From 1f8db2467be53d88fbae6e2335a269b6b515a20d Mon Sep 17 00:00:00 2001 From: Daniel Canter Date: Fri, 12 Aug 2022 23:43:27 -0700 Subject: [PATCH] go.mod: Bump hcsshim to v0.10.0-rc.1 This contains quite a bit (also bumps google/uuid to 1.3.0). Some HostProcess container improvements to get ready for whenever it goes to stable in Kubernetes, Hyper-V (windows) container support for CRI, and a plethora of other small additions and fixes. Signed-off-by: Daniel Canter --- go.mod | 4 +- go.sum | 7 +- integration/client/go.mod | 4 +- integration/client/go.sum | 10 +- .../Microsoft/hcsshim/.gitattributes | 4 +- .../github.com/Microsoft/hcsshim/.gitignore | 11 +- .../Microsoft/hcsshim/.golangci.yml | 11 + vendor/github.com/Microsoft/hcsshim/Makefile | 72 +- .../Microsoft/hcsshim/Protobuild.toml | 11 +- vendor/github.com/Microsoft/hcsshim/README.md | 20 +- .../github.com/Microsoft/hcsshim/SECURITY.md | 41 + .../options/runhcs.pb.go | 780 +++++++++++------ .../options/runhcs.proto | 10 + .../stats/stats.pb.go | 793 +++++++++--------- .../hcsshim/computestorage/attach.go | 6 +- .../hcsshim/computestorage/destroy.go | 6 +- .../hcsshim/computestorage/detach.go | 6 +- .../hcsshim/computestorage/export.go | 12 +- .../hcsshim/computestorage/format.go | 12 +- .../hcsshim/computestorage/helpers.go | 14 +- .../hcsshim/computestorage/import.go | 6 +- .../hcsshim/computestorage/initialize.go | 6 +- .../Microsoft/hcsshim/computestorage/mount.go | 7 +- .../Microsoft/hcsshim/computestorage/setup.go | 14 +- .../hcsshim/computestorage/storage.go | 7 +- .../github.com/Microsoft/hcsshim/container.go | 4 +- vendor/github.com/Microsoft/hcsshim/errors.go | 5 + .../hcsshim/ext4/dmverity/dmverity.go | 96 ++- .../ext4/internal/compactext4/compact.go | 40 +- .../hcsshim/ext4/tar2ext4/tar2ext4.go | 134 +-- .../Microsoft/hcsshim/functional_tests.ps1 | 12 - .../github.com/Microsoft/hcsshim/hcn/doc.go | 3 + .../github.com/Microsoft/hcsshim/hcn/hcn.go | 8 +- .../Microsoft/hcsshim/hcn/hcnendpoint.go | 4 +- .../Microsoft/hcsshim/hcn/hcnerrors.go | 16 +- .../Microsoft/hcsshim/hcn/hcnglobals.go | 2 + .../Microsoft/hcsshim/hcn/hcnloadbalancer.go | 4 +- .../Microsoft/hcsshim/hcn/hcnnamespace.go | 12 +- .../Microsoft/hcsshim/hcn/hcnnetwork.go | 2 + .../Microsoft/hcsshim/hcn/hcnpolicy.go | 38 +- .../Microsoft/hcsshim/hcn/hcnroute.go | 2 + .../Microsoft/hcsshim/hcn/hcnsupport.go | 11 +- .../github.com/Microsoft/hcsshim/hcsshim.go | 2 + .../Microsoft/hcsshim/hnsendpoint.go | 2 + .../Microsoft/hcsshim/hnsglobals.go | 2 + .../Microsoft/hcsshim/hnsnetwork.go | 6 +- .../Microsoft/hcsshim/hnspolicylist.go | 2 + .../Microsoft/hcsshim/hnssupport.go | 2 + .../github.com/Microsoft/hcsshim/interface.go | 2 + .../Microsoft/hcsshim/internal/cni/doc.go | 1 + .../hcsshim/internal/cni/registry.go | 4 +- .../Microsoft/hcsshim/internal/cow/cow.go | 2 + .../hcsshim/internal/hcs/callback.go | 2 + .../Microsoft/hcsshim/internal/hcs/doc.go | 1 + .../Microsoft/hcsshim/internal/hcs/errors.go | 35 +- .../Microsoft/hcsshim/internal/hcs/process.go | 19 +- .../hcsshim/internal/hcs/schema1/schema1.go | 4 +- .../hcs/schema2/cpu_group_property.go | 8 + .../internal/hcs/schema2/guest_state.go | 3 + .../hcs/schema2/isolation_settings.go | 21 + .../hcs/schema2/modify_setting_request.go | 4 +- .../internal/hcs/schema2/security_settings.go | 16 + .../internal/hcs/schema2/system_time.go | 28 + .../hcs/schema2/time_zone_information.go | 26 + .../hcsshim/internal/hcs/schema2/uefi.go | 2 + .../internal/hcs/schema2/virtual_machine.go | 2 + .../Microsoft/hcsshim/internal/hcs/service.go | 2 + .../Microsoft/hcsshim/internal/hcs/system.go | 27 +- .../Microsoft/hcsshim/internal/hcs/utils.go | 2 + .../hcsshim/internal/hcs/waithelper.go | 2 + .../hcsshim/internal/hcserror/doc.go | 1 + .../hcsshim/internal/hcserror/hcserror.go | 2 + .../Microsoft/hcsshim/internal/hns/doc.go | 1 + .../hcsshim/internal/hns/hnsendpoint.go | 4 +- .../hcsshim/internal/hns/hnsfuncs.go | 2 + .../hcsshim/internal/hns/hnsglobals.go | 2 + .../hcsshim/internal/hns/hnsnetwork.go | 9 +- .../hcsshim/internal/hns/hnspolicy.go | 18 +- .../hcsshim/internal/hns/hnspolicylist.go | 2 + .../hcsshim/internal/hns/hnssupport.go | 2 + .../hcsshim/internal/hns/namespace.go | 2 + .../Microsoft/hcsshim/internal/interop/doc.go | 1 + .../hcsshim/internal/interop/interop.go | 2 + .../hcsshim/internal/jobobject/doc.go | 8 + .../hcsshim/internal/jobobject/iocp.go | 2 + .../hcsshim/internal/jobobject/jobobject.go | 155 +++- .../hcsshim/internal/jobobject/limits.go | 2 + .../Microsoft/hcsshim/internal/log/context.go | 116 +++ .../Microsoft/hcsshim/internal/log/g.go | 23 - .../Microsoft/hcsshim/internal/log/hook.go | 45 + .../Microsoft/hcsshim/internal/log/scrub.go | 194 +++++ .../hcsshim/internal/logfields/fields.go | 35 +- .../Microsoft/hcsshim/internal/memory/pool.go | 316 +++++++ .../hcsshim/internal/memory/types.go | 28 + .../Microsoft/hcsshim/internal/oc/span.go | 31 + .../internal/protocol/guestrequest/types.go | 56 ++ .../hcsshim/internal/regstate/doc.go | 1 + .../hcsshim/internal/regstate/regstate.go | 2 + .../hcsshim/internal/runhcs/container.go | 2 + .../Microsoft/hcsshim/internal/runhcs/vm.go | 2 + .../Microsoft/hcsshim/internal/safefile/do.go | 1 + .../hcsshim/internal/safefile/safeopen.go | 31 +- .../internal/security/grantvmgroupaccess.go | 192 +++++ .../internal/security/syscall_windows.go | 7 + .../internal/security/zsyscall_windows.go | 70 ++ .../hcsshim/internal/vmcompute/doc.go | 1 + .../hcsshim/internal/vmcompute/vmcompute.go | 64 +- .../hcsshim/internal/wclayer/activatelayer.go | 4 +- .../hcsshim/internal/wclayer/baselayer.go | 3 +- .../hcsshim/internal/wclayer/createlayer.go | 4 +- .../internal/wclayer/createscratchlayer.go | 4 +- .../internal/wclayer/deactivatelayer.go | 4 +- .../hcsshim/internal/wclayer/destroylayer.go | 4 +- .../Microsoft/hcsshim/internal/wclayer/doc.go | 4 + .../internal/wclayer/expandscratchsize.go | 4 +- .../hcsshim/internal/wclayer/exportlayer.go | 11 +- .../internal/wclayer/getlayermountpath.go | 4 +- .../internal/wclayer/getsharedbaseimages.go | 4 +- .../hcsshim/internal/wclayer/grantvmaccess.go | 4 +- .../hcsshim/internal/wclayer/importlayer.go | 6 +- .../hcsshim/internal/wclayer/layerexists.go | 4 +- .../hcsshim/internal/wclayer/layerid.go | 4 +- .../hcsshim/internal/wclayer/layerutils.go | 2 + .../hcsshim/internal/wclayer/legacy.go | 7 +- .../hcsshim/internal/wclayer/nametoguid.go | 4 +- .../hcsshim/internal/wclayer/preparelayer.go | 4 +- .../hcsshim/internal/wclayer/processimage.go | 6 +- .../internal/wclayer/unpreparelayer.go | 4 +- .../hcsshim/internal/wclayer/wclayer.go | 5 +- .../hcsshim/internal/winapi/bindflt.go | 19 + .../hcsshim/internal/winapi/console.go | 2 + .../hcsshim/internal/winapi/devices.go | 2 + .../Microsoft/hcsshim/internal/winapi/doc.go | 3 + .../hcsshim/internal/winapi/elevation.go | 11 + .../hcsshim/internal/winapi/errors.go | 2 + .../hcsshim/internal/winapi/filesystem.go | 2 + .../hcsshim/internal/winapi/jobobject.go | 44 +- .../Microsoft/hcsshim/internal/winapi/path.go | 1 + .../hcsshim/internal/winapi/system.go | 2 + .../hcsshim/internal/winapi/thread.go | 1 + .../Microsoft/hcsshim/internal/winapi/user.go | 194 +++++ .../hcsshim/internal/winapi/utils.go | 2 + .../hcsshim/internal/winapi/winapi.go | 4 +- .../internal/winapi/zsyscall_windows.go | 73 +- vendor/github.com/Microsoft/hcsshim/layer.go | 2 + .../hcsshim/osversion/osversion_windows.go | 2 + .../Microsoft/hcsshim/pkg/go-runhcs/doc.go | 1 + .../Microsoft/hcsshim/pkg/go-runhcs/runhcs.go | 8 +- .../pkg/go-runhcs/runhcs_create-scratch.go | 2 + .../hcsshim/pkg/go-runhcs/runhcs_create.go | 4 +- .../hcsshim/pkg/go-runhcs/runhcs_delete.go | 2 + .../hcsshim/pkg/go-runhcs/runhcs_exec.go | 4 +- .../hcsshim/pkg/go-runhcs/runhcs_kill.go | 2 + .../hcsshim/pkg/go-runhcs/runhcs_list.go | 2 + .../hcsshim/pkg/go-runhcs/runhcs_pause.go | 2 + .../hcsshim/pkg/go-runhcs/runhcs_ps.go | 2 + .../pkg/go-runhcs/runhcs_resize-tty.go | 2 + .../hcsshim/pkg/go-runhcs/runhcs_resume.go | 2 + .../hcsshim/pkg/go-runhcs/runhcs_start.go | 2 + .../hcsshim/pkg/go-runhcs/runhcs_state.go | 2 + .../Microsoft/hcsshim/pkg/ociwclayer/doc.go | 3 + .../hcsshim/pkg/ociwclayer/export.go | 20 +- .../hcsshim/pkg/ociwclayer/import.go | 8 +- .../github.com/Microsoft/hcsshim/process.go | 2 + vendor/github.com/google/uuid/null.go | 118 +++ vendor/github.com/google/uuid/uuid.go | 45 +- vendor/github.com/google/uuid/version4.go | 27 +- vendor/modules.txt | 9 +- 168 files changed, 3532 insertions(+), 1131 deletions(-) create mode 100644 vendor/github.com/Microsoft/hcsshim/SECURITY.md delete mode 100644 vendor/github.com/Microsoft/hcsshim/functional_tests.ps1 create mode 100644 vendor/github.com/Microsoft/hcsshim/hcn/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/cni/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/hcs/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/isolation_settings.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/security_settings.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/system_time.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/time_zone_information.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/hcserror/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/hns/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/interop/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/jobobject/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/log/context.go delete mode 100644 vendor/github.com/Microsoft/hcsshim/internal/log/g.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/log/hook.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/log/scrub.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/memory/pool.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/memory/types.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/protocol/guestrequest/types.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/regstate/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/safefile/do.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/security/grantvmgroupaccess.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/security/syscall_windows.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/security/zsyscall_windows.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/vmcompute/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/wclayer/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/bindflt.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/elevation.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/user.go create mode 100644 vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/doc.go create mode 100644 vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/doc.go create mode 100644 vendor/github.com/google/uuid/null.go diff --git a/go.mod b/go.mod index 457b754cb..88bf0e035 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.18 require ( github.com/AdaLogics/go-fuzz-headers v0.0.0-20220706123152-fef3fe1bab07 github.com/Microsoft/go-winio v0.5.2 - github.com/Microsoft/hcsshim v0.9.4 + github.com/Microsoft/hcsshim v0.10.0-rc.1 github.com/container-orchestrated-devices/container-device-interface v0.3.1 github.com/containerd/aufs v1.0.0 github.com/containerd/btrfs v1.0.0 @@ -30,7 +30,7 @@ require ( github.com/emicklei/go-restful/v3 v3.8.0 github.com/fsnotify/fsnotify v1.5.1 github.com/google/go-cmp v0.5.8 - github.com/google/uuid v1.2.0 + github.com/google/uuid v1.3.0 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/hashicorp/go-multierror v1.1.1 diff --git a/go.sum b/go.sum index 807114d42..c6e5b603a 100644 --- a/go.sum +++ b/go.sum @@ -84,8 +84,8 @@ github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwT github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg= github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= -github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I= -github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= +github.com/Microsoft/hcsshim v0.10.0-rc.1 h1:Lms8jwpaIdIUvoBNee8ZuvIi1XnNy9uvnxSC9L1q1x4= +github.com/Microsoft/hcsshim v0.10.0-rc.1/go.mod h1:7XX96hdvnwWGdXnksDNdhfFcUH1BtQY6bL2L3f9Abyk= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -532,8 +532,9 @@ github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm4 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= diff --git a/integration/client/go.mod b/integration/client/go.mod index dc949b451..6100425f9 100644 --- a/integration/client/go.mod +++ b/integration/client/go.mod @@ -3,7 +3,7 @@ module github.com/containerd/containerd/integration/client go 1.18 require ( - github.com/Microsoft/hcsshim v0.9.4 + github.com/Microsoft/hcsshim v0.10.0-rc.1 github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1 github.com/containerd/cgroups v1.0.4 github.com/containerd/containerd v1.6.2 // see replace; the actual version of containerd is replaced with the code at the root of this repository @@ -38,7 +38,7 @@ require ( github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/google/go-cmp v0.5.8 // indirect - github.com/google/uuid v1.2.0 // indirect + github.com/google/uuid v1.3.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/imdario/mergo v0.3.12 // indirect diff --git a/integration/client/go.sum b/integration/client/go.sum index 4efe2127c..9e4976919 100644 --- a/integration/client/go.sum +++ b/integration/client/go.sum @@ -60,8 +60,8 @@ github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= -github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I= -github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= +github.com/Microsoft/hcsshim v0.10.0-rc.1 h1:Lms8jwpaIdIUvoBNee8ZuvIi1XnNy9uvnxSC9L1q1x4= +github.com/Microsoft/hcsshim v0.10.0-rc.1/go.mod h1:7XX96hdvnwWGdXnksDNdhfFcUH1BtQY6bL2L3f9Abyk= github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1 h1:pVKfKyPkXna29XlGjxSr9J0A7vNucOUHZ/2ClcTWalw= github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1/go.mod h1:Cmvnhlie15Ha2UYrJs9EhgSx76Bq9RV2FgfEiT78GhI= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -134,6 +134,7 @@ github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss= github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU= +github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8= github.com/containerd/cgroups v1.0.4 h1:jN/mbWBEaz+T1pi5OFtnkQ+8qnmEbAr1Oo1FRm5B0dA= github.com/containerd/cgroups v1.0.4/go.mod h1:nLNQtsF7Sl2HxNebu77i1R0oDlhiTG+kO4JTrUzo6IA= github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= @@ -356,8 +357,8 @@ github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLe github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= -github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= @@ -940,6 +941,7 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220405210540-1e041c57c461/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= diff --git a/vendor/github.com/Microsoft/hcsshim/.gitattributes b/vendor/github.com/Microsoft/hcsshim/.gitattributes index 94f480de9..dd0d09faa 100644 --- a/vendor/github.com/Microsoft/hcsshim/.gitattributes +++ b/vendor/github.com/Microsoft/hcsshim/.gitattributes @@ -1 +1,3 @@ -* text=auto eol=lf \ No newline at end of file +* text=auto eol=lf +vendor/** -text +test/vendor/** -text \ No newline at end of file diff --git a/vendor/github.com/Microsoft/hcsshim/.gitignore b/vendor/github.com/Microsoft/hcsshim/.gitignore index 54ed6f06c..e81c4f97e 100644 --- a/vendor/github.com/Microsoft/hcsshim/.gitignore +++ b/vendor/github.com/Microsoft/hcsshim/.gitignore @@ -6,6 +6,7 @@ # Ignore vscode setting files .vscode/ +.idea/ # Test binary, build with `go test -c` *.test @@ -23,16 +24,22 @@ service/pkg/ *.img *.vhd *.tar.gz +*.tar # Make stuff .rootfs-done bin/* rootfs/* +rootfs-conv/* *.o /build/ deps/* out/* -.idea/ -.vscode/ \ No newline at end of file +# test results +test/results + +# go workspace files +go.work +go.work.sum diff --git a/vendor/github.com/Microsoft/hcsshim/.golangci.yml b/vendor/github.com/Microsoft/hcsshim/.golangci.yml index 2400e7f1e..a6ba73024 100644 --- a/vendor/github.com/Microsoft/hcsshim/.golangci.yml +++ b/vendor/github.com/Microsoft/hcsshim/.golangci.yml @@ -3,6 +3,7 @@ run: linters: enable: + - gofmt - stylecheck linters-settings: @@ -28,6 +29,16 @@ issues: - stylecheck Text: "ST1003:" + - path: cmd\\ncproxy\\nodenetsvc\\ + linters: + - stylecheck + Text: "ST1003:" + + - path: cmd\\ncproxy_mock\\ + linters: + - stylecheck + Text: "ST1003:" + - path: internal\\hcs\\schema2\\ linters: - stylecheck diff --git a/vendor/github.com/Microsoft/hcsshim/Makefile b/vendor/github.com/Microsoft/hcsshim/Makefile index a8f5516cd..ea0d88748 100644 --- a/vendor/github.com/Microsoft/hcsshim/Makefile +++ b/vendor/github.com/Microsoft/hcsshim/Makefile @@ -1,4 +1,5 @@ BASE:=base.tar.gz +DEV_BUILD:=0 GO:=go GO_FLAGS:=-ldflags "-s -w" # strip Go binaries @@ -15,13 +16,24 @@ endif GO_BUILD:=CGO_ENABLED=$(CGO_ENABLED) $(GO) build $(GO_FLAGS) $(GO_FLAGS_EXTRA) SRCROOT=$(dir $(abspath $(firstword $(MAKEFILE_LIST)))) +# additional directories to search for rule prerequisites and targets +VPATH=$(SRCROOT) + +DELTA_TARGET=out/delta.tar.gz + +ifeq "$(DEV_BUILD)" "1" +DELTA_TARGET=out/delta-dev.tar.gz +endif # The link aliases for gcstools GCS_TOOLS=\ - generichook + generichook \ + install-drivers .PHONY: all always rootfs test +.DEFAULT_GOAL := all + all: out/initrd.img out/rootfs.tar.gz clean: @@ -29,21 +41,13 @@ clean: rm -rf bin deps rootfs out test: - cd $(SRCROOT) && go test -v ./internal/guest/... + cd $(SRCROOT) && $(GO) test -v ./internal/guest/... -out/delta.tar.gz: bin/init bin/vsockexec bin/cmd/gcs bin/cmd/gcstools Makefile - @mkdir -p out - rm -rf rootfs - mkdir -p rootfs/bin/ - cp bin/init rootfs/ - cp bin/vsockexec rootfs/bin/ - cp bin/cmd/gcs rootfs/bin/ - cp bin/cmd/gcstools rootfs/bin/ - for tool in $(GCS_TOOLS); do ln -s gcstools rootfs/bin/$$tool; done - git -C $(SRCROOT) rev-parse HEAD > rootfs/gcs.commit && \ - git -C $(SRCROOT) rev-parse --abbrev-ref HEAD > rootfs/gcs.branch - tar -zcf $@ -C rootfs . - rm -rf rootfs +rootfs: out/rootfs.vhd + +out/rootfs.vhd: out/rootfs.tar.gz bin/cmd/tar2ext4 + gzip -f -d ./out/rootfs.tar.gz + bin/cmd/tar2ext4 -vhd -i ./out/rootfs.tar -o $@ out/rootfs.tar.gz: out/initrd.img rm -rf rootfs-conv @@ -52,13 +56,45 @@ out/rootfs.tar.gz: out/initrd.img tar -zcf $@ -C rootfs-conv . rm -rf rootfs-conv -out/initrd.img: $(BASE) out/delta.tar.gz $(SRCROOT)/hack/catcpio.sh - $(SRCROOT)/hack/catcpio.sh "$(BASE)" out/delta.tar.gz > out/initrd.img.uncompressed +out/initrd.img: $(BASE) $(DELTA_TARGET) $(SRCROOT)/hack/catcpio.sh + $(SRCROOT)/hack/catcpio.sh "$(BASE)" $(DELTA_TARGET) > out/initrd.img.uncompressed gzip -c out/initrd.img.uncompressed > $@ rm out/initrd.img.uncompressed +# This target includes utilities which may be useful for testing purposes. +out/delta-dev.tar.gz: out/delta.tar.gz bin/internal/tools/snp-report + rm -rf rootfs-dev + mkdir rootfs-dev + tar -xzf out/delta.tar.gz -C rootfs-dev + cp bin/internal/tools/snp-report rootfs-dev/bin/ + tar -zcf $@ -C rootfs-dev . + rm -rf rootfs-dev + +out/delta.tar.gz: bin/init bin/vsockexec bin/cmd/gcs bin/cmd/gcstools bin/cmd/hooks/wait-paths Makefile + @mkdir -p out + rm -rf rootfs + mkdir -p rootfs/bin/ + mkdir -p rootfs/info/ + cp bin/init rootfs/ + cp bin/vsockexec rootfs/bin/ + cp bin/cmd/gcs rootfs/bin/ + cp bin/cmd/gcstools rootfs/bin/ + cp bin/cmd/hooks/wait-paths rootfs/bin/ + for tool in $(GCS_TOOLS); do ln -s gcstools rootfs/bin/$$tool; done + git -C $(SRCROOT) rev-parse HEAD > rootfs/info/gcs.commit && \ + git -C $(SRCROOT) rev-parse --abbrev-ref HEAD > rootfs/info/gcs.branch && \ + date --iso-8601=minute --utc > rootfs/info/tar.date + $(if $(and $(realpath $(subst .tar,.testdata.json,$(BASE))), $(shell which jq)), \ + jq -r '.IMAGE_NAME' $(subst .tar,.testdata.json,$(BASE)) 2>/dev/null > rootfs/info/image.name && \ + jq -r '.DATETIME' $(subst .tar,.testdata.json,$(BASE)) 2>/dev/null > rootfs/info/build.date) + tar -zcf $@ -C rootfs . + rm -rf rootfs + -include deps/cmd/gcs.gomake -include deps/cmd/gcstools.gomake +-include deps/cmd/hooks/wait-paths.gomake +-include deps/cmd/tar2ext4.gomake +-include deps/internal/tools/snp-report.gomake # Implicit rule for includes that define Go targets. %.gomake: $(SRCROOT)/Makefile @@ -72,8 +108,6 @@ out/initrd.img: $(BASE) out/delta.tar.gz $(SRCROOT)/hack/catcpio.sh @/bin/echo -e '-include $(@:%.gomake=%.godeps)' >> $@.new mv $@.new $@ -VPATH=$(SRCROOT) - bin/vsockexec: vsockexec/vsockexec.o vsockexec/vsock.o @mkdir -p bin $(CC) $(LDFLAGS) -o $@ $^ diff --git a/vendor/github.com/Microsoft/hcsshim/Protobuild.toml b/vendor/github.com/Microsoft/hcsshim/Protobuild.toml index ee18671aa..471f13386 100644 --- a/vendor/github.com/Microsoft/hcsshim/Protobuild.toml +++ b/vendor/github.com/Microsoft/hcsshim/Protobuild.toml @@ -1,4 +1,4 @@ -version = "unstable" +version = "1" generator = "gogoctrd" plugins = ["grpc", "fieldpath"] @@ -14,11 +14,6 @@ plugins = ["grpc", "fieldpath"] # target package. packages = ["github.com/gogo/protobuf"] - # Paths that will be added untouched to the end of the includes. We use - # `/usr/local/include` to pickup the common install location of protobuf. - # This is the default. - after = ["/usr/local/include"] - # This section maps protobuf imports to Go packages. These will become # `-M` directives in the call to the go protobuf generator. [packages] @@ -36,6 +31,10 @@ plugins = ["grpc", "fieldpath"] prefixes = ["github.com/Microsoft/hcsshim/internal/shimdiag"] plugins = ["ttrpc"] +[[overrides]] +prefixes = ["github.com/Microsoft/hcsshim/internal/extendedtask"] +plugins = ["ttrpc"] + [[overrides]] prefixes = ["github.com/Microsoft/hcsshim/internal/computeagent"] plugins = ["ttrpc"] diff --git a/vendor/github.com/Microsoft/hcsshim/README.md b/vendor/github.com/Microsoft/hcsshim/README.md index b8ca926a9..5a1361539 100644 --- a/vendor/github.com/Microsoft/hcsshim/README.md +++ b/vendor/github.com/Microsoft/hcsshim/README.md @@ -75,24 +75,6 @@ certify they either authored the work themselves or otherwise have permission to more info, as well as to make sure that you can attest to the rules listed. Our CI uses the [DCO Github app](https://github.com/apps/dco) to ensure that all commits in a given PR are signed-off. -### Test Directory (Important to note) - -This project has tried to trim some dependencies from the root Go modules file that would be cumbersome to get transitively included if this -project is being vendored/used as a library. Some of these dependencies were only being used for tests, so the /test directory in this project also has -its own go.mod file where these are now included to get around this issue. Our tests rely on the code in this project to run, so the test Go modules file -has a relative path replace directive to pull in the latest hcsshim code that the tests actually touch from this project -(which is the repo itself on your disk). - -``` -replace ( - github.com/Microsoft/hcsshim => ../ -) -``` - -Because of this, for most code changes you may need to run `go mod vendor` + `go mod tidy` in the /test directory in this repository, as the -CI in this project will check if the files are out of date and will fail if this is true. - - ## Code of Conduct This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). @@ -101,7 +83,7 @@ contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additio ## Dependencies -This project requires Golang 1.9 or newer to build. +This project requires Golang 1.17 or newer to build. For system requirements to run this project, see the Microsoft docs on [Windows Container requirements](https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/system-requirements). diff --git a/vendor/github.com/Microsoft/hcsshim/SECURITY.md b/vendor/github.com/Microsoft/hcsshim/SECURITY.md new file mode 100644 index 000000000..869fdfe2b --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/SECURITY.md @@ -0,0 +1,41 @@ + + +## Security + +Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). + +If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** + +Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report). + +If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey). + +You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). + +Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: + + * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) + * Full paths of source file(s) related to the manifestation of the issue + * The location of the affected source code (tag/branch/commit or direct URL) + * Any special configuration required to reproduce the issue + * Step-by-step instructions to reproduce the issue + * Proof-of-concept or exploit code (if possible) + * Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs. + +## Preferred Languages + +We prefer all communications to be in English. + +## Policy + +Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd). + + diff --git a/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go index 89aff3723..6d35b9ca8 100644 --- a/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go +++ b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go @@ -6,10 +6,12 @@ package options import ( fmt "fmt" proto "github.com/gogo/protobuf/proto" + github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys" _ "github.com/gogo/protobuf/types" github_com_gogo_protobuf_types "github.com/gogo/protobuf/types" io "io" math "math" + math_bits "math/bits" reflect "reflect" strings "strings" time "time" @@ -25,7 +27,7 @@ var _ = time.Kitchen // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package type Options_DebugType int32 @@ -143,7 +145,14 @@ type Options struct { // io_retry_timeout_in_sec is the timeout in seconds for how long to try and reconnect to an upstream IO provider if a connection is lost. // The typical example is if Containerd has restarted but is expected to come back online. A 0 for this field is interpreted as an infinite // timeout. - IoRetryTimeoutInSec int32 `protobuf:"varint,17,opt,name=io_retry_timeout_in_sec,json=ioRetryTimeoutInSec,proto3" json:"io_retry_timeout_in_sec,omitempty"` + IoRetryTimeoutInSec int32 `protobuf:"varint,17,opt,name=io_retry_timeout_in_sec,json=ioRetryTimeoutInSec,proto3" json:"io_retry_timeout_in_sec,omitempty"` + // default_container_annotations specifies a set of annotations that should be set for every workload container + DefaultContainerAnnotations map[string]string `protobuf:"bytes,18,rep,name=default_container_annotations,json=defaultContainerAnnotations,proto3" json:"default_container_annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // no_inherit_host_timezone specifies to skip inheriting the hosts time zone for WCOW UVMs and instead default to + // UTC. + NoInheritHostTimezone bool `protobuf:"varint,19,opt,name=no_inherit_host_timezone,json=noInheritHostTimezone,proto3" json:"no_inherit_host_timezone,omitempty"` + // scrub_logs enables removing environment variables and other potentially sensitive information from logs + ScrubLogs bool `protobuf:"varint,20,opt,name=scrub_logs,json=scrubLogs,proto3" json:"scrub_logs,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -162,7 +171,7 @@ func (m *Options) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_Options.Marshal(b, m, deterministic) } else { b = b[:cap(b)] - n, err := m.MarshalTo(b) + n, err := m.MarshalToSizedBuffer(b) if err != nil { return nil, err } @@ -211,7 +220,7 @@ func (m *ProcessDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, erro return xxx_messageInfo_ProcessDetails.Marshal(b, m, deterministic) } else { b = b[:cap(b)] - n, err := m.MarshalTo(b) + n, err := m.MarshalToSizedBuffer(b) if err != nil { return nil, err } @@ -234,6 +243,7 @@ func init() { proto.RegisterEnum("containerd.runhcs.v1.Options_DebugType", Options_DebugType_name, Options_DebugType_value) proto.RegisterEnum("containerd.runhcs.v1.Options_SandboxIsolation", Options_SandboxIsolation_name, Options_SandboxIsolation_value) proto.RegisterType((*Options)(nil), "containerd.runhcs.v1.Options") + proto.RegisterMapType((map[string]string)(nil), "containerd.runhcs.v1.Options.DefaultContainerAnnotationsEntry") proto.RegisterType((*ProcessDetails)(nil), "containerd.runhcs.v1.ProcessDetails") } @@ -242,73 +252,80 @@ func init() { } var fileDescriptor_b643df6839c75082 = []byte{ - // 953 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0x5d, 0x6f, 0xdb, 0x36, - 0x17, 0xb6, 0xda, 0x24, 0xb6, 0x4e, 0xbe, 0x1c, 0x36, 0x40, 0x85, 0xe4, 0xad, 0x6d, 0xa4, 0x2f, - 0xd0, 0x14, 0x6b, 0xa4, 0xa4, 0xdb, 0xdd, 0x06, 0x0c, 0x8d, 0xed, 0xb4, 0x1e, 0xf2, 0x61, 0xc8, - 0x59, 0xba, 0x8f, 0x0b, 0x42, 0x1f, 0x8c, 0x4c, 0x54, 0x12, 0x05, 0x92, 0xf6, 0xe2, 0x5e, 0xed, - 0x27, 0xec, 0x87, 0xec, 0x87, 0xe4, 0x72, 0x97, 0x03, 0x06, 0x64, 0xab, 0x7f, 0xc9, 0x40, 0x8a, - 0x4a, 0xbb, 0x20, 0xd8, 0xcd, 0xae, 0x4c, 0x3e, 0xcf, 0xc3, 0x87, 0xe7, 0x1c, 0x9d, 0x43, 0xc3, - 0x59, 0x42, 0xe5, 0x78, 0x12, 0xba, 0x11, 0xcb, 0xbc, 0x13, 0x1a, 0x71, 0x26, 0xd8, 0xa5, 0xf4, - 0xc6, 0x91, 0x10, 0x63, 0x9a, 0x79, 0x51, 0x16, 0x7b, 0x11, 0xcb, 0x65, 0x40, 0x73, 0xc2, 0xe3, - 0x3d, 0x85, 0xed, 0xf1, 0x49, 0x3e, 0x8e, 0xc4, 0xde, 0xf4, 0xc0, 0x63, 0x85, 0xa4, 0x2c, 0x17, - 0x5e, 0x89, 0xb8, 0x05, 0x67, 0x92, 0xa1, 0xcd, 0x8f, 0x7a, 0xd7, 0x10, 0xd3, 0x83, 0xad, 0xcd, - 0x84, 0x25, 0x4c, 0x0b, 0x3c, 0xb5, 0x2a, 0xb5, 0x5b, 0xed, 0x84, 0xb1, 0x24, 0x25, 0x9e, 0xde, - 0x85, 0x93, 0x4b, 0x4f, 0xd2, 0x8c, 0x08, 0x19, 0x64, 0x45, 0x29, 0xd8, 0xf9, 0xb5, 0x0e, 0xf5, - 0xb3, 0xf2, 0x16, 0xb4, 0x09, 0x8b, 0x31, 0x09, 0x27, 0x89, 0x63, 0x75, 0xac, 0xdd, 0x86, 0x5f, - 0x6e, 0xd0, 0x11, 0x80, 0x5e, 0x60, 0x39, 0x2b, 0x88, 0xf3, 0xa0, 0x63, 0xed, 0xae, 0xbd, 0x7c, - 0xe6, 0xde, 0x17, 0x83, 0x6b, 0x8c, 0xdc, 0x9e, 0xd2, 0x9f, 0xcf, 0x0a, 0xe2, 0xdb, 0x71, 0xb5, - 0x44, 0x4f, 0x61, 0x95, 0x93, 0x84, 0x0a, 0xc9, 0x67, 0x98, 0x33, 0x26, 0x9d, 0x87, 0x1d, 0x6b, - 0xd7, 0xf6, 0x57, 0x2a, 0xd0, 0x67, 0x4c, 0x2a, 0x91, 0x08, 0xf2, 0x38, 0x64, 0x57, 0x98, 0x66, - 0x41, 0x42, 0x9c, 0x85, 0x52, 0x64, 0xc0, 0x81, 0xc2, 0xd0, 0x73, 0x68, 0x56, 0xa2, 0x22, 0x0d, - 0xe4, 0x25, 0xe3, 0x99, 0xb3, 0xa8, 0x75, 0xeb, 0x06, 0x1f, 0x1a, 0x18, 0xfd, 0x08, 0x1b, 0xb7, - 0x7e, 0x82, 0xa5, 0x81, 0x8a, 0xcf, 0x59, 0xd2, 0x39, 0xb8, 0xff, 0x9e, 0xc3, 0xc8, 0xdc, 0x58, - 0x9d, 0xf2, 0xab, 0x3b, 0x6f, 0x11, 0xe4, 0xc1, 0x66, 0xc8, 0x98, 0xc4, 0x97, 0x34, 0x25, 0x42, - 0xe7, 0x84, 0x8b, 0x40, 0x8e, 0x9d, 0xba, 0x8e, 0x65, 0x43, 0x71, 0x47, 0x8a, 0x52, 0x99, 0x0d, - 0x03, 0x39, 0x46, 0x2f, 0x00, 0x4d, 0x33, 0x5c, 0x70, 0x16, 0x11, 0x21, 0x18, 0xc7, 0x11, 0x9b, - 0xe4, 0xd2, 0x69, 0x74, 0xac, 0xdd, 0x45, 0xbf, 0x39, 0xcd, 0x86, 0x15, 0xd1, 0x55, 0x38, 0x72, - 0x61, 0x73, 0x9a, 0xe1, 0x8c, 0x64, 0x8c, 0xcf, 0xb0, 0xa0, 0xef, 0x09, 0xa6, 0x39, 0xce, 0x42, - 0xc7, 0xae, 0xf4, 0x27, 0x9a, 0x1a, 0xd1, 0xf7, 0x64, 0x90, 0x9f, 0x84, 0xa8, 0x05, 0xf0, 0x7a, - 0xf8, 0xed, 0xc5, 0x9b, 0x9e, 0xba, 0xcb, 0x01, 0x1d, 0xc4, 0x27, 0x08, 0xfa, 0x0a, 0xb6, 0x45, - 0x14, 0xa4, 0x04, 0x47, 0xc5, 0x04, 0xa7, 0x34, 0xa3, 0x52, 0x60, 0xc9, 0xb0, 0x49, 0xcb, 0x59, - 0xd6, 0x1f, 0xfd, 0xb1, 0x96, 0x74, 0x8b, 0xc9, 0xb1, 0x16, 0x9c, 0x33, 0x53, 0x07, 0x74, 0x02, - 0xff, 0x8f, 0xc9, 0x65, 0x30, 0x49, 0x25, 0xbe, 0xad, 0x1b, 0x16, 0x11, 0x0f, 0x64, 0x34, 0xbe, - 0x8d, 0x2e, 0x09, 0x9d, 0x15, 0x1d, 0x5d, 0xdb, 0x68, 0xbb, 0x95, 0x74, 0x54, 0x2a, 0xcb, 0x60, - 0x5f, 0x87, 0xe8, 0x6b, 0x78, 0x52, 0xd9, 0x4d, 0xb3, 0xfb, 0x7c, 0x56, 0xb5, 0x8f, 0x63, 0x44, - 0x17, 0xd9, 0x5d, 0x03, 0xd5, 0x29, 0xe3, 0x80, 0x93, 0xea, 0xac, 0xb3, 0xa6, 0xe3, 0x5f, 0xd1, - 0xa0, 0x11, 0xa3, 0x0e, 0x2c, 0x9f, 0x76, 0x87, 0x9c, 0x5d, 0xcd, 0x5e, 0xc5, 0x31, 0x77, 0xd6, - 0x75, 0x4d, 0x3e, 0x85, 0xd0, 0x36, 0xd8, 0x29, 0x4b, 0x70, 0x4a, 0xa6, 0x24, 0x75, 0x9a, 0x9a, - 0x6f, 0xa4, 0x2c, 0x39, 0x56, 0x7b, 0xf4, 0x05, 0x3c, 0xa6, 0x0c, 0x73, 0xa2, 0x5a, 0x56, 0x0d, - 0x0e, 0x9b, 0x48, 0x15, 0x9d, 0x20, 0x91, 0xb3, 0xa1, 0xc3, 0x7b, 0x44, 0x99, 0xaf, 0xd8, 0xf3, - 0x92, 0x1c, 0xe4, 0x23, 0x12, 0xed, 0x3c, 0x07, 0xfb, 0x76, 0x00, 0x90, 0x0d, 0x8b, 0xa7, 0xc3, - 0xc1, 0xb0, 0xdf, 0xac, 0xa1, 0x06, 0x2c, 0x1c, 0x0d, 0x8e, 0xfb, 0x4d, 0x0b, 0xd5, 0xe1, 0x61, - 0xff, 0xfc, 0x6d, 0xf3, 0xc1, 0x8e, 0x07, 0xcd, 0xbb, 0x7d, 0x86, 0x96, 0xa1, 0x3e, 0xf4, 0xcf, - 0xba, 0xfd, 0xd1, 0xa8, 0x59, 0x43, 0x6b, 0x00, 0x6f, 0xbe, 0x1f, 0xf6, 0xfd, 0x8b, 0xc1, 0xe8, - 0xcc, 0x6f, 0x5a, 0x3b, 0x7f, 0x3c, 0x84, 0x35, 0xd3, 0x26, 0x3d, 0x22, 0x03, 0x9a, 0x0a, 0xf4, - 0x04, 0x40, 0x8f, 0x0a, 0xce, 0x83, 0x8c, 0xe8, 0xd1, 0xb5, 0x7d, 0x5b, 0x23, 0xa7, 0x41, 0x46, - 0x50, 0x17, 0x20, 0xe2, 0x24, 0x90, 0x24, 0xc6, 0x81, 0xd4, 0xe3, 0xbb, 0xfc, 0x72, 0xcb, 0x2d, - 0x9f, 0x05, 0xb7, 0x7a, 0x16, 0xdc, 0xf3, 0xea, 0x59, 0x38, 0x6c, 0x5c, 0xdf, 0xb4, 0x6b, 0xbf, - 0xfc, 0xd9, 0xb6, 0x7c, 0xdb, 0x9c, 0x7b, 0x25, 0xd1, 0x67, 0x80, 0xde, 0x11, 0x9e, 0x93, 0x54, - 0x97, 0x01, 0x1f, 0xec, 0xef, 0xe3, 0x5c, 0xe8, 0x01, 0x5e, 0xf0, 0xd7, 0x4b, 0x46, 0x39, 0x1c, - 0xec, 0xef, 0x9f, 0x0a, 0xe4, 0xc2, 0x23, 0xd3, 0xb4, 0x11, 0xcb, 0x32, 0x2a, 0x71, 0x38, 0x93, - 0x44, 0xe8, 0x49, 0x5e, 0xf0, 0x37, 0x4a, 0xaa, 0xab, 0x99, 0x43, 0x45, 0xa0, 0x23, 0xe8, 0x18, - 0xfd, 0x4f, 0x8c, 0xbf, 0xa3, 0x79, 0x82, 0x05, 0x91, 0xb8, 0xe0, 0x74, 0x1a, 0x48, 0x62, 0x0e, - 0x2f, 0xea, 0xc3, 0xff, 0x2b, 0x75, 0x6f, 0x4b, 0xd9, 0x88, 0xc8, 0x61, 0x29, 0x2a, 0x7d, 0x7a, - 0xd0, 0xbe, 0xc7, 0x47, 0xf7, 0x43, 0x6c, 0x6c, 0x96, 0xb4, 0xcd, 0xf6, 0x5d, 0x9b, 0x91, 0xd6, - 0x94, 0x2e, 0x2f, 0x00, 0xcc, 0x80, 0x62, 0x1a, 0xeb, 0x51, 0x5e, 0x3d, 0x5c, 0x9d, 0xdf, 0xb4, - 0x6d, 0x53, 0xf6, 0x41, 0xcf, 0xb7, 0x8d, 0x60, 0x10, 0xa3, 0x67, 0xd0, 0x9c, 0x08, 0xc2, 0xff, - 0x51, 0x96, 0x86, 0xbe, 0x64, 0x55, 0xe1, 0x1f, 0x8b, 0xf2, 0x14, 0xea, 0xe4, 0x8a, 0x44, 0xca, - 0x53, 0xcd, 0xaf, 0x7d, 0x08, 0xf3, 0x9b, 0xf6, 0x52, 0xff, 0x8a, 0x44, 0x83, 0x9e, 0xbf, 0xa4, - 0xa8, 0x41, 0x7c, 0x18, 0x5f, 0x7f, 0x68, 0xd5, 0x7e, 0xff, 0xd0, 0xaa, 0xfd, 0x3c, 0x6f, 0x59, - 0xd7, 0xf3, 0x96, 0xf5, 0xdb, 0xbc, 0x65, 0xfd, 0x35, 0x6f, 0x59, 0x3f, 0x7c, 0xf3, 0xdf, 0xff, - 0x44, 0xbe, 0x34, 0xbf, 0xdf, 0xd5, 0xc2, 0x25, 0xfd, 0xdd, 0x3f, 0xff, 0x3b, 0x00, 0x00, 0xff, - 0xff, 0x6b, 0x83, 0xa6, 0x5f, 0x9b, 0x06, 0x00, 0x00, + // 1072 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0x4b, 0x6f, 0xe3, 0x36, + 0x17, 0xb5, 0xf2, 0xb4, 0x98, 0x97, 0xc3, 0xf8, 0xc3, 0x08, 0xc9, 0x37, 0xb6, 0x91, 0x29, 0x30, + 0x19, 0x74, 0x22, 0x27, 0x69, 0x81, 0x16, 0x6d, 0xd1, 0x22, 0xb1, 0x9d, 0x89, 0x8b, 0x3c, 0x0c, + 0xd9, 0xcd, 0xf4, 0xb1, 0x20, 0xf4, 0x60, 0x64, 0x22, 0x92, 0x28, 0x90, 0x94, 0x1b, 0x67, 0x55, + 0xf4, 0x17, 0xf4, 0x67, 0x65, 0xd9, 0x65, 0x8b, 0x02, 0x69, 0xc7, 0xbf, 0xa4, 0x20, 0x45, 0x25, + 0x33, 0x41, 0xda, 0x59, 0x74, 0x65, 0xf2, 0x9c, 0xc3, 0xc3, 0x7b, 0xaf, 0x78, 0xaf, 0xc1, 0x59, + 0x48, 0xc4, 0x30, 0xf3, 0x6c, 0x9f, 0xc6, 0xcd, 0x13, 0xe2, 0x33, 0xca, 0xe9, 0x85, 0x68, 0x0e, + 0x7d, 0xce, 0x87, 0x24, 0x6e, 0xfa, 0x71, 0xd0, 0xf4, 0x69, 0x22, 0x5c, 0x92, 0x60, 0x16, 0x6c, + 0x4b, 0x6c, 0x9b, 0x65, 0xc9, 0xd0, 0xe7, 0xdb, 0xa3, 0xdd, 0x26, 0x4d, 0x05, 0xa1, 0x09, 0x6f, + 0xe6, 0x88, 0x9d, 0x32, 0x2a, 0x28, 0xac, 0xde, 0xeb, 0x6d, 0x4d, 0x8c, 0x76, 0xd7, 0xab, 0x21, + 0x0d, 0xa9, 0x12, 0x34, 0xe5, 0x2a, 0xd7, 0xae, 0xd7, 0x43, 0x4a, 0xc3, 0x08, 0x37, 0xd5, 0xce, + 0xcb, 0x2e, 0x9a, 0x82, 0xc4, 0x98, 0x0b, 0x37, 0x4e, 0x73, 0xc1, 0xe6, 0xef, 0x26, 0x98, 0x3f, + 0xcb, 0x6f, 0x81, 0x55, 0x30, 0x1b, 0x60, 0x2f, 0x0b, 0x2d, 0xa3, 0x61, 0x6c, 0x95, 0x9d, 0x7c, + 0x03, 0x0f, 0x01, 0x50, 0x0b, 0x24, 0xc6, 0x29, 0xb6, 0xa6, 0x1a, 0xc6, 0xd6, 0xf2, 0xde, 0x73, + 0xfb, 0xb1, 0x18, 0x6c, 0x6d, 0x64, 0xb7, 0xa5, 0x7e, 0x30, 0x4e, 0xb1, 0x63, 0x06, 0xc5, 0x12, + 0x3e, 0x03, 0x4b, 0x0c, 0x87, 0x84, 0x0b, 0x36, 0x46, 0x8c, 0x52, 0x61, 0x4d, 0x37, 0x8c, 0x2d, + 0xd3, 0x59, 0x2c, 0x40, 0x87, 0x52, 0x21, 0x45, 0xdc, 0x4d, 0x02, 0x8f, 0x5e, 0x21, 0x12, 0xbb, + 0x21, 0xb6, 0x66, 0x72, 0x91, 0x06, 0xbb, 0x12, 0x83, 0x2f, 0x40, 0xa5, 0x10, 0xa5, 0x91, 0x2b, + 0x2e, 0x28, 0x8b, 0xad, 0x59, 0xa5, 0x5b, 0xd1, 0x78, 0x4f, 0xc3, 0xf0, 0x07, 0xb0, 0x7a, 0xe7, + 0xc7, 0x69, 0xe4, 0xca, 0xf8, 0xac, 0x39, 0x95, 0x83, 0xfd, 0xef, 0x39, 0xf4, 0xf5, 0x8d, 0xc5, + 0x29, 0xa7, 0xb8, 0xf3, 0x0e, 0x81, 0x4d, 0x50, 0xf5, 0x28, 0x15, 0xe8, 0x82, 0x44, 0x98, 0xab, + 0x9c, 0x50, 0xea, 0x8a, 0xa1, 0x35, 0xaf, 0x62, 0x59, 0x95, 0xdc, 0xa1, 0xa4, 0x64, 0x66, 0x3d, + 0x57, 0x0c, 0xe1, 0x4b, 0x00, 0x47, 0x31, 0x4a, 0x19, 0xf5, 0x31, 0xe7, 0x94, 0x21, 0x9f, 0x66, + 0x89, 0xb0, 0xca, 0x0d, 0x63, 0x6b, 0xd6, 0xa9, 0x8c, 0xe2, 0x5e, 0x41, 0xb4, 0x24, 0x0e, 0x6d, + 0x50, 0x1d, 0xc5, 0x28, 0xc6, 0x31, 0x65, 0x63, 0xc4, 0xc9, 0x35, 0x46, 0x24, 0x41, 0xb1, 0x67, + 0x99, 0x85, 0xfe, 0x44, 0x51, 0x7d, 0x72, 0x8d, 0xbb, 0xc9, 0x89, 0x07, 0x6b, 0x00, 0xbc, 0xea, + 0x7d, 0x73, 0x7e, 0xd4, 0x96, 0x77, 0x59, 0x40, 0x05, 0xf1, 0x16, 0x02, 0xbf, 0x00, 0x1b, 0xdc, + 0x77, 0x23, 0x8c, 0xfc, 0x34, 0x43, 0x11, 0x89, 0x89, 0xe0, 0x48, 0x50, 0xa4, 0xd3, 0xb2, 0x16, + 0xd4, 0x47, 0x7f, 0xa2, 0x24, 0xad, 0x34, 0x3b, 0x56, 0x82, 0x01, 0xd5, 0x75, 0x80, 0x27, 0xe0, + 0x83, 0x00, 0x5f, 0xb8, 0x59, 0x24, 0xd0, 0x5d, 0xdd, 0x10, 0xf7, 0x99, 0x2b, 0xfc, 0xe1, 0x5d, + 0x74, 0xa1, 0x67, 0x2d, 0xaa, 0xe8, 0xea, 0x5a, 0xdb, 0x2a, 0xa4, 0xfd, 0x5c, 0x99, 0x07, 0xfb, + 0xca, 0x83, 0x5f, 0x81, 0xa7, 0x85, 0xdd, 0x28, 0x7e, 0xcc, 0x67, 0x49, 0xf9, 0x58, 0x5a, 0x74, + 0x1e, 0x3f, 0x34, 0x90, 0x2f, 0x65, 0xe8, 0x32, 0x5c, 0x9c, 0xb5, 0x96, 0x55, 0xfc, 0x8b, 0x0a, + 0xd4, 0x62, 0xd8, 0x00, 0x0b, 0xa7, 0xad, 0x1e, 0xa3, 0x57, 0xe3, 0xfd, 0x20, 0x60, 0xd6, 0x8a, + 0xaa, 0xc9, 0xdb, 0x10, 0xdc, 0x00, 0x66, 0x44, 0x43, 0x14, 0xe1, 0x11, 0x8e, 0xac, 0x8a, 0xe2, + 0xcb, 0x11, 0x0d, 0x8f, 0xe5, 0x1e, 0x7e, 0x0c, 0x9e, 0x10, 0x8a, 0x18, 0x96, 0x4f, 0x56, 0x36, + 0x0e, 0xcd, 0x84, 0x8c, 0x8e, 0x63, 0xdf, 0x5a, 0x55, 0xe1, 0xad, 0x11, 0xea, 0x48, 0x76, 0x90, + 0x93, 0xdd, 0xa4, 0x8f, 0x7d, 0xf8, 0xb3, 0x71, 0x9f, 0xdb, 0x7d, 0xa9, 0xdc, 0x24, 0xa1, 0x42, + 0xbd, 0x1b, 0x6e, 0xc1, 0xc6, 0xf4, 0xd6, 0xc2, 0xde, 0x97, 0xef, 0x6b, 0xa2, 0x77, 0x2b, 0xb8, + 0x7f, 0x6f, 0xd0, 0x49, 0x64, 0xbf, 0x6c, 0x04, 0xff, 0xac, 0x80, 0x9f, 0x00, 0x2b, 0xa1, 0x88, + 0x24, 0x43, 0xcc, 0x88, 0x40, 0x43, 0xca, 0x85, 0xca, 0xe0, 0x9a, 0x26, 0xd8, 0x5a, 0x53, 0x95, + 0xfa, 0x5f, 0x42, 0xbb, 0x39, 0x7d, 0x44, 0xb9, 0x18, 0x68, 0x12, 0x3e, 0x05, 0x80, 0xfb, 0x2c, + 0xf3, 0x50, 0x44, 0x43, 0x6e, 0x55, 0x95, 0xd4, 0x54, 0xc8, 0x31, 0x0d, 0xf9, 0xfa, 0x29, 0x68, + 0xbc, 0x2f, 0x30, 0x58, 0x01, 0xd3, 0x97, 0x78, 0xac, 0xa6, 0x88, 0xe9, 0xc8, 0xa5, 0x9c, 0x2c, + 0x23, 0x37, 0xca, 0xf2, 0xf1, 0x61, 0x3a, 0xf9, 0xe6, 0xb3, 0xa9, 0x4f, 0x8d, 0xcd, 0x17, 0xc0, + 0xbc, 0x9b, 0x16, 0xd0, 0x04, 0xb3, 0xa7, 0xbd, 0x6e, 0xaf, 0x53, 0x29, 0xc1, 0x32, 0x98, 0x39, + 0xec, 0x1e, 0x77, 0x2a, 0x06, 0x9c, 0x07, 0xd3, 0x9d, 0xc1, 0xeb, 0xca, 0xd4, 0x66, 0x13, 0x54, + 0x1e, 0x36, 0x25, 0x5c, 0x00, 0xf3, 0x3d, 0xe7, 0xac, 0xd5, 0xe9, 0xf7, 0x2b, 0x25, 0xb8, 0x0c, + 0xc0, 0xd1, 0x77, 0xbd, 0x8e, 0x73, 0xde, 0xed, 0x9f, 0x39, 0x15, 0x63, 0xf3, 0x8f, 0x69, 0xb0, + 0xac, 0x7b, 0xaa, 0x8d, 0x85, 0x4b, 0x22, 0x2e, 0xb3, 0x53, 0x73, 0x05, 0x25, 0x6e, 0x8c, 0x75, + 0x84, 0xa6, 0x42, 0x4e, 0xdd, 0x18, 0xc3, 0x16, 0x00, 0x3e, 0xc3, 0xae, 0xc0, 0x01, 0x72, 0x85, + 0x0a, 0x76, 0x61, 0x6f, 0xdd, 0xce, 0x67, 0xa8, 0x5d, 0xcc, 0x50, 0x7b, 0x50, 0xcc, 0xd0, 0x83, + 0xf2, 0xcd, 0x6d, 0xbd, 0xf4, 0xcb, 0x9f, 0x75, 0xc3, 0x31, 0xf5, 0xb9, 0x7d, 0x01, 0x3f, 0x04, + 0xf0, 0x12, 0xb3, 0x04, 0x47, 0xaa, 0xe2, 0x68, 0x77, 0x67, 0x07, 0x25, 0x5c, 0x4d, 0xbb, 0x19, + 0x67, 0x25, 0x67, 0xa4, 0xc3, 0xee, 0xce, 0xce, 0x29, 0x87, 0x36, 0x58, 0xd3, 0x1d, 0xee, 0xd3, + 0x38, 0x26, 0x02, 0x79, 0x63, 0x81, 0xb9, 0x1a, 0x7b, 0x33, 0xce, 0x6a, 0x4e, 0xb5, 0x14, 0x73, + 0x20, 0x09, 0x78, 0x08, 0x1a, 0x5a, 0xff, 0x23, 0x65, 0x97, 0x24, 0x09, 0x11, 0xc7, 0x02, 0xa5, + 0x8c, 0x8c, 0x5c, 0x81, 0xf5, 0xe1, 0x59, 0x75, 0xf8, 0xff, 0xb9, 0xee, 0x75, 0x2e, 0xeb, 0x63, + 0xd1, 0xcb, 0x45, 0xb9, 0x4f, 0x1b, 0xd4, 0x1f, 0xf1, 0x51, 0xcd, 0x13, 0x68, 0x9b, 0x39, 0x65, + 0xb3, 0xf1, 0xd0, 0xa6, 0xaf, 0x34, 0xb9, 0xcb, 0x4b, 0x00, 0xf4, 0x34, 0x43, 0x24, 0x50, 0x73, + 0x6f, 0xe9, 0x60, 0x69, 0x72, 0x5b, 0x37, 0x75, 0xd9, 0xbb, 0x6d, 0xc7, 0xd4, 0x82, 0x6e, 0x00, + 0x9f, 0x83, 0x4a, 0xc6, 0x31, 0x7b, 0xa7, 0x2c, 0x65, 0x75, 0xc9, 0x92, 0xc4, 0xef, 0x8b, 0xf2, + 0x0c, 0xcc, 0xe3, 0x2b, 0xec, 0x4b, 0x4f, 0x39, 0xec, 0xcc, 0x03, 0x30, 0xb9, 0xad, 0xcf, 0x75, + 0xae, 0xb0, 0xdf, 0x6d, 0x3b, 0x73, 0x92, 0xea, 0x06, 0x07, 0xc1, 0xcd, 0x9b, 0x5a, 0xe9, 0xb7, + 0x37, 0xb5, 0xd2, 0x4f, 0x93, 0x9a, 0x71, 0x33, 0xa9, 0x19, 0xbf, 0x4e, 0x6a, 0xc6, 0x5f, 0x93, + 0x9a, 0xf1, 0xfd, 0xd7, 0xff, 0xfd, 0x1f, 0xf7, 0x73, 0xfd, 0xfb, 0x6d, 0xc9, 0x9b, 0x53, 0xdf, + 0xfd, 0xa3, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xba, 0x6d, 0x7b, 0x04, 0xc8, 0x07, 0x00, 0x00, } func (m *Options) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -316,131 +333,189 @@ func (m *Options) Marshal() (dAtA []byte, err error) { } func (m *Options) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Options) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - if m.Debug { - dAtA[i] = 0x8 - i++ - if m.Debug { + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.ScrubLogs { + i-- + if m.ScrubLogs { dAtA[i] = 1 } else { dAtA[i] = 0 } - i++ + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xa0 } - if m.DebugType != 0 { - dAtA[i] = 0x10 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.DebugType)) - } - if len(m.RegistryRoot) > 0 { - dAtA[i] = 0x1a - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(len(m.RegistryRoot))) - i += copy(dAtA[i:], m.RegistryRoot) - } - if len(m.SandboxImage) > 0 { - dAtA[i] = 0x22 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(len(m.SandboxImage))) - i += copy(dAtA[i:], m.SandboxImage) - } - if len(m.SandboxPlatform) > 0 { - dAtA[i] = 0x2a - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(len(m.SandboxPlatform))) - i += copy(dAtA[i:], m.SandboxPlatform) - } - if m.SandboxIsolation != 0 { - dAtA[i] = 0x30 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.SandboxIsolation)) - } - if len(m.BootFilesRootPath) > 0 { - dAtA[i] = 0x3a - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(len(m.BootFilesRootPath))) - i += copy(dAtA[i:], m.BootFilesRootPath) - } - if m.VmProcessorCount != 0 { - dAtA[i] = 0x40 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.VmProcessorCount)) - } - if m.VmMemorySizeInMb != 0 { - dAtA[i] = 0x48 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.VmMemorySizeInMb)) - } - if len(m.GPUVHDPath) > 0 { - dAtA[i] = 0x52 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(len(m.GPUVHDPath))) - i += copy(dAtA[i:], m.GPUVHDPath) - } - if m.ScaleCpuLimitsToSandbox { - dAtA[i] = 0x58 - i++ - if m.ScaleCpuLimitsToSandbox { + if m.NoInheritHostTimezone { + i-- + if m.NoInheritHostTimezone { dAtA[i] = 1 } else { dAtA[i] = 0 } - i++ + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x98 } - if m.DefaultContainerScratchSizeInGb != 0 { - dAtA[i] = 0x60 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.DefaultContainerScratchSizeInGb)) + if len(m.DefaultContainerAnnotations) > 0 { + for k := range m.DefaultContainerAnnotations { + v := m.DefaultContainerAnnotations[k] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintRunhcs(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(k) + copy(dAtA[i:], k) + i = encodeVarintRunhcs(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = encodeVarintRunhcs(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x92 + } } - if m.DefaultVmScratchSizeInGb != 0 { - dAtA[i] = 0x68 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.DefaultVmScratchSizeInGb)) + if m.IoRetryTimeoutInSec != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.IoRetryTimeoutInSec)) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x88 + } + if len(m.LogLevel) > 0 { + i -= len(m.LogLevel) + copy(dAtA[i:], m.LogLevel) + i = encodeVarintRunhcs(dAtA, i, uint64(len(m.LogLevel))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x82 + } + if len(m.NCProxyAddr) > 0 { + i -= len(m.NCProxyAddr) + copy(dAtA[i:], m.NCProxyAddr) + i = encodeVarintRunhcs(dAtA, i, uint64(len(m.NCProxyAddr))) + i-- + dAtA[i] = 0x7a } if m.ShareScratch { - dAtA[i] = 0x70 - i++ + i-- if m.ShareScratch { dAtA[i] = 1 } else { dAtA[i] = 0 } - i++ + i-- + dAtA[i] = 0x70 } - if len(m.NCProxyAddr) > 0 { - dAtA[i] = 0x7a - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(len(m.NCProxyAddr))) - i += copy(dAtA[i:], m.NCProxyAddr) + if m.DefaultVmScratchSizeInGb != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.DefaultVmScratchSizeInGb)) + i-- + dAtA[i] = 0x68 } - if len(m.LogLevel) > 0 { - dAtA[i] = 0x82 - i++ - dAtA[i] = 0x1 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(len(m.LogLevel))) - i += copy(dAtA[i:], m.LogLevel) + if m.DefaultContainerScratchSizeInGb != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.DefaultContainerScratchSizeInGb)) + i-- + dAtA[i] = 0x60 } - if m.IoRetryTimeoutInSec != 0 { - dAtA[i] = 0x88 - i++ - dAtA[i] = 0x1 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.IoRetryTimeoutInSec)) + if m.ScaleCpuLimitsToSandbox { + i-- + if m.ScaleCpuLimitsToSandbox { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x58 } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) + if len(m.GPUVHDPath) > 0 { + i -= len(m.GPUVHDPath) + copy(dAtA[i:], m.GPUVHDPath) + i = encodeVarintRunhcs(dAtA, i, uint64(len(m.GPUVHDPath))) + i-- + dAtA[i] = 0x52 } - return i, nil + if m.VmMemorySizeInMb != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.VmMemorySizeInMb)) + i-- + dAtA[i] = 0x48 + } + if m.VmProcessorCount != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.VmProcessorCount)) + i-- + dAtA[i] = 0x40 + } + if len(m.BootFilesRootPath) > 0 { + i -= len(m.BootFilesRootPath) + copy(dAtA[i:], m.BootFilesRootPath) + i = encodeVarintRunhcs(dAtA, i, uint64(len(m.BootFilesRootPath))) + i-- + dAtA[i] = 0x3a + } + if m.SandboxIsolation != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.SandboxIsolation)) + i-- + dAtA[i] = 0x30 + } + if len(m.SandboxPlatform) > 0 { + i -= len(m.SandboxPlatform) + copy(dAtA[i:], m.SandboxPlatform) + i = encodeVarintRunhcs(dAtA, i, uint64(len(m.SandboxPlatform))) + i-- + dAtA[i] = 0x2a + } + if len(m.SandboxImage) > 0 { + i -= len(m.SandboxImage) + copy(dAtA[i:], m.SandboxImage) + i = encodeVarintRunhcs(dAtA, i, uint64(len(m.SandboxImage))) + i-- + dAtA[i] = 0x22 + } + if len(m.RegistryRoot) > 0 { + i -= len(m.RegistryRoot) + copy(dAtA[i:], m.RegistryRoot) + i = encodeVarintRunhcs(dAtA, i, uint64(len(m.RegistryRoot))) + i-- + dAtA[i] = 0x1a + } + if m.DebugType != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.DebugType)) + i-- + dAtA[i] = 0x10 + } + if m.Debug { + i-- + if m.Debug { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil } func (m *ProcessDetails) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -448,74 +523,84 @@ func (m *ProcessDetails) Marshal() (dAtA []byte, err error) { } func (m *ProcessDetails) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ProcessDetails) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - if len(m.ImageName) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(len(m.ImageName))) - i += copy(dAtA[i:], m.ImageName) - } - dAtA[i] = 0x12 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt))) - n1, err := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i:]) - if err != nil { - return 0, err - } - i += n1 - if m.KernelTime_100Ns != 0 { - dAtA[i] = 0x18 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.KernelTime_100Ns)) - } - if m.MemoryCommitBytes != 0 { - dAtA[i] = 0x20 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryCommitBytes)) - } - if m.MemoryWorkingSetPrivateBytes != 0 { - dAtA[i] = 0x28 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryWorkingSetPrivateBytes)) - } - if m.MemoryWorkingSetSharedBytes != 0 { - dAtA[i] = 0x30 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryWorkingSetSharedBytes)) - } - if m.ProcessID != 0 { - dAtA[i] = 0x38 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.ProcessID)) - } - if m.UserTime_100Ns != 0 { - dAtA[i] = 0x40 - i++ - i = encodeVarintRunhcs(dAtA, i, uint64(m.UserTime_100Ns)) + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } if len(m.ExecID) > 0 { - dAtA[i] = 0x4a - i++ + i -= len(m.ExecID) + copy(dAtA[i:], m.ExecID) i = encodeVarintRunhcs(dAtA, i, uint64(len(m.ExecID))) - i += copy(dAtA[i:], m.ExecID) + i-- + dAtA[i] = 0x4a } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) + if m.UserTime_100Ns != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.UserTime_100Ns)) + i-- + dAtA[i] = 0x40 } - return i, nil + if m.ProcessID != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.ProcessID)) + i-- + dAtA[i] = 0x38 + } + if m.MemoryWorkingSetSharedBytes != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryWorkingSetSharedBytes)) + i-- + dAtA[i] = 0x30 + } + if m.MemoryWorkingSetPrivateBytes != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryWorkingSetPrivateBytes)) + i-- + dAtA[i] = 0x28 + } + if m.MemoryCommitBytes != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.MemoryCommitBytes)) + i-- + dAtA[i] = 0x20 + } + if m.KernelTime_100Ns != 0 { + i = encodeVarintRunhcs(dAtA, i, uint64(m.KernelTime_100Ns)) + i-- + dAtA[i] = 0x18 + } + n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt):]) + if err1 != nil { + return 0, err1 + } + i -= n1 + i = encodeVarintRunhcs(dAtA, i, uint64(n1)) + i-- + dAtA[i] = 0x12 + if len(m.ImageName) > 0 { + i -= len(m.ImageName) + copy(dAtA[i:], m.ImageName) + i = encodeVarintRunhcs(dAtA, i, uint64(len(m.ImageName))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil } func encodeVarintRunhcs(dAtA []byte, offset int, v uint64) int { + offset -= sovRunhcs(v) + base := offset for v >= 1<<7 { dAtA[offset] = uint8(v&0x7f | 0x80) v >>= 7 offset++ } dAtA[offset] = uint8(v) - return offset + 1 + return base } func (m *Options) Size() (n int) { if m == nil { @@ -581,6 +666,20 @@ func (m *Options) Size() (n int) { if m.IoRetryTimeoutInSec != 0 { n += 2 + sovRunhcs(uint64(m.IoRetryTimeoutInSec)) } + if len(m.DefaultContainerAnnotations) > 0 { + for k, v := range m.DefaultContainerAnnotations { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovRunhcs(uint64(len(k))) + 1 + len(v) + sovRunhcs(uint64(len(v))) + n += mapEntrySize + 2 + sovRunhcs(uint64(mapEntrySize)) + } + } + if m.NoInheritHostTimezone { + n += 3 + } + if m.ScrubLogs { + n += 3 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -628,14 +727,7 @@ func (m *ProcessDetails) Size() (n int) { } func sovRunhcs(x uint64) (n int) { - for { - n++ - x >>= 7 - if x == 0 { - break - } - } - return n + return (math_bits.Len64(x|1) + 6) / 7 } func sozRunhcs(x uint64) (n int) { return sovRunhcs(uint64((x << 1) ^ uint64((int64(x) >> 63)))) @@ -644,6 +736,16 @@ func (this *Options) String() string { if this == nil { return "nil" } + keysForDefaultContainerAnnotations := make([]string, 0, len(this.DefaultContainerAnnotations)) + for k, _ := range this.DefaultContainerAnnotations { + keysForDefaultContainerAnnotations = append(keysForDefaultContainerAnnotations, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForDefaultContainerAnnotations) + mapStringForDefaultContainerAnnotations := "map[string]string{" + for _, k := range keysForDefaultContainerAnnotations { + mapStringForDefaultContainerAnnotations += fmt.Sprintf("%v: %v,", k, this.DefaultContainerAnnotations[k]) + } + mapStringForDefaultContainerAnnotations += "}" s := strings.Join([]string{`&Options{`, `Debug:` + fmt.Sprintf("%v", this.Debug) + `,`, `DebugType:` + fmt.Sprintf("%v", this.DebugType) + `,`, @@ -662,6 +764,9 @@ func (this *Options) String() string { `NCProxyAddr:` + fmt.Sprintf("%v", this.NCProxyAddr) + `,`, `LogLevel:` + fmt.Sprintf("%v", this.LogLevel) + `,`, `IoRetryTimeoutInSec:` + fmt.Sprintf("%v", this.IoRetryTimeoutInSec) + `,`, + `DefaultContainerAnnotations:` + mapStringForDefaultContainerAnnotations + `,`, + `NoInheritHostTimezone:` + fmt.Sprintf("%v", this.NoInheritHostTimezone) + `,`, + `ScrubLogs:` + fmt.Sprintf("%v", this.ScrubLogs) + `,`, `XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`, `}`, }, "") @@ -673,7 +778,7 @@ func (this *ProcessDetails) String() string { } s := strings.Join([]string{`&ProcessDetails{`, `ImageName:` + fmt.Sprintf("%v", this.ImageName) + `,`, - `CreatedAt:` + strings.Replace(strings.Replace(this.CreatedAt.String(), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`, + `CreatedAt:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.CreatedAt), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`, `KernelTime_100Ns:` + fmt.Sprintf("%v", this.KernelTime_100Ns) + `,`, `MemoryCommitBytes:` + fmt.Sprintf("%v", this.MemoryCommitBytes) + `,`, `MemoryWorkingSetPrivateBytes:` + fmt.Sprintf("%v", this.MemoryWorkingSetPrivateBytes) + `,`, @@ -1140,16 +1245,180 @@ func (m *Options) Unmarshal(dAtA []byte) error { break } } + case 18: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DefaultContainerAnnotations", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRunhcs + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthRunhcs + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthRunhcs + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.DefaultContainerAnnotations == nil { + m.DefaultContainerAnnotations = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRunhcs + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRunhcs + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthRunhcs + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthRunhcs + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRunhcs + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthRunhcs + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthRunhcs + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipRunhcs(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthRunhcs + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.DefaultContainerAnnotations[mapkey] = mapvalue + iNdEx = postIndex + case 19: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field NoInheritHostTimezone", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRunhcs + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.NoInheritHostTimezone = bool(v != 0) + case 20: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ScrubLogs", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRunhcs + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.ScrubLogs = bool(v != 0) default: iNdEx = preIndex skippy, err := skipRunhcs(dAtA[iNdEx:]) if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthRunhcs - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthRunhcs } if (iNdEx + skippy) > l { @@ -1411,10 +1680,7 @@ func (m *ProcessDetails) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthRunhcs - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthRunhcs } if (iNdEx + skippy) > l { @@ -1433,6 +1699,7 @@ func (m *ProcessDetails) Unmarshal(dAtA []byte) error { func skipRunhcs(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 + depth := 0 for iNdEx < l { var wire uint64 for shift := uint(0); ; shift += 7 { @@ -1464,10 +1731,8 @@ func skipRunhcs(dAtA []byte) (n int, err error) { break } } - return iNdEx, nil case 1: iNdEx += 8 - return iNdEx, nil case 2: var length int for shift := uint(0); ; shift += 7 { @@ -1488,55 +1753,30 @@ func skipRunhcs(dAtA []byte) (n int, err error) { return 0, ErrInvalidLengthRunhcs } iNdEx += length - if iNdEx < 0 { - return 0, ErrInvalidLengthRunhcs - } - return iNdEx, nil case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowRunhcs - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipRunhcs(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthRunhcs - } - } - return iNdEx, nil + depth++ case 4: - return iNdEx, nil + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupRunhcs + } + depth-- case 5: iNdEx += 4 - return iNdEx, nil default: return 0, fmt.Errorf("proto: illegal wireType %d", wireType) } + if iNdEx < 0 { + return 0, ErrInvalidLengthRunhcs + } + if depth == 0 { + return iNdEx, nil + } } - panic("unreachable") + return 0, io.ErrUnexpectedEOF } var ( - ErrInvalidLengthRunhcs = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowRunhcs = fmt.Errorf("proto: integer overflow") + ErrInvalidLengthRunhcs = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowRunhcs = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupRunhcs = fmt.Errorf("proto: unexpected end of group") ) diff --git a/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.proto b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.proto index 60c89adbd..1124dd201 100644 --- a/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.proto +++ b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.proto @@ -98,6 +98,16 @@ message Options { // The typical example is if Containerd has restarted but is expected to come back online. A 0 for this field is interpreted as an infinite // timeout. int32 io_retry_timeout_in_sec = 17; + + // default_container_annotations specifies a set of annotations that should be set for every workload container + map default_container_annotations = 18; + + // no_inherit_host_timezone specifies to skip inheriting the hosts time zone for WCOW UVMs and instead default to + // UTC. + bool no_inherit_host_timezone = 19; + + // scrub_logs enables removing environment variables and other potentially sensitive information from logs + bool scrub_logs = 20; } // ProcessDetails contains additional information about a process. This is the additional diff --git a/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats/stats.pb.go b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats/stats.pb.go index 0b41b11b0..9e2812715 100644 --- a/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats/stats.pb.go +++ b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats/stats.pb.go @@ -11,6 +11,7 @@ import ( github_com_gogo_protobuf_types "github.com/gogo/protobuf/types" io "io" math "math" + math_bits "math/bits" reflect "reflect" strings "strings" time "time" @@ -26,7 +27,7 @@ var _ = time.Kitchen // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package type Statistics struct { // Types that are valid to be assigned to Container: @@ -52,7 +53,7 @@ func (m *Statistics) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_Statistics.Marshal(b, m, deterministic) } else { b = b[:cap(b)] - n, err := m.MarshalTo(b) + n, err := m.MarshalToSizedBuffer(b) if err != nil { return nil, err } @@ -78,10 +79,10 @@ type isStatistics_Container interface { } type Statistics_Windows struct { - Windows *WindowsContainerStatistics `protobuf:"bytes,1,opt,name=windows,proto3,oneof"` + Windows *WindowsContainerStatistics `protobuf:"bytes,1,opt,name=windows,proto3,oneof" json:"windows,omitempty"` } type Statistics_Linux struct { - Linux *v1.Metrics `protobuf:"bytes,2,opt,name=linux,proto3,oneof"` + Linux *v1.Metrics `protobuf:"bytes,2,opt,name=linux,proto3,oneof" json:"linux,omitempty"` } func (*Statistics_Windows) isStatistics_Container() {} @@ -108,80 +109,14 @@ func (m *Statistics) GetLinux() *v1.Metrics { return nil } -// XXX_OneofFuncs is for the internal use of the proto package. -func (*Statistics) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { - return _Statistics_OneofMarshaler, _Statistics_OneofUnmarshaler, _Statistics_OneofSizer, []interface{}{ +// XXX_OneofWrappers is for the internal use of the proto package. +func (*Statistics) XXX_OneofWrappers() []interface{} { + return []interface{}{ (*Statistics_Windows)(nil), (*Statistics_Linux)(nil), } } -func _Statistics_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { - m := msg.(*Statistics) - // container - switch x := m.Container.(type) { - case *Statistics_Windows: - _ = b.EncodeVarint(1<<3 | proto.WireBytes) - if err := b.EncodeMessage(x.Windows); err != nil { - return err - } - case *Statistics_Linux: - _ = b.EncodeVarint(2<<3 | proto.WireBytes) - if err := b.EncodeMessage(x.Linux); err != nil { - return err - } - case nil: - default: - return fmt.Errorf("Statistics.Container has unexpected type %T", x) - } - return nil -} - -func _Statistics_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { - m := msg.(*Statistics) - switch tag { - case 1: // container.windows - if wire != proto.WireBytes { - return true, proto.ErrInternalBadWireType - } - msg := new(WindowsContainerStatistics) - err := b.DecodeMessage(msg) - m.Container = &Statistics_Windows{msg} - return true, err - case 2: // container.linux - if wire != proto.WireBytes { - return true, proto.ErrInternalBadWireType - } - msg := new(v1.Metrics) - err := b.DecodeMessage(msg) - m.Container = &Statistics_Linux{msg} - return true, err - default: - return false, nil - } -} - -func _Statistics_OneofSizer(msg proto.Message) (n int) { - m := msg.(*Statistics) - // container - switch x := m.Container.(type) { - case *Statistics_Windows: - s := proto.Size(x.Windows) - n += 1 // tag and wire - n += proto.SizeVarint(uint64(s)) - n += s - case *Statistics_Linux: - s := proto.Size(x.Linux) - n += 1 // tag and wire - n += proto.SizeVarint(uint64(s)) - n += s - case nil: - default: - panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) - } - return n -} - type WindowsContainerStatistics struct { Timestamp time.Time `protobuf:"bytes,1,opt,name=timestamp,proto3,stdtime" json:"timestamp"` ContainerStartTime time.Time `protobuf:"bytes,2,opt,name=container_start_time,json=containerStartTime,proto3,stdtime" json:"container_start_time"` @@ -207,7 +142,7 @@ func (m *WindowsContainerStatistics) XXX_Marshal(b []byte, deterministic bool) ( return xxx_messageInfo_WindowsContainerStatistics.Marshal(b, m, deterministic) } else { b = b[:cap(b)] - n, err := m.MarshalTo(b) + n, err := m.MarshalToSizedBuffer(b) if err != nil { return nil, err } @@ -248,7 +183,7 @@ func (m *WindowsContainerProcessorStatistics) XXX_Marshal(b []byte, deterministi return xxx_messageInfo_WindowsContainerProcessorStatistics.Marshal(b, m, deterministic) } else { b = b[:cap(b)] - n, err := m.MarshalTo(b) + n, err := m.MarshalToSizedBuffer(b) if err != nil { return nil, err } @@ -289,7 +224,7 @@ func (m *WindowsContainerMemoryStatistics) XXX_Marshal(b []byte, deterministic b return xxx_messageInfo_WindowsContainerMemoryStatistics.Marshal(b, m, deterministic) } else { b = b[:cap(b)] - n, err := m.MarshalTo(b) + n, err := m.MarshalToSizedBuffer(b) if err != nil { return nil, err } @@ -331,7 +266,7 @@ func (m *WindowsContainerStorageStatistics) XXX_Marshal(b []byte, deterministic return xxx_messageInfo_WindowsContainerStorageStatistics.Marshal(b, m, deterministic) } else { b = b[:cap(b)] - n, err := m.MarshalTo(b) + n, err := m.MarshalToSizedBuffer(b) if err != nil { return nil, err } @@ -371,7 +306,7 @@ func (m *VirtualMachineStatistics) XXX_Marshal(b []byte, deterministic bool) ([] return xxx_messageInfo_VirtualMachineStatistics.Marshal(b, m, deterministic) } else { b = b[:cap(b)] - n, err := m.MarshalTo(b) + n, err := m.MarshalToSizedBuffer(b) if err != nil { return nil, err } @@ -410,7 +345,7 @@ func (m *VirtualMachineProcessorStatistics) XXX_Marshal(b []byte, deterministic return xxx_messageInfo_VirtualMachineProcessorStatistics.Marshal(b, m, deterministic) } else { b = b[:cap(b)] - n, err := m.MarshalTo(b) + n, err := m.MarshalToSizedBuffer(b) if err != nil { return nil, err } @@ -451,7 +386,7 @@ func (m *VirtualMachineMemoryStatistics) XXX_Marshal(b []byte, deterministic boo return xxx_messageInfo_VirtualMachineMemoryStatistics.Marshal(b, m, deterministic) } else { b = b[:cap(b)] - n, err := m.MarshalTo(b) + n, err := m.MarshalToSizedBuffer(b) if err != nil { return nil, err } @@ -496,7 +431,7 @@ func (m *VirtualMachineMemory) XXX_Marshal(b []byte, deterministic bool) ([]byte return xxx_messageInfo_VirtualMachineMemory.Marshal(b, m, deterministic) } else { b = b[:cap(b)] - n, err := m.MarshalTo(b) + n, err := m.MarshalToSizedBuffer(b) if err != nil { return nil, err } @@ -603,7 +538,7 @@ var fileDescriptor_23217f96da3a05cc = []byte{ func (m *Statistics) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -611,65 +546,89 @@ func (m *Statistics) Marshal() (dAtA []byte, err error) { } func (m *Statistics) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Statistics) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - if m.Container != nil { - nn1, err := m.Container.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += nn1 + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } if m.VM != nil { - dAtA[i] = 0x1a - i++ - i = encodeVarintStats(dAtA, i, uint64(m.VM.Size())) - n2, err := m.VM.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err + { + size, err := m.VM.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintStats(dAtA, i, uint64(size)) } - i += n2 + i-- + dAtA[i] = 0x1a } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) + if m.Container != nil { + { + size := m.Container.Size() + i -= size + if _, err := m.Container.MarshalTo(dAtA[i:]); err != nil { + return 0, err + } + } } - return i, nil + return len(dAtA) - i, nil } func (m *Statistics_Windows) MarshalTo(dAtA []byte) (int, error) { - i := 0 + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Statistics_Windows) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) if m.Windows != nil { - dAtA[i] = 0xa - i++ - i = encodeVarintStats(dAtA, i, uint64(m.Windows.Size())) - n3, err := m.Windows.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err + { + size, err := m.Windows.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintStats(dAtA, i, uint64(size)) } - i += n3 + i-- + dAtA[i] = 0xa } - return i, nil + return len(dAtA) - i, nil } func (m *Statistics_Linux) MarshalTo(dAtA []byte) (int, error) { - i := 0 + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Statistics_Linux) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) if m.Linux != nil { - dAtA[i] = 0x12 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.Linux.Size())) - n4, err := m.Linux.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err + { + size, err := m.Linux.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintStats(dAtA, i, uint64(size)) } - i += n4 + i-- + dAtA[i] = 0x12 } - return i, nil + return len(dAtA) - i, nil } func (m *WindowsContainerStatistics) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -677,71 +636,83 @@ func (m *WindowsContainerStatistics) Marshal() (dAtA []byte, err error) { } func (m *WindowsContainerStatistics) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *WindowsContainerStatistics) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - dAtA[i] = 0xa - i++ - i = encodeVarintStats(dAtA, i, uint64(github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp))) - n5, err := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Timestamp, dAtA[i:]) - if err != nil { - return 0, err - } - i += n5 - dAtA[i] = 0x12 - i++ - i = encodeVarintStats(dAtA, i, uint64(github_com_gogo_protobuf_types.SizeOfStdTime(m.ContainerStartTime))) - n6, err := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ContainerStartTime, dAtA[i:]) - if err != nil { - return 0, err - } - i += n6 - if m.UptimeNS != 0 { - dAtA[i] = 0x18 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.UptimeNS)) - } - if m.Processor != nil { - dAtA[i] = 0x22 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.Processor.Size())) - n7, err := m.Processor.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n7 - } - if m.Memory != nil { - dAtA[i] = 0x2a - i++ - i = encodeVarintStats(dAtA, i, uint64(m.Memory.Size())) - n8, err := m.Memory.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n8 + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } if m.Storage != nil { - dAtA[i] = 0x32 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.Storage.Size())) - n9, err := m.Storage.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err + { + size, err := m.Storage.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintStats(dAtA, i, uint64(size)) } - i += n9 + i-- + dAtA[i] = 0x32 } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) + if m.Memory != nil { + { + size, err := m.Memory.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintStats(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a } - return i, nil + if m.Processor != nil { + { + size, err := m.Processor.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintStats(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x22 + } + if m.UptimeNS != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.UptimeNS)) + i-- + dAtA[i] = 0x18 + } + n7, err7 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ContainerStartTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.ContainerStartTime):]) + if err7 != nil { + return 0, err7 + } + i -= n7 + i = encodeVarintStats(dAtA, i, uint64(n7)) + i-- + dAtA[i] = 0x12 + n8, err8 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Timestamp, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Timestamp):]) + if err8 != nil { + return 0, err8 + } + i -= n8 + i = encodeVarintStats(dAtA, i, uint64(n8)) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil } func (m *WindowsContainerProcessorStatistics) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -749,35 +720,41 @@ func (m *WindowsContainerProcessorStatistics) Marshal() (dAtA []byte, err error) } func (m *WindowsContainerProcessorStatistics) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *WindowsContainerProcessorStatistics) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - if m.TotalRuntimeNS != 0 { - dAtA[i] = 0x8 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.TotalRuntimeNS)) - } - if m.RuntimeUserNS != 0 { - dAtA[i] = 0x10 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.RuntimeUserNS)) + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } if m.RuntimeKernelNS != 0 { - dAtA[i] = 0x18 - i++ i = encodeVarintStats(dAtA, i, uint64(m.RuntimeKernelNS)) + i-- + dAtA[i] = 0x18 } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) + if m.RuntimeUserNS != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.RuntimeUserNS)) + i-- + dAtA[i] = 0x10 } - return i, nil + if m.TotalRuntimeNS != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.TotalRuntimeNS)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil } func (m *WindowsContainerMemoryStatistics) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -785,35 +762,41 @@ func (m *WindowsContainerMemoryStatistics) Marshal() (dAtA []byte, err error) { } func (m *WindowsContainerMemoryStatistics) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *WindowsContainerMemoryStatistics) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - if m.MemoryUsageCommitBytes != 0 { - dAtA[i] = 0x8 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.MemoryUsageCommitBytes)) - } - if m.MemoryUsageCommitPeakBytes != 0 { - dAtA[i] = 0x10 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.MemoryUsageCommitPeakBytes)) + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } if m.MemoryUsagePrivateWorkingSetBytes != 0 { - dAtA[i] = 0x18 - i++ i = encodeVarintStats(dAtA, i, uint64(m.MemoryUsagePrivateWorkingSetBytes)) + i-- + dAtA[i] = 0x18 } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) + if m.MemoryUsageCommitPeakBytes != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.MemoryUsageCommitPeakBytes)) + i-- + dAtA[i] = 0x10 } - return i, nil + if m.MemoryUsageCommitBytes != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.MemoryUsageCommitBytes)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil } func (m *WindowsContainerStorageStatistics) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -821,40 +804,46 @@ func (m *WindowsContainerStorageStatistics) Marshal() (dAtA []byte, err error) { } func (m *WindowsContainerStorageStatistics) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *WindowsContainerStorageStatistics) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - if m.ReadCountNormalized != 0 { - dAtA[i] = 0x8 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.ReadCountNormalized)) - } - if m.ReadSizeBytes != 0 { - dAtA[i] = 0x10 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.ReadSizeBytes)) - } - if m.WriteCountNormalized != 0 { - dAtA[i] = 0x18 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.WriteCountNormalized)) + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } if m.WriteSizeBytes != 0 { - dAtA[i] = 0x20 - i++ i = encodeVarintStats(dAtA, i, uint64(m.WriteSizeBytes)) + i-- + dAtA[i] = 0x20 } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) + if m.WriteCountNormalized != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.WriteCountNormalized)) + i-- + dAtA[i] = 0x18 } - return i, nil + if m.ReadSizeBytes != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.ReadSizeBytes)) + i-- + dAtA[i] = 0x10 + } + if m.ReadCountNormalized != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.ReadCountNormalized)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil } func (m *VirtualMachineStatistics) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -862,40 +851,50 @@ func (m *VirtualMachineStatistics) Marshal() (dAtA []byte, err error) { } func (m *VirtualMachineStatistics) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *VirtualMachineStatistics) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - if m.Processor != nil { - dAtA[i] = 0xa - i++ - i = encodeVarintStats(dAtA, i, uint64(m.Processor.Size())) - n10, err := m.Processor.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n10 + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } if m.Memory != nil { - dAtA[i] = 0x12 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.Memory.Size())) - n11, err := m.Memory.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err + { + size, err := m.Memory.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintStats(dAtA, i, uint64(size)) } - i += n11 + i-- + dAtA[i] = 0x12 } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) + if m.Processor != nil { + { + size, err := m.Processor.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintStats(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa } - return i, nil + return len(dAtA) - i, nil } func (m *VirtualMachineProcessorStatistics) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -903,25 +902,31 @@ func (m *VirtualMachineProcessorStatistics) Marshal() (dAtA []byte, err error) { } func (m *VirtualMachineProcessorStatistics) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *VirtualMachineProcessorStatistics) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - if m.TotalRuntimeNS != 0 { - dAtA[i] = 0x8 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.TotalRuntimeNS)) - } if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } - return i, nil + if m.TotalRuntimeNS != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.TotalRuntimeNS)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil } func (m *VirtualMachineMemoryStatistics) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -929,40 +934,48 @@ func (m *VirtualMachineMemoryStatistics) Marshal() (dAtA []byte, err error) { } func (m *VirtualMachineMemoryStatistics) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *VirtualMachineMemoryStatistics) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - if m.WorkingSetBytes != 0 { - dAtA[i] = 0x8 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.WorkingSetBytes)) - } - if m.VirtualNodeCount != 0 { - dAtA[i] = 0x10 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.VirtualNodeCount)) + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } if m.VmMemory != nil { - dAtA[i] = 0x1a - i++ - i = encodeVarintStats(dAtA, i, uint64(m.VmMemory.Size())) - n12, err := m.VmMemory.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err + { + size, err := m.VmMemory.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintStats(dAtA, i, uint64(size)) } - i += n12 + i-- + dAtA[i] = 0x1a } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) + if m.VirtualNodeCount != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.VirtualNodeCount)) + i-- + dAtA[i] = 0x10 } - return i, nil + if m.WorkingSetBytes != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.WorkingSetBytes)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil } func (m *VirtualMachineMemory) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -970,74 +983,82 @@ func (m *VirtualMachineMemory) Marshal() (dAtA []byte, err error) { } func (m *VirtualMachineMemory) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *VirtualMachineMemory) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - if m.AvailableMemory != 0 { - dAtA[i] = 0x8 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.AvailableMemory)) - } - if m.AvailableMemoryBuffer != 0 { - dAtA[i] = 0x10 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.AvailableMemoryBuffer)) - } - if m.ReservedMemory != 0 { - dAtA[i] = 0x18 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.ReservedMemory)) - } - if m.AssignedMemory != 0 { - dAtA[i] = 0x20 - i++ - i = encodeVarintStats(dAtA, i, uint64(m.AssignedMemory)) - } - if m.SlpActive { - dAtA[i] = 0x28 - i++ - if m.SlpActive { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i++ - } - if m.BalancingEnabled { - dAtA[i] = 0x30 - i++ - if m.BalancingEnabled { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i++ + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) } if m.DmOperationInProgress { - dAtA[i] = 0x38 - i++ + i-- if m.DmOperationInProgress { dAtA[i] = 1 } else { dAtA[i] = 0 } - i++ + i-- + dAtA[i] = 0x38 } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) + if m.BalancingEnabled { + i-- + if m.BalancingEnabled { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x30 } - return i, nil + if m.SlpActive { + i-- + if m.SlpActive { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x28 + } + if m.AssignedMemory != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.AssignedMemory)) + i-- + dAtA[i] = 0x20 + } + if m.ReservedMemory != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.ReservedMemory)) + i-- + dAtA[i] = 0x18 + } + if m.AvailableMemoryBuffer != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.AvailableMemoryBuffer)) + i-- + dAtA[i] = 0x10 + } + if m.AvailableMemory != 0 { + i = encodeVarintStats(dAtA, i, uint64(m.AvailableMemory)) + i-- + dAtA[i] = 0x8 + } + return len(dAtA) - i, nil } func encodeVarintStats(dAtA []byte, offset int, v uint64) int { + offset -= sovStats(v) + base := offset for v >= 1<<7 { dAtA[offset] = uint8(v&0x7f | 0x80) v >>= 7 offset++ } dAtA[offset] = uint8(v) - return offset + 1 + return base } func (m *Statistics) Size() (n int) { if m == nil { @@ -1270,14 +1291,7 @@ func (m *VirtualMachineMemory) Size() (n int) { } func sovStats(x uint64) (n int) { - for { - n++ - x >>= 7 - if x == 0 { - break - } - } - return n + return (math_bits.Len64(x|1) + 6) / 7 } func sozStats(x uint64) (n int) { return sovStats(uint64((x << 1) ^ uint64((int64(x) >> 63)))) @@ -1288,7 +1302,7 @@ func (this *Statistics) String() string { } s := strings.Join([]string{`&Statistics{`, `Container:` + fmt.Sprintf("%v", this.Container) + `,`, - `VM:` + strings.Replace(fmt.Sprintf("%v", this.VM), "VirtualMachineStatistics", "VirtualMachineStatistics", 1) + `,`, + `VM:` + strings.Replace(this.VM.String(), "VirtualMachineStatistics", "VirtualMachineStatistics", 1) + `,`, `XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`, `}`, }, "") @@ -1319,12 +1333,12 @@ func (this *WindowsContainerStatistics) String() string { return "nil" } s := strings.Join([]string{`&WindowsContainerStatistics{`, - `Timestamp:` + strings.Replace(strings.Replace(this.Timestamp.String(), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`, - `ContainerStartTime:` + strings.Replace(strings.Replace(this.ContainerStartTime.String(), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`, + `Timestamp:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Timestamp), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`, + `ContainerStartTime:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ContainerStartTime), "Timestamp", "types.Timestamp", 1), `&`, ``, 1) + `,`, `UptimeNS:` + fmt.Sprintf("%v", this.UptimeNS) + `,`, - `Processor:` + strings.Replace(fmt.Sprintf("%v", this.Processor), "WindowsContainerProcessorStatistics", "WindowsContainerProcessorStatistics", 1) + `,`, - `Memory:` + strings.Replace(fmt.Sprintf("%v", this.Memory), "WindowsContainerMemoryStatistics", "WindowsContainerMemoryStatistics", 1) + `,`, - `Storage:` + strings.Replace(fmt.Sprintf("%v", this.Storage), "WindowsContainerStorageStatistics", "WindowsContainerStorageStatistics", 1) + `,`, + `Processor:` + strings.Replace(this.Processor.String(), "WindowsContainerProcessorStatistics", "WindowsContainerProcessorStatistics", 1) + `,`, + `Memory:` + strings.Replace(this.Memory.String(), "WindowsContainerMemoryStatistics", "WindowsContainerMemoryStatistics", 1) + `,`, + `Storage:` + strings.Replace(this.Storage.String(), "WindowsContainerStorageStatistics", "WindowsContainerStorageStatistics", 1) + `,`, `XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`, `}`, }, "") @@ -1375,8 +1389,8 @@ func (this *VirtualMachineStatistics) String() string { return "nil" } s := strings.Join([]string{`&VirtualMachineStatistics{`, - `Processor:` + strings.Replace(fmt.Sprintf("%v", this.Processor), "VirtualMachineProcessorStatistics", "VirtualMachineProcessorStatistics", 1) + `,`, - `Memory:` + strings.Replace(fmt.Sprintf("%v", this.Memory), "VirtualMachineMemoryStatistics", "VirtualMachineMemoryStatistics", 1) + `,`, + `Processor:` + strings.Replace(this.Processor.String(), "VirtualMachineProcessorStatistics", "VirtualMachineProcessorStatistics", 1) + `,`, + `Memory:` + strings.Replace(this.Memory.String(), "VirtualMachineMemoryStatistics", "VirtualMachineMemoryStatistics", 1) + `,`, `XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`, `}`, }, "") @@ -1400,7 +1414,7 @@ func (this *VirtualMachineMemoryStatistics) String() string { s := strings.Join([]string{`&VirtualMachineMemoryStatistics{`, `WorkingSetBytes:` + fmt.Sprintf("%v", this.WorkingSetBytes) + `,`, `VirtualNodeCount:` + fmt.Sprintf("%v", this.VirtualNodeCount) + `,`, - `VmMemory:` + strings.Replace(fmt.Sprintf("%v", this.VmMemory), "VirtualMachineMemory", "VirtualMachineMemory", 1) + `,`, + `VmMemory:` + strings.Replace(this.VmMemory.String(), "VirtualMachineMemory", "VirtualMachineMemory", 1) + `,`, `XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`, `}`, }, "") @@ -1572,10 +1586,7 @@ func (m *Statistics) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStats - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStats } if (iNdEx + skippy) > l { @@ -1819,10 +1830,7 @@ func (m *WindowsContainerStatistics) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStats - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStats } if (iNdEx + skippy) > l { @@ -1930,10 +1938,7 @@ func (m *WindowsContainerProcessorStatistics) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStats - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStats } if (iNdEx + skippy) > l { @@ -2041,10 +2046,7 @@ func (m *WindowsContainerMemoryStatistics) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStats - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStats } if (iNdEx + skippy) > l { @@ -2171,10 +2173,7 @@ func (m *WindowsContainerStorageStatistics) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStats - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStats } if (iNdEx + skippy) > l { @@ -2297,10 +2296,7 @@ func (m *VirtualMachineStatistics) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStats - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStats } if (iNdEx + skippy) > l { @@ -2370,10 +2366,7 @@ func (m *VirtualMachineProcessorStatistics) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStats - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStats } if (iNdEx + skippy) > l { @@ -2498,10 +2491,7 @@ func (m *VirtualMachineMemoryStatistics) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStats - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStats } if (iNdEx + skippy) > l { @@ -2688,10 +2678,7 @@ func (m *VirtualMachineMemory) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStats - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStats } if (iNdEx + skippy) > l { @@ -2710,6 +2697,7 @@ func (m *VirtualMachineMemory) Unmarshal(dAtA []byte) error { func skipStats(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 + depth := 0 for iNdEx < l { var wire uint64 for shift := uint(0); ; shift += 7 { @@ -2741,10 +2729,8 @@ func skipStats(dAtA []byte) (n int, err error) { break } } - return iNdEx, nil case 1: iNdEx += 8 - return iNdEx, nil case 2: var length int for shift := uint(0); ; shift += 7 { @@ -2765,55 +2751,30 @@ func skipStats(dAtA []byte) (n int, err error) { return 0, ErrInvalidLengthStats } iNdEx += length - if iNdEx < 0 { - return 0, ErrInvalidLengthStats - } - return iNdEx, nil case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowStats - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipStats(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthStats - } - } - return iNdEx, nil + depth++ case 4: - return iNdEx, nil + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupStats + } + depth-- case 5: iNdEx += 4 - return iNdEx, nil default: return 0, fmt.Errorf("proto: illegal wireType %d", wireType) } + if iNdEx < 0 { + return 0, ErrInvalidLengthStats + } + if depth == 0 { + return iNdEx, nil + } } - panic("unreachable") + return 0, io.ErrUnexpectedEOF } var ( - ErrInvalidLengthStats = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowStats = fmt.Errorf("proto: integer overflow") + ErrInvalidLengthStats = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowStats = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupStats = fmt.Errorf("proto: unexpected end of group") ) diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/attach.go b/vendor/github.com/Microsoft/hcsshim/computestorage/attach.go index 7f1f2823d..54c4b3bc4 100644 --- a/vendor/github.com/Microsoft/hcsshim/computestorage/attach.go +++ b/vendor/github.com/Microsoft/hcsshim/computestorage/attach.go @@ -1,3 +1,5 @@ +//go:build windows + package computestorage import ( @@ -17,8 +19,8 @@ import ( // // `layerData` is the parent read-only layer data. func AttachLayerStorageFilter(ctx context.Context, layerPath string, layerData LayerData) (err error) { - title := "hcsshim.AttachLayerStorageFilter" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + title := "hcsshim::AttachLayerStorageFilter" + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go b/vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go index 8e28e6c50..5058d3b55 100644 --- a/vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go +++ b/vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go @@ -1,3 +1,5 @@ +//go:build windows + package computestorage import ( @@ -12,8 +14,8 @@ import ( // // `layerPath` is a path to a directory containing the layer to export. func DestroyLayer(ctx context.Context, layerPath string) (err error) { - title := "hcsshim.DestroyLayer" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + title := "hcsshim::DestroyLayer" + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("layerPath", layerPath)) diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/detach.go b/vendor/github.com/Microsoft/hcsshim/computestorage/detach.go index 435473257..daf1bfff2 100644 --- a/vendor/github.com/Microsoft/hcsshim/computestorage/detach.go +++ b/vendor/github.com/Microsoft/hcsshim/computestorage/detach.go @@ -1,3 +1,5 @@ +//go:build windows + package computestorage import ( @@ -12,8 +14,8 @@ import ( // // `layerPath` is a path to a directory containing the layer to export. func DetachLayerStorageFilter(ctx context.Context, layerPath string) (err error) { - title := "hcsshim.DetachLayerStorageFilter" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + title := "hcsshim::DetachLayerStorageFilter" + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("layerPath", layerPath)) diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/export.go b/vendor/github.com/Microsoft/hcsshim/computestorage/export.go index a1b12dd12..c6370a5c9 100644 --- a/vendor/github.com/Microsoft/hcsshim/computestorage/export.go +++ b/vendor/github.com/Microsoft/hcsshim/computestorage/export.go @@ -1,3 +1,5 @@ +//go:build windows + package computestorage import ( @@ -19,8 +21,8 @@ import ( // // `options` are the export options applied to the exported layer. func ExportLayer(ctx context.Context, layerPath, exportFolderPath string, layerData LayerData, options ExportLayerOptions) (err error) { - title := "hcsshim.ExportLayer" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + title := "hcsshim::ExportLayer" + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( @@ -28,17 +30,17 @@ func ExportLayer(ctx context.Context, layerPath, exportFolderPath string, layerD trace.StringAttribute("exportFolderPath", exportFolderPath), ) - ldbytes, err := json.Marshal(layerData) + ldBytes, err := json.Marshal(layerData) if err != nil { return err } - obytes, err := json.Marshal(options) + oBytes, err := json.Marshal(options) if err != nil { return err } - err = hcsExportLayer(layerPath, exportFolderPath, string(ldbytes), string(obytes)) + err = hcsExportLayer(layerPath, exportFolderPath, string(ldBytes), string(oBytes)) if err != nil { return errors.Wrap(err, "failed to export layer") } diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/format.go b/vendor/github.com/Microsoft/hcsshim/computestorage/format.go index 83c0fa33f..2140e5c9f 100644 --- a/vendor/github.com/Microsoft/hcsshim/computestorage/format.go +++ b/vendor/github.com/Microsoft/hcsshim/computestorage/format.go @@ -1,3 +1,5 @@ +//go:build windows + package computestorage import ( @@ -5,16 +7,20 @@ import ( "github.com/Microsoft/hcsshim/internal/oc" "github.com/pkg/errors" - "go.opencensus.io/trace" "golang.org/x/sys/windows" ) // FormatWritableLayerVhd formats a virtual disk for use as a writable container layer. // // If the VHD is not mounted it will be temporarily mounted. +// +// NOTE: This API had a breaking change in the operating system after Windows Server 2019. +// On ws2019 the API expects to get passed a file handle from CreateFile for the vhd that +// the caller wants to format. On > ws2019, its expected that the caller passes a vhd handle +// that can be obtained from the virtdisk APIs. func FormatWritableLayerVhd(ctx context.Context, vhdHandle windows.Handle) (err error) { - title := "hcsshim.FormatWritableLayerVhd" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + title := "hcsshim::FormatWritableLayerVhd" + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go b/vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go index 87fee452c..c3608dcec 100644 --- a/vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go +++ b/vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go @@ -1,3 +1,5 @@ +//go:build windows + package computestorage import ( @@ -6,10 +8,12 @@ import ( "path/filepath" "syscall" - "github.com/Microsoft/go-winio/pkg/security" "github.com/Microsoft/go-winio/vhd" + "github.com/Microsoft/hcsshim/internal/memory" "github.com/pkg/errors" "golang.org/x/sys/windows" + + "github.com/Microsoft/hcsshim/internal/security" ) const defaultVHDXBlockSizeInMB = 1 @@ -59,8 +63,8 @@ func SetupContainerBaseLayer(ctx context.Context, layerPath, baseVhdPath, diffVh createParams := &vhd.CreateVirtualDiskParameters{ Version: 2, Version2: vhd.CreateVersion2{ - MaximumSize: sizeInGB * 1024 * 1024 * 1024, - BlockSizeInBytes: defaultVHDXBlockSizeInMB * 1024 * 1024, + MaximumSize: sizeInGB * memory.GiB, + BlockSizeInBytes: defaultVHDXBlockSizeInMB * memory.MiB, }, } handle, err := vhd.CreateVirtualDisk(baseVhdPath, vhd.VirtualDiskAccessNone, vhd.CreateVirtualDiskFlagNone, createParams) @@ -135,8 +139,8 @@ func SetupUtilityVMBaseLayer(ctx context.Context, uvmPath, baseVhdPath, diffVhdP createParams := &vhd.CreateVirtualDiskParameters{ Version: 2, Version2: vhd.CreateVersion2{ - MaximumSize: sizeInGB * 1024 * 1024 * 1024, - BlockSizeInBytes: defaultVHDXBlockSizeInMB * 1024 * 1024, + MaximumSize: sizeInGB * memory.GiB, + BlockSizeInBytes: defaultVHDXBlockSizeInMB * memory.MiB, }, } handle, err := vhd.CreateVirtualDisk(baseVhdPath, vhd.VirtualDiskAccessNone, vhd.CreateVirtualDiskFlagNone, createParams) diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/import.go b/vendor/github.com/Microsoft/hcsshim/computestorage/import.go index 0c61dab32..e1c87416a 100644 --- a/vendor/github.com/Microsoft/hcsshim/computestorage/import.go +++ b/vendor/github.com/Microsoft/hcsshim/computestorage/import.go @@ -1,3 +1,5 @@ +//go:build windows + package computestorage import ( @@ -19,8 +21,8 @@ import ( // // `layerData` is the parent layer data. func ImportLayer(ctx context.Context, layerPath, sourceFolderPath string, layerData LayerData) (err error) { - title := "hcsshim.ImportLayer" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + title := "hcsshim::ImportLayer" + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go b/vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go index 53ed8ea6e..d0c621605 100644 --- a/vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go +++ b/vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go @@ -1,3 +1,5 @@ +//go:build windows + package computestorage import ( @@ -16,8 +18,8 @@ import ( // // `layerData` is the parent read-only layer data. func InitializeWritableLayer(ctx context.Context, layerPath string, layerData LayerData) (err error) { - title := "hcsshim.InitializeWritableLayer" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + title := "hcsshim::InitializeWritableLayer" + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/mount.go b/vendor/github.com/Microsoft/hcsshim/computestorage/mount.go index fcdbbef81..4f4d8ebf2 100644 --- a/vendor/github.com/Microsoft/hcsshim/computestorage/mount.go +++ b/vendor/github.com/Microsoft/hcsshim/computestorage/mount.go @@ -1,3 +1,5 @@ +//go:build windows + package computestorage import ( @@ -6,14 +8,13 @@ import ( "github.com/Microsoft/hcsshim/internal/interop" "github.com/Microsoft/hcsshim/internal/oc" "github.com/pkg/errors" - "go.opencensus.io/trace" "golang.org/x/sys/windows" ) // GetLayerVhdMountPath returns the volume path for a virtual disk of a writable container layer. func GetLayerVhdMountPath(ctx context.Context, vhdHandle windows.Handle) (path string, err error) { - title := "hcsshim.GetLayerVhdMountPath" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + title := "hcsshim::GetLayerVhdMountPath" + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/setup.go b/vendor/github.com/Microsoft/hcsshim/computestorage/setup.go index 06aaf841e..1c685aed0 100644 --- a/vendor/github.com/Microsoft/hcsshim/computestorage/setup.go +++ b/vendor/github.com/Microsoft/hcsshim/computestorage/setup.go @@ -1,3 +1,5 @@ +//go:build windows + package computestorage import ( @@ -21,8 +23,8 @@ import ( // // `options` are the options applied while processing the layer. func SetupBaseOSLayer(ctx context.Context, layerPath string, vhdHandle windows.Handle, options OsLayerOptions) (err error) { - title := "hcsshim.SetupBaseOSLayer" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + title := "hcsshim::SetupBaseOSLayer" + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( @@ -48,12 +50,16 @@ func SetupBaseOSLayer(ctx context.Context, layerPath string, vhdHandle windows.H // `volumePath` is the path to the volume to be used for setup. // // `options` are the options applied while processing the layer. +// +// NOTE: This API is only available on builds of Windows greater than 19645. Inside we +// check if the hosts build has the API available by using 'GetVersion' which requires +// the calling application to be manifested. https://docs.microsoft.com/en-us/windows/win32/sbscs/manifests func SetupBaseOSVolume(ctx context.Context, layerPath, volumePath string, options OsLayerOptions) (err error) { if osversion.Build() < 19645 { return errors.New("SetupBaseOSVolume is not present on builds older than 19645") } - title := "hcsshim.SetupBaseOSVolume" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + title := "hcsshim::SetupBaseOSVolume" + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( diff --git a/vendor/github.com/Microsoft/hcsshim/computestorage/storage.go b/vendor/github.com/Microsoft/hcsshim/computestorage/storage.go index 95aff9c18..d8b3d6a31 100644 --- a/vendor/github.com/Microsoft/hcsshim/computestorage/storage.go +++ b/vendor/github.com/Microsoft/hcsshim/computestorage/storage.go @@ -20,10 +20,13 @@ import ( //sys hcsGetLayerVhdMountPath(vhdHandle windows.Handle, mountPath **uint16) (hr error) = computestorage.HcsGetLayerVhdMountPath? //sys hcsSetupBaseOSVolume(layerPath string, volumePath string, options string) (hr error) = computestorage.HcsSetupBaseOSVolume? +type Version = hcsschema.Version +type Layer = hcsschema.Layer + // LayerData is the data used to describe parent layer information. type LayerData struct { - SchemaVersion hcsschema.Version `json:"SchemaVersion,omitempty"` - Layers []hcsschema.Layer `json:"Layers,omitempty"` + SchemaVersion Version `json:"SchemaVersion,omitempty"` + Layers []Layer `json:"Layers,omitempty"` } // ExportLayerOptions are the set of options that are used with the `computestorage.HcsExportLayer` syscall. diff --git a/vendor/github.com/Microsoft/hcsshim/container.go b/vendor/github.com/Microsoft/hcsshim/container.go index bfd722898..c8f09f88b 100644 --- a/vendor/github.com/Microsoft/hcsshim/container.go +++ b/vendor/github.com/Microsoft/hcsshim/container.go @@ -1,3 +1,5 @@ +//go:build windows + package hcsshim import ( @@ -60,7 +62,7 @@ type container struct { waitCh chan struct{} } -// createComputeSystemAdditionalJSON is read from the environment at initialisation +// createContainerAdditionalJSON is read from the environment at initialization // time. It allows an environment variable to define additional JSON which // is merged in the CreateComputeSystem call to HCS. var createContainerAdditionalJSON []byte diff --git a/vendor/github.com/Microsoft/hcsshim/errors.go b/vendor/github.com/Microsoft/hcsshim/errors.go index f367022e7..594bbfb7a 100644 --- a/vendor/github.com/Microsoft/hcsshim/errors.go +++ b/vendor/github.com/Microsoft/hcsshim/errors.go @@ -1,3 +1,5 @@ +//go:build windows + package hcsshim import ( @@ -50,6 +52,9 @@ var ( // ErrUnexpectedValue is an error encountered when hcs returns an invalid value ErrUnexpectedValue = hcs.ErrUnexpectedValue + // ErrOperationDenied is an error when hcs attempts an operation that is explicitly denied + ErrOperationDenied = hcs.ErrOperationDenied + // ErrVmcomputeAlreadyStopped is an error encountered when a shutdown or terminate request is made on a stopped container ErrVmcomputeAlreadyStopped = hcs.ErrVmcomputeAlreadyStopped diff --git a/vendor/github.com/Microsoft/hcsshim/ext4/dmverity/dmverity.go b/vendor/github.com/Microsoft/hcsshim/ext4/dmverity/dmverity.go index 894842117..f45307b96 100644 --- a/vendor/github.com/Microsoft/hcsshim/ext4/dmverity/dmverity.go +++ b/vendor/github.com/Microsoft/hcsshim/ext4/dmverity/dmverity.go @@ -1,6 +1,7 @@ package dmverity import ( + "bufio" "bytes" "crypto/rand" "crypto/sha256" @@ -12,19 +13,29 @@ import ( "github.com/pkg/errors" "github.com/Microsoft/hcsshim/ext4/internal/compactext4" + "github.com/Microsoft/hcsshim/internal/memory" ) const ( blockSize = compactext4.BlockSize - // RecommendedVHDSizeGB is the recommended size in GB for VHDs, which is not a hard limit. - RecommendedVHDSizeGB = 128 * 1024 * 1024 * 1024 + // MerkleTreeBufioSize is a default buffer size to use with bufio.Reader + MerkleTreeBufioSize = memory.MiB // 1MB + // RecommendedVHDSizeGB is the recommended size in GB for VHDs, which is not a hard limit. + RecommendedVHDSizeGB = 128 * memory.GiB + // VeritySignature is a value written to dm-verity super-block. + VeritySignature = "verity" +) + +var ( + salt = bytes.Repeat([]byte{0}, 32) + sbSize = binary.Size(dmveritySuperblock{}) ) -var salt = bytes.Repeat([]byte{0}, 32) var ( ErrSuperBlockReadFailure = errors.New("failed to read dm-verity super block") ErrSuperBlockParseFailure = errors.New("failed to parse dm-verity super block") ErrRootHashReadFailure = errors.New("failed to read dm-verity root hash") + ErrNotVeritySuperBlock = errors.New("invalid dm-verity super-block signature") ) type dmveritySuperblock struct { @@ -69,20 +80,19 @@ type VerityInfo struct { Version uint32 } -// MerkleTree constructs dm-verity hash-tree for a given byte array with a fixed salt (0-byte) and algorithm (sha256). -func MerkleTree(data []byte) ([]byte, error) { +// MerkleTree constructs dm-verity hash-tree for a given io.Reader with a fixed salt (0-byte) and algorithm (sha256). +func MerkleTree(r io.Reader) ([]byte, error) { layers := make([][]byte, 0) + currentLevel := r - currentLevel := bytes.NewBuffer(data) - - for currentLevel.Len() != blockSize { - blocks := currentLevel.Len() / blockSize + for { nextLevel := bytes.NewBuffer(make([]byte, 0)) - - for i := 0; i < blocks; i++ { + for { block := make([]byte, blockSize) - _, err := currentLevel.Read(block) - if err != nil { + if _, err := io.ReadFull(currentLevel, block); err != nil { + if err == io.EOF { + break + } return nil, errors.Wrap(err, "failed to read data block") } h := hash2(salt, block) @@ -92,14 +102,18 @@ func MerkleTree(data []byte) ([]byte, error) { padding := bytes.Repeat([]byte{0}, blockSize-(nextLevel.Len()%blockSize)) nextLevel.Write(padding) - currentLevel = nextLevel - layers = append(layers, currentLevel.Bytes()) + layers = append(layers, nextLevel.Bytes()) + currentLevel = bufio.NewReaderSize(nextLevel, MerkleTreeBufioSize) + + // This means that only root hash remains and our job is done + if nextLevel.Len() == blockSize { + break + } } - var tree = bytes.NewBuffer(make([]byte, 0)) + tree := bytes.NewBuffer(make([]byte, 0)) for i := len(layers) - 1; i >= 0; i-- { - _, err := tree.Write(layers[i]) - if err != nil { + if _, err := tree.Write(layers[i]); err != nil { return nil, errors.Wrap(err, "failed to write merkle tree") } } @@ -125,7 +139,7 @@ func NewDMVeritySuperblock(size uint64) *dmveritySuperblock { SaltSize: uint16(len(salt)), } - copy(superblock.Signature[:], "verity") + copy(superblock.Signature[:], VeritySignature) copy(superblock.Algorithm[:], "sha256") copy(superblock.Salt[:], salt) @@ -165,7 +179,7 @@ func ReadDMVerityInfo(vhdPath string, offsetInBytes int64) (*VerityInfo, error) block := make([]byte, blockSize) if s, err := vhd.Read(block); err != nil || s != blockSize { if err != nil { - return nil, errors.Wrapf(ErrSuperBlockReadFailure, "%s", err) + return nil, errors.Wrapf(err, "%s", ErrSuperBlockReadFailure) } return nil, errors.Wrapf(ErrSuperBlockReadFailure, "unexpected bytes read: expected=%d, actual=%d", blockSize, s) } @@ -173,13 +187,15 @@ func ReadDMVerityInfo(vhdPath string, offsetInBytes int64) (*VerityInfo, error) dmvSB := &dmveritySuperblock{} b := bytes.NewBuffer(block) if err := binary.Read(b, binary.LittleEndian, dmvSB); err != nil { - return nil, errors.Wrapf(ErrSuperBlockParseFailure, "%s", err) + return nil, errors.Wrapf(err, "%s", ErrSuperBlockParseFailure) + } + if string(bytes.Trim(dmvSB.Signature[:], "\x00")[:]) != VeritySignature { + return nil, ErrNotVeritySuperBlock } - // read the merkle tree root if s, err := vhd.Read(block); err != nil || s != blockSize { if err != nil { - return nil, errors.Wrapf(ErrRootHashReadFailure, "%s", err) + return nil, errors.Wrapf(err, "%s", ErrRootHashReadFailure) } return nil, errors.Wrapf(ErrRootHashReadFailure, "unexpected bytes read: expected=%d, actual=%d", blockSize, s) } @@ -196,3 +212,37 @@ func ReadDMVerityInfo(vhdPath string, offsetInBytes int64) (*VerityInfo, error) Version: dmvSB.Version, }, nil } + +// ComputeAndWriteHashDevice builds merkle tree from a given io.ReadSeeker and writes the result +// hash device (dm-verity super-block combined with merkle tree) to io.WriteSeeker. +func ComputeAndWriteHashDevice(r io.ReadSeeker, w io.WriteSeeker) error { + if _, err := r.Seek(0, io.SeekStart); err != nil { + return err + } + tree, err := MerkleTree(r) + if err != nil { + return errors.Wrap(err, "failed to build merkle tree") + } + + devSize, err := r.Seek(0, io.SeekEnd) + if err != nil { + return err + } + dmVeritySB := NewDMVeritySuperblock(uint64(devSize)) + if _, err := w.Seek(0, io.SeekEnd); err != nil { + return err + } + if err := binary.Write(w, binary.LittleEndian, dmVeritySB); err != nil { + return errors.Wrap(err, "failed to write dm-verity super-block") + } + // write super-block padding + padding := bytes.Repeat([]byte{0}, blockSize-(sbSize%blockSize)) + if _, err = w.Write(padding); err != nil { + return err + } + // write tree + if _, err := w.Write(tree); err != nil { + return errors.Wrap(err, "failed to write merkle tree") + } + return nil +} diff --git a/vendor/github.com/Microsoft/hcsshim/ext4/internal/compactext4/compact.go b/vendor/github.com/Microsoft/hcsshim/ext4/internal/compactext4/compact.go index f40ac8f98..504437270 100644 --- a/vendor/github.com/Microsoft/hcsshim/ext4/internal/compactext4/compact.go +++ b/vendor/github.com/Microsoft/hcsshim/ext4/internal/compactext4/compact.go @@ -13,6 +13,7 @@ import ( "time" "github.com/Microsoft/hcsshim/ext4/internal/format" + "github.com/Microsoft/hcsshim/internal/memory" ) // Writer writes a compact ext4 file system. @@ -101,15 +102,15 @@ const ( maxInodesPerGroup = BlockSize * 8 // Limited by the inode bitmap inodesPerGroupIncrement = BlockSize / inodeSize - defaultMaxDiskSize = 16 * 1024 * 1024 * 1024 // 16GB + defaultMaxDiskSize = 16 * memory.GiB // 16GB maxMaxDiskSize = 16 * 1024 * 1024 * 1024 * 1024 // 16TB groupDescriptorSize = 32 // Use the small group descriptor groupsPerDescriptorBlock = BlockSize / groupDescriptorSize - maxFileSize = 128 * 1024 * 1024 * 1024 // 128GB file size maximum for now - smallSymlinkSize = 59 // max symlink size that goes directly in the inode - maxBlocksPerExtent = 0x8000 // maximum number of blocks in an extent + maxFileSize = 128 * memory.GiB // 128GB file size maximum for now + smallSymlinkSize = 59 // max symlink size that goes directly in the inode + maxBlocksPerExtent = 0x8000 // maximum number of blocks in an extent inodeDataSize = 60 inodeUsedSize = 152 // fields through CrtimeExtra inodeExtraSize = inodeSize - inodeUsedSize @@ -414,6 +415,15 @@ func (w *Writer) makeInode(f *File, node *inode) (*inode, error) { node.Devmajor = f.Devmajor node.Devminor = f.Devminor node.Data = nil + if f.Xattrs == nil { + f.Xattrs = make(map[string][]byte) + } + + // copy over existing xattrs first, we need to merge existing xattrs and the passed xattrs. + existingXattrs := make(map[string][]byte) + if len(node.XattrInline) > 0 { + getXattrs(node.XattrInline[4:], existingXattrs, 0) + } node.XattrInline = nil var xstate xattrState @@ -452,6 +462,13 @@ func (w *Writer) makeInode(f *File, node *inode) (*inode, error) { return nil, fmt.Errorf("invalid mode %o", mode) } + // merge xattrs but prefer currently passed over existing + for name, data := range existingXattrs { + if _, ok := f.Xattrs[name]; !ok { + f.Xattrs[name] = data + } + } + // Accumulate the extended attributes. if len(f.Xattrs) != 0 { // Sort the xattrs to avoid non-determinism in map iteration. @@ -514,15 +531,16 @@ func (w *Writer) lookup(name string, mustExist bool) (*inode, *inode, string, er return dir, child, childname, nil } -// CreateWithParents adds a file to the file system creating the parent directories in the path if -// they don't exist (like `mkdir -p`). These non existing parent directories are created +// MakeParents ensures that all the parent directories in the path specified by `name` exists. If +// they don't exist it creates them (like `mkdir -p`). These non existing parent directories are created // with the same permissions as that of it's parent directory. It is expected that the a // call to make these parent directories will be made at a later point with the correct // permissions, at that time the permissions of these directories will be updated. -func (w *Writer) CreateWithParents(name string, f *File) error { +func (w *Writer) MakeParents(name string) error { if err := w.finishInode(); err != nil { return err } + // go through the directories in the path one by one and create the // parent directories if they don't exist. cleanname := path.Clean("/" + name)[1:] @@ -553,7 +571,7 @@ func (w *Writer) CreateWithParents(name string, f *File) error { } root = root.Children[dirname] } - return w.Create(name, f) + return nil } // Create adds a file to the file system. @@ -603,6 +621,8 @@ func (w *Writer) Create(name string, f *File) error { } // Link adds a hard link to the file system. +// We support creating hardlinks to symlinks themselves instead of what +// the symlinks link to, as this is what containerd does upstream. func (w *Writer) Link(oldname, newname string) error { if err := w.finishInode(); err != nil { return err @@ -620,8 +640,8 @@ func (w *Writer) Link(oldname, newname string) error { return err } switch oldfile.Mode & format.TypeMask { - case format.S_IFDIR, format.S_IFLNK: - return fmt.Errorf("%s: link target cannot be a directory or symlink: %s", newname, oldname) + case format.S_IFDIR: + return fmt.Errorf("%s: link target cannot be a directory: %s", newname, oldname) } if existing != oldfile && oldfile.LinkCount >= format.MaxLinks { diff --git a/vendor/github.com/Microsoft/hcsshim/ext4/tar2ext4/tar2ext4.go b/vendor/github.com/Microsoft/hcsshim/ext4/tar2ext4/tar2ext4.go index 5fcc3ba78..6baed9d75 100644 --- a/vendor/github.com/Microsoft/hcsshim/ext4/tar2ext4/tar2ext4.go +++ b/vendor/github.com/Microsoft/hcsshim/ext4/tar2ext4/tar2ext4.go @@ -3,15 +3,14 @@ package tar2ext4 import ( "archive/tar" "bufio" - "bytes" "encoding/binary" + "fmt" "github.com/pkg/errors" "io" "io/ioutil" "os" "path" "strings" - "unsafe" "github.com/Microsoft/hcsshim/ext4/dmverity" "github.com/Microsoft/hcsshim/ext4/internal/compactext4" @@ -65,16 +64,16 @@ func MaximumDiskSize(size int64) Option { const ( whiteoutPrefix = ".wh." opaqueWhiteout = ".wh..wh..opq" - ext4blocksize = compactext4.BlockSize ) -// Convert writes a compact ext4 file system image that contains the files in the +// ConvertTarToExt4 writes a compact ext4 file system image that contains the files in the // input tar stream. -func Convert(r io.Reader, w io.ReadWriteSeeker, options ...Option) error { +func ConvertTarToExt4(r io.Reader, w io.ReadWriteSeeker, options ...Option) error { var p params for _, opt := range options { opt(&p) } + t := tar.NewReader(bufio.NewReader(r)) fs := compactext4.NewWriter(w, p.ext4opts...) for { @@ -86,6 +85,10 @@ func Convert(r io.Reader, w io.ReadWriteSeeker, options ...Option) error { return err } + if err = fs.MakeParents(hdr.Name); err != nil { + return errors.Wrapf(err, "failed to ensure parent directories for %s", hdr.Name) + } + if p.convertWhiteout { dir, name := path.Split(hdr.Name) if strings.HasPrefix(name, whiteoutPrefix) { @@ -93,12 +96,12 @@ func Convert(r io.Reader, w io.ReadWriteSeeker, options ...Option) error { // Update the directory with the appropriate xattr. f, err := fs.Stat(dir) if err != nil { - return err + return errors.Wrapf(err, "failed to stat parent directory of whiteout %s", hdr.Name) } f.Xattrs["trusted.overlay.opaque"] = []byte("y") err = fs.Create(dir, f) if err != nil { - return err + return errors.Wrapf(err, "failed to create opaque dir %s", hdr.Name) } } else { // Create an overlay-style whiteout. @@ -109,7 +112,7 @@ func Convert(r io.Reader, w io.ReadWriteSeeker, options ...Option) error { } err = fs.Create(path.Join(dir, name[len(whiteoutPrefix):]), f) if err != nil { - return err + return errors.Wrapf(err, "failed to create whiteout file for %s", hdr.Name) } } @@ -161,7 +164,7 @@ func Convert(r io.Reader, w io.ReadWriteSeeker, options ...Option) error { } f.Mode &= ^compactext4.TypeMask f.Mode |= typ - err = fs.CreateWithParents(hdr.Name, f) + err = fs.Create(hdr.Name, f) if err != nil { return err } @@ -171,67 +174,29 @@ func Convert(r io.Reader, w io.ReadWriteSeeker, options ...Option) error { } } } - err := fs.Close() - if err != nil { + return fs.Close() +} + +// Convert wraps ConvertTarToExt4 and conditionally computes (and appends) the file image's cryptographic +// hashes (merkle tree) or/and appends a VHD footer. +func Convert(r io.Reader, w io.ReadWriteSeeker, options ...Option) error { + var p params + for _, opt := range options { + opt(&p) + } + + if err := ConvertTarToExt4(r, w, options...); err != nil { return err } if p.appendDMVerity { - ext4size, err := w.Seek(0, io.SeekEnd) - if err != nil { - return err - } - - // Rewind the stream and then read it all into a []byte for - // dmverity processing - _, err = w.Seek(0, io.SeekStart) - if err != nil { - return err - } - data, err := ioutil.ReadAll(w) - if err != nil { - return err - } - - mtree, err := dmverity.MerkleTree(data) - if err != nil { - return errors.Wrap(err, "failed to build merkle tree") - } - - // Write dmverity superblock and then the merkle tree after the end of the - // ext4 filesystem - _, err = w.Seek(0, io.SeekEnd) - if err != nil { - return err - } - superblock := dmverity.NewDMVeritySuperblock(uint64(ext4size)) - err = binary.Write(w, binary.LittleEndian, superblock) - if err != nil { - return err - } - // pad the superblock - sbsize := int(unsafe.Sizeof(*superblock)) - padding := bytes.Repeat([]byte{0}, ext4blocksize-(sbsize%ext4blocksize)) - _, err = w.Write(padding) - if err != nil { - return err - } - // write the tree - _, err = w.Write(mtree) - if err != nil { + if err := dmverity.ComputeAndWriteHashDevice(w, w); err != nil { return err } } if p.appendVhdFooter { - size, err := w.Seek(0, io.SeekEnd) - if err != nil { - return err - } - err = binary.Write(w, binary.BigEndian, makeFixedVHDFooter(size)) - if err != nil { - return err - } + return ConvertToVhd(w) } return nil } @@ -266,5 +231,52 @@ func ReadExt4SuperBlock(vhdPath string) (*format.SuperBlock, error) { if err := binary.Read(vhd, binary.LittleEndian, &sb); err != nil { return nil, err } + // Make sure the magic bytes are correct. + if sb.Magic != format.SuperBlockMagic { + return nil, errors.New("not an ext4 file system") + } return &sb, nil } + +// ConvertAndComputeRootDigest writes a compact ext4 file system image that contains the files in the +// input tar stream, computes the resulting file image's cryptographic hashes (merkle tree) and returns +// merkle tree root digest. Convert is called with minimal options: ConvertWhiteout and MaximumDiskSize +// set to dmverity.RecommendedVHDSizeGB. +func ConvertAndComputeRootDigest(r io.Reader) (string, error) { + out, err := ioutil.TempFile("", "") + if err != nil { + return "", fmt.Errorf("failed to create temporary file: %s", err) + } + defer func() { + _ = os.Remove(out.Name()) + }() + + options := []Option{ + ConvertWhiteout, + MaximumDiskSize(dmverity.RecommendedVHDSizeGB), + } + if err := ConvertTarToExt4(r, out, options...); err != nil { + return "", fmt.Errorf("failed to convert tar to ext4: %s", err) + } + + if _, err := out.Seek(0, io.SeekStart); err != nil { + return "", fmt.Errorf("failed to seek start on temp file when creating merkle tree: %s", err) + } + + tree, err := dmverity.MerkleTree(bufio.NewReaderSize(out, dmverity.MerkleTreeBufioSize)) + if err != nil { + return "", fmt.Errorf("failed to create merkle tree: %s", err) + } + + hash := dmverity.RootHash(tree) + return fmt.Sprintf("%x", hash), nil +} + +// ConvertToVhd converts given io.WriteSeeker to VHD, by appending the VHD footer with a fixed size. +func ConvertToVhd(w io.WriteSeeker) error { + size, err := w.Seek(0, io.SeekEnd) + if err != nil { + return err + } + return binary.Write(w, binary.BigEndian, makeFixedVHDFooter(size)) +} diff --git a/vendor/github.com/Microsoft/hcsshim/functional_tests.ps1 b/vendor/github.com/Microsoft/hcsshim/functional_tests.ps1 deleted file mode 100644 index ce6edbcf3..000000000 --- a/vendor/github.com/Microsoft/hcsshim/functional_tests.ps1 +++ /dev/null @@ -1,12 +0,0 @@ -# Requirements so far: -# dockerd running -# - image microsoft/nanoserver (matching host base image) docker load -i c:\baseimages\nanoserver.tar -# - image alpine (linux) docker pull --platform=linux alpine - - -# TODO: Add this a parameter for debugging. ie "functional-tests -debug=$true" -#$env:HCSSHIM_FUNCTIONAL_TESTS_DEBUG="yes please" - -#pushd uvm -go test -v -tags "functional uvmcreate uvmscratch uvmscsi uvmvpmem uvmvsmb uvmp9" ./... -#popd \ No newline at end of file diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/doc.go b/vendor/github.com/Microsoft/hcsshim/hcn/doc.go new file mode 100644 index 000000000..83b2fffb0 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/hcn/doc.go @@ -0,0 +1,3 @@ +// Package hcn is a shim for the Host Compute Networking (HCN) service, which manages networking for Windows Server +// containers and Hyper-V containers. Previous to RS5, HCN was referred to as Host Networking Service (HNS). +package hcn diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcn.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcn.go index df3a59a78..17539b869 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcn.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcn.go @@ -1,5 +1,5 @@ -// Package hcn is a shim for the Host Compute Networking (HCN) service, which manages networking for Windows Server -// containers and Hyper-V containers. Previous to RS5, HCN was referred to as Host Networking Service (HNS). +//go:build windows + package hcn import ( @@ -228,7 +228,7 @@ func IPv6DualStackSupported() error { return platformDoesNotSupportError("IPv6 DualStack") } -//L4proxySupported returns an error if the HCN verison does not support L4Proxy +//L4proxySupported returns an error if the HCN version does not support L4Proxy func L4proxyPolicySupported() error { supported, err := GetCachedSupportedFeatures() if err != nil { @@ -240,7 +240,7 @@ func L4proxyPolicySupported() error { return platformDoesNotSupportError("L4ProxyPolicy") } -// L4WfpProxySupported returns an error if the HCN verison does not support L4WfpProxy +// L4WfpProxySupported returns an error if the HCN version does not support L4WfpProxy func L4WfpProxyPolicySupported() error { supported, err := GetCachedSupportedFeatures() if err != nil { diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnendpoint.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnendpoint.go index 545e8639d..267bbe7cb 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnendpoint.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnendpoint.go @@ -1,3 +1,5 @@ +//go:build windows + package hcn import ( @@ -9,7 +11,7 @@ import ( "github.com/sirupsen/logrus" ) -// IpConfig is assoicated with an endpoint +// IpConfig is associated with an endpoint type IpConfig struct { IpAddress string `json:",omitempty"` PrefixLength uint8 `json:",omitempty"` diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnerrors.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnerrors.go index ad30d320d..8b719fa11 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnerrors.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnerrors.go @@ -1,5 +1,5 @@ -// Package hcn is a shim for the Host Compute Networking (HCN) service, which manages networking for Windows Server -// containers and Hyper-V containers. Previous to RS5, HCN was referred to as Host Networking Service (HNS). +//go:build windows + package hcn import ( @@ -87,10 +87,10 @@ func new(hr error, title string, rest string) error { // // Note that the below errors are not errors returned by hcn itself -// we wish to seperate them as they are shim usage error +// we wish to separate them as they are shim usage error // -// NetworkNotFoundError results from a failed seach for a network by Id or Name +// NetworkNotFoundError results from a failed search for a network by Id or Name type NetworkNotFoundError struct { NetworkName string NetworkID string @@ -103,7 +103,7 @@ func (e NetworkNotFoundError) Error() string { return fmt.Sprintf("Network ID %q not found", e.NetworkID) } -// EndpointNotFoundError results from a failed seach for an endpoint by Id or Name +// EndpointNotFoundError results from a failed search for an endpoint by Id or Name type EndpointNotFoundError struct { EndpointName string EndpointID string @@ -116,7 +116,7 @@ func (e EndpointNotFoundError) Error() string { return fmt.Sprintf("Endpoint ID %q not found", e.EndpointID) } -// NamespaceNotFoundError results from a failed seach for a namsepace by Id +// NamespaceNotFoundError results from a failed search for a namsepace by Id type NamespaceNotFoundError struct { NamespaceID string } @@ -125,7 +125,7 @@ func (e NamespaceNotFoundError) Error() string { return fmt.Sprintf("Namespace ID %q not found", e.NamespaceID) } -// LoadBalancerNotFoundError results from a failed seach for a loadbalancer by Id +// LoadBalancerNotFoundError results from a failed search for a loadbalancer by Id type LoadBalancerNotFoundError struct { LoadBalancerId string } @@ -134,7 +134,7 @@ func (e LoadBalancerNotFoundError) Error() string { return fmt.Sprintf("LoadBalancer %q not found", e.LoadBalancerId) } -// RouteNotFoundError results from a failed seach for a route by Id +// RouteNotFoundError results from a failed search for a route by Id type RouteNotFoundError struct { RouteId string } diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go index 14903bc5e..25e368fc2 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go @@ -1,3 +1,5 @@ +//go:build windows + package hcn import ( diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnloadbalancer.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnloadbalancer.go index 1b434b07b..f68d39053 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnloadbalancer.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnloadbalancer.go @@ -1,3 +1,5 @@ +//go:build windows + package hcn import ( @@ -35,7 +37,7 @@ var ( // LoadBalancerFlagsNone is the default. LoadBalancerFlagsNone LoadBalancerFlags = 0 // LoadBalancerFlagsDSR enables Direct Server Return (DSR) - LoadBalancerFlagsDSR LoadBalancerFlags = 1 + LoadBalancerFlagsDSR LoadBalancerFlags = 1 LoadBalancerFlagsIPv6 LoadBalancerFlags = 2 ) diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnnamespace.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnnamespace.go index d2ef22960..44ba2fa1f 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnnamespace.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnnamespace.go @@ -1,3 +1,5 @@ +//go:build windows + package hcn import ( @@ -27,7 +29,7 @@ type NamespaceResourceContainer struct { type NamespaceResourceType string var ( - // NamespaceResourceTypeContainer are contianers associated with a Namespace. + // NamespaceResourceTypeContainer are containers associated with a Namespace. NamespaceResourceTypeContainer NamespaceResourceType = "Container" // NamespaceResourceTypeEndpoint are endpoints associated with a Namespace. NamespaceResourceTypeEndpoint NamespaceResourceType = "Endpoint" @@ -294,11 +296,11 @@ func GetNamespaceContainerIds(namespaceId string) ([]string, error) { var containerIds []string for _, resource := range namespace.Resources { if resource.Type == "Container" { - var contaienrResource NamespaceResourceContainer - if err := json.Unmarshal([]byte(resource.Data), &contaienrResource); err != nil { + var containerResource NamespaceResourceContainer + if err := json.Unmarshal([]byte(resource.Data), &containerResource); err != nil { return nil, err } - containerIds = append(containerIds, contaienrResource.Id) + containerIds = append(containerIds, containerResource.Id) } } return containerIds, nil @@ -375,7 +377,7 @@ func (namespace *HostComputeNamespace) Sync() error { } shimPath := runhcs.VMPipePath(cfg.HostUniqueID) if err := runhcs.IssueVMRequest(shimPath, &req); err != nil { - // The shim is likey gone. Simply ignore the sync as if it didn't exist. + // The shim is likely gone. Simply ignore the sync as if it didn't exist. if perr, ok := err.(*os.PathError); ok && perr.Err == syscall.ERROR_FILE_NOT_FOUND { // Remove the reg key there is no point to try again _ = cfg.Remove() diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnnetwork.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnnetwork.go index c36b13638..41dcdac24 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnnetwork.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnnetwork.go @@ -1,3 +1,5 @@ +//go:build windows + package hcn import ( diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go index c2aa599f3..a695f1c27 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go @@ -1,3 +1,5 @@ +//go:build windows + package hcn import ( @@ -23,7 +25,7 @@ const ( // Endpoint and Network have InterfaceConstraint and ProviderAddress NetworkProviderAddress EndpointPolicyType = "ProviderAddress" NetworkInterfaceConstraint EndpointPolicyType = "InterfaceConstraint" - TierAcl EndpointPolicyType = "TierAcl" + TierAcl EndpointPolicyType = "TierAcl" ) // EndpointPolicy is a collection of Policy settings for an Endpoint. @@ -133,7 +135,7 @@ type AclPolicySetting struct { RemotePorts string `json:",omitempty"` RuleType RuleType `json:",omitempty"` Priority uint16 `json:",omitempty"` -} +} // QosPolicySetting sets Quality of Service bandwidth caps on an Endpoint. type QosPolicySetting struct { @@ -166,7 +168,7 @@ type NetworkACLPolicySetting struct { RemotePorts string `json:",omitempty"` RuleType RuleType `json:",omitempty"` Priority uint16 `json:",omitempty"` -} +} // FiveTuple is nested in L4ProxyPolicySetting for WFP support. type FiveTuple struct { @@ -284,7 +286,7 @@ type RemoteSubnetRoutePolicySetting struct { type SetPolicyType string const ( - SetPolicyTypeIpSet SetPolicyType = "IPSET" + SetPolicyTypeIpSet SetPolicyType = "IPSET" SetPolicyTypeNestedIpSet SetPolicyType = "NESTEDIPSET" ) @@ -292,7 +294,7 @@ const ( type SetPolicySetting struct { Id string Name string - Type SetPolicyType + Type SetPolicyType `json:"PolicyType"` Values string } @@ -320,25 +322,25 @@ type L4ProxyPolicySetting struct { Protocol ProtocolType `json:",omitempty"` Exceptions []string `json:",omitempty"` Destination string - OutboundNAT bool `json:",omitempty"` + OutboundNAT bool `json:",omitempty"` } // TierAclRule represents an ACL within TierAclPolicySetting type TierAclRule struct { - Id string `json:",omitempty"` - Protocols string `json:",omitempty"` - TierAclRuleAction ActionType `json:","` - LocalAddresses string `json:",omitempty"` - RemoteAddresses string `json:",omitempty"` - LocalPorts string `json:",omitempty"` - RemotePorts string `json:",omitempty"` - Priority uint16 `json:",omitempty"` + Id string `json:",omitempty"` + Protocols string `json:",omitempty"` + TierAclRuleAction ActionType `json:","` + LocalAddresses string `json:",omitempty"` + RemoteAddresses string `json:",omitempty"` + LocalPorts string `json:",omitempty"` + RemotePorts string `json:",omitempty"` + Priority uint16 `json:",omitempty"` } // TierAclPolicySetting represents a Tier containing ACLs type TierAclPolicySetting struct { - Name string `json:","` - Direction DirectionType `json:","` - Order uint16 `json:""` - TierAclRules []TierAclRule `json:",omitempty"` + Name string `json:","` + Direction DirectionType `json:","` + Order uint16 `json:""` + TierAclRules []TierAclRule `json:",omitempty"` } diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnroute.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnroute.go index 52e249846..d0761d6bd 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnroute.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnroute.go @@ -1,3 +1,5 @@ +//go:build windows + package hcn import ( diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go index bacb91fed..1b4c24020 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go @@ -1,11 +1,14 @@ +//go:build windows + package hcn import ( - "fmt" "sync" "github.com/pkg/errors" "github.com/sirupsen/logrus" + + "github.com/Microsoft/hcsshim/internal/log" ) var ( @@ -112,9 +115,9 @@ func getSupportedFeatures() (SupportedFeatures, error) { features.NetworkACL = isFeatureSupported(globals.Version, NetworkACLPolicyVersion) features.NestedIpSet = isFeatureSupported(globals.Version, NestedIpSetVersion) - logrus.WithFields(logrus.Fields{ - "version": fmt.Sprintf("%+v", globals.Version), - "supportedFeatures": fmt.Sprintf("%+v", features), + log.L.WithFields(logrus.Fields{ + "version": globals.Version, + "supportedFeatures": features, }).Info("HCN feature check") return features, nil diff --git a/vendor/github.com/Microsoft/hcsshim/hcsshim.go b/vendor/github.com/Microsoft/hcsshim/hcsshim.go index ceb3ac85e..95dc2a025 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcsshim.go +++ b/vendor/github.com/Microsoft/hcsshim/hcsshim.go @@ -1,3 +1,5 @@ +//go:build windows + // Shim for the Host Compute Service (HCS) to manage Windows Server // containers and Hyper-V containers. diff --git a/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go b/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go index 9e0059447..ea71135ac 100644 --- a/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go +++ b/vendor/github.com/Microsoft/hcsshim/hnsendpoint.go @@ -1,3 +1,5 @@ +//go:build windows + package hcsshim import ( diff --git a/vendor/github.com/Microsoft/hcsshim/hnsglobals.go b/vendor/github.com/Microsoft/hcsshim/hnsglobals.go index 2b5381904..c564bf4a3 100644 --- a/vendor/github.com/Microsoft/hcsshim/hnsglobals.go +++ b/vendor/github.com/Microsoft/hcsshim/hnsglobals.go @@ -1,3 +1,5 @@ +//go:build windows + package hcsshim import ( diff --git a/vendor/github.com/Microsoft/hcsshim/hnsnetwork.go b/vendor/github.com/Microsoft/hcsshim/hnsnetwork.go index f775fa1d0..925c21249 100644 --- a/vendor/github.com/Microsoft/hcsshim/hnsnetwork.go +++ b/vendor/github.com/Microsoft/hcsshim/hnsnetwork.go @@ -1,14 +1,16 @@ +//go:build windows + package hcsshim import ( "github.com/Microsoft/hcsshim/internal/hns" ) -// Subnet is assoicated with a network and represents a list +// Subnet is associated with a network and represents a list // of subnets available to the network type Subnet = hns.Subnet -// MacPool is assoicated with a network and represents a list +// MacPool is associated with a network and represents a list // of macaddresses available to the network type MacPool = hns.MacPool diff --git a/vendor/github.com/Microsoft/hcsshim/hnspolicylist.go b/vendor/github.com/Microsoft/hcsshim/hnspolicylist.go index 55aaa4a50..9bfe61ee8 100644 --- a/vendor/github.com/Microsoft/hcsshim/hnspolicylist.go +++ b/vendor/github.com/Microsoft/hcsshim/hnspolicylist.go @@ -1,3 +1,5 @@ +//go:build windows + package hcsshim import ( diff --git a/vendor/github.com/Microsoft/hcsshim/hnssupport.go b/vendor/github.com/Microsoft/hcsshim/hnssupport.go index 69405244b..d97681e0c 100644 --- a/vendor/github.com/Microsoft/hcsshim/hnssupport.go +++ b/vendor/github.com/Microsoft/hcsshim/hnssupport.go @@ -1,3 +1,5 @@ +//go:build windows + package hcsshim import ( diff --git a/vendor/github.com/Microsoft/hcsshim/interface.go b/vendor/github.com/Microsoft/hcsshim/interface.go index 300eb5996..81a281951 100644 --- a/vendor/github.com/Microsoft/hcsshim/interface.go +++ b/vendor/github.com/Microsoft/hcsshim/interface.go @@ -1,3 +1,5 @@ +//go:build windows + package hcsshim import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/cni/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/cni/doc.go new file mode 100644 index 000000000..b94015b5a --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/cni/doc.go @@ -0,0 +1 @@ +package cni diff --git a/vendor/github.com/Microsoft/hcsshim/internal/cni/registry.go b/vendor/github.com/Microsoft/hcsshim/internal/cni/registry.go index 4a4fcea84..3543a590d 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/cni/registry.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/cni/registry.go @@ -1,3 +1,5 @@ +//go:build windows + package cni import ( @@ -84,7 +86,7 @@ func (pnc *PersistedNamespaceConfig) Store() error { } // Remove removes any persisted state associated with this config. If the config -// is not found in the registery `Remove` returns no error. +// is not found in the registry `Remove` returns no error. func (pnc *PersistedNamespaceConfig) Remove() error { if pnc.stored { sk, err := regstate.Open(cniRoot, false) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go b/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go index 27a62a723..c6eeb167b 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go @@ -1,3 +1,5 @@ +//go:build windows + package cow import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go index d13772b03..7b27173c3 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go @@ -1,3 +1,5 @@ +//go:build windows + package hcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/doc.go new file mode 100644 index 000000000..d792dda98 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/doc.go @@ -0,0 +1 @@ +package hcs diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go index e21354ffd..6dfe48ed5 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go @@ -1,3 +1,5 @@ +//go:build windows + package hcs import ( @@ -51,6 +53,9 @@ var ( // ErrUnexpectedValue is an error encountered when hcs returns an invalid value ErrUnexpectedValue = errors.New("unexpected value returned from hcs") + // ErrOperationDenied is an error when hcs attempts an operation that is explicitly denied + ErrOperationDenied = errors.New("operation denied") + // ErrVmcomputeAlreadyStopped is an error encountered when a shutdown or terminate request is made on a stopped container ErrVmcomputeAlreadyStopped = syscall.Errno(0xc0370110) @@ -252,8 +257,8 @@ func makeProcessError(process *Process, op string, err error, events []ErrorEven // will currently return true when the error is ErrElementNotFound. func IsNotExist(err error) bool { err = getInnerError(err) - return err == ErrComputeSystemDoesNotExist || - err == ErrElementNotFound + return errors.Is(err, ErrComputeSystemDoesNotExist) || + errors.Is(err, ErrElementNotFound) } // IsErrorInvalidHandle checks whether the error is the result of an operation carried @@ -261,21 +266,21 @@ func IsNotExist(err error) bool { // stats on a container in the process of being stopped. func IsErrorInvalidHandle(err error) bool { err = getInnerError(err) - return err == ErrInvalidHandle + return errors.Is(err, ErrInvalidHandle) } // IsAlreadyClosed checks if an error is caused by the Container or Process having been // already closed by a call to the Close() method. func IsAlreadyClosed(err error) bool { err = getInnerError(err) - return err == ErrAlreadyClosed + return errors.Is(err, ErrAlreadyClosed) } // IsPending returns a boolean indicating whether the error is that // the requested operation is being completed in the background. func IsPending(err error) bool { err = getInnerError(err) - return err == ErrVmcomputeOperationPending + return errors.Is(err, ErrVmcomputeOperationPending) } // IsTimeout returns a boolean indicating whether the error is caused by @@ -285,7 +290,7 @@ func IsTimeout(err error) bool { return true } err = getInnerError(err) - return err == ErrTimeout + return errors.Is(err, ErrTimeout) } // IsAlreadyStopped returns a boolean indicating whether the error is caused by @@ -295,9 +300,9 @@ func IsTimeout(err error) bool { // will currently return true when the error is ErrElementNotFound. func IsAlreadyStopped(err error) bool { err = getInnerError(err) - return err == ErrVmcomputeAlreadyStopped || - err == ErrProcessAlreadyStopped || - err == ErrElementNotFound + return errors.Is(err, ErrVmcomputeAlreadyStopped) || + errors.Is(err, ErrProcessAlreadyStopped) || + errors.Is(err, ErrElementNotFound) } // IsNotSupported returns a boolean indicating whether the error is caused by @@ -308,24 +313,24 @@ func IsAlreadyStopped(err error) bool { func IsNotSupported(err error) bool { err = getInnerError(err) // If Platform doesn't recognize or support the request sent, below errors are seen - return err == ErrVmcomputeInvalidJSON || - err == ErrInvalidData || - err == ErrNotSupported || - err == ErrVmcomputeUnknownMessage + return errors.Is(err, ErrVmcomputeInvalidJSON) || + errors.Is(err, ErrInvalidData) || + errors.Is(err, ErrNotSupported) || + errors.Is(err, ErrVmcomputeUnknownMessage) } // IsOperationInvalidState returns true when err is caused by // `ErrVmcomputeOperationInvalidState`. func IsOperationInvalidState(err error) bool { err = getInnerError(err) - return err == ErrVmcomputeOperationInvalidState + return errors.Is(err, ErrVmcomputeOperationInvalidState) } // IsAccessIsDenied returns true when err is caused by // `ErrVmcomputeOperationAccessIsDenied`. func IsAccessIsDenied(err error) bool { err = getInnerError(err) - return err == ErrVmcomputeOperationAccessIsDenied + return errors.Is(err, ErrVmcomputeOperationAccessIsDenied) } func getInnerError(err error) error { diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go index f4605922a..c056636e8 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go @@ -1,3 +1,5 @@ +//go:build windows + package hcs import ( @@ -114,9 +116,9 @@ func (process *Process) processSignalResult(ctx context.Context, err error) (boo // Signal signals the process with `options`. // -// For LCOW `guestrequest.SignalProcessOptionsLCOW`. +// For LCOW `guestresource.SignalProcessOptionsLCOW`. // -// For WCOW `guestrequest.SignalProcessOptionsWCOW`. +// For WCOW `guestresource.SignalProcessOptionsWCOW`. func (process *Process) Signal(ctx context.Context, options interface{}) (bool, error) { process.handleLock.RLock() defer process.handleLock.RUnlock() @@ -201,7 +203,7 @@ func (process *Process) Kill(ctx context.Context) (bool, error) { // call multiple times. func (process *Process) waitBackground() { operation := "hcs::Process::waitBackground" - ctx, span := trace.StartSpan(context.Background(), operation) + ctx, span := oc.StartSpan(context.Background(), operation) defer span.End() span.AddAttributes( trace.StringAttribute("cid", process.SystemID()), @@ -254,7 +256,7 @@ func (process *Process) waitBackground() { } // Wait waits for the process to exit. If the process has already exited returns -// the pervious error (if any). +// the previous error (if any). func (process *Process) Wait() error { <-process.waitBlock return process.waitError @@ -312,7 +314,7 @@ func (process *Process) ExitCode() (int, error) { // are the responsibility of the caller to close. func (process *Process) StdioLegacy() (_ io.WriteCloser, _ io.ReadCloser, _ io.ReadCloser, err error) { operation := "hcs::Process::StdioLegacy" - ctx, span := trace.StartSpan(context.Background(), operation) + ctx, span := oc.StartSpan(context.Background(), operation) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( @@ -398,7 +400,7 @@ func (process *Process) CloseStdin(ctx context.Context) error { } func (process *Process) CloseStdout(ctx context.Context) (err error) { - ctx, span := trace.StartSpan(ctx, "hcs::Process::CloseStdout") //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, "hcs::Process::CloseStdout") //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( @@ -422,7 +424,7 @@ func (process *Process) CloseStdout(ctx context.Context) (err error) { } func (process *Process) CloseStderr(ctx context.Context) (err error) { - ctx, span := trace.StartSpan(ctx, "hcs::Process::CloseStderr") //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, "hcs::Process::CloseStderr") //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( @@ -441,7 +443,6 @@ func (process *Process) CloseStderr(ctx context.Context) (err error) { if process.stderr != nil { process.stderr.Close() process.stderr = nil - } return nil } @@ -450,7 +451,7 @@ func (process *Process) CloseStderr(ctx context.Context) (err error) { // or wait on it. func (process *Process) Close() (err error) { operation := "hcs::Process::Close" - ctx, span := trace.StartSpan(context.Background(), operation) + ctx, span := oc.StartSpan(context.Background(), operation) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go index b621c5593..d1f219cfa 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go @@ -1,3 +1,5 @@ +//go:build windows + package schema1 import ( @@ -101,7 +103,7 @@ type ContainerConfig struct { HvRuntime *HvRuntime `json:",omitempty"` // Hyper-V container settings. Used by Hyper-V containers only. Format ImagePath=%root%\BaseLayerID\UtilityVM Servicing bool `json:",omitempty"` // True if this container is for servicing AllowUnqualifiedDNSQuery bool `json:",omitempty"` // True to allow unqualified DNS name resolution - DNSSearchList string `json:",omitempty"` // Comma seperated list of DNS suffixes to use for name resolution + DNSSearchList string `json:",omitempty"` // Comma separated list of DNS suffixes to use for name resolution ContainerType string `json:",omitempty"` // "Linux" for Linux containers on Windows. Omitted otherwise. TerminateOnLastHandleClosed bool `json:",omitempty"` // Should HCS terminate the container once all handles have been closed MappedVirtualDisks []MappedVirtualDisk `json:",omitempty"` // Array of virtual disks to mount at start diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go index bbad6a2c4..31fe07c3a 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go @@ -9,6 +9,14 @@ package hcsschema +type CPUGroupPropertyCode uint32 + +const ( + CPUCapacityProperty = 0x00010000 + CPUSchedulingPriorityProperty = 0x00020000 + IdleLPReserveProperty = 0x00030000 +) + type CpuGroupProperty struct { PropertyCode uint32 `json:"PropertyCode,omitempty"` PropertyValue uint32 `json:"PropertyValue,omitempty"` diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go index ef1eec886..a48a65394 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go @@ -14,6 +14,9 @@ type GuestState struct { // The path to an existing file uses for persistent guest state storage. An empty string indicates the system should initialize new transient, in-memory guest state. GuestStateFilePath string `json:"GuestStateFilePath,omitempty"` + // The guest state file type affected by different guest isolation modes - whether a file or block storage. + GuestStateFileType string `json:"GuestStateFileType,omitempty"` + // The path to an existing file for persistent runtime state storage. An empty string indicates the system should initialize new transient, in-memory runtime state. RuntimeStateFilePath string `json:"RuntimeStateFilePath,omitempty"` diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/isolation_settings.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/isolation_settings.go new file mode 100644 index 000000000..3726a297e --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/isolation_settings.go @@ -0,0 +1,21 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type IsolationSettings struct { + // Guest isolation type options to decide virtual trust levels of virtual machine + IsolationType string `json:"IsolationType,omitempty"` + // Configuration to debug HCL layer for HCS VM TODO: Task 31102306: Miss the way to prevent the exposure of private debug configuration in HCS TODO: Think about the secret configurations which are private in VMMS VM (only edit by hvsedit) + DebugHost string `json:"DebugHost,omitempty"` + DebugPort int64 `json:"DebugPort,omitempty"` + // Optional data passed by host on isolated virtual machine start + LaunchData string `json:"LaunchData,omitempty"` + HclEnabled bool `json:"HclEnabled,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go index d29455a3e..6364da8e2 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go @@ -9,10 +9,12 @@ package hcsschema +import "github.com/Microsoft/hcsshim/internal/protocol/guestrequest" + type ModifySettingRequest struct { ResourcePath string `json:"ResourcePath,omitempty"` - RequestType string `json:"RequestType,omitempty"` + RequestType guestrequest.RequestType `json:"RequestType,omitempty"` // NOTE: Swagger generated as string. Locally updated. Settings interface{} `json:"Settings,omitempty"` // NOTE: Swagger generated as *interface{}. Locally updated diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/security_settings.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/security_settings.go new file mode 100644 index 000000000..14f0299e3 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/security_settings.go @@ -0,0 +1,16 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type SecuritySettings struct { + // Enablement of Trusted Platform Module on the computer system + EnableTpm bool `json:"EnableTpm,omitempty"` + Isolation *IsolationSettings `json:"Isolation,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/system_time.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/system_time.go new file mode 100644 index 000000000..72de80149 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/system_time.go @@ -0,0 +1,28 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.1 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type SystemTime struct { + Year int32 `json:"Year,omitempty"` + + Month int32 `json:"Month,omitempty"` + + DayOfWeek int32 `json:"DayOfWeek,omitempty"` + + Day int32 `json:"Day,omitempty"` + + Hour int32 `json:"Hour,omitempty"` + + Minute int32 `json:"Minute,omitempty"` + + Second int32 `json:"Second,omitempty"` + + Milliseconds int32 `json:"Milliseconds,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/time_zone_information.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/time_zone_information.go new file mode 100644 index 000000000..529743d75 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/time_zone_information.go @@ -0,0 +1,26 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.1 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type TimeZoneInformation struct { + Bias int32 `json:"Bias,omitempty"` + + StandardName string `json:"StandardName,omitempty"` + + StandardDate *SystemTime `json:"StandardDate,omitempty"` + + StandardBias int32 `json:"StandardBias,omitempty"` + + DaylightName string `json:"DaylightName,omitempty"` + + DaylightDate *SystemTime `json:"DaylightDate,omitempty"` + + DaylightBias int32 `json:"DaylightBias,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go index 0e48ece50..9228923fe 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go @@ -12,6 +12,8 @@ package hcsschema type Uefi struct { EnableDebugger bool `json:"EnableDebugger,omitempty"` + ApplySecureBootTemplate string `json:"ApplySecureBootTemplate,omitempty"` + SecureBootTemplateId string `json:"SecureBootTemplateId,omitempty"` BootThis *UefiBootEntry `json:"BootThis,omitempty"` diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go index 2d22b1bcb..c67a76134 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go @@ -29,4 +29,6 @@ type VirtualMachine struct { StorageQoS *StorageQoS `json:"StorageQoS,omitempty"` GuestConnection *GuestConnection `json:"GuestConnection,omitempty"` + + SecuritySettings *SecuritySettings `json:"SecuritySettings,omitempty"` } diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go index a634dfc15..a46b0051d 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go @@ -1,3 +1,5 @@ +//go:build windows + package hcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go index 1d45a703b..88c4cab29 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go @@ -1,3 +1,5 @@ +//go:build windows + package hcs import ( @@ -55,7 +57,7 @@ func CreateComputeSystem(ctx context.Context, id string, hcsDocumentInterface in // hcsCreateComputeSystemContext is an async operation. Start the outer span // here to measure the full create time. - ctx, span := trace.StartSpan(ctx, operation) + ctx, span := oc.StartSpan(ctx, operation) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("cid", id)) @@ -190,7 +192,7 @@ func (computeSystem *System) Start(ctx context.Context) (err error) { // hcsStartComputeSystemContext is an async operation. Start the outer span // here to measure the full start time. - ctx, span := trace.StartSpan(ctx, operation) + ctx, span := oc.StartSpan(ctx, operation) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("cid", computeSystem.id)) @@ -265,7 +267,7 @@ func (computeSystem *System) Terminate(ctx context.Context) error { // safe to call multiple times. func (computeSystem *System) waitBackground() { operation := "hcs::System::waitBackground" - ctx, span := trace.StartSpan(context.Background(), operation) + ctx, span := oc.StartSpan(context.Background(), operation) defer span.End() span.AddAttributes(trace.StringAttribute("cid", computeSystem.id)) @@ -495,7 +497,7 @@ func (computeSystem *System) PropertiesV2(ctx context.Context, types ...hcsschem if err == nil && len(fallbackTypes) == 0 { return properties, nil } else if err != nil { - logEntry.WithError(fmt.Errorf("failed to query compute system properties in-proc: %w", err)) + logEntry = logEntry.WithError(fmt.Errorf("failed to query compute system properties in-proc: %w", err)) fallbackTypes = types } @@ -529,7 +531,7 @@ func (computeSystem *System) Pause(ctx context.Context) (err error) { // hcsPauseComputeSystemContext is an async peration. Start the outer span // here to measure the full pause time. - ctx, span := trace.StartSpan(ctx, operation) + ctx, span := oc.StartSpan(ctx, operation) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("cid", computeSystem.id)) @@ -556,7 +558,7 @@ func (computeSystem *System) Resume(ctx context.Context) (err error) { // hcsResumeComputeSystemContext is an async operation. Start the outer span // here to measure the full restore time. - ctx, span := trace.StartSpan(ctx, operation) + ctx, span := oc.StartSpan(ctx, operation) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("cid", computeSystem.id)) @@ -581,9 +583,9 @@ func (computeSystem *System) Resume(ctx context.Context) (err error) { func (computeSystem *System) Save(ctx context.Context, options interface{}) (err error) { operation := "hcs::System::Save" - // hcsSaveComputeSystemContext is an async peration. Start the outer span + // hcsSaveComputeSystemContext is an async operation. Start the outer span // here to measure the full save time. - ctx, span := trace.StartSpan(ctx, operation) + ctx, span := oc.StartSpan(ctx, operation) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("cid", computeSystem.id)) @@ -626,6 +628,11 @@ func (computeSystem *System) createProcess(ctx context.Context, operation string processInfo, processHandle, resultJSON, err := vmcompute.HcsCreateProcess(ctx, computeSystem.handle, configuration) events := processHcsResult(ctx, resultJSON) if err != nil { + if v2, ok := c.(*hcsschema.ProcessParameters); ok { + operation += ": " + v2.CommandLine + } else if v1, ok := c.(*schema1.ProcessConfig); ok { + operation += ": " + v1.CommandLine + } return nil, nil, makeSystemError(computeSystem, operation, err, events) } @@ -692,7 +699,7 @@ func (computeSystem *System) OpenProcess(ctx context.Context, pid int) (*Process // Close cleans up any state associated with the compute system but does not terminate or wait for it. func (computeSystem *System) Close() (err error) { operation := "hcs::System::Close" - ctx, span := trace.StartSpan(context.Background(), operation) + ctx, span := oc.StartSpan(context.Background(), operation) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("cid", computeSystem.id)) @@ -762,7 +769,7 @@ func (computeSystem *System) unregisterCallback(ctx context.Context) error { return nil } - // hcsUnregisterComputeSystemCallback has its own syncronization + // hcsUnregisterComputeSystemCallback has its own synchronization // to wait for all callbacks to complete. We must NOT hold the callbackMapLock. err := vmcompute.HcsUnregisterComputeSystemCallback(ctx, handle) if err != nil { diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go index 3342e5bb9..5dcb97eb3 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go @@ -1,3 +1,5 @@ +//go:build windows + package hcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go index db4e14fdf..6e161e6aa 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go @@ -1,3 +1,5 @@ +//go:build windows + package hcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcserror/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/hcserror/doc.go new file mode 100644 index 000000000..ce7067678 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcserror/doc.go @@ -0,0 +1 @@ +package hcserror diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go b/vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go index 921c2c855..bad270541 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go @@ -1,3 +1,5 @@ +//go:build windows + package hcserror import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/doc.go new file mode 100644 index 000000000..f6d35df0e --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/doc.go @@ -0,0 +1 @@ +package hns diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go index 7cf954c7b..83b683bd9 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go @@ -1,3 +1,5 @@ +//go:build windows + package hns import ( @@ -146,7 +148,6 @@ func (endpoint *HNSEndpoint) IsAttached(vID string) (bool, error) { } return false, nil - } // Create Endpoint by sending EndpointRequest to HNS. TODO: Create a separate HNS interface to place all these methods @@ -281,7 +282,6 @@ func (endpoint *HNSEndpoint) HostAttach(compartmentID uint16) error { return err } return hnsCall("POST", "/endpoints/"+endpoint.Id+"/attach", string(jsonString), &response) - } // HostDetach detaches a nic on the host diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go index 2df4a57f5..0a8f36d83 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go @@ -1,3 +1,5 @@ +//go:build windows + package hns import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsglobals.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsglobals.go index a8d8cc56a..464bb8954 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsglobals.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsglobals.go @@ -1,3 +1,5 @@ +//go:build windows + package hns type HNSGlobals struct { diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go index f12d3ab04..8861faee7 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go @@ -1,13 +1,16 @@ +//go:build windows + package hns import ( "encoding/json" "errors" - "github.com/sirupsen/logrus" "net" + + "github.com/sirupsen/logrus" ) -// Subnet is assoicated with a network and represents a list +// Subnet is associated with a network and represents a list // of subnets available to the network type Subnet struct { AddressPrefix string `json:",omitempty"` @@ -15,7 +18,7 @@ type Subnet struct { Policies []json.RawMessage `json:",omitempty"` } -// MacPool is assoicated with a network and represents a list +// MacPool is associated with a network and represents a list // of macaddresses available to the network type MacPool struct { StartMacAddress string `json:",omitempty"` diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go index 84b368218..082c018a4 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go @@ -94,15 +94,15 @@ type ACLPolicy struct { InternalPort uint16 `json:",omitempty"` Action ActionType Direction DirectionType - LocalAddresses string `json:",omitempty"` - RemoteAddresses string `json:",omitempty"` - LocalPorts string `json:"LocalPorts,omitempty"` - LocalPort uint16 `json:",omitempty"` - RemotePorts string `json:"RemotePorts,omitempty"` - RemotePort uint16 `json:",omitempty"` - RuleType RuleType `json:"RuleType,omitempty"` - Priority uint16 `json:",omitempty"` - ServiceName string `json:",omitempty"` + LocalAddresses string `json:",omitempty"` + RemoteAddresses string `json:",omitempty"` + LocalPorts string `json:"LocalPorts,omitempty"` + LocalPort uint16 `json:",omitempty"` + RemotePorts string `json:"RemotePorts,omitempty"` + RemotePort uint16 `json:",omitempty"` + RuleType RuleType `json:"RuleType,omitempty"` + Priority uint16 `json:",omitempty"` + ServiceName string `json:",omitempty"` } type Policy struct { diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go index 31322a681..b98db40e8 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go @@ -1,3 +1,5 @@ +//go:build windows + package hns import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnssupport.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnssupport.go index d5efba7f2..b9c30b901 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnssupport.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnssupport.go @@ -1,3 +1,5 @@ +//go:build windows + package hns import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go index d3b04eefe..749588ad3 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go @@ -1,3 +1,5 @@ +//go:build windows + package hns import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/interop/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/interop/doc.go new file mode 100644 index 000000000..cb554867f --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/interop/doc.go @@ -0,0 +1 @@ +package interop diff --git a/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go b/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go index 922f7c679..137dc3990 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go @@ -1,3 +1,5 @@ +//go:build windows + package interop import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/doc.go new file mode 100644 index 000000000..34b53d6e4 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/doc.go @@ -0,0 +1,8 @@ +// This package provides higher level constructs for the win32 job object API. +// Most of the core creation and management functions are already present in "golang.org/x/sys/windows" +// (CreateJobObject, AssignProcessToJobObject, etc.) as well as most of the limit information +// structs and associated limit flags. Whatever is not present from the job object API +// in golang.org/x/sys/windows is located in /internal/winapi. +// +// https://docs.microsoft.com/en-us/windows/win32/procthread/job-objects +package jobobject diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go index 5d6acd69e..bcca84b0d 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/iocp.go @@ -1,3 +1,5 @@ +//go:build windows + package jobobject import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go index c9fdd921a..3e7ebf6f5 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go @@ -1,10 +1,15 @@ +//go:build windows + package jobobject import ( "context" "errors" "fmt" + "os" + "path/filepath" "sync" + "sync/atomic" "unsafe" "github.com/Microsoft/hcsshim/internal/queue" @@ -12,19 +17,14 @@ import ( "golang.org/x/sys/windows" ) -// This file provides higher level constructs for the win32 job object API. -// Most of the core creation and management functions are already present in "golang.org/x/sys/windows" -// (CreateJobObject, AssignProcessToJobObject, etc.) as well as most of the limit information -// structs and associated limit flags. Whatever is not present from the job object API -// in golang.org/x/sys/windows is located in /internal/winapi. -// -// https://docs.microsoft.com/en-us/windows/win32/procthread/job-objects - // JobObject is a high level wrapper around a Windows job object. Holds a handle to // the job, a queue to receive iocp notifications about the lifecycle // of the job and a mutex for synchronized handle access. type JobObject struct { - handle windows.Handle + handle windows.Handle + // All accesses to this MUST be done atomically except in `Open` as the object + // is being created in the function. 1 signifies that this job is currently a silo. + silo uint32 mq *queue.MessageQueue handleLock sync.RWMutex } @@ -56,6 +56,7 @@ const ( var ( ErrAlreadyClosed = errors.New("the handle has already been closed") ErrNotRegistered = errors.New("job is not registered to receive notifications") + ErrNotSilo = errors.New("job is not a silo") ) // Options represents the set of configurable options when making or opening a job object. @@ -68,6 +69,9 @@ type Options struct { // `UseNTVariant` specifies if we should use the `Nt` variant of Open/CreateJobObject. // Defaults to false. UseNTVariant bool + // `Silo` specifies to promote the job to a silo. This additionally sets the flag + // JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE as it is required for the upgrade to complete. + Silo bool // `IOTracking` enables tracking I/O statistics on the job object. More specifically this // calls SetInformationJobObject with the JobObjectIoAttribution class. EnableIOTracking bool @@ -143,6 +147,16 @@ func Create(ctx context.Context, options *Options) (_ *JobObject, err error) { } } + if options.Silo { + // This is a required setting for upgrading to a silo. + if err := job.SetTerminateOnLastHandleClose(); err != nil { + return nil, err + } + if err := job.PromoteToSilo(); err != nil { + return nil, err + } + } + return job, nil } @@ -163,7 +177,7 @@ func Open(ctx context.Context, options *Options) (_ *JobObject, err error) { } var jobHandle windows.Handle - if options != nil && options.UseNTVariant { + if options.UseNTVariant { oa := winapi.ObjectAttributes{ Length: unsafe.Sizeof(winapi.ObjectAttributes{}), ObjectName: unicodeJobName, @@ -174,7 +188,7 @@ func Open(ctx context.Context, options *Options) (_ *JobObject, err error) { return nil, winapi.RtlNtStatusToDosError(status) } } else { - jobHandle, err = winapi.OpenJobObject(winapi.JOB_OBJECT_ALL_ACCESS, false, unicodeJobName.Buffer) + jobHandle, err = winapi.OpenJobObject(winapi.JOB_OBJECT_ALL_ACCESS, 0, unicodeJobName.Buffer) if err != nil { return nil, err } @@ -190,9 +204,13 @@ func Open(ctx context.Context, options *Options) (_ *JobObject, err error) { handle: jobHandle, } + if isJobSilo(jobHandle) { + job.silo = 1 + } + // If the IOCP we'll be using to receive messages for all jobs hasn't been // created, create it and start polling. - if options != nil && options.Notifications { + if options.Notifications { mq, err := setupNotifications(ctx, job) if err != nil { return nil, err @@ -450,6 +468,119 @@ func (job *JobObject) QueryStorageStats() (*winapi.JOBOBJECT_IO_ATTRIBUTION_INFO return &info, nil } +// ApplyFileBinding makes a file binding using the Bind Filter from target to root. If the job has +// not been upgraded to a silo this call will fail. The binding is only applied and visible for processes +// running in the job, any processes on the host or in another job will not be able to see the binding. +func (job *JobObject) ApplyFileBinding(root, target string, merged bool) error { + job.handleLock.RLock() + defer job.handleLock.RUnlock() + + if job.handle == 0 { + return ErrAlreadyClosed + } + + if !job.isSilo() { + return ErrNotSilo + } + + // The parent directory needs to exist for the bind to work. MkdirAll stats and + // returns nil if the directory exists internally so we should be fine to mkdirall + // every time. + if err := os.MkdirAll(filepath.Dir(root), 0); err != nil { + return err + } + + rootPtr, err := windows.UTF16PtrFromString(root) + if err != nil { + return err + } + + targetPtr, err := windows.UTF16PtrFromString(target) + if err != nil { + return err + } + + flags := winapi.BINDFLT_FLAG_USE_CURRENT_SILO_MAPPING + if merged { + flags |= winapi.BINDFLT_FLAG_MERGED_BIND_MAPPING + } + + if err := winapi.BfSetupFilter( + job.handle, + flags, + rootPtr, + targetPtr, + nil, + 0, + ); err != nil { + return fmt.Errorf("failed to bind target %q to root %q for job object: %w", target, root, err) + } + return nil +} + +// isJobSilo is a helper to determine if a job object that was opened is a silo. This should ONLY be called +// from `Open` and any callers in this package afterwards should use `job.isSilo()` +func isJobSilo(h windows.Handle) bool { + // None of the information from the structure that this info class expects will be used, this is just used as + // the call will fail if the job hasn't been upgraded to a silo so we can use this to tell when we open a job + // if it's a silo or not. Because none of the info matters simply define a dummy struct with the size that the call + // expects which is 16 bytes. + type isSiloObj struct { + _ [16]byte + } + var siloInfo isSiloObj + err := winapi.QueryInformationJobObject( + h, + winapi.JobObjectSiloBasicInformation, + unsafe.Pointer(&siloInfo), + uint32(unsafe.Sizeof(siloInfo)), + nil, + ) + return err == nil +} + +// PromoteToSilo promotes a job object to a silo. There must be no running processess +// in the job for this to succeed. If the job is already a silo this is a no-op. +func (job *JobObject) PromoteToSilo() error { + job.handleLock.RLock() + defer job.handleLock.RUnlock() + + if job.handle == 0 { + return ErrAlreadyClosed + } + + if job.isSilo() { + return nil + } + + pids, err := job.Pids() + if err != nil { + return err + } + + if len(pids) != 0 { + return fmt.Errorf("job cannot have running processes to be promoted to a silo, found %d running processes", len(pids)) + } + + _, err = windows.SetInformationJobObject( + job.handle, + winapi.JobObjectCreateSilo, + 0, + 0, + ) + if err != nil { + return fmt.Errorf("failed to promote job to silo: %w", err) + } + + atomic.StoreUint32(&job.silo, 1) + return nil +} + +// isSilo returns if the job object is a silo. +func (job *JobObject) isSilo() bool { + return atomic.LoadUint32(&job.silo) == 1 +} + // QueryPrivateWorkingSet returns the private working set size for the job. This is calculated by adding up the // private working set for every process running in the job. func (job *JobObject) QueryPrivateWorkingSet() (uint64, error) { diff --git a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go index 4efde292c..03f71d9a4 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/jobobject/limits.go @@ -1,3 +1,5 @@ +//go:build windows + package jobobject import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/log/context.go b/vendor/github.com/Microsoft/hcsshim/internal/log/context.go new file mode 100644 index 000000000..ae4faf423 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/log/context.go @@ -0,0 +1,116 @@ +package log + +import ( + "context" + + "github.com/sirupsen/logrus" + "go.opencensus.io/trace" +) + +type entryContextKeyType int + +const _entryContextKey entryContextKeyType = iota + +var ( + // L is the default, blank logging entry. WithField and co. all return a copy + // of the original entry, so this will not leak fields between calls. + // + // Do NOT modify fields directly, as that will corrupt state for all users and + // is not thread safe. + // Instead, use `L.With*` or `L.Dup()`. Or `G(context.Background())`. + L = logrus.NewEntry(logrus.StandardLogger()) + + // G is an alias for GetEntry + G = GetEntry + + // S is an alias for SetEntry + S = SetEntry + + // U is an alias for UpdateContext + U = UpdateContext +) + +// GetEntry returns a `logrus.Entry` stored in the context, if one exists. +// Otherwise, it returns a default entry that points to the current context. +// +// Note: if the a new entry is returned, it will reference the passed in context. +// However, existing contexts may be stored in parent contexts and additionally reference +// earlier contexts. +// Use `UpdateContext` to update the entry and context. +func GetEntry(ctx context.Context) *logrus.Entry { + entry := fromContext(ctx) + + if entry == nil { + entry = L.WithContext(ctx) + } + + return entry +} + +// SetEntry updates the log entry in the context with the provided fields, and +// returns both. It is equivlent to: +// entry := GetEntry(ctx).WithFields(fields) +// ctx = WithContext(ctx, entry) +// +// See WithContext for more information. +func SetEntry(ctx context.Context, fields logrus.Fields) (context.Context, *logrus.Entry) { + e := GetEntry(ctx) + if len(fields) > 0 { + e = e.WithFields(fields) + } + return WithContext(ctx, e) +} + +// UpdateContext extracts the log entry from the context, and, if the entry's +// context points to a parent's of the current context, ands the entry +// to the most recent context. It is equivlent to: +// entry :=GetEntry(ctx) +// ctx = WithContext(ctx, entry) +// +// This allows the entry to reference the most recent context and any new +// values (such as span contexts) added to it. +// +// See WithContext for more information. +func UpdateContext(ctx context.Context) context.Context { + // there is no way to check its ctx (and not one of its parents) that contains `e` + // so, at a slight cost, force add `e` to the context + ctx, _ = WithContext(ctx, GetEntry(ctx)) + return ctx +} + +// WithContext returns a context that contains the provided log entry. +// The entry can be extracted with `GetEntry` (`G`) +// +// The entry in the context is a copy of `entry` (generated by `entry.WithContext`) +func WithContext(ctx context.Context, entry *logrus.Entry) (context.Context, *logrus.Entry) { + // regardless of the order, entry.Context != GetEntry(ctx) + // here, the returned entry will reference the supplied context + entry = entry.WithContext(ctx) + ctx = context.WithValue(ctx, _entryContextKey, entry) + + return ctx, entry +} + +// Copy extracts the tracing Span and logging entry from the src Context, if they +// exist, and adds them to the dst Context. +// +// This is useful to share tracing and logging between contexts, but not the +// cancellation. For example, if the src Context has been cancelled but cleanup +// operations triggered by the cancellation require a non-cancelled context to +// execute. +func Copy(dst context.Context, src context.Context) context.Context { + if s := trace.FromContext(src); s != nil { + dst = trace.NewContext(dst, s) + } + + if e := fromContext(src); e != nil { + dst, _ = WithContext(dst, e) + } + + return dst +} + +func fromContext(ctx context.Context) *logrus.Entry { + e, _ := ctx.Value(_entryContextKey).(*logrus.Entry) + return e +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/log/g.go b/vendor/github.com/Microsoft/hcsshim/internal/log/g.go deleted file mode 100644 index ba6b1a4a5..000000000 --- a/vendor/github.com/Microsoft/hcsshim/internal/log/g.go +++ /dev/null @@ -1,23 +0,0 @@ -package log - -import ( - "context" - - "github.com/sirupsen/logrus" - "go.opencensus.io/trace" -) - -// G returns a `logrus.Entry` with the `TraceID, SpanID` from `ctx` if `ctx` -// contains an OpenCensus `trace.Span`. -func G(ctx context.Context) *logrus.Entry { - span := trace.FromContext(ctx) - if span != nil { - sctx := span.SpanContext() - return logrus.WithFields(logrus.Fields{ - "traceID": sctx.TraceID.String(), - "spanID": sctx.SpanID.String(), - // "parentSpanID": TODO: JTERRY75 - Try to convince OC to export this? - }) - } - return logrus.NewEntry(logrus.StandardLogger()) -} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/log/hook.go b/vendor/github.com/Microsoft/hcsshim/internal/log/hook.go new file mode 100644 index 000000000..8f8940592 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/log/hook.go @@ -0,0 +1,45 @@ +package log + +import ( + "github.com/Microsoft/hcsshim/internal/logfields" + "github.com/sirupsen/logrus" + "go.opencensus.io/trace" +) + +// Hook serves to intercept and format `logrus.Entry`s before they are passed +// to the ETW hook. +// +// The containerd shim discards the (formatted) logrus output, and outputs only via ETW. +// The Linux GCS outputs logrus entries over stdout, which is consumed by the shim and +// then re-output via the ETW hook. +type Hook struct{} + +var _ logrus.Hook = &Hook{} + +func NewHook() *Hook { + return &Hook{} +} + +func (h *Hook) Levels() []logrus.Level { + return logrus.AllLevels +} + +func (h *Hook) Fire(e *logrus.Entry) (err error) { + h.addSpanContext(e) + + return nil +} + +func (h *Hook) addSpanContext(e *logrus.Entry) { + ctx := e.Context + if ctx == nil { + return + } + span := trace.FromContext(ctx) + if span == nil { + return + } + sctx := span.SpanContext() + e.Data[logfields.TraceID] = sctx.TraceID.String() + e.Data[logfields.SpanID] = sctx.SpanID.String() +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/log/scrub.go b/vendor/github.com/Microsoft/hcsshim/internal/log/scrub.go new file mode 100644 index 000000000..d51e0fd89 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/log/scrub.go @@ -0,0 +1,194 @@ +package log + +import ( + "bytes" + "encoding/json" + "errors" + "strings" + "sync/atomic" + + hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2" +) + +// This package scrubs objects of potentially sensitive information to pass to logging + +type genMap = map[string]interface{} +type scrubberFunc func(genMap) error + +const _scrubbedReplacement = "" + +var ( + ErrUnknownType = errors.New("encoded object is of unknown type") + + // case sensitive keywords, so "env" is not a substring on "Environment" + _scrubKeywords = [][]byte{[]byte("env"), []byte("Environment")} + + _scrub int32 +) + +// SetScrubbing enables scrubbing +func SetScrubbing(enable bool) { + v := int32(0) // cant convert from bool to int32 directly + if enable { + v = 1 + } + atomic.StoreInt32(&_scrub, v) +} + +// IsScrubbingEnabled checks if scrubbing is enabled +func IsScrubbingEnabled() bool { + v := atomic.LoadInt32(&_scrub) + return v != 0 +} + +// ScrubProcessParameters scrubs HCS Create Process requests with config parameters of +// type internal/hcs/schema2.ScrubProcessParameters (aka hcsshema.ScrubProcessParameters) +func ScrubProcessParameters(s string) (string, error) { + // todo: deal with v1 ProcessConfig + b := []byte(s) + if !IsScrubbingEnabled() || !hasKeywords(b) || !json.Valid(b) { + return s, nil + } + + pp := hcsschema.ProcessParameters{} + if err := json.Unmarshal(b, &pp); err != nil { + return "", err + } + pp.Environment = map[string]string{_scrubbedReplacement: _scrubbedReplacement} + + buf := bytes.NewBuffer(b[:0]) + if err := encode(buf, pp); err != nil { + return "", err + } + return strings.TrimSpace(buf.String()), nil +} + +// ScrubBridgeCreate scrubs requests sent over the bridge of type +// internal/gcs/protocol.containerCreate wrapping an internal/hcsoci.linuxHostedSystem +func ScrubBridgeCreate(b []byte) ([]byte, error) { + return scrubBytes(b, scrubBridgeCreate) +} + +func scrubBridgeCreate(m genMap) error { + if !isRequestBase(m) { + return ErrUnknownType + } + if ss, ok := m["ContainerConfig"]; ok { + // ContainerConfig is a json encoded struct passed as a regular string field + s, ok := ss.(string) + if !ok { + return ErrUnknownType + } + b, err := scrubBytes([]byte(s), scrubLinuxHostedSystem) + if err != nil { + return err + } + m["ContainerConfig"] = string(b) + return nil + } + return ErrUnknownType +} + +func scrubLinuxHostedSystem(m genMap) error { + if m, ok := index(m, "OciSpecification"); ok { + if _, ok := m["annotations"]; ok { + m["annotations"] = map[string]string{_scrubbedReplacement: _scrubbedReplacement} + } + if m, ok := index(m, "process"); ok { + if _, ok := m["env"]; ok { + m["env"] = []string{_scrubbedReplacement} + return nil + } + } + } + return ErrUnknownType +} + +// ScrubBridgeExecProcess scrubs requests sent over the bridge of type +// internal/gcs/protocol.containerExecuteProcess +func ScrubBridgeExecProcess(b []byte) ([]byte, error) { + return scrubBytes(b, scrubExecuteProcess) +} + +func scrubExecuteProcess(m genMap) error { + if !isRequestBase(m) { + return ErrUnknownType + } + if m, ok := index(m, "Settings"); ok { + if ss, ok := m["ProcessParameters"]; ok { + // ProcessParameters is a json encoded struct passed as a regular sting field + s, ok := ss.(string) + if !ok { + return ErrUnknownType + } + + s, err := ScrubProcessParameters(s) + if err != nil { + return err + } + + m["ProcessParameters"] = s + return nil + } + } + return ErrUnknownType +} + +func scrubBytes(b []byte, scrub scrubberFunc) ([]byte, error) { + if !IsScrubbingEnabled() || !hasKeywords(b) || !json.Valid(b) { + return b, nil + } + + m := make(genMap) + if err := json.Unmarshal(b, &m); err != nil { + return nil, err + } + + // could use regexp, but if the env strings contain braces, the regexp fails + // parsing into individual structs would require access to private structs + if err := scrub(m); err != nil { + return nil, err + } + + buf := &bytes.Buffer{} + if err := encode(buf, m); err != nil { + return nil, err + } + + return bytes.TrimSpace(buf.Bytes()), nil +} + +func encode(buf *bytes.Buffer, v interface{}) error { + enc := json.NewEncoder(buf) + enc.SetEscapeHTML(false) + if err := enc.Encode(v); err != nil { + return err + } + return nil +} + +func isRequestBase(m genMap) bool { + // neither of these are (currently) `omitempty` + _, a := m["ActivityId"] + _, c := m["ContainerId"] + return a && c +} + +// combination `m, ok := m[s]` and `m, ok := m.(genMap)` +func index(m genMap, s string) (genMap, bool) { + if m, ok := m[s]; ok { + mm, ok := m.(genMap) + return mm, ok + } + + return m, false +} + +func hasKeywords(b []byte) bool { + for _, bb := range _scrubKeywords { + if bytes.Contains(b, bb) { + return true + } + } + return false +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go b/vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go index cf2c166d9..3e175e522 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go @@ -3,21 +3,44 @@ package logfields const ( // Identifiers + Name = "name" + Namespace = "namespace" + Operation = "operation" + + ID = "id" + SandboxID = "sid" ContainerID = "cid" - UVMID = "uvm-id" + ExecID = "eid" ProcessID = "pid" + TaskID = "tid" + UVMID = "uvm-id" + + // networking and IO + + File = "file" + Path = "path" + Bytes = "bytes" + Pipe = "pipe" // Common Misc - // Timeout represents an operation timeout. - Timeout = "timeout" + Attempt = "attemptNo" JSON = "json" + // Time + + StartTime = "startTime" + EndTime = "endTime" + Duration = "duration" + Timeout = "timeout" + // Keys/values Field = "field" + Key = "key" OCIAnnotation = "oci-annotation" Value = "value" + Options = "options" // Golang type's @@ -29,4 +52,10 @@ const ( // runhcs VMShimOperation = "vmshim-op" + + // logging and tracing + + TraceID = "traceID" + SpanID = "spanID" + ParentSpanID = "parentSpanID" ) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/memory/pool.go b/vendor/github.com/Microsoft/hcsshim/internal/memory/pool.go new file mode 100644 index 000000000..1ef5814d7 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/memory/pool.go @@ -0,0 +1,316 @@ +package memory + +import ( + "github.com/pkg/errors" +) + +const ( + minimumClassSize = MiB + maximumClassSize = 4 * GiB + memoryClassNumber = 7 +) + +var ( + ErrInvalidMemoryClass = errors.New("invalid memory class") + ErrEarlyMerge = errors.New("not all children have been freed") + ErrEmptyPoolOperation = errors.New("operation on empty pool") +) + +// GetMemoryClassType returns the minimum memory class type that can hold a device of +// a given size. The smallest class is 1MB and the largest one is 4GB with 2 bit offset +// intervals in between, for a total of 7 different classes. This function does not +// do a validity check +func GetMemoryClassType(s uint64) classType { + s = (s - 1) >> 20 + memCls := uint32(0) + for s > 0 { + s = s >> 2 + memCls++ + } + return classType(memCls) +} + +// GetMemoryClassSize returns size in bytes for a given memory class +func GetMemoryClassSize(memCls classType) (uint64, error) { + if memCls >= memoryClassNumber { + return 0, ErrInvalidMemoryClass + } + return minimumClassSize << (2 * memCls), nil +} + +// region represents a contiguous memory block +type region struct { + // parent region that has been split into 4 + parent *region + class classType + // offset represents offset in bytes + offset uint64 +} + +// memoryPool tracks free and busy (used) memory regions +type memoryPool struct { + free map[uint64]*region + busy map[uint64]*region +} + +// PoolAllocator implements a memory allocation strategy similar to buddy-malloc https://github.com/evanw/buddy-malloc/blob/master/buddy-malloc.c +// We borrow the idea of spanning a tree of fixed size regions on top of a contiguous memory +// space. +// +// There are a total of 7 different region sizes that can be allocated, with the smallest +// being 1MB and the largest 4GB (the default maximum size of a Virtual PMem device). +// +// For efficiency and to reduce fragmentation an entire region is allocated when requested. +// When there's no available region of requested size, we try to allocate more memory for +// this particular size by splitting the next available larger region into smaller ones, e.g. +// if there's no region available for size class 0, we try splitting a region from class 1, +// then class 2 etc, until we are able to do so or hit the upper limit. +type PoolAllocator struct { + pools [memoryClassNumber]*memoryPool +} + +var _ MappedRegion = ®ion{} +var _ Allocator = &PoolAllocator{} + +func (r *region) Offset() uint64 { + return r.offset +} + +func (r *region) Size() uint64 { + sz, err := GetMemoryClassSize(r.class) + if err != nil { + panic(err) + } + return sz +} + +func (r *region) Type() classType { + return r.class +} + +func newEmptyMemoryPool() *memoryPool { + return &memoryPool{ + free: make(map[uint64]*region), + busy: make(map[uint64]*region), + } +} + +func NewPoolMemoryAllocator() PoolAllocator { + pa := PoolAllocator{} + p := newEmptyMemoryPool() + // by default we allocate a single region with maximum possible size (class type) + p.free[0] = ®ion{ + class: memoryClassNumber - 1, + offset: 0, + } + pa.pools[memoryClassNumber-1] = p + return pa +} + +// Allocate checks memory region pool for the given `size` and returns a free region with +// minimal offset, if none available tries expanding matched memory pool. +// +// Internally it's done via moving a region from free pool into a busy pool +func (pa *PoolAllocator) Allocate(size uint64) (MappedRegion, error) { + memCls := GetMemoryClassType(size) + if memCls >= memoryClassNumber { + return nil, ErrInvalidMemoryClass + } + + // find region with the smallest offset + nextCls, nextOffset, err := pa.findNextOffset(memCls) + if err != nil { + return nil, err + } + + // this means that there are no more regions for the current class, try expanding + if nextCls != memCls { + if err := pa.split(memCls); err != nil { + if err == ErrInvalidMemoryClass { + return nil, ErrNotEnoughSpace + } + return nil, err + } + } + + if err := pa.markBusy(memCls, nextOffset); err != nil { + return nil, err + } + + // by this point memory pool for memCls should have been created, + // either prior or during split call + if r := pa.pools[memCls].busy[nextOffset]; r != nil { + return r, nil + } + + return nil, ErrNotEnoughSpace +} + +// Release marks a memory region of class `memCls` and offset `offset` as free and tries to merge smaller regions into +// a bigger one +func (pa *PoolAllocator) Release(reg MappedRegion) error { + mp := pa.pools[reg.Type()] + if mp == nil { + return ErrEmptyPoolOperation + } + + err := pa.markFree(reg.Type(), reg.Offset()) + if err != nil { + return err + } + + n := mp.free[reg.Offset()] + if n == nil { + return ErrNotAllocated + } + if err := pa.merge(n.parent); err != nil { + if err != ErrEarlyMerge { + return err + } + } + return nil +} + +// findNextOffset finds next region location for a given memCls +func (pa *PoolAllocator) findNextOffset(memCls classType) (classType, uint64, error) { + for mc := memCls; mc < memoryClassNumber; mc++ { + pi := pa.pools[mc] + if pi == nil || len(pi.free) == 0 { + continue + } + + target := uint64(maximumClassSize) + for offset := range pi.free { + if offset < target { + target = offset + } + } + return mc, target, nil + } + return 0, 0, ErrNotEnoughSpace +} + +// split tries to recursively split a bigger memory region into smaller ones until it succeeds or hits the upper limit +func (pa *PoolAllocator) split(clsType classType) error { + nextClsType := clsType + 1 + if nextClsType >= memoryClassNumber { + return ErrInvalidMemoryClass + } + + nextPool := pa.pools[nextClsType] + if nextPool == nil { + nextPool = newEmptyMemoryPool() + pa.pools[nextClsType] = nextPool + } + + cls, offset, err := pa.findNextOffset(nextClsType) + if err != nil { + return err + } + // not enough memory in the next class, try to recursively expand + if cls != nextClsType { + if err := pa.split(nextClsType); err != nil { + return err + } + } + + if err := pa.markBusy(nextClsType, offset); err != nil { + return err + } + + // memCls validity has been checked already, we can ignore the error + clsSize, _ := GetMemoryClassSize(clsType) + + nextReg := nextPool.busy[offset] + if nextReg == nil { + return ErrNotAllocated + } + + // expand memCls + cp := pa.pools[clsType] + if cp == nil { + cp = newEmptyMemoryPool() + pa.pools[clsType] = cp + } + // create 4 smaller regions + for i := uint64(0); i < 4; i++ { + offset := nextReg.offset + i*clsSize + reg := ®ion{ + parent: nextReg, + class: clsType, + offset: offset, + } + cp.free[offset] = reg + } + return nil +} + +func (pa *PoolAllocator) merge(parent *region) error { + // nothing to merge + if parent == nil { + return nil + } + + childCls := parent.class - 1 + childPool := pa.pools[childCls] + // no child nodes to merge, try to merge parent + if childPool == nil { + return pa.merge(parent.parent) + } + + childSize, err := GetMemoryClassSize(childCls) + if err != nil { + return err + } + + // check if all the child nodes are free + var children []*region + for i := uint64(0); i < 4; i++ { + child, free := childPool.free[parent.offset+i*childSize] + if !free { + return ErrEarlyMerge + } + children = append(children, child) + } + + // at this point all the child nodes will be free and we can merge + for _, child := range children { + delete(childPool.free, child.offset) + } + + if err := pa.markFree(parent.class, parent.offset); err != nil { + return err + } + + return pa.merge(parent.parent) +} + +// markFree internally moves a region with `offset` from busy to free map +func (pa *PoolAllocator) markFree(memCls classType, offset uint64) error { + clsPool := pa.pools[memCls] + if clsPool == nil { + return ErrEmptyPoolOperation + } + + if reg, exists := clsPool.busy[offset]; exists { + clsPool.free[offset] = reg + delete(clsPool.busy, offset) + return nil + } + return ErrNotAllocated +} + +// markBusy internally moves a region with `offset` from free to busy map +func (pa *PoolAllocator) markBusy(memCls classType, offset uint64) error { + clsPool := pa.pools[memCls] + if clsPool == nil { + return ErrEmptyPoolOperation + } + + if reg, exists := clsPool.free[offset]; exists { + clsPool.busy[offset] = reg + delete(clsPool.free, offset) + return nil + } + return ErrNotAllocated +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/memory/types.go b/vendor/github.com/Microsoft/hcsshim/internal/memory/types.go new file mode 100644 index 000000000..d6cdb8cc4 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/memory/types.go @@ -0,0 +1,28 @@ +package memory + +import "github.com/pkg/errors" + +type classType uint32 + +const ( + MiB = 1024 * 1024 + GiB = 1024 * MiB +) + +var ( + ErrNotEnoughSpace = errors.New("not enough space") + ErrNotAllocated = errors.New("no memory allocated at the given offset") +) + +// MappedRegion represents a memory block with an offset +type MappedRegion interface { + Offset() uint64 + Size() uint64 + Type() classType +} + +// Allocator is an interface for memory allocation +type Allocator interface { + Allocate(uint64) (MappedRegion, error) + Release(MappedRegion) error +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go b/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go index fee4765cb..0e2b7e9bf 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go @@ -1,9 +1,14 @@ package oc import ( + "context" + + "github.com/Microsoft/hcsshim/internal/log" "go.opencensus.io/trace" ) +var DefaultSampler = trace.AlwaysSample() + // SetSpanStatus sets `span.SetStatus` to the proper status depending on `err`. If // `err` is `nil` assumes `trace.StatusCodeOk`. func SetSpanStatus(span *trace.Span, err error) { @@ -15,3 +20,29 @@ func SetSpanStatus(span *trace.Span, err error) { } span.SetStatus(status) } + +// StartSpan wraps "go.opencensus.io/trace".StartSpan, but, if the span is sampling, +// adds a log entry to the context that points to the newly created span. +func StartSpan(ctx context.Context, name string, o ...trace.StartOption) (context.Context, *trace.Span) { + ctx, s := trace.StartSpan(ctx, name, o...) + return update(ctx, s) +} + +// StartSpanWithRemoteParent wraps "go.opencensus.io/trace".StartSpanWithRemoteParent. +// +// See StartSpan for more information. +func StartSpanWithRemoteParent(ctx context.Context, name string, parent trace.SpanContext, o ...trace.StartOption) (context.Context, *trace.Span) { + ctx, s := trace.StartSpanWithRemoteParent(ctx, name, parent, o...) + return update(ctx, s) +} + +func update(ctx context.Context, s *trace.Span) (context.Context, *trace.Span) { + if s.IsRecordingEvents() { + ctx = log.UpdateContext(ctx) + } + + return ctx, s +} + +var WithServerSpanKind = trace.WithSpanKind(trace.SpanKindServer) +var WithClientSpanKind = trace.WithSpanKind(trace.SpanKindClient) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/protocol/guestrequest/types.go b/vendor/github.com/Microsoft/hcsshim/internal/protocol/guestrequest/types.go new file mode 100644 index 000000000..d8d0c20b1 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/protocol/guestrequest/types.go @@ -0,0 +1,56 @@ +package guestrequest + +// These are constants for v2 schema modify requests. + +type RequestType string +type ResourceType string + +// RequestType const +const ( + RequestTypeAdd RequestType = "Add" + RequestTypeRemove RequestType = "Remove" + RequestTypePreAdd RequestType = "PreAdd" // For networking + RequestTypeUpdate RequestType = "Update" +) + +type SignalValueWCOW string + +const ( + SignalValueWCOWCtrlC SignalValueWCOW = "CtrlC" + SignalValueWCOWCtrlBreak SignalValueWCOW = "CtrlBreak" + SignalValueWCOWCtrlClose SignalValueWCOW = "CtrlClose" + SignalValueWCOWCtrlLogOff SignalValueWCOW = "CtrlLogOff" + SignalValueWCOWCtrlShutdown SignalValueWCOW = "CtrlShutdown" +) + +// ModificationRequest is for modify commands passed to the guest. +type ModificationRequest struct { + RequestType RequestType `json:"RequestType,omitempty"` + ResourceType ResourceType `json:"ResourceType,omitempty"` + Settings interface{} `json:"Settings,omitempty"` +} + +type NetworkModifyRequest struct { + AdapterId string `json:"AdapterId,omitempty"` //nolint:stylecheck + RequestType RequestType `json:"RequestType,omitempty"` + Settings interface{} `json:"Settings,omitempty"` +} + +type RS4NetworkModifyRequest struct { + AdapterInstanceId string `json:"AdapterInstanceId,omitempty"` //nolint:stylecheck + RequestType RequestType `json:"RequestType,omitempty"` + Settings interface{} `json:"Settings,omitempty"` +} + +var ( + // V5 GUIDs for SCSI controllers + // These GUIDs are created with namespace GUID "d422512d-2bf2-4752-809d-7b82b5fcb1b4" + // and index as names. For example, first GUID is created like this: + // guid.NewV5("d422512d-2bf2-4752-809d-7b82b5fcb1b4", []byte("0")) + ScsiControllerGuids = []string{ + "df6d0690-79e5-55b6-a5ec-c1e2f77f580a", + "0110f83b-de10-5172-a266-78bca56bf50a", + "b5d2d8d4-3a75-51bf-945b-3444dc6b8579", + "305891a9-b251-5dfe-91a2-c25d9212275b", + } +) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/regstate/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/regstate/doc.go new file mode 100644 index 000000000..51bcdf6e9 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/regstate/doc.go @@ -0,0 +1 @@ +package regstate diff --git a/vendor/github.com/Microsoft/hcsshim/internal/regstate/regstate.go b/vendor/github.com/Microsoft/hcsshim/internal/regstate/regstate.go index dcbc9334d..184975add 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/regstate/regstate.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/regstate/regstate.go @@ -1,3 +1,5 @@ +//go:build windows + package regstate import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/runhcs/container.go b/vendor/github.com/Microsoft/hcsshim/internal/runhcs/container.go index a161c204e..33c43e6c5 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/runhcs/container.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/runhcs/container.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/runhcs/vm.go b/vendor/github.com/Microsoft/hcsshim/internal/runhcs/vm.go index 2c8957b88..b3e443d60 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/runhcs/vm.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/runhcs/vm.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/safefile/do.go b/vendor/github.com/Microsoft/hcsshim/internal/safefile/do.go new file mode 100644 index 000000000..f211d25e7 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/safefile/do.go @@ -0,0 +1 @@ +package safefile diff --git a/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go b/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go index 66b8d7e03..e824bb778 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go @@ -1,3 +1,5 @@ +//go:build windows + package safefile import ( @@ -156,7 +158,6 @@ func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os. if (fi.FileAttributes & syscall.FILE_ATTRIBUTE_REPARSE_POINT) != 0 { return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(newroot.Name(), newname), Err: winapi.RtlNtStatusToDosError(winapi.STATUS_REPARSE_POINT_ENCOUNTERED)} } - } else { parent = newroot } @@ -339,6 +340,34 @@ func MkdirRelative(path string, root *os.File) error { return err } +// MkdirAllRelative creates each directory in the path relative to a root, failing if +// any existing intermediate path components are reparse points. +func MkdirAllRelative(path string, root *os.File) error { + pathParts := strings.Split(filepath.Clean(path), (string)(filepath.Separator)) + for index := range pathParts { + + partialPath := filepath.Join(pathParts[0 : index+1]...) + stat, err := LstatRelative(partialPath, root) + + if err != nil { + if os.IsNotExist(err) { + if err := MkdirRelative(partialPath, root); err != nil { + return err + } + continue + } + return err + } + + if !stat.IsDir() { + fullPath := filepath.Join(root.Name(), partialPath) + return &os.PathError{Op: "mkdir", Path: fullPath, Err: syscall.ENOTDIR} + } + } + + return nil +} + // LstatRelative performs a stat operation on a file relative to a root, failing // if any intermediate path components are reparse points. func LstatRelative(path string, root *os.File) (os.FileInfo, error) { diff --git a/vendor/github.com/Microsoft/hcsshim/internal/security/grantvmgroupaccess.go b/vendor/github.com/Microsoft/hcsshim/internal/security/grantvmgroupaccess.go new file mode 100644 index 000000000..bfcc15769 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/security/grantvmgroupaccess.go @@ -0,0 +1,192 @@ +//go:build windows +// +build windows + +package security + +import ( + "fmt" + "os" + "syscall" + "unsafe" +) + +type ( + accessMask uint32 + accessMode uint32 + desiredAccess uint32 + inheritMode uint32 + objectType uint32 + shareMode uint32 + securityInformation uint32 + trusteeForm uint32 + trusteeType uint32 +) + +type explicitAccess struct { + //nolint:structcheck + accessPermissions accessMask + //nolint:structcheck + accessMode accessMode + //nolint:structcheck + inheritance inheritMode + //nolint:structcheck + trustee trustee +} + +type trustee struct { + //nolint:unused,structcheck + multipleTrustee *trustee + //nolint:unused,structcheck + multipleTrusteeOperation int32 + trusteeForm trusteeForm + trusteeType trusteeType + name uintptr +} + +const ( + AccessMaskNone accessMask = 0 + AccessMaskRead accessMask = 1 << 31 // GENERIC_READ + AccessMaskWrite accessMask = 1 << 30 // GENERIC_WRITE + AccessMaskExecute accessMask = 1 << 29 // GENERIC_EXECUTE + AccessMaskAll accessMask = 1 << 28 // GENERIC_ALL + + accessMaskDesiredPermission = AccessMaskRead + + accessModeGrant accessMode = 1 + + desiredAccessReadControl desiredAccess = 0x20000 + desiredAccessWriteDac desiredAccess = 0x40000 + + gvmga = "GrantVmGroupAccess:" + + inheritModeNoInheritance inheritMode = 0x0 + inheritModeSubContainersAndObjectsInherit inheritMode = 0x3 + + objectTypeFileObject objectType = 0x1 + + securityInformationDACL securityInformation = 0x4 + + shareModeRead shareMode = 0x1 + shareModeWrite shareMode = 0x2 + + //nolint:stylecheck // ST1003 + sidVmGroup = "S-1-5-83-0" + + trusteeFormIsSid trusteeForm = 0 + + trusteeTypeWellKnownGroup trusteeType = 5 +) + +// GrantVmGroupAccess sets the DACL for a specified file or directory to +// include Grant ACE entries for the VM Group SID. This is a golang re- +// implementation of the same function in vmcompute, just not exported in +// RS5. Which kind of sucks. Sucks a lot :/ +func GrantVmGroupAccess(name string) error { //nolint:stylecheck // ST1003 + return GrantVmGroupAccessWithMask(name, accessMaskDesiredPermission) +} + +// GrantVmGroupAccessWithMask sets the desired DACL for a specified file or +// directory. +func GrantVmGroupAccessWithMask(name string, access accessMask) error { //nolint:stylecheck // ST1003 + if access == 0 || access<<4 != 0 { + return fmt.Errorf("invalid access mask: 0x%08x", access) + } + // Stat (to determine if `name` is a directory). + s, err := os.Stat(name) + if err != nil { + return fmt.Errorf("%s os.Stat %s: %w", gvmga, name, err) + } + + // Get a handle to the file/directory. Must defer Close on success. + fd, err := createFile(name, s.IsDir()) + if err != nil { + return err // Already wrapped + } + defer func() { + _ = syscall.CloseHandle(fd) + }() + + // Get the current DACL and Security Descriptor. Must defer LocalFree on success. + ot := objectTypeFileObject + si := securityInformationDACL + sd := uintptr(0) + origDACL := uintptr(0) + if err := getSecurityInfo(fd, uint32(ot), uint32(si), nil, nil, &origDACL, nil, &sd); err != nil { + return fmt.Errorf("%s GetSecurityInfo %s: %w", gvmga, name, err) + } + defer func() { + _, _ = syscall.LocalFree((syscall.Handle)(unsafe.Pointer(sd))) + }() + + // Generate a new DACL which is the current DACL with the required ACEs added. + // Must defer LocalFree on success. + newDACL, err := generateDACLWithAcesAdded(name, s.IsDir(), access, origDACL) + if err != nil { + return err // Already wrapped + } + defer func() { + _, _ = syscall.LocalFree((syscall.Handle)(unsafe.Pointer(newDACL))) + }() + + // And finally use SetSecurityInfo to apply the updated DACL. + if err := setSecurityInfo(fd, uint32(ot), uint32(si), uintptr(0), uintptr(0), newDACL, uintptr(0)); err != nil { + return fmt.Errorf("%s SetSecurityInfo %s: %w", gvmga, name, err) + } + + return nil +} + +// createFile is a helper function to call [Nt]CreateFile to get a handle to +// the file or directory. +func createFile(name string, isDir bool) (syscall.Handle, error) { + namep, err := syscall.UTF16FromString(name) + if err != nil { + return 0, fmt.Errorf("syscall.UTF16FromString %s: %w", name, err) + } + da := uint32(desiredAccessReadControl | desiredAccessWriteDac) + sm := uint32(shareModeRead | shareModeWrite) + fa := uint32(syscall.FILE_ATTRIBUTE_NORMAL) + if isDir { + fa = uint32(fa | syscall.FILE_FLAG_BACKUP_SEMANTICS) + } + fd, err := syscall.CreateFile(&namep[0], da, sm, nil, syscall.OPEN_EXISTING, fa, 0) + if err != nil { + return 0, fmt.Errorf("%s syscall.CreateFile %s: %w", gvmga, name, err) + } + return fd, nil +} + +// generateDACLWithAcesAdded generates a new DACL with the two needed ACEs added. +// The caller is responsible for LocalFree of the returned DACL on success. +func generateDACLWithAcesAdded(name string, isDir bool, desiredAccess accessMask, origDACL uintptr) (uintptr, error) { + // Generate pointers to the SIDs based on the string SIDs + sid, err := syscall.StringToSid(sidVmGroup) + if err != nil { + return 0, fmt.Errorf("%s syscall.StringToSid %s %s: %w", gvmga, name, sidVmGroup, err) + } + + inheritance := inheritModeNoInheritance + if isDir { + inheritance = inheritModeSubContainersAndObjectsInherit + } + + eaArray := []explicitAccess{ + { + accessPermissions: desiredAccess, + accessMode: accessModeGrant, + inheritance: inheritance, + trustee: trustee{ + trusteeForm: trusteeFormIsSid, + trusteeType: trusteeTypeWellKnownGroup, + name: uintptr(unsafe.Pointer(sid)), + }, + }, + } + + modifiedDACL := uintptr(0) + if err := setEntriesInAcl(uintptr(uint32(1)), uintptr(unsafe.Pointer(&eaArray[0])), origDACL, &modifiedDACL); err != nil { + return 0, fmt.Errorf("%s SetEntriesInAcl %s: %w", gvmga, name, err) + } + + return modifiedDACL, nil +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/security/syscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/security/syscall_windows.go new file mode 100644 index 000000000..f0cdd7d20 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/security/syscall_windows.go @@ -0,0 +1,7 @@ +package security + +//go:generate go run $GOPATH/src/golang.org/x/sys/windows/mkwinsyscall/mkwinsyscall.go -output zsyscall_windows.go syscall_windows.go + +//sys getSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, ppsidOwner **uintptr, ppsidGroup **uintptr, ppDacl *uintptr, ppSacl *uintptr, ppSecurityDescriptor *uintptr) (win32err error) = advapi32.GetSecurityInfo +//sys setSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, psidOwner uintptr, psidGroup uintptr, pDacl uintptr, pSacl uintptr) (win32err error) = advapi32.SetSecurityInfo +//sys setEntriesInAcl(count uintptr, pListOfEEs uintptr, oldAcl uintptr, newAcl *uintptr) (win32err error) = advapi32.SetEntriesInAclW diff --git a/vendor/github.com/Microsoft/hcsshim/internal/security/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/security/zsyscall_windows.go new file mode 100644 index 000000000..4084680e0 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/security/zsyscall_windows.go @@ -0,0 +1,70 @@ +// Code generated by 'go generate'; DO NOT EDIT. + +package security + +import ( + "syscall" + "unsafe" + + "golang.org/x/sys/windows" +) + +var _ unsafe.Pointer + +// Do the interface allocations only once for common +// Errno values. +const ( + errnoERROR_IO_PENDING = 997 +) + +var ( + errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING) + errERROR_EINVAL error = syscall.EINVAL +) + +// errnoErr returns common boxed Errno values, to prevent +// allocations at runtime. +func errnoErr(e syscall.Errno) error { + switch e { + case 0: + return errERROR_EINVAL + case errnoERROR_IO_PENDING: + return errERROR_IO_PENDING + } + // TODO: add more here, after collecting data on the common + // error values see on Windows. (perhaps when running + // all.bat?) + return e +} + +var ( + modadvapi32 = windows.NewLazySystemDLL("advapi32.dll") + + procGetSecurityInfo = modadvapi32.NewProc("GetSecurityInfo") + procSetEntriesInAclW = modadvapi32.NewProc("SetEntriesInAclW") + procSetSecurityInfo = modadvapi32.NewProc("SetSecurityInfo") +) + +func getSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, ppsidOwner **uintptr, ppsidGroup **uintptr, ppDacl *uintptr, ppSacl *uintptr, ppSecurityDescriptor *uintptr) (win32err error) { + r0, _, _ := syscall.Syscall9(procGetSecurityInfo.Addr(), 8, uintptr(handle), uintptr(objectType), uintptr(si), uintptr(unsafe.Pointer(ppsidOwner)), uintptr(unsafe.Pointer(ppsidGroup)), uintptr(unsafe.Pointer(ppDacl)), uintptr(unsafe.Pointer(ppSacl)), uintptr(unsafe.Pointer(ppSecurityDescriptor)), 0) + if r0 != 0 { + win32err = syscall.Errno(r0) + } + return +} + +func setEntriesInAcl(count uintptr, pListOfEEs uintptr, oldAcl uintptr, newAcl *uintptr) (win32err error) { + r0, _, _ := syscall.Syscall6(procSetEntriesInAclW.Addr(), 4, uintptr(count), uintptr(pListOfEEs), uintptr(oldAcl), uintptr(unsafe.Pointer(newAcl)), 0, 0) + if r0 != 0 { + win32err = syscall.Errno(r0) + } + return +} + +func setSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, psidOwner uintptr, psidGroup uintptr, pDacl uintptr, pSacl uintptr) (win32err error) { + r0, _, _ := syscall.Syscall9(procSetSecurityInfo.Addr(), 7, uintptr(handle), uintptr(objectType), uintptr(si), uintptr(psidOwner), uintptr(psidGroup), uintptr(pDacl), uintptr(pSacl), 0, 0) + if r0 != 0 { + win32err = syscall.Errno(r0) + } + return +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/doc.go new file mode 100644 index 000000000..9dd00c812 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/doc.go @@ -0,0 +1 @@ +package vmcompute diff --git a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go index e7f114b67..3622f3bbe 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go @@ -1,3 +1,5 @@ +//go:build windows + package vmcompute import ( @@ -5,12 +7,13 @@ import ( "syscall" "time" + "go.opencensus.io/trace" + "github.com/Microsoft/hcsshim/internal/interop" "github.com/Microsoft/hcsshim/internal/log" "github.com/Microsoft/hcsshim/internal/logfields" "github.com/Microsoft/hcsshim/internal/oc" "github.com/Microsoft/hcsshim/internal/timeout" - "go.opencensus.io/trace" ) //go:generate go run ../../mksyscall_windows.go -output zsyscall_windows.go vmcompute.go @@ -95,7 +98,7 @@ func execute(ctx gcontext.Context, timeout time.Duration, f func() error) error } func HcsEnumerateComputeSystems(ctx gcontext.Context, query string) (computeSystems, result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsEnumerateComputeSystems") + ctx, span := oc.StartSpan(ctx, "HcsEnumerateComputeSystems") defer span.End() defer func() { if result != "" { @@ -122,7 +125,7 @@ func HcsEnumerateComputeSystems(ctx gcontext.Context, query string) (computeSyst } func HcsCreateComputeSystem(ctx gcontext.Context, id string, configuration string, identity syscall.Handle) (computeSystem HcsSystem, result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsCreateComputeSystem") + ctx, span := oc.StartSpan(ctx, "HcsCreateComputeSystem") defer span.End() defer func() { if result != "" { @@ -147,7 +150,7 @@ func HcsCreateComputeSystem(ctx gcontext.Context, id string, configuration strin } func HcsOpenComputeSystem(ctx gcontext.Context, id string) (computeSystem HcsSystem, result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsOpenComputeSystem") + ctx, span := oc.StartSpan(ctx, "HcsOpenComputeSystem") defer span.End() defer func() { if result != "" { @@ -167,7 +170,7 @@ func HcsOpenComputeSystem(ctx gcontext.Context, id string) (computeSystem HcsSys } func HcsCloseComputeSystem(ctx gcontext.Context, computeSystem HcsSystem) (hr error) { - ctx, span := trace.StartSpan(ctx, "HcsCloseComputeSystem") + ctx, span := oc.StartSpan(ctx, "HcsCloseComputeSystem") defer span.End() defer func() { oc.SetSpanStatus(span, hr) }() @@ -177,7 +180,7 @@ func HcsCloseComputeSystem(ctx gcontext.Context, computeSystem HcsSystem) (hr er } func HcsStartComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsStartComputeSystem") + ctx, span := oc.StartSpan(ctx, "HcsStartComputeSystem") defer span.End() defer func() { if result != "" { @@ -200,7 +203,7 @@ func HcsStartComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, option } func HcsShutdownComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsShutdownComputeSystem") + ctx, span := oc.StartSpan(ctx, "HcsShutdownComputeSystem") defer span.End() defer func() { if result != "" { @@ -223,7 +226,7 @@ func HcsShutdownComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, opt } func HcsTerminateComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsTerminateComputeSystem") + ctx, span := oc.StartSpan(ctx, "HcsTerminateComputeSystem") defer span.End() defer func() { if result != "" { @@ -246,7 +249,7 @@ func HcsTerminateComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, op } func HcsPauseComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsPauseComputeSystem") + ctx, span := oc.StartSpan(ctx, "HcsPauseComputeSystem") defer span.End() defer func() { if result != "" { @@ -269,7 +272,7 @@ func HcsPauseComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, option } func HcsResumeComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsResumeComputeSystem") + ctx, span := oc.StartSpan(ctx, "HcsResumeComputeSystem") defer span.End() defer func() { if result != "" { @@ -292,7 +295,7 @@ func HcsResumeComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, optio } func HcsGetComputeSystemProperties(ctx gcontext.Context, computeSystem HcsSystem, propertyQuery string) (properties, result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsGetComputeSystemProperties") + ctx, span := oc.StartSpan(ctx, "HcsGetComputeSystemProperties") defer span.End() defer func() { if result != "" { @@ -319,7 +322,7 @@ func HcsGetComputeSystemProperties(ctx gcontext.Context, computeSystem HcsSystem } func HcsModifyComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, configuration string) (result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsModifyComputeSystem") + ctx, span := oc.StartSpan(ctx, "HcsModifyComputeSystem") defer span.End() defer func() { if result != "" { @@ -340,7 +343,7 @@ func HcsModifyComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, confi } func HcsModifyServiceSettings(ctx gcontext.Context, settings string) (result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsModifyServiceSettings") + ctx, span := oc.StartSpan(ctx, "HcsModifyServiceSettings") defer span.End() defer func() { if result != "" { @@ -361,7 +364,7 @@ func HcsModifyServiceSettings(ctx gcontext.Context, settings string) (result str } func HcsRegisterComputeSystemCallback(ctx gcontext.Context, computeSystem HcsSystem, callback uintptr, context uintptr) (callbackHandle HcsCallback, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsRegisterComputeSystemCallback") + ctx, span := oc.StartSpan(ctx, "HcsRegisterComputeSystemCallback") defer span.End() defer func() { oc.SetSpanStatus(span, hr) }() @@ -371,7 +374,7 @@ func HcsRegisterComputeSystemCallback(ctx gcontext.Context, computeSystem HcsSys } func HcsUnregisterComputeSystemCallback(ctx gcontext.Context, callbackHandle HcsCallback) (hr error) { - ctx, span := trace.StartSpan(ctx, "HcsUnregisterComputeSystemCallback") + ctx, span := oc.StartSpan(ctx, "HcsUnregisterComputeSystemCallback") defer span.End() defer func() { oc.SetSpanStatus(span, hr) }() @@ -381,7 +384,7 @@ func HcsUnregisterComputeSystemCallback(ctx gcontext.Context, callbackHandle Hcs } func HcsCreateProcess(ctx gcontext.Context, computeSystem HcsSystem, processParameters string) (processInformation HcsProcessInformation, process HcsProcess, result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsCreateProcess") + ctx, span := oc.StartSpan(ctx, "HcsCreateProcess") defer span.End() defer func() { if result != "" { @@ -389,7 +392,12 @@ func HcsCreateProcess(ctx gcontext.Context, computeSystem HcsSystem, processPara } oc.SetSpanStatus(span, hr) }() - span.AddAttributes(trace.StringAttribute("processParameters", processParameters)) + if span.IsRecordingEvents() { + // wont handle v1 process parameters + if s, err := log.ScrubProcessParameters(processParameters); err == nil { + span.AddAttributes(trace.StringAttribute("processParameters", s)) + } + } return processInformation, process, result, execute(ctx, timeout.SyscallWatcher, func() error { var resultp *uint16 @@ -402,7 +410,7 @@ func HcsCreateProcess(ctx gcontext.Context, computeSystem HcsSystem, processPara } func HcsOpenProcess(ctx gcontext.Context, computeSystem HcsSystem, pid uint32) (process HcsProcess, result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsOpenProcess") + ctx, span := oc.StartSpan(ctx, "HcsOpenProcess") defer span.End() defer func() { if result != "" { @@ -423,7 +431,7 @@ func HcsOpenProcess(ctx gcontext.Context, computeSystem HcsSystem, pid uint32) ( } func HcsCloseProcess(ctx gcontext.Context, process HcsProcess) (hr error) { - ctx, span := trace.StartSpan(ctx, "HcsCloseProcess") + ctx, span := oc.StartSpan(ctx, "HcsCloseProcess") defer span.End() defer func() { oc.SetSpanStatus(span, hr) }() @@ -433,7 +441,7 @@ func HcsCloseProcess(ctx gcontext.Context, process HcsProcess) (hr error) { } func HcsTerminateProcess(ctx gcontext.Context, process HcsProcess) (result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsTerminateProcess") + ctx, span := oc.StartSpan(ctx, "HcsTerminateProcess") defer span.End() defer func() { if result != "" { @@ -453,7 +461,7 @@ func HcsTerminateProcess(ctx gcontext.Context, process HcsProcess) (result strin } func HcsSignalProcess(ctx gcontext.Context, process HcsProcess, options string) (result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsSignalProcess") + ctx, span := oc.StartSpan(ctx, "HcsSignalProcess") defer span.End() defer func() { if result != "" { @@ -474,7 +482,7 @@ func HcsSignalProcess(ctx gcontext.Context, process HcsProcess, options string) } func HcsGetProcessInfo(ctx gcontext.Context, process HcsProcess) (processInformation HcsProcessInformation, result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsGetProcessInfo") + ctx, span := oc.StartSpan(ctx, "HcsGetProcessInfo") defer span.End() defer func() { if result != "" { @@ -494,7 +502,7 @@ func HcsGetProcessInfo(ctx gcontext.Context, process HcsProcess) (processInforma } func HcsGetProcessProperties(ctx gcontext.Context, process HcsProcess) (processProperties, result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsGetProcessProperties") + ctx, span := oc.StartSpan(ctx, "HcsGetProcessProperties") defer span.End() defer func() { if result != "" { @@ -520,7 +528,7 @@ func HcsGetProcessProperties(ctx gcontext.Context, process HcsProcess) (processP } func HcsModifyProcess(ctx gcontext.Context, process HcsProcess, settings string) (result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsModifyProcess") + ctx, span := oc.StartSpan(ctx, "HcsModifyProcess") defer span.End() defer func() { if result != "" { @@ -541,7 +549,7 @@ func HcsModifyProcess(ctx gcontext.Context, process HcsProcess, settings string) } func HcsGetServiceProperties(ctx gcontext.Context, propertyQuery string) (properties, result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsGetServiceProperties") + ctx, span := oc.StartSpan(ctx, "HcsGetServiceProperties") defer span.End() defer func() { if result != "" { @@ -568,7 +576,7 @@ func HcsGetServiceProperties(ctx gcontext.Context, propertyQuery string) (proper } func HcsRegisterProcessCallback(ctx gcontext.Context, process HcsProcess, callback uintptr, context uintptr) (callbackHandle HcsCallback, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsRegisterProcessCallback") + ctx, span := oc.StartSpan(ctx, "HcsRegisterProcessCallback") defer span.End() defer func() { oc.SetSpanStatus(span, hr) }() @@ -578,7 +586,7 @@ func HcsRegisterProcessCallback(ctx gcontext.Context, process HcsProcess, callba } func HcsUnregisterProcessCallback(ctx gcontext.Context, callbackHandle HcsCallback) (hr error) { - ctx, span := trace.StartSpan(ctx, "HcsUnregisterProcessCallback") + ctx, span := oc.StartSpan(ctx, "HcsUnregisterProcessCallback") defer span.End() defer func() { oc.SetSpanStatus(span, hr) }() @@ -588,7 +596,7 @@ func HcsUnregisterProcessCallback(ctx gcontext.Context, callbackHandle HcsCallba } func HcsSaveComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, options string) (result string, hr error) { - ctx, span := trace.StartSpan(ctx, "HcsSaveComputeSystem") + ctx, span := oc.StartSpan(ctx, "HcsSaveComputeSystem") defer span.End() defer func() { if result != "" { diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go index 5debe974d..e12253c94 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -14,7 +16,7 @@ import ( // An activated layer must later be deactivated via DeactivateLayer. func ActivateLayer(ctx context.Context, path string) (err error) { title := "hcsshim::ActivateLayer" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("path", path)) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go index 3ec708d1e..aea8b421e 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -48,7 +50,6 @@ func reapplyDirectoryTimes(root *os.File, dis []dirInfo) error { if err != nil { return err } - } return nil } diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go index 480aee872..932475723 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -12,7 +14,7 @@ import ( // the parent layer provided. func CreateLayer(ctx context.Context, path, parent string) (err error) { title := "hcsshim::CreateLayer" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go index 131aa94f1..5c9d5d250 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -13,7 +15,7 @@ import ( // This requires the full list of paths to all parent layers up to the base func CreateScratchLayer(ctx context.Context, path string, parentLayerPaths []string) (err error) { title := "hcsshim::CreateScratchLayer" - ctx, span := trace.StartSpan(ctx, title) + ctx, span := oc.StartSpan(ctx, title) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go index d5bf2f5bd..e3bc77cbc 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -11,7 +13,7 @@ import ( // DeactivateLayer will dismount a layer that was mounted via ActivateLayer. func DeactivateLayer(ctx context.Context, path string) (err error) { title := "hcsshim::DeactivateLayer" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("path", path)) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go index 424467ac3..d0a59efe1 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -12,7 +14,7 @@ import ( // path, including that layer's containing folder, if any. func DestroyLayer(ctx context.Context, path string) (err error) { title := "hcsshim::DestroyLayer" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("path", path)) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/doc.go new file mode 100644 index 000000000..dd1d55580 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/doc.go @@ -0,0 +1,4 @@ +// Package wclayer provides bindings to HCS's legacy layer management API and +// provides a higher level interface around these calls for container layer +// management. +package wclayer diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go index 035c9041e..e2ec27ad0 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -16,7 +18,7 @@ import ( // ExpandScratchSize expands the size of a layer to at least size bytes. func ExpandScratchSize(ctx context.Context, path string, size uint64) (err error) { title := "hcsshim::ExpandScratchSize" - ctx, span := trace.StartSpan(ctx, title) + ctx, span := oc.StartSpan(ctx, title) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go index 97b27eb7d..08d6afd3b 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -19,7 +21,7 @@ import ( // perform the export. func ExportLayer(ctx context.Context, path string, exportFolderPath string, parentLayerPaths []string) (err error) { title := "hcsshim::ExportLayer" - ctx, span := trace.StartSpan(ctx, title) + ctx, span := oc.StartSpan(ctx, title) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( @@ -40,9 +42,14 @@ func ExportLayer(ctx context.Context, path string, exportFolderPath string, pare return nil } +// LayerReader is an interface that supports reading an existing container image layer. type LayerReader interface { + // Next advances to the next file and returns the name, size, and file info Next() (string, int64, *winio.FileBasicInfo, error) + // Read reads data from the current file, in the format of a Win32 backup stream, and + // returns the number of bytes read. Read(b []byte) (int, error) + // Close finishes the layer reading process and releases any resources. Close() error } @@ -50,7 +57,7 @@ type LayerReader interface { // The caller must have taken the SeBackupPrivilege privilege // to call this and any methods on the resulting LayerReader. func NewLayerReader(ctx context.Context, path string, parentLayerPaths []string) (_ LayerReader, err error) { - ctx, span := trace.StartSpan(ctx, "hcsshim::NewLayerReader") + ctx, span := oc.StartSpan(ctx, "hcsshim::NewLayerReader") defer func() { if err != nil { oc.SetSpanStatus(span, err) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go index 8d213f587..715e06e37 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -16,7 +18,7 @@ import ( // folder path at which the layer is stored. func GetLayerMountPath(ctx context.Context, path string) (_ string, err error) { title := "hcsshim::GetLayerMountPath" - ctx, span := trace.StartSpan(ctx, title) + ctx, span := oc.StartSpan(ctx, title) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("path", path)) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go index ae1fff840..5e400fb20 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -14,7 +16,7 @@ import ( // of registering them with the graphdriver, graph, and tagstore. func GetSharedBaseImages(ctx context.Context) (_ string, err error) { title := "hcsshim::GetSharedBaseImages" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go index 4b282fef9..20217ed81 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -11,7 +13,7 @@ import ( // GrantVmAccess adds access to a file for a given VM func GrantVmAccess(ctx context.Context, vmid string, filepath string) (err error) { title := "hcsshim::GrantVmAccess" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go index 687550f0b..b9946c5f4 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -20,7 +22,7 @@ import ( // be present on the system at the paths provided in parentLayerPaths. func ImportLayer(ctx context.Context, path string, importFolderPath string, parentLayerPaths []string) (err error) { title := "hcsshim::ImportLayer" - ctx, span := trace.StartSpan(ctx, title) + ctx, span := oc.StartSpan(ctx, title) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( @@ -124,7 +126,7 @@ func (r *legacyLayerWriterWrapper) Close() (err error) { // The caller must have taken the SeBackupPrivilege and SeRestorePrivilege privileges // to call this and any methods on the resulting LayerWriter. func NewLayerWriter(ctx context.Context, path string, parentLayerPaths []string) (_ LayerWriter, err error) { - ctx, span := trace.StartSpan(ctx, "hcsshim::NewLayerWriter") + ctx, span := oc.StartSpan(ctx, "hcsshim::NewLayerWriter") defer func() { if err != nil { oc.SetSpanStatus(span, err) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go index 01e672339..4d82977ea 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -12,7 +14,7 @@ import ( // to the system. func LayerExists(ctx context.Context, path string) (_ bool, err error) { title := "hcsshim::LayerExists" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("path", path)) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go index 0ce34a30f..d4805f144 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -12,7 +14,7 @@ import ( // LayerID returns the layer ID of a layer on disk. func LayerID(ctx context.Context, path string) (_ guid.GUID, err error) { title := "hcsshim::LayerID" - ctx, span := trace.StartSpan(ctx, title) + ctx, span := oc.StartSpan(ctx, title) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("path", path)) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go index 1ec893c6a..86f0549ef 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer // This file contains utility functions to support storage (graph) related diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go index b7f3064f2..3e431877f 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -262,7 +264,6 @@ func (r *legacyLayerReader) Next() (path string, size int64, fileInfo *winio.Fil // The creation time and access time get reset for files outside of the Files path. fileInfo.CreationTime = fileInfo.LastWriteTime fileInfo.LastAccessTime = fileInfo.LastWriteTime - } else { // The file attributes are written before the backup stream. var attr uint32 @@ -349,7 +350,7 @@ type legacyLayerWriter struct { currentIsDir bool } -// newLegacyLayerWriter returns a LayerWriter that can write the contaler layer +// newLegacyLayerWriter returns a LayerWriter that can write the container layer // transport format to disk. func newLegacyLayerWriter(root string, parentRoots []string, destRoot string) (w *legacyLayerWriter, err error) { w = &legacyLayerWriter{ @@ -730,7 +731,7 @@ func (w *legacyLayerWriter) AddLink(name string, target string) error { return errors.New("invalid hard link in layer") } - // Find to try the target of the link in a previously added file. If that + // Try to find the target of the link in a previously added file. If that // fails, search in parent layers. var selectedRoot *os.File if _, ok := w.addedFiles[target]; ok { diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go index 09950297c..c45fa2750 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -14,7 +16,7 @@ import ( // across all clients. func NameToGuid(ctx context.Context, name string) (_ guid.GUID, err error) { title := "hcsshim::NameToGuid" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("objectName", name)) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go index 90129faef..b66e07124 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -19,7 +21,7 @@ var prepareLayerLock sync.Mutex // Disabling the filter must be done via UnprepareLayer. func PrepareLayer(ctx context.Context, path string, parentLayerPaths []string) (err error) { title := "hcsshim::PrepareLayer" - ctx, span := trace.StartSpan(ctx, title) + ctx, span := oc.StartSpan(ctx, title) defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go index 30bcdff5f..7c49cbda4 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -12,7 +14,7 @@ import ( // The files should have been extracted to \Files. func ProcessBaseLayer(ctx context.Context, path string) (err error) { title := "hcsshim::ProcessBaseLayer" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("path", path)) @@ -28,7 +30,7 @@ func ProcessBaseLayer(ctx context.Context, path string) (err error) { // The files should have been extracted to \Files. func ProcessUtilityVMImage(ctx context.Context, path string) (err error) { title := "hcsshim::ProcessUtilityVMImage" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("path", path)) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go index 71b130c52..fe20702c1 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go @@ -1,3 +1,5 @@ +//go:build windows + package wclayer import ( @@ -12,7 +14,7 @@ import ( // the given id. func UnprepareLayer(ctx context.Context, path string) (err error) { title := "hcsshim::UnprepareLayer" - ctx, span := trace.StartSpan(ctx, title) //nolint:ineffassign,staticcheck + ctx, span := oc.StartSpan(ctx, title) //nolint:ineffassign,staticcheck defer span.End() defer func() { oc.SetSpanStatus(span, err) }() span.AddAttributes(trace.StringAttribute("path", path)) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go index 9b1e06d50..8aeab8d24 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go @@ -1,6 +1,5 @@ -// Package wclayer provides bindings to HCS's legacy layer management API and -// provides a higher level interface around these calls for container layer -// management. +//go:build windows + package wclayer import "github.com/Microsoft/go-winio/pkg/guid" diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/bindflt.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/bindflt.go new file mode 100644 index 000000000..559d44325 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/bindflt.go @@ -0,0 +1,19 @@ +package winapi + +const ( + BINDFLT_FLAG_READ_ONLY_MAPPING uint32 = 0x00000001 + BINDFLT_FLAG_MERGED_BIND_MAPPING uint32 = 0x00000002 + BINDFLT_FLAG_USE_CURRENT_SILO_MAPPING uint32 = 0x00000004 +) + +// HRESULT +// BfSetupFilter( +// _In_opt_ HANDLE JobHandle, +// _In_ ULONG Flags, +// _In_ LPCWSTR VirtualizationRootPath, +// _In_ LPCWSTR VirtualizationTargetPath, +// _In_reads_opt_( VirtualizationExceptionPathCount ) LPCWSTR* VirtualizationExceptionPaths, +// _In_opt_ ULONG VirtualizationExceptionPathCount +// ); +// +//sys BfSetupFilter(jobHandle windows.Handle, flags uint32, virtRootPath *uint16, virtTargetPath *uint16, virtExceptions **uint16, virtExceptionPathCount uint32) (hr error) = bindfltapi.BfSetupFilter? diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/console.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/console.go index def952541..4547cdd8e 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/console.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/console.go @@ -1,3 +1,5 @@ +//go:build windows + package winapi import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go index df28ea242..7875466ca 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go @@ -1,3 +1,5 @@ +//go:build windows + package winapi import "github.com/Microsoft/go-winio/pkg/guid" diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/doc.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/doc.go new file mode 100644 index 000000000..9acc0bfc1 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/doc.go @@ -0,0 +1,3 @@ +// Package winapi contains various low-level bindings to Windows APIs. It can +// be thought of as an extension to golang.org/x/sys/windows. +package winapi diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/elevation.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/elevation.go new file mode 100644 index 000000000..40cbf8712 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/elevation.go @@ -0,0 +1,11 @@ +//go:build windows + +package winapi + +import ( + "golang.org/x/sys/windows" +) + +func IsElevated() bool { + return windows.GetCurrentProcessToken().IsElevated() +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go index 4e80ef68c..49ce924cb 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go @@ -1,3 +1,5 @@ +//go:build windows + package winapi import "syscall" diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go index 7ce52afd5..0d78c051b 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go @@ -1,3 +1,5 @@ +//go:build windows + package winapi //sys NtCreateFile(handle *uintptr, accessMask uint32, oa *ObjectAttributes, iosb *IOStatusBlock, allocationSize *uint64, fileAttributes uint32, shareAccess uint32, createDisposition uint32, createOptions uint32, eaBuffer *byte, eaLength uint32) (status uint32) = ntdll.NtCreateFile diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go index 7eb13f8f0..b103f3e2d 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go @@ -1,3 +1,5 @@ +//go:build windows + package winapi import ( @@ -55,6 +57,8 @@ const ( JobObjectLimitViolationInformation uint32 = 13 JobObjectMemoryUsageInformation uint32 = 28 JobObjectNotificationLimitInformation2 uint32 = 33 + JobObjectCreateSilo uint32 = 35 + JobObjectSiloBasicInformation uint32 = 36 JobObjectIoAttribution uint32 = 42 ) @@ -111,29 +115,27 @@ type JOBOBJECT_BASIC_ACCOUNTING_INFORMATION struct { TotalTerminateProcesses uint32 } -//https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_and_io_accounting_information +// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_and_io_accounting_information type JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION struct { BasicInfo JOBOBJECT_BASIC_ACCOUNTING_INFORMATION IoInfo windows.IO_COUNTERS } -// typedef struct _JOBOBJECT_MEMORY_USAGE_INFORMATION { -// ULONG64 JobMemory; -// ULONG64 PeakJobMemoryUsed; -// } JOBOBJECT_MEMORY_USAGE_INFORMATION, *PJOBOBJECT_MEMORY_USAGE_INFORMATION; -// +// typedef struct _JOBOBJECT_MEMORY_USAGE_INFORMATION { +// ULONG64 JobMemory; +// ULONG64 PeakJobMemoryUsed; +// } JOBOBJECT_MEMORY_USAGE_INFORMATION, *PJOBOBJECT_MEMORY_USAGE_INFORMATION; type JOBOBJECT_MEMORY_USAGE_INFORMATION struct { JobMemory uint64 PeakJobMemoryUsed uint64 } -// typedef struct _JOBOBJECT_IO_ATTRIBUTION_STATS { -// ULONG_PTR IoCount; -// ULONGLONG TotalNonOverlappedQueueTime; -// ULONGLONG TotalNonOverlappedServiceTime; -// ULONGLONG TotalSize; -// } JOBOBJECT_IO_ATTRIBUTION_STATS, *PJOBOBJECT_IO_ATTRIBUTION_STATS; -// +// typedef struct _JOBOBJECT_IO_ATTRIBUTION_STATS { +// ULONG_PTR IoCount; +// ULONGLONG TotalNonOverlappedQueueTime; +// ULONGLONG TotalNonOverlappedServiceTime; +// ULONGLONG TotalSize; +// } JOBOBJECT_IO_ATTRIBUTION_STATS, *PJOBOBJECT_IO_ATTRIBUTION_STATS; type JOBOBJECT_IO_ATTRIBUTION_STATS struct { IoCount uintptr TotalNonOverlappedQueueTime uint64 @@ -141,12 +143,11 @@ type JOBOBJECT_IO_ATTRIBUTION_STATS struct { TotalSize uint64 } -// typedef struct _JOBOBJECT_IO_ATTRIBUTION_INFORMATION { -// ULONG ControlFlags; -// JOBOBJECT_IO_ATTRIBUTION_STATS ReadStats; -// JOBOBJECT_IO_ATTRIBUTION_STATS WriteStats; -// } JOBOBJECT_IO_ATTRIBUTION_INFORMATION, *PJOBOBJECT_IO_ATTRIBUTION_INFORMATION; -// +// typedef struct _JOBOBJECT_IO_ATTRIBUTION_INFORMATION { +// ULONG ControlFlags; +// JOBOBJECT_IO_ATTRIBUTION_STATS ReadStats; +// JOBOBJECT_IO_ATTRIBUTION_STATS WriteStats; +// } JOBOBJECT_IO_ATTRIBUTION_INFORMATION, *PJOBOBJECT_IO_ATTRIBUTION_INFORMATION; type JOBOBJECT_IO_ATTRIBUTION_INFORMATION struct { ControlFlags uint32 ReadStats JOBOBJECT_IO_ATTRIBUTION_STATS @@ -183,7 +184,7 @@ type JOBOBJECT_ASSOCIATE_COMPLETION_PORT struct { // LPCWSTR lpName // ); // -//sys OpenJobObject(desiredAccess uint32, inheritHandle bool, lpName *uint16) (handle windows.Handle, err error) = kernel32.OpenJobObjectW +//sys OpenJobObject(desiredAccess uint32, inheritHandle int32, lpName *uint16) (handle windows.Handle, err error) = kernel32.OpenJobObjectW // DWORD SetIoRateControlInformationJobObject( // HANDLE hJob, @@ -198,6 +199,7 @@ type JOBOBJECT_ASSOCIATE_COMPLETION_PORT struct { // JOBOBJECT_IO_RATE_CONTROL_INFORMATION **InfoBlocks, // ULONG *InfoBlockCount // ); +// //sys QueryIoRateControlInformationJobObject(jobHandle windows.Handle, volumeName *uint16, ioRateControlInfo **JOBOBJECT_IO_RATE_CONTROL_INFORMATION, infoBlockCount *uint32) (ret uint32, err error) = kernel32.QueryIoRateControlInformationJobObject // NTSTATUS @@ -206,6 +208,7 @@ type JOBOBJECT_ASSOCIATE_COMPLETION_PORT struct { // _In_ ACCESS_MASK DesiredAccess, // _In_ POBJECT_ATTRIBUTES ObjectAttributes // ); +// //sys NtOpenJobObject(jobHandle *windows.Handle, desiredAccess uint32, objAttributes *ObjectAttributes) (status uint32) = ntdll.NtOpenJobObject // NTSTATUS @@ -215,4 +218,5 @@ type JOBOBJECT_ASSOCIATE_COMPLETION_PORT struct { // _In_ ACCESS_MASK DesiredAccess, // _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes // ); +// //sys NtCreateJobObject(jobHandle *windows.Handle, desiredAccess uint32, objAttributes *ObjectAttributes) (status uint32) = ntdll.NtCreateJobObject diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go index 908920e87..c6a149b55 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go @@ -8,4 +8,5 @@ package winapi // LPWSTR lpBuffer, // LPWSTR *lpFilePart // ); +// //sys SearchPath(lpPath *uint16, lpFileName *uint16, lpExtension *uint16, nBufferLength uint32, lpBuffer *uint16, lpFilePath *uint16) (size uint32, err error) = kernel32.SearchPathW diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go index 78fe01a4b..cb494aaa6 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go @@ -1,3 +1,5 @@ +//go:build windows + package winapi import "golang.org/x/sys/windows" diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/thread.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/thread.go index 4724713e3..f23141a83 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/thread.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/thread.go @@ -9,4 +9,5 @@ package winapi // DWORD dwCreationFlags, // LPDWORD lpThreadId // ); +// //sys CreateRemoteThread(process windows.Handle, sa *windows.SecurityAttributes, stackSize uint32, startAddr uintptr, parameter uintptr, creationFlags uint32, threadID *uint32) (handle windows.Handle, err error) = kernel32.CreateRemoteThread diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/user.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/user.go new file mode 100644 index 000000000..8abc095d6 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/user.go @@ -0,0 +1,194 @@ +//go:build windows + +package winapi + +import ( + "syscall" + + "golang.org/x/sys/windows" +) + +const UserNameCharLimit = 20 + +const ( + USER_PRIV_GUEST uint32 = iota + USER_PRIV_USER + USER_PRIV_ADMIN +) + +const ( + UF_NORMAL_ACCOUNT = 0x00200 + UF_DONT_EXPIRE_PASSWD = 0x10000 +) + +const NERR_UserNotFound = syscall.Errno(0x8AD) + +// typedef struct _LOCALGROUP_MEMBERS_INFO_0 { +// PSID lgrmi0_sid; +// } LOCALGROUP_MEMBERS_INFO_0, *PLOCALGROUP_MEMBERS_INFO_0, *LPLOCALGROUP_MEMBERS_INFO_0; +type LocalGroupMembersInfo0 struct { + Sid *windows.SID +} + +// typedef struct _LOCALGROUP_INFO_1 { +// LPWSTR lgrpi1_name; +// LPWSTR lgrpi1_comment; +// } LOCALGROUP_INFO_1, *PLOCALGROUP_INFO_1, *LPLOCALGROUP_INFO_1; +type LocalGroupInfo1 struct { + Name *uint16 + Comment *uint16 +} + +// typedef struct _USER_INFO_1 { +// LPWSTR usri1_name; +// LPWSTR usri1_password; +// DWORD usri1_password_age; +// DWORD usri1_priv; +// LPWSTR usri1_home_dir; +// LPWSTR usri1_comment; +// DWORD usri1_flags; +// LPWSTR usri1_script_path; +// } USER_INFO_1, *PUSER_INFO_1, *LPUSER_INFO_1; +type UserInfo1 struct { + Name *uint16 + Password *uint16 + PasswordAge uint32 + Priv uint32 + HomeDir *uint16 + Comment *uint16 + Flags uint32 + ScriptPath *uint16 +} + +// NET_API_STATUS NET_API_FUNCTION NetLocalGroupGetInfo( +// [in] LPCWSTR servername, +// [in] LPCWSTR groupname, +// [in] DWORD level, +// [out] LPBYTE *bufptr +// ); +// +//sys netLocalGroupGetInfo(serverName *uint16, groupName *uint16, level uint32, bufptr **byte) (status error) = netapi32.NetLocalGroupGetInfo + +// NetLocalGroupGetInfo is a slightly go friendlier wrapper around the NetLocalGroupGetInfo function. Instead of taking in *uint16's, it takes in +// go strings and does the conversion internally. +func NetLocalGroupGetInfo(serverName, groupName string, level uint32, bufPtr **byte) (err error) { + var ( + serverNameUTF16 *uint16 + groupNameUTF16 *uint16 + ) + if serverName != "" { + serverNameUTF16, err = windows.UTF16PtrFromString(serverName) + if err != nil { + return err + } + } + if groupName != "" { + groupNameUTF16, err = windows.UTF16PtrFromString(groupName) + if err != nil { + return err + } + } + return netLocalGroupGetInfo( + serverNameUTF16, + groupNameUTF16, + level, + bufPtr, + ) +} + +// NET_API_STATUS NET_API_FUNCTION NetUserAdd( +// [in] LPCWSTR servername, +// [in] DWORD level, +// [in] LPBYTE buf, +// [out] LPDWORD parm_err +// ); +// +//sys netUserAdd(serverName *uint16, level uint32, buf *byte, parm_err *uint32) (status error) = netapi32.NetUserAdd + +// NetUserAdd is a slightly go friendlier wrapper around the NetUserAdd function. Instead of taking in *uint16's, it takes in +// go strings and does the conversion internally. +func NetUserAdd(serverName string, level uint32, buf *byte, parm_err *uint32) (err error) { + var serverNameUTF16 *uint16 + if serverName != "" { + serverNameUTF16, err = windows.UTF16PtrFromString(serverName) + if err != nil { + return err + } + } + return netUserAdd( + serverNameUTF16, + level, + buf, + parm_err, + ) +} + +// NET_API_STATUS NET_API_FUNCTION NetUserDel( +// [in] LPCWSTR servername, +// [in] LPCWSTR username +// ); +// +//sys netUserDel(serverName *uint16, username *uint16) (status error) = netapi32.NetUserDel + +// NetUserDel is a slightly go friendlier wrapper around the NetUserDel function. Instead of taking in *uint16's, it takes in +// go strings and does the conversion internally. +func NetUserDel(serverName, userName string) (err error) { + var ( + serverNameUTF16 *uint16 + userNameUTF16 *uint16 + ) + if serverName != "" { + serverNameUTF16, err = windows.UTF16PtrFromString(serverName) + if err != nil { + return err + } + } + if userName != "" { + userNameUTF16, err = windows.UTF16PtrFromString(userName) + if err != nil { + return err + } + } + return netUserDel( + serverNameUTF16, + userNameUTF16, + ) +} + +// NET_API_STATUS NET_API_FUNCTION NetLocalGroupAddMembers( +// [in] LPCWSTR servername, +// [in] LPCWSTR groupname, +// [in] DWORD level, +// [in] LPBYTE buf, +// [in] DWORD totalentries +// ); +// +//sys netLocalGroupAddMembers(serverName *uint16, groupName *uint16, level uint32, buf *byte, totalEntries uint32) (status error) = netapi32.NetLocalGroupAddMembers + +// NetLocalGroupAddMembers is a slightly go friendlier wrapper around the NetLocalGroupAddMembers function. Instead of taking in *uint16's, it takes in +// go strings and does the conversion internally. +func NetLocalGroupAddMembers(serverName, groupName string, level uint32, buf *byte, totalEntries uint32) (err error) { + var ( + serverNameUTF16 *uint16 + groupNameUTF16 *uint16 + ) + if serverName != "" { + serverNameUTF16, err = windows.UTF16PtrFromString(serverName) + if err != nil { + return err + } + } + if groupName != "" { + groupNameUTF16, err = windows.UTF16PtrFromString(groupName) + if err != nil { + return err + } + } + return netLocalGroupAddMembers( + serverNameUTF16, + groupNameUTF16, + level, + buf, + totalEntries, + ) +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go index 859b753c2..7b9397484 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go @@ -1,3 +1,5 @@ +//go:build windows + package winapi import ( diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go index d2cc9d9fb..b45fc7de4 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go @@ -1,5 +1,3 @@ -// Package winapi contains various low-level bindings to Windows APIs. It can -// be thought of as an extension to golang.org/x/sys/windows. package winapi -//go:generate go run ..\..\mksyscall_windows.go -output zsyscall_windows.go user.go console.go system.go net.go path.go thread.go jobobject.go logon.go memory.go process.go processor.go devices.go filesystem.go errors.go +//go:generate go run ..\..\mksyscall_windows.go -output zsyscall_windows.go bindflt.go user.go console.go system.go net.go path.go thread.go jobobject.go logon.go memory.go process.go processor.go devices.go filesystem.go errors.go diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go index 1f16cf0b8..6d3f77a64 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go @@ -37,12 +37,19 @@ func errnoErr(e syscall.Errno) error { } var ( - modkernel32 = windows.NewLazySystemDLL("kernel32.dll") - modntdll = windows.NewLazySystemDLL("ntdll.dll") - modiphlpapi = windows.NewLazySystemDLL("iphlpapi.dll") - modadvapi32 = windows.NewLazySystemDLL("advapi32.dll") - modcfgmgr32 = windows.NewLazySystemDLL("cfgmgr32.dll") + modbindfltapi = windows.NewLazySystemDLL("bindfltapi.dll") + modnetapi32 = windows.NewLazySystemDLL("netapi32.dll") + modkernel32 = windows.NewLazySystemDLL("kernel32.dll") + modntdll = windows.NewLazySystemDLL("ntdll.dll") + modiphlpapi = windows.NewLazySystemDLL("iphlpapi.dll") + modadvapi32 = windows.NewLazySystemDLL("advapi32.dll") + modcfgmgr32 = windows.NewLazySystemDLL("cfgmgr32.dll") + procBfSetupFilter = modbindfltapi.NewProc("BfSetupFilter") + procNetLocalGroupGetInfo = modnetapi32.NewProc("NetLocalGroupGetInfo") + procNetUserAdd = modnetapi32.NewProc("NetUserAdd") + procNetUserDel = modnetapi32.NewProc("NetUserDel") + procNetLocalGroupAddMembers = modnetapi32.NewProc("NetLocalGroupAddMembers") procCreatePseudoConsole = modkernel32.NewProc("CreatePseudoConsole") procClosePseudoConsole = modkernel32.NewProc("ClosePseudoConsole") procResizePseudoConsole = modkernel32.NewProc("ResizePseudoConsole") @@ -73,6 +80,52 @@ var ( procRtlNtStatusToDosError = modntdll.NewProc("RtlNtStatusToDosError") ) +func BfSetupFilter(jobHandle windows.Handle, flags uint32, virtRootPath *uint16, virtTargetPath *uint16, virtExceptions **uint16, virtExceptionPathCount uint32) (hr error) { + if hr = procBfSetupFilter.Find(); hr != nil { + return + } + r0, _, _ := syscall.Syscall6(procBfSetupFilter.Addr(), 6, uintptr(jobHandle), uintptr(flags), uintptr(unsafe.Pointer(virtRootPath)), uintptr(unsafe.Pointer(virtTargetPath)), uintptr(unsafe.Pointer(virtExceptions)), uintptr(virtExceptionPathCount)) + if int32(r0) < 0 { + if r0&0x1fff0000 == 0x00070000 { + r0 &= 0xffff + } + hr = syscall.Errno(r0) + } + return +} + +func netLocalGroupGetInfo(serverName *uint16, groupName *uint16, level uint32, bufptr **byte) (status error) { + r0, _, _ := syscall.Syscall6(procNetLocalGroupGetInfo.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(groupName)), uintptr(level), uintptr(unsafe.Pointer(bufptr)), 0, 0) + if r0 != 0 { + status = syscall.Errno(r0) + } + return +} + +func netUserAdd(serverName *uint16, level uint32, buf *byte, parm_err *uint32) (status error) { + r0, _, _ := syscall.Syscall6(procNetUserAdd.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(level), uintptr(unsafe.Pointer(buf)), uintptr(unsafe.Pointer(parm_err)), 0, 0) + if r0 != 0 { + status = syscall.Errno(r0) + } + return +} + +func netUserDel(serverName *uint16, username *uint16) (status error) { + r0, _, _ := syscall.Syscall(procNetUserDel.Addr(), 2, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(username)), 0) + if r0 != 0 { + status = syscall.Errno(r0) + } + return +} + +func netLocalGroupAddMembers(serverName *uint16, groupName *uint16, level uint32, buf *byte, totalEntries uint32) (status error) { + r0, _, _ := syscall.Syscall6(procNetLocalGroupAddMembers.Addr(), 5, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(groupName)), uintptr(level), uintptr(unsafe.Pointer(buf)), uintptr(totalEntries), 0) + if r0 != 0 { + status = syscall.Errno(r0) + } + return +} + func createPseudoConsole(size uint32, hInput windows.Handle, hOutput windows.Handle, dwFlags uint32, hpcon *windows.Handle) (hr error) { r0, _, _ := syscall.Syscall6(procCreatePseudoConsole.Addr(), 5, uintptr(size), uintptr(hInput), uintptr(hOutput), uintptr(dwFlags), uintptr(unsafe.Pointer(hpcon)), 0) if int32(r0) < 0 { @@ -164,14 +217,8 @@ func QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobOb return } -func OpenJobObject(desiredAccess uint32, inheritHandle bool, lpName *uint16) (handle windows.Handle, err error) { - var _p0 uint32 - if inheritHandle { - _p0 = 1 - } else { - _p0 = 0 - } - r0, _, e1 := syscall.Syscall(procOpenJobObjectW.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(lpName))) +func OpenJobObject(desiredAccess uint32, inheritHandle int32, lpName *uint16) (handle windows.Handle, err error) { + r0, _, e1 := syscall.Syscall(procOpenJobObjectW.Addr(), 3, uintptr(desiredAccess), uintptr(inheritHandle), uintptr(unsafe.Pointer(lpName))) handle = windows.Handle(r0) if handle == 0 { if e1 != 0 { diff --git a/vendor/github.com/Microsoft/hcsshim/layer.go b/vendor/github.com/Microsoft/hcsshim/layer.go index 891616370..e323c8308 100644 --- a/vendor/github.com/Microsoft/hcsshim/layer.go +++ b/vendor/github.com/Microsoft/hcsshim/layer.go @@ -1,3 +1,5 @@ +//go:build windows + package hcsshim import ( diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go b/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go index 3ab3bcd89..ecb076616 100644 --- a/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go +++ b/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go @@ -1,3 +1,5 @@ +//go:build windows + package osversion import ( diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/doc.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/doc.go new file mode 100644 index 000000000..f2523af44 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/doc.go @@ -0,0 +1 @@ +package runhcs diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs.go index 64491a70c..1d82f72c6 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( @@ -20,7 +22,7 @@ type Format string const ( none Format = "" - // Text is the default text log ouput. + // Text is the default text log output. Text Format = "text" // JSON is the JSON formatted log output. JSON Format = "json" @@ -140,7 +142,7 @@ func (r *Runhcs) runOrError(cmd *exec.Cmd) error { } status, err := runc.Monitor.Wait(cmd, ec) if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) + err = fmt.Errorf("%s did not terminate successfully", cmd.Args[0]) } return err } @@ -166,7 +168,7 @@ func cmdOutput(cmd *exec.Cmd, combined bool) ([]byte, error) { status, err := runc.Monitor.Wait(cmd, ec) if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) + err = fmt.Errorf("%s did not terminate successfully", cmd.Args[0]) } return b.Bytes(), err diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_create-scratch.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_create-scratch.go index 720386c27..956e4c1f7 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_create-scratch.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_create-scratch.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_create.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_create.go index 20d5d402e..f908de4e2 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_create.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_create.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( @@ -95,7 +97,7 @@ func (r *Runhcs) Create(context context.Context, id, bundle string, opts *Create } status, err := runc.Monitor.Wait(cmd, ec) if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) + err = fmt.Errorf("%s did not terminate successfully", cmd.Args[0]) } return err } diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_delete.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_delete.go index 08b82bbd9..307a1de5c 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_delete.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_delete.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_exec.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_exec.go index 090a0a31f..a85ee66f7 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_exec.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_exec.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( @@ -82,7 +84,7 @@ func (r *Runhcs) Exec(context context.Context, id, processFile string, opts *Exe } status, err := runc.Monitor.Wait(cmd, ec) if err == nil && status != 0 { - err = fmt.Errorf("%s did not terminate sucessfully", cmd.Args[0]) + err = fmt.Errorf("%s did not terminate successfully", cmd.Args[0]) } return err } diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_kill.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_kill.go index 021e5b16f..8480c6492 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_kill.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_kill.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_list.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_list.go index 3b9208017..d7e88a2f0 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_list.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_list.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_pause.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_pause.go index 56392fa43..93ec1e877 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_pause.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_pause.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_ps.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_ps.go index 4dc9f144f..b60dabe8f 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_ps.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_ps.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_resize-tty.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_resize-tty.go index b9f90491d..016b94805 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_resize-tty.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_resize-tty.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_resume.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_resume.go index 1fdeb87d9..0116d0a2d 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_resume.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_resume.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_start.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_start.go index ad3df746a..98de529de 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_start.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_start.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_state.go b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_state.go index b22bb079c..cc18801ec 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_state.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_state.go @@ -1,3 +1,5 @@ +//go:build windows + package runhcs import ( diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/doc.go b/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/doc.go new file mode 100644 index 000000000..0ec1aa05c --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/doc.go @@ -0,0 +1,3 @@ +// Package ociwclayer provides functions for importing and exporting Windows +// container layers from and to their OCI tar representation. +package ociwclayer diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/export.go b/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/export.go index e3f1be333..baa2dff3e 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/export.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/export.go @@ -1,5 +1,5 @@ -// Package ociwclayer provides functions for importing and exporting Windows -// container layers from and to their OCI tar representation. +//go:build windows + package ociwclayer import ( @@ -9,11 +9,9 @@ import ( "path/filepath" "github.com/Microsoft/go-winio/backuptar" - "github.com/Microsoft/hcsshim" + "github.com/Microsoft/hcsshim/internal/wclayer" ) -var driverInfo = hcsshim.DriverInfo{} - // ExportLayerToTar writes an OCI layer tar stream from the provided on-disk layer. // The caller must specify the parent layers, if any, ordered from lowest to // highest layer. @@ -21,25 +19,25 @@ var driverInfo = hcsshim.DriverInfo{} // The layer will be mounted for this process, so the caller should ensure that // it is not currently mounted. func ExportLayerToTar(ctx context.Context, w io.Writer, path string, parentLayerPaths []string) error { - err := hcsshim.ActivateLayer(driverInfo, path) + err := wclayer.ActivateLayer(ctx, path) if err != nil { return err } defer func() { - _ = hcsshim.DeactivateLayer(driverInfo, path) + _ = wclayer.DeactivateLayer(ctx, path) }() // Prepare and unprepare the layer to ensure that it has been initialized. - err = hcsshim.PrepareLayer(driverInfo, path, parentLayerPaths) + err = wclayer.PrepareLayer(ctx, path, parentLayerPaths) if err != nil { return err } - err = hcsshim.UnprepareLayer(driverInfo, path) + err = wclayer.UnprepareLayer(ctx, path) if err != nil { return err } - r, err := hcsshim.NewLayerReader(driverInfo, path, parentLayerPaths) + r, err := wclayer.NewLayerReader(ctx, path, parentLayerPaths) if err != nil { return err } @@ -52,7 +50,7 @@ func ExportLayerToTar(ctx context.Context, w io.Writer, path string, parentLayer return cerr } -func writeTarFromLayer(ctx context.Context, r hcsshim.LayerReader, w io.Writer) error { +func writeTarFromLayer(ctx context.Context, r wclayer.LayerReader, w io.Writer) error { t := tar.NewWriter(w) for { select { diff --git a/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/import.go b/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/import.go index e74a6b594..c9fb6df27 100644 --- a/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/import.go +++ b/vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/import.go @@ -1,3 +1,5 @@ +//go:build windows + package ociwclayer import ( @@ -12,7 +14,7 @@ import ( winio "github.com/Microsoft/go-winio" "github.com/Microsoft/go-winio/backuptar" - "github.com/Microsoft/hcsshim" + "github.com/Microsoft/hcsshim/internal/wclayer" ) const whiteoutPrefix = ".wh." @@ -41,7 +43,7 @@ func ImportLayerFromTar(ctx context.Context, r io.Reader, path string, parentLay if err != nil { return 0, err } - w, err := hcsshim.NewLayerWriter(hcsshim.DriverInfo{}, path, parentLayerPaths) + w, err := wclayer.NewLayerWriter(ctx, path, parentLayerPaths) if err != nil { return 0, err } @@ -56,7 +58,7 @@ func ImportLayerFromTar(ctx context.Context, r io.Reader, path string, parentLay return n, nil } -func writeLayerFromTar(ctx context.Context, r io.Reader, w hcsshim.LayerWriter, root string) (int64, error) { +func writeLayerFromTar(ctx context.Context, r io.Reader, w wclayer.LayerWriter, root string) (int64, error) { t := tar.NewReader(r) hdr, err := t.Next() totalSize := int64(0) diff --git a/vendor/github.com/Microsoft/hcsshim/process.go b/vendor/github.com/Microsoft/hcsshim/process.go index 3362c6833..44df91cde 100644 --- a/vendor/github.com/Microsoft/hcsshim/process.go +++ b/vendor/github.com/Microsoft/hcsshim/process.go @@ -1,3 +1,5 @@ +//go:build windows + package hcsshim import ( diff --git a/vendor/github.com/google/uuid/null.go b/vendor/github.com/google/uuid/null.go new file mode 100644 index 000000000..d7fcbf286 --- /dev/null +++ b/vendor/github.com/google/uuid/null.go @@ -0,0 +1,118 @@ +// Copyright 2021 Google Inc. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package uuid + +import ( + "bytes" + "database/sql/driver" + "encoding/json" + "fmt" +) + +var jsonNull = []byte("null") + +// NullUUID represents a UUID that may be null. +// NullUUID implements the SQL driver.Scanner interface so +// it can be used as a scan destination: +// +// var u uuid.NullUUID +// err := db.QueryRow("SELECT name FROM foo WHERE id=?", id).Scan(&u) +// ... +// if u.Valid { +// // use u.UUID +// } else { +// // NULL value +// } +// +type NullUUID struct { + UUID UUID + Valid bool // Valid is true if UUID is not NULL +} + +// Scan implements the SQL driver.Scanner interface. +func (nu *NullUUID) Scan(value interface{}) error { + if value == nil { + nu.UUID, nu.Valid = Nil, false + return nil + } + + err := nu.UUID.Scan(value) + if err != nil { + nu.Valid = false + return err + } + + nu.Valid = true + return nil +} + +// Value implements the driver Valuer interface. +func (nu NullUUID) Value() (driver.Value, error) { + if !nu.Valid { + return nil, nil + } + // Delegate to UUID Value function + return nu.UUID.Value() +} + +// MarshalBinary implements encoding.BinaryMarshaler. +func (nu NullUUID) MarshalBinary() ([]byte, error) { + if nu.Valid { + return nu.UUID[:], nil + } + + return []byte(nil), nil +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler. +func (nu *NullUUID) UnmarshalBinary(data []byte) error { + if len(data) != 16 { + return fmt.Errorf("invalid UUID (got %d bytes)", len(data)) + } + copy(nu.UUID[:], data) + nu.Valid = true + return nil +} + +// MarshalText implements encoding.TextMarshaler. +func (nu NullUUID) MarshalText() ([]byte, error) { + if nu.Valid { + return nu.UUID.MarshalText() + } + + return jsonNull, nil +} + +// UnmarshalText implements encoding.TextUnmarshaler. +func (nu *NullUUID) UnmarshalText(data []byte) error { + id, err := ParseBytes(data) + if err != nil { + nu.Valid = false + return err + } + nu.UUID = id + nu.Valid = true + return nil +} + +// MarshalJSON implements json.Marshaler. +func (nu NullUUID) MarshalJSON() ([]byte, error) { + if nu.Valid { + return json.Marshal(nu.UUID) + } + + return jsonNull, nil +} + +// UnmarshalJSON implements json.Unmarshaler. +func (nu *NullUUID) UnmarshalJSON(data []byte) error { + if bytes.Equal(data, jsonNull) { + *nu = NullUUID{} + return nil // valid null UUID + } + err := json.Unmarshal(data, &nu.UUID) + nu.Valid = err == nil + return err +} diff --git a/vendor/github.com/google/uuid/uuid.go b/vendor/github.com/google/uuid/uuid.go index 60d26bb50..a57207aeb 100644 --- a/vendor/github.com/google/uuid/uuid.go +++ b/vendor/github.com/google/uuid/uuid.go @@ -12,6 +12,7 @@ import ( "fmt" "io" "strings" + "sync" ) // A UUID is a 128 bit (16 byte) Universal Unique IDentifier as defined in RFC @@ -33,7 +34,15 @@ const ( Future // Reserved for future definition. ) -var rander = rand.Reader // random function +const randPoolSize = 16 * 16 + +var ( + rander = rand.Reader // random function + poolEnabled = false + poolMu sync.Mutex + poolPos = randPoolSize // protected with poolMu + pool [randPoolSize]byte // protected with poolMu +) type invalidLengthError struct{ len int } @@ -41,6 +50,12 @@ func (err invalidLengthError) Error() string { return fmt.Sprintf("invalid UUID length: %d", err.len) } +// IsInvalidLengthError is matcher function for custom error invalidLengthError +func IsInvalidLengthError(err error) bool { + _, ok := err.(invalidLengthError) + return ok +} + // Parse decodes s into a UUID or returns an error. Both the standard UUID // forms of xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and // urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx are decoded as well as the @@ -249,3 +264,31 @@ func SetRand(r io.Reader) { } rander = r } + +// EnableRandPool enables internal randomness pool used for Random +// (Version 4) UUID generation. The pool contains random bytes read from +// the random number generator on demand in batches. Enabling the pool +// may improve the UUID generation throughput significantly. +// +// Since the pool is stored on the Go heap, this feature may be a bad fit +// for security sensitive applications. +// +// Both EnableRandPool and DisableRandPool are not thread-safe and should +// only be called when there is no possibility that New or any other +// UUID Version 4 generation function will be called concurrently. +func EnableRandPool() { + poolEnabled = true +} + +// DisableRandPool disables the randomness pool if it was previously +// enabled with EnableRandPool. +// +// Both EnableRandPool and DisableRandPool are not thread-safe and should +// only be called when there is no possibility that New or any other +// UUID Version 4 generation function will be called concurrently. +func DisableRandPool() { + poolEnabled = false + defer poolMu.Unlock() + poolMu.Lock() + poolPos = randPoolSize +} diff --git a/vendor/github.com/google/uuid/version4.go b/vendor/github.com/google/uuid/version4.go index 86160fbd0..7697802e4 100644 --- a/vendor/github.com/google/uuid/version4.go +++ b/vendor/github.com/google/uuid/version4.go @@ -27,6 +27,8 @@ func NewString() string { // The strength of the UUIDs is based on the strength of the crypto/rand // package. // +// Uses the randomness pool if it was enabled with EnableRandPool. +// // A note about uniqueness derived from the UUID Wikipedia entry: // // Randomly generated UUIDs have 122 random bits. One's annual risk of being @@ -35,7 +37,10 @@ func NewString() string { // equivalent to the odds of creating a few tens of trillions of UUIDs in a // year and having one duplicate. func NewRandom() (UUID, error) { - return NewRandomFromReader(rander) + if !poolEnabled { + return NewRandomFromReader(rander) + } + return newRandomFromPool() } // NewRandomFromReader returns a UUID based on bytes read from a given io.Reader. @@ -49,3 +54,23 @@ func NewRandomFromReader(r io.Reader) (UUID, error) { uuid[8] = (uuid[8] & 0x3f) | 0x80 // Variant is 10 return uuid, nil } + +func newRandomFromPool() (UUID, error) { + var uuid UUID + poolMu.Lock() + if poolPos == randPoolSize { + _, err := io.ReadFull(rander, pool[:]) + if err != nil { + poolMu.Unlock() + return Nil, err + } + poolPos = 0 + } + copy(uuid[:], pool[poolPos:(poolPos+16)]) + poolPos += 16 + poolMu.Unlock() + + uuid[6] = (uuid[6] & 0x0f) | 0x40 // Version 4 + uuid[8] = (uuid[8] & 0x3f) | 0x80 // Variant is 10 + return uuid, nil +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 332b55d7d..ef2fce547 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -11,8 +11,8 @@ github.com/Microsoft/go-winio/pkg/fs github.com/Microsoft/go-winio/pkg/guid github.com/Microsoft/go-winio/pkg/security github.com/Microsoft/go-winio/vhd -# github.com/Microsoft/hcsshim v0.9.4 -## explicit; go 1.13 +# github.com/Microsoft/hcsshim v0.10.0-rc.1 +## explicit; go 1.18 github.com/Microsoft/hcsshim github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats @@ -34,12 +34,15 @@ github.com/Microsoft/hcsshim/internal/jobobject github.com/Microsoft/hcsshim/internal/log github.com/Microsoft/hcsshim/internal/logfields github.com/Microsoft/hcsshim/internal/longpath +github.com/Microsoft/hcsshim/internal/memory github.com/Microsoft/hcsshim/internal/mergemaps github.com/Microsoft/hcsshim/internal/oc +github.com/Microsoft/hcsshim/internal/protocol/guestrequest github.com/Microsoft/hcsshim/internal/queue github.com/Microsoft/hcsshim/internal/regstate github.com/Microsoft/hcsshim/internal/runhcs github.com/Microsoft/hcsshim/internal/safefile +github.com/Microsoft/hcsshim/internal/security github.com/Microsoft/hcsshim/internal/timeout github.com/Microsoft/hcsshim/internal/vmcompute github.com/Microsoft/hcsshim/internal/wclayer @@ -234,7 +237,7 @@ github.com/google/go-cmp/cmp/internal/value ## explicit; go 1.12 github.com/google/gofuzz github.com/google/gofuzz/bytesource -# github.com/google/uuid v1.2.0 +# github.com/google/uuid v1.3.0 ## explicit github.com/google/uuid # github.com/grpc-ecosystem/go-grpc-middleware v1.3.0