Update cri and docker vendors

Update cri and docker to recent commits for mips enablement

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>

vendor.conf

@@ -52,13 +52,13 @@ github.com/russross/blackfriday v1.5.2
 github.com/google/uuid v1.1.1
 
 # cri dependencies
-github.com/containerd/cri 8ce2ad6b7c9a83f830684d1025034fb3ad2ec375 # master
+github.com/containerd/cri c9d45e65263e26f7e7f0ac8fdca0d510622f12cb # master
 github.com/containerd/go-cni 0d360c50b10b350b6bb23863fd4dfb1c232b01c9
 github.com/containernetworking/cni v0.7.1
 github.com/containernetworking/plugins v0.7.6
 github.com/davecgh/go-spew v1.1.1
 github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
-github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00
+github.com/docker/docker d1d5f6476656c6aad457e2a91d3436e66b6f2251
 github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528
 github.com/emicklei/go-restful v2.9.5
 github.com/google/gofuzz v1.0.0

vendor/github.com/containerd/cri/README.md

@@ -35,22 +35,18 @@ See [test dashboard](https://k8s-testgrid.appspot.com/sig-node-containerd)
 |:----------------------:|:------------------:|:------------------:|:-----------:|
 |     v1.0.0-alpha.x     |                    |      1.7, 1.8      |   v1alpha1  |
 |      v1.0.0-beta.x     |                    |        1.9         |   v1alpha1  |
-|       End-Of-Life      |        v1.1        |        1.10+       |   v1alpha2  |
+|       End-Of-Life      | v1.1 (End-Of-Life) |        1.10+       |   v1alpha2  |
 |                        |        v1.2        |        1.10+       |   v1alpha2  |
-|                        |        HEAD        |        1.10+       |   v1alpha2  |
+|                        |        v1.3        |        1.12+       |   v1alpha2  |
 
 **Note:** The support table above specifies the Kubernetes Version that was supported at time of release of the containerd - cri integration.
 
-The following is the current support table for containerd CRI integration taking into account that Kubernetes only supports n-3 minor release versions and 1.10 and 1.11 are now end-of-life.
+The following is the current support table for containerd CRI integration taking into account that Kubernetes only supports n-3 minor release versions.
 
 | Containerd Version | Kubernetes Version | CRI Version |
 |:------------------:|:------------------:|:-----------:|
-|        v1.1        |        1.12+       |   v1alpha2  |
+|        v1.2        |        1.14+       |   v1alpha2  |
-|        v1.2        |        1.12+       |   v1alpha2  |
+|        v1.3        |        1.14+       |   v1alpha2  |
-|        HEAD        |        1.12+       |   v1alpha2  |
-
-***Although not recommended, if you still plan to use containerd 1.2+ with Kubernetes
-<=1.11, please be sure to set `disable_proc_mount=true`.***
 
 ## Production Quality Cluster on GCE
 For a production quality cluster on GCE brought up with `kube-up.sh` refer [here](docs/kube-up.md).

vendor/github.com/containerd/cri/pkg/containerd/opts/spec_windows.go

@@ -77,8 +77,7 @@ func WithWindowsMounts(osi osinterface.OS, config *runtime.ContainerConfig, extr
 		sort.Sort(orderedMounts(mounts))
 
 		// Copy all mounts from default mounts, except for
-		// - mounts overridden by supplied mount;
+		// mounts overridden by supplied mount;
-		// - all mounts under /dev if a supplied /dev is present.
 		mountSet := make(map[string]struct{})
 		for _, m := range mounts {
 			mountSet[filepath.Clean(m.ContainerPath)] = struct{}{}
@@ -123,8 +122,9 @@ func WithWindowsMounts(osi osinterface.OS, config *runtime.ContainerConfig, extr
 				options = append(options, "rw")
 			}
 			s.Mounts = append(s.Mounts, runtimespec.Mount{
-				Source:      src,
+				// hcsshim requires clean path, especially '/' -> '\'.
-				Destination: dst,
+				Source:      filepath.Clean(src),
+				Destination: filepath.Clean(dst),
 				Options:     options,
 			})
 		}

vendor/github.com/containerd/cri/pkg/server/container_stats_list_windows.go

@@ -19,7 +19,10 @@ limitations under the License.
 package server
 
 import (
+	wstats "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats"
 	"github.com/containerd/containerd/api/types"
+	"github.com/containerd/typeurl"
+	"github.com/pkg/errors"
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
 
 	containerstore "github.com/containerd/cri/pkg/store/container"
@@ -53,8 +56,29 @@ func (c *criService) containerMetrics(
 		Annotations: meta.Config.GetAnnotations(),
 	}
 
-	// TODO(windows): hcsshim Stats is not implemented, add windows support after
+	if stats != nil {
-	// that is implemented.
+		s, err := typeurl.UnmarshalAny(stats.Data)
-
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to extract container metrics")
+		}
+		wstats := s.(*wstats.Statistics).GetWindows()
+		if wstats == nil {
+			return nil, errors.New("windows stats is empty")
+		}
+		if wstats.Processor != nil {
+			cs.Cpu = &runtime.CpuUsage{
+				Timestamp:            wstats.Timestamp.UnixNano(),
+				UsageCoreNanoSeconds: &runtime.UInt64Value{Value: wstats.Processor.TotalRuntimeNS},
+			}
+		}
+		if wstats.Memory != nil {
+			cs.Memory = &runtime.MemoryUsage{
+				Timestamp: wstats.Timestamp.UnixNano(),
+				WorkingSetBytes: &runtime.UInt64Value{
+					Value: wstats.Memory.MemoryUsagePrivateWorkingSetBytes,
+				},
+			}
+		}
+	}
 	return &cs, nil
 }

vendor/github.com/containerd/cri/pkg/server/image_pull.go

@@ -346,6 +346,17 @@ func (c *criService) registryHosts(auth *runtime.AuthConfig) docker.RegistryHost
 	}
 }
 
+// defaultScheme returns the default scheme for a registry host.
+func defaultScheme(host string) string {
+	if h, _, err := net.SplitHostPort(host); err == nil {
+		host = h
+	}
+	if host == "localhost" || host == "127.0.0.1" || host == "::1" {
+		return "http"
+	}
+	return "https"
+}
+
 // registryEndpoints returns endpoints for a given host.
 // It adds default registry endpoint if it does not exist in the passed-in endpoint list.
 // It also supports wildcard host matching with `*`.
@@ -371,7 +382,7 @@ func (c *criService) registryEndpoints(host string) ([]string, error) {
 			return endpoints, nil
 		}
 	}
-	return append(endpoints, "https://"+defaultHost), nil
+	return append(endpoints, defaultScheme(defaultHost)+"://"+defaultHost), nil
 }
 
 // newTransport returns a new HTTP transport used to pull image.

vendor/github.com/containerd/cri/vendor.conf

@@ -1,7 +1,7 @@
 # cri dependencies
 github.com/tchap/go-patricia v2.2.6
 github.com/opencontainers/selinux v1.2.2
-github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00
+github.com/docker/docker d1d5f6476656c6aad457e2a91d3436e66b6f2251
 github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
 
 # containerd dependencies
@@ -10,7 +10,7 @@ go.etcd.io/bbolt v1.3.3
 google.golang.org/grpc 6eaf6f47437a6b4e2153a190160ef39a92c7eceb # v1.23.0
 google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
 golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
-golang.org/x/sys fb81701db80f1745f51259b1f286de3fe2ec80c8 https://github.com/golang/sys # TODO(windows): update this in containerd/containerd
+golang.org/x/sys c990c680b611ac1aeb7d8f2af94a825f98d69720 https://github.com/golang/sys # TODO(windows): update this in containerd/containerd
 golang.org/x/sync 42b317875d0fa942474b76e1b46a6060d720ae6e
 golang.org/x/net f3200d17e092c607f615320ecaad13d87ad9a2b3
 github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c
@@ -44,11 +44,11 @@ github.com/containerd/ttrpc 92c8520ef9f86600c650dd540266a007bf03670f
 github.com/containerd/go-runc 9007c2405372fe28918845901a3276c0915689a1
 github.com/containerd/fifo bda0ff6ed73c67bfb5e62bc9c697f146b7fd7f13
 github.com/containerd/continuity f2a389ac0a02ce21c09edd7344677a601970f41c
-github.com/containerd/containerd a6a0c8b6e36415a151d93d096c1c0af9e0bd7977
+github.com/containerd/containerd 383f4a77eeb726e0b7da491c70ad22b10f3b2bff
 github.com/containerd/console 0650fd9eeb50bab4fc99dceb9f2e14cf58f36e7f
 github.com/containerd/cgroups abd0b19954a6b05e0963f48427062d1481b7faad
 github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
-github.com/Microsoft/hcsshim c088f411aaf3585d8dffc9deb4289ffa32854497 # TODO(windows): update this in containerd/containerd
+github.com/Microsoft/hcsshim d2849cbdb9dfe5f513292a9610ca2eb734cdd1e7
 github.com/Microsoft/go-winio v0.4.14
 github.com/BurntSushi/toml v0.3.1
 

vendor/github.com/docker/docker/LICENSE

@@ -176,7 +176,7 @@
 
    END OF TERMS AND CONDITIONS
 
-   Copyright 2013-2017 Docker, Inc.
+   Copyright 2013-2018 Docker, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

vendor/github.com/docker/docker/NOTICE

@@ -3,7 +3,7 @@ Copyright 2012-2017 Docker, Inc.
 
 This product includes software developed at Docker, Inc. (https://www.docker.com).
 
-This product contains software (https://github.com/kr/pty) developed
+This product contains software (https://github.com/creack/pty) developed
 by Keith Rarick, licensed under the MIT License.
 
 The following is courtesy of our legal counsel:

vendor/github.com/docker/docker/pkg/README.md

@@ -1,8 +1,8 @@
-pkg/ is a collection of utility packages used by the Docker project without being specific to its internals.
+pkg/ is a collection of utility packages used by the Moby project without being specific to its internals.
 
-Utility packages are kept separate from the docker core codebase to keep it as small and concise as possible.
+Utility packages are kept separate from the moby core codebase to keep it as small and concise as possible.
 If some utilities grow larger and their APIs stabilize, they may be moved to their own repository under the
-Docker organization, to facilitate re-use by other projects. However that is not the priority.
+Moby organization, to facilitate re-use by other projects. However that is not the priority.
 
 The directory `pkg` is named after the same directory in the camlistore project. Since Brad is a core
 Go maintainer, we thought it made sense to copy his methods for organizing Go code :) Thanks Brad!

vendor/github.com/docker/docker/pkg/longpath/longpath.go

@@ -2,7 +2,7 @@
 // in Windows, which are expected to be prepended with `\\?\` and followed by either
 // a drive letter, a UNC server\share, or a volume identifier.
 
-package longpath
+package longpath // import "github.com/docker/docker/pkg/longpath"
 
 import (
 	"strings"

vendor/github.com/docker/docker/pkg/mount/flags.go

@@ -1,4 +1,4 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
 	"fmt"
@@ -135,15 +135,3 @@ func parseOptions(options string) (int, string) {
 	}
 	return flag, strings.Join(data, ",")
 }
-
-// ParseTmpfsOptions parse fstab type mount options into flags and data
-func ParseTmpfsOptions(options string) (int, string, error) {
-	flags, data := parseOptions(options)
-	for _, o := range strings.Split(data, ",") {
-		opt := strings.SplitN(o, "=", 2)
-		if !validFlags[opt[0]] {
-			return 0, "", fmt.Errorf("Invalid tmpfs option %q", opt)
-		}
-	}
-	return flags, data, nil
-}

vendor/github.com/docker/docker/pkg/mount/flags_freebsd.go

@@ -1,6 +1,6 @@
 // +build freebsd,cgo
 
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 /*
 #include <sys/mount.h>

vendor/github.com/docker/docker/pkg/mount/flags_linux.go

@@ -1,4 +1,4 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
 	"golang.org/x/sys/unix"

vendor/github.com/docker/docker/pkg/mount/flags_unsupported.go

@@ -1,6 +1,6 @@
-// +build !linux,!freebsd freebsd,!cgo solaris,!cgo
+// +build !linux,!freebsd freebsd,!cgo
 
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 // These flags are unsupported.
 const (

vendor/github.com/docker/docker/pkg/mount/mount.go

@@ -1,30 +1,100 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
 	"sort"
+	"strconv"
 	"strings"
+
+	"github.com/sirupsen/logrus"
 )
 
-// GetMounts retrieves a list of mounts for the current running process.
+// mountError records an error from mount or unmount operation
-func GetMounts() ([]*Info, error) {
+type mountError struct {
-	return parseMountTable()
+	op             string
+	source, target string
+	flags          uintptr
+	data           string
+	err            error
+}
+
+func (e *mountError) Error() string {
+	out := e.op + " "
+
+	if e.source != "" {
+		out += e.source + ":" + e.target
+	} else {
+		out += e.target
+	}
+
+	if e.flags != uintptr(0) {
+		out += ", flags: 0x" + strconv.FormatUint(uint64(e.flags), 16)
+	}
+	if e.data != "" {
+		out += ", data: " + e.data
+	}
+
+	out += ": " + e.err.Error()
+	return out
+}
+
+// Cause returns the underlying cause of the error
+func (e *mountError) Cause() error {
+	return e.err
+}
+
+// FilterFunc is a type defining a callback function
+// to filter out unwanted entries. It takes a pointer
+// to an Info struct (not fully populated, currently
+// only Mountpoint is filled in), and returns two booleans:
+//  - skip: true if the entry should be skipped
+//  - stop: true if parsing should be stopped after the entry
+type FilterFunc func(*Info) (skip, stop bool)
+
+// PrefixFilter discards all entries whose mount points
+// do not start with a prefix specified
+func PrefixFilter(prefix string) FilterFunc {
+	return func(m *Info) (bool, bool) {
+		skip := !strings.HasPrefix(m.Mountpoint, prefix)
+		return skip, false
+	}
+}
+
+// SingleEntryFilter looks for a specific entry
+func SingleEntryFilter(mp string) FilterFunc {
+	return func(m *Info) (bool, bool) {
+		if m.Mountpoint == mp {
+			return false, true // don't skip, stop now
+		}
+		return true, false // skip, keep going
+	}
+}
+
+// ParentsFilter returns all entries whose mount points
+// can be parents of a path specified, discarding others.
+// For example, given `/var/lib/docker/something`, entries
+// like `/var/lib/docker`, `/var` and `/` are returned.
+func ParentsFilter(path string) FilterFunc {
+	return func(m *Info) (bool, bool) {
+		skip := !strings.HasPrefix(path, m.Mountpoint)
+		return skip, false
+	}
+}
+
+// GetMounts retrieves a list of mounts for the current running process,
+// with an optional filter applied (use nil for no filter).
+func GetMounts(f FilterFunc) ([]*Info, error) {
+	return parseMountTable(f)
 }
 
 // Mounted determines if a specified mountpoint has been mounted.
-// On Linux it looks at /proc/self/mountinfo and on Solaris at mnttab.
+// On Linux it looks at /proc/self/mountinfo.
 func Mounted(mountpoint string) (bool, error) {
-	entries, err := parseMountTable()
+	entries, err := GetMounts(SingleEntryFilter(mountpoint))
 	if err != nil {
 		return false, err
 	}
 
-	// Search the table for the mountpoint
+	return len(entries) > 0, nil
-	for _, e := range entries {
-		if e.Mountpoint == mountpoint {
-			return true, nil
-		}
-	}
-	return false, nil
 }
 
 // Mount will mount filesystem according to the specified configuration, on the
@@ -32,13 +102,13 @@ func Mounted(mountpoint string) (bool, error) {
 // specified like the mount or fstab unix commands: "opt1=val1,opt2=val2". See
 // flags.go for supported option flags.
 func Mount(device, target, mType, options string) error {
-	flag, _ := parseOptions(options)
+	flag, data := parseOptions(options)
 	if flag&REMOUNT != REMOUNT {
 		if mounted, err := Mounted(target); err != nil || mounted {
 			return err
 		}
 	}
-	return ForceMount(device, target, mType, options)
+	return mount(device, target, mType, uintptr(flag), data)
 }
 
 // ForceMount will mount a filesystem according to the specified configuration,
@@ -53,34 +123,37 @@ func ForceMount(device, target, mType, options string) error {
 // Unmount lazily unmounts a filesystem on supported platforms, otherwise
 // does a normal unmount.
 func Unmount(target string) error {
-	if mounted, err := Mounted(target); err != nil || !mounted {
-		return err
-	}
 	return unmount(target, mntDetach)
 }
 
 // RecursiveUnmount unmounts the target and all mounts underneath, starting with
 // the deepsest mount first.
 func RecursiveUnmount(target string) error {
-	mounts, err := GetMounts()
+	mounts, err := parseMountTable(PrefixFilter(target))
 	if err != nil {
 		return err
 	}
 
 	// Make the deepest mount be first
-	sort.Sort(sort.Reverse(byMountpoint(mounts)))
+	sort.Slice(mounts, func(i, j int) bool {
+		return len(mounts[i].Mountpoint) > len(mounts[j].Mountpoint)
+	})
 
 	for i, m := range mounts {
-		if !strings.HasPrefix(m.Mountpoint, target) {
+		logrus.Debugf("Trying to unmount %s", m.Mountpoint)
-			continue
+		err = unmount(m.Mountpoint, mntDetach)
-		}
+		if err != nil {
-		if err := Unmount(m.Mountpoint); err != nil && i == len(mounts)-1 {
+			if i == len(mounts)-1 { // last mount
-			if mounted, err := Mounted(m.Mountpoint); err != nil || mounted {
+				if mounted, e := Mounted(m.Mountpoint); e != nil || mounted {
 					return err
 				}
-			// Ignore errors for submounts and continue trying to unmount others
+			} else {
-			// The final unmount should fail if there ane any submounts remaining
+				// This is some submount, we can ignore this error for now, the final unmount will fail if this is a real problem
+				logrus.WithError(err).Warnf("Failed to unmount submount %s", m.Mountpoint)
 			}
 		}
+
+		logrus.Debugf("Unmounted %s", m.Mountpoint)
+	}
 	return nil
 }

vendor/github.com/docker/docker/pkg/mount/mounter_freebsd.go

@@ -1,4 +1,4 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 /*
 #include <errno.h>
@@ -11,11 +11,9 @@ package mount
 import "C"
 
 import (
-	"fmt"
 	"strings"
+	"syscall"
 	"unsafe"
-
-	"golang.org/x/sys/unix"
 )
 
 func allocateIOVecs(options []string) []C.struct_iovec {
@@ -49,12 +47,13 @@ func mount(device, target, mType string, flag uintptr, data string) error {
 	}
 
 	if errno := C.nmount(&rawOptions[0], C.uint(len(options)), C.int(flag)); errno != 0 {
-		reason := C.GoString(C.strerror(*C.__error()))
+		return &mountError{
-		return fmt.Errorf("Failed to call nmount: %s", reason)
+			op:     "mount",
+			source: device,
+			target: target,
+			flags:  flag,
+			err:    syscall.Errno(errno),
+		}
 	}
 	return nil
 }
-
-func unmount(target string, flag int) error {
-	return unix.Unmount(target, flag)
-}

vendor/github.com/docker/docker/pkg/mount/mounter_linux.go

@@ -1,4 +1,4 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
 	"golang.org/x/sys/unix"
@@ -33,25 +33,41 @@ func mount(device, target, mType string, flags uintptr, data string) error {
 		// Initial call applying all non-propagation flags for mount
 		// or remount with changed data
 		if err := unix.Mount(device, target, mType, oflags, data); err != nil {
-			return err
+			return &mountError{
+				op:     "mount",
+				source: device,
+				target: target,
+				flags:  oflags,
+				data:   data,
+				err:    err,
+			}
 		}
 	}
 
 	if flags&ptypes != 0 {
 		// Change the propagation type.
 		if err := unix.Mount("", target, "", flags&pflags, ""); err != nil {
-			return err
+			return &mountError{
+				op:     "remount",
+				target: target,
+				flags:  flags & pflags,
+				err:    err,
+			}
 		}
 	}
 
 	if oflags&broflags == broflags {
 		// Remount the bind to apply read only.
-		return unix.Mount("", target, "", oflags|unix.MS_REMOUNT, "")
+		if err := unix.Mount("", target, "", oflags|unix.MS_REMOUNT, ""); err != nil {
+			return &mountError{
+				op:     "remount-ro",
+				target: target,
+				flags:  oflags | unix.MS_REMOUNT,
+				err:    err,
+			}
+
+		}
 	}
 
 	return nil
 }
-
-func unmount(target string, flag int) error {
-	return unix.Unmount(target, flag)
-}

vendor/github.com/docker/docker/pkg/mount/mounter_solaris.go

@@ -1,34 +0,0 @@
-// +build solaris,cgo
-
-package mount
-
-import (
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-// #include <stdlib.h>
-// #include <stdio.h>
-// #include <sys/mount.h>
-// int Mount(const char *spec, const char *dir, int mflag,
-// char *fstype, char *dataptr, int datalen, char *optptr, int optlen) {
-//     return mount(spec, dir, mflag, fstype, dataptr, datalen, optptr, optlen);
-// }
-import "C"
-
-func mount(device, target, mType string, flag uintptr, data string) error {
-	spec := C.CString(device)
-	dir := C.CString(target)
-	fstype := C.CString(mType)
-	_, err := C.Mount(spec, dir, C.int(flag), fstype, nil, 0, nil, 0)
-	C.free(unsafe.Pointer(spec))
-	C.free(unsafe.Pointer(dir))
-	C.free(unsafe.Pointer(fstype))
-	return err
-}
-
-func unmount(target string, flag int) error {
-	err := unix.Unmount(target, flag)
-	return err
-}

vendor/github.com/docker/docker/pkg/mount/mounter_unsupported.go

@@ -1,11 +1,7 @@
-// +build !linux,!freebsd,!solaris freebsd,!cgo solaris,!cgo
+// +build !linux,!freebsd freebsd,!cgo
 
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 func mount(device, target, mType string, flag uintptr, data string) error {
 	panic("Not implemented")
 }
-
-func unmount(target string, flag int) error {
-	panic("Not implemented")
-}

vendor/github.com/docker/docker/pkg/mount/mountinfo.go

@@ -1,4 +1,4 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 // Info reveals information about a particular mounted filesystem. This
 // struct is populated from the content in the /proc/<pid>/mountinfo file.
@@ -38,17 +38,3 @@ type Info struct {
 	// VfsOpts represents per super block options.
 	VfsOpts string
 }
-
-type byMountpoint []*Info
-
-func (by byMountpoint) Len() int {
-	return len(by)
-}
-
-func (by byMountpoint) Less(i, j int) bool {
-	return by[i].Mountpoint < by[j].Mountpoint
-}
-
-func (by byMountpoint) Swap(i, j int) {
-	by[i], by[j] = by[j], by[i]
-}

vendor/github.com/docker/docker/pkg/mount/mountinfo_freebsd.go

@@ -1,4 +1,4 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 /*
 #include <sys/param.h>
@@ -13,9 +13,8 @@ import (
 	"unsafe"
 )
 
-// Parse /proc/self/mountinfo because comparing Dev and ino does not work from
+//parseMountTable returns information about mounted filesystems
-// bind mounts.
+func parseMountTable(filter FilterFunc) ([]*Info, error) {
-func parseMountTable() ([]*Info, error) {
 	var rawEntries *C.struct_statfs
 
 	count := int(C.getmntinfo(&rawEntries, C.MNT_WAIT))
@@ -32,10 +31,24 @@ func parseMountTable() ([]*Info, error) {
 	var out []*Info
 	for _, entry := range entries {
 		var mountinfo Info
+		var skip, stop bool
 		mountinfo.Mountpoint = C.GoString(&entry.f_mntonname[0])
+
+		if filter != nil {
+			// filter out entries we're not interested in
+			skip, stop = filter(&mountinfo)
+			if skip {
+				continue
+			}
+		}
+
 		mountinfo.Source = C.GoString(&entry.f_mntfromname[0])
 		mountinfo.Fstype = C.GoString(&entry.f_fstypename[0])
+
 		out = append(out, &mountinfo)
+		if stop {
+			break
+		}
 	}
 	return out, nil
 }

vendor/github.com/docker/docker/pkg/mount/mountinfo_linux.go

@@ -1,17 +1,28 @@
-// +build linux
+package mount // import "github.com/docker/docker/pkg/mount"
-
-package mount
 
 import (
 	"bufio"
 	"fmt"
 	"io"
 	"os"
+	"strconv"
 	"strings"
+
+	"github.com/pkg/errors"
 )
 
-const (
+func parseInfoFile(r io.Reader, filter FilterFunc) ([]*Info, error) {
-	/* 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
+	s := bufio.NewScanner(r)
+	out := []*Info{}
+	var err error
+	for s.Scan() {
+		if err = s.Err(); err != nil {
+			return nil, err
+		}
+		/*
+		   See http://man7.org/linux/man-pages/man5/proc.5.html
+
+		   36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
 		   (1)(2)(3)   (4)   (5)      (6)      (7)   (8) (9)   (10)         (11)
 
 		   (1) mount ID:  unique identifier of the mount (may be reused after umount)
@@ -24,61 +35,98 @@ const (
 		   (8) separator:  marks the end of the optional fields
 		   (9) filesystem type:  name of filesystem of the form "type[.subtype]"
 		   (10) mount source:  filesystem specific information or "none"
-	   (11) super options:  per super block options*/
+		   (11) super options:  per super block options
-	mountinfoFormat = "%d %d %d:%d %s %s %s %s"
+		*/
-)
+
+		text := s.Text()
+		fields := strings.Split(text, " ")
+		numFields := len(fields)
+		if numFields < 10 {
+			// should be at least 10 fields
+			return nil, fmt.Errorf("Parsing '%s' failed: not enough fields (%d)", text, numFields)
+		}
+
+		p := &Info{}
+		// ignore any numbers parsing errors, as there should not be any
+		p.ID, _ = strconv.Atoi(fields[0])
+		p.Parent, _ = strconv.Atoi(fields[1])
+		mm := strings.Split(fields[2], ":")
+		if len(mm) != 2 {
+			return nil, fmt.Errorf("Parsing '%s' failed: unexpected minor:major pair %s", text, mm)
+		}
+		p.Major, _ = strconv.Atoi(mm[0])
+		p.Minor, _ = strconv.Atoi(mm[1])
+
+		p.Root, err = strconv.Unquote(`"` + fields[3] + `"`)
+		if err != nil {
+			return nil, errors.Wrapf(err, "Parsing '%s' failed: unable to unquote root field", fields[3])
+		}
+
+		p.Mountpoint, err = strconv.Unquote(`"` + fields[4] + `"`)
+		if err != nil {
+			return nil, errors.Wrapf(err, "Parsing '%s' failed: unable to unquote mount point field", fields[4])
+		}
+		p.Opts = fields[5]
+
+		var skip, stop bool
+		if filter != nil {
+			// filter out entries we're not interested in
+			skip, stop = filter(p)
+			if skip {
+				continue
+			}
+		}
+
+		// one or more optional fields, when a separator (-)
+		i := 6
+		for ; i < numFields && fields[i] != "-"; i++ {
+			switch i {
+			case 6:
+				p.Optional = fields[6]
+			default:
+				/* NOTE there might be more optional fields before the such as
+				   fields[7]...fields[N] (where N < sepIndex), although
+				   as of Linux kernel 4.15 the only known ones are
+				   mount propagation flags in fields[6]. The correct
+				   behavior is to ignore any unknown optional fields.
+				*/
+			}
+		}
+		if i == numFields {
+			return nil, fmt.Errorf("Parsing '%s' failed: missing separator ('-')", text)
+		}
+
+		// There should be 3 fields after the separator...
+		if i+4 > numFields {
+			return nil, fmt.Errorf("Parsing '%s' failed: not enough fields after a separator", text)
+		}
+		// ... but in Linux <= 3.9 mounting a cifs with spaces in a share name
+		// (like "//serv/My Documents") _may_ end up having a space in the last field
+		// of mountinfo (like "unc=//serv/My Documents"). Since kernel 3.10-rc1, cifs
+		// option unc= is ignored,  so a space should not appear. In here we ignore
+		// those "extra" fields caused by extra spaces.
+		p.Fstype = fields[i+1]
+		p.Source = fields[i+2]
+		p.VfsOpts = fields[i+3]
+
+		out = append(out, p)
+		if stop {
+			break
+		}
+	}
+	return out, nil
+}
 
 // Parse /proc/self/mountinfo because comparing Dev and ino does not work from
 // bind mounts
-func parseMountTable() ([]*Info, error) {
+func parseMountTable(filter FilterFunc) ([]*Info, error) {
 	f, err := os.Open("/proc/self/mountinfo")
 	if err != nil {
 		return nil, err
 	}
 	defer f.Close()
 
-	return parseInfoFile(f)
+	return parseInfoFile(f, filter)
-}
-
-func parseInfoFile(r io.Reader) ([]*Info, error) {
-	var (
-		s   = bufio.NewScanner(r)
-		out = []*Info{}
-	)
-
-	for s.Scan() {
-		if err := s.Err(); err != nil {
-			return nil, err
-		}
-
-		var (
-			p              = &Info{}
-			text           = s.Text()
-			optionalFields string
-		)
-
-		if _, err := fmt.Sscanf(text, mountinfoFormat,
-			&p.ID, &p.Parent, &p.Major, &p.Minor,
-			&p.Root, &p.Mountpoint, &p.Opts, &optionalFields); err != nil {
-			return nil, fmt.Errorf("Scanning '%s' failed: %s", text, err)
-		}
-		// Safe as mountinfo encodes mountpoints with spaces as \040.
-		index := strings.Index(text, " - ")
-		postSeparatorFields := strings.Fields(text[index+3:])
-		if len(postSeparatorFields) < 3 {
-			return nil, fmt.Errorf("Error found less than 3 fields post '-' in %q", text)
-		}
-
-		if optionalFields != "-" {
-			p.Optional = optionalFields
-		}
-
-		p.Fstype = postSeparatorFields[0]
-		p.Source = postSeparatorFields[1]
-		p.VfsOpts = strings.Join(postSeparatorFields[2:], " ")
-		out = append(out, p)
-	}
-	return out, nil
 }
 
 // PidMountInfo collects the mounts for a specific process ID. If the process
@@ -91,5 +139,5 @@ func PidMountInfo(pid int) ([]*Info, error) {
 	}
 	defer f.Close()
 
-	return parseInfoFile(f)
+	return parseInfoFile(f, nil)
 }

vendor/github.com/docker/docker/pkg/mount/mountinfo_solaris.go

@@ -1,44 +0,0 @@
-// +build solaris,cgo
-
-package mount
-
-/*
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/mnttab.h>
-*/
-import "C"
-
-import (
-	"fmt"
-	"unsafe"
-)
-
-func parseMountTable() ([]*Info, error) {
-	path := C.CString(C.MNTTAB)
-	defer C.free(unsafe.Pointer(path))
-	mode := C.CString("r")
-	defer C.free(unsafe.Pointer(mode))
-
-	mnttab := C.fopen(path, mode)
-	if mnttab == nil {
-		return nil, fmt.Errorf("Failed to open %s", C.MNTTAB)
-	}
-
-	var out []*Info
-	var mp C.struct_mnttab
-
-	ret := C.getmntent(mnttab, &mp)
-	for ret == 0 {
-		var mountinfo Info
-		mountinfo.Mountpoint = C.GoString(mp.mnt_mountp)
-		mountinfo.Source = C.GoString(mp.mnt_special)
-		mountinfo.Fstype = C.GoString(mp.mnt_fstype)
-		mountinfo.Opts = C.GoString(mp.mnt_mntopts)
-		out = append(out, &mountinfo)
-		ret = C.getmntent(mnttab, &mp)
-	}
-
-	C.fclose(mnttab)
-	return out, nil
-}

vendor/github.com/docker/docker/pkg/mount/mountinfo_unsupported.go

@@ -1,12 +1,12 @@
-// +build !windows,!linux,!freebsd,!solaris freebsd,!cgo solaris,!cgo
+// +build !windows,!linux,!freebsd freebsd,!cgo
 
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
 import (
 	"fmt"
 	"runtime"
 )
 
-func parseMountTable() ([]*Info, error) {
+func parseMountTable(f FilterFunc) ([]*Info, error) {
 	return nil, fmt.Errorf("mount.parseMountTable is not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
 }

vendor/github.com/docker/docker/pkg/mount/mountinfo_windows.go

@@ -1,6 +1,6 @@
-package mount
+package mount // import "github.com/docker/docker/pkg/mount"
 
-func parseMountTable() ([]*Info, error) {
+func parseMountTable(f FilterFunc) ([]*Info, error) {
 	// Do NOT return an error!
 	return nil, nil
 }

vendor/github.com/docker/docker/pkg/mount/sharedsubtree_linux.go

@@ -1,69 +1,71 @@
-// +build linux
+package mount // import "github.com/docker/docker/pkg/mount"
-
-package mount
 
 // MakeShared ensures a mounted filesystem has the SHARED mount option enabled.
 // See the supported options in flags.go for further reference.
 func MakeShared(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "shared")
+	return ensureMountedAs(mountPoint, SHARED)
 }
 
 // MakeRShared ensures a mounted filesystem has the RSHARED mount option enabled.
 // See the supported options in flags.go for further reference.
 func MakeRShared(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rshared")
+	return ensureMountedAs(mountPoint, RSHARED)
 }
 
 // MakePrivate ensures a mounted filesystem has the PRIVATE mount option enabled.
 // See the supported options in flags.go for further reference.
 func MakePrivate(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "private")
+	return ensureMountedAs(mountPoint, PRIVATE)
 }
 
 // MakeRPrivate ensures a mounted filesystem has the RPRIVATE mount option
 // enabled. See the supported options in flags.go for further reference.
 func MakeRPrivate(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rprivate")
+	return ensureMountedAs(mountPoint, RPRIVATE)
 }
 
 // MakeSlave ensures a mounted filesystem has the SLAVE mount option enabled.
 // See the supported options in flags.go for further reference.
 func MakeSlave(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "slave")
+	return ensureMountedAs(mountPoint, SLAVE)
 }
 
 // MakeRSlave ensures a mounted filesystem has the RSLAVE mount option enabled.
 // See the supported options in flags.go for further reference.
 func MakeRSlave(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rslave")
+	return ensureMountedAs(mountPoint, RSLAVE)
 }
 
 // MakeUnbindable ensures a mounted filesystem has the UNBINDABLE mount option
 // enabled. See the supported options in flags.go for further reference.
 func MakeUnbindable(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "unbindable")
+	return ensureMountedAs(mountPoint, UNBINDABLE)
 }
 
 // MakeRUnbindable ensures a mounted filesystem has the RUNBINDABLE mount
 // option enabled. See the supported options in flags.go for further reference.
 func MakeRUnbindable(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "runbindable")
+	return ensureMountedAs(mountPoint, RUNBINDABLE)
 }
 
-func ensureMountedAs(mountPoint, options string) error {
+// MakeMount ensures that the file or directory given is a mount point,
-	mounted, err := Mounted(mountPoint)
+// bind mounting it to itself it case it is not.
+func MakeMount(mnt string) error {
+	mounted, err := Mounted(mnt)
 	if err != nil {
 		return err
 	}
-
+	if mounted {
-	if !mounted {
+		return nil
-		if err := Mount(mountPoint, mountPoint, "none", "bind,rw"); err != nil {
-			return err
-		}
-	}
-	if _, err = Mounted(mountPoint); err != nil {
-		return err
 	}
 
-	return ForceMount("", mountPoint, "none", options)
+	return mount(mnt, mnt, "none", uintptr(BIND), "")
+}
+
+func ensureMountedAs(mnt string, flags int) error {
+	if err := MakeMount(mnt); err != nil {
+		return err
+	}
+
+	return mount("", mnt, "none", uintptr(flags), "")
 }

vendor/github.com/docker/docker/pkg/mount/sharedsubtree_solaris.go

@@ -1,58 +0,0 @@
-// +build solaris
-
-package mount
-
-// MakeShared ensures a mounted filesystem has the SHARED mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeShared(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "shared")
-}
-
-// MakeRShared ensures a mounted filesystem has the RSHARED mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeRShared(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rshared")
-}
-
-// MakePrivate ensures a mounted filesystem has the PRIVATE mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakePrivate(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "private")
-}
-
-// MakeRPrivate ensures a mounted filesystem has the RPRIVATE mount option
-// enabled. See the supported options in flags.go for further reference.
-func MakeRPrivate(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rprivate")
-}
-
-// MakeSlave ensures a mounted filesystem has the SLAVE mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeSlave(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "slave")
-}
-
-// MakeRSlave ensures a mounted filesystem has the RSLAVE mount option enabled.
-// See the supported options in flags.go for further reference.
-func MakeRSlave(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "rslave")
-}
-
-// MakeUnbindable ensures a mounted filesystem has the UNBINDABLE mount option
-// enabled. See the supported options in flags.go for further reference.
-func MakeUnbindable(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "unbindable")
-}
-
-// MakeRUnbindable ensures a mounted filesystem has the RUNBINDABLE mount
-// option enabled. See the supported options in flags.go for further reference.
-func MakeRUnbindable(mountPoint string) error {
-	return ensureMountedAs(mountPoint, "runbindable")
-}
-
-func ensureMountedAs(mountPoint, options string) error {
-	// TODO: Solaris does not support bind mounts.
-	// Evaluate lofs and also look at the relevant
-	// mount flags to be supported.
-	return nil
-}

vendor/github.com/docker/docker/pkg/mount/unmount_unix.go

@@ -0,0 +1,22 @@
+// +build !windows
+
+package mount // import "github.com/docker/docker/pkg/mount"
+
+import "golang.org/x/sys/unix"
+
+func unmount(target string, flags int) error {
+	err := unix.Unmount(target, flags)
+	if err == nil || err == unix.EINVAL {
+		// Ignore "not mounted" error here. Note the same error
+		// can be returned if flags are invalid, so this code
+		// assumes that the flags value is always correct.
+		return nil
+	}
+
+	return &mountError{
+		op:     "umount",
+		target: target,
+		flags:  uintptr(flags),
+		err:    err,
+	}
+}

vendor/github.com/docker/docker/pkg/mount/unmount_unsupported.go

@@ -0,0 +1,7 @@
+// +build windows
+
+package mount // import "github.com/docker/docker/pkg/mount"
+
+func unmount(target string, flag int) error {
+	panic("Not implemented")
+}

vendor/github.com/docker/docker/pkg/symlink/LICENSE.APACHE

@@ -176,7 +176,7 @@
 
    END OF TERMS AND CONDITIONS
 
-   Copyright 2014-2017 Docker, Inc.
+   Copyright 2014-2018 Docker, Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

vendor/github.com/docker/docker/pkg/symlink/LICENSE.BSD

@@ -1,4 +1,4 @@
-Copyright (c) 2014-2017 The Docker & Go Authors. All rights reserved.
+Copyright (c) 2014-2018 The Docker & Go Authors. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are

vendor/github.com/docker/docker/pkg/symlink/fs.go

@@ -4,7 +4,7 @@
 
 // This code is a modified version of path/filepath/symlink.go from the Go standard library.
 
-package symlink
+package symlink // import "github.com/docker/docker/pkg/symlink"
 
 import (
 	"bytes"

vendor/github.com/docker/docker/pkg/symlink/fs_unix.go

@@ -1,6 +1,6 @@
 // +build !windows
 
-package symlink
+package symlink // import "github.com/docker/docker/pkg/symlink"
 
 import (
 	"path/filepath"

vendor/github.com/docker/docker/pkg/symlink/fs_windows.go

@@ -1,4 +1,4 @@
-package symlink
+package symlink // import "github.com/docker/docker/pkg/symlink"
 
 import (
 	"bytes"

vendor/github.com/docker/docker/pkg/system/args_windows.go

@@ -0,0 +1,16 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"strings"
+
+	"golang.org/x/sys/windows"
+)
+
+// EscapeArgs makes a Windows-style escaped command line from a set of arguments
+func EscapeArgs(args []string) string {
+	escapedArgs := make([]string, len(args))
+	for i, a := range args {
+		escapedArgs[i] = windows.EscapeArg(a)
+	}
+	return strings.Join(escapedArgs, " ")
+}

vendor/github.com/docker/docker/pkg/system/chtimes.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"os"
@@ -27,9 +27,5 @@ func Chtimes(name string, atime time.Time, mtime time.Time) error {
 	}
 
 	// Take platform specific action for setting create time.
-	if err := setCTime(name, mtime); err != nil {
+	return setCTime(name, mtime)
-		return err
-	}
-
-	return nil
 }

vendor/github.com/docker/docker/pkg/system/chtimes_unix.go

@@ -1,6 +1,6 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"time"

vendor/github.com/docker/docker/pkg/system/chtimes_windows.go

@@ -1,6 +1,4 @@
-// +build windows
+package system // import "github.com/docker/docker/pkg/system"
-
-package system
 
 import (
 	"time"

vendor/github.com/docker/docker/pkg/system/errors.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"errors"
@@ -7,4 +7,7 @@ import (
 var (
 	// ErrNotSupportedPlatform means the platform is not supported.
 	ErrNotSupportedPlatform = errors.New("platform and architecture is not supported")
+
+	// ErrNotSupportedOperatingSystem means the operating system is not supported.
+	ErrNotSupportedOperatingSystem = errors.New("operating system is not supported")
 )

vendor/github.com/docker/docker/pkg/system/exitcode.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"fmt"

vendor/github.com/docker/docker/pkg/system/filesys_unix.go

@@ -1,6 +1,6 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"io/ioutil"
@@ -8,14 +8,14 @@ import (
 	"path/filepath"
 )
 
-// MkdirAllWithACL is a wrapper for MkdirAll on unix systems.
+// MkdirAllWithACL is a wrapper for os.MkdirAll on unix systems.
 func MkdirAllWithACL(path string, perm os.FileMode, sddl string) error {
-	return MkdirAll(path, perm, sddl)
+	return os.MkdirAll(path, perm)
 }
 
 // MkdirAll creates a directory named path along with any necessary parents,
 // with permission specified by attribute perm for all dir created.
-func MkdirAll(path string, perm os.FileMode, sddl string) error {
+func MkdirAll(path string, perm os.FileMode) error {
 	return os.MkdirAll(path, perm)
 }
 

vendor/github.com/docker/docker/pkg/system/filesys_windows.go

@@ -1,6 +1,4 @@
-// +build windows
+package system // import "github.com/docker/docker/pkg/system"
-
-package system
 
 import (
 	"os"
@@ -13,15 +11,12 @@ import (
 	"time"
 	"unsafe"
 
-	winio "github.com/Microsoft/go-winio"
 	"golang.org/x/sys/windows"
 )
 
 const (
 	// SddlAdministratorsLocalSystem is local administrators plus NT AUTHORITY\System
 	SddlAdministratorsLocalSystem = "D:P(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
-	// SddlNtvmAdministratorsLocalSystem is NT VIRTUAL MACHINE\Virtual Machines plus local administrators plus NT AUTHORITY\System
-	SddlNtvmAdministratorsLocalSystem = "D:P(A;OICI;GA;;;S-1-5-83-0)(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
 )
 
 // MkdirAllWithACL is a wrapper for MkdirAll that creates a directory
@@ -30,9 +25,10 @@ func MkdirAllWithACL(path string, perm os.FileMode, sddl string) error {
 	return mkdirall(path, true, sddl)
 }
 
-// MkdirAll implementation that is volume path aware for Windows.
+// MkdirAll implementation that is volume path aware for Windows. It can be used
-func MkdirAll(path string, _ os.FileMode, sddl string) error {
+// as a drop-in replacement for os.MkdirAll()
-	return mkdirall(path, false, sddl)
+func MkdirAll(path string, _ os.FileMode) error {
+	return mkdirall(path, false, "")
 }
 
 // mkdirall is a custom version of os.MkdirAll modified for use on Windows
@@ -106,13 +102,13 @@ func mkdirall(path string, applyACL bool, sddl string) error {
 // and Local System.
 func mkdirWithACL(name string, sddl string) error {
 	sa := windows.SecurityAttributes{Length: 0}
-	sd, err := winio.SddlToSecurityDescriptor(sddl)
+	sd, err := windows.SecurityDescriptorFromString(sddl)
 	if err != nil {
 		return &os.PathError{Op: "mkdir", Path: name, Err: err}
 	}
 	sa.Length = uint32(unsafe.Sizeof(sa))
 	sa.InheritHandle = 1
-	sa.SecurityDescriptor = uintptr(unsafe.Pointer(&sd[0]))
+	sa.SecurityDescriptor = sd
 
 	namep, err := windows.UTF16PtrFromString(name)
 	if err != nil {

vendor/github.com/docker/docker/pkg/system/init.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"syscall"

vendor/github.com/docker/docker/pkg/system/init_unix.go

@@ -1,7 +1,12 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 // InitLCOW does nothing since LCOW is a windows only feature
 func InitLCOW(experimental bool) {
 }
+
+// ContainerdRuntimeSupported returns true if the use of ContainerD runtime is supported.
+func ContainerdRuntimeSupported(_ bool, _ string) bool {
+	return true
+}

vendor/github.com/docker/docker/pkg/system/init_windows.go

@@ -1,17 +1,40 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
-import "os"
+import (
+	"os"
 
-// lcowSupported determines if Linux Containers on Windows are supported.
+	"github.com/Microsoft/hcsshim/osversion"
-var lcowSupported = false
+	"github.com/sirupsen/logrus"
+)
 
-// InitLCOW sets whether LCOW is supported or not
+var (
-// TODO @jhowardmsft.
+	// lcowSupported determines if Linux Containers on Windows are supported.
-// 1. Replace with RS3 RTM build number.
+	lcowSupported = false
-// 2. Remove the getenv check when image-store is coalesced as shouldn't be needed anymore.
+
+	// containerdRuntimeSupported determines if ContainerD should be the runtime.
+	// As of March 2019, this is an experimental feature.
+	containerdRuntimeSupported = false
+)
+
+// InitLCOW sets whether LCOW is supported or not. Requires RS5+
 func InitLCOW(experimental bool) {
-	v := GetOSVersion()
+	if experimental && osversion.Build() >= osversion.RS5 {
-	if experimental && v.Build > 16270 && os.Getenv("LCOW_SUPPORTED") != "" {
 		lcowSupported = true
 	}
 }
+
+// InitContainerdRuntime sets whether to use ContainerD for runtime
+// on Windows. This is an experimental feature still in development, and
+// also requires an environment variable to be set (so as not to turn the
+// feature on from simply experimental which would also mean LCOW.
+func InitContainerdRuntime(experimental bool, cdPath string) {
+	if experimental && len(cdPath) > 0 && len(os.Getenv("DOCKER_WINDOWS_CONTAINERD_RUNTIME")) > 0 {
+		logrus.Warnf("Using ContainerD runtime. This feature is experimental")
+		containerdRuntimeSupported = true
+	}
+}
+
+// ContainerdRuntimeSupported returns true if the use of ContainerD runtime is supported.
+func ContainerdRuntimeSupported() bool {
+	return containerdRuntimeSupported
+}

vendor/github.com/docker/docker/pkg/system/lcow.go

@@ -1,58 +1,32 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
-	"fmt"
 	"runtime"
 	"strings"
 
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/pkg/errors"
 )
 
+// IsOSSupported determines if an operating system is supported by the host
+func IsOSSupported(os string) bool {
+	if strings.EqualFold(runtime.GOOS, os) {
+		return true
+	}
+	if LCOWSupported() && strings.EqualFold(os, "linux") {
+		return true
+	}
+	return false
+}
+
 // ValidatePlatform determines if a platform structure is valid.
-// TODO This is a temporary function - can be replaced by parsing from
+// TODO This is a temporary windows-only function, should be replaced by
-// https://github.com/containerd/containerd/pull/1403/files at a later date.
+// comparison of worker capabilities
-// @jhowardmsft
+func ValidatePlatform(platform specs.Platform) error {
-func ValidatePlatform(platform *specs.Platform) error {
+	if runtime.GOOS == "windows" {
-	platform.Architecture = strings.ToLower(platform.Architecture)
-	platform.OS = strings.ToLower(platform.OS)
-	// Based on https://github.com/moby/moby/pull/34642#issuecomment-330375350, do
-	// not support anything except operating system.
-	if platform.Architecture != "" {
-		return fmt.Errorf("invalid platform architecture %q", platform.Architecture)
-	}
-	if platform.OS != "" {
 		if !(platform.OS == runtime.GOOS || (LCOWSupported() && platform.OS == "linux")) {
-			return fmt.Errorf("invalid platform os %q", platform.OS)
+			return errors.Errorf("unsupported os %s", platform.OS)
 		}
 	}
-	if len(platform.OSFeatures) != 0 {
-		return fmt.Errorf("invalid platform osfeatures %q", platform.OSFeatures)
-	}
-	if platform.OSVersion != "" {
-		return fmt.Errorf("invalid platform osversion %q", platform.OSVersion)
-	}
-	if platform.Variant != "" {
-		return fmt.Errorf("invalid platform variant %q", platform.Variant)
-	}
 	return nil
 }
-
-// ParsePlatform parses a platform string in the format os[/arch[/variant]
-// into an OCI image-spec platform structure.
-// TODO This is a temporary function - can be replaced by parsing from
-// https://github.com/containerd/containerd/pull/1403/files at a later date.
-// @jhowardmsft
-func ParsePlatform(in string) *specs.Platform {
-	p := &specs.Platform{}
-	elements := strings.SplitN(strings.ToLower(in), "/", 3)
-	if len(elements) == 3 {
-		p.Variant = elements[2]
-	}
-	if len(elements) >= 2 {
-		p.Architecture = elements[1]
-	}
-	if len(elements) >= 1 {
-		p.OS = elements[0]
-	}
-	return p
-}

vendor/github.com/docker/docker/pkg/system/lcow_unix.go

@@ -1,6 +1,6 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 // LCOWSupported returns true if Linux containers on Windows are supported.
 func LCOWSupported() bool {

vendor/github.com/docker/docker/pkg/system/lcow_windows.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 // LCOWSupported returns true if Linux containers on Windows are supported.
 func LCOWSupported() bool {

vendor/github.com/docker/docker/pkg/system/lstat_unix.go

@@ -1,8 +1,9 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
+	"os"
 	"syscall"
 )
 
@@ -13,7 +14,7 @@ import (
 func Lstat(path string) (*StatT, error) {
 	s := &syscall.Stat_t{}
 	if err := syscall.Lstat(path, s); err != nil {
-		return nil, err
+		return nil, &os.PathError{Op: "Lstat", Path: path, Err: err}
 	}
 	return fromStatT(s)
 }

vendor/github.com/docker/docker/pkg/system/lstat_windows.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import "os"
 

vendor/github.com/docker/docker/pkg/system/meminfo.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 // MemInfo contains memory statistics of the host system.
 type MemInfo struct {

vendor/github.com/docker/docker/pkg/system/meminfo_linux.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"bufio"
@@ -7,7 +7,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/go-units"
+	units "github.com/docker/go-units"
 )
 
 // ReadMemInfo retrieves memory statistics of the host system and returns a
@@ -27,6 +27,7 @@ func ReadMemInfo() (*MemInfo, error) {
 func parseMemInfo(reader io.Reader) (*MemInfo, error) {
 	meminfo := &MemInfo{}
 	scanner := bufio.NewScanner(reader)
+	memAvailable := int64(-1)
 	for scanner.Scan() {
 		// Expected format: ["MemTotal:", "1234", "kB"]
 		parts := strings.Fields(scanner.Text())
@@ -48,6 +49,8 @@ func parseMemInfo(reader io.Reader) (*MemInfo, error) {
 			meminfo.MemTotal = bytes
 		case "MemFree:":
 			meminfo.MemFree = bytes
+		case "MemAvailable:":
+			memAvailable = bytes
 		case "SwapTotal:":
 			meminfo.SwapTotal = bytes
 		case "SwapFree:":
@@ -55,6 +58,9 @@ func parseMemInfo(reader io.Reader) (*MemInfo, error) {
 		}
 
 	}
+	if memAvailable != -1 {
+		meminfo.MemFree = memAvailable
+	}
 
 	// Handle errors that may have occurred during the reading of the file.
 	if err := scanner.Err(); err != nil {

vendor/github.com/docker/docker/pkg/system/meminfo_solaris.go

@@ -1,129 +0,0 @@
-// +build solaris,cgo
-
-package system
-
-import (
-	"fmt"
-	"unsafe"
-)
-
-// #cgo CFLAGS: -std=c99
-// #cgo LDFLAGS: -lkstat
-// #include <unistd.h>
-// #include <stdlib.h>
-// #include <stdio.h>
-// #include <kstat.h>
-// #include <sys/swap.h>
-// #include <sys/param.h>
-// struct swaptable *allocSwaptable(int num) {
-//	struct swaptable *st;
-//	struct swapent *swapent;
-// 	st = (struct swaptable *)malloc(num * sizeof(swapent_t) + sizeof (int));
-//	swapent = st->swt_ent;
-//	for (int i = 0; i < num; i++,swapent++) {
-//		swapent->ste_path = (char *)malloc(MAXPATHLEN * sizeof (char));
-//	}
-//	st->swt_n = num;
-//	return st;
-//}
-// void freeSwaptable (struct swaptable *st) {
-//	struct swapent *swapent = st->swt_ent;
-//	for (int i = 0; i < st->swt_n; i++,swapent++) {
-//		free(swapent->ste_path);
-//	}
-//	free(st);
-// }
-// swapent_t getSwapEnt(swapent_t *ent, int i) {
-//	return ent[i];
-// }
-// int64_t getPpKernel() {
-//	int64_t pp_kernel = 0;
-//	kstat_ctl_t *ksc;
-//	kstat_t *ks;
-//	kstat_named_t *knp;
-//	kid_t kid;
-//
-//	if ((ksc = kstat_open()) == NULL) {
-//		return -1;
-//	}
-//	if ((ks = kstat_lookup(ksc, "unix", 0, "system_pages")) == NULL) {
-//		return -1;
-//	}
-//	if (((kid = kstat_read(ksc, ks, NULL)) == -1) ||
-//	    ((knp = kstat_data_lookup(ks, "pp_kernel")) == NULL)) {
-//		return -1;
-//	}
-//	switch (knp->data_type) {
-//	case KSTAT_DATA_UINT64:
-//		pp_kernel = knp->value.ui64;
-//		break;
-//	case KSTAT_DATA_UINT32:
-//		pp_kernel = knp->value.ui32;
-//		break;
-//	}
-//	pp_kernel *= sysconf(_SC_PAGESIZE);
-//	return (pp_kernel > 0 ? pp_kernel : -1);
-// }
-import "C"
-
-// Get the system memory info using sysconf same as prtconf
-func getTotalMem() int64 {
-	pagesize := C.sysconf(C._SC_PAGESIZE)
-	npages := C.sysconf(C._SC_PHYS_PAGES)
-	return int64(pagesize * npages)
-}
-
-func getFreeMem() int64 {
-	pagesize := C.sysconf(C._SC_PAGESIZE)
-	npages := C.sysconf(C._SC_AVPHYS_PAGES)
-	return int64(pagesize * npages)
-}
-
-// ReadMemInfo retrieves memory statistics of the host system and returns a
-//  MemInfo type.
-func ReadMemInfo() (*MemInfo, error) {
-
-	ppKernel := C.getPpKernel()
-	MemTotal := getTotalMem()
-	MemFree := getFreeMem()
-	SwapTotal, SwapFree, err := getSysSwap()
-
-	if ppKernel < 0 || MemTotal < 0 || MemFree < 0 || SwapTotal < 0 ||
-		SwapFree < 0 {
-		return nil, fmt.Errorf("error getting system memory info %v\n", err)
-	}
-
-	meminfo := &MemInfo{}
-	// Total memory is total physical memory less than memory locked by kernel
-	meminfo.MemTotal = MemTotal - int64(ppKernel)
-	meminfo.MemFree = MemFree
-	meminfo.SwapTotal = SwapTotal
-	meminfo.SwapFree = SwapFree
-
-	return meminfo, nil
-}
-
-func getSysSwap() (int64, int64, error) {
-	var tSwap int64
-	var fSwap int64
-	var diskblksPerPage int64
-	num, err := C.swapctl(C.SC_GETNSWP, nil)
-	if err != nil {
-		return -1, -1, err
-	}
-	st := C.allocSwaptable(num)
-	_, err = C.swapctl(C.SC_LIST, unsafe.Pointer(st))
-	if err != nil {
-		C.freeSwaptable(st)
-		return -1, -1, err
-	}
-
-	diskblksPerPage = int64(C.sysconf(C._SC_PAGESIZE) >> C.DEV_BSHIFT)
-	for i := 0; i < int(num); i++ {
-		swapent := C.getSwapEnt(&st.swt_ent[0], C.int(i))
-		tSwap += int64(swapent.ste_pages) * diskblksPerPage
-		fSwap += int64(swapent.ste_free) * diskblksPerPage
-	}
-	C.freeSwaptable(st)
-	return tSwap, fSwap, nil
-}

vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go

@@ -1,6 +1,6 @@
-// +build !linux,!windows,!solaris
+// +build !linux,!windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 // ReadMemInfo is not supported on platforms other than linux and windows.
 func ReadMemInfo() (*MemInfo, error) {

vendor/github.com/docker/docker/pkg/system/meminfo_windows.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"unsafe"

vendor/github.com/docker/docker/pkg/system/mknod.go

@@ -1,6 +1,6 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"golang.org/x/sys/unix"

vendor/github.com/docker/docker/pkg/system/mknod_windows.go

@@ -1,6 +1,4 @@
-// +build windows
+package system // import "github.com/docker/docker/pkg/system"
-
-package system
 
 // Mknod is not implemented on Windows.
 func Mknod(path string, mode uint32, dev int) error {

vendor/github.com/docker/docker/pkg/system/path.go

@@ -1,12 +1,10 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"fmt"
 	"path/filepath"
 	"runtime"
 	"strings"
-
-	"github.com/containerd/continuity/pathdriver"
 )
 
 const defaultUnixPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@@ -27,6 +25,12 @@ func DefaultPathEnv(os string) string {
 
 }
 
+// PathVerifier defines the subset of a PathDriver that CheckSystemDriveAndRemoveDriveLetter
+// actually uses in order to avoid system depending on containerd/continuity.
+type PathVerifier interface {
+	IsAbs(string) bool
+}
+
 // CheckSystemDriveAndRemoveDriveLetter verifies that a path, if it includes a drive letter,
 // is the system drive.
 // On Linux: this is a no-op.
@@ -35,14 +39,14 @@ func DefaultPathEnv(os string) string {
 // This is used, for example, when validating a user provided path in docker cp.
 // If a drive letter is supplied, it must be the system drive. The drive letter
 // is always removed. Also, it translates it to OS semantics (IOW / to \). We
-// need the path in this syntax so that it can ultimately be contatenated with
+// need the path in this syntax so that it can ultimately be concatenated with
 // a Windows long-path which doesn't support drive-letters. Examples:
 // C:			--> Fail
 // C:\			--> \
 // a			--> a
 // /a			--> \a
 // d:\			--> Fail
-func CheckSystemDriveAndRemoveDriveLetter(path string, driver pathdriver.PathDriver) (string, error) {
+func CheckSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
 	if runtime.GOOS != "windows" || LCOWSupported() {
 		return path, nil
 	}

vendor/github.com/docker/docker/pkg/system/path_unix.go

@@ -0,0 +1,10 @@
+// +build !windows
+
+package system // import "github.com/docker/docker/pkg/system"
+
+// GetLongPathName converts Windows short pathnames to full pathnames.
+// For example C:\Users\ADMIN~1 --> C:\Users\Administrator.
+// It is a no-op on non-Windows platforms
+func GetLongPathName(path string) (string, error) {
+	return path, nil
+}

vendor/github.com/docker/docker/pkg/system/path_windows.go

@@ -0,0 +1,24 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import "syscall"
+
+// GetLongPathName converts Windows short pathnames to full pathnames.
+// For example C:\Users\ADMIN~1 --> C:\Users\Administrator.
+// It is a no-op on non-Windows platforms
+func GetLongPathName(path string) (string, error) {
+	// See https://groups.google.com/forum/#!topic/golang-dev/1tufzkruoTg
+	p := syscall.StringToUTF16(path)
+	b := p // GetLongPathName says we can reuse buffer
+	n, err := syscall.GetLongPathName(&p[0], &b[0], uint32(len(b)))
+	if err != nil {
+		return "", err
+	}
+	if n > uint32(len(b)) {
+		b = make([]uint16, n)
+		_, err = syscall.GetLongPathName(&p[0], &b[0], uint32(len(b)))
+		if err != nil {
+			return "", err
+		}
+	}
+	return syscall.UTF16ToString(b), nil
+}

vendor/github.com/docker/docker/pkg/system/process_unix.go

@@ -1,6 +1,6 @@
-// +build linux freebsd solaris darwin
+// +build linux freebsd darwin
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"syscall"

vendor/github.com/docker/docker/pkg/system/process_windows.go

@@ -0,0 +1,18 @@
+package system // import "github.com/docker/docker/pkg/system"
+
+import "os"
+
+// IsProcessAlive returns true if process with a given pid is running.
+func IsProcessAlive(pid int) bool {
+	_, err := os.FindProcess(pid)
+
+	return err == nil
+}
+
+// KillProcess force-stops a process.
+func KillProcess(pid int) {
+	p, err := os.FindProcess(pid)
+	if err == nil {
+		p.Kill()
+	}
+}

vendor/github.com/docker/docker/pkg/system/rm.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"os"
@@ -26,7 +26,7 @@ func EnsureRemoveAll(dir string) error {
 
 	// track retries
 	exitOnErr := make(map[string]int)
-	maxRetry := 5
+	maxRetry := 50
 
 	// Attempt to unmount anything beneath this dir first
 	mount.RecursiveUnmount(dir)
@@ -34,7 +34,7 @@ func EnsureRemoveAll(dir string) error {
 	for {
 		err := os.RemoveAll(dir)
 		if err == nil {
-			return err
+			return nil
 		}
 
 		pe, ok := err.(*os.PathError)

vendor/github.com/docker/docker/pkg/system/stat_darwin.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import "syscall"
 

vendor/github.com/docker/docker/pkg/system/stat_freebsd.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import "syscall"
 

vendor/github.com/docker/docker/pkg/system/stat_linux.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import "syscall"
 
@@ -8,7 +8,8 @@ func fromStatT(s *syscall.Stat_t) (*StatT, error) {
 		mode: s.Mode,
 		uid:  s.Uid,
 		gid:  s.Gid,
-		rdev: s.Rdev,
+		// the type is 32bit on mips
+		rdev: uint64(s.Rdev), // nolint: unconvert
 		mtim: s.Mtim}, nil
 }
 

vendor/github.com/docker/docker/pkg/system/stat_openbsd.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import "syscall"
 

vendor/github.com/docker/docker/pkg/system/stat_solaris.go

@@ -1,13 +0,0 @@
-package system
-
-import "syscall"
-
-// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
-func fromStatT(s *syscall.Stat_t) (*StatT, error) {
-	return &StatT{size: s.Size,
-		mode: uint32(s.Mode),
-		uid:  s.Uid,
-		gid:  s.Gid,
-		rdev: uint64(s.Rdev),
-		mtim: s.Mtim}, nil
-}

vendor/github.com/docker/docker/pkg/system/stat_unix.go

@@ -1,8 +1,9 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
+	"os"
 	"syscall"
 )
 
@@ -47,6 +48,11 @@ func (s StatT) Mtim() syscall.Timespec {
 	return s.mtim
 }
 
+// IsDir reports whether s describes a directory.
+func (s StatT) IsDir() bool {
+	return s.mode&syscall.S_IFDIR != 0
+}
+
 // Stat takes a path to a file and returns
 // a system.StatT type pertaining to that file.
 //
@@ -54,7 +60,7 @@ func (s StatT) Mtim() syscall.Timespec {
 func Stat(path string) (*StatT, error) {
 	s := &syscall.Stat_t{}
 	if err := syscall.Stat(path, s); err != nil {
-		return nil, err
+		return nil, &os.PathError{Op: "Stat", Path: path, Err: err}
 	}
 	return fromStatT(s)
 }

vendor/github.com/docker/docker/pkg/system/stat_windows.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"os"

vendor/github.com/docker/docker/pkg/system/syscall_unix.go

@@ -1,6 +1,6 @@
 // +build linux freebsd
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import "golang.org/x/sys/unix"
 

vendor/github.com/docker/docker/pkg/system/syscall_windows.go

@@ -1,26 +1,68 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
+	"fmt"
+	"syscall"
 	"unsafe"
 
+	"github.com/Microsoft/hcsshim/osversion"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
 )
 
+const (
+	OWNER_SECURITY_INFORMATION               = 0x00000001
+	GROUP_SECURITY_INFORMATION               = 0x00000002
+	DACL_SECURITY_INFORMATION                = 0x00000004
+	SACL_SECURITY_INFORMATION                = 0x00000008
+	LABEL_SECURITY_INFORMATION               = 0x00000010
+	ATTRIBUTE_SECURITY_INFORMATION           = 0x00000020
+	SCOPE_SECURITY_INFORMATION               = 0x00000040
+	PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00000080
+	ACCESS_FILTER_SECURITY_INFORMATION       = 0x00000100
+	BACKUP_SECURITY_INFORMATION              = 0x00010000
+	PROTECTED_DACL_SECURITY_INFORMATION      = 0x80000000
+	PROTECTED_SACL_SECURITY_INFORMATION      = 0x40000000
+	UNPROTECTED_DACL_SECURITY_INFORMATION    = 0x20000000
+	UNPROTECTED_SACL_SECURITY_INFORMATION    = 0x10000000
+)
+
+const (
+	SE_UNKNOWN_OBJECT_TYPE = iota
+	SE_FILE_OBJECT
+	SE_SERVICE
+	SE_PRINTER
+	SE_REGISTRY_KEY
+	SE_LMSHARE
+	SE_KERNEL_OBJECT
+	SE_WINDOW_OBJECT
+	SE_DS_OBJECT
+	SE_DS_OBJECT_ALL
+	SE_PROVIDER_DEFINED_OBJECT
+	SE_WMIGUID_OBJECT
+	SE_REGISTRY_WOW64_32KEY
+)
+
+const (
+	SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
+)
+
+const (
+	ContainerAdministratorSidString = "S-1-5-93-2-1"
+	ContainerUserSidString          = "S-1-5-93-2-2"
+)
+
 var (
 	ntuserApiset                  = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
+	modadvapi32                   = windows.NewLazySystemDLL("advapi32.dll")
 	procGetVersionExW             = modkernel32.NewProc("GetVersionExW")
-	procGetProductInfo = modkernel32.NewProc("GetProductInfo")
+	procSetNamedSecurityInfo      = modadvapi32.NewProc("SetNamedSecurityInfoW")
+	procGetSecurityDescriptorDacl = modadvapi32.NewProc("GetSecurityDescriptorDacl")
 )
 
 // OSVersion is a wrapper for Windows version information
 // https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx
-type OSVersion struct {
+type OSVersion osversion.OSVersion
-	Version      uint32
-	MajorVersion uint8
-	MinorVersion uint8
-	Build        uint16
-}
 
 // https://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx
 type osVersionInfoEx struct {
@@ -38,19 +80,14 @@ type osVersionInfoEx struct {
 }
 
 // GetOSVersion gets the operating system version on Windows. Note that
-// docker.exe must be manifested to get the correct version information.
+// dockerd.exe must be manifested to get the correct version information.
+// Deprecated: use github.com/Microsoft/hcsshim/osversion.Get() instead
 func GetOSVersion() OSVersion {
-	var err error
+	return OSVersion(osversion.Get())
-	osv := OSVersion{}
+}
-	osv.Version, err = windows.GetVersion()
+
-	if err != nil {
+func (osv OSVersion) ToString() string {
-		// GetVersion never fails.
+	return fmt.Sprintf("%d.%d.%d", osv.MajorVersion, osv.MinorVersion, osv.Build)
-		panic(err)
-	}
-	osv.MajorVersion = uint8(osv.Version & 0xFF)
-	osv.MinorVersion = uint8(osv.Version >> 8 & 0xFF)
-	osv.Build = uint16(osv.Version >> 16)
-	return osv
 }
 
 // IsWindowsClient returns true if the SKU is client
@@ -67,22 +104,6 @@ func IsWindowsClient() bool {
 	return osviex.ProductType == verNTWorkstation
 }
 
-// IsIoTCore returns true if the currently running image is based off of
-// Windows 10 IoT Core.
-// @engine maintainers - this function should not be removed or modified as it
-// is used to enforce licensing restrictions on Windows.
-func IsIoTCore() bool {
-	var returnedProductType uint32
-	r1, _, err := procGetProductInfo.Call(6, 1, 0, 0, uintptr(unsafe.Pointer(&returnedProductType)))
-	if r1 == 0 {
-		logrus.Warnf("GetProductInfo failed - assuming this is not IoT: %v", err)
-		return false
-	}
-	const productIoTUAP = 0x0000007B
-	const productIoTUAPCommercial = 0x00000083
-	return returnedProductType == productIoTUAP || returnedProductType == productIoTUAPCommercial
-}
-
 // Unmount is a platform-specific helper function to call
 // the unmount syscall. Not supported on Windows
 func Unmount(dest string) error {
@@ -120,3 +141,23 @@ func HasWin32KSupport() bool {
 	// APIs.
 	return ntuserApiset.Load() == nil
 }
+
+func SetNamedSecurityInfo(objectName *uint16, objectType uint32, securityInformation uint32, sidOwner *windows.SID, sidGroup *windows.SID, dacl *byte, sacl *byte) (result error) {
+	r0, _, _ := syscall.Syscall9(procSetNamedSecurityInfo.Addr(), 7, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(sidOwner)), uintptr(unsafe.Pointer(sidGroup)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
+	if r0 != 0 {
+		result = syscall.Errno(r0)
+	}
+	return
+}
+
+func GetSecurityDescriptorDacl(securityDescriptor *byte, daclPresent *uint32, dacl **byte, daclDefaulted *uint32) (result error) {
+	r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(securityDescriptor)), uintptr(unsafe.Pointer(daclPresent)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclDefaulted)), 0, 0)
+	if r1 == 0 {
+		if e1 != 0 {
+			result = syscall.Errno(e1)
+		} else {
+			result = syscall.EINVAL
+		}
+	}
+	return
+}

vendor/github.com/docker/docker/pkg/system/umask.go

@@ -1,6 +1,6 @@
 // +build !windows
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import (
 	"golang.org/x/sys/unix"

vendor/github.com/docker/docker/pkg/system/umask_windows.go

@@ -1,6 +1,4 @@
-// +build windows
+package system // import "github.com/docker/docker/pkg/system"
-
-package system
 
 // Umask is not supported on the windows platform.
 func Umask(newmask int) (oldmask int, err error) {

vendor/github.com/docker/docker/pkg/system/utimes_freebsd.go

@@ -1,24 +0,0 @@
-package system
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-// LUtimesNano is used to change access and modification time of the specified path.
-// It's used for symbol link file because unix.UtimesNano doesn't support a NOFOLLOW flag atm.
-func LUtimesNano(path string, ts []syscall.Timespec) error {
-	var _path *byte
-	_path, err := unix.BytePtrFromString(path)
-	if err != nil {
-		return err
-	}
-
-	if _, _, err := unix.Syscall(unix.SYS_LUTIMES, uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), 0); err != 0 && err != unix.ENOSYS {
-		return err
-	}
-
-	return nil
-}

vendor/github.com/docker/docker/pkg/system/utimes_linux.go

@@ -1,25 +0,0 @@
-package system
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-// LUtimesNano is used to change access and modification time of the specified path.
-// It's used for symbol link file because unix.UtimesNano doesn't support a NOFOLLOW flag atm.
-func LUtimesNano(path string, ts []syscall.Timespec) error {
-	atFdCwd := unix.AT_FDCWD
-
-	var _path *byte
-	_path, err := unix.BytePtrFromString(path)
-	if err != nil {
-		return err
-	}
-	if _, _, err := unix.Syscall6(unix.SYS_UTIMENSAT, uintptr(atFdCwd), uintptr(unsafe.Pointer(_path)), uintptr(unsafe.Pointer(&ts[0])), unix.AT_SYMLINK_NOFOLLOW, 0, 0); err != 0 && err != unix.ENOSYS {
-		return err
-	}
-
-	return nil
-}

vendor/github.com/docker/docker/pkg/system/utimes_unix.go

@@ -0,0 +1,24 @@
+// +build linux freebsd
+
+package system // import "github.com/docker/docker/pkg/system"
+
+import (
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
+
+// LUtimesNano is used to change access and modification time of the specified path.
+// It's used for symbol link file because unix.UtimesNano doesn't support a NOFOLLOW flag atm.
+func LUtimesNano(path string, ts []syscall.Timespec) error {
+	uts := []unix.Timespec{
+		unix.NsecToTimespec(syscall.TimespecToNsec(ts[0])),
+		unix.NsecToTimespec(syscall.TimespecToNsec(ts[1])),
+	}
+	err := unix.UtimesNanoAt(unix.AT_FDCWD, path, uts, unix.AT_SYMLINK_NOFOLLOW)
+	if err != nil && err != unix.ENOSYS {
+		return err
+	}
+
+	return nil
+}

vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go

@@ -1,6 +1,6 @@
 // +build !linux,!freebsd
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import "syscall"
 

vendor/github.com/docker/docker/pkg/system/xattrs_linux.go

@@ -1,4 +1,4 @@
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 import "golang.org/x/sys/unix"
 

vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go

@@ -1,6 +1,6 @@
 // +build !linux
 
-package system
+package system // import "github.com/docker/docker/pkg/system"
 
 // Lgetxattr is not supported on platforms other than linux.
 func Lgetxattr(path string, attr string) ([]byte, error) {

vendor/github.com/docker/docker/pkg/truncindex/truncindex.go

@@ -1,7 +1,7 @@
 // Package truncindex provides a general 'index tree', used by Docker
 // in order to be able to reference containers by only a few unambiguous
 // characters of their id.
-package truncindex
+package truncindex // import "github.com/docker/docker/pkg/truncindex"
 
 import (
 	"errors"
@@ -108,7 +108,7 @@ func (idx *TruncIndex) Get(s string) (string, error) {
 		if id != "" {
 			// we haven't found the ID if there are two or more IDs
 			id = ""
-			return ErrAmbiguousPrefix{prefix: string(prefix)}
+			return ErrAmbiguousPrefix{prefix: s}
 		}
 		id = string(prefix)
 		return nil

vendor/github.com/docker/docker/vendor.conf

@@ -1,149 +1,166 @@
-# the following lines are in sorted order, FYI
 github.com/Azure/go-ansiterm                        d6e3b3328b783f23731bc4d058875b0371ff8109
-github.com/Microsoft/hcsshim v0.6.5
+github.com/Microsoft/hcsshim                        2226e083fc390003ae5aa8325c3c92789afa0e7a
-github.com/Microsoft/go-winio v0.4.5
+github.com/Microsoft/go-winio                       6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14
-github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76
 github.com/docker/libtrust                          9cbd2a1374f46905c68a4eb3694a130610adc62a
-github.com/go-check/check 4ed411733c5785b40214c70bce814c3a3a689609 https://github.com/cpuguy83/check.git
+github.com/golang/gddo                              72a348e765d293ed6d1ded7b699591f14d6cd921
-github.com/gorilla/context v1.1
+github.com/google/uuid                              0cd6bf5da1e1c83f8b45653022c74f71af0538a4 # v1.1.1
-github.com/gorilla/mux v1.1
+github.com/gorilla/mux                              00bdffe0f3c77e27d2cf6f5c70232a2d3e4d9c15 # v1.7.3
-github.com/Microsoft/opengcs v0.3.4
+github.com/Microsoft/opengcs                        a10967154e143a36014584a6f664344e3bb0aa64
-github.com/kr/pty 5cf931ef8f
-github.com/mattn/go-shellwords v1.0.3
-github.com/sirupsen/logrus v1.0.3
-github.com/tchap/go-patricia v2.2.6
-github.com/vdemeester/shakers 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3
-golang.org/x/net 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6
-golang.org/x/sys 8dbc5d05d6edcc104950cc299a1ce6641235bc86
-github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1
-github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d
-golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756
-github.com/stretchr/testify 4d4bfba8f1d1027c4fdbe371823030df51419987
-github.com/pmezard/go-difflib v1.0.0
-github.com/gotestyourself/gotestyourself v1.1.0
 
-github.com/RackSec/srslog 456df3a81436d29ba874f3590eeeee25d666f8a5
+github.com/creack/pty                               3a6a957789163cacdfe0e291617a1c8e80612c11 # v1.1.9
-github.com/imdario/mergo 0.2.1
+github.com/konsorten/go-windows-terminal-sequences  f55edac94c9bbba5d6182a4be46d86a2c9b5b50e # v1.0.2
-golang.org/x/sync de49d9dcd27d4f764488181bea099dfe6179bcf0
+github.com/mattn/go-shellwords                      36a9b3c57cb5caa559ff63fb7e9b585f1c00df75 # v1.0.6
+github.com/sirupsen/logrus                          839c75faf7f98a33d445d181f3018b5c3409a45e # v1.4.2
+github.com/tchap/go-patricia                        a7f0089c6f496e8e70402f61733606daa326cac5 # v2.3.0
+golang.org/x/net                                    f3200d17e092c607f615320ecaad13d87ad9a2b3
+golang.org/x/sys                                    c990c680b611ac1aeb7d8f2af94a825f98d69720
+github.com/docker/go-units                          519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
+github.com/docker/go-connections                    7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
+golang.org/x/text                                   f21a4dfb5e38f5895301dc265a8def02365cc3d0 # v0.3.0
+gotest.tools                                        1083505acf35a0bd8a696b26837e1fb3187a7a83 # v2.3.0
+github.com/google/go-cmp                            3af367b6b30c263d47e8895973edcca9a49cf029 # v0.2.0
+github.com/syndtr/gocapability                      d98352740cb2c55f81556b63d4a1ec64c5a319c2
 
-github.com/containerd/continuity 22694c680ee48fb8f50015b44618517e2bde77e8
+github.com/RackSec/srslog                           a4725f04ec91af1a91b380da679d6e0c2f061e59
-github.com/moby/buildkit aaff9d591ef128560018433fe61beb802e149de8
+github.com/imdario/mergo                            1afb36080aec31e0d1528973ebe6721b191b0369 # v0.3.8
-github.com/tonistiigi/fsutil dea3a0da73aee887fc02142d995be764106ac5e2
+golang.org/x/sync                                   e225da77a7e68af35c70ccbf71af2b83e6acac3c
 
-#get libnetwork packages
+# buildkit
-github.com/docker/libnetwork 68f1039f172434709a4550fe92e3e058406c74ce 
+github.com/moby/buildkit                            f7042823e340d38d1746aa675b83d1aca431cee3
+github.com/tonistiigi/fsutil                        3bbb99cdbd76619ab717299830c60f6f2a533a6b
+github.com/grpc-ecosystem/grpc-opentracing          8e809c8a86450a29b90dcc9efbf062d0fe6d9746
+github.com/opentracing/opentracing-go               1361b9cd60be79c4c3a7fa9841b3c132e40066a7
+github.com/google/shlex                             6f45313302b9c56850fc17f99e40caebce98c716
+github.com/opentracing-contrib/go-stdlib            b1a47cfbdd7543e70e9ef3e73d0802ad306cc1cc
+github.com/mitchellh/hashstructure                  2bca23e0e452137f789efbc8610126fd8b94f73b
+github.com/gofrs/flock                              392e7fae8f1b0bdbd67dad7237d23f618feb6dbb # v0.7.1
+
+# libnetwork
+
+# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
+github.com/docker/libnetwork                        90afbb01e1d8acacb505a092744ea42b9f167377
 github.com/docker/go-events                         9461782956ad83b30282bf90e31fa6a70c255ba9
 github.com/armon/go-radix                           e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 github.com/armon/go-metrics                         eb0af217e5e9747e41dd5303755356b62d28e3ec
 github.com/hashicorp/go-msgpack                     71c2886f5a673a35f909803f38ece5810165097b
-github.com/hashicorp/memberlist v0.1.0
+github.com/hashicorp/memberlist                     3d8438da9589e7b608a83ffac1ef8211486bcb7c
 github.com/sean-/seed                               e2103e2c35297fb7e17febb81e49b312087a2372
-github.com/hashicorp/go-sockaddr acd314c5781ea706c710d9ea70069fd2e110d61d
+github.com/hashicorp/errwrap                        8a6fb523712970c966eefc6b39ed2c5e74880354 # v1.0.0
-github.com/hashicorp/go-multierror fcdddc395df1ddf4247c69bd436e84cfa0733f7e
+github.com/hashicorp/go-sockaddr                    c7188e74f6acae5a989bdc959aa779f8b9f42faf # v1.0.2
+github.com/hashicorp/go-multierror                  886a7fbe3eb1c874d46f623bfa70af45f425b3d1 # v1.0.0
 github.com/hashicorp/serf                           598c54895cc5a7b1a24a398d635e8c0ea0959870
-github.com/docker/libkv 1d8431073ae03cdaedb198a89722f3aab6d418ef
+github.com/docker/libkv                             458977154600b9f23984d9f4b82e79570b5ae12b
-github.com/vishvananda/netns 604eaf189ee867d8c147fafc28def2394e878d25
+github.com/vishvananda/netns                        7109fa855b0ff1ebef7fbd2f6aa613e8db7cfbc0
-github.com/vishvananda/netlink bd6d5de5ccef2d66b0a26177928d0d8895d7f969
+github.com/vishvananda/netlink                      a2ad57a690f3caf3015351d2d6e1c0b95c349752
-github.com/BurntSushi/toml f706d00e3de6abe700c994cdd545a1a4915af060
+
+# When updating, consider updating TOMLV_COMMIT in hack/dockerfile/install/tomlv.installer accordingly
+github.com/BurntSushi/toml                          3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005 # v0.3.1
 github.com/samuel/go-zookeeper                      d0e0d8e11f318e000a8cc434616d69e329edc374
 github.com/deckarep/golang-set                      ef32fa3046d9f249d399f98ebaf9be944430fd1d
-github.com/coreos/etcd v3.2.1
+github.com/coreos/etcd                              d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12
-github.com/coreos/go-semver v0.2.0
+github.com/coreos/go-semver                         8ab6407b697782a06568d4b7f1db25550ec2e4c6 # v0.2.0
-github.com/ugorji/go f1f1a805ed361a0e078bb537e4ea78cd37dcf065
+github.com/ugorji/go                                b4c50a2b199d93b13dc15e78929cfb23bfdf21ab # v1.1.1
-github.com/hashicorp/consul v0.5.2
+github.com/hashicorp/consul                         9a9cc9341bb487651a0399e3fc5e1e8a42e62dd9 # v0.5.2
-github.com/boltdb/bolt fff57c100f4dea1905678da7e90d92429dff2904
+github.com/miekg/dns                                e57bf427e68187a27e22adceac868350d7a7079b # v1.0.7
-github.com/miekg/dns 75e6e86cc601825c5dbcd4e0c209eab180997cd7
+github.com/ishidawataru/sctp                        6e2cb1366111dcf547c13531e3a263a067715847
+go.etcd.io/bbolt                                    a0458a2b35708eef59eb5f620ceb3cd1c01a824d # v1.3.3
 
 # get graph and distribution packages
-github.com/docker/distribution edc3ab29cdff8694dd6feb85cfeb4b5f1b38ed9c
+github.com/docker/distribution                      0d3efadf0154c2b8a4e7b6621fff9809655cc580
-github.com/vbatts/tar-split v0.10.1
+github.com/vbatts/tar-split                         620714a4c508c880ac1bdda9c8370a2b19af1a55 # v0.11.0
-github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb
+github.com/opencontainers/go-digest                 279bed98673dd5bef374d3b6e4b09e2af76183bf # v1.0.0-rc1
 
 # get go-zfs packages
-github.com/mistifyio/go-zfs 22c9b32c84eb0d0c6f4043b6e90fc94073de92fa
+github.com/mistifyio/go-zfs                         f784269be439d704d3dfa1906f45dd848fed2beb
-github.com/pborman/uuid v1.0
 
-google.golang.org/grpc v1.3.0
+google.golang.org/grpc                              6eaf6f47437a6b4e2153a190160ef39a92c7eceb # v1.23.0
 
-# When updating, also update RUNC_COMMIT in hack/dockerfile/binaries-commits accordingly
+# The version of runc should match the version that is used by the containerd
-github.com/opencontainers/runc 0351df1c5a66838d0c392b4ac4cf9450de844e2d
+# version that is used. If you need to update runc, open a pull request in
-github.com/opencontainers/image-spec 372ad780f63454fbbbbcc7cf80e5b90245c13e13
+# the containerd project first, and update both after that is merged.
-github.com/opencontainers/runtime-spec v1.0.0
+# This commit does not need to match RUNC_COMMIT as it is used for helper
+# packages but should be newer or equal.
+github.com/opencontainers/runc                      3e425f80a8c931f88e6d94a8c831b9d5aa481657 # v1.0.0-rc8-92-g84373aaa
+github.com/opencontainers/runtime-spec              29686dbc5559d93fb1ef402eeda3e35c38d75af4 # v1.0.1-59-g29686db
+github.com/opencontainers/image-spec                d60099175f88c47cd379c4738d158884749ed235 # v1.0.1
+github.com/seccomp/libseccomp-golang                689e3c1541a84461afc49c1c87352a6cedf72e9c # v0.9.1
 
-github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
+# systemd integration (journald, daemon/listeners, containerd/cgroups)
-
+github.com/coreos/go-systemd                        39ca1b05acc7ad1220e09f133283b8859a8b71ab # v17
-# libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
+github.com/godbus/dbus                              5f6efc7ef2759c81b7ba876593971bfce311eab3 # v4.0.0
-github.com/coreos/go-systemd v4
-github.com/godbus/dbus v4.0.0
-github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852
-github.com/golang/protobuf 7a211bcf3bce0e3f1d74f9894916e6f116ae83b4
 
 # gelf logging driver deps
-github.com/Graylog2/go-gelf v2
+github.com/Graylog2/go-gelf                         1550ee647df0510058c9d67a45c56f18911d80b8 # v2 branch
 
-github.com/fluent/fluent-logger-golang v1.2.1
 # fluent-logger-golang deps
-github.com/philhofer/fwd 98c11a7a6ec829d672b03833c3d69a7fae1ca972
+github.com/fluent/fluent-logger-golang              7a6c9dcd7f14c2ed5d8c55c11b894e5455ee311b # v1.4.0
-github.com/tinylib/msgp 75ee40d2601edf122ef667e2a07d600d4c44490c
+github.com/philhofer/fwd                            bb6d471dc95d4fe11e432687f8b70ff496cf3136 # v1.0.0
+github.com/tinylib/msgp                             af6442a0fcf6e2a1b824f70dd0c734f01e817751 # v1.1.0
 
 # fsnotify
-github.com/fsnotify/fsnotify v1.4.2
+github.com/fsnotify/fsnotify                        1485a34d5d5723fea214f5710708e19a831720e4 # v1.4.7-11-g1485a34
 
 # awslogs deps
-github.com/aws/aws-sdk-go v1.4.22
+github.com/aws/aws-sdk-go                           9ed0c8de252f04ac45a65358377103d5a1aa2d92 # v1.12.66
-github.com/go-ini/ini 060d7da055ba6ec5ea7a31f116332fe5efa04ce0
+github.com/go-ini/ini                               300e940a926eb277d3901b20bdfcc54928ad3642 # v1.25.4
 github.com/jmespath/go-jmespath                     0b12d6b521d83fc7f755e7cfc1b1fbdd35a01a74
 
 # logentries
 github.com/bsphere/le_go                            7a984a84b5492ae539b79b62fb4a10afc63c7bcf
 
 # gcplogs deps
-golang.org/x/oauth2 96382aa079b72d8c014eb0c50f6c223d1e6a2de0
+golang.org/x/oauth2                                 ec22f46f877b4505e0117eeaab541714644fdd28
-google.golang.org/api 3cc2e591b550923a2c5f0ab5a803feda924d5823
+google.golang.org/api                               de943baf05a022a8f921b544b7827bacaba1aed5
-cloud.google.com/go 9d965e63e8cceb1b5d7977a202f0fcb8866d6525
+go.opencensus.io                                    c3ed530f775d85e577ca652cb052a52c078aad26 # v0.11.0
-github.com/googleapis/gax-go da06d194a00e19ce00d9011a13931c3f6f6887c7
+cloud.google.com/go                                 0fd7230b2a7505833d5f69b75cbd6c9582401479 # v0.23.0
-google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
+github.com/googleapis/gax-go                        317e0006254c44a0ac427cc52a0e083ff0b9622f # v2.0.0
+google.golang.org/genproto                          694d95ba50e67b2e363f3483057db5d4910c18f9
 
 # containerd
-github.com/containerd/containerd 06b9cb35161009dcb7123345749fef02f7cea8e0
+github.com/containerd/containerd                    36cf5b690dcc00ff0f34ff7799209050c3d0c59a # v1.3.0
-github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4
+github.com/containerd/fifo                          bda0ff6ed73c67bfb5e62bc9c697f146b7fd7f13
+github.com/containerd/continuity                    f2a389ac0a02ce21c09edd7344677a601970f41c
+github.com/containerd/cgroups                       5fbad35c2a7e855762d3c60f2e474ffcad0d470a
+github.com/containerd/console                       0650fd9eeb50bab4fc99dceb9f2e14cf58f36e7f
+github.com/containerd/go-runc                       e029b79d8cda8374981c64eba71f28ec38e5526f
+github.com/containerd/typeurl                       2a93cfde8c20b23de8eb84a5adbc234ddf7a9e8d
+github.com/containerd/ttrpc                         92c8520ef9f86600c650dd540266a007bf03670f
+github.com/gogo/googleapis                          d31c731455cb061f42baff3bda55bad0118b126b # v1.2.0
 
 # cluster
-github.com/docker/swarmkit 872861d2ae46958af7ead1d5fffb092c73afbaf0
+github.com/docker/swarmkit                          7dded76ec532741c1ad9736cd2bb6d6661f0a386
-github.com/gogo/protobuf v0.4
+github.com/gogo/protobuf                            ba06b47c162d49f2af050fb4c75bcbc86a159d5c # v1.2.1
-github.com/cloudflare/cfssl 7fb22c8cba7ecaf98e4082d22d65800cf45e042a
+github.com/golang/protobuf                          aa810b61a9c79d51363740d207bb46cf8e620ed5 # v1.2.0
-github.com/google/certificate-transparency d90e65c3a07988180c5b1ece71791c0b6506826e
+github.com/cloudflare/cfssl                         5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2
-golang.org/x/crypto 558b6879de74bc843225cde5686419267ff707ca
+github.com/fernet/fernet-go                         9eac43b88a5efb8651d24de9b68e87567e029736
-golang.org/x/time a4bde12657593d5e90d0533a3e4fd95e635124cb
+github.com/google/certificate-transparency-go       37a384cd035e722ea46e55029093e26687138edf # v1.0.20
+golang.org/x/crypto                                 88737f569e3a9c7ab309cdc09a07fe7fc87233c3
+golang.org/x/time                                   fbb02b2291d28baffd63558aa44b4b56f178d650
 github.com/hashicorp/go-memdb                       cb9a474f84cc5e41b273b20c6927680b2a8776ad
-github.com/hashicorp/go-immutable-radix 8e8ed81f8f0bf1bdd829593fdd5c29922c1ea990
+github.com/hashicorp/go-immutable-radix             826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git
-github.com/hashicorp/golang-lru a0d98a5f288019575c6d1f4bb1573fef2d1fcdc4
+github.com/hashicorp/golang-lru                     7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3
-github.com/coreos/pkg fa29b1d70f0beaddd4c7021607cc3c3be8ce94b8
+github.com/coreos/pkg                               3ac0863d7acf3bc44daf49afef8919af12f704ef # v3
-github.com/pivotal-golang/clock 3fd3c1944c59d9742e1cd333672181cd1a6f9fa0
+code.cloudfoundry.org/clock                         02e53af36e6c978af692887ed449b74026d76fec
-github.com/prometheus/client_golang 52437c81da6b127a9925d17eb3a382a2e5fd395e
+
-github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
+# prometheus
-github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6
+github.com/prometheus/client_golang                 c5b7fccd204277076155f10851dad72b76a49317 # v0.8.0
-github.com/prometheus/common ebdfc6da46522d58825777cf1f90490a5b1ef1d8
+github.com/beorn7/perks                             e7f67b54abbeac9c40a31de0f81159e4cafebd6a
-github.com/prometheus/procfs abf152e5f3e97f2fafac028d2cc06c1feb87ffa5
+github.com/prometheus/client_model                  6f3806018612930941127f2a7c6c453ba2c527d2
-github.com/matttproud/golang_protobuf_extensions v1.0.0
+github.com/prometheus/common                        7600349dcfe1abd18d72d3a1770870d9800a7801
-github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9
+github.com/prometheus/procfs                        7d6f385de8bea29190f15ba9931442a0eaef9af7
-github.com/grpc-ecosystem/go-grpc-prometheus 6b7015e65d366bf3f19b2b2a000a831940f0f7e0
+github.com/matttproud/golang_protobuf_extensions    c12348ce28de40eed0136aa2b644d0ee0650e56c # v1.0.1
+github.com/pkg/errors                               ba968bfe8b2f7e042a574c888954fccecfa385b4 # v0.8.1
+github.com/grpc-ecosystem/go-grpc-prometheus        c225b8c3b01faf2899099b768856a9e916e5087b # v1.2.0
 
 # cli
-github.com/spf13/cobra v1.5.1 https://github.com/dnephin/cobra.git
+github.com/spf13/cobra                              ef82de70bb3f60c65fb8eebacbb2d122ef517385 # v0.0.3
-github.com/spf13/pflag 9ff6c6923cfffbcd502984b8e0c80539a94968b7
+github.com/spf13/pflag                              583c0c0531f06d5278b7d917446061adc344b5cd # v1.0.1
-github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
+github.com/inconshreveable/mousetrap                76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 # v1.0.0
-github.com/Nvveen/Gotty a8b993ba6abdb0e0c12b0125c603323a71c7790c https://github.com/ijc25/Gotty
+github.com/morikuni/aec                             39771216ff4c63d11f5e604076f9c45e8be1067b
 
 # metrics
 github.com/docker/go-metrics                        d466d4f6fd960e01820085bd7e1a24426ee7ef18
 
-github.com/opencontainers/selinux v1.0.0-rc1
+github.com/opencontainers/selinux                   3a1f366feb7aecbf7a0e71ac4cea88b31597de9e # v1.2.2
 
-# archive/tar
+# DO NOT EDIT BELOW THIS LINE -------- reserved for downstream projects --------
-# mkdir -p ./vendor/archive
-# git clone git://github.com/tonistiigi/go-1.git ./go
-# git --git-dir ./go/.git --work-tree ./go checkout revert-prefix-ignore
-# cp -a go/src/archive/tar ./vendor/archive/tar
-# rm -rf ./go
-# vndr