type storageImageDestination struct {
+ impl.Compat
+ impl.PropertyMethodsInitialize
+ stubs.ImplementsPutBlobPartial
+ stubs.AlwaysSupportsSignatures
+
+ imageRef storageReference
+ directory string // Temporary directory where we store blobs until Commit() time
+ nextTempFileID atomic.Int32 // A counter that we use for computing filenames to assign to blobs
+ manifest []byte // Manifest contents, temporary
+ manifestDigest digest.Digest // Valid if len(manifest) != 0
+ signatures []byte // Signature contents, temporary
+ signatureses map[digest.Digest][]byte // Instance signature contents, temporary
+ SignatureSizes []int `json:"signature-sizes,omitempty"` // List of sizes of each signature slice
+ SignaturesSizes map[digest.Digest][]int `json:"signatures-sizes,omitempty"` // Sizes of each manifest's signature slice
+
+ // A storage destination may be used concurrently. Accesses are
+ // serialized via a mutex. Please refer to the individual comments
+ // below for details.
+ lock sync.Mutex
+ // Mapping from layer (by index) to the associated ID in the storage.
+ // It's protected *implicitly* since `commitLayer()`, at any given
+ // time, can only be executed by *one* goroutine. Please refer to
+ // `queueOrCommit()` for further details on how the single-caller
+ // guarantee is implemented.
+ indexToStorageID map[int]*string
+ // All accesses to below data are protected by `lock` which is made
+ // *explicit* in the code.
+ blobDiffIDs map[digest.Digest]digest.Digest // Mapping from layer blobsums to their corresponding DiffIDs
+ fileSizes map[digest.Digest]int64 // Mapping from layer blobsums to their sizes
+ filenames map[digest.Digest]string // Mapping from layer blobsums to names of files we used to hold them
+ currentIndex int // The index of the layer to be committed (i.e., lower indices have already been committed)
+ indexToAddedLayerInfo map[int]addedLayerInfo // Mapping from layer (by index) to blob to add to the image
+ blobAdditionalLayer map[digest.Digest]storage.AdditionalLayer // Mapping from layer blobsums to their corresponding additional layer
+ diffOutputs map[digest.Digest]*graphdriver.DriverWithDifferOutput // Mapping from digest to differ output
+}
+
+// addedLayerInfo records data about a layer to use in this image.
+type addedLayerInfo struct {
+ digest digest.Digest
+ emptyLayer bool // The layer is an “emptyâ€/“throwaway†one, and may or may not be physically represented in various transport / storage systems. false if the manifest type does not have the concept.
+}
+
+// newImageDestination sets us up to write a new image, caching blobs in a temporary directory until
+// it's time to Commit() the image
+func newImageDestination(sys *types.SystemContext, imageRef storageReference) (*storageImageDestination, error) {
+ directory, err := tmpdir.MkDirBigFileTemp(sys, "storage")
+ if err != nil {
+ return nil, fmt.Errorf("creating a temporary directory: %w", err)
+ }
+ dest := &storageImageDestination{
+ PropertyMethodsInitialize: impl.PropertyMethods(impl.Properties{
+ SupportedManifestMIMETypes: []string{
+ imgspecv1.MediaTypeImageManifest,
+ manifest.DockerV2Schema2MediaType,
+ manifest.DockerV2Schema1SignedMediaType,
+ manifest.DockerV2Schema1MediaType,
+ },
+ // We ultimately have to decompress layers to populate trees on disk
+ // and need to explicitly ask for it here, so that the layers' MIME
+ // types can be set accordingly.
+ DesiredLayerCompression: types.PreserveOriginal,
+ AcceptsForeignLayerURLs: false,
+ MustMatchRuntimeOS: true,
+ IgnoresEmbeddedDockerReference: true, // Yes, we want the unmodified manifest
+ HasThreadSafePutBlob: true,
+ }),
+
+ imageRef: imageRef,
+ directory: directory,
+ signatureses: make(map[digest.Digest][]byte),
+ blobDiffIDs: make(map[digest.Digest]digest.Digest),
+ blobAdditionalLayer: make(map[digest.Digest]storage.AdditionalLayer),
+ fileSizes: make(map[digest.Digest]int64),
+ filenames: make(map[digest.Digest]string),
+ SignatureSizes: []int{},
+ SignaturesSizes: make(map[digest.Digest][]int),
+ indexToStorageID: make(map[int]*string),
+ indexToAddedLayerInfo: make(map[int]addedLayerInfo),
+ diffOutputs: make(map[digest.Digest]*graphdriver.DriverWithDifferOutput),
+ }
+ dest.Compat = impl.AddCompat(dest)
+ return dest, nil
+}
+
+// Reference returns the reference used to set up this destination. Note that this should directly correspond to user's intent,
+// e.g. it should use the public hostname instead of the result of resolving CNAMEs or following redirects.
+func (s *storageImageDestination) Reference() types.ImageReference {
+ return s.imageRef
+}
+
+// Close cleans up the temporary directory and additional layer store handlers.
+func (s *storageImageDestination) Close() error {
+ for _, al := range s.blobAdditionalLayer {
+ al.Release()
+ }
+ for _, v := range s.diffOutputs {
+ if v.Target != "" {
+ _ = s.imageRef.transport.store.CleanupStagingDirectory(v.Target)
+ }
+ }
+ return os.RemoveAll(s.directory)
+}
+
+func (s *storageImageDestination) computeNextBlobCacheFile() string {
+ return filepath.Join(s.directory, fmt.Sprintf("%d", s.nextTempFileID.Add(1)))
+}
+
+// PutBlobWithOptions writes contents of stream and returns data representing the result.
+// inputInfo.Digest can be optionally provided if known; if provided, and stream is read to the end without error, the digest MUST match the stream contents.
+// inputInfo.Size is the expected length of stream, if known.
+// inputInfo.MediaType describes the blob format, if known.
+// WARNING: The contents of stream are being verified on the fly. Until stream.Read() returns io.EOF, the contents of the data SHOULD NOT be available
+// to any other readers for download using the supplied digest.
+// If stream.Read() at any time, ESPECIALLY at end of input, returns an error, PutBlob MUST 1) fail, and 2) delete any data stored so far.
+func (s *storageImageDestination) PutBlobWithOptions(ctx context.Context, stream io.Reader, blobinfo types.BlobInfo, options private.PutBlobOptions) (private.UploadedBlob, error) {
+ info, err := s.putBlobToPendingFile(stream, blobinfo, &options)
+ if err != nil {
+ return info, err
+ }
+
+ if options.IsConfig || options.LayerIndex == nil {
+ return info, nil
+ }
+
+ return info, s.queueOrCommit(*options.LayerIndex, addedLayerInfo{
+ digest: info.Digest,
+ emptyLayer: options.EmptyLayer,
+ })
+}
+
+// putBlobToPendingFile implements ImageDestination.PutBlobWithOptions, storing stream into an on-disk file.
+// The caller must arrange the blob to be eventually committed using s.commitLayer().
+func (s *storageImageDestination) putBlobToPendingFile(stream io.Reader, blobinfo types.BlobInfo, options *private.PutBlobOptions) (private.UploadedBlob, error) {
+ // Stores a layer or data blob in our temporary directory, checking that any information
+ // in the blobinfo matches the incoming data.
+ if blobinfo.Digest != "" {
+ if err := blobinfo.Digest.Validate(); err != nil {
+ return private.UploadedBlob{}, fmt.Errorf("invalid digest %#v: %w", blobinfo.Digest.String(), err)
+ }
+ }
+
+ // Set up to digest the blob if necessary, and count its size while saving it to a file.
+ filename := s.computeNextBlobCacheFile()
+ file, err := os.OpenFile(filename, os.O_CREATE|os.O_TRUNC|os.O_WRONLY|os.O_EXCL, 0600)
+ if err != nil {
+ return private.UploadedBlob{}, fmt.Errorf("creating temporary file %q: %w", filename, err)
+ }
+ defer file.Close()
+ counter := ioutils.NewWriteCounter(file)
+ stream = io.TeeReader(stream, counter)
+ digester, stream := putblobdigest.DigestIfUnknown(stream, blobinfo)
+ decompressed, err := archive.DecompressStream(stream)
+ if err != nil {
+ return private.UploadedBlob{}, fmt.Errorf("setting up to decompress blob: %w", err)
+ }
+
+ diffID := digest.Canonical.Digester()
+ // Copy the data to the file.
+ // TODO: This can take quite some time, and should ideally be cancellable using context.Context.
+ _, err = io.Copy(diffID.Hash(), decompressed)
+ decompressed.Close()
+ if err != nil {
+ return private.UploadedBlob{}, fmt.Errorf("storing blob to file %q: %w", filename, err)
+ }
+
+ // Determine blob properties, and fail if information that we were given about the blob
+ // is known to be incorrect.
+ blobDigest := digester.Digest()
+ blobSize := blobinfo.Size
+ if blobSize < 0 {
+ blobSize = counter.Count
+ } else if blobinfo.Size != counter.Count {
+ return private.UploadedBlob{}, ErrBlobSizeMismatch
+ }
+
+ // Record information about the blob.
+ s.lock.Lock()
+ s.blobDiffIDs[blobDigest] = diffID.Digest()
+ s.fileSizes[blobDigest] = counter.Count
+ s.filenames[blobDigest] = filename
+ s.lock.Unlock()
+ // This is safe because we have just computed diffID, and blobDigest was either computed
+ // by us, or validated by the caller (usually copy.digestingReader).
+ options.Cache.RecordDigestUncompressedPair(blobDigest, diffID.Digest())
+ return private.UploadedBlob{
+ Digest: blobDigest,
+ Size: blobSize,
+ }, nil
+}
+
+type zstdFetcher struct {
+ chunkAccessor private.BlobChunkAccessor
+ ctx context.Context
+ blobInfo types.BlobInfo
+}
+
+// GetBlobAt converts from chunked.GetBlobAt to BlobChunkAccessor.GetBlobAt.
+func (f *zstdFetcher) GetBlobAt(chunks []chunked.ImageSourceChunk) (chan io.ReadCloser, chan error, error) {
+ newChunks := make([]private.ImageSourceChunk, 0, len(chunks))
+ for _, v := range chunks {
+ i := private.ImageSourceChunk{
+ Offset: v.Offset,
+ Length: v.Length,
+ }
+ newChunks = append(newChunks, i)
+ }
+ rc, errs, err := f.chunkAccessor.GetBlobAt(f.ctx, f.blobInfo, newChunks)
+ if _, ok := err.(private.BadPartialRequestError); ok {
+ err = chunked.ErrBadRequest{}
+ }
+ return rc, errs, err
+
+}
+
+// PutBlobPartial attempts to create a blob using the data that is already present
+// at the destination. chunkAccessor is accessed in a non-sequential way to retrieve the missing chunks.
+// It is available only if SupportsPutBlobPartial().
+// Even if SupportsPutBlobPartial() returns true, the call can fail, in which case the caller
+// should fall back to PutBlobWithOptions.
+func (s *storageImageDestination) PutBlobPartial(ctx context.Context, chunkAccessor private.BlobChunkAccessor, srcInfo types.BlobInfo, cache blobinfocache.BlobInfoCache2) (private.UploadedBlob, error) {
+ fetcher := zstdFetcher{
+ chunkAccessor: chunkAccessor,
+ ctx: ctx,
+ blobInfo: srcInfo,
+ }
+
+ differ, err := chunked.GetDiffer(ctx, s.imageRef.transport.store, srcInfo.Size, srcInfo.Annotations, &fetcher)
+ if err != nil {
+ return private.UploadedBlob{}, err
+ }
+
+ out, err := s.imageRef.transport.store.ApplyDiffWithDiffer("", nil, differ)
+ if err != nil {
+ return private.UploadedBlob{}, err
+ }
+
+ blobDigest := srcInfo.Digest
+
+ s.lock.Lock()
+ s.blobDiffIDs[blobDigest] = blobDigest
+ s.fileSizes[blobDigest] = 0
+ s.filenames[blobDigest] = ""
+ s.diffOutputs[blobDigest] = out
+ s.lock.Unlock()
+
+ return private.UploadedBlob{
+ Digest: blobDigest,
+ Size: srcInfo.Size,
+ }, nil
+}
+
+// TryReusingBlobWithOptions checks whether the transport already contains, or can efficiently reuse, a blob, and if so, applies it to the current destination
+// (e.g. if the blob is a filesystem layer, this signifies that the changes it describes need to be applied again when composing a filesystem tree).
+// info.Digest must not be empty.
+// If the blob has been successfully reused, returns (true, info, nil).
+// If the transport can not reuse the requested blob, TryReusingBlob returns (false, {}, nil); it returns a non-nil error only on an unexpected failure.
+func (s *storageImageDestination) TryReusingBlobWithOptions(ctx context.Context, blobinfo types.BlobInfo, options private.TryReusingBlobOptions) (bool, private.ReusedBlob, error) {
+ if !impl.OriginalBlobMatchesRequiredCompression(options) {
+ return false, private.ReusedBlob{}, nil
+ }
+ reused, info, err := s.tryReusingBlobAsPending(blobinfo.Digest, blobinfo.Size, &options)
+ if err != nil || !reused || options.LayerIndex == nil {
+ return reused, info, err
+ }
+
+ return reused, info, s.queueOrCommit(*options.LayerIndex, addedLayerInfo{
+ digest: info.Digest,
+ emptyLayer: options.EmptyLayer,
+ })
+}
+
+// tryReusingBlobAsPending implements TryReusingBlobWithOptions for (digest, size or -1), filling s.blobDiffIDs and other metadata.
+// The caller must arrange the blob to be eventually committed using s.commitLayer().
+func (s *storageImageDestination) tryReusingBlobAsPending(digest digest.Digest, size int64, options *private.TryReusingBlobOptions) (bool, private.ReusedBlob, error) {
+ // lock the entire method as it executes fairly quickly
+ s.lock.Lock()
+ defer s.lock.Unlock()
+
+ if options.SrcRef != nil {
+ // Check if we have the layer in the underlying additional layer store.
+ aLayer, err := s.imageRef.transport.store.LookupAdditionalLayer(digest, options.SrcRef.String())
+ if err != nil && !errors.Is(err, storage.ErrLayerUnknown) {
+ return false, private.ReusedBlob{}, fmt.Errorf(`looking for compressed layers with digest %q and labels: %w`, digest, err)
+ } else if err == nil {
+ // Record the uncompressed value so that we can use it to calculate layer IDs.
+ s.blobDiffIDs[digest] = aLayer.UncompressedDigest()
+ s.blobAdditionalLayer[digest] = aLayer
+ return true, private.ReusedBlob{
+ Digest: digest,
+ Size: aLayer.CompressedSize(),
+ }, nil
+ }
+ }
+
+ if digest == "" {
+ return false, private.ReusedBlob{}, errors.New(`Can not check for a blob with unknown digest`)
+ }
+ if err := digest.Validate(); err != nil {
+ return false, private.ReusedBlob{}, fmt.Errorf("Can not check for a blob with invalid digest: %w", err)
+ }
+
+ // Check if we've already cached it in a file.
+ if size, ok := s.fileSizes[digest]; ok {
+ return true, private.ReusedBlob{
+ Digest: digest,
+ Size: size,
+ }, nil
+ }
+
+ // Check if we have a wasn't-compressed layer in storage that's based on that blob.
+ layers, err := s.imageRef.transport.store.LayersByUncompressedDigest(digest)
+ if err != nil && !errors.Is(err, storage.ErrLayerUnknown) {
+ return false, private.ReusedBlob{}, fmt.Errorf(`looking for layers with digest %q: %w`, digest, err)
+ }
+ if len(layers) > 0 {
+ // Save this for completeness.
+ s.blobDiffIDs[digest] = layers[0].UncompressedDigest
+ return true, private.ReusedBlob{
+ Digest: digest,
+ Size: layers[0].UncompressedSize,
+ }, nil
+ }
+
+ // Check if we have a was-compressed layer in storage that's based on that blob.
+ layers, err = s.imageRef.transport.store.LayersByCompressedDigest(digest)
+ if err != nil && !errors.Is(err, storage.ErrLayerUnknown) {
+ return false, private.ReusedBlob{}, fmt.Errorf(`looking for compressed layers with digest %q: %w`, digest, err)
+ }
+ if len(layers) > 0 {
+ // Record the uncompressed value so that we can use it to calculate layer IDs.
+ s.blobDiffIDs[digest] = layers[0].UncompressedDigest
+ return true, private.ReusedBlob{
+ Digest: digest,
+ Size: layers[0].CompressedSize,
+ }, nil
+ }
+
+ // Does the blob correspond to a known DiffID which we already have available?
+ // Because we must return the size, which is unknown for unavailable compressed blobs, the returned BlobInfo refers to the
+ // uncompressed layer, and that can happen only if options.CanSubstitute, or if the incoming manifest already specifies the size.
+ if options.CanSubstitute || size != -1 {
+ if uncompressedDigest := options.Cache.UncompressedDigest(digest); uncompressedDigest != "" && uncompressedDigest != digest {
+ layers, err := s.imageRef.transport.store.LayersByUncompressedDigest(uncompressedDigest)
+ if err != nil && !errors.Is(err, storage.ErrLayerUnknown) {
+ return false, private.ReusedBlob{}, fmt.Errorf(`looking for layers with digest %q: %w`, uncompressedDigest, err)
+ }
+ if len(layers) > 0 {
+ if size != -1 {
+ s.blobDiffIDs[digest] = layers[0].UncompressedDigest
+ return true, private.ReusedBlob{
+ Digest: digest,
+ Size: size,
+ }, nil
+ }
+ if !options.CanSubstitute {
+ return false, private.ReusedBlob{}, fmt.Errorf("Internal error: options.CanSubstitute was expected to be true for blob with digest %s", digest)
+ }
+ s.blobDiffIDs[uncompressedDigest] = layers[0].UncompressedDigest
+ return true, private.ReusedBlob{
+ Digest: uncompressedDigest,
+ Size: layers[0].UncompressedSize,
+ }, nil
+ }
+ }
+ }
+
+ // Nope, we don't have it.
+ return false, private.ReusedBlob{}, nil
+}
+
+// computeID computes a recommended image ID based on information we have so far. If
+// the manifest is not of a type that we recognize, we return an empty value, indicating
+// that since we don't have a recommendation, a random ID should be used if one needs
+// to be allocated.
+func (s *storageImageDestination) computeID(m manifest.Manifest) string {
+ // Build the diffID list. We need the decompressed sums that we've been calculating to
+ // fill in the DiffIDs. It's expected (but not enforced by us) that the number of
+ // diffIDs corresponds to the number of non-EmptyLayer entries in the history.
+ var diffIDs []digest.Digest
+ switch m := m.(type) {
+ case *manifest.Schema1:
+ // Build a list of the diffIDs we've generated for the non-throwaway FS layers,
+ // in reverse of the order in which they were originally listed.
+ for i, compat := range m.ExtractedV1Compatibility {
+ if compat.ThrowAway {
+ continue
+ }
+ blobSum := m.FSLayers[i].BlobSum
+ diffID, ok := s.blobDiffIDs[blobSum]
+ if !ok {
+ logrus.Infof("error looking up diffID for layer %q", blobSum.String())
+ return ""
+ }
+ diffIDs = append([]digest.Digest{diffID}, diffIDs...)
+ }
+ case *manifest.Schema2, *manifest.OCI1:
+ // We know the ID calculation for these formats doesn't actually use the diffIDs,
+ // so we don't need to populate the diffID list.
+ default:
+ return ""
+ }
+ id, err := m.ImageID(diffIDs)
+ if err != nil {
+ return ""
+ }
+ return id
+}
+
+// getConfigBlob exists only to let us retrieve the configuration blob so that the manifest package can dig
+// information out of it for Inspect().
+func (s *storageImageDestination) getConfigBlob(info types.BlobInfo) ([]byte, error) {
+ if info.Digest == "" {
+ return nil, errors.New(`no digest supplied when reading blob`)
+ }
+ if err := info.Digest.Validate(); err != nil {
+ return nil, fmt.Errorf("invalid digest supplied when reading blob: %w", err)
+ }
+ // Assume it's a file, since we're only calling this from a place that expects to read files.
+ if filename, ok := s.filenames[info.Digest]; ok {
+ contents, err2 := os.ReadFile(filename)
+ if err2 != nil {
+ return nil, fmt.Errorf(`reading blob from file %q: %w`, filename, err2)
+ }
+ return contents, nil
+ }
+ // If it's not a file, it's a bug, because we're not expecting to be asked for a layer.
+ return nil, errors.New("blob not found")
+}
+
+// queueOrCommit queues the specified layer to be committed to the storage.
+// If no other goroutine is already committing layers, the layer and all
+// subsequent layers (if already queued) will be committed to the storage.
+func (s *storageImageDestination) queueOrCommit(index int, info addedLayerInfo) error {
+ // NOTE: whenever the code below is touched, make sure that all code
+ // paths unlock the lock and to unlock it exactly once.
+ //
+ // Conceptually, the code is divided in two stages:
+ //
+ // 1) Queue in work by marking the layer as ready to be committed.
+ // If at least one previous/parent layer with a lower index has
+ // not yet been committed, return early.
+ //
+ // 2) Process the queued-in work by committing the "ready" layers
+ // in sequence. Make sure that more items can be queued-in
+ // during the comparatively I/O expensive task of committing a
+ // layer.
+ //
+ // The conceptual benefit of this design is that caller can continue
+ // pulling layers after an early return. At any given time, only one
+ // caller is the "worker" routine committing layers. All other routines
+ // can continue pulling and queuing in layers.
+ s.lock.Lock()
+ s.indexToAddedLayerInfo[index] = info
+
+ // We're still waiting for at least one previous/parent layer to be
+ // committed, so there's nothing to do.
+ if index != s.currentIndex {
+ s.lock.Unlock()
+ return nil
+ }
+
+ for {
+ info, ok := s.indexToAddedLayerInfo[index]
+ if !ok {
+ break
+ }
+ s.lock.Unlock()
+ // Note: commitLayer locks on-demand.
+ if err := s.commitLayer(index, info, -1); err != nil {
+ return err
+ }
+ s.lock.Lock()
+ index++
+ }
+
+ // Set the index at the very end to make sure that only one routine
+ // enters stage 2).
+ s.currentIndex = index
+ s.lock.Unlock()
+ return nil
+}
+
+// commitLayer commits the specified layer with the given index to the storage.
+// size can usually be -1; it can be provided if the layer is not known to be already present in blobDiffIDs.
+//
+// Note that the previous layer is expected to already be committed.
+//
+// Caution: this function must be called without holding `s.lock`. Callers
+// must guarantee that, at any given time, at most one goroutine may execute
+// `commitLayer()`.
+func (s *storageImageDestination) commitLayer(index int, info addedLayerInfo, size int64) error {
+ // Already committed? Return early.
+ if _, alreadyCommitted := s.indexToStorageID[index]; alreadyCommitted {
+ return nil
+ }
+
+ // Start with an empty string or the previous layer ID. Note that
+ // `s.indexToStorageID` can only be accessed by *one* goroutine at any
+ // given time. Hence, we don't need to lock accesses.
+ var lastLayer string
+ if prev := s.indexToStorageID[index-1]; prev != nil {
+ lastLayer = *prev
+ }
+
+ // Carry over the previous ID for empty non-base layers.
+ if info.emptyLayer {
+ s.indexToStorageID[index] = &lastLayer
+ return nil
+ }
+
+ // Check if there's already a layer with the ID that we'd give to the result of applying
+ // this layer blob to its parent, if it has one, or the blob's hex value otherwise.
+ s.lock.Lock()
+ diffID, haveDiffID := s.blobDiffIDs[info.digest]
+ s.lock.Unlock()
+ if !haveDiffID {
+ // Check if it's elsewhere and the caller just forgot to pass it to us in a PutBlob(),
+ // or to even check if we had it.
+ // Use none.NoCache to avoid a repeated DiffID lookup in the BlobInfoCache; a caller
+ // that relies on using a blob digest that has never been seen by the store had better call
+ // TryReusingBlob; not calling PutBlob already violates the documented API, so there’s only
+ // so far we are going to accommodate that (if we should be doing that at all).
+ logrus.Debugf("looking for diffID for blob %+v", info.digest)
+ // Use tryReusingBlobAsPending, not the top-level TryReusingBlobWithOptions, to prevent recursion via queueOrCommit.
+ has, _, err := s.tryReusingBlobAsPending(info.digest, size, &private.TryReusingBlobOptions{
+ Cache: none.NoCache,
+ CanSubstitute: false,
+ })
+ if err != nil {
+ return fmt.Errorf("checking for a layer based on blob %q: %w", info.digest.String(), err)
+ }
+ if !has {
+ return fmt.Errorf("error determining uncompressed digest for blob %q", info.digest.String())
+ }
+ diffID, haveDiffID = s.blobDiffIDs[info.digest]
+ if !haveDiffID {
+ return fmt.Errorf("we have blob %q, but don't know its uncompressed digest", info.digest.String())
+ }
+ }
+ id := diffID.Hex()
+ if lastLayer != "" {
+ id = digest.Canonical.FromBytes([]byte(lastLayer + "+" + diffID.Hex())).Hex()
+ }
+ if layer, err2 := s.imageRef.transport.store.Layer(id); layer != nil && err2 == nil {
+ // There's already a layer that should have the right contents, just reuse it.
+ lastLayer = layer.ID
+ s.indexToStorageID[index] = &lastLayer
+ return nil
+ }
+
+ s.lock.Lock()
+ diffOutput, ok := s.diffOutputs[info.digest]
+ s.lock.Unlock()
+ if ok {
+ layer, err := s.imageRef.transport.store.CreateLayer(id, lastLayer, nil, "", false, nil)
+ if err != nil {
+ return err
+ }
+
+ // FIXME: what to do with the uncompressed digest?
+ diffOutput.UncompressedDigest = info.digest
+
+ if err := s.imageRef.transport.store.ApplyDiffFromStagingDirectory(layer.ID, diffOutput.Target, diffOutput, nil); err != nil {
+ _ = s.imageRef.transport.store.Delete(layer.ID)
+ return err
+ }
+
+ s.indexToStorageID[index] = &layer.ID
+ return nil
+ }
+
+ s.lock.Lock()
+ al, ok := s.blobAdditionalLayer[info.digest]
+ s.lock.Unlock()
+ if ok {
+ layer, err := al.PutAs(id, lastLayer, nil)
+ if err != nil && !errors.Is(err, storage.ErrDuplicateID) {
+ return fmt.Errorf("failed to put layer from digest and labels: %w", err)
+ }
+ lastLayer = layer.ID
+ s.indexToStorageID[index] = &lastLayer
+ return nil
+ }
+
+ // Check if we previously cached a file with that blob's contents. If we didn't,
+ // then we need to read the desired contents from a layer.
+ s.lock.Lock()
+ filename, ok := s.filenames[info.digest]
+ s.lock.Unlock()
+ if !ok {
+ // Try to find the layer with contents matching that blobsum.
+ layer := ""
+ layers, err2 := s.imageRef.transport.store.LayersByUncompressedDigest(diffID)
+ if err2 == nil && len(layers) > 0 {
+ layer = layers[0].ID
+ } else {
+ layers, err2 = s.imageRef.transport.store.LayersByCompressedDigest(info.digest)
+ if err2 == nil && len(layers) > 0 {
+ layer = layers[0].ID
+ }
+ }
+ if layer == "" {
+ return fmt.Errorf("locating layer for blob %q: %w", info.digest, err2)
+ }
+ // Read the layer's contents.
+ noCompression := archive.Uncompressed
+ diffOptions := &storage.DiffOptions{
+ Compression: &noCompression,
+ }
+ diff, err2 := s.imageRef.transport.store.Diff("", layer, diffOptions)
+ if err2 != nil {
+ return fmt.Errorf("reading layer %q for blob %q: %w", layer, info.digest, err2)
+ }
+ // Copy the layer diff to a file. Diff() takes a lock that it holds
+ // until the ReadCloser that it returns is closed, and PutLayer() wants
+ // the same lock, so the diff can't just be directly streamed from one
+ // to the other.
+ filename = s.computeNextBlobCacheFile()
+ file, err := os.OpenFile(filename, os.O_CREATE|os.O_TRUNC|os.O_WRONLY|os.O_EXCL, 0600)
+ if err != nil {
+ diff.Close()
+ return fmt.Errorf("creating temporary file %q: %w", filename, err)
+ }
+ // Copy the data to the file.
+ // TODO: This can take quite some time, and should ideally be cancellable using
+ // ctx.Done().
+ _, err = io.Copy(file, diff)
+ diff.Close()
+ file.Close()
+ if err != nil {
+ return fmt.Errorf("storing blob to file %q: %w", filename, err)
+ }
+ // Make sure that we can find this file later, should we need the layer's
+ // contents again.
+ s.lock.Lock()
+ s.filenames[info.digest] = filename
+ s.lock.Unlock()
+ }
+ // Read the cached blob and use it as a diff.
+ file, err := os.Open(filename)
+ if err != nil {
+ return fmt.Errorf("opening file %q: %w", filename, err)
+ }
+ defer file.Close()
+ // Build the new layer using the diff, regardless of where it came from.
+ // TODO: This can take quite some time, and should ideally be cancellable using ctx.Done().
+ layer, _, err := s.imageRef.transport.store.PutLayer(id, lastLayer, nil, "", false, &storage.LayerOptions{
+ OriginalDigest: info.digest,
+ UncompressedDigest: diffID,
+ }, file)
+ if err != nil && !errors.Is(err, storage.ErrDuplicateID) {
+ return fmt.Errorf("adding layer with blob %q: %w", info.digest, err)
+ }
+
+ s.indexToStorageID[index] = &layer.ID
+ return nil
+}
+
+// Commit marks the process of storing the image as successful and asks for the image to be persisted.
+// unparsedToplevel contains data about the top-level manifest of the source (which may be a single-arch image or a manifest list
+// if PutManifest was only called for the single-arch image with instanceDigest == nil), primarily to allow lookups by the
+// original manifest list digest, if desired.
+// WARNING: This does not have any transactional semantics:
+// - Uploaded data MAY be visible to others before Commit() is called
+// - Uploaded data MAY be removed or MAY remain around if Close() is called without Commit() (i.e. rollback is allowed but not guaranteed)
+func (s *storageImageDestination) Commit(ctx context.Context, unparsedToplevel types.UnparsedImage) error {
+ if len(s.manifest) == 0 {
+ return errors.New("Internal error: storageImageDestination.Commit() called without PutManifest()")
+ }
+ toplevelManifest, _, err := unparsedToplevel.Manifest(ctx)
+ if err != nil {
+ return fmt.Errorf("retrieving top-level manifest: %w", err)
+ }
+ // If the name we're saving to includes a digest, then check that the
+ // manifests that we're about to save all either match the one from the
+ // unparsedToplevel, or match the digest in the name that we're using.
+ if s.imageRef.named != nil {
+ if digested, ok := s.imageRef.named.(reference.Digested); ok {
+ matches, err := manifest.MatchesDigest(s.manifest, digested.Digest())
+ if err != nil {
+ return err
+ }
+ if !matches {
+ matches, err = manifest.MatchesDigest(toplevelManifest, digested.Digest())
+ if err != nil {
+ return err
+ }
+ }
+ if !matches {
+ return fmt.Errorf("Manifest to be saved does not match expected digest %s", digested.Digest())
+ }
+ }
+ }
+ // Find the list of layer blobs.
+ man, err := manifest.FromBlob(s.manifest, manifest.GuessMIMEType(s.manifest))
+ if err != nil {
+ return fmt.Errorf("parsing manifest: %w", err)
+ }
+ layerBlobs := man.LayerInfos()
+
+ // Extract, commit, or find the layers.
+ for i, blob := range layerBlobs {
+ if err := s.commitLayer(i, addedLayerInfo{
+ digest: blob.Digest,
+ emptyLayer: blob.EmptyLayer,
+ }, blob.Size); err != nil {
+ return err
+ }
+ }
+ var lastLayer string
+ if len(layerBlobs) > 0 { // Can happen when using caches
+ prev := s.indexToStorageID[len(layerBlobs)-1]
+ if prev == nil {
+ return fmt.Errorf("Internal error: storageImageDestination.Commit(): previous layer %d hasn't been committed (lastLayer == nil)", len(layerBlobs)-1)
+ }
+ lastLayer = *prev
+ }
+
+ // If one of those blobs was a configuration blob, then we can try to dig out the date when the image
+ // was originally created, in case we're just copying it. If not, no harm done.
+ options := &storage.ImageOptions{}
+ if inspect, err := man.Inspect(s.getConfigBlob); err == nil && inspect.Created != nil {
+ logrus.Debugf("setting image creation date to %s", inspect.Created)
+ options.CreationDate = *inspect.Created
+ }
+
+ // Set up to save the non-layer blobs as data items. Since we only share layers, they should all be in files, so
+ // we just need to screen out the ones that are actually layers to get the list of non-layers.
+ dataBlobs := set.New[digest.Digest]()
+ for blob := range s.filenames {
+ dataBlobs.Add(blob)
+ }
+ for _, layerBlob := range layerBlobs {
+ dataBlobs.Delete(layerBlob.Digest)
+ }
+ for _, blob := range dataBlobs.Values() {
+ v, err := os.ReadFile(s.filenames[blob])
+ if err != nil {
+ return fmt.Errorf("copying non-layer blob %q to image: %w", blob, err)
+ }
+ options.BigData = append(options.BigData, storage.ImageBigDataOption{
+ Key: blob.String(),
+ Data: v,
+ Digest: digest.Canonical.FromBytes(v),
+ })
+ }
+ // Set up to save the unparsedToplevel's manifest if it differs from
+ // the per-platform one, which is saved below.
+ if len(toplevelManifest) != 0 && !bytes.Equal(toplevelManifest, s.manifest) {
+ manifestDigest, err := manifest.Digest(toplevelManifest)
+ if err != nil {
+ return fmt.Errorf("digesting top-level manifest: %w", err)
+ }
+ options.BigData = append(options.BigData, storage.ImageBigDataOption{
+ Key: manifestBigDataKey(manifestDigest),
+ Data: toplevelManifest,
+ Digest: manifestDigest,
+ })
+ }
+ // Set up to save the image's manifest. Allow looking it up by digest by using the key convention defined by the Store.
+ // Record the manifest twice: using a digest-specific key to allow references to that specific digest instance,
+ // and using storage.ImageDigestBigDataKey for future users that don’t specify any digest and for compatibility with older readers.
+ options.BigData = append(options.BigData, storage.ImageBigDataOption{
+ Key: manifestBigDataKey(s.manifestDigest),
+ Data: s.manifest,
+ Digest: s.manifestDigest,
+ })
+ options.BigData = append(options.BigData, storage.ImageBigDataOption{
+ Key: storage.ImageDigestBigDataKey,
+ Data: s.manifest,
+ Digest: s.manifestDigest,
+ })
+ // Set up to save the signatures, if we have any.
+ if len(s.signatures) > 0 {
+ options.BigData = append(options.BigData, storage.ImageBigDataOption{
+ Key: "signatures",
+ Data: s.signatures,
+ Digest: digest.Canonical.FromBytes(s.signatures),
+ })
+ }
+ for instanceDigest, signatures := range s.signatureses {
+ options.BigData = append(options.BigData, storage.ImageBigDataOption{
+ Key: signatureBigDataKey(instanceDigest),
+ Data: signatures,
+ Digest: digest.Canonical.FromBytes(signatures),
+ })
+ }
+
+ // Set up to save our metadata.
+ metadata, err := json.Marshal(s)
+ if err != nil {
+ return fmt.Errorf("encoding metadata for image: %w", err)
+ }
+ if len(metadata) != 0 {
+ options.Metadata = string(metadata)
+ }
+
+ // Create the image record, pointing to the most-recently added layer.
+ intendedID := s.imageRef.id
+ if intendedID == "" {
+ intendedID = s.computeID(man)
+ }
+ oldNames := []string{}
+ img, err := s.imageRef.transport.store.CreateImage(intendedID, nil, lastLayer, "", options)
+ if err != nil {
+ if !errors.Is(err, storage.ErrDuplicateID) {
+ logrus.Debugf("error creating image: %q", err)
+ return fmt.Errorf("creating image %q: %w", intendedID, err)
+ }
+ img, err = s.imageRef.transport.store.Image(intendedID)
+ if err != nil {
+ return fmt.Errorf("reading image %q: %w", intendedID, err)
+ }
+ if img.TopLayer != lastLayer {
+ logrus.Debugf("error creating image: image with ID %q exists, but uses different layers", intendedID)
+ return fmt.Errorf("image with ID %q already exists, but uses a different top layer: %w", intendedID, storage.ErrDuplicateID)
+ }
+ logrus.Debugf("reusing image ID %q", img.ID)
+ oldNames = append(oldNames, img.Names...)
+ // set the data items and metadata on the already-present image
+ // FIXME: this _replaces_ any "signatures" blobs and their
+ // sizes (tracked in the metadata) which might have already
+ // been present with new values, when ideally we'd find a way
+ // to merge them since they all apply to the same image
+ for _, data := range options.BigData {
+ if err := s.imageRef.transport.store.SetImageBigData(img.ID, data.Key, data.Data, manifest.Digest); err != nil {
+ logrus.Debugf("error saving big data %q for image %q: %v", data.Key, img.ID, err)
+ return fmt.Errorf("saving big data %q for image %q: %w", data.Key, img.ID, err)
+ }
+ }
+ if options.Metadata != "" {
+ if err := s.imageRef.transport.store.SetMetadata(img.ID, options.Metadata); err != nil {
+ logrus.Debugf("error saving metadata for image %q: %v", img.ID, err)
+ return fmt.Errorf("saving metadata for image %q: %w", img.ID, err)
+ }
+ logrus.Debugf("saved image metadata %q", options.Metadata)
+ }
+ } else {
+ logrus.Debugf("created new image ID %q with metadata %q", img.ID, options.Metadata)
+ }
+
+ // Clean up the unfinished image on any error.
+ // (Is this the right thing to do if the image has existed before?)
+ commitSucceeded := false
+ defer func() {
+ if !commitSucceeded {
+ logrus.Errorf("Updating image %q (old names %v) failed, deleting it", img.ID, oldNames)
+ if _, err := s.imageRef.transport.store.DeleteImage(img.ID, true); err != nil {
+ logrus.Errorf("Error deleting incomplete image %q: %v", img.ID, err)
+ }
+ }
+ }()
+
+ // Add the reference's name on the image. We don't need to worry about avoiding duplicate
+ // values because AddNames() will deduplicate the list that we pass to it.
+ if name := s.imageRef.DockerReference(); name != nil {
+ if err := s.imageRef.transport.store.AddNames(img.ID, []string{name.String()}); err != nil {
+ return fmt.Errorf("adding names %v to image %q: %w", name, img.ID, err)
+ }
+ logrus.Debugf("added name %q to image %q", name, img.ID)
+ }
+
+ commitSucceeded = true
+ return nil
+}
+
+// PutManifest writes the manifest to the destination.
+func (s *storageImageDestination) PutManifest(ctx context.Context, manifestBlob []byte, instanceDigest *digest.Digest) error {
+ digest, err := manifest.Digest(manifestBlob)
+ if err != nil {
+ return err
+ }
+ s.manifest = slices.Clone(manifestBlob)
+ s.manifestDigest = digest
+ return nil
+}
+
+// PutSignaturesWithFormat writes a set of signatures to the destination.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to write or overwrite the signatures for
+// (when the primary manifest is a manifest list); this should always be nil if the primary manifest is not a manifest list.
+// MUST be called after PutManifest (signatures may reference manifest contents).
+func (s *storageImageDestination) PutSignaturesWithFormat(ctx context.Context, signatures []signature.Signature, instanceDigest *digest.Digest) error {
+ sizes := []int{}
+ sigblob := []byte{}
+ for _, sigWithFormat := range signatures {
+ sig, err := signature.Blob(sigWithFormat)
+ if err != nil {
+ return err
+ }
+ sizes = append(sizes, len(sig))
+ sigblob = append(sigblob, sig...)
+ }
+ if instanceDigest == nil {
+ s.signatures = sigblob
+ s.SignatureSizes = sizes
+ if len(s.manifest) > 0 {
+ manifestDigest := s.manifestDigest
+ instanceDigest = &manifestDigest
+ }
+ }
+ if instanceDigest != nil {
+ s.signatureses[*instanceDigest] = sigblob
+ s.SignaturesSizes[*instanceDigest] = sizes
+ }
+ return nil
+}
diff --git a/vendor/github.com/containers/image/v5/storage/storage_image.go b/vendor/github.com/containers/image/v5/storage/storage_image.go
new file mode 100644
index 000000000..ac09f3dbb
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/storage/storage_image.go
@@ -0,0 +1,59 @@
+//go:build !containers_image_storage_stub
+// +build !containers_image_storage_stub
+
+package storage
+
+import (
+ "context"
+
+ "github.com/containers/image/v5/internal/image"
+ "github.com/containers/image/v5/types"
+ "github.com/containers/storage"
+ digest "github.com/opencontainers/go-digest"
+)
+
+var (
+ // ErrNoSuchImage is returned when we attempt to access an image which
+ // doesn't exist in the storage area.
+ ErrNoSuchImage = storage.ErrNotAnImage
+)
+
+type storageImageCloser struct {
+ types.ImageCloser
+ size int64
+}
+
+// manifestBigDataKey returns a key suitable for recording a manifest with the specified digest using storage.Store.ImageBigData and related functions.
+// If a specific manifest digest is explicitly requested by the user, the key returned by this function should be used preferably;
+// for compatibility, if a manifest is not available under this key, check also storage.ImageDigestBigDataKey
+func manifestBigDataKey(digest digest.Digest) string {
+ return storage.ImageDigestManifestBigDataNamePrefix + "-" + digest.String()
+}
+
+// signatureBigDataKey returns a key suitable for recording the signatures associated with the manifest with the specified digest using storage.Store.ImageBigData and related functions.
+// If a specific manifest digest is explicitly requested by the user, the key returned by this function should be used preferably;
+func signatureBigDataKey(digest digest.Digest) string {
+ return "signature-" + digest.Encoded()
+}
+
+// Size() returns the previously-computed size of the image, with no error.
+func (s *storageImageCloser) Size() (int64, error) {
+ return s.size, nil
+}
+
+// newImage creates an image that also knows its size
+func newImage(ctx context.Context, sys *types.SystemContext, s storageReference) (types.ImageCloser, error) {
+ src, err := newImageSource(sys, s)
+ if err != nil {
+ return nil, err
+ }
+ img, err := image.FromSource(ctx, sys, src)
+ if err != nil {
+ return nil, err
+ }
+ size, err := src.getSize()
+ if err != nil {
+ return nil, err
+ }
+ return &storageImageCloser{ImageCloser: img, size: size}, nil
+}
diff --git a/vendor/github.com/containers/image/v5/storage/storage_reference.go b/vendor/github.com/containers/image/v5/storage/storage_reference.go
new file mode 100644
index 000000000..a55e34054
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/storage/storage_reference.go
@@ -0,0 +1,316 @@
+//go:build !containers_image_storage_stub
+// +build !containers_image_storage_stub
+
+package storage
+
+import (
+ "context"
+ "fmt"
+ "strings"
+
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/manifest"
+ "github.com/containers/image/v5/transports"
+ "github.com/containers/image/v5/types"
+ "github.com/containers/storage"
+ digest "github.com/opencontainers/go-digest"
+ "github.com/sirupsen/logrus"
+ "golang.org/x/exp/slices"
+)
+
+// A storageReference holds an arbitrary name and/or an ID, which is a 32-byte
+// value hex-encoded into a 64-character string, and a reference to a Store
+// where an image is, or would be, kept.
+// Either "named" or "id" must be set.
+type storageReference struct {
+ transport storageTransport
+ named reference.Named // may include a tag and/or a digest
+ id string
+}
+
+func newReference(transport storageTransport, named reference.Named, id string) (*storageReference, error) {
+ if named == nil && id == "" {
+ return nil, ErrInvalidReference
+ }
+ if named != nil && reference.IsNameOnly(named) {
+ return nil, fmt.Errorf("reference %s has neither a tag nor a digest: %w", named.String(), ErrInvalidReference)
+ }
+ if id != "" {
+ if err := validateImageID(id); err != nil {
+ return nil, fmt.Errorf("invalid ID value %q: %v: %w", id, err, ErrInvalidReference)
+ }
+ }
+ // We take a copy of the transport, which contains a pointer to the
+ // store that it used for resolving this reference, so that the
+ // transport that we'll return from Transport() won't be affected by
+ // further calls to the original transport's SetStore() method.
+ return &storageReference{
+ transport: transport,
+ named: named,
+ id: id,
+ }, nil
+}
+
+// imageMatchesRepo returns true iff image.Names contains an element with the same repo as ref
+func imageMatchesRepo(image *storage.Image, ref reference.Named) bool {
+ repo := ref.Name()
+ return slices.ContainsFunc(image.Names, func(name string) bool {
+ if named, err := reference.ParseNormalizedNamed(name); err == nil && named.Name() == repo {
+ return true
+ }
+ return false
+ })
+}
+
+// multiArchImageMatchesSystemContext returns true if the passed-in image both contains a
+// multi-arch manifest that matches the passed-in digest, and the image is the per-platform
+// image instance that matches sys.
+//
+// See the comment in storageReference.ResolveImage explaining why
+// this check is necessary.
+func multiArchImageMatchesSystemContext(store storage.Store, img *storage.Image, manifestDigest digest.Digest, sys *types.SystemContext) bool {
+ // Load the manifest that matches the specified digest.
+ // We don't need to care about storage.ImageDigestBigDataKey because
+ // manifests lists are only stored into storage by c/image versions
+ // that know about manifestBigDataKey, and only using that key.
+ key := manifestBigDataKey(manifestDigest)
+ manifestBytes, err := store.ImageBigData(img.ID, key)
+ if err != nil {
+ return false
+ }
+ // The manifest is either a list, or not a list. If it's a list, find
+ // the digest of the instance that matches the current system, and try
+ // to load that manifest from the image record, and use it.
+ manifestType := manifest.GuessMIMEType(manifestBytes)
+ if !manifest.MIMETypeIsMultiImage(manifestType) {
+ // manifestDigest directly specifies a per-platform image, so we aren't
+ // choosing among different variants.
+ return false
+ }
+ list, err := manifest.ListFromBlob(manifestBytes, manifestType)
+ if err != nil {
+ return false
+ }
+ chosenInstance, err := list.ChooseInstance(sys)
+ if err != nil {
+ return false
+ }
+ key = manifestBigDataKey(chosenInstance)
+ _, err = store.ImageBigData(img.ID, key)
+ return err == nil // true if img.ID is based on chosenInstance.
+}
+
+// Resolve the reference's name to an image ID in the store, if there's already
+// one present with the same name or ID, and return the image.
+//
+// Returns an error matching ErrNoSuchImage if an image matching ref was not found.
+func (s *storageReference) resolveImage(sys *types.SystemContext) (*storage.Image, error) {
+ var loadedImage *storage.Image
+ if s.id == "" && s.named != nil {
+ // Look for an image that has the expanded reference name as an explicit Name value.
+ image, err := s.transport.store.Image(s.named.String())
+ if image != nil && err == nil {
+ loadedImage = image
+ s.id = image.ID
+ }
+ }
+ if s.id == "" && s.named != nil {
+ if digested, ok := s.named.(reference.Digested); ok {
+ // Look for an image with the specified digest that has the same name,
+ // though possibly with a different tag or digest, as a Name value, so
+ // that the canonical reference can be implicitly resolved to the image.
+ //
+ // Typically there should be at most one such image, because the same
+ // manifest digest implies the same config, and we choose the storage ID
+ // based on the config (deduplicating images), except:
+ // - the user can explicitly specify an ID when creating the image.
+ // In this case we don't have a preference among the alternatives.
+ // - when pulling an image from a multi-platform manifest list, we also
+ // store the manifest list in the image; this allows referencing a
+ // per-platform image using the manifest list digest, but that also
+ // means that we can have multiple genuinely different images in the
+ // storage matching the same manifest list digest (if pulled using different
+ // SystemContext.{OS,Architecture,Variant}Choice to the same storage).
+ // In this case we prefer the image matching the current SystemContext.
+ images, err := s.transport.store.ImagesByDigest(digested.Digest())
+ if err == nil && len(images) > 0 {
+ for _, image := range images {
+ if imageMatchesRepo(image, s.named) {
+ if loadedImage == nil || multiArchImageMatchesSystemContext(s.transport.store, image, digested.Digest(), sys) {
+ loadedImage = image
+ s.id = image.ID
+ }
+ }
+ }
+ }
+ }
+ }
+ if s.id == "" {
+ logrus.Debugf("reference %q does not resolve to an image ID", s.StringWithinTransport())
+ return nil, fmt.Errorf("reference %q does not resolve to an image ID: %w", s.StringWithinTransport(), ErrNoSuchImage)
+ }
+ if loadedImage == nil {
+ img, err := s.transport.store.Image(s.id)
+ if err != nil {
+ return nil, fmt.Errorf("reading image %q: %w", s.id, err)
+ }
+ loadedImage = img
+ }
+ if s.named != nil {
+ if !imageMatchesRepo(loadedImage, s.named) {
+ logrus.Errorf("no image matching reference %q found", s.StringWithinTransport())
+ return nil, ErrNoSuchImage
+ }
+ }
+ // Default to having the image digest that we hand back match the most recently
+ // added manifest...
+ if digest, ok := loadedImage.BigDataDigests[storage.ImageDigestBigDataKey]; ok {
+ loadedImage.Digest = digest
+ }
+ // ... unless the named reference says otherwise, and it matches one of the digests
+ // in the image. For those cases, set the Digest field to that value, for the
+ // sake of older consumers that don't know there's a whole list in there now.
+ if s.named != nil {
+ if digested, ok := s.named.(reference.Digested); ok {
+ digest := digested.Digest()
+ if slices.Contains(loadedImage.Digests, digest) {
+ loadedImage.Digest = digest
+ }
+ }
+ }
+ return loadedImage, nil
+}
+
+// Return a Transport object that defaults to using the same store that we used
+// to build this reference object.
+func (s storageReference) Transport() types.ImageTransport {
+ return &storageTransport{
+ store: s.transport.store,
+ defaultUIDMap: s.transport.defaultUIDMap,
+ defaultGIDMap: s.transport.defaultGIDMap,
+ }
+}
+
+// Return a name with a tag or digest, if we have either, else return it bare.
+func (s storageReference) DockerReference() reference.Named {
+ return s.named
+}
+
+// Return a name with a tag, prefixed with the graph root and driver name, to
+// disambiguate between images which may be present in multiple stores and
+// share only their names.
+func (s storageReference) StringWithinTransport() string {
+ optionsList := ""
+ options := s.transport.store.GraphOptions()
+ if len(options) > 0 {
+ optionsList = ":" + strings.Join(options, ",")
+ }
+ res := "[" + s.transport.store.GraphDriverName() + "@" + s.transport.store.GraphRoot() + "+" + s.transport.store.RunRoot() + optionsList + "]"
+ if s.named != nil {
+ res += s.named.String()
+ }
+ if s.id != "" {
+ res += "@" + s.id
+ }
+ return res
+}
+
+func (s storageReference) PolicyConfigurationIdentity() string {
+ res := "[" + s.transport.store.GraphDriverName() + "@" + s.transport.store.GraphRoot() + "]"
+ if s.named != nil {
+ res += s.named.String()
+ }
+ if s.id != "" {
+ res += "@" + s.id
+ }
+ return res
+}
+
+// Also accept policy that's tied to the combination of the graph root and
+// driver name, to apply to all images stored in the Store, and to just the
+// graph root, in case we're using multiple drivers in the same directory for
+// some reason.
+func (s storageReference) PolicyConfigurationNamespaces() []string {
+ storeSpec := "[" + s.transport.store.GraphDriverName() + "@" + s.transport.store.GraphRoot() + "]"
+ driverlessStoreSpec := "[" + s.transport.store.GraphRoot() + "]"
+ namespaces := []string{}
+ if s.named != nil {
+ if s.id != "" {
+ // The reference without the ID is also a valid namespace.
+ namespaces = append(namespaces, storeSpec+s.named.String())
+ }
+ tagged, isTagged := s.named.(reference.Tagged)
+ _, isDigested := s.named.(reference.Digested)
+ if isTagged && isDigested { // s.named is "name:tag@digest"; add a "name:tag" parent namespace.
+ namespaces = append(namespaces, storeSpec+s.named.Name()+":"+tagged.Tag())
+ }
+ components := strings.Split(s.named.Name(), "/")
+ for len(components) > 0 {
+ namespaces = append(namespaces, storeSpec+strings.Join(components, "/"))
+ components = components[:len(components)-1]
+ }
+ }
+ namespaces = append(namespaces, storeSpec)
+ namespaces = append(namespaces, driverlessStoreSpec)
+ return namespaces
+}
+
+// NewImage returns a types.ImageCloser for this reference, possibly specialized for this ImageTransport.
+// The caller must call .Close() on the returned ImageCloser.
+// NOTE: If any kind of signature verification should happen, build an UnparsedImage from the value returned by NewImageSource,
+// verify that UnparsedImage, and convert it into a real Image via image.FromUnparsedImage.
+// WARNING: This may not do the right thing for a manifest list, see image.FromSource for details.
+func (s storageReference) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) {
+ return newImage(ctx, sys, s)
+}
+
+func (s storageReference) DeleteImage(ctx context.Context, sys *types.SystemContext) error {
+ img, err := s.resolveImage(sys)
+ if err != nil {
+ return err
+ }
+ layers, err := s.transport.store.DeleteImage(img.ID, true)
+ if err == nil {
+ logrus.Debugf("deleted image %q", img.ID)
+ for _, layer := range layers {
+ logrus.Debugf("deleted layer %q", layer)
+ }
+ }
+ return err
+}
+
+func (s storageReference) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) {
+ return newImageSource(sys, s)
+}
+
+func (s storageReference) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) {
+ return newImageDestination(sys, s)
+}
+
+// ResolveReference finds the underlying storage image for a storage.Transport reference.
+// It returns that image, and an updated reference which can be used to refer back to the _same_
+// image again.
+//
+// This matters if the input reference contains a tagged name; the destination of the tag can
+// move in local storage. The updated reference returned by this function contains the resolved
+// image ID, so later uses of that updated reference will either continue to refer to the same
+// image, or fail.
+//
+// Note that it _is_ possible for the later uses to fail, either because the image was removed
+// completely, or because the name used in the reference was untaged (even if the underlying image
+// ID still exists in local storage).
+//
+// Returns an error matching ErrNoSuchImage if an image matching ref was not found.
+func ResolveReference(ref types.ImageReference) (types.ImageReference, *storage.Image, error) {
+ sref, ok := ref.(*storageReference)
+ if !ok {
+ return nil, nil, fmt.Errorf("trying to resolve a non-%s: reference %q", Transport.Name(),
+ transports.ImageName(ref))
+ }
+ clone := *sref // A shallow copy we can update
+ img, err := clone.resolveImage(nil)
+ if err != nil {
+ return nil, nil, err
+ }
+ return clone, img, nil
+}
diff --git a/vendor/github.com/containers/image/v5/storage/storage_src.go b/vendor/github.com/containers/image/v5/storage/storage_src.go
new file mode 100644
index 000000000..f1ce0861e
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/storage/storage_src.go
@@ -0,0 +1,403 @@
+//go:build !containers_image_storage_stub
+// +build !containers_image_storage_stub
+
+package storage
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "io"
+ "os"
+ "sync"
+
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/internal/image"
+ "github.com/containers/image/v5/internal/imagesource/impl"
+ "github.com/containers/image/v5/internal/imagesource/stubs"
+ "github.com/containers/image/v5/internal/signature"
+ "github.com/containers/image/v5/internal/tmpdir"
+ "github.com/containers/image/v5/manifest"
+ "github.com/containers/image/v5/types"
+ "github.com/containers/storage"
+ "github.com/containers/storage/pkg/archive"
+ "github.com/containers/storage/pkg/ioutils"
+ digest "github.com/opencontainers/go-digest"
+ imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
+ "github.com/sirupsen/logrus"
+)
+
+type storageImageSource struct {
+ impl.Compat
+ impl.PropertyMethodsInitialize
+ stubs.NoGetBlobAtInitialize
+
+ imageRef storageReference
+ image *storage.Image
+ systemContext *types.SystemContext // SystemContext used in GetBlob() to create temporary files
+ layerPosition map[digest.Digest]int // Where we are in reading a blob's layers
+ cachedManifest []byte // A cached copy of the manifest, if already known, or nil
+ getBlobMutex sync.Mutex // Mutex to sync state for parallel GetBlob executions
+ SignatureSizes []int `json:"signature-sizes,omitempty"` // List of sizes of each signature slice
+ SignaturesSizes map[digest.Digest][]int `json:"signatures-sizes,omitempty"` // List of sizes of each signature slice
+}
+
+// newImageSource sets up an image for reading.
+func newImageSource(sys *types.SystemContext, imageRef storageReference) (*storageImageSource, error) {
+ // First, locate the image.
+ img, err := imageRef.resolveImage(sys)
+ if err != nil {
+ return nil, err
+ }
+
+ // Build the reader object.
+ image := &storageImageSource{
+ PropertyMethodsInitialize: impl.PropertyMethods(impl.Properties{
+ HasThreadSafeGetBlob: true,
+ }),
+ NoGetBlobAtInitialize: stubs.NoGetBlobAt(imageRef),
+
+ imageRef: imageRef,
+ systemContext: sys,
+ image: img,
+ layerPosition: make(map[digest.Digest]int),
+ SignatureSizes: []int{},
+ SignaturesSizes: make(map[digest.Digest][]int),
+ }
+ image.Compat = impl.AddCompat(image)
+ if img.Metadata != "" {
+ if err := json.Unmarshal([]byte(img.Metadata), image); err != nil {
+ return nil, fmt.Errorf("decoding metadata for source image: %w", err)
+ }
+ }
+ return image, nil
+}
+
+// Reference returns the image reference that we used to find this image.
+func (s *storageImageSource) Reference() types.ImageReference {
+ return s.imageRef
+}
+
+// Close cleans up any resources we tied up while reading the image.
+func (s *storageImageSource) Close() error {
+ return nil
+}
+
+// GetBlob returns a stream for the specified blob, and the blob’s size (or -1 if unknown).
+// The Digest field in BlobInfo is guaranteed to be provided, Size may be -1 and MediaType may be optionally provided.
+// May update BlobInfoCache, preferably after it knows for certain that a blob truly exists at a specific location.
+func (s *storageImageSource) GetBlob(ctx context.Context, info types.BlobInfo, cache types.BlobInfoCache) (rc io.ReadCloser, n int64, err error) {
+ // We need a valid digest value.
+ digest := info.Digest
+ err = digest.Validate()
+ if err != nil {
+ return nil, 0, err
+ }
+
+ if digest == image.GzippedEmptyLayerDigest {
+ return io.NopCloser(bytes.NewReader(image.GzippedEmptyLayer)), int64(len(image.GzippedEmptyLayer)), nil
+ }
+
+ // Check if the blob corresponds to a diff that was used to initialize any layers. Our
+ // callers should try to retrieve layers using their uncompressed digests, so no need to
+ // check if they're using one of the compressed digests, which we can't reproduce anyway.
+ layers, _ := s.imageRef.transport.store.LayersByUncompressedDigest(digest)
+
+ // If it's not a layer, then it must be a data item.
+ if len(layers) == 0 {
+ b, err := s.imageRef.transport.store.ImageBigData(s.image.ID, digest.String())
+ if err != nil {
+ return nil, 0, err
+ }
+ r := bytes.NewReader(b)
+ logrus.Debugf("exporting opaque data as blob %q", digest.String())
+ return io.NopCloser(r), int64(r.Len()), nil
+ }
+
+ // NOTE: the blob is first written to a temporary file and subsequently
+ // closed. The intention is to keep the time we own the storage lock
+ // as short as possible to allow other processes to access the storage.
+ rc, n, _, err = s.getBlobAndLayerID(digest, layers)
+ if err != nil {
+ return nil, 0, err
+ }
+ defer rc.Close()
+
+ tmpFile, err := tmpdir.CreateBigFileTemp(s.systemContext, "")
+ if err != nil {
+ return nil, 0, err
+ }
+ success := false
+ tmpFileRemovePending := true
+ defer func() {
+ if !success {
+ tmpFile.Close()
+ if tmpFileRemovePending {
+ os.Remove(tmpFile.Name())
+ }
+ }
+ }()
+ // On Unix and modern Windows (2022 at least) we can eagerly unlink the file to ensure it's automatically
+ // cleaned up on process termination (or if the caller forgets to invoke Close())
+ // On older versions of Windows we will have to fallback to relying on the caller to invoke Close()
+ if err := os.Remove(tmpFile.Name()); err != nil {
+ tmpFileRemovePending = false
+ }
+
+ if _, err := io.Copy(tmpFile, rc); err != nil {
+ return nil, 0, err
+ }
+ if _, err := tmpFile.Seek(0, io.SeekStart); err != nil {
+ return nil, 0, err
+ }
+
+ success = true
+
+ if tmpFileRemovePending {
+ return ioutils.NewReadCloserWrapper(tmpFile, func() error {
+ tmpFile.Close()
+ return os.Remove(tmpFile.Name())
+ }), n, nil
+ }
+
+ return tmpFile, n, nil
+}
+
+// getBlobAndLayer reads the data blob or filesystem layer which matches the digest and size, if given.
+func (s *storageImageSource) getBlobAndLayerID(digest digest.Digest, layers []storage.Layer) (rc io.ReadCloser, n int64, layerID string, err error) {
+ var layer storage.Layer
+ var diffOptions *storage.DiffOptions
+
+ // Step through the list of matching layers. Tests may want to verify that if we have multiple layers
+ // which claim to have the same contents, that we actually do have multiple layers, otherwise we could
+ // just go ahead and use the first one every time.
+ s.getBlobMutex.Lock()
+ i := s.layerPosition[digest]
+ s.layerPosition[digest] = i + 1
+ s.getBlobMutex.Unlock()
+ if len(layers) > 0 {
+ layer = layers[i%len(layers)]
+ }
+ // Force the storage layer to not try to match any compression that was used when the layer was first
+ // handed to it.
+ noCompression := archive.Uncompressed
+ diffOptions = &storage.DiffOptions{
+ Compression: &noCompression,
+ }
+ if layer.UncompressedSize < 0 {
+ n = -1
+ } else {
+ n = layer.UncompressedSize
+ }
+ logrus.Debugf("exporting filesystem layer %q without compression for blob %q", layer.ID, digest)
+ rc, err = s.imageRef.transport.store.Diff("", layer.ID, diffOptions)
+ if err != nil {
+ return nil, -1, "", err
+ }
+ return rc, n, layer.ID, err
+}
+
+// GetManifest() reads the image's manifest.
+func (s *storageImageSource) GetManifest(ctx context.Context, instanceDigest *digest.Digest) (manifestBlob []byte, mimeType string, err error) {
+ if instanceDigest != nil {
+ key := manifestBigDataKey(*instanceDigest)
+ blob, err := s.imageRef.transport.store.ImageBigData(s.image.ID, key)
+ if err != nil {
+ return nil, "", fmt.Errorf("reading manifest for image instance %q: %w", *instanceDigest, err)
+ }
+ return blob, manifest.GuessMIMEType(blob), err
+ }
+ if len(s.cachedManifest) == 0 {
+ // The manifest is stored as a big data item.
+ // Prefer the manifest corresponding to the user-specified digest, if available.
+ if s.imageRef.named != nil {
+ if digested, ok := s.imageRef.named.(reference.Digested); ok {
+ key := manifestBigDataKey(digested.Digest())
+ blob, err := s.imageRef.transport.store.ImageBigData(s.image.ID, key)
+ if err != nil && !os.IsNotExist(err) { // os.IsNotExist is true if the image exists but there is no data corresponding to key
+ return nil, "", err
+ }
+ if err == nil {
+ s.cachedManifest = blob
+ }
+ }
+ }
+ // If the user did not specify a digest, or this is an old image stored before manifestBigDataKey was introduced, use the default manifest.
+ // Note that the manifest may not match the expected digest, and that is likely to fail eventually, e.g. in c/image/image/UnparsedImage.Manifest().
+ if len(s.cachedManifest) == 0 {
+ cachedBlob, err := s.imageRef.transport.store.ImageBigData(s.image.ID, storage.ImageDigestBigDataKey)
+ if err != nil {
+ return nil, "", err
+ }
+ s.cachedManifest = cachedBlob
+ }
+ }
+ return s.cachedManifest, manifest.GuessMIMEType(s.cachedManifest), err
+}
+
+// LayerInfosForCopy() returns the list of layer blobs that make up the root filesystem of
+// the image, after they've been decompressed.
+func (s *storageImageSource) LayerInfosForCopy(ctx context.Context, instanceDigest *digest.Digest) ([]types.BlobInfo, error) {
+ manifestBlob, manifestType, err := s.GetManifest(ctx, instanceDigest)
+ if err != nil {
+ return nil, fmt.Errorf("reading image manifest for %q: %w", s.image.ID, err)
+ }
+ if manifest.MIMETypeIsMultiImage(manifestType) {
+ return nil, errors.New("can't copy layers for a manifest list (shouldn't be attempted)")
+ }
+ man, err := manifest.FromBlob(manifestBlob, manifestType)
+ if err != nil {
+ return nil, fmt.Errorf("parsing image manifest for %q: %w", s.image.ID, err)
+ }
+
+ uncompressedLayerType := ""
+ switch manifestType {
+ case imgspecv1.MediaTypeImageManifest:
+ uncompressedLayerType = imgspecv1.MediaTypeImageLayer
+ case manifest.DockerV2Schema1MediaType, manifest.DockerV2Schema1SignedMediaType, manifest.DockerV2Schema2MediaType:
+ uncompressedLayerType = manifest.DockerV2SchemaLayerMediaTypeUncompressed
+ }
+
+ physicalBlobInfos := []types.BlobInfo{}
+ layerID := s.image.TopLayer
+ for layerID != "" {
+ layer, err := s.imageRef.transport.store.Layer(layerID)
+ if err != nil {
+ return nil, fmt.Errorf("reading layer %q in image %q: %w", layerID, s.image.ID, err)
+ }
+ if layer.UncompressedDigest == "" {
+ return nil, fmt.Errorf("uncompressed digest for layer %q is unknown", layerID)
+ }
+ if layer.UncompressedSize < 0 {
+ return nil, fmt.Errorf("uncompressed size for layer %q is unknown", layerID)
+ }
+ blobInfo := types.BlobInfo{
+ Digest: layer.UncompressedDigest,
+ Size: layer.UncompressedSize,
+ MediaType: uncompressedLayerType,
+ }
+ physicalBlobInfos = append([]types.BlobInfo{blobInfo}, physicalBlobInfos...)
+ layerID = layer.Parent
+ }
+
+ res, err := buildLayerInfosForCopy(man.LayerInfos(), physicalBlobInfos)
+ if err != nil {
+ return nil, fmt.Errorf("creating LayerInfosForCopy of image %q: %w", s.image.ID, err)
+ }
+ return res, nil
+}
+
+// buildLayerInfosForCopy builds a LayerInfosForCopy return value based on manifestInfos from the original manifest,
+// but using layer data which we can actually produce — physicalInfos for non-empty layers,
+// and image.GzippedEmptyLayer for empty ones.
+// (This is split basically only to allow easily unit-testing the part that has no dependencies on the external environment.)
+func buildLayerInfosForCopy(manifestInfos []manifest.LayerInfo, physicalInfos []types.BlobInfo) ([]types.BlobInfo, error) {
+ nextPhysical := 0
+ res := make([]types.BlobInfo, len(manifestInfos))
+ for i, mi := range manifestInfos {
+ if mi.EmptyLayer {
+ res[i] = types.BlobInfo{
+ Digest: image.GzippedEmptyLayerDigest,
+ Size: int64(len(image.GzippedEmptyLayer)),
+ MediaType: mi.MediaType,
+ }
+ } else {
+ if nextPhysical >= len(physicalInfos) {
+ return nil, fmt.Errorf("expected more than %d physical layers to exist", len(physicalInfos))
+ }
+ res[i] = physicalInfos[nextPhysical] // FIXME? Should we preserve more data in manifestInfos? Notably the current approach correctly removes zstd:chunked metadata annotations.
+ nextPhysical++
+ }
+ }
+ if nextPhysical != len(physicalInfos) {
+ return nil, fmt.Errorf("used only %d out of %d physical layers", nextPhysical, len(physicalInfos))
+ }
+ return res, nil
+}
+
+// GetSignaturesWithFormat returns the image's signatures. It may use a remote (= slow) service.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to retrieve signatures for
+// (when the primary manifest is a manifest list); this never happens if the primary manifest is not a manifest list
+// (e.g. if the source never returns manifest lists).
+func (s *storageImageSource) GetSignaturesWithFormat(ctx context.Context, instanceDigest *digest.Digest) ([]signature.Signature, error) {
+ var offset int
+ signatureBlobs := []byte{}
+ signatureSizes := s.SignatureSizes
+ key := "signatures"
+ instance := "default instance"
+ if instanceDigest != nil {
+ signatureSizes = s.SignaturesSizes[*instanceDigest]
+ key = signatureBigDataKey(*instanceDigest)
+ instance = instanceDigest.Encoded()
+ }
+ if len(signatureSizes) > 0 {
+ data, err := s.imageRef.transport.store.ImageBigData(s.image.ID, key)
+ if err != nil {
+ return nil, fmt.Errorf("looking up signatures data for image %q (%s): %w", s.image.ID, instance, err)
+ }
+ signatureBlobs = data
+ }
+ res := []signature.Signature{}
+ for _, length := range signatureSizes {
+ if offset+length > len(signatureBlobs) {
+ return nil, fmt.Errorf("looking up signatures data for image %q (%s): expected at least %d bytes, only found %d", s.image.ID, instance, len(signatureBlobs), offset+length)
+ }
+ sig, err := signature.FromBlob(signatureBlobs[offset : offset+length])
+ if err != nil {
+ return nil, fmt.Errorf("parsing signature at (%d, %d): %w", offset, length, err)
+ }
+ res = append(res, sig)
+ offset += length
+ }
+ if offset != len(signatureBlobs) {
+ return nil, fmt.Errorf("signatures data (%s) contained %d extra bytes", instance, len(signatureBlobs)-offset)
+ }
+ return res, nil
+}
+
+// getSize() adds up the sizes of the image's data blobs (which includes the configuration blob), the
+// signatures, and the uncompressed sizes of all of the image's layers.
+func (s *storageImageSource) getSize() (int64, error) {
+ var sum int64
+ // Size up the data blobs.
+ dataNames, err := s.imageRef.transport.store.ListImageBigData(s.image.ID)
+ if err != nil {
+ return -1, fmt.Errorf("reading image %q: %w", s.image.ID, err)
+ }
+ for _, dataName := range dataNames {
+ bigSize, err := s.imageRef.transport.store.ImageBigDataSize(s.image.ID, dataName)
+ if err != nil {
+ return -1, fmt.Errorf("reading data blob size %q for %q: %w", dataName, s.image.ID, err)
+ }
+ sum += bigSize
+ }
+ // Add the signature sizes.
+ for _, sigSize := range s.SignatureSizes {
+ sum += int64(sigSize)
+ }
+ // Walk the layer list.
+ layerID := s.image.TopLayer
+ for layerID != "" {
+ layer, err := s.imageRef.transport.store.Layer(layerID)
+ if err != nil {
+ return -1, err
+ }
+ if layer.UncompressedDigest == "" || layer.UncompressedSize < 0 {
+ return -1, fmt.Errorf("size for layer %q is unknown, failing getSize()", layerID)
+ }
+ sum += layer.UncompressedSize
+ if layer.Parent == "" {
+ break
+ }
+ layerID = layer.Parent
+ }
+ return sum, nil
+}
+
+// Size() adds up the sizes of the image's data blobs (which includes the configuration blob), the
+// signatures, and the uncompressed sizes of all of the image's layers.
+func (s *storageImageSource) Size() (int64, error) {
+ return s.getSize()
+}
diff --git a/vendor/github.com/containers/image/v5/storage/storage_transport.go b/vendor/github.com/containers/image/v5/storage/storage_transport.go
new file mode 100644
index 000000000..deb500b4d
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/storage/storage_transport.go
@@ -0,0 +1,416 @@
+//go:build !containers_image_storage_stub
+// +build !containers_image_storage_stub
+
+package storage
+
+import (
+ "errors"
+ "fmt"
+ "path/filepath"
+ "strings"
+
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/transports"
+ "github.com/containers/image/v5/types"
+ "github.com/containers/storage"
+ "github.com/containers/storage/pkg/idtools"
+ digest "github.com/opencontainers/go-digest"
+ "github.com/sirupsen/logrus"
+)
+
+const (
+ minimumTruncatedIDLength = 3
+)
+
+func init() {
+ transports.Register(Transport)
+}
+
+var (
+ // Transport is an ImageTransport that uses either a default
+ // storage.Store or one that's it's explicitly told to use.
+ Transport StoreTransport = &storageTransport{}
+ // ErrInvalidReference is returned when ParseReference() is passed an
+ // empty reference.
+ ErrInvalidReference = errors.New("invalid reference")
+ // ErrPathNotAbsolute is returned when a graph root is not an absolute
+ // path name.
+ ErrPathNotAbsolute = errors.New("path name is not absolute")
+)
+
+// StoreTransport is an ImageTransport that uses a storage.Store to parse
+// references, either its own default or one that it's told to use.
+type StoreTransport interface {
+ types.ImageTransport
+ // SetStore sets the default store for this transport.
+ SetStore(storage.Store)
+ // GetStoreIfSet returns the default store for this transport, or nil if not set/determined yet.
+ GetStoreIfSet() storage.Store
+ // GetImage retrieves the image from the transport's store that's named
+ // by the reference.
+ // Deprecated: Surprisingly, with a StoreTransport reference which contains an ID,
+ // this ignores that ID; and repeated calls of GetStoreImage with the same named reference
+ // can return different images, with no way for the caller to "freeze" the storage.Image identity
+ // without discarding the name entirely.
+ //
+ // Use storage.ResolveReference instead; note that if the image is not found, ResolveReference returns
+ // c/image/v5/storage.ErrNoSuchImage, not c/storage.ErrImageUnknown.
+ GetImage(types.ImageReference) (*storage.Image, error)
+ // GetStoreImage retrieves the image from a specified store that's named
+ // by the reference.
+ //
+ // Deprecated: Surprisingly, with a StoreTransport reference which contains an ID,
+ // this ignores that ID; and repeated calls of GetStoreImage with the same named reference
+ // can return different images, with no way for the caller to "freeze" the storage.Image identity
+ // without discarding the name entirely.
+ //
+ // Also, a StoreTransport reference already contains a store, so providing another one is redundant.
+ //
+ // Use storage.ResolveReference instead; note that if the image is not found, ResolveReference returns
+ // c/image/v5/storage.ErrNoSuchImage, not c/storage.ErrImageUnknown.
+ GetStoreImage(storage.Store, types.ImageReference) (*storage.Image, error)
+ // ParseStoreReference parses a reference, overriding any store
+ // specification that it may contain.
+ ParseStoreReference(store storage.Store, reference string) (*storageReference, error)
+ // NewStoreReference creates a reference for (named@ID) in store.
+ // either of name or ID can be unset; named must not be a reference.IsNameOnly.
+ NewStoreReference(store storage.Store, named reference.Named, id string) (*storageReference, error)
+ // SetDefaultUIDMap sets the default UID map to use when opening stores.
+ SetDefaultUIDMap(idmap []idtools.IDMap)
+ // SetDefaultGIDMap sets the default GID map to use when opening stores.
+ SetDefaultGIDMap(idmap []idtools.IDMap)
+ // DefaultUIDMap returns the default UID map used when opening stores.
+ DefaultUIDMap() []idtools.IDMap
+ // DefaultGIDMap returns the default GID map used when opening stores.
+ DefaultGIDMap() []idtools.IDMap
+}
+
+type storageTransport struct {
+ store storage.Store
+ defaultUIDMap []idtools.IDMap
+ defaultGIDMap []idtools.IDMap
+}
+
+func (s *storageTransport) Name() string {
+ // Still haven't really settled on a name.
+ return "containers-storage"
+}
+
+// SetStore sets the Store object which the Transport will use for parsing
+// references when information about a Store is not directly specified as part
+// of the reference. If one is not set, the library will attempt to initialize
+// one with default settings when a reference needs to be parsed. Calling
+// SetStore does not affect previously parsed references.
+func (s *storageTransport) SetStore(store storage.Store) {
+ s.store = store
+}
+
+// GetStoreIfSet returns the default store for this transport, as set using SetStore() or initialized by default, or nil if not set/determined yet.
+func (s *storageTransport) GetStoreIfSet() storage.Store {
+ return s.store
+}
+
+// SetDefaultUIDMap sets the default UID map to use when opening stores.
+func (s *storageTransport) SetDefaultUIDMap(idmap []idtools.IDMap) {
+ s.defaultUIDMap = idmap
+}
+
+// SetDefaultGIDMap sets the default GID map to use when opening stores.
+func (s *storageTransport) SetDefaultGIDMap(idmap []idtools.IDMap) {
+ s.defaultGIDMap = idmap
+}
+
+// DefaultUIDMap returns the default UID map used when opening stores.
+func (s *storageTransport) DefaultUIDMap() []idtools.IDMap {
+ return s.defaultUIDMap
+}
+
+// DefaultGIDMap returns the default GID map used when opening stores.
+func (s *storageTransport) DefaultGIDMap() []idtools.IDMap {
+ return s.defaultGIDMap
+}
+
+// ParseStoreReference takes a name or an ID, tries to figure out which it is
+// relative to the given store, and returns it in a reference object.
+func (s storageTransport) ParseStoreReference(store storage.Store, ref string) (*storageReference, error) {
+ if ref == "" {
+ return nil, fmt.Errorf("%q is an empty reference: %w", ref, ErrInvalidReference)
+ }
+ if ref[0] == '[' {
+ // Ignore the store specifier.
+ closeIndex := strings.IndexRune(ref, ']')
+ if closeIndex < 1 {
+ return nil, fmt.Errorf("store specifier in %q did not end: %w", ref, ErrInvalidReference)
+ }
+ ref = ref[closeIndex+1:]
+ }
+
+ // The reference may end with an image ID. Image IDs and digests use the same "@" separator;
+ // here we only peel away an image ID, and leave digests alone.
+ split := strings.LastIndex(ref, "@")
+ id := ""
+ if split != -1 {
+ possibleID := ref[split+1:]
+ if possibleID == "" {
+ return nil, fmt.Errorf("empty trailing digest or ID in %q: %w", ref, ErrInvalidReference)
+ }
+ // If it looks like a digest, leave it alone for now.
+ if _, err := digest.Parse(possibleID); err != nil {
+ // Otherwise…
+ if err := validateImageID(possibleID); err == nil {
+ id = possibleID // … it is a full ID
+ } else if img, err := store.Image(possibleID); err == nil && img != nil && len(possibleID) >= minimumTruncatedIDLength && strings.HasPrefix(img.ID, possibleID) {
+ // … it is a truncated version of the ID of an image that's present in local storage,
+ // so we might as well use the expanded value.
+ id = img.ID
+ } else {
+ return nil, fmt.Errorf("%q does not look like an image ID or digest: %w", possibleID, ErrInvalidReference)
+ }
+ // We have recognized an image ID; peel it off.
+ ref = ref[:split]
+ }
+ }
+
+ // If we only have one @-delimited portion, then _maybe_ it's a truncated image ID. Only check on that if it's
+ // at least of what we guess is a reasonable minimum length, because we don't want a really short value
+ // like "a" matching an image by ID prefix when the input was actually meant to specify an image name.
+ if id == "" && len(ref) >= minimumTruncatedIDLength && !strings.ContainsAny(ref, "@:") {
+ if img, err := store.Image(ref); err == nil && img != nil && strings.HasPrefix(img.ID, ref) {
+ // It's a truncated version of the ID of an image that's present in local storage;
+ // we need to expand it.
+ id = img.ID
+ ref = ""
+ }
+ }
+
+ var named reference.Named
+ // Unless we have an un-named "ID" or "@ID" reference (where ID might only have been a prefix), which has been
+ // completely parsed above, the initial portion should be a name, possibly with a tag and/or a digest..
+ if ref != "" {
+ var err error
+ named, err = reference.ParseNormalizedNamed(ref)
+ if err != nil {
+ return nil, fmt.Errorf("parsing named reference %q: %w", ref, err)
+ }
+ named = reference.TagNameOnly(named)
+ }
+
+ result, err := s.NewStoreReference(store, named, id)
+ if err != nil {
+ return nil, err
+ }
+ logrus.Debugf("parsed reference into %q", result.StringWithinTransport())
+ return result, nil
+}
+
+// NewStoreReference creates a reference for (named@ID) in store.
+// either of name or ID can be unset; named must not be a reference.IsNameOnly.
+func (s *storageTransport) NewStoreReference(store storage.Store, named reference.Named, id string) (*storageReference, error) {
+ return newReference(storageTransport{store: store, defaultUIDMap: s.defaultUIDMap, defaultGIDMap: s.defaultGIDMap}, named, id)
+}
+
+func (s *storageTransport) GetStore() (storage.Store, error) {
+ // Return the transport's previously-set store. If we don't have one
+ // of those, initialize one now.
+ if s.store == nil {
+ options, err := storage.DefaultStoreOptionsAutoDetectUID()
+ if err != nil {
+ return nil, err
+ }
+ options.UIDMap = s.defaultUIDMap
+ options.GIDMap = s.defaultGIDMap
+ store, err := storage.GetStore(options)
+ if err != nil {
+ return nil, err
+ }
+ s.store = store
+ }
+ return s.store, nil
+}
+
+// ParseReference takes a name and a tag or digest and/or ID
+// ("_name_"/"@_id_"/"_name_:_tag_"/"_name_:_tag_@_id_"/"_name_@_digest_"/"_name_@_digest_@_id_"/"_name_:_tag_@_digest_"/"_name_:_tag_@_digest_@_id_"),
+// possibly prefixed with a store specifier in the form "[_graphroot_]" or
+// "[_driver_@_graphroot_]" or "[_driver_@_graphroot_+_runroot_]" or
+// "[_driver_@_graphroot_:_options_]" or "[_driver_@_graphroot_+_runroot_:_options_]",
+// tries to figure out which it is, and returns it in a reference object.
+// If _id_ is the ID of an image that's present in local storage, it can be truncated, and
+// even be specified as if it were a _name_, value.
+func (s *storageTransport) ParseReference(reference string) (types.ImageReference, error) {
+ var store storage.Store
+ // Check if there's a store location prefix. If there is, then it
+ // needs to match a store that was previously initialized using
+ // storage.GetStore(), or be enough to let the storage library fill out
+ // the rest using knowledge that it has from elsewhere.
+ if len(reference) > 0 && reference[0] == '[' {
+ closeIndex := strings.IndexRune(reference, ']')
+ if closeIndex < 1 {
+ return nil, ErrInvalidReference
+ }
+ storeSpec := reference[1:closeIndex]
+ reference = reference[closeIndex+1:]
+ // Peel off a "driver@" from the start.
+ driverInfo := ""
+ driverPart1, driverPart2, gotDriver := strings.Cut(storeSpec, "@")
+ if !gotDriver {
+ storeSpec = driverPart1
+ if storeSpec == "" {
+ return nil, ErrInvalidReference
+ }
+ } else {
+ driverInfo = driverPart1
+ if driverInfo == "" {
+ return nil, ErrInvalidReference
+ }
+ storeSpec = driverPart2
+ if storeSpec == "" {
+ return nil, ErrInvalidReference
+ }
+ }
+ // Peel off a ":options" from the end.
+ var options []string
+ storeSpec, optionsPart, gotOptions := strings.Cut(storeSpec, ":")
+ if gotOptions {
+ options = strings.Split(optionsPart, ",")
+ }
+ // Peel off a "+runroot" from the new end.
+ storeSpec, runRootInfo, _ := strings.Cut(storeSpec, "+") // runRootInfo is "" if there is no "+"
+ // The rest is our graph root.
+ rootInfo := storeSpec
+ // Check that any paths are absolute paths.
+ if rootInfo != "" && !filepath.IsAbs(rootInfo) {
+ return nil, ErrPathNotAbsolute
+ }
+ if runRootInfo != "" && !filepath.IsAbs(runRootInfo) {
+ return nil, ErrPathNotAbsolute
+ }
+ store2, err := storage.GetStore(storage.StoreOptions{
+ GraphDriverName: driverInfo,
+ GraphRoot: rootInfo,
+ RunRoot: runRootInfo,
+ GraphDriverOptions: options,
+ UIDMap: s.defaultUIDMap,
+ GIDMap: s.defaultGIDMap,
+ })
+ if err != nil {
+ return nil, err
+ }
+ store = store2
+ } else {
+ // We didn't have a store spec, so use the default.
+ store2, err := s.GetStore()
+ if err != nil {
+ return nil, err
+ }
+ store = store2
+ }
+ return s.ParseStoreReference(store, reference)
+}
+
+// Deprecated: Surprisingly, with a StoreTransport reference which contains an ID,
+// this ignores that ID; and repeated calls of GetStoreImage with the same named reference
+// can return different images, with no way for the caller to "freeze" the storage.Image identity
+// without discarding the name entirely.
+//
+// Also, a StoreTransport reference already contains a store, so providing another one is redundant.
+//
+// Use storage.ResolveReference instead; note that if the image is not found, ResolveReference returns
+// c/image/v5/storage.ErrNoSuchImage, not c/storage.ErrImageUnknown.
+func (s storageTransport) GetStoreImage(store storage.Store, ref types.ImageReference) (*storage.Image, error) {
+ dref := ref.DockerReference()
+ if dref != nil {
+ if img, err := store.Image(dref.String()); err == nil {
+ return img, nil
+ }
+ }
+ if sref, ok := ref.(*storageReference); ok {
+ tmpRef := *sref
+ if img, err := tmpRef.resolveImage(nil); err == nil {
+ return img, nil
+ }
+ }
+ return nil, storage.ErrImageUnknown
+}
+
+// Deprecated: Surprisingly, with a StoreTransport reference which contains an ID,
+// this ignores that ID; and repeated calls of GetStoreImage with the same named reference
+// can return different images, with no way for the caller to "freeze" the storage.Image identity
+// without discarding the name entirely.
+//
+// Use storage.ResolveReference instead; note that if the image is not found, ResolveReference returns
+// c/image/v5/storage.ErrNoSuchImage, not c/storage.ErrImageUnknown.
+func (s *storageTransport) GetImage(ref types.ImageReference) (*storage.Image, error) {
+ store, err := s.GetStore()
+ if err != nil {
+ return nil, err
+ }
+ return s.GetStoreImage(store, ref)
+}
+
+func (s storageTransport) ValidatePolicyConfigurationScope(scope string) error {
+ // Check that there's a store location prefix. Values we're passed are
+ // expected to come from PolicyConfigurationIdentity or
+ // PolicyConfigurationNamespaces, so if there's no store location,
+ // something's wrong.
+ if scope[0] != '[' {
+ return ErrInvalidReference
+ }
+ // Parse the store location prefix.
+ closeIndex := strings.IndexRune(scope, ']')
+ if closeIndex < 1 {
+ return ErrInvalidReference
+ }
+ storeSpec := scope[1:closeIndex]
+ scope = scope[closeIndex+1:]
+ storeInfo := strings.SplitN(storeSpec, "@", 2)
+ if len(storeInfo) == 1 && storeInfo[0] != "" {
+ // One component: the graph root.
+ if !filepath.IsAbs(storeInfo[0]) {
+ return ErrPathNotAbsolute
+ }
+ } else if len(storeInfo) == 2 && storeInfo[0] != "" && storeInfo[1] != "" {
+ // Two components: the driver type and the graph root.
+ if !filepath.IsAbs(storeInfo[1]) {
+ return ErrPathNotAbsolute
+ }
+ } else {
+ // Anything else: scope specified in a form we don't
+ // recognize.
+ return ErrInvalidReference
+ }
+ // That might be all of it, and that's okay.
+ if scope == "" {
+ return nil
+ }
+
+ fields := strings.SplitN(scope, "@", 3)
+ switch len(fields) {
+ case 1: // name only
+ case 2: // name:tag@ID or name[:tag]@digest
+ if idErr := validateImageID(fields[1]); idErr != nil {
+ if _, digestErr := digest.Parse(fields[1]); digestErr != nil {
+ return fmt.Errorf("%v is neither a valid digest(%s) nor a valid ID(%s)", fields[1], digestErr.Error(), idErr.Error())
+ }
+ }
+ case 3: // name[:tag]@digest@ID
+ if _, err := digest.Parse(fields[1]); err != nil {
+ return err
+ }
+ if err := validateImageID(fields[2]); err != nil {
+ return err
+ }
+ default: // Coverage: This should never happen
+ return errors.New("Internal error: unexpected number of fields form strings.SplitN")
+ }
+ // As for field[0], if it is non-empty at all:
+ // FIXME? We could be verifying the various character set and length restrictions
+ // from docker/distribution/reference.regexp.go, but other than that there
+ // are few semantically invalid strings.
+ return nil
+}
+
+// validateImageID returns nil if id is a valid (full) image ID, or an error
+func validateImageID(id string) error {
+ _, err := digest.Parse("sha256:" + id)
+ return err
+}
diff --git a/vendor/github.com/containers/image/v5/tarball/doc.go b/vendor/github.com/containers/image/v5/tarball/doc.go
new file mode 100644
index 000000000..064c78b17
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/tarball/doc.go
@@ -0,0 +1,61 @@
+// Package tarball provides a way to generate images using one or more layer
+// tarballs and an optional template configuration.
+//
+// An example:
+//
+// package main
+//
+// import (
+// "context"
+//
+// cp "github.com/containers/image/v5/copy"
+// "github.com/containers/image/v5/signature"
+// "github.com/containers/image/v5/tarball"
+// "github.com/containers/image/v5/transports/alltransports"
+// "github.com/containers/image/v5/types"
+// imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
+// )
+//
+// func imageFromTarball() {
+// src, err := alltransports.ParseImageName("tarball:/var/cache/mock/fedora-26-x86_64/root_cache/cache.tar.gz")
+// // - or -
+// // src, err := tarball.Transport.ParseReference("/var/cache/mock/fedora-26-x86_64/root_cache/cache.tar.gz")
+// if err != nil {
+// panic(err)
+// }
+// updater, ok := src.(tarball.ConfigUpdater)
+// if !ok {
+// panic("unexpected: a tarball reference should implement tarball.ConfigUpdater")
+// }
+// config := imgspecv1.Image{
+// Config: imgspecv1.ImageConfig{
+// Cmd: []string{"/bin/bash"},
+// },
+// }
+// annotations := make(map[string]string)
+// annotations[imgspecv1.AnnotationDescription] = "test image built from a mock root cache"
+// err = updater.ConfigUpdate(config, annotations)
+// if err != nil {
+// panic(err)
+// }
+// dest, err := alltransports.ParseImageName("docker-daemon:mock:latest")
+// if err != nil {
+// panic(err)
+// }
+//
+// policy, err := signature.DefaultPolicy(nil)
+// if err != nil {
+// panic(err)
+// }
+//
+// pc, err := signature.NewPolicyContext(policy)
+// if err != nil {
+// panic(err)
+// }
+// defer pc.Destroy()
+// _, err = cp.Image(context.TODO(), pc, dest, src, nil)
+// if err != nil {
+// panic(err)
+// }
+// }
+package tarball
diff --git a/vendor/github.com/containers/image/v5/tarball/tarball_reference.go b/vendor/github.com/containers/image/v5/tarball/tarball_reference.go
new file mode 100644
index 000000000..d5578d9e8
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/tarball/tarball_reference.go
@@ -0,0 +1,82 @@
+package tarball
+
+import (
+ "context"
+ "fmt"
+ "os"
+ "strings"
+
+ "github.com/containers/image/v5/docker/reference"
+ "github.com/containers/image/v5/internal/image"
+ "github.com/containers/image/v5/types"
+ imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
+ "golang.org/x/exp/maps"
+)
+
+// ConfigUpdater is an interface that ImageReferences for "tarball" images also
+// implement. It can be used to set values for a configuration, and to set
+// image annotations which will be present in the images returned by the
+// reference's NewImage() or NewImageSource() methods.
+type ConfigUpdater interface {
+ ConfigUpdate(config imgspecv1.Image, annotations map[string]string) error
+}
+
+type tarballReference struct {
+ config imgspecv1.Image
+ annotations map[string]string
+ filenames []string
+ stdin []byte
+}
+
+// ConfigUpdate updates the image's default configuration and adds annotations
+// which will be visible in source images created using this reference.
+func (r *tarballReference) ConfigUpdate(config imgspecv1.Image, annotations map[string]string) error {
+ r.config = config
+ if r.annotations == nil {
+ r.annotations = make(map[string]string)
+ }
+ maps.Copy(r.annotations, annotations)
+ return nil
+}
+
+func (r *tarballReference) Transport() types.ImageTransport {
+ return Transport
+}
+
+func (r *tarballReference) StringWithinTransport() string {
+ return strings.Join(r.filenames, ":")
+}
+
+func (r *tarballReference) DockerReference() reference.Named {
+ return nil
+}
+
+func (r *tarballReference) PolicyConfigurationIdentity() string {
+ return ""
+}
+
+func (r *tarballReference) PolicyConfigurationNamespaces() []string {
+ return nil
+}
+
+// NewImage returns a types.ImageCloser for this reference, possibly specialized for this ImageTransport.
+// The caller must call .Close() on the returned ImageCloser.
+// NOTE: If any kind of signature verification should happen, build an UnparsedImage from the value returned by NewImageSource,
+// verify that UnparsedImage, and convert it into a real Image via image.FromUnparsedImage.
+// WARNING: This may not do the right thing for a manifest list, see image.FromSource for details.
+func (r *tarballReference) NewImage(ctx context.Context, sys *types.SystemContext) (types.ImageCloser, error) {
+ return image.FromReference(ctx, sys, r)
+}
+
+func (r *tarballReference) DeleteImage(ctx context.Context, sys *types.SystemContext) error {
+ for _, filename := range r.filenames {
+ if err := os.Remove(filename); err != nil && !os.IsNotExist(err) {
+ return fmt.Errorf("error removing %q: %w", filename, err)
+ }
+ }
+ return nil
+}
+
+func (r *tarballReference) NewImageDestination(ctx context.Context, sys *types.SystemContext) (types.ImageDestination, error) {
+ return nil, fmt.Errorf(`"tarball:" locations can only be read from, not written to`)
+}
diff --git a/vendor/github.com/containers/image/v5/tarball/tarball_src.go b/vendor/github.com/containers/image/v5/tarball/tarball_src.go
new file mode 100644
index 000000000..6f9bfaf75
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/tarball/tarball_src.go
@@ -0,0 +1,234 @@
+package tarball
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+ "os"
+ "runtime"
+ "strings"
+ "time"
+
+ "github.com/containers/image/v5/internal/imagesource/impl"
+ "github.com/containers/image/v5/internal/imagesource/stubs"
+ "github.com/containers/image/v5/types"
+ "github.com/klauspost/pgzip"
+ digest "github.com/opencontainers/go-digest"
+ imgspecs "github.com/opencontainers/image-spec/specs-go"
+ imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
+ "golang.org/x/exp/maps"
+)
+
+type tarballImageSource struct {
+ impl.Compat
+ impl.PropertyMethodsInitialize
+ impl.NoSignatures
+ impl.DoesNotAffectLayerInfosForCopy
+ stubs.NoGetBlobAtInitialize
+
+ reference tarballReference
+ blobs map[digest.Digest]tarballBlob
+ manifest []byte
+}
+
+// tarballBlob is a blob that tarballImagSource can return by GetBlob.
+type tarballBlob struct {
+ contents []byte // or nil to read from filename below
+ filename string // valid if contents == nil
+ size int64
+}
+
+func (r *tarballReference) NewImageSource(ctx context.Context, sys *types.SystemContext) (types.ImageSource, error) {
+ // Pick up the layer comment from the configuration's history list, if one is set.
+ comment := "imported from tarball"
+ if len(r.config.History) > 0 && r.config.History[0].Comment != "" {
+ comment = r.config.History[0].Comment
+ }
+
+ // Gather up the digests, sizes, and history information for all of the files.
+ blobs := map[digest.Digest]tarballBlob{}
+ diffIDs := []digest.Digest{}
+ created := time.Time{}
+ history := []imgspecv1.History{}
+ layerDescriptors := []imgspecv1.Descriptor{}
+ for _, filename := range r.filenames {
+ var reader io.Reader
+ var blobTime time.Time
+ var blob tarballBlob
+ if filename == "-" {
+ reader = bytes.NewReader(r.stdin)
+ blobTime = time.Now()
+ blob = tarballBlob{
+ contents: r.stdin,
+ size: int64(len(r.stdin)),
+ }
+ } else {
+ file, err := os.Open(filename)
+ if err != nil {
+ return nil, err
+ }
+ defer file.Close()
+ reader = file
+ fileinfo, err := file.Stat()
+ if err != nil {
+ return nil, fmt.Errorf("error reading size of %q: %w", filename, err)
+ }
+ blobTime = fileinfo.ModTime()
+ blob = tarballBlob{
+ filename: filename,
+ size: fileinfo.Size(),
+ }
+ }
+
+ // Default to assuming the layer is compressed.
+ layerType := imgspecv1.MediaTypeImageLayerGzip
+
+ // Set up to digest the file as it is.
+ blobIDdigester := digest.Canonical.Digester()
+ reader = io.TeeReader(reader, blobIDdigester.Hash())
+
+ // Set up to digest the file after we maybe decompress it.
+ diffIDdigester := digest.Canonical.Digester()
+ uncompressed, err := pgzip.NewReader(reader)
+ if err == nil {
+ // It is compressed, so the diffID is the digest of the uncompressed version
+ reader = io.TeeReader(uncompressed, diffIDdigester.Hash())
+ } else {
+ // It is not compressed, so the diffID and the blobID are going to be the same
+ diffIDdigester = blobIDdigester
+ layerType = imgspecv1.MediaTypeImageLayer
+ uncompressed = nil
+ }
+ // TODO: This can take quite some time, and should ideally be cancellable using ctx.Done().
+ if _, err := io.Copy(io.Discard, reader); err != nil {
+ return nil, fmt.Errorf("error reading %q: %v", filename, err)
+ }
+ if uncompressed != nil {
+ uncompressed.Close()
+ }
+
+ // Grab our uncompressed and possibly-compressed digests and sizes.
+ diffID := diffIDdigester.Digest()
+ blobID := blobIDdigester.Digest()
+ diffIDs = append(diffIDs, diffID)
+ blobs[blobID] = blob
+
+ history = append(history, imgspecv1.History{
+ Created: &blobTime,
+ CreatedBy: fmt.Sprintf("/bin/sh -c #(nop) ADD file:%s in %c", diffID.Hex(), os.PathSeparator),
+ Comment: comment,
+ })
+ // Use the mtime of the most recently modified file as the image's creation time.
+ if created.Before(blobTime) {
+ created = blobTime
+ }
+
+ layerDescriptors = append(layerDescriptors, imgspecv1.Descriptor{
+ Digest: blobID,
+ Size: blob.size,
+ MediaType: layerType,
+ })
+ }
+
+ // Pick up other defaults from the config in the reference.
+ config := r.config
+ if config.Created == nil {
+ config.Created = &created
+ }
+ if config.Architecture == "" {
+ config.Architecture = runtime.GOARCH
+ }
+ if config.OS == "" {
+ config.OS = runtime.GOOS
+ }
+ config.RootFS = imgspecv1.RootFS{
+ Type: "layers",
+ DiffIDs: diffIDs,
+ }
+ config.History = history
+
+ // Encode and digest the image configuration blob.
+ configBytes, err := json.Marshal(&config)
+ if err != nil {
+ return nil, fmt.Errorf("error generating configuration blob for %q: %v", strings.Join(r.filenames, separator), err)
+ }
+ configID := digest.Canonical.FromBytes(configBytes)
+ blobs[configID] = tarballBlob{
+ contents: configBytes,
+ size: int64(len(configBytes)),
+ }
+
+ // Populate a manifest with the configuration blob and the layers.
+ manifest := imgspecv1.Manifest{
+ Versioned: imgspecs.Versioned{
+ SchemaVersion: 2,
+ },
+ Config: imgspecv1.Descriptor{
+ Digest: configID,
+ Size: int64(len(configBytes)),
+ MediaType: imgspecv1.MediaTypeImageConfig,
+ },
+ Layers: layerDescriptors,
+ Annotations: maps.Clone(r.annotations),
+ }
+
+ // Encode the manifest.
+ manifestBytes, err := json.Marshal(&manifest)
+ if err != nil {
+ return nil, fmt.Errorf("error generating manifest for %q: %v", strings.Join(r.filenames, separator), err)
+ }
+
+ // Return the image.
+ src := &tarballImageSource{
+ PropertyMethodsInitialize: impl.PropertyMethods(impl.Properties{
+ HasThreadSafeGetBlob: false,
+ }),
+ NoGetBlobAtInitialize: stubs.NoGetBlobAt(r),
+
+ reference: *r,
+ blobs: blobs,
+ manifest: manifestBytes,
+ }
+ src.Compat = impl.AddCompat(src)
+
+ return src, nil
+}
+
+func (is *tarballImageSource) Close() error {
+ return nil
+}
+
+// GetBlob returns a stream for the specified blob, and the blob’s size (or -1 if unknown).
+// The Digest field in BlobInfo is guaranteed to be provided, Size may be -1 and MediaType may be optionally provided.
+// May update BlobInfoCache, preferably after it knows for certain that a blob truly exists at a specific location.
+func (is *tarballImageSource) GetBlob(ctx context.Context, blobinfo types.BlobInfo, cache types.BlobInfoCache) (io.ReadCloser, int64, error) {
+ blob, ok := is.blobs[blobinfo.Digest]
+ if !ok {
+ return nil, -1, fmt.Errorf("no blob with digest %q found", blobinfo.Digest.String())
+ }
+ if blob.contents != nil {
+ return io.NopCloser(bytes.NewReader(blob.contents)), int64(len(blob.contents)), nil
+ }
+ reader, err := os.Open(blob.filename)
+ if err != nil {
+ return nil, -1, err
+ }
+ return reader, blob.size, nil
+}
+
+// GetManifest returns the image's manifest along with its MIME type (which may be empty when it can't be determined but the manifest is available).
+// It may use a remote (= slow) service.
+// If instanceDigest is not nil, it contains a digest of the specific manifest instance to retrieve (when the primary manifest is a manifest list);
+// this never happens if the primary manifest is not a manifest list (e.g. if the source never returns manifest lists).
+func (is *tarballImageSource) GetManifest(ctx context.Context, instanceDigest *digest.Digest) ([]byte, string, error) {
+ if instanceDigest != nil {
+ return nil, "", fmt.Errorf("manifest lists are not supported by the %q transport", transportName)
+ }
+ return is.manifest, imgspecv1.MediaTypeImageManifest, nil
+}
+
+func (is *tarballImageSource) Reference() types.ImageReference {
+ return &is.reference
+}
diff --git a/vendor/github.com/containers/image/v5/tarball/tarball_transport.go b/vendor/github.com/containers/image/v5/tarball/tarball_transport.go
new file mode 100644
index 000000000..63d835530
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/tarball/tarball_transport.go
@@ -0,0 +1,75 @@
+package tarball
+
+import (
+ "errors"
+ "fmt"
+ "io"
+ "os"
+ "strings"
+
+ "github.com/containers/image/v5/transports"
+ "github.com/containers/image/v5/types"
+)
+
+const (
+ transportName = "tarball"
+ separator = ":"
+)
+
+var (
+ // Transport implements the types.ImageTransport interface for "tarball:" images,
+ // which are makeshift images constructed using one or more possibly-compressed tar
+ // archives.
+ Transport = &tarballTransport{}
+)
+
+type tarballTransport struct {
+}
+
+func (t *tarballTransport) Name() string {
+ return transportName
+}
+
+func (t *tarballTransport) ParseReference(reference string) (types.ImageReference, error) {
+ var stdin []byte
+ var err error
+ filenames := strings.Split(reference, separator)
+ for _, filename := range filenames {
+ if filename == "-" {
+ stdin, err = io.ReadAll(os.Stdin)
+ if err != nil {
+ return nil, fmt.Errorf("error buffering stdin: %v", err)
+ }
+ continue
+ }
+ f, err := os.Open(filename)
+ if err != nil {
+ return nil, fmt.Errorf("error opening %q: %v", filename, err)
+ }
+ f.Close()
+ }
+ return NewReference(filenames, stdin)
+}
+
+// NewReference creates a new "tarball:" reference for the listed fileNames.
+// If any of the fileNames is "-", the contents of stdin are used instead.
+func NewReference(fileNames []string, stdin []byte) (types.ImageReference, error) {
+ for _, path := range fileNames {
+ if strings.Contains(path, separator) {
+ return nil, fmt.Errorf("Invalid path %q: paths including the separator %q are not supported", path, separator)
+ }
+ }
+ return &tarballReference{
+ filenames: fileNames,
+ stdin: stdin,
+ }, nil
+}
+
+func (t *tarballTransport) ValidatePolicyConfigurationScope(scope string) error {
+ // See the explanation in daemonReference.PolicyConfigurationIdentity.
+ return errors.New(`tarball: does not support any scopes except the default "" one`)
+}
+
+func init() {
+ transports.Register(Transport)
+}
diff --git a/vendor/github.com/containers/image/v5/transports/alltransports/alltransports.go b/vendor/github.com/containers/image/v5/transports/alltransports/alltransports.go
new file mode 100644
index 000000000..a8f1c13ad
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/transports/alltransports/alltransports.go
@@ -0,0 +1,49 @@
+package alltransports
+
+import (
+ "fmt"
+ "strings"
+
+ "github.com/containers/image/v5/transports"
+ "github.com/containers/image/v5/types"
+
+ // Register all known transports.
+ // NOTE: Make sure docs/containers-transports.5.md and docs/containers-policy.json.5.md are updated when adding or updating
+ // a transport.
+ _ "github.com/containers/image/v5/directory"
+ _ "github.com/containers/image/v5/docker"
+ _ "github.com/containers/image/v5/docker/archive"
+ _ "github.com/containers/image/v5/oci/archive"
+ _ "github.com/containers/image/v5/oci/layout"
+ _ "github.com/containers/image/v5/openshift"
+ _ "github.com/containers/image/v5/sif"
+ _ "github.com/containers/image/v5/tarball"
+ // The docker-daemon transport is registeredy by docker_daemon*.go
+ // The ostree transport is registered by ostree*.go
+ // The storage transport is registered by storage*.go
+)
+
+// ParseImageName converts a URL-like image name to a types.ImageReference.
+func ParseImageName(imgName string) (types.ImageReference, error) {
+ // Keep this in sync with TransportFromImageName!
+ transportName, withinTransport, valid := strings.Cut(imgName, ":")
+ if !valid {
+ return nil, fmt.Errorf(`Invalid image name "%s", expected colon-separated transport:reference`, imgName)
+ }
+ transport := transports.Get(transportName)
+ if transport == nil {
+ return nil, fmt.Errorf(`Invalid image name "%s", unknown transport "%s"`, imgName, transportName)
+ }
+ return transport.ParseReference(withinTransport)
+}
+
+// TransportFromImageName converts an URL-like name to a types.ImageTransport or nil when
+// the transport is unknown or when the input is invalid.
+func TransportFromImageName(imageName string) types.ImageTransport {
+ // Keep this in sync with ParseImageName!
+ transportName, _, valid := strings.Cut(imageName, ":")
+ if valid {
+ return transports.Get(transportName)
+ }
+ return nil
+}
diff --git a/vendor/github.com/containers/image/v5/transports/alltransports/docker_daemon.go b/vendor/github.com/containers/image/v5/transports/alltransports/docker_daemon.go
new file mode 100644
index 000000000..ffac6e0b8
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/transports/alltransports/docker_daemon.go
@@ -0,0 +1,9 @@
+//go:build !containers_image_docker_daemon_stub
+// +build !containers_image_docker_daemon_stub
+
+package alltransports
+
+import (
+ // Register the docker-daemon transport
+ _ "github.com/containers/image/v5/docker/daemon"
+)
diff --git a/vendor/github.com/containers/image/v5/transports/alltransports/docker_daemon_stub.go b/vendor/github.com/containers/image/v5/transports/alltransports/docker_daemon_stub.go
new file mode 100644
index 000000000..ddc347bf3
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/transports/alltransports/docker_daemon_stub.go
@@ -0,0 +1,10 @@
+//go:build containers_image_docker_daemon_stub
+// +build containers_image_docker_daemon_stub
+
+package alltransports
+
+import "github.com/containers/image/v5/transports"
+
+func init() {
+ transports.Register(transports.NewStubTransport("docker-daemon"))
+}
diff --git a/vendor/github.com/containers/image/v5/transports/alltransports/ostree.go b/vendor/github.com/containers/image/v5/transports/alltransports/ostree.go
new file mode 100644
index 000000000..2340702bd
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/transports/alltransports/ostree.go
@@ -0,0 +1,9 @@
+//go:build containers_image_ostree && linux
+// +build containers_image_ostree,linux
+
+package alltransports
+
+import (
+ // Register the ostree transport
+ _ "github.com/containers/image/v5/ostree"
+)
diff --git a/vendor/github.com/containers/image/v5/transports/alltransports/ostree_stub.go b/vendor/github.com/containers/image/v5/transports/alltransports/ostree_stub.go
new file mode 100644
index 000000000..8c4175188
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/transports/alltransports/ostree_stub.go
@@ -0,0 +1,10 @@
+//go:build !containers_image_ostree || !linux
+// +build !containers_image_ostree !linux
+
+package alltransports
+
+import "github.com/containers/image/v5/transports"
+
+func init() {
+ transports.Register(transports.NewStubTransport("ostree"))
+}
diff --git a/vendor/github.com/containers/image/v5/transports/alltransports/storage.go b/vendor/github.com/containers/image/v5/transports/alltransports/storage.go
new file mode 100644
index 000000000..1e399cdb0
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/transports/alltransports/storage.go
@@ -0,0 +1,9 @@
+//go:build !containers_image_storage_stub
+// +build !containers_image_storage_stub
+
+package alltransports
+
+import (
+ // Register the storage transport
+ _ "github.com/containers/image/v5/storage"
+)
diff --git a/vendor/github.com/containers/image/v5/transports/alltransports/storage_stub.go b/vendor/github.com/containers/image/v5/transports/alltransports/storage_stub.go
new file mode 100644
index 000000000..30802661f
--- /dev/null
+++ b/vendor/github.com/containers/image/v5/transports/alltransports/storage_stub.go
@@ -0,0 +1,10 @@
+//go:build containers_image_storage_stub
+// +build containers_image_storage_stub
+
+package alltransports
+
+import "github.com/containers/image/v5/transports"
+
+func init() {
+ transports.Register(transports.NewStubTransport("containers-storage"))
+}
diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go
index 990f0a96d..f5ee5a7fe 100644
--- a/vendor/github.com/containers/image/v5/version/version.go
+++ b/vendor/github.com/containers/image/v5/version/version.go
@@ -8,7 +8,7 @@ const (
// VersionMinor is for functionality in a backwards-compatible manner
VersionMinor = 29
// VersionPatch is for backwards-compatible bug fixes
- VersionPatch = 0
+ VersionPatch = 1
// VersionDev indicates development branch. Releases will be empty string.
VersionDev = ""
diff --git a/vendor/github.com/containers/storage/.cirrus.yml b/vendor/github.com/containers/storage/.cirrus.yml
new file mode 100644
index 000000000..c41dd5da2
--- /dev/null
+++ b/vendor/github.com/containers/storage/.cirrus.yml
@@ -0,0 +1,186 @@
+---
+
+# Main collection of env. vars to set for all tasks and scripts.
+env:
+ ####
+ #### Global variables used for all tasks
+ ####
+ # Overrides default location (/tmp/cirrus) for repo clone
+ CIRRUS_WORKING_DIR: "/var/tmp/go/src/github.com/containers/storage"
+ # Shell used to execute all script commands
+ CIRRUS_SHELL: "/bin/bash"
+ # Automation script path relative to $CIRRUS_WORKING_DIR)
+ SCRIPT_BASE: "./contrib/cirrus"
+ # No need to go crazy, but grab enough to cover most PRs
+ CIRRUS_CLONE_DEPTH: 50
+
+ ####
+ #### Cache-image names to test with (double-quotes around names are critical)
+ ###
+ FEDORA_NAME: "fedora-39ß"
+ DEBIAN_NAME: "debian-13"
+
+ # GCE project where images live
+ IMAGE_PROJECT: "libpod-218412"
+ # VM Image built in containers/automation_images
+ IMAGE_SUFFIX: "c20231004t194547z-f39f38d13"
+ FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
+ DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}"
+
+ ####
+ #### Command variables to help avoid duplication
+ ####
+ # Command to prefix every output line with a timestamp
+ # (can't do inline awk script, Cirrus-CI or YAML mangles quoting)
+ _TIMESTAMP: 'awk --file ${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/timestamp.awk'
+ _DFCMD: 'df -lhTx tmpfs'
+ _RAUDITCMD: 'cat /var/log/audit/audit.log'
+ _UAUDITCMD: 'cat /var/log/kern.log'
+ _JOURNALCMD: 'journalctl -b'
+
+gcp_credentials: ENCRYPTED[c87717f04fb15499d19a3b3fa0ad2cdedecc047e82967785d101e9bc418e93219f755e662feac8390088a2df1a4d8464]
+
+# Default timeout for each task
+timeout_in: 120m
+
+# Default VM to use unless set or modified by task
+gce_instance:
+ image_project: "${IMAGE_PROJECT}"
+ zone: "us-central1-b" # Required by Cirrus for the time being
+ cpu: 2
+ memory: "4Gb"
+ disk: 200
+ image_name: "${FEDORA_CACHE_IMAGE_NAME}"
+
+
+linux_testing: &linux_testing
+ depends_on:
+ - lint
+ gce_instance: # Only need to specify differences from defaults (above)
+ image_name: "${VM_IMAGE}"
+
+ # Separate scripts for separate outputs, makes debugging easier.
+ setup_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}'
+ build_and_test_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/build_and_test.sh |& ${_TIMESTAMP}'
+
+ always:
+ df_script: '${_DFCMD} || true'
+ rh_audit_log_script: '${_RAUDITCMD} || true'
+ debian_audit_log_script: '${_UAUDITCMD} || true'
+ journal_log_script: '${_JOURNALCMD} || true'
+
+
+fedora_testing_task: &fedora_testing
+ <<: *linux_testing
+ alias: fedora_testing
+ name: &std_test_name "${OS_NAME} ${TEST_DRIVER}"
+ env:
+ OS_NAME: "${FEDORA_NAME}"
+ VM_IMAGE: "${FEDORA_CACHE_IMAGE_NAME}"
+ # Not all $TEST_DRIVER combinations valid for all $VM_IMAGE types.
+ matrix: &test_matrix
+ - env:
+ TEST_DRIVER: "vfs"
+ - env:
+ TEST_DRIVER: "overlay"
+ - env:
+ TEST_DRIVER: "overlay-transient"
+ - env:
+ TEST_DRIVER: "fuse-overlay"
+ - env:
+ TEST_DRIVER: "fuse-overlay-whiteout"
+ - env:
+ TEST_DRIVER: "btrfs"
+
+
+# aufs was dropped between 20.04 and 22.04, can't test it
+debian_testing_task: &debian_testing
+ <<: *linux_testing
+ alias: debian_testing
+ name: *std_test_name
+ env:
+ OS_NAME: "${DEBIAN_NAME}"
+ VM_IMAGE: "${DEBIAN_CACHE_IMAGE_NAME}"
+ # Not all $TEST_DRIVER combinations valid for all $VM_IMAGE types.
+ matrix:
+ - env:
+ TEST_DRIVER: "vfs"
+ - env:
+ TEST_DRIVER: "overlay"
+ - env:
+ TEST_DRIVER: "fuse-overlay"
+ - env:
+ TEST_DRIVER: "fuse-overlay-whiteout"
+ - env:
+ TEST_DRIVER: "btrfs"
+
+
+lint_task:
+ env:
+ CIRRUS_WORKING_DIR: "/go/src/github.com/containers/storage"
+ container:
+ image: golang
+ modules_cache:
+ fingerprint_script: cat go.sum
+ folder: $GOPATH/pkg/mod
+ build_script: |
+ apt-get update
+ apt-get install -y libbtrfs-dev libdevmapper-dev
+ test_script: |
+ make TAGS=regex_precompile local-validate
+ make lint
+ make clean
+
+
+# Update metadata on VM images referenced by this repository state
+meta_task:
+
+ container:
+ image: "quay.io/libpod/imgts:latest"
+ cpu: 1
+ memory: 1
+
+ env:
+ # Space-separated list of images used by this repository state
+ IMGNAMES: |-
+ ${FEDORA_CACHE_IMAGE_NAME}
+ ${DEBIAN_CACHE_IMAGE_NAME}
+ BUILDID: "${CIRRUS_BUILD_ID}"
+ REPOREF: "${CIRRUS_CHANGE_IN_REPO}"
+ GCPJSON: ENCRYPTED[244a93fe8b386b48b96f748342bf741350e43805eee81dd04b45093bdf737e540b993fc735df41f131835fa0f9b65826]
+ GCPNAME: ENCRYPTED[91cf7aa421858b26b67835978d224b4a5c46afcf52a0f1ec1b69a99b248715dc8e92a1b56fde18e092acf256fa80ae9c]
+ GCPPROJECT: ENCRYPTED[79b0f7eb5958e25bc7095d5d368fa8d94447a43ffacb9c693de438186e2f767b7efe9563d6954297ae4730220e10aa9c]
+ CIRRUS_CLONE_DEPTH: 1 # source not used
+
+ script: '/usr/local/bin/entrypoint.sh |& ${_TIMESTAMP}'
+
+
+vendor_task:
+ container:
+ image: golang
+ modules_cache:
+ fingerprint_script: cat go.sum
+ folder: $GOPATH/pkg/mod
+ build_script: make vendor
+ test_script: hack/tree_status.sh
+
+
+cross_task:
+ container:
+ image: golang:1.19
+ build_script: make cross
+
+
+# Represent overall pass/fail status from required dependent tasks
+success_task:
+ depends_on:
+ - lint
+ - fedora_testing
+ - debian_testing
+ - meta
+ - vendor
+ - cross
+ container:
+ image: golang:1.19
+ clone_script: 'mkdir -p "$CIRRUS_WORKING_DIR"' # Source code not needed
+ script: /bin/true
diff --git a/vendor/github.com/containers/storage/.dockerignore b/vendor/github.com/containers/storage/.dockerignore
new file mode 100644
index 000000000..9bd2c0219
--- /dev/null
+++ b/vendor/github.com/containers/storage/.dockerignore
@@ -0,0 +1,3 @@
+bundles
+.gopath
+vendor/pkg
diff --git a/vendor/github.com/containers/storage/.gitignore b/vendor/github.com/containers/storage/.gitignore
new file mode 100644
index 000000000..99b40fbde
--- /dev/null
+++ b/vendor/github.com/containers/storage/.gitignore
@@ -0,0 +1,32 @@
+# containers/storage project generated files to ignore
+# if you want to ignore files created by your editor/tools,
+# please consider a global .gitignore https://help.github.com/articles/ignoring-files
+*.1
+*.5
+*.exe
+*~
+*.orig
+*.test
+.*.swp
+.DS_Store
+.idea*
+# a .bashrc may be added to customize the build environment
+.bashrc
+.gopath/
+docs/AWS_S3_BUCKET
+docs/GITCOMMIT
+docs/GIT_BRANCH
+docs/VERSION
+docs/_build
+docs/_static
+docs/_templates
+docs/changed-files
+# generated by man/md2man-all.sh
+man/man1
+man/man5
+man/man8
+tests/tools/build
+vendor/pkg/
+.vagrant
+/containers-storage
+/containers-storage.*
diff --git a/vendor/github.com/containers/storage/.golangci.yml b/vendor/github.com/containers/storage/.golangci.yml
new file mode 100644
index 000000000..20968466c
--- /dev/null
+++ b/vendor/github.com/containers/storage/.golangci.yml
@@ -0,0 +1,11 @@
+---
+run:
+ concurrency: 6
+ deadline: 5m
+ skip-dirs-use-default: true
+linters:
+ enable:
+ - gofumpt
+ disable:
+ - errcheck
+ - staticcheck
diff --git a/vendor/github.com/containers/storage/.mailmap b/vendor/github.com/containers/storage/.mailmap
new file mode 100644
index 000000000..0527b6d84
--- /dev/null
+++ b/vendor/github.com/containers/storage/.mailmap
@@ -0,0 +1,254 @@
+# Generate AUTHORS: hack/generate-authors.sh
+
+# Tip for finding duplicates (besides scanning the output of AUTHORS for name
+# duplicates that aren't also email duplicates): scan the output of:
+# git log --format='%aE - %aN' | sort -uf
+#
+# For explanation on this file format: man git-shortlog
+
+Patrick Stapleton
+Shishir Mahajan
+Erwin van der Koogh
+Ahmed Kamal
+Tejesh Mehta
+Cristian Staretu
+Cristian Staretu
+Cristian Staretu
+Marcus Linke
+Aleksandrs Fadins
+Christopher Latham
+Hu Keping
+Wayne Chang
+Chen Chao
+Daehyeok Mun
+
+
+
+
+
+
+Guillaume J. Charmes
+
+
+
+
+
+Thatcher Peskens
+Thatcher Peskens
+Thatcher Peskens dhrp
+Jérôme Petazzoni jpetazzo
+Jérôme Petazzoni
+Joffrey F
+Joffrey F
+Joffrey F
+Tim Terhorst
+Andy Smith
+
+
+
+
+
+
+
+
+
+Walter Stanish
+
+Roberto Hashioka
+Konstantin Pelykh
+David Sissitka
+Nolan Darilek
+
+Benoit Chesneau
+Jordan Arentsen
+Daniel Garcia
+Miguel Angel Fernández
+Bhiraj Butala
+Faiz Khan
+Victor Lyuboslavsky
+Jean-Baptiste Barth
+Matthew Mueller
+
+Shih-Yuan Lee
+Daniel Mizyrycki root
+Jean-Baptiste Dalido
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Sven Dowideit
+Sven Dowideit
+Sven Dowideit
+Sven Dowideit <¨SvenDowideit@home.org.au¨>
+Sven Dowideit
+Sven Dowideit
+Sven Dowideit
+
+Alexander Morozov
+Alexander Morozov
+
+O.S. Tezer
+
+Roberto G. Hashioka
+
+
+
+
+
+Sridhar Ratnakumar
+Sridhar Ratnakumar
+Liang-Chi Hsieh
+Aleksa Sarai
+Aleksa Sarai
+Aleksa Sarai
+Will Weaver
+Timothy Hobbs
+Nathan LeClaire
+Nathan LeClaire
+
+
+
+
+Matthew Heon
+
+
+
+
+Francisco Carriedo
+
+
+
+
+Brian Goff
+
+
+
+Hollie Teal
+
+
+
+Jessica Frazelle
+Jessica Frazelle
+Jessica Frazelle
+Jessica Frazelle
+Jessica Frazelle
+