From d7d22123240319d7e708b5d0be46448c1169d1dd Mon Sep 17 00:00:00 2001 From: Evan Hazlett Date: Thu, 24 May 2018 09:03:36 -0400 Subject: [PATCH] vendor bump Signed-off-by: Evan Hazlett containerd: linux -> runtime/linux Signed-off-by: Evan Hazlett fix utils to properly format vendor repo Signed-off-by: Evan Hazlett test fixup Signed-off-by: Evan Hazlett --- .travis.yml | 2 +- cmd/containerd/containerd.go | 2 +- hack/test-utils.sh | 2 +- hack/utils.sh | 2 +- pkg/containerd/opts/task.go | 2 +- pkg/server/container_create.go | 2 +- pkg/server/helpers.go | 2 +- pkg/server/helpers_test.go | 2 +- pkg/server/sandbox_run.go | 2 +- vendor.conf | 2 +- .../containerd/containerd/client.go | 13 +- .../cmd/containerd/command/config.go | 2 +- .../cmd/containerd/command/config_linux.go | 2 +- .../containerd/command/config_unsupported.go | 2 +- .../cmd/containerd/command/config_windows.go | 2 +- .../containerd/cmd/containerd/command/main.go | 5 +- .../cmd/containerd/command/main_unix.go | 2 +- .../cmd/containerd/command/main_windows.go | 2 +- .../cmd/containerd/command/publish.go | 7 +- .../containerd/containerd/cmd/ctr/app/main.go | 3 +- .../cmd/ctr/commands/content/fetch.go | 2 +- .../cmd/ctr/commands/images/images.go | 2 +- .../cmd/ctr/commands/images/push.go | 2 +- .../containerd/cmd/ctr/commands/shim/shim.go | 2 +- .../cmd/ctr/commands/snapshots/snapshots.go | 2 +- .../containerd/container_opts_unix.go | 2 +- .../{ => content/proxy}/content_reader.go | 2 +- .../{ => content/proxy}/content_store.go | 53 +- .../{ => content/proxy}/content_writer.go | 2 +- .../containerd/metrics/cgroups/cgroups.go | 2 +- .../containerd/{ => pkg}/dialer/dialer.go | 0 .../{ => pkg}/dialer/dialer_unix.go | 0 .../{ => pkg}/dialer/dialer_windows.go | 0 .../containerd/{ => pkg}/progress/bar.go | 0 .../containerd/{ => pkg}/progress/doc.go | 0 .../containerd/{ => pkg}/progress/escape.go | 0 .../containerd/{ => pkg}/progress/humaans.go | 0 .../containerd/{ => pkg}/progress/writer.go | 0 .../containerd/remotes/docker/fetcher.go | 30 +- .../containerd/{ => runtime}/linux/bundle.go | 6 +- .../{ => runtime}/linux/proc/deleted_state.go | 0 .../{ => runtime}/linux/proc/exec.go | 0 .../{ => runtime}/linux/proc/exec_state.go | 0 .../{ => runtime}/linux/proc/init.go | 2 +- .../{ => runtime}/linux/proc/init_state.go | 0 .../containerd/{ => runtime}/linux/proc/io.go | 0 .../{ => runtime}/linux/proc/process.go | 0 .../{ => runtime}/linux/proc/types.go | 0 .../{ => runtime}/linux/proc/utils.go | 0 .../containerd/{ => runtime}/linux/process.go | 2 +- .../containerd/runtime/linux/runctypes/doc.go | 17 + .../{ => runtime}/linux/runctypes/runc.pb.go | 72 +- .../{ => runtime}/linux/runctypes/runc.proto | 2 +- .../containerd/{ => runtime}/linux/runtime.go | 6 +- .../{ => runtime}/linux/shim/client/client.go | 4 +- .../linux/shim/client/client_linux.go | 0 .../linux/shim/client/client_unix.go | 0 .../{ => runtime}/linux/shim/local.go | 2 +- .../{ => runtime}/linux/shim/reaper.go | 0 .../{ => runtime}/linux/shim/service.go | 6 +- .../{ => runtime}/linux/shim/service_linux.go | 0 .../{ => runtime}/linux/shim/service_unix.go | 0 .../containerd/runtime/linux/shim/v1/doc.go | 17 + .../{ => runtime}/linux/shim/v1/shim.pb.go | 150 +- .../{ => runtime}/linux/shim/v1/shim.proto | 2 +- .../containerd/{ => runtime}/linux/task.go | 4 +- .../{ => services}/server/config.go | 0 .../{ => services}/server/server.go | 0 .../{ => services}/server/server_linux.go | 0 .../{ => services}/server/server_solaris.go | 0 .../server/server_unsupported.go | 0 .../{ => services}/server/server_windows.go | 0 .../{snapshot.go => snapshots/proxy/proxy.go} | 68 +- .../containerd/containerd/task_opts.go | 2 +- .../containerd/containerd/task_opts_linux.go | 17 + .../containerd/containerd/vendor.conf | 8 +- .../docker/docker/contrib/README.md | 4 + .../docker/docker/contrib/nnp-test/nnp-test.c | 10 + .../docker/docker/contrib/syscall-test/acct.c | 16 + .../docker/contrib/syscall-test/exit32.s | 7 + .../docker/docker/contrib/syscall-test/ns.c | 63 + .../docker/docker/contrib/syscall-test/raw.c | 14 + .../docker/contrib/syscall-test/setgid.c | 11 + .../docker/contrib/syscall-test/setuid.c | 11 + .../docker/contrib/syscall-test/socket.c | 30 + .../docker/contrib/syscall-test/userns.c | 63 + .../x/crypto/otr/libotr_test_helper.c | 197 +++ vendor/golang.org/x/crypto/otr/otr.go | 1415 +++++++++++++++++ vendor/golang.org/x/crypto/otr/smp.go | 572 +++++++ vendor/golang.org/x/crypto/ssh/test/doc.go | 7 + .../x/crypto/ssh/test/sshd_test_pw.c | 173 ++ vendor/golang.org/x/sys/windows/svc/event.go | 48 + vendor/golang.org/x/sys/windows/svc/go12.c | 24 + vendor/golang.org/x/sys/windows/svc/go12.go | 11 + vendor/golang.org/x/sys/windows/svc/go13.go | 31 + .../golang.org/x/sys/windows/svc/security.go | 62 + .../golang.org/x/sys/windows/svc/service.go | 363 +++++ vendor/golang.org/x/sys/windows/svc/sys_386.s | 68 + .../golang.org/x/sys/windows/svc/sys_amd64.s | 42 + vendor/k8s.io/kubernetes/build/README.md | 110 ++ vendor/k8s.io/kubernetes/build/pause/orphan.c | 36 + vendor/k8s.io/kubernetes/build/pause/pause.c | 68 + 102 files changed, 3770 insertions(+), 234 deletions(-) rename vendor/github.com/containerd/containerd/{ => content/proxy}/content_reader.go (98%) rename vendor/github.com/containerd/containerd/{ => content/proxy}/content_store.go (64%) rename vendor/github.com/containerd/containerd/{ => content/proxy}/content_writer.go (99%) rename vendor/github.com/containerd/containerd/{ => pkg}/dialer/dialer.go (100%) rename vendor/github.com/containerd/containerd/{ => pkg}/dialer/dialer_unix.go (100%) rename vendor/github.com/containerd/containerd/{ => pkg}/dialer/dialer_windows.go (100%) rename vendor/github.com/containerd/containerd/{ => pkg}/progress/bar.go (100%) rename vendor/github.com/containerd/containerd/{ => pkg}/progress/doc.go (100%) rename vendor/github.com/containerd/containerd/{ => pkg}/progress/escape.go (100%) rename vendor/github.com/containerd/containerd/{ => pkg}/progress/humaans.go (100%) rename vendor/github.com/containerd/containerd/{ => pkg}/progress/writer.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/bundle.go (96%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/proc/deleted_state.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/proc/exec.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/proc/exec_state.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/proc/init.go (99%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/proc/init_state.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/proc/io.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/proc/process.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/proc/types.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/proc/utils.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/process.go (98%) create mode 100644 vendor/github.com/containerd/containerd/runtime/linux/runctypes/doc.go rename vendor/github.com/containerd/containerd/{ => runtime}/linux/runctypes/runc.pb.go (90%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/runctypes/runc.proto (89%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/runtime.go (98%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/shim/client/client.go (98%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/shim/client/client_linux.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/shim/client/client_unix.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/shim/local.go (98%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/shim/reaper.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/shim/service.go (98%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/shim/service_linux.go (100%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/shim/service_unix.go (100%) create mode 100644 vendor/github.com/containerd/containerd/runtime/linux/shim/v1/doc.go rename vendor/github.com/containerd/containerd/{ => runtime}/linux/shim/v1/shim.pb.go (93%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/shim/v1/shim.proto (97%) rename vendor/github.com/containerd/containerd/{ => runtime}/linux/task.go (98%) rename vendor/github.com/containerd/containerd/{ => services}/server/config.go (100%) rename vendor/github.com/containerd/containerd/{ => services}/server/server.go (100%) rename vendor/github.com/containerd/containerd/{ => services}/server/server_linux.go (100%) rename vendor/github.com/containerd/containerd/{ => services}/server/server_solaris.go (100%) rename vendor/github.com/containerd/containerd/{ => services}/server/server_unsupported.go (100%) rename vendor/github.com/containerd/containerd/{ => services}/server/server_windows.go (100%) rename vendor/github.com/containerd/containerd/{snapshot.go => snapshots/proxy/proxy.go} (67%) create mode 100644 vendor/github.com/docker/docker/contrib/README.md create mode 100644 vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/acct.c create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/exit32.s create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/ns.c create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/raw.c create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/setgid.c create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/setuid.c create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/socket.c create mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/userns.c create mode 100644 vendor/golang.org/x/crypto/otr/libotr_test_helper.c create mode 100644 vendor/golang.org/x/crypto/otr/otr.go create mode 100644 vendor/golang.org/x/crypto/otr/smp.go create mode 100644 vendor/golang.org/x/crypto/ssh/test/doc.go create mode 100644 vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c create mode 100644 vendor/golang.org/x/sys/windows/svc/event.go create mode 100644 vendor/golang.org/x/sys/windows/svc/go12.c create mode 100644 vendor/golang.org/x/sys/windows/svc/go12.go create mode 100644 vendor/golang.org/x/sys/windows/svc/go13.go create mode 100644 vendor/golang.org/x/sys/windows/svc/security.go create mode 100644 vendor/golang.org/x/sys/windows/svc/service.go create mode 100644 vendor/golang.org/x/sys/windows/svc/sys_386.s create mode 100644 vendor/golang.org/x/sys/windows/svc/sys_amd64.s create mode 100644 vendor/k8s.io/kubernetes/build/README.md create mode 100644 vendor/k8s.io/kubernetes/build/pause/orphan.c create mode 100644 vendor/k8s.io/kubernetes/build/pause/pause.c diff --git a/.travis.yml b/.travis.yml index af5d2e494..cbf491824 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,7 +38,7 @@ jobs: script: - make install.deps - make containerd - - sudo make install-containerd + - sudo PATH=$PATH GOPATH=$GOPATH make install-containerd - make test - make test-integration - make test-cri diff --git a/cmd/containerd/containerd.go b/cmd/containerd/containerd.go index 563eb5a9b..a97fd1d14 100644 --- a/cmd/containerd/containerd.go +++ b/cmd/containerd/containerd.go @@ -22,8 +22,8 @@ import ( _ "github.com/containerd/containerd/diff/walking/plugin" _ "github.com/containerd/containerd/gc/scheduler" - _ "github.com/containerd/containerd/linux" _ "github.com/containerd/containerd/metrics/cgroups" + _ "github.com/containerd/containerd/runtime/linux" _ "github.com/containerd/containerd/services/containers" _ "github.com/containerd/containerd/services/content" _ "github.com/containerd/containerd/services/diff" diff --git a/hack/test-utils.sh b/hack/test-utils.sh index 564211bf8..28340f9d1 100755 --- a/hack/test-utils.sh +++ b/hack/test-utils.sh @@ -46,7 +46,7 @@ test_setup() { # Wait for containerd to be running by using the containerd client ctr to check the version # of the containerd server. Wait an increasing amount of time after each of five attempts readiness_check "sudo ctr version" - readiness_check "sudo ${GOPATH}/bin/crictl --runtime-endpoint=${CONTAINERD_SOCK} info" + readiness_check "sudo crictl --runtime-endpoint=${CONTAINERD_SOCK} info" } # test_teardown kills containerd. diff --git a/hack/utils.sh b/hack/utils.sh index 0e21cd279..37a31bc58 100755 --- a/hack/utils.sh +++ b/hack/utils.sh @@ -81,7 +81,7 @@ from-vendor() { BEGIN { rc=1 } # Assume we did not find what we were looking for. // { if ($1 == REPO) { - if ($3 != "") { REPO = $3 }; # Override repo. + if ($3 != "") { gsub(/http.*\/\//, "", $3); REPO = $3 }; # Override repo. printf("%s_VERSION=%s; %s_REPO=%s\n", WHAT, $2, WHAT, REPO); rc=0; # Note success for use in END block. exit # No point looking further. diff --git a/pkg/containerd/opts/task.go b/pkg/containerd/opts/task.go index 2d4475790..7cac8ca0c 100644 --- a/pkg/containerd/opts/task.go +++ b/pkg/containerd/opts/task.go @@ -20,7 +20,7 @@ import ( "context" "github.com/containerd/containerd" - "github.com/containerd/containerd/linux/runctypes" + "github.com/containerd/containerd/runtime/linux/runctypes" ) // WithContainerdShimCgroup returns function that sets the containerd diff --git a/pkg/server/container_create.go b/pkg/server/container_create.go index 770f2edb2..6b1c5626e 100644 --- a/pkg/server/container_create.go +++ b/pkg/server/container_create.go @@ -27,9 +27,9 @@ import ( "github.com/containerd/containerd/containers" "github.com/containerd/containerd/contrib/apparmor" "github.com/containerd/containerd/contrib/seccomp" - "github.com/containerd/containerd/linux/runctypes" "github.com/containerd/containerd/mount" "github.com/containerd/containerd/oci" + "github.com/containerd/containerd/runtime/linux/runctypes" "github.com/containerd/typeurl" "github.com/davecgh/go-spew/spew" imagespec "github.com/opencontainers/image-spec/specs-go/v1" diff --git a/pkg/server/helpers.go b/pkg/server/helpers.go index b09f28151..d5a314446 100644 --- a/pkg/server/helpers.go +++ b/pkg/server/helpers.go @@ -27,7 +27,7 @@ import ( "github.com/containerd/containerd" "github.com/containerd/containerd/containers" "github.com/containerd/containerd/content" - "github.com/containerd/containerd/linux/runctypes" + "github.com/containerd/containerd/runtime/linux/runctypes" "github.com/containerd/typeurl" "github.com/docker/distribution/reference" imagedigest "github.com/opencontainers/go-digest" diff --git a/pkg/server/helpers_test.go b/pkg/server/helpers_test.go index b7aed713c..078631a49 100644 --- a/pkg/server/helpers_test.go +++ b/pkg/server/helpers_test.go @@ -21,7 +21,7 @@ import ( "github.com/containerd/containerd" "github.com/containerd/containerd/containers" - "github.com/containerd/containerd/linux/runctypes" + "github.com/containerd/containerd/runtime/linux/runctypes" imagedigest "github.com/opencontainers/go-digest" "github.com/stretchr/testify/assert" "golang.org/x/net/context" diff --git a/pkg/server/sandbox_run.go b/pkg/server/sandbox_run.go index 309f69ead..5fa198e4a 100644 --- a/pkg/server/sandbox_run.go +++ b/pkg/server/sandbox_run.go @@ -24,8 +24,8 @@ import ( "github.com/containerd/containerd" containerdio "github.com/containerd/containerd/cio" "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/linux/runctypes" "github.com/containerd/containerd/oci" + "github.com/containerd/containerd/runtime/linux/runctypes" cni "github.com/containerd/go-cni" "github.com/containerd/typeurl" imagespec "github.com/opencontainers/image-spec/specs-go/v1" diff --git a/vendor.conf b/vendor.conf index 7b15a943a..a485d715a 100644 --- a/vendor.conf +++ b/vendor.conf @@ -4,7 +4,7 @@ github.com/boltdb/bolt e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895 github.com/containerd/cgroups fe281dd265766145e943a034aa41086474ea6130 github.com/containerd/console cb7008ab3d8359b78c5f464cb7cf160107ad5925 -github.com/containerd/containerd d1435e6e4dcffd99e0da396ff771b5bbe0d93f5e +github.com/containerd/containerd 1e8b09cfc6825f7e6349884b5f76e86c1f04a5d4 github.com/containerd/continuity 2d3749b4da569ac97ca63dccba5eee4f5ee2beab github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c github.com/containerd/go-cni f2d7272f12d045b16ed924f50e91f9f9cecc55a7 diff --git a/vendor/github.com/containerd/containerd/client.go b/vendor/github.com/containerd/containerd/client.go index 3cf7ff3ee..55c1a36fd 100644 --- a/vendor/github.com/containerd/containerd/client.go +++ b/vendor/github.com/containerd/containerd/client.go @@ -38,17 +38,19 @@ import ( versionservice "github.com/containerd/containerd/api/services/version/v1" "github.com/containerd/containerd/containers" "github.com/containerd/containerd/content" + contentproxy "github.com/containerd/containerd/content/proxy" "github.com/containerd/containerd/defaults" - "github.com/containerd/containerd/dialer" "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/events" "github.com/containerd/containerd/images" "github.com/containerd/containerd/namespaces" + "github.com/containerd/containerd/pkg/dialer" "github.com/containerd/containerd/plugin" "github.com/containerd/containerd/remotes" "github.com/containerd/containerd/remotes/docker" "github.com/containerd/containerd/remotes/docker/schema1" "github.com/containerd/containerd/snapshots" + snproxy "github.com/containerd/containerd/snapshots/proxy" "github.com/containerd/typeurl" ptypes "github.com/gogo/protobuf/types" ocispec "github.com/opencontainers/image-spec/specs-go/v1" @@ -87,7 +89,6 @@ func New(address string, opts ...ClientOpt) (*Client, error) { gopts := []grpc.DialOption{ grpc.WithBlock(), grpc.WithInsecure(), - grpc.WithTimeout(60 * time.Second), grpc.FailOnNonTempDialError(true), grpc.WithBackoffMaxDelay(3 * time.Second), grpc.WithDialer(dialer.Dialer), @@ -107,7 +108,9 @@ func New(address string, opts ...ClientOpt) (*Client, error) { ) } connector := func() (*grpc.ClientConn, error) { - conn, err := grpc.Dial(dialer.DialAddress(address), gopts...) + ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) + defer cancel() + conn, err := grpc.DialContext(ctx, dialer.DialAddress(address), gopts...) if err != nil { return nil, errors.Wrapf(err, "failed to dial %q", address) } @@ -464,7 +467,7 @@ func (c *Client) ContentStore() content.Store { if c.contentStore != nil { return c.contentStore } - return NewContentStoreFromClient(contentapi.NewContentClient(c.conn)) + return contentproxy.NewContentStore(contentapi.NewContentClient(c.conn)) } // SnapshotService returns the underlying snapshotter for the provided snapshotter name @@ -472,7 +475,7 @@ func (c *Client) SnapshotService(snapshotterName string) snapshots.Snapshotter { if c.snapshotters != nil { return c.snapshotters[snapshotterName] } - return NewSnapshotterFromClient(snapshotsapi.NewSnapshotsClient(c.conn), snapshotterName) + return snproxy.NewSnapshotter(snapshotsapi.NewSnapshotsClient(c.conn), snapshotterName) } // TaskService returns the underlying TasksClient diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/config.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/config.go index cbcc087ae..eebe2ba5b 100644 --- a/vendor/github.com/containerd/containerd/cmd/containerd/command/config.go +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/config.go @@ -21,7 +21,7 @@ import ( "os" "github.com/BurntSushi/toml" - "github.com/containerd/containerd/server" + "github.com/containerd/containerd/services/server" "github.com/urfave/cli" ) diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/config_linux.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/config_linux.go index 2b522989d..3010ee65f 100644 --- a/vendor/github.com/containerd/containerd/cmd/containerd/command/config_linux.go +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/config_linux.go @@ -18,7 +18,7 @@ package command import ( "github.com/containerd/containerd/defaults" - "github.com/containerd/containerd/server" + "github.com/containerd/containerd/services/server" ) func defaultConfig() *server.Config { diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/config_unsupported.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/config_unsupported.go index 1d3825c78..3b479a1c6 100644 --- a/vendor/github.com/containerd/containerd/cmd/containerd/command/config_unsupported.go +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/config_unsupported.go @@ -20,7 +20,7 @@ package command import ( "github.com/containerd/containerd/defaults" - "github.com/containerd/containerd/server" + "github.com/containerd/containerd/services/server" ) func defaultConfig() *server.Config { diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/config_windows.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/config_windows.go index 2b522989d..3010ee65f 100644 --- a/vendor/github.com/containerd/containerd/cmd/containerd/command/config_windows.go +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/config_windows.go @@ -18,7 +18,7 @@ package command import ( "github.com/containerd/containerd/defaults" - "github.com/containerd/containerd/server" + "github.com/containerd/containerd/services/server" ) func defaultConfig() *server.Config { diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go index 8fba0fa38..0c5d4adae 100644 --- a/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go @@ -20,7 +20,6 @@ import ( gocontext "context" "fmt" "io/ioutil" - golog "log" "net" "os" "os/signal" @@ -29,7 +28,7 @@ import ( "github.com/containerd/containerd/log" "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/server" + "github.com/containerd/containerd/services/server" "github.com/containerd/containerd/sys" "github.com/containerd/containerd/version" "github.com/pkg/errors" @@ -50,7 +49,7 @@ high performance container runtime func init() { // Discard grpc logs so that they don't mess with our stdio - grpclog.SetLogger(golog.New(ioutil.Discard, "", golog.LstdFlags)) + grpclog.SetLoggerV2(grpclog.NewLoggerV2(ioutil.Discard, ioutil.Discard, ioutil.Discard)) cli.VersionPrinter = func(c *cli.Context) { fmt.Println(c.App.Name, version.Package, c.App.Version, version.Revision) diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/main_unix.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/main_unix.go index 9dc287ca0..12c14261b 100644 --- a/vendor/github.com/containerd/containerd/cmd/containerd/command/main_unix.go +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/main_unix.go @@ -24,7 +24,7 @@ import ( "runtime" "github.com/containerd/containerd/log" - "github.com/containerd/containerd/server" + "github.com/containerd/containerd/services/server" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/main_windows.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/main_windows.go index 7af904801..66df8881a 100644 --- a/vendor/github.com/containerd/containerd/cmd/containerd/command/main_windows.go +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/main_windows.go @@ -22,7 +22,7 @@ import ( "path/filepath" "github.com/containerd/containerd/log" - "github.com/containerd/containerd/server" + "github.com/containerd/containerd/services/server" "golang.org/x/sys/windows" ) diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/publish.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/publish.go index d297732bf..e26944b7a 100644 --- a/vendor/github.com/containerd/containerd/cmd/containerd/command/publish.go +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/publish.go @@ -25,9 +25,9 @@ import ( "time" eventsapi "github.com/containerd/containerd/api/services/events/v1" - "github.com/containerd/containerd/dialer" "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/namespaces" + "github.com/containerd/containerd/pkg/dialer" "github.com/gogo/protobuf/types" "github.com/pkg/errors" "github.com/urfave/cli" @@ -95,12 +95,13 @@ func connect(address string, d func(string, time.Duration) (net.Conn, error)) (* gopts := []grpc.DialOption{ grpc.WithBlock(), grpc.WithInsecure(), - grpc.WithTimeout(60 * time.Second), grpc.WithDialer(d), grpc.FailOnNonTempDialError(true), grpc.WithBackoffMaxDelay(3 * time.Second), } - conn, err := grpc.Dial(dialer.DialAddress(address), gopts...) + ctx, cancel := gocontext.WithTimeout(gocontext.Background(), 60*time.Second) + defer cancel() + conn, err := grpc.DialContext(ctx, dialer.DialAddress(address), gopts...) if err != nil { return nil, errors.Wrapf(err, "failed to dial %q", address) } diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/app/main.go b/vendor/github.com/containerd/containerd/cmd/ctr/app/main.go index 0cc3a22c6..ac91d038c 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/app/main.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/app/main.go @@ -19,7 +19,6 @@ package app import ( "fmt" "io/ioutil" - "log" "github.com/containerd/containerd/cmd/ctr/commands/containers" "github.com/containerd/containerd/cmd/ctr/commands/content" @@ -44,7 +43,7 @@ var extraCmds = []cli.Command{} func init() { // Discard grpc logs so that they don't mess with our stdio - grpclog.SetLogger(log.New(ioutil.Discard, "", log.LstdFlags)) + grpclog.SetLoggerV2(grpclog.NewLoggerV2(ioutil.Discard, ioutil.Discard, ioutil.Discard)) cli.VersionPrinter = func(c *cli.Context) { fmt.Println(c.App.Name, version.Package, c.App.Version) diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/content/fetch.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/content/fetch.go index 01abb4cad..514010dd8 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/content/fetch.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/content/fetch.go @@ -31,7 +31,7 @@ import ( "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/images" "github.com/containerd/containerd/log" - "github.com/containerd/containerd/progress" + "github.com/containerd/containerd/pkg/progress" "github.com/containerd/containerd/remotes" digest "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/images/images.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/images/images.go index 7422eb4bd..29fc45916 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/images/images.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/images/images.go @@ -27,8 +27,8 @@ import ( "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/images" "github.com/containerd/containerd/log" + "github.com/containerd/containerd/pkg/progress" "github.com/containerd/containerd/platforms" - "github.com/containerd/containerd/progress" "github.com/pkg/errors" "github.com/urfave/cli" ) diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/images/push.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/images/push.go index aa8fb8094..f6d19e64f 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/images/push.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/images/push.go @@ -28,7 +28,7 @@ import ( "github.com/containerd/containerd/cmd/ctr/commands/content" "github.com/containerd/containerd/images" "github.com/containerd/containerd/log" - "github.com/containerd/containerd/progress" + "github.com/containerd/containerd/pkg/progress" "github.com/containerd/containerd/remotes" "github.com/containerd/containerd/remotes/docker" digest "github.com/opencontainers/go-digest" diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go index 988299e03..e9e261bc3 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go @@ -26,7 +26,7 @@ import ( "github.com/containerd/console" "github.com/containerd/containerd/cmd/ctr/commands" - shim "github.com/containerd/containerd/linux/shim/v1" + shim "github.com/containerd/containerd/runtime/linux/shim/v1" "github.com/containerd/typeurl" ptypes "github.com/gogo/protobuf/types" "github.com/opencontainers/runtime-spec/specs-go" diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/snapshots/snapshots.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/snapshots/snapshots.go index da4ab95d8..b720104eb 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/snapshots/snapshots.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/snapshots/snapshots.go @@ -30,7 +30,7 @@ import ( "github.com/containerd/containerd/diff" "github.com/containerd/containerd/log" "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/progress" + "github.com/containerd/containerd/pkg/progress" "github.com/containerd/containerd/rootfs" "github.com/containerd/containerd/snapshots" digest "github.com/opencontainers/go-digest" diff --git a/vendor/github.com/containerd/containerd/container_opts_unix.go b/vendor/github.com/containerd/containerd/container_opts_unix.go index 8ae955113..743688895 100644 --- a/vendor/github.com/containerd/containerd/container_opts_unix.go +++ b/vendor/github.com/containerd/containerd/container_opts_unix.go @@ -31,9 +31,9 @@ import ( "github.com/containerd/containerd/content" "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/images" - "github.com/containerd/containerd/linux/runctypes" "github.com/containerd/containerd/mount" "github.com/containerd/containerd/platforms" + "github.com/containerd/containerd/runtime/linux/runctypes" "github.com/gogo/protobuf/proto" protobuf "github.com/gogo/protobuf/types" digest "github.com/opencontainers/go-digest" diff --git a/vendor/github.com/containerd/containerd/content_reader.go b/vendor/github.com/containerd/containerd/content/proxy/content_reader.go similarity index 98% rename from vendor/github.com/containerd/containerd/content_reader.go rename to vendor/github.com/containerd/containerd/content/proxy/content_reader.go index 72628e6ca..b06e48fa9 100644 --- a/vendor/github.com/containerd/containerd/content_reader.go +++ b/vendor/github.com/containerd/containerd/content/proxy/content_reader.go @@ -14,7 +14,7 @@ limitations under the License. */ -package containerd +package proxy import ( "context" diff --git a/vendor/github.com/containerd/containerd/content_store.go b/vendor/github.com/containerd/containerd/content/proxy/content_store.go similarity index 64% rename from vendor/github.com/containerd/containerd/content_store.go rename to vendor/github.com/containerd/containerd/content/proxy/content_store.go index 790249c2b..3777ee9cd 100644 --- a/vendor/github.com/containerd/containerd/content_store.go +++ b/vendor/github.com/containerd/containerd/content/proxy/content_store.go @@ -14,7 +14,7 @@ limitations under the License. */ -package containerd +package proxy import ( "context" @@ -27,19 +27,20 @@ import ( digest "github.com/opencontainers/go-digest" ) -type remoteContent struct { +type proxyContentStore struct { client contentapi.ContentClient } -// NewContentStoreFromClient returns a new content store -func NewContentStoreFromClient(client contentapi.ContentClient) content.Store { - return &remoteContent{ +// NewContentStore returns a new content store which communicates over a GRPC +// connection using the containerd content GRPC API. +func NewContentStore(client contentapi.ContentClient) content.Store { + return &proxyContentStore{ client: client, } } -func (rs *remoteContent) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) { - resp, err := rs.client.Info(ctx, &contentapi.InfoRequest{ +func (pcs *proxyContentStore) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) { + resp, err := pcs.client.Info(ctx, &contentapi.InfoRequest{ Digest: dgst, }) if err != nil { @@ -49,8 +50,8 @@ func (rs *remoteContent) Info(ctx context.Context, dgst digest.Digest) (content. return infoFromGRPC(resp.Info), nil } -func (rs *remoteContent) Walk(ctx context.Context, fn content.WalkFunc, filters ...string) error { - session, err := rs.client.List(ctx, &contentapi.ListContentRequest{ +func (pcs *proxyContentStore) Walk(ctx context.Context, fn content.WalkFunc, filters ...string) error { + session, err := pcs.client.List(ctx, &contentapi.ListContentRequest{ Filters: filters, }) if err != nil { @@ -77,8 +78,8 @@ func (rs *remoteContent) Walk(ctx context.Context, fn content.WalkFunc, filters return nil } -func (rs *remoteContent) Delete(ctx context.Context, dgst digest.Digest) error { - if _, err := rs.client.Delete(ctx, &contentapi.DeleteContentRequest{ +func (pcs *proxyContentStore) Delete(ctx context.Context, dgst digest.Digest) error { + if _, err := pcs.client.Delete(ctx, &contentapi.DeleteContentRequest{ Digest: dgst, }); err != nil { return errdefs.FromGRPC(err) @@ -87,8 +88,8 @@ func (rs *remoteContent) Delete(ctx context.Context, dgst digest.Digest) error { return nil } -func (rs *remoteContent) ReaderAt(ctx context.Context, dgst digest.Digest) (content.ReaderAt, error) { - i, err := rs.Info(ctx, dgst) +func (pcs *proxyContentStore) ReaderAt(ctx context.Context, dgst digest.Digest) (content.ReaderAt, error) { + i, err := pcs.Info(ctx, dgst) if err != nil { return nil, err } @@ -97,12 +98,12 @@ func (rs *remoteContent) ReaderAt(ctx context.Context, dgst digest.Digest) (cont ctx: ctx, digest: dgst, size: i.Size, - client: rs.client, + client: pcs.client, }, nil } -func (rs *remoteContent) Status(ctx context.Context, ref string) (content.Status, error) { - resp, err := rs.client.Status(ctx, &contentapi.StatusRequest{ +func (pcs *proxyContentStore) Status(ctx context.Context, ref string) (content.Status, error) { + resp, err := pcs.client.Status(ctx, &contentapi.StatusRequest{ Ref: ref, }) if err != nil { @@ -120,8 +121,8 @@ func (rs *remoteContent) Status(ctx context.Context, ref string) (content.Status }, nil } -func (rs *remoteContent) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) { - resp, err := rs.client.Update(ctx, &contentapi.UpdateRequest{ +func (pcs *proxyContentStore) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) { + resp, err := pcs.client.Update(ctx, &contentapi.UpdateRequest{ Info: infoToGRPC(info), UpdateMask: &protobuftypes.FieldMask{ Paths: fieldpaths, @@ -133,8 +134,8 @@ func (rs *remoteContent) Update(ctx context.Context, info content.Info, fieldpat return infoFromGRPC(resp.Info), nil } -func (rs *remoteContent) ListStatuses(ctx context.Context, filters ...string) ([]content.Status, error) { - resp, err := rs.client.ListStatuses(ctx, &contentapi.ListStatusesRequest{ +func (pcs *proxyContentStore) ListStatuses(ctx context.Context, filters ...string) ([]content.Status, error) { + resp, err := pcs.client.ListStatuses(ctx, &contentapi.ListStatusesRequest{ Filters: filters, }) if err != nil { @@ -156,8 +157,8 @@ func (rs *remoteContent) ListStatuses(ctx context.Context, filters ...string) ([ return statuses, nil } -func (rs *remoteContent) Writer(ctx context.Context, ref string, size int64, expected digest.Digest) (content.Writer, error) { - wrclient, offset, err := rs.negotiate(ctx, ref, size, expected) +func (pcs *proxyContentStore) Writer(ctx context.Context, ref string, size int64, expected digest.Digest) (content.Writer, error) { + wrclient, offset, err := pcs.negotiate(ctx, ref, size, expected) if err != nil { return nil, errdefs.FromGRPC(err) } @@ -170,8 +171,8 @@ func (rs *remoteContent) Writer(ctx context.Context, ref string, size int64, exp } // Abort implements asynchronous abort. It starts a new write session on the ref l -func (rs *remoteContent) Abort(ctx context.Context, ref string) error { - if _, err := rs.client.Abort(ctx, &contentapi.AbortRequest{ +func (pcs *proxyContentStore) Abort(ctx context.Context, ref string) error { + if _, err := pcs.client.Abort(ctx, &contentapi.AbortRequest{ Ref: ref, }); err != nil { return errdefs.FromGRPC(err) @@ -180,8 +181,8 @@ func (rs *remoteContent) Abort(ctx context.Context, ref string) error { return nil } -func (rs *remoteContent) negotiate(ctx context.Context, ref string, size int64, expected digest.Digest) (contentapi.Content_WriteClient, int64, error) { - wrclient, err := rs.client.Write(ctx) +func (pcs *proxyContentStore) negotiate(ctx context.Context, ref string, size int64, expected digest.Digest) (contentapi.Content_WriteClient, int64, error) { + wrclient, err := pcs.client.Write(ctx) if err != nil { return nil, 0, err } diff --git a/vendor/github.com/containerd/containerd/content_writer.go b/vendor/github.com/containerd/containerd/content/proxy/content_writer.go similarity index 99% rename from vendor/github.com/containerd/containerd/content_writer.go rename to vendor/github.com/containerd/containerd/content/proxy/content_writer.go index a4247daa0..6d35ba61a 100644 --- a/vendor/github.com/containerd/containerd/content_writer.go +++ b/vendor/github.com/containerd/containerd/content/proxy/content_writer.go @@ -14,7 +14,7 @@ limitations under the License. */ -package containerd +package proxy import ( "context" diff --git a/vendor/github.com/containerd/containerd/metrics/cgroups/cgroups.go b/vendor/github.com/containerd/containerd/metrics/cgroups/cgroups.go index 86a2b8e8d..14ceca0cb 100644 --- a/vendor/github.com/containerd/containerd/metrics/cgroups/cgroups.go +++ b/vendor/github.com/containerd/containerd/metrics/cgroups/cgroups.go @@ -24,12 +24,12 @@ import ( "github.com/containerd/cgroups" eventstypes "github.com/containerd/containerd/api/events" "github.com/containerd/containerd/events" - "github.com/containerd/containerd/linux" "github.com/containerd/containerd/log" "github.com/containerd/containerd/namespaces" "github.com/containerd/containerd/platforms" "github.com/containerd/containerd/plugin" "github.com/containerd/containerd/runtime" + "github.com/containerd/containerd/runtime/linux" metrics "github.com/docker/go-metrics" "github.com/sirupsen/logrus" ) diff --git a/vendor/github.com/containerd/containerd/dialer/dialer.go b/vendor/github.com/containerd/containerd/pkg/dialer/dialer.go similarity index 100% rename from vendor/github.com/containerd/containerd/dialer/dialer.go rename to vendor/github.com/containerd/containerd/pkg/dialer/dialer.go diff --git a/vendor/github.com/containerd/containerd/dialer/dialer_unix.go b/vendor/github.com/containerd/containerd/pkg/dialer/dialer_unix.go similarity index 100% rename from vendor/github.com/containerd/containerd/dialer/dialer_unix.go rename to vendor/github.com/containerd/containerd/pkg/dialer/dialer_unix.go diff --git a/vendor/github.com/containerd/containerd/dialer/dialer_windows.go b/vendor/github.com/containerd/containerd/pkg/dialer/dialer_windows.go similarity index 100% rename from vendor/github.com/containerd/containerd/dialer/dialer_windows.go rename to vendor/github.com/containerd/containerd/pkg/dialer/dialer_windows.go diff --git a/vendor/github.com/containerd/containerd/progress/bar.go b/vendor/github.com/containerd/containerd/pkg/progress/bar.go similarity index 100% rename from vendor/github.com/containerd/containerd/progress/bar.go rename to vendor/github.com/containerd/containerd/pkg/progress/bar.go diff --git a/vendor/github.com/containerd/containerd/progress/doc.go b/vendor/github.com/containerd/containerd/pkg/progress/doc.go similarity index 100% rename from vendor/github.com/containerd/containerd/progress/doc.go rename to vendor/github.com/containerd/containerd/pkg/progress/doc.go diff --git a/vendor/github.com/containerd/containerd/progress/escape.go b/vendor/github.com/containerd/containerd/pkg/progress/escape.go similarity index 100% rename from vendor/github.com/containerd/containerd/progress/escape.go rename to vendor/github.com/containerd/containerd/pkg/progress/escape.go diff --git a/vendor/github.com/containerd/containerd/progress/humaans.go b/vendor/github.com/containerd/containerd/pkg/progress/humaans.go similarity index 100% rename from vendor/github.com/containerd/containerd/progress/humaans.go rename to vendor/github.com/containerd/containerd/pkg/progress/humaans.go diff --git a/vendor/github.com/containerd/containerd/progress/writer.go b/vendor/github.com/containerd/containerd/pkg/progress/writer.go similarity index 100% rename from vendor/github.com/containerd/containerd/progress/writer.go rename to vendor/github.com/containerd/containerd/pkg/progress/writer.go diff --git a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go index 51e605e12..1509e696c 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go @@ -20,6 +20,7 @@ import ( "context" "fmt" "io" + "io/ioutil" "net/http" "path" "strings" @@ -84,8 +85,9 @@ func (r dockerFetcher) open(ctx context.Context, u, mediatype string, offset int req.Header.Set("Accept", strings.Join([]string{mediatype, `*`}, ", ")) if offset > 0 { - // TODO(stevvooe): Only set this header in response to the - // "Accept-Ranges: bytes" header. + // Note: "Accept-Ranges: bytes" cannot be trusted as some endpoints + // will return the header without supporting the range. The content + // range must always be checked. req.Header.Set("Range", fmt.Sprintf("bytes=%d-", offset)) } @@ -106,6 +108,30 @@ func (r dockerFetcher) open(ctx context.Context, u, mediatype string, offset int } return nil, errors.Errorf("unexpected status code %v: %v", u, resp.Status) } + if offset > 0 { + cr := resp.Header.Get("content-range") + if cr != "" { + if !strings.HasPrefix(cr, fmt.Sprintf("bytes %d-", offset)) { + return nil, errors.Errorf("unhandled content range in response: %v", cr) + + } + } else { + // TODO: Should any cases where use of content range + // without the proper header be considerd? + // 206 responses? + + // Discard up to offset + // Could use buffer pool here but this case should be rare + n, err := io.Copy(ioutil.Discard, io.LimitReader(resp.Body, offset)) + if err != nil { + return nil, errors.Wrap(err, "failed to discard to offset") + } + if n != offset { + return nil, errors.Errorf("unable to discard to offset") + } + + } + } return resp.Body, nil } diff --git a/vendor/github.com/containerd/containerd/linux/bundle.go b/vendor/github.com/containerd/containerd/runtime/linux/bundle.go similarity index 96% rename from vendor/github.com/containerd/containerd/linux/bundle.go rename to vendor/github.com/containerd/containerd/runtime/linux/bundle.go index e87457131..8aef5a97a 100644 --- a/vendor/github.com/containerd/containerd/linux/bundle.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/bundle.go @@ -25,9 +25,9 @@ import ( "path/filepath" "github.com/containerd/containerd/events/exchange" - "github.com/containerd/containerd/linux/runctypes" - "github.com/containerd/containerd/linux/shim" - "github.com/containerd/containerd/linux/shim/client" + "github.com/containerd/containerd/runtime/linux/runctypes" + "github.com/containerd/containerd/runtime/linux/shim" + "github.com/containerd/containerd/runtime/linux/shim/client" "github.com/pkg/errors" ) diff --git a/vendor/github.com/containerd/containerd/linux/proc/deleted_state.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/deleted_state.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/proc/deleted_state.go rename to vendor/github.com/containerd/containerd/runtime/linux/proc/deleted_state.go diff --git a/vendor/github.com/containerd/containerd/linux/proc/exec.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/exec.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/proc/exec.go rename to vendor/github.com/containerd/containerd/runtime/linux/proc/exec.go diff --git a/vendor/github.com/containerd/containerd/linux/proc/exec_state.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/exec_state.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/proc/exec_state.go rename to vendor/github.com/containerd/containerd/runtime/linux/proc/exec_state.go diff --git a/vendor/github.com/containerd/containerd/linux/proc/init.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/init.go similarity index 99% rename from vendor/github.com/containerd/containerd/linux/proc/init.go rename to vendor/github.com/containerd/containerd/runtime/linux/proc/init.go index 82f9ebdf2..ed7f9066d 100644 --- a/vendor/github.com/containerd/containerd/linux/proc/init.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/proc/init.go @@ -31,9 +31,9 @@ import ( "time" "github.com/containerd/console" - "github.com/containerd/containerd/linux/runctypes" "github.com/containerd/containerd/log" "github.com/containerd/containerd/mount" + "github.com/containerd/containerd/runtime/linux/runctypes" "github.com/containerd/fifo" runc "github.com/containerd/go-runc" "github.com/containerd/typeurl" diff --git a/vendor/github.com/containerd/containerd/linux/proc/init_state.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/init_state.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/proc/init_state.go rename to vendor/github.com/containerd/containerd/runtime/linux/proc/init_state.go diff --git a/vendor/github.com/containerd/containerd/linux/proc/io.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/io.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/proc/io.go rename to vendor/github.com/containerd/containerd/runtime/linux/proc/io.go diff --git a/vendor/github.com/containerd/containerd/linux/proc/process.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/process.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/proc/process.go rename to vendor/github.com/containerd/containerd/runtime/linux/proc/process.go diff --git a/vendor/github.com/containerd/containerd/linux/proc/types.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/types.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/proc/types.go rename to vendor/github.com/containerd/containerd/runtime/linux/proc/types.go diff --git a/vendor/github.com/containerd/containerd/linux/proc/utils.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/utils.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/proc/utils.go rename to vendor/github.com/containerd/containerd/runtime/linux/proc/utils.go diff --git a/vendor/github.com/containerd/containerd/linux/process.go b/vendor/github.com/containerd/containerd/runtime/linux/process.go similarity index 98% rename from vendor/github.com/containerd/containerd/linux/process.go rename to vendor/github.com/containerd/containerd/runtime/linux/process.go index 0790d8a52..bb81dbccf 100644 --- a/vendor/github.com/containerd/containerd/linux/process.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/process.go @@ -24,8 +24,8 @@ import ( eventstypes "github.com/containerd/containerd/api/events" "github.com/containerd/containerd/api/types/task" "github.com/containerd/containerd/errdefs" - shim "github.com/containerd/containerd/linux/shim/v1" "github.com/containerd/containerd/runtime" + shim "github.com/containerd/containerd/runtime/linux/shim/v1" "github.com/pkg/errors" "github.com/stevvooe/ttrpc" ) diff --git a/vendor/github.com/containerd/containerd/runtime/linux/runctypes/doc.go b/vendor/github.com/containerd/containerd/runtime/linux/runctypes/doc.go new file mode 100644 index 000000000..8d074c534 --- /dev/null +++ b/vendor/github.com/containerd/containerd/runtime/linux/runctypes/doc.go @@ -0,0 +1,17 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package runctypes diff --git a/vendor/github.com/containerd/containerd/linux/runctypes/runc.pb.go b/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.pb.go similarity index 90% rename from vendor/github.com/containerd/containerd/linux/runctypes/runc.pb.go rename to vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.pb.go index 00a27bf06..c13d23359 100644 --- a/vendor/github.com/containerd/containerd/linux/runctypes/runc.pb.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.pb.go @@ -1,11 +1,11 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: github.com/containerd/containerd/linux/runctypes/runc.proto +// source: github.com/containerd/containerd/runtime/linux/runctypes/runc.proto /* Package runctypes is a generated protocol buffer package. It is generated from these files: - github.com/containerd/containerd/linux/runctypes/runc.proto + github.com/containerd/containerd/runtime/linux/runctypes/runc.proto It has these top-level messages: RuncOptions @@ -1408,43 +1408,43 @@ var ( ) func init() { - proto.RegisterFile("github.com/containerd/containerd/linux/runctypes/runc.proto", fileDescriptorRunc) + proto.RegisterFile("github.com/containerd/containerd/runtime/linux/runctypes/runc.proto", fileDescriptorRunc) } var fileDescriptorRunc = []byte{ - // 540 bytes of a gzipped FileDescriptorProto + // 541 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x93, 0xc1, 0x6e, 0xd3, 0x40, 0x10, 0x86, 0x6b, 0xda, 0x26, 0xce, 0xa4, 0x29, 0xb0, 0x50, 0xc9, 0x14, 0x91, 0x86, 0x00, 0x52, - 0xb8, 0xa4, 0x12, 0x88, 0x0b, 0xbd, 0xb5, 0x45, 0xa8, 0x02, 0x4a, 0x65, 0x5a, 0x09, 0x71, 0x59, - 0xb9, 0xeb, 0x21, 0x59, 0x25, 0xde, 0x59, 0xed, 0xae, 0xa9, 0x73, 0xeb, 0x13, 0xf0, 0x5c, 0x3d, - 0x72, 0xe4, 0x84, 0x68, 0x5e, 0x04, 0xe4, 0x75, 0x1c, 0xb8, 0x72, 0xe5, 0xf6, 0xcf, 0xf7, 0x8f, - 0x3d, 0xa3, 0x7f, 0x35, 0xb0, 0x37, 0x92, 0x6e, 0x9c, 0x9f, 0x0f, 0x05, 0x65, 0xbb, 0x82, 0x94, - 0x4b, 0xa4, 0x42, 0x93, 0xfe, 0x2d, 0xa7, 0x52, 0xe5, 0xc5, 0xae, 0xc9, 0x95, 0x70, 0x33, 0x8d, - 0xd6, 0xab, 0xa1, 0x36, 0xe4, 0x88, 0x6d, 0xfd, 0x69, 0x1b, 0xfa, 0xb6, 0x61, 0x69, 0x6e, 0xdf, - 0x1d, 0xd1, 0x88, 0x7c, 0xc7, 0x6e, 0xa9, 0xaa, 0xe6, 0xfe, 0xd7, 0x00, 0xda, 0x71, 0xae, 0xc4, - 0x7b, 0xed, 0x24, 0x29, 0xcb, 0x22, 0x68, 0x9a, 0x5c, 0x39, 0x99, 0x61, 0x14, 0xf4, 0x82, 0x41, - 0x2b, 0xae, 0x4b, 0xf6, 0x10, 0x36, 0x16, 0x92, 0x1b, 0x22, 0x17, 0xdd, 0xf0, 0x76, 0x7b, 0xc1, - 0x62, 0x22, 0xc7, 0xee, 0x43, 0x4b, 0x18, 0x99, 0x73, 0x9d, 0xb8, 0x71, 0xb4, 0xea, 0xfd, 0xb0, - 0x04, 0x27, 0x89, 0x1b, 0xb3, 0x27, 0xb0, 0x69, 0x67, 0xd6, 0x61, 0x96, 0x72, 0x31, 0x32, 0x94, - 0xeb, 0x68, 0xad, 0x17, 0x0c, 0xc2, 0xb8, 0xb3, 0xa0, 0x07, 0x1e, 0xf6, 0x2f, 0x57, 0xa1, 0x73, - 0x60, 0x30, 0x71, 0x58, 0xaf, 0xd4, 0x87, 0x8e, 0x22, 0xae, 0xe5, 0x17, 0x72, 0xd5, 0xe4, 0xc0, - 0x7f, 0xd7, 0x56, 0x74, 0x52, 0x32, 0x3f, 0xf9, 0x1e, 0x84, 0xa4, 0x51, 0x71, 0x27, 0xb4, 0x5f, - 0x2c, 0x8c, 0x9b, 0x65, 0x7d, 0x2a, 0x34, 0x7b, 0x06, 0x5b, 0x58, 0x38, 0x34, 0x2a, 0x99, 0xf2, - 0x5c, 0xc9, 0x82, 0x5b, 0x12, 0x13, 0x74, 0xd6, 0x2f, 0x18, 0xc6, 0x77, 0x6a, 0xf3, 0x4c, 0xc9, - 0xe2, 0x43, 0x65, 0xb1, 0x6d, 0x08, 0x1d, 0x9a, 0x4c, 0xaa, 0x64, 0xba, 0xd8, 0x72, 0x59, 0xb3, - 0x07, 0x00, 0x9f, 0xe5, 0x14, 0xf9, 0x94, 0xc4, 0xc4, 0x46, 0xeb, 0xde, 0x6d, 0x95, 0xe4, 0x6d, - 0x09, 0xd8, 0x53, 0xb8, 0x85, 0x99, 0x76, 0x33, 0xae, 0x92, 0x0c, 0xad, 0x4e, 0x04, 0xda, 0xa8, - 0xd1, 0x5b, 0x1d, 0xb4, 0xe2, 0x9b, 0x9e, 0x1f, 0x2f, 0x71, 0x99, 0x68, 0x95, 0x84, 0xe5, 0x19, - 0xa5, 0x18, 0x35, 0xab, 0x44, 0x17, 0xec, 0x1d, 0xa5, 0xc8, 0x1e, 0xc3, 0xa6, 0x22, 0xae, 0xf0, - 0x82, 0x4f, 0x70, 0x66, 0xa4, 0x1a, 0x45, 0xa1, 0x1f, 0xb8, 0xa1, 0xe8, 0x18, 0x2f, 0xde, 0x54, - 0x8c, 0xed, 0x40, 0xdb, 0x8e, 0x65, 0x56, 0xe7, 0xda, 0xf2, 0xff, 0x81, 0x12, 0x55, 0xa1, 0xb2, - 0x2d, 0x68, 0x48, 0xe2, 0xb9, 0x4c, 0x23, 0xe8, 0x05, 0x83, 0x4e, 0xbc, 0x2e, 0xe9, 0x4c, 0xa6, - 0x0b, 0x3c, 0x92, 0x69, 0xd4, 0xae, 0xf1, 0x6b, 0x99, 0xf6, 0x7f, 0x05, 0x70, 0xfb, 0x60, 0x8c, - 0x62, 0xa2, 0x49, 0x2a, 0x57, 0x3f, 0x03, 0x83, 0x35, 0x2c, 0x64, 0x9d, 0xbe, 0xd7, 0xff, 0x6b, - 0xec, 0xfd, 0x17, 0xb0, 0x79, 0x62, 0x48, 0xa0, 0xb5, 0x87, 0xe8, 0x12, 0x39, 0xb5, 0xec, 0x11, - 0x34, 0xb1, 0x40, 0xc1, 0x65, 0x5a, 0xdd, 0xc5, 0x3e, 0xcc, 0x7f, 0xec, 0x34, 0x5e, 0x15, 0x28, - 0x8e, 0x0e, 0xe3, 0x46, 0x69, 0x1d, 0xa5, 0xfb, 0xa7, 0x57, 0xd7, 0xdd, 0x95, 0xef, 0xd7, 0xdd, - 0x95, 0xcb, 0x79, 0x37, 0xb8, 0x9a, 0x77, 0x83, 0x6f, 0xf3, 0x6e, 0xf0, 0x73, 0xde, 0x0d, 0x3e, - 0xbd, 0xfc, 0xd7, 0x83, 0xde, 0x5b, 0xaa, 0x8f, 0x2b, 0xe7, 0x0d, 0x7f, 0xab, 0xcf, 0x7f, 0x07, - 0x00, 0x00, 0xff, 0xff, 0xb1, 0xca, 0x85, 0x39, 0x17, 0x04, 0x00, 0x00, + 0xb8, 0xa4, 0x12, 0x88, 0x13, 0xb7, 0xa6, 0x08, 0x55, 0x40, 0xa9, 0x0c, 0x95, 0x10, 0x42, 0x5a, + 0xb9, 0xeb, 0x21, 0x59, 0xc5, 0xde, 0x59, 0x79, 0xd7, 0xd4, 0xb9, 0xf5, 0x09, 0x78, 0xae, 0x1e, + 0x39, 0x72, 0x42, 0x34, 0x2f, 0x02, 0xf2, 0xda, 0x0e, 0x9c, 0x39, 0x72, 0xfb, 0xe7, 0xfb, 0xc7, + 0x9e, 0xd1, 0xbf, 0x1a, 0x98, 0x4c, 0xa5, 0x9d, 0xe5, 0x67, 0x63, 0x41, 0xe9, 0xbe, 0x20, 0x65, + 0x23, 0xa9, 0x30, 0x8b, 0xff, 0x96, 0x59, 0xae, 0xac, 0x4c, 0x71, 0x3f, 0x91, 0x2a, 0x2f, 0xca, + 0x4a, 0xd8, 0x85, 0x46, 0xe3, 0xd4, 0x58, 0x67, 0x64, 0x89, 0xed, 0xfc, 0x69, 0x1f, 0xbb, 0xb6, + 0x71, 0x69, 0xee, 0xde, 0x9e, 0xd2, 0x94, 0x5c, 0xc7, 0x7e, 0xa9, 0xaa, 0xe6, 0xe1, 0x57, 0x0f, + 0xba, 0x61, 0xae, 0xc4, 0x5b, 0x6d, 0x25, 0x29, 0xc3, 0x02, 0x68, 0xd7, 0x23, 0x02, 0x6f, 0xe0, + 0x8d, 0x3a, 0x61, 0x53, 0xb2, 0xfb, 0xb0, 0x55, 0x4b, 0x9e, 0x11, 0xd9, 0xe0, 0x9a, 0xb3, 0xbb, + 0x35, 0x0b, 0x89, 0x2c, 0xbb, 0x0b, 0x1d, 0x91, 0xc9, 0x9c, 0xeb, 0xc8, 0xce, 0x82, 0x75, 0xe7, + 0xfb, 0x25, 0x38, 0x89, 0xec, 0x8c, 0x3d, 0x82, 0x6d, 0xb3, 0x30, 0x16, 0xd3, 0x98, 0x8b, 0x69, + 0x46, 0xb9, 0x0e, 0x36, 0x06, 0xde, 0xc8, 0x0f, 0x7b, 0x35, 0x9d, 0x38, 0x38, 0xbc, 0x58, 0x87, + 0xde, 0x24, 0xc3, 0xc8, 0x62, 0xb3, 0xd2, 0x10, 0x7a, 0x8a, 0xb8, 0x96, 0x5f, 0xc8, 0x56, 0x93, + 0x3d, 0xf7, 0x5d, 0x57, 0xd1, 0x49, 0xc9, 0xdc, 0xe4, 0x3b, 0xe0, 0x93, 0x46, 0xc5, 0xad, 0xd0, + 0x6e, 0x31, 0x3f, 0x6c, 0x97, 0xf5, 0x7b, 0xa1, 0xd9, 0x13, 0xd8, 0xc1, 0xc2, 0x62, 0xa6, 0xa2, + 0x84, 0xe7, 0x4a, 0x16, 0xdc, 0x90, 0x98, 0xa3, 0x35, 0x6e, 0x41, 0x3f, 0xbc, 0xd5, 0x98, 0xa7, + 0x4a, 0x16, 0xef, 0x2a, 0x8b, 0xed, 0x82, 0x6f, 0x31, 0x4b, 0xa5, 0x8a, 0x92, 0x7a, 0xcb, 0x55, + 0xcd, 0xee, 0x01, 0x7c, 0x96, 0x09, 0xf2, 0x84, 0xc4, 0xdc, 0x04, 0x9b, 0xce, 0xed, 0x94, 0xe4, + 0x75, 0x09, 0xd8, 0x63, 0xb8, 0x81, 0xa9, 0xb6, 0x0b, 0xae, 0xa2, 0x14, 0x8d, 0x8e, 0x04, 0x9a, + 0xa0, 0x35, 0x58, 0x1f, 0x75, 0xc2, 0xeb, 0x8e, 0x1f, 0xaf, 0x70, 0x99, 0x68, 0x95, 0x84, 0xe1, + 0x29, 0xc5, 0x18, 0xb4, 0xab, 0x44, 0x6b, 0xf6, 0x86, 0x62, 0x64, 0x0f, 0x61, 0x5b, 0x11, 0x57, + 0x78, 0xce, 0xe7, 0xb8, 0xc8, 0xa4, 0x9a, 0x06, 0xbe, 0x1b, 0xb8, 0xa5, 0xe8, 0x18, 0xcf, 0x5f, + 0x55, 0x8c, 0xed, 0x41, 0xd7, 0xcc, 0x64, 0xda, 0xe4, 0xda, 0x71, 0xff, 0x81, 0x12, 0x55, 0xa1, + 0xb2, 0x1d, 0x68, 0x49, 0xe2, 0xb9, 0x8c, 0x03, 0x18, 0x78, 0xa3, 0x5e, 0xb8, 0x29, 0xe9, 0x54, + 0xc6, 0x35, 0x9e, 0xca, 0x38, 0xe8, 0x36, 0xf8, 0xa5, 0x8c, 0x87, 0xbf, 0x3c, 0xb8, 0x39, 0x99, + 0xa1, 0x98, 0x6b, 0x92, 0xca, 0x36, 0xcf, 0xc0, 0x60, 0x03, 0x0b, 0xd9, 0xa4, 0xef, 0xf4, 0xff, + 0x1a, 0xfb, 0xf0, 0x19, 0x6c, 0x9f, 0x64, 0x24, 0xd0, 0x98, 0x43, 0xb4, 0x91, 0x4c, 0x0c, 0x7b, + 0x00, 0x6d, 0x2c, 0x50, 0x70, 0x19, 0x57, 0x77, 0x71, 0x00, 0xcb, 0x1f, 0x7b, 0xad, 0x17, 0x05, + 0x8a, 0xa3, 0xc3, 0xb0, 0x55, 0x5a, 0x47, 0xf1, 0xc1, 0xa7, 0xcb, 0xab, 0xfe, 0xda, 0xf7, 0xab, + 0xfe, 0xda, 0xc5, 0xb2, 0xef, 0x5d, 0x2e, 0xfb, 0xde, 0xb7, 0x65, 0xdf, 0xfb, 0xb9, 0xec, 0x7b, + 0x1f, 0x0f, 0xfe, 0xf5, 0xb0, 0x9f, 0xaf, 0xd4, 0x87, 0xb5, 0xb3, 0x96, 0xbb, 0xd9, 0xa7, 0xbf, + 0x03, 0x00, 0x00, 0xff, 0xff, 0x18, 0xa1, 0x4b, 0x5b, 0x27, 0x04, 0x00, 0x00, } diff --git a/vendor/github.com/containerd/containerd/linux/runctypes/runc.proto b/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.proto similarity index 89% rename from vendor/github.com/containerd/containerd/linux/runctypes/runc.proto rename to vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.proto index a73b1cafa..ddd3f8d11 100644 --- a/vendor/github.com/containerd/containerd/linux/runctypes/runc.proto +++ b/vendor/github.com/containerd/containerd/runtime/linux/runctypes/runc.proto @@ -4,7 +4,7 @@ package containerd.linux.runc; import weak "gogoproto/gogo.proto"; -option go_package = "github.com/containerd/containerd/linux/runctypes;runctypes"; +option go_package = "github.com/containerd/containerd/runtime/linux/runctypes;runctypes"; message RuncOptions { string runtime = 1; diff --git a/vendor/github.com/containerd/containerd/linux/runtime.go b/vendor/github.com/containerd/containerd/runtime/linux/runtime.go similarity index 98% rename from vendor/github.com/containerd/containerd/linux/runtime.go rename to vendor/github.com/containerd/containerd/runtime/linux/runtime.go index 26dedbfa9..5bbd173c6 100644 --- a/vendor/github.com/containerd/containerd/linux/runtime.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/runtime.go @@ -33,9 +33,6 @@ import ( "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/events/exchange" "github.com/containerd/containerd/identifiers" - "github.com/containerd/containerd/linux/proc" - "github.com/containerd/containerd/linux/runctypes" - shim "github.com/containerd/containerd/linux/shim/v1" "github.com/containerd/containerd/log" "github.com/containerd/containerd/metadata" "github.com/containerd/containerd/mount" @@ -43,6 +40,9 @@ import ( "github.com/containerd/containerd/platforms" "github.com/containerd/containerd/plugin" "github.com/containerd/containerd/runtime" + "github.com/containerd/containerd/runtime/linux/proc" + "github.com/containerd/containerd/runtime/linux/runctypes" + shim "github.com/containerd/containerd/runtime/linux/shim/v1" runc "github.com/containerd/go-runc" "github.com/containerd/typeurl" ptypes "github.com/gogo/protobuf/types" diff --git a/vendor/github.com/containerd/containerd/linux/shim/client/client.go b/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client.go similarity index 98% rename from vendor/github.com/containerd/containerd/linux/shim/client/client.go rename to vendor/github.com/containerd/containerd/runtime/linux/shim/client/client.go index f779d071f..c69cca362 100644 --- a/vendor/github.com/containerd/containerd/linux/shim/client/client.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client.go @@ -36,9 +36,9 @@ import ( "github.com/stevvooe/ttrpc" "github.com/containerd/containerd/events" - "github.com/containerd/containerd/linux/shim" - shimapi "github.com/containerd/containerd/linux/shim/v1" "github.com/containerd/containerd/log" + "github.com/containerd/containerd/runtime/linux/shim" + shimapi "github.com/containerd/containerd/runtime/linux/shim/v1" "github.com/containerd/containerd/sys" ptypes "github.com/gogo/protobuf/types" ) diff --git a/vendor/github.com/containerd/containerd/linux/shim/client/client_linux.go b/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_linux.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/shim/client/client_linux.go rename to vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_linux.go diff --git a/vendor/github.com/containerd/containerd/linux/shim/client/client_unix.go b/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_unix.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/shim/client/client_unix.go rename to vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_unix.go diff --git a/vendor/github.com/containerd/containerd/linux/shim/local.go b/vendor/github.com/containerd/containerd/runtime/linux/shim/local.go similarity index 98% rename from vendor/github.com/containerd/containerd/linux/shim/local.go rename to vendor/github.com/containerd/containerd/runtime/linux/shim/local.go index 1600ef6f1..7f2a6d0ef 100644 --- a/vendor/github.com/containerd/containerd/linux/shim/local.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/shim/local.go @@ -22,8 +22,8 @@ import ( "context" "path/filepath" - shimapi "github.com/containerd/containerd/linux/shim/v1" "github.com/containerd/containerd/mount" + shimapi "github.com/containerd/containerd/runtime/linux/shim/v1" ptypes "github.com/gogo/protobuf/types" ) diff --git a/vendor/github.com/containerd/containerd/linux/shim/reaper.go b/vendor/github.com/containerd/containerd/runtime/linux/shim/reaper.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/shim/reaper.go rename to vendor/github.com/containerd/containerd/runtime/linux/shim/reaper.go diff --git a/vendor/github.com/containerd/containerd/linux/shim/service.go b/vendor/github.com/containerd/containerd/runtime/linux/shim/service.go similarity index 98% rename from vendor/github.com/containerd/containerd/linux/shim/service.go rename to vendor/github.com/containerd/containerd/runtime/linux/shim/service.go index 02ac59ef5..7e2e5365c 100644 --- a/vendor/github.com/containerd/containerd/linux/shim/service.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/shim/service.go @@ -29,12 +29,12 @@ import ( "github.com/containerd/containerd/api/types/task" "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/events" - "github.com/containerd/containerd/linux/proc" - "github.com/containerd/containerd/linux/runctypes" - shimapi "github.com/containerd/containerd/linux/shim/v1" "github.com/containerd/containerd/log" "github.com/containerd/containerd/namespaces" "github.com/containerd/containerd/runtime" + "github.com/containerd/containerd/runtime/linux/proc" + "github.com/containerd/containerd/runtime/linux/runctypes" + shimapi "github.com/containerd/containerd/runtime/linux/shim/v1" runc "github.com/containerd/go-runc" "github.com/containerd/typeurl" ptypes "github.com/gogo/protobuf/types" diff --git a/vendor/github.com/containerd/containerd/linux/shim/service_linux.go b/vendor/github.com/containerd/containerd/runtime/linux/shim/service_linux.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/shim/service_linux.go rename to vendor/github.com/containerd/containerd/runtime/linux/shim/service_linux.go diff --git a/vendor/github.com/containerd/containerd/linux/shim/service_unix.go b/vendor/github.com/containerd/containerd/runtime/linux/shim/service_unix.go similarity index 100% rename from vendor/github.com/containerd/containerd/linux/shim/service_unix.go rename to vendor/github.com/containerd/containerd/runtime/linux/shim/service_unix.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/doc.go b/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/doc.go new file mode 100644 index 000000000..55bfe47d7 --- /dev/null +++ b/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/doc.go @@ -0,0 +1,17 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package shim diff --git a/vendor/github.com/containerd/containerd/linux/shim/v1/shim.pb.go b/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.pb.go similarity index 93% rename from vendor/github.com/containerd/containerd/linux/shim/v1/shim.pb.go rename to vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.pb.go index 2f39e6a78..fb492e257 100644 --- a/vendor/github.com/containerd/containerd/linux/shim/v1/shim.pb.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.pb.go @@ -1,11 +1,11 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: github.com/containerd/containerd/linux/shim/v1/shim.proto +// source: github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto /* Package shim is a generated protocol buffer package. It is generated from these files: - github.com/containerd/containerd/linux/shim/v1/shim.proto + github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto It has these top-level messages: CreateTaskRequest @@ -4352,80 +4352,80 @@ var ( ) func init() { - proto.RegisterFile("github.com/containerd/containerd/linux/shim/v1/shim.proto", fileDescriptorShim) + proto.RegisterFile("github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto", fileDescriptorShim) } var fileDescriptorShim = []byte{ - // 1133 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0xcd, 0x6e, 0xdb, 0x46, - 0x10, 0x36, 0x69, 0xfd, 0x8e, 0x22, 0xd7, 0xde, 0x3a, 0x2e, 0xa3, 0x00, 0xb2, 0x40, 0xa0, 0x81, - 0x8b, 0x22, 0x54, 0x2d, 0x17, 0x49, 0xd3, 0x02, 0x01, 0x6c, 0x27, 0x28, 0x8c, 0xd6, 0x88, 0x41, - 0x3b, 0x4d, 0xd0, 0xa2, 0x30, 0x68, 0x71, 0x2d, 0x2d, 0x2c, 0x91, 0x0c, 0x77, 0xe9, 0xda, 0x3d, - 0xf5, 0xd4, 0x73, 0x1f, 0xa7, 0x8f, 0xe0, 0x43, 0x0e, 0x3d, 0xf6, 0x94, 0x36, 0xba, 0xf7, 0x1d, - 0x8a, 0xfd, 0x91, 0x49, 0x49, 0x66, 0x48, 0xf9, 0x62, 0x71, 0x76, 0xbf, 0xd9, 0x9d, 0x9d, 0xef, - 0xdb, 0x99, 0x35, 0x3c, 0xe9, 0x11, 0xd6, 0x8f, 0x4e, 0xac, 0xae, 0x3f, 0x6c, 0x77, 0x7d, 0x8f, - 0x39, 0xc4, 0xc3, 0xa1, 0x9b, 0xfc, 0x1c, 0x10, 0x2f, 0xba, 0x68, 0xd3, 0x3e, 0x19, 0xb6, 0xcf, - 0x37, 0xc5, 0xaf, 0x15, 0x84, 0x3e, 0xf3, 0x51, 0x2b, 0x06, 0x59, 0x61, 0xe4, 0x31, 0x32, 0xc4, - 0x96, 0x00, 0x5b, 0x02, 0x74, 0xbe, 0xd9, 0xb8, 0xd7, 0xf3, 0xfd, 0xde, 0x00, 0xb7, 0x05, 0xfe, - 0x24, 0x3a, 0x6d, 0x3b, 0xde, 0xa5, 0x74, 0x6e, 0xdc, 0x9f, 0x9e, 0xc2, 0xc3, 0x80, 0x8d, 0x27, - 0x57, 0x7b, 0x7e, 0xcf, 0x17, 0x9f, 0x6d, 0xfe, 0xa5, 0x46, 0xd7, 0xa7, 0x5d, 0xf8, 0x8e, 0x94, - 0x39, 0xc3, 0x40, 0x01, 0x1e, 0x65, 0x9e, 0xc5, 0x09, 0x48, 0x9b, 0x5d, 0x06, 0x98, 0xb6, 0x87, - 0x7e, 0xe4, 0x31, 0xe5, 0xf7, 0xf5, 0x1c, 0x7e, 0xcc, 0xa1, 0x67, 0xe2, 0x8f, 0xf4, 0x35, 0xff, - 0xd3, 0x61, 0x65, 0x37, 0xc4, 0x0e, 0xc3, 0x47, 0x0e, 0x3d, 0xb3, 0xf1, 0x9b, 0x08, 0x53, 0x86, - 0xd6, 0x40, 0x27, 0xae, 0xa1, 0xb5, 0xb4, 0x8d, 0xea, 0x4e, 0x69, 0xf4, 0x6e, 0x5d, 0xdf, 0x7b, - 0x66, 0xeb, 0xc4, 0x45, 0x6b, 0x50, 0x3a, 0x89, 0x3c, 0x77, 0x80, 0x0d, 0x9d, 0xcf, 0xd9, 0xca, - 0x42, 0x06, 0x94, 0x55, 0x06, 0x8d, 0x45, 0x31, 0x31, 0x36, 0x51, 0x1b, 0x4a, 0xa1, 0xef, 0xb3, - 0x53, 0x6a, 0x14, 0x5a, 0x8b, 0x1b, 0xb5, 0xce, 0x27, 0x56, 0x22, 0xeb, 0x22, 0x24, 0x6b, 0x9f, - 0x1f, 0xc5, 0x56, 0x30, 0xd4, 0x80, 0x0a, 0xc3, 0xe1, 0x90, 0x78, 0xce, 0xc0, 0x28, 0xb6, 0xb4, - 0x8d, 0x8a, 0x7d, 0x6d, 0xa3, 0x55, 0x28, 0x52, 0xe6, 0x12, 0xcf, 0x28, 0x89, 0x4d, 0xa4, 0xc1, - 0x83, 0xa2, 0xcc, 0xf5, 0x23, 0x66, 0x94, 0x65, 0x50, 0xd2, 0x52, 0xe3, 0x38, 0x0c, 0x8d, 0xca, - 0xf5, 0x38, 0x0e, 0x43, 0xd4, 0x04, 0xe8, 0xf6, 0x71, 0xf7, 0x2c, 0xf0, 0x89, 0xc7, 0x8c, 0xaa, - 0x98, 0x4b, 0x8c, 0xa0, 0xcf, 0x61, 0x25, 0x70, 0x42, 0xec, 0xb1, 0xe3, 0x04, 0x0c, 0x04, 0x6c, - 0x59, 0x4e, 0xec, 0xc6, 0x60, 0x0b, 0xca, 0x7e, 0xc0, 0x88, 0xef, 0x51, 0xa3, 0xd6, 0xd2, 0x36, - 0x6a, 0x9d, 0x55, 0x4b, 0xd2, 0x6c, 0x8d, 0x69, 0xb6, 0xb6, 0xbd, 0x4b, 0x7b, 0x0c, 0x32, 0x1f, - 0x00, 0x4a, 0xa6, 0x9b, 0x06, 0xbe, 0x47, 0x31, 0x5a, 0x86, 0xc5, 0x40, 0x25, 0xbc, 0x6e, 0xf3, - 0x4f, 0xf3, 0x77, 0x0d, 0x96, 0x9e, 0xe1, 0x01, 0x66, 0x38, 0x1d, 0x84, 0xd6, 0xa1, 0x86, 0x2f, - 0x08, 0x3b, 0xa6, 0xcc, 0x61, 0x11, 0x15, 0x9c, 0xd4, 0x6d, 0xe0, 0x43, 0x87, 0x62, 0x04, 0x6d, - 0x43, 0x95, 0x5b, 0xd8, 0x3d, 0x76, 0x98, 0x60, 0xa6, 0xd6, 0x69, 0xcc, 0xc4, 0x77, 0x34, 0x96, - 0xe1, 0x4e, 0xe5, 0xea, 0xdd, 0xfa, 0xc2, 0x1f, 0xff, 0xac, 0x6b, 0x76, 0x45, 0xba, 0x6d, 0x33, - 0xd3, 0x82, 0x55, 0x19, 0xc7, 0x41, 0xe8, 0x77, 0x31, 0xa5, 0x19, 0x12, 0x31, 0xff, 0xd4, 0x00, - 0x3d, 0xbf, 0xc0, 0xdd, 0x7c, 0xf0, 0x09, 0xba, 0xf5, 0x34, 0xba, 0x17, 0x6f, 0xa6, 0xbb, 0x90, - 0x42, 0x77, 0x71, 0x82, 0xee, 0x0d, 0x28, 0xd0, 0x00, 0x77, 0x85, 0x66, 0xd2, 0xe8, 0x11, 0x08, - 0xf3, 0x2e, 0x7c, 0x3c, 0x11, 0xb9, 0xcc, 0xbb, 0xf9, 0x1a, 0x96, 0x6d, 0x4c, 0xc9, 0xaf, 0xf8, - 0x80, 0x5d, 0x66, 0x1d, 0x67, 0x15, 0x8a, 0xbf, 0x10, 0x97, 0xf5, 0x15, 0x17, 0xd2, 0xe0, 0xa1, - 0xf5, 0x31, 0xe9, 0xf5, 0x25, 0x07, 0x75, 0x5b, 0x59, 0xe6, 0x03, 0xb8, 0xc3, 0x89, 0xc2, 0x59, - 0x39, 0x7d, 0xab, 0x43, 0x5d, 0x01, 0x95, 0x16, 0xe6, 0xbd, 0xa0, 0x4a, 0x3b, 0x8b, 0xb1, 0x76, - 0xb6, 0x78, 0xba, 0x84, 0x6c, 0x78, 0x1a, 0x97, 0x3a, 0xf7, 0x93, 0x17, 0xf3, 0x7c, 0x53, 0xdd, - 0x4d, 0xa9, 0x23, 0x5b, 0x41, 0x63, 0x46, 0x8a, 0x37, 0x33, 0x52, 0x4a, 0x61, 0xa4, 0x3c, 0xc1, - 0x48, 0x92, 0xf3, 0xca, 0x14, 0xe7, 0x53, 0x92, 0xae, 0x7e, 0x58, 0xd2, 0x70, 0x2b, 0x49, 0xbf, - 0x80, 0xda, 0x77, 0x64, 0x30, 0xc8, 0x51, 0xec, 0x28, 0xe9, 0x8d, 0x85, 0x59, 0xb7, 0x95, 0xc5, - 0x73, 0xe9, 0x0c, 0x06, 0x22, 0x97, 0x15, 0x9b, 0x7f, 0x9a, 0x4f, 0x61, 0x69, 0x77, 0xe0, 0x53, - 0xbc, 0xf7, 0x22, 0x87, 0x3e, 0x64, 0x02, 0xa5, 0xd6, 0xa5, 0x61, 0x7e, 0x06, 0x1f, 0x7d, 0x4f, - 0x28, 0x3b, 0x20, 0x6e, 0xe6, 0xf5, 0xb2, 0x61, 0x39, 0x86, 0x2a, 0x31, 0x3c, 0x85, 0x6a, 0x20, - 0x35, 0x8b, 0xa9, 0xa1, 0x89, 0x32, 0xdb, 0xba, 0x91, 0x4d, 0xa5, 0xec, 0x3d, 0xef, 0xd4, 0xb7, - 0x63, 0x17, 0xf3, 0x27, 0xb8, 0x1b, 0x57, 0xb4, 0x64, 0x1b, 0x40, 0x50, 0x08, 0x1c, 0xd6, 0x97, - 0x61, 0xd8, 0xe2, 0x3b, 0x59, 0xf0, 0xf4, 0x3c, 0x05, 0xef, 0x21, 0x2c, 0x1f, 0xf6, 0xc9, 0x50, - 0xec, 0x39, 0x0e, 0xf8, 0x1e, 0x54, 0x78, 0x8b, 0x3d, 0x8e, 0xcb, 0x59, 0x99, 0xdb, 0x07, 0xc4, - 0x35, 0xbf, 0x85, 0x95, 0x97, 0x81, 0x3b, 0xd5, 0x8e, 0x3a, 0x50, 0x0d, 0x31, 0xf5, 0xa3, 0xb0, - 0x2b, 0x0e, 0x98, 0xbe, 0x6b, 0x0c, 0x53, 0x77, 0x2b, 0x64, 0x59, 0x09, 0x7d, 0x22, 0xae, 0x16, - 0xc7, 0x65, 0x5c, 0x2d, 0x75, 0x85, 0xf4, 0xb8, 0x46, 0x7f, 0x0a, 0xb5, 0x57, 0x0e, 0xc9, 0xdc, - 0x21, 0x84, 0x3b, 0x12, 0xa6, 0x36, 0x98, 0x92, 0xb8, 0xf6, 0x61, 0x89, 0xeb, 0xb7, 0x91, 0x78, - 0xe7, 0x6d, 0x0d, 0x0a, 0x3c, 0xed, 0xa8, 0x0f, 0x45, 0x51, 0x39, 0x90, 0x65, 0x65, 0x3d, 0x77, - 0xac, 0x64, 0x2d, 0x6a, 0xb4, 0x73, 0xe3, 0xd5, 0xb1, 0x28, 0x94, 0x64, 0x67, 0x43, 0x5b, 0xd9, - 0xae, 0x33, 0x4f, 0x8e, 0xc6, 0x97, 0xf3, 0x39, 0xa9, 0x4d, 0xe5, 0xf1, 0x42, 0x96, 0xf3, 0x78, - 0xd7, 0x72, 0xc8, 0x79, 0xbc, 0x84, 0x2c, 0x6c, 0x28, 0xc9, 0x3e, 0x88, 0xd6, 0x66, 0xb8, 0x78, - 0xce, 0xdf, 0x7e, 0x8d, 0x2f, 0xb2, 0x97, 0x9c, 0xea, 0xe8, 0x97, 0x50, 0x9f, 0xe8, 0xad, 0xe8, - 0x51, 0xde, 0x25, 0x26, 0xbb, 0xeb, 0x2d, 0xb6, 0x7e, 0x03, 0x95, 0x71, 0x1d, 0x41, 0x9b, 0xd9, - 0xde, 0x53, 0xe5, 0xa9, 0xd1, 0x99, 0xc7, 0x45, 0x6d, 0xf9, 0x18, 0x8a, 0x07, 0x4e, 0x44, 0xd3, - 0x13, 0x98, 0x32, 0x8e, 0xbe, 0x82, 0x92, 0x8d, 0x69, 0x34, 0x9c, 0xdf, 0xf3, 0x67, 0x80, 0xc4, - 0x5b, 0xed, 0x71, 0x0e, 0x89, 0xdd, 0x54, 0x07, 0x53, 0x97, 0xdf, 0x87, 0x02, 0x6f, 0x24, 0xe8, - 0x61, 0xf6, 0xc2, 0x89, 0x86, 0x93, 0xba, 0xdc, 0x11, 0x14, 0xf8, 0xfb, 0x03, 0xe5, 0xb8, 0x0a, - 0xb3, 0x2f, 0xac, 0xd4, 0x55, 0x5f, 0x41, 0xf5, 0xfa, 0xf9, 0x82, 0x72, 0xf0, 0x36, 0xfd, 0xd6, - 0x49, 0x5d, 0xf8, 0x10, 0xca, 0xaa, 0xeb, 0xa1, 0x1c, 0xfa, 0x9b, 0x6c, 0x90, 0xa9, 0x8b, 0xfe, - 0x00, 0x95, 0x71, 0xbb, 0x48, 0x65, 0x3b, 0xc7, 0x21, 0x66, 0x5a, 0xce, 0x4b, 0x28, 0xc9, 0xbe, - 0x92, 0xa7, 0x3a, 0xcd, 0x74, 0xa0, 0xd4, 0x70, 0x31, 0x14, 0x78, 0x6d, 0xcf, 0xa3, 0x80, 0x44, - 0xab, 0x68, 0x58, 0x79, 0xe1, 0x32, 0xfa, 0x9d, 0xfd, 0xab, 0xf7, 0xcd, 0x85, 0xbf, 0xdf, 0x37, - 0x17, 0x7e, 0x1b, 0x35, 0xb5, 0xab, 0x51, 0x53, 0xfb, 0x6b, 0xd4, 0xd4, 0xfe, 0x1d, 0x35, 0xb5, - 0x1f, 0xb7, 0xe6, 0xfb, 0xff, 0xf7, 0x1b, 0xfe, 0xfb, 0x5a, 0x3f, 0x29, 0x89, 0x73, 0x6c, 0xfd, - 0x1f, 0x00, 0x00, 0xff, 0xff, 0x4d, 0xd0, 0xe6, 0x46, 0x3f, 0x0f, 0x00, 0x00, + // 1135 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0x4f, 0x4f, 0xdc, 0x46, + 0x14, 0xc7, 0x66, 0xff, 0xbe, 0xcd, 0x52, 0x98, 0x12, 0xea, 0x6c, 0xa4, 0x65, 0x65, 0xa9, 0x11, + 0x55, 0x15, 0xbb, 0x2c, 0x55, 0xd2, 0x36, 0x52, 0x24, 0x20, 0x51, 0x85, 0xda, 0x28, 0xc8, 0x40, + 0x13, 0xb5, 0xaa, 0x90, 0x59, 0x0f, 0xbb, 0x23, 0x76, 0x6d, 0xc7, 0x33, 0xa6, 0xd0, 0x53, 0x4f, + 0x3d, 0xf7, 0xe3, 0xf4, 0x23, 0x70, 0xc8, 0xa1, 0xc7, 0x9e, 0xd2, 0x86, 0x7b, 0xbf, 0x43, 0x35, + 0x7f, 0x16, 0x7b, 0x77, 0x71, 0x6c, 0xb8, 0xb0, 0x7e, 0x33, 0xbf, 0x37, 0xf3, 0xe6, 0xfd, 0x7e, + 0xf3, 0xde, 0x00, 0x9b, 0x7d, 0xc2, 0x06, 0xf1, 0x91, 0xd5, 0x0b, 0x46, 0x76, 0x2f, 0xf0, 0x99, + 0x4b, 0x7c, 0x1c, 0x79, 0xe9, 0xcf, 0x28, 0xf6, 0x19, 0x19, 0x61, 0x7b, 0x48, 0xfc, 0xf8, 0xcc, + 0xa6, 0x03, 0x32, 0xb2, 0x4f, 0xd7, 0xc5, 0xaf, 0x15, 0x46, 0x01, 0x0b, 0x50, 0x27, 0x01, 0x5b, + 0x0a, 0x6c, 0x09, 0xb0, 0x25, 0x40, 0xa7, 0xeb, 0xad, 0x7b, 0xfd, 0x20, 0xe8, 0x0f, 0xb1, 0x2d, + 0xf0, 0x47, 0xf1, 0xb1, 0xed, 0xfa, 0xe7, 0xd2, 0xb9, 0x75, 0x7f, 0x7a, 0x0a, 0x8f, 0x42, 0x36, + 0x9e, 0x5c, 0xee, 0x07, 0xfd, 0x40, 0x7c, 0xda, 0xfc, 0x4b, 0x8d, 0xae, 0x4e, 0xbb, 0xf0, 0x1d, + 0x29, 0x73, 0x47, 0xa1, 0x02, 0x3c, 0xca, 0x3d, 0x93, 0x1b, 0x12, 0x9b, 0x9d, 0x87, 0x98, 0xda, + 0xa3, 0x20, 0xf6, 0x99, 0xf2, 0xfb, 0xe6, 0x06, 0x7e, 0xcc, 0xa5, 0x27, 0xe2, 0x8f, 0xf4, 0x35, + 0xff, 0xd3, 0x61, 0x69, 0x3b, 0xc2, 0x2e, 0xc3, 0xfb, 0x2e, 0x3d, 0x71, 0xf0, 0x9b, 0x18, 0x53, + 0x86, 0x56, 0x40, 0x27, 0x9e, 0xa1, 0x75, 0xb4, 0xb5, 0xfa, 0x56, 0xe5, 0xf2, 0xdd, 0xaa, 0xbe, + 0xf3, 0xcc, 0xd1, 0x89, 0x87, 0x56, 0xa0, 0x72, 0x14, 0xfb, 0xde, 0x10, 0x1b, 0x3a, 0x9f, 0x73, + 0x94, 0x85, 0x0c, 0xa8, 0xaa, 0x0c, 0x1a, 0xf3, 0x62, 0x62, 0x6c, 0x22, 0x1b, 0x2a, 0x51, 0x10, + 0xb0, 0x63, 0x6a, 0x94, 0x3a, 0xf3, 0x6b, 0x8d, 0xee, 0x27, 0x56, 0x2a, 0xeb, 0x22, 0x24, 0xeb, + 0x05, 0x3f, 0x8a, 0xa3, 0x60, 0xa8, 0x05, 0x35, 0x86, 0xa3, 0x11, 0xf1, 0xdd, 0xa1, 0x51, 0xee, + 0x68, 0x6b, 0x35, 0xe7, 0xca, 0x46, 0xcb, 0x50, 0xa6, 0xcc, 0x23, 0xbe, 0x51, 0x11, 0x9b, 0x48, + 0x83, 0x07, 0x45, 0x99, 0x17, 0xc4, 0xcc, 0xa8, 0xca, 0xa0, 0xa4, 0xa5, 0xc6, 0x71, 0x14, 0x19, + 0xb5, 0xab, 0x71, 0x1c, 0x45, 0xa8, 0x0d, 0xd0, 0x1b, 0xe0, 0xde, 0x49, 0x18, 0x10, 0x9f, 0x19, + 0x75, 0x31, 0x97, 0x1a, 0x41, 0x9f, 0xc3, 0x52, 0xe8, 0x46, 0xd8, 0x67, 0x87, 0x29, 0x18, 0x08, + 0xd8, 0xa2, 0x9c, 0xd8, 0x4e, 0xc0, 0x16, 0x54, 0x83, 0x90, 0x91, 0xc0, 0xa7, 0x46, 0xa3, 0xa3, + 0xad, 0x35, 0xba, 0xcb, 0x96, 0xa4, 0xd9, 0x1a, 0xd3, 0x6c, 0x6d, 0xfa, 0xe7, 0xce, 0x18, 0x64, + 0x3e, 0x00, 0x94, 0x4e, 0x37, 0x0d, 0x03, 0x9f, 0x62, 0xb4, 0x08, 0xf3, 0xa1, 0x4a, 0x78, 0xd3, + 0xe1, 0x9f, 0xe6, 0xef, 0x1a, 0x2c, 0x3c, 0xc3, 0x43, 0xcc, 0x70, 0x36, 0x08, 0xad, 0x42, 0x03, + 0x9f, 0x11, 0x76, 0x48, 0x99, 0xcb, 0x62, 0x2a, 0x38, 0x69, 0x3a, 0xc0, 0x87, 0xf6, 0xc4, 0x08, + 0xda, 0x84, 0x3a, 0xb7, 0xb0, 0x77, 0xe8, 0x32, 0xc1, 0x4c, 0xa3, 0xdb, 0x9a, 0x89, 0x6f, 0x7f, + 0x2c, 0xc3, 0xad, 0xda, 0xc5, 0xbb, 0xd5, 0xb9, 0x3f, 0xfe, 0x59, 0xd5, 0x9c, 0x9a, 0x74, 0xdb, + 0x64, 0xa6, 0x05, 0xcb, 0x32, 0x8e, 0xdd, 0x28, 0xe8, 0x61, 0x4a, 0x73, 0x24, 0x62, 0xfe, 0xa9, + 0x01, 0x7a, 0x7e, 0x86, 0x7b, 0xc5, 0xe0, 0x13, 0x74, 0xeb, 0x59, 0x74, 0xcf, 0x5f, 0x4f, 0x77, + 0x29, 0x83, 0xee, 0xf2, 0x04, 0xdd, 0x6b, 0x50, 0xa2, 0x21, 0xee, 0x09, 0xcd, 0x64, 0xd1, 0x23, + 0x10, 0xe6, 0x5d, 0xf8, 0x78, 0x22, 0x72, 0x99, 0x77, 0xf3, 0x35, 0x2c, 0x3a, 0x98, 0x92, 0x5f, + 0xf1, 0x2e, 0x3b, 0xcf, 0x3b, 0xce, 0x32, 0x94, 0x7f, 0x21, 0x1e, 0x1b, 0x28, 0x2e, 0xa4, 0xc1, + 0x43, 0x1b, 0x60, 0xd2, 0x1f, 0x48, 0x0e, 0x9a, 0x8e, 0xb2, 0xcc, 0x07, 0x70, 0x87, 0x13, 0x85, + 0xf3, 0x72, 0xfa, 0x56, 0x87, 0xa6, 0x02, 0x2a, 0x2d, 0xdc, 0xf4, 0x82, 0x2a, 0xed, 0xcc, 0x27, + 0xda, 0xd9, 0xe0, 0xe9, 0x12, 0xb2, 0xe1, 0x69, 0x5c, 0xe8, 0xde, 0x4f, 0x5f, 0xcc, 0xd3, 0x75, + 0x75, 0x37, 0xa5, 0x8e, 0x1c, 0x05, 0x4d, 0x18, 0x29, 0x5f, 0xcf, 0x48, 0x25, 0x83, 0x91, 0xea, + 0x04, 0x23, 0x69, 0xce, 0x6b, 0x53, 0x9c, 0x4f, 0x49, 0xba, 0xfe, 0x61, 0x49, 0xc3, 0xad, 0x24, + 0xfd, 0x12, 0x1a, 0xdf, 0x91, 0xe1, 0xb0, 0x40, 0xb1, 0xa3, 0xa4, 0x3f, 0x16, 0x66, 0xd3, 0x51, + 0x16, 0xcf, 0xa5, 0x3b, 0x1c, 0x8a, 0x5c, 0xd6, 0x1c, 0xfe, 0x69, 0x3e, 0x85, 0x85, 0xed, 0x61, + 0x40, 0xf1, 0xce, 0xcb, 0x02, 0xfa, 0x90, 0x09, 0x94, 0x5a, 0x97, 0x86, 0xf9, 0x19, 0x7c, 0xf4, + 0x3d, 0xa1, 0x6c, 0x97, 0x78, 0xb9, 0xd7, 0xcb, 0x81, 0xc5, 0x04, 0xaa, 0xc4, 0xf0, 0x14, 0xea, + 0xa1, 0xd4, 0x2c, 0xa6, 0x86, 0x26, 0xca, 0x6c, 0xe7, 0x5a, 0x36, 0x95, 0xb2, 0x77, 0xfc, 0xe3, + 0xc0, 0x49, 0x5c, 0xcc, 0x9f, 0xe0, 0x6e, 0x52, 0xd1, 0xd2, 0x6d, 0x00, 0x41, 0x29, 0x74, 0xd9, + 0x40, 0x86, 0xe1, 0x88, 0xef, 0x74, 0xc1, 0xd3, 0x8b, 0x14, 0xbc, 0x87, 0xb0, 0xb8, 0x37, 0x20, + 0x23, 0xb1, 0xe7, 0x38, 0xe0, 0x7b, 0x50, 0xe3, 0x2d, 0xf6, 0x30, 0x29, 0x67, 0x55, 0x6e, 0xef, + 0x12, 0xcf, 0xfc, 0x16, 0x96, 0x0e, 0x42, 0x6f, 0xaa, 0x1d, 0x75, 0xa1, 0x1e, 0x61, 0x1a, 0xc4, + 0x51, 0x4f, 0x1c, 0x30, 0x7b, 0xd7, 0x04, 0xa6, 0xee, 0x56, 0xc4, 0xf2, 0x12, 0xfa, 0xb5, 0xb8, + 0x5a, 0x1c, 0x97, 0x73, 0xb5, 0xd4, 0x15, 0xd2, 0x93, 0x1a, 0xfd, 0x29, 0x34, 0x5e, 0xb9, 0x24, + 0x77, 0x87, 0x08, 0xee, 0x48, 0x98, 0xda, 0x60, 0x4a, 0xe2, 0xda, 0x87, 0x25, 0xae, 0xdf, 0x46, + 0xe2, 0xdd, 0xb7, 0x0d, 0x28, 0xf1, 0xb4, 0xa3, 0x01, 0x94, 0x45, 0xe5, 0x40, 0x96, 0x95, 0xf7, + 0xdc, 0xb1, 0xd2, 0xb5, 0xa8, 0x65, 0x17, 0xc6, 0xab, 0x63, 0x51, 0xa8, 0xc8, 0xce, 0x86, 0x36, + 0xf2, 0x5d, 0x67, 0x9e, 0x1c, 0xad, 0x2f, 0x6f, 0xe6, 0xa4, 0x36, 0x95, 0xc7, 0x8b, 0x58, 0xc1, + 0xe3, 0x5d, 0xc9, 0xa1, 0xe0, 0xf1, 0x52, 0xb2, 0x70, 0xa0, 0x22, 0xfb, 0x20, 0x5a, 0x99, 0xe1, + 0xe2, 0x39, 0x7f, 0xfb, 0xb5, 0xbe, 0xc8, 0x5f, 0x72, 0xaa, 0xa3, 0x9f, 0x43, 0x73, 0xa2, 0xb7, + 0xa2, 0x47, 0x45, 0x97, 0x98, 0xec, 0xae, 0xb7, 0xd8, 0xfa, 0x0d, 0xd4, 0xc6, 0x75, 0x04, 0xad, + 0xe7, 0x7b, 0x4f, 0x95, 0xa7, 0x56, 0xf7, 0x26, 0x2e, 0x6a, 0xcb, 0xc7, 0x50, 0xde, 0x75, 0x63, + 0x9a, 0x9d, 0xc0, 0x8c, 0x71, 0xf4, 0x15, 0x54, 0x1c, 0x4c, 0xe3, 0xd1, 0xcd, 0x3d, 0x7f, 0x06, + 0x48, 0xbd, 0xd5, 0x1e, 0x17, 0x90, 0xd8, 0x75, 0x75, 0x30, 0x73, 0xf9, 0x17, 0x50, 0xe2, 0x8d, + 0x04, 0x3d, 0xcc, 0x5f, 0x38, 0xd5, 0x70, 0x32, 0x97, 0xdb, 0x87, 0x12, 0x7f, 0x7f, 0xa0, 0x02, + 0x57, 0x61, 0xf6, 0x85, 0x95, 0xb9, 0xea, 0x2b, 0xa8, 0x5f, 0x3d, 0x5f, 0x50, 0x01, 0xde, 0xa6, + 0xdf, 0x3a, 0x99, 0x0b, 0xef, 0x41, 0x55, 0x75, 0x3d, 0x54, 0x40, 0x7f, 0x93, 0x0d, 0x32, 0x73, + 0xd1, 0x1f, 0xa0, 0x36, 0x6e, 0x17, 0x99, 0x6c, 0x17, 0x38, 0xc4, 0x4c, 0xcb, 0x39, 0x80, 0x8a, + 0xec, 0x2b, 0x45, 0xaa, 0xd3, 0x4c, 0x07, 0xca, 0x0c, 0x17, 0x43, 0x89, 0xd7, 0xf6, 0x22, 0x0a, + 0x48, 0xb5, 0x8a, 0x96, 0x55, 0x14, 0x2e, 0xa3, 0xdf, 0x3a, 0xb8, 0x78, 0xdf, 0x9e, 0xfb, 0xfb, + 0x7d, 0x7b, 0xee, 0xb7, 0xcb, 0xb6, 0x76, 0x71, 0xd9, 0xd6, 0xfe, 0xba, 0x6c, 0x6b, 0xff, 0x5e, + 0xb6, 0xb5, 0x1f, 0x9f, 0xdc, 0xee, 0xff, 0xe0, 0x27, 0xfc, 0xf7, 0xb5, 0x7e, 0x54, 0x11, 0xe7, + 0xd9, 0xf8, 0x3f, 0x00, 0x00, 0xff, 0xff, 0xfb, 0xc9, 0x30, 0x0d, 0x4f, 0x0f, 0x00, 0x00, } diff --git a/vendor/github.com/containerd/containerd/linux/shim/v1/shim.proto b/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto similarity index 97% rename from vendor/github.com/containerd/containerd/linux/shim/v1/shim.proto rename to vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto index 6de8f1382..fb748f71e 100644 --- a/vendor/github.com/containerd/containerd/linux/shim/v1/shim.proto +++ b/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto @@ -9,7 +9,7 @@ import "google/protobuf/timestamp.proto"; import "github.com/containerd/containerd/api/types/mount.proto"; import "github.com/containerd/containerd/api/types/task/task.proto"; -option go_package = "github.com/containerd/containerd/linux/shim/v1;shim"; +option go_package = "github.com/containerd/containerd/runtime/linux/shim/v1;shim"; // Shim service is launched for each container and is responsible for owning the IO // for the container and its additional processes. The shim is also the parent of diff --git a/vendor/github.com/containerd/containerd/linux/task.go b/vendor/github.com/containerd/containerd/runtime/linux/task.go similarity index 98% rename from vendor/github.com/containerd/containerd/linux/task.go rename to vendor/github.com/containerd/containerd/runtime/linux/task.go index eca82fbbd..bb5d8c0de 100644 --- a/vendor/github.com/containerd/containerd/linux/task.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/task.go @@ -28,9 +28,9 @@ import ( "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/events/exchange" "github.com/containerd/containerd/identifiers" - "github.com/containerd/containerd/linux/shim/client" - shim "github.com/containerd/containerd/linux/shim/v1" "github.com/containerd/containerd/runtime" + "github.com/containerd/containerd/runtime/linux/shim/client" + shim "github.com/containerd/containerd/runtime/linux/shim/v1" runc "github.com/containerd/go-runc" "github.com/gogo/protobuf/types" "github.com/pkg/errors" diff --git a/vendor/github.com/containerd/containerd/server/config.go b/vendor/github.com/containerd/containerd/services/server/config.go similarity index 100% rename from vendor/github.com/containerd/containerd/server/config.go rename to vendor/github.com/containerd/containerd/services/server/config.go diff --git a/vendor/github.com/containerd/containerd/server/server.go b/vendor/github.com/containerd/containerd/services/server/server.go similarity index 100% rename from vendor/github.com/containerd/containerd/server/server.go rename to vendor/github.com/containerd/containerd/services/server/server.go diff --git a/vendor/github.com/containerd/containerd/server/server_linux.go b/vendor/github.com/containerd/containerd/services/server/server_linux.go similarity index 100% rename from vendor/github.com/containerd/containerd/server/server_linux.go rename to vendor/github.com/containerd/containerd/services/server/server_linux.go diff --git a/vendor/github.com/containerd/containerd/server/server_solaris.go b/vendor/github.com/containerd/containerd/services/server/server_solaris.go similarity index 100% rename from vendor/github.com/containerd/containerd/server/server_solaris.go rename to vendor/github.com/containerd/containerd/services/server/server_solaris.go diff --git a/vendor/github.com/containerd/containerd/server/server_unsupported.go b/vendor/github.com/containerd/containerd/services/server/server_unsupported.go similarity index 100% rename from vendor/github.com/containerd/containerd/server/server_unsupported.go rename to vendor/github.com/containerd/containerd/services/server/server_unsupported.go diff --git a/vendor/github.com/containerd/containerd/server/server_windows.go b/vendor/github.com/containerd/containerd/services/server/server_windows.go similarity index 100% rename from vendor/github.com/containerd/containerd/server/server_windows.go rename to vendor/github.com/containerd/containerd/services/server/server_windows.go diff --git a/vendor/github.com/containerd/containerd/snapshot.go b/vendor/github.com/containerd/containerd/snapshots/proxy/proxy.go similarity index 67% rename from vendor/github.com/containerd/containerd/snapshot.go rename to vendor/github.com/containerd/containerd/snapshots/proxy/proxy.go index 155ec718f..1e8c2634c 100644 --- a/vendor/github.com/containerd/containerd/snapshot.go +++ b/vendor/github.com/containerd/containerd/snapshots/proxy/proxy.go @@ -14,7 +14,7 @@ limitations under the License. */ -package containerd +package proxy import ( "context" @@ -28,24 +28,24 @@ import ( protobuftypes "github.com/gogo/protobuf/types" ) -// NewSnapshotterFromClient returns a new Snapshotter which communicates -// over a GRPC connection. -func NewSnapshotterFromClient(client snapshotsapi.SnapshotsClient, snapshotterName string) snapshots.Snapshotter { - return &remoteSnapshotter{ +// NewSnapshotter returns a new Snapshotter which communicates over a GRPC +// connection using the containerd snapshot GRPC API. +func NewSnapshotter(client snapshotsapi.SnapshotsClient, snapshotterName string) snapshots.Snapshotter { + return &proxySnapshotter{ client: client, snapshotterName: snapshotterName, } } -type remoteSnapshotter struct { +type proxySnapshotter struct { client snapshotsapi.SnapshotsClient snapshotterName string } -func (r *remoteSnapshotter) Stat(ctx context.Context, key string) (snapshots.Info, error) { - resp, err := r.client.Stat(ctx, +func (p *proxySnapshotter) Stat(ctx context.Context, key string) (snapshots.Info, error) { + resp, err := p.client.Stat(ctx, &snapshotsapi.StatSnapshotRequest{ - Snapshotter: r.snapshotterName, + Snapshotter: p.snapshotterName, Key: key, }) if err != nil { @@ -54,10 +54,10 @@ func (r *remoteSnapshotter) Stat(ctx context.Context, key string) (snapshots.Inf return toInfo(resp.Info), nil } -func (r *remoteSnapshotter) Update(ctx context.Context, info snapshots.Info, fieldpaths ...string) (snapshots.Info, error) { - resp, err := r.client.Update(ctx, +func (p *proxySnapshotter) Update(ctx context.Context, info snapshots.Info, fieldpaths ...string) (snapshots.Info, error) { + resp, err := p.client.Update(ctx, &snapshotsapi.UpdateSnapshotRequest{ - Snapshotter: r.snapshotterName, + Snapshotter: p.snapshotterName, Info: fromInfo(info), UpdateMask: &protobuftypes.FieldMask{ Paths: fieldpaths, @@ -69,9 +69,9 @@ func (r *remoteSnapshotter) Update(ctx context.Context, info snapshots.Info, fie return toInfo(resp.Info), nil } -func (r *remoteSnapshotter) Usage(ctx context.Context, key string) (snapshots.Usage, error) { - resp, err := r.client.Usage(ctx, &snapshotsapi.UsageRequest{ - Snapshotter: r.snapshotterName, +func (p *proxySnapshotter) Usage(ctx context.Context, key string) (snapshots.Usage, error) { + resp, err := p.client.Usage(ctx, &snapshotsapi.UsageRequest{ + Snapshotter: p.snapshotterName, Key: key, }) if err != nil { @@ -80,9 +80,9 @@ func (r *remoteSnapshotter) Usage(ctx context.Context, key string) (snapshots.Us return toUsage(resp), nil } -func (r *remoteSnapshotter) Mounts(ctx context.Context, key string) ([]mount.Mount, error) { - resp, err := r.client.Mounts(ctx, &snapshotsapi.MountsRequest{ - Snapshotter: r.snapshotterName, +func (p *proxySnapshotter) Mounts(ctx context.Context, key string) ([]mount.Mount, error) { + resp, err := p.client.Mounts(ctx, &snapshotsapi.MountsRequest{ + Snapshotter: p.snapshotterName, Key: key, }) if err != nil { @@ -91,15 +91,15 @@ func (r *remoteSnapshotter) Mounts(ctx context.Context, key string) ([]mount.Mou return toMounts(resp.Mounts), nil } -func (r *remoteSnapshotter) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) ([]mount.Mount, error) { +func (p *proxySnapshotter) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) ([]mount.Mount, error) { var local snapshots.Info for _, opt := range opts { if err := opt(&local); err != nil { return nil, err } } - resp, err := r.client.Prepare(ctx, &snapshotsapi.PrepareSnapshotRequest{ - Snapshotter: r.snapshotterName, + resp, err := p.client.Prepare(ctx, &snapshotsapi.PrepareSnapshotRequest{ + Snapshotter: p.snapshotterName, Key: key, Parent: parent, Labels: local.Labels, @@ -110,15 +110,15 @@ func (r *remoteSnapshotter) Prepare(ctx context.Context, key, parent string, opt return toMounts(resp.Mounts), nil } -func (r *remoteSnapshotter) View(ctx context.Context, key, parent string, opts ...snapshots.Opt) ([]mount.Mount, error) { +func (p *proxySnapshotter) View(ctx context.Context, key, parent string, opts ...snapshots.Opt) ([]mount.Mount, error) { var local snapshots.Info for _, opt := range opts { if err := opt(&local); err != nil { return nil, err } } - resp, err := r.client.View(ctx, &snapshotsapi.ViewSnapshotRequest{ - Snapshotter: r.snapshotterName, + resp, err := p.client.View(ctx, &snapshotsapi.ViewSnapshotRequest{ + Snapshotter: p.snapshotterName, Key: key, Parent: parent, Labels: local.Labels, @@ -129,15 +129,15 @@ func (r *remoteSnapshotter) View(ctx context.Context, key, parent string, opts . return toMounts(resp.Mounts), nil } -func (r *remoteSnapshotter) Commit(ctx context.Context, name, key string, opts ...snapshots.Opt) error { +func (p *proxySnapshotter) Commit(ctx context.Context, name, key string, opts ...snapshots.Opt) error { var local snapshots.Info for _, opt := range opts { if err := opt(&local); err != nil { return err } } - _, err := r.client.Commit(ctx, &snapshotsapi.CommitSnapshotRequest{ - Snapshotter: r.snapshotterName, + _, err := p.client.Commit(ctx, &snapshotsapi.CommitSnapshotRequest{ + Snapshotter: p.snapshotterName, Name: name, Key: key, Labels: local.Labels, @@ -145,17 +145,17 @@ func (r *remoteSnapshotter) Commit(ctx context.Context, name, key string, opts . return errdefs.FromGRPC(err) } -func (r *remoteSnapshotter) Remove(ctx context.Context, key string) error { - _, err := r.client.Remove(ctx, &snapshotsapi.RemoveSnapshotRequest{ - Snapshotter: r.snapshotterName, +func (p *proxySnapshotter) Remove(ctx context.Context, key string) error { + _, err := p.client.Remove(ctx, &snapshotsapi.RemoveSnapshotRequest{ + Snapshotter: p.snapshotterName, Key: key, }) return errdefs.FromGRPC(err) } -func (r *remoteSnapshotter) Walk(ctx context.Context, fn func(context.Context, snapshots.Info) error) error { - sc, err := r.client.List(ctx, &snapshotsapi.ListSnapshotsRequest{ - Snapshotter: r.snapshotterName, +func (p *proxySnapshotter) Walk(ctx context.Context, fn func(context.Context, snapshots.Info) error) error { + sc, err := p.client.List(ctx, &snapshotsapi.ListSnapshotsRequest{ + Snapshotter: p.snapshotterName, }) if err != nil { return errdefs.FromGRPC(err) @@ -179,7 +179,7 @@ func (r *remoteSnapshotter) Walk(ctx context.Context, fn func(context.Context, s } } -func (r *remoteSnapshotter) Close() error { +func (p *proxySnapshotter) Close() error { return nil } diff --git a/vendor/github.com/containerd/containerd/task_opts.go b/vendor/github.com/containerd/containerd/task_opts.go index 495d4225b..6f2897726 100644 --- a/vendor/github.com/containerd/containerd/task_opts.go +++ b/vendor/github.com/containerd/containerd/task_opts.go @@ -21,8 +21,8 @@ import ( "syscall" "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/linux/runctypes" "github.com/containerd/containerd/mount" + "github.com/containerd/containerd/runtime/linux/runctypes" ) // NewTaskOpts allows the caller to set options on a new task diff --git a/vendor/github.com/containerd/containerd/task_opts_linux.go b/vendor/github.com/containerd/containerd/task_opts_linux.go index 63136fd6a..551cb996c 100644 --- a/vendor/github.com/containerd/containerd/task_opts_linux.go +++ b/vendor/github.com/containerd/containerd/task_opts_linux.go @@ -18,7 +18,9 @@ package containerd import ( "context" + "errors" + "github.com/containerd/containerd/runtime/linux/runctypes" "github.com/opencontainers/runtime-spec/specs-go" ) @@ -29,3 +31,18 @@ func WithResources(resources *specs.LinuxResources) UpdateTaskOpts { return nil } } + +// WithNoNewKeyring causes tasks not to be created with a new keyring for secret storage. +// There is an upper limit on the number of keyrings in a linux system +func WithNoNewKeyring(ctx context.Context, c *Client, ti *TaskInfo) error { + if ti.Options == nil { + ti.Options = &runctypes.CreateOptions{} + } + opts, ok := ti.Options.(*runctypes.CreateOptions) + if !ok { + return errors.New("could not cast TaskInfo Options to CreateOptions") + } + + opts.NoNewKeyring = true + return nil +} diff --git a/vendor/github.com/containerd/containerd/vendor.conf b/vendor/github.com/containerd/containerd/vendor.conf index 2bb147bfc..4413d4bcd 100644 --- a/vendor/github.com/containerd/containerd/vendor.conf +++ b/vendor/github.com/containerd/containerd/vendor.conf @@ -4,7 +4,7 @@ github.com/containerd/cgroups fe281dd265766145e943a034aa41086474ea6130 github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788 github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c github.com/containerd/btrfs 2e1aa0ddf94f91fa282b6ed87c23bf0d64911244 -github.com/containerd/continuity 3e8f2ea4b190484acb976a5b378d373429639a1a +github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b github.com/coreos/go-systemd 48702e0da86bd25e76cfef347e2adeb434a0d0a6 github.com/docker/go-metrics 4ea375f7759c82740c893fc030bc37088d2ec098 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 @@ -18,14 +18,14 @@ github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9 github.com/matttproud/golang_protobuf_extensions v1.0.0 github.com/gogo/protobuf v1.0.0 github.com/gogo/googleapis 08a7655d27152912db7aaf4f983275eaf8d128ef -github.com/golang/protobuf 1643683e1b54a9e88ad26d98f81400c8c9d9f4f9 +github.com/golang/protobuf v1.1.0 github.com/opencontainers/runtime-spec v1.0.1 github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340 github.com/sirupsen/logrus v1.0.0 github.com/pmezard/go-difflib v1.0.0 github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c golang.org/x/net b3756b4b77d7b13260a0a2ec658753cf48922eac -google.golang.org/grpc v1.10.1 +google.golang.org/grpc v1.12.0 github.com/pkg/errors v0.8.0 github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7 golang.org/x/sys 314a259e304ff91bd6985da2a7149bbf91237993 https://github.com/golang/sys @@ -44,7 +44,7 @@ github.com/gotestyourself/gotestyourself 44dbf532bbf5767611f6f2a61bded572e337010 github.com/google/go-cmp v0.1.0 # cri dependencies -github.com/containerd/cri v1.0.0 +github.com/containerd/cri 0d01163f9cbe4f353ca1b844230eeab37cd04f35 https://github.com/ehazlett/cri github.com/containerd/go-cni f2d7272f12d045b16ed924f50e91f9f9cecc55a7 github.com/blang/semver v3.1.0 github.com/containernetworking/cni v0.6.0 diff --git a/vendor/github.com/docker/docker/contrib/README.md b/vendor/github.com/docker/docker/contrib/README.md new file mode 100644 index 000000000..92b1d9443 --- /dev/null +++ b/vendor/github.com/docker/docker/contrib/README.md @@ -0,0 +1,4 @@ +The `contrib` directory contains scripts, images, and other helpful things +which are not part of the core docker distribution. Please note that they +could be out of date, since they do not receive the same attention as the +rest of the repository. diff --git a/vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c b/vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c new file mode 100644 index 000000000..b767da7e1 --- /dev/null +++ b/vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c @@ -0,0 +1,10 @@ +#include +#include +#include + +int main(int argc, char *argv[]) +{ + printf("EUID=%d\n", geteuid()); + return 0; +} + diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/acct.c b/vendor/github.com/docker/docker/contrib/syscall-test/acct.c new file mode 100644 index 000000000..88ac28796 --- /dev/null +++ b/vendor/github.com/docker/docker/contrib/syscall-test/acct.c @@ -0,0 +1,16 @@ +#define _GNU_SOURCE +#include +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + int err = acct("/tmp/t"); + if (err == -1) { + fprintf(stderr, "acct failed: %s\n", strerror(errno)); + exit(EXIT_FAILURE); + } + exit(EXIT_SUCCESS); +} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/exit32.s b/vendor/github.com/docker/docker/contrib/syscall-test/exit32.s new file mode 100644 index 000000000..8bbb5c58b --- /dev/null +++ b/vendor/github.com/docker/docker/contrib/syscall-test/exit32.s @@ -0,0 +1,7 @@ +.globl _start +.text +_start: + xorl %eax, %eax + incl %eax + movb $0, %bl + int $0x80 diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/ns.c b/vendor/github.com/docker/docker/contrib/syscall-test/ns.c new file mode 100644 index 000000000..624388630 --- /dev/null +++ b/vendor/github.com/docker/docker/contrib/syscall-test/ns.c @@ -0,0 +1,63 @@ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define STACK_SIZE (1024 * 1024) /* Stack size for cloned child */ + +struct clone_args { + char **argv; +}; + +// child_exec is the func that will be executed as the result of clone +static int child_exec(void *stuff) +{ + struct clone_args *args = (struct clone_args *)stuff; + if (execvp(args->argv[0], args->argv) != 0) { + fprintf(stderr, "failed to execvp arguments %s\n", + strerror(errno)); + exit(-1); + } + // we should never reach here! + exit(EXIT_FAILURE); +} + +int main(int argc, char **argv) +{ + struct clone_args args; + args.argv = &argv[1]; + + int clone_flags = CLONE_NEWNS | CLONE_NEWPID | SIGCHLD; + + // allocate stack for child + char *stack; /* Start of stack buffer */ + char *child_stack; /* End of stack buffer */ + stack = + mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE, + MAP_SHARED | MAP_ANON | MAP_STACK, -1, 0); + if (stack == MAP_FAILED) { + fprintf(stderr, "mmap failed: %s\n", strerror(errno)); + exit(EXIT_FAILURE); + } + child_stack = stack + STACK_SIZE; /* Assume stack grows downward */ + + // the result of this call is that our child_exec will be run in another + // process returning its pid + pid_t pid = clone(child_exec, child_stack, clone_flags, &args); + if (pid < 0) { + fprintf(stderr, "clone failed: %s\n", strerror(errno)); + exit(EXIT_FAILURE); + } + // lets wait on our child process here before we, the parent, exits + if (waitpid(pid, NULL, 0) == -1) { + fprintf(stderr, "failed to wait pid %d\n", pid); + exit(EXIT_FAILURE); + } + exit(EXIT_SUCCESS); +} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/raw.c b/vendor/github.com/docker/docker/contrib/syscall-test/raw.c new file mode 100644 index 000000000..7995a0d3a --- /dev/null +++ b/vendor/github.com/docker/docker/contrib/syscall-test/raw.c @@ -0,0 +1,14 @@ +#include +#include +#include +#include +#include + +int main() { + if (socket(PF_INET, SOCK_RAW, IPPROTO_UDP) == -1) { + perror("socket"); + return 1; + } + + return 0; +} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/setgid.c b/vendor/github.com/docker/docker/contrib/syscall-test/setgid.c new file mode 100644 index 000000000..df9680c86 --- /dev/null +++ b/vendor/github.com/docker/docker/contrib/syscall-test/setgid.c @@ -0,0 +1,11 @@ +#include +#include +#include + +int main() { + if (setgid(1) == -1) { + perror("setgid"); + return 1; + } + return 0; +} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/setuid.c b/vendor/github.com/docker/docker/contrib/syscall-test/setuid.c new file mode 100644 index 000000000..5b939677e --- /dev/null +++ b/vendor/github.com/docker/docker/contrib/syscall-test/setuid.c @@ -0,0 +1,11 @@ +#include +#include +#include + +int main() { + if (setuid(1) == -1) { + perror("setuid"); + return 1; + } + return 0; +} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/socket.c b/vendor/github.com/docker/docker/contrib/syscall-test/socket.c new file mode 100644 index 000000000..d26c82f00 --- /dev/null +++ b/vendor/github.com/docker/docker/contrib/syscall-test/socket.c @@ -0,0 +1,30 @@ +#include +#include +#include +#include +#include +#include + +int main() { + int s; + struct sockaddr_in sin; + + s = socket(AF_INET, SOCK_STREAM, 0); + if (s == -1) { + perror("socket"); + return 1; + } + + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = INADDR_ANY; + sin.sin_port = htons(80); + + if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) == -1) { + perror("bind"); + return 1; + } + + close(s); + + return 0; +} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/userns.c b/vendor/github.com/docker/docker/contrib/syscall-test/userns.c new file mode 100644 index 000000000..4c5c8d304 --- /dev/null +++ b/vendor/github.com/docker/docker/contrib/syscall-test/userns.c @@ -0,0 +1,63 @@ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define STACK_SIZE (1024 * 1024) /* Stack size for cloned child */ + +struct clone_args { + char **argv; +}; + +// child_exec is the func that will be executed as the result of clone +static int child_exec(void *stuff) +{ + struct clone_args *args = (struct clone_args *)stuff; + if (execvp(args->argv[0], args->argv) != 0) { + fprintf(stderr, "failed to execvp arguments %s\n", + strerror(errno)); + exit(-1); + } + // we should never reach here! + exit(EXIT_FAILURE); +} + +int main(int argc, char **argv) +{ + struct clone_args args; + args.argv = &argv[1]; + + int clone_flags = CLONE_NEWUSER | SIGCHLD; + + // allocate stack for child + char *stack; /* Start of stack buffer */ + char *child_stack; /* End of stack buffer */ + stack = + mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE, + MAP_SHARED | MAP_ANON | MAP_STACK, -1, 0); + if (stack == MAP_FAILED) { + fprintf(stderr, "mmap failed: %s\n", strerror(errno)); + exit(EXIT_FAILURE); + } + child_stack = stack + STACK_SIZE; /* Assume stack grows downward */ + + // the result of this call is that our child_exec will be run in another + // process returning its pid + pid_t pid = clone(child_exec, child_stack, clone_flags, &args); + if (pid < 0) { + fprintf(stderr, "clone failed: %s\n", strerror(errno)); + exit(EXIT_FAILURE); + } + // lets wait on our child process here before we, the parent, exits + if (waitpid(pid, NULL, 0) == -1) { + fprintf(stderr, "failed to wait pid %d\n", pid); + exit(EXIT_FAILURE); + } + exit(EXIT_SUCCESS); +} diff --git a/vendor/golang.org/x/crypto/otr/libotr_test_helper.c b/vendor/golang.org/x/crypto/otr/libotr_test_helper.c new file mode 100644 index 000000000..b3ca072d4 --- /dev/null +++ b/vendor/golang.org/x/crypto/otr/libotr_test_helper.c @@ -0,0 +1,197 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// This code can be compiled and used to test the otr package against libotr. +// See otr_test.go. + +// +build ignore + +#include +#include +#include + +#include +#include +#include + +static int g_session_established = 0; + +OtrlPolicy policy(void *opdata, ConnContext *context) { + return OTRL_POLICY_ALWAYS; +} + +int is_logged_in(void *opdata, const char *accountname, const char *protocol, + const char *recipient) { + return 1; +} + +void inject_message(void *opdata, const char *accountname, const char *protocol, + const char *recipient, const char *message) { + printf("%s\n", message); + fflush(stdout); + fprintf(stderr, "libotr helper sent: %s\n", message); +} + +void update_context_list(void *opdata) {} + +void new_fingerprint(void *opdata, OtrlUserState us, const char *accountname, + const char *protocol, const char *username, + unsigned char fingerprint[20]) { + fprintf(stderr, "NEW FINGERPRINT\n"); + g_session_established = 1; +} + +void write_fingerprints(void *opdata) {} + +void gone_secure(void *opdata, ConnContext *context) {} + +void gone_insecure(void *opdata, ConnContext *context) {} + +void still_secure(void *opdata, ConnContext *context, int is_reply) {} + +int max_message_size(void *opdata, ConnContext *context) { return 99999; } + +const char *account_name(void *opdata, const char *account, + const char *protocol) { + return "ACCOUNT"; +} + +void account_name_free(void *opdata, const char *account_name) {} + +const char *error_message(void *opdata, ConnContext *context, + OtrlErrorCode err_code) { + return "ERR"; +} + +void error_message_free(void *opdata, const char *msg) {} + +void resent_msg_prefix_free(void *opdata, const char *prefix) {} + +void handle_smp_event(void *opdata, OtrlSMPEvent smp_event, + ConnContext *context, unsigned short progress_event, + char *question) {} + +void handle_msg_event(void *opdata, OtrlMessageEvent msg_event, + ConnContext *context, const char *message, + gcry_error_t err) { + fprintf(stderr, "msg event: %d %s\n", msg_event, message); +} + +OtrlMessageAppOps uiops = { + policy, + NULL, + is_logged_in, + inject_message, + update_context_list, + new_fingerprint, + write_fingerprints, + gone_secure, + gone_insecure, + still_secure, + max_message_size, + account_name, + account_name_free, + NULL, /* received_symkey */ + error_message, + error_message_free, + NULL, /* resent_msg_prefix */ + resent_msg_prefix_free, + handle_smp_event, + handle_msg_event, + NULL /* create_instag */, + NULL /* convert_msg */, + NULL /* convert_free */, + NULL /* timer_control */, +}; + +static const char kPrivateKeyData[] = + "(privkeys (account (name \"account\") (protocol proto) (private-key (dsa " + "(p " + "#00FC07ABCF0DC916AFF6E9AE47BEF60C7AB9B4D6B2469E436630E36F8A489BE812486A09F" + "30B71224508654940A835301ACC525A4FF133FC152CC53DCC59D65C30A54F1993FE13FE63E" + "5823D4C746DB21B90F9B9C00B49EC7404AB1D929BA7FBA12F2E45C6E0A651689750E8528AB" + "8C031D3561FECEE72EBB4A090D450A9B7A857#) (q " + "#00997BD266EF7B1F60A5C23F3A741F2AEFD07A2081#) (g " + "#535E360E8A95EBA46A4F7DE50AD6E9B2A6DB785A66B64EB9F20338D2A3E8FB0E94725848F" + "1AA6CC567CB83A1CC517EC806F2E92EAE71457E80B2210A189B91250779434B41FC8A8873F" + "6DB94BEA7D177F5D59E7E114EE10A49CFD9CEF88AE43387023B672927BA74B04EB6BBB5E57" + "597766A2F9CE3857D7ACE3E1E3BC1FC6F26#) (y " + "#0AC8670AD767D7A8D9D14CC1AC6744CD7D76F993B77FFD9E39DF01E5A6536EF65E775FCEF" + "2A983E2A19BD6415500F6979715D9FD1257E1FE2B6F5E1E74B333079E7C880D39868462A93" + "454B41877BE62E5EF0A041C2EE9C9E76BD1E12AE25D9628DECB097025DD625EF49C3258A1A" + "3C0FF501E3DC673B76D7BABF349009B6ECF#) (x " + "#14D0345A3562C480A039E3C72764F72D79043216#)))))\n"; + +int main() { + OTRL_INIT; + + // We have to write the private key information to a file because the libotr + // API demands a filename to read from. + const char *tmpdir = "/tmp"; + if (getenv("TMP")) { + tmpdir = getenv("TMP"); + } + + char private_key_file[256]; + snprintf(private_key_file, sizeof(private_key_file), + "%s/libotr_test_helper_privatekeys-XXXXXX", tmpdir); + int fd = mkstemp(private_key_file); + if (fd == -1) { + perror("creating temp file"); + } + write(fd, kPrivateKeyData, sizeof(kPrivateKeyData) - 1); + close(fd); + + OtrlUserState userstate = otrl_userstate_create(); + otrl_privkey_read(userstate, private_key_file); + unlink(private_key_file); + + fprintf(stderr, "libotr helper started\n"); + + char buf[4096]; + + for (;;) { + char *message = fgets(buf, sizeof(buf), stdin); + if (strlen(message) == 0) { + break; + } + message[strlen(message) - 1] = 0; + fprintf(stderr, "libotr helper got: %s\n", message); + + char *newmessage = NULL; + OtrlTLV *tlvs; + int ignore_message = otrl_message_receiving( + userstate, &uiops, NULL, "account", "proto", "peer", message, + &newmessage, &tlvs, NULL, NULL, NULL); + if (tlvs) { + otrl_tlv_free(tlvs); + } + + if (newmessage != NULL) { + fprintf(stderr, "libotr got: %s\n", newmessage); + otrl_message_free(newmessage); + + gcry_error_t err; + char *newmessage = NULL; + + err = otrl_message_sending(userstate, &uiops, NULL, "account", "proto", + "peer", 0, "test message", NULL, &newmessage, + OTRL_FRAGMENT_SEND_SKIP, NULL, NULL, NULL); + if (newmessage == NULL) { + fprintf(stderr, "libotr didn't encrypt message\n"); + return 1; + } + write(1, newmessage, strlen(newmessage)); + write(1, "\n", 1); + fprintf(stderr, "libotr sent: %s\n", newmessage); + otrl_message_free(newmessage); + + g_session_established = 0; + write(1, "?OTRv2?\n", 8); + fprintf(stderr, "libotr sent: ?OTRv2\n"); + } + } + + return 0; +} diff --git a/vendor/golang.org/x/crypto/otr/otr.go b/vendor/golang.org/x/crypto/otr/otr.go new file mode 100644 index 000000000..173b753db --- /dev/null +++ b/vendor/golang.org/x/crypto/otr/otr.go @@ -0,0 +1,1415 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package otr implements the Off The Record protocol as specified in +// http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html +package otr // import "golang.org/x/crypto/otr" + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "crypto/dsa" + "crypto/hmac" + "crypto/rand" + "crypto/sha1" + "crypto/sha256" + "crypto/subtle" + "encoding/base64" + "encoding/hex" + "errors" + "hash" + "io" + "math/big" + "strconv" +) + +// SecurityChange describes a change in the security state of a Conversation. +type SecurityChange int + +const ( + NoChange SecurityChange = iota + // NewKeys indicates that a key exchange has completed. This occurs + // when a conversation first becomes encrypted, and when the keys are + // renegotiated within an encrypted conversation. + NewKeys + // SMPSecretNeeded indicates that the peer has started an + // authentication and that we need to supply a secret. Call SMPQuestion + // to get the optional, human readable challenge and then Authenticate + // to supply the matching secret. + SMPSecretNeeded + // SMPComplete indicates that an authentication completed. The identity + // of the peer has now been confirmed. + SMPComplete + // SMPFailed indicates that an authentication failed. + SMPFailed + // ConversationEnded indicates that the peer ended the secure + // conversation. + ConversationEnded +) + +// QueryMessage can be sent to a peer to start an OTR conversation. +var QueryMessage = "?OTRv2?" + +// ErrorPrefix can be used to make an OTR error by appending an error message +// to it. +var ErrorPrefix = "?OTR Error:" + +var ( + fragmentPartSeparator = []byte(",") + fragmentPrefix = []byte("?OTR,") + msgPrefix = []byte("?OTR:") + queryMarker = []byte("?OTR") +) + +// isQuery attempts to parse an OTR query from msg and returns the greatest +// common version, or 0 if msg is not an OTR query. +func isQuery(msg []byte) (greatestCommonVersion int) { + pos := bytes.Index(msg, queryMarker) + if pos == -1 { + return 0 + } + for i, c := range msg[pos+len(queryMarker):] { + if i == 0 { + if c == '?' { + // Indicates support for version 1, but we don't + // implement that. + continue + } + + if c != 'v' { + // Invalid message + return 0 + } + + continue + } + + if c == '?' { + // End of message + return + } + + if c == ' ' || c == '\t' { + // Probably an invalid message + return 0 + } + + if c == '2' { + greatestCommonVersion = 2 + } + } + + return 0 +} + +const ( + statePlaintext = iota + stateEncrypted + stateFinished +) + +const ( + authStateNone = iota + authStateAwaitingDHKey + authStateAwaitingRevealSig + authStateAwaitingSig +) + +const ( + msgTypeDHCommit = 2 + msgTypeData = 3 + msgTypeDHKey = 10 + msgTypeRevealSig = 17 + msgTypeSig = 18 +) + +const ( + // If the requested fragment size is less than this, it will be ignored. + minFragmentSize = 18 + // Messages are padded to a multiple of this number of bytes. + paddingGranularity = 256 + // The number of bytes in a Diffie-Hellman private value (320-bits). + dhPrivateBytes = 40 + // The number of bytes needed to represent an element of the DSA + // subgroup (160-bits). + dsaSubgroupBytes = 20 + // The number of bytes of the MAC that are sent on the wire (160-bits). + macPrefixBytes = 20 +) + +// These are the global, common group parameters for OTR. +var ( + p *big.Int // group prime + g *big.Int // group generator + q *big.Int // group order + pMinus2 *big.Int +) + +func init() { + p, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF", 16) + q, _ = new(big.Int).SetString("7FFFFFFFFFFFFFFFE487ED5110B4611A62633145C06E0E68948127044533E63A0105DF531D89CD9128A5043CC71A026EF7CA8CD9E69D218D98158536F92F8A1BA7F09AB6B6A8E122F242DABB312F3F637A262174D31BF6B585FFAE5B7A035BF6F71C35FDAD44CFD2D74F9208BE258FF324943328F6722D9EE1003E5C50B1DF82CC6D241B0E2AE9CD348B1FD47E9267AFC1B2AE91EE51D6CB0E3179AB1042A95DCF6A9483B84B4B36B3861AA7255E4C0278BA36046511B993FFFFFFFFFFFFFFFF", 16) + g = new(big.Int).SetInt64(2) + pMinus2 = new(big.Int).Sub(p, g) +} + +// Conversation represents a relation with a peer. The zero value is a valid +// Conversation, although PrivateKey must be set. +// +// When communicating with a peer, all inbound messages should be passed to +// Conversation.Receive and all outbound messages to Conversation.Send. The +// Conversation will take care of maintaining the encryption state and +// negotiating encryption as needed. +type Conversation struct { + // PrivateKey contains the private key to use to sign key exchanges. + PrivateKey *PrivateKey + + // Rand can be set to override the entropy source. Otherwise, + // crypto/rand will be used. + Rand io.Reader + // If FragmentSize is set, all messages produced by Receive and Send + // will be fragmented into messages of, at most, this number of bytes. + FragmentSize int + + // Once Receive has returned NewKeys once, the following fields are + // valid. + SSID [8]byte + TheirPublicKey PublicKey + + state, authState int + + r [16]byte + x, y *big.Int + gx, gy *big.Int + gxBytes []byte + digest [sha256.Size]byte + + revealKeys, sigKeys akeKeys + + myKeyId uint32 + myCurrentDHPub *big.Int + myCurrentDHPriv *big.Int + myLastDHPub *big.Int + myLastDHPriv *big.Int + + theirKeyId uint32 + theirCurrentDHPub *big.Int + theirLastDHPub *big.Int + + keySlots [4]keySlot + + myCounter [8]byte + theirLastCtr [8]byte + oldMACs []byte + + k, n int // fragment state + frag []byte + + smp smpState +} + +// A keySlot contains key material for a specific (their keyid, my keyid) pair. +type keySlot struct { + // used is true if this slot is valid. If false, it's free for reuse. + used bool + theirKeyId uint32 + myKeyId uint32 + sendAESKey, recvAESKey []byte + sendMACKey, recvMACKey []byte + theirLastCtr [8]byte +} + +// akeKeys are generated during key exchange. There's one set for the reveal +// signature message and another for the signature message. In the protocol +// spec the latter are indicated with a prime mark. +type akeKeys struct { + c [16]byte + m1, m2 [32]byte +} + +func (c *Conversation) rand() io.Reader { + if c.Rand != nil { + return c.Rand + } + return rand.Reader +} + +func (c *Conversation) randMPI(buf []byte) *big.Int { + _, err := io.ReadFull(c.rand(), buf) + if err != nil { + panic("otr: short read from random source") + } + + return new(big.Int).SetBytes(buf) +} + +// tlv represents the type-length value from the protocol. +type tlv struct { + typ, length uint16 + data []byte +} + +const ( + tlvTypePadding = 0 + tlvTypeDisconnected = 1 + tlvTypeSMP1 = 2 + tlvTypeSMP2 = 3 + tlvTypeSMP3 = 4 + tlvTypeSMP4 = 5 + tlvTypeSMPAbort = 6 + tlvTypeSMP1WithQuestion = 7 +) + +// Receive handles a message from a peer. It returns a human readable message, +// an indicator of whether that message was encrypted, a hint about the +// encryption state and zero or more messages to send back to the peer. +// These messages do not need to be passed to Send before transmission. +func (c *Conversation) Receive(in []byte) (out []byte, encrypted bool, change SecurityChange, toSend [][]byte, err error) { + if bytes.HasPrefix(in, fragmentPrefix) { + in, err = c.processFragment(in) + if in == nil || err != nil { + return + } + } + + if bytes.HasPrefix(in, msgPrefix) && in[len(in)-1] == '.' { + in = in[len(msgPrefix) : len(in)-1] + } else if version := isQuery(in); version > 0 { + c.authState = authStateAwaitingDHKey + c.reset() + toSend = c.encode(c.generateDHCommit()) + return + } else { + // plaintext message + out = in + return + } + + msg := make([]byte, base64.StdEncoding.DecodedLen(len(in))) + msgLen, err := base64.StdEncoding.Decode(msg, in) + if err != nil { + err = errors.New("otr: invalid base64 encoding in message") + return + } + msg = msg[:msgLen] + + // The first two bytes are the protocol version (2) + if len(msg) < 3 || msg[0] != 0 || msg[1] != 2 { + err = errors.New("otr: invalid OTR message") + return + } + + msgType := int(msg[2]) + msg = msg[3:] + + switch msgType { + case msgTypeDHCommit: + switch c.authState { + case authStateNone: + c.authState = authStateAwaitingRevealSig + if err = c.processDHCommit(msg); err != nil { + return + } + c.reset() + toSend = c.encode(c.generateDHKey()) + return + case authStateAwaitingDHKey: + // This is a 'SYN-crossing'. The greater digest wins. + var cmp int + if cmp, err = c.compareToDHCommit(msg); err != nil { + return + } + if cmp > 0 { + // We win. Retransmit DH commit. + toSend = c.encode(c.serializeDHCommit()) + return + } else { + // They win. We forget about our DH commit. + c.authState = authStateAwaitingRevealSig + if err = c.processDHCommit(msg); err != nil { + return + } + c.reset() + toSend = c.encode(c.generateDHKey()) + return + } + case authStateAwaitingRevealSig: + if err = c.processDHCommit(msg); err != nil { + return + } + toSend = c.encode(c.serializeDHKey()) + case authStateAwaitingSig: + if err = c.processDHCommit(msg); err != nil { + return + } + c.reset() + toSend = c.encode(c.generateDHKey()) + c.authState = authStateAwaitingRevealSig + default: + panic("bad state") + } + case msgTypeDHKey: + switch c.authState { + case authStateAwaitingDHKey: + var isSame bool + if isSame, err = c.processDHKey(msg); err != nil { + return + } + if isSame { + err = errors.New("otr: unexpected duplicate DH key") + return + } + toSend = c.encode(c.generateRevealSig()) + c.authState = authStateAwaitingSig + case authStateAwaitingSig: + var isSame bool + if isSame, err = c.processDHKey(msg); err != nil { + return + } + if isSame { + toSend = c.encode(c.serializeDHKey()) + } + } + case msgTypeRevealSig: + if c.authState != authStateAwaitingRevealSig { + return + } + if err = c.processRevealSig(msg); err != nil { + return + } + toSend = c.encode(c.generateSig()) + c.authState = authStateNone + c.state = stateEncrypted + change = NewKeys + case msgTypeSig: + if c.authState != authStateAwaitingSig { + return + } + if err = c.processSig(msg); err != nil { + return + } + c.authState = authStateNone + c.state = stateEncrypted + change = NewKeys + case msgTypeData: + if c.state != stateEncrypted { + err = errors.New("otr: encrypted message received without encrypted session established") + return + } + var tlvs []tlv + out, tlvs, err = c.processData(msg) + encrypted = true + + EachTLV: + for _, inTLV := range tlvs { + switch inTLV.typ { + case tlvTypeDisconnected: + change = ConversationEnded + c.state = stateFinished + break EachTLV + case tlvTypeSMP1, tlvTypeSMP2, tlvTypeSMP3, tlvTypeSMP4, tlvTypeSMPAbort, tlvTypeSMP1WithQuestion: + var reply tlv + var complete bool + reply, complete, err = c.processSMP(inTLV) + if err == smpSecretMissingError { + err = nil + change = SMPSecretNeeded + c.smp.saved = &inTLV + return + } + if err == smpFailureError { + err = nil + change = SMPFailed + } else if complete { + change = SMPComplete + } + if reply.typ != 0 { + toSend = c.encode(c.generateData(nil, &reply)) + } + break EachTLV + default: + // skip unknown TLVs + } + } + default: + err = errors.New("otr: unknown message type " + strconv.Itoa(msgType)) + } + + return +} + +// Send takes a human readable message from the local user, possibly encrypts +// it and returns zero one or more messages to send to the peer. +func (c *Conversation) Send(msg []byte) ([][]byte, error) { + switch c.state { + case statePlaintext: + return [][]byte{msg}, nil + case stateEncrypted: + return c.encode(c.generateData(msg, nil)), nil + case stateFinished: + return nil, errors.New("otr: cannot send message because secure conversation has finished") + } + + return nil, errors.New("otr: cannot send message in current state") +} + +// SMPQuestion returns the human readable challenge question from the peer. +// It's only valid after Receive has returned SMPSecretNeeded. +func (c *Conversation) SMPQuestion() string { + return c.smp.question +} + +// Authenticate begins an authentication with the peer. Authentication involves +// an optional challenge message and a shared secret. The authentication +// proceeds until either Receive returns SMPComplete, SMPSecretNeeded (which +// indicates that a new authentication is happening and thus this one was +// aborted) or SMPFailed. +func (c *Conversation) Authenticate(question string, mutualSecret []byte) (toSend [][]byte, err error) { + if c.state != stateEncrypted { + err = errors.New("otr: can't authenticate a peer without a secure conversation established") + return + } + + if c.smp.saved != nil { + c.calcSMPSecret(mutualSecret, false /* they started it */) + + var out tlv + var complete bool + out, complete, err = c.processSMP(*c.smp.saved) + if complete { + panic("SMP completed on the first message") + } + c.smp.saved = nil + if out.typ != 0 { + toSend = c.encode(c.generateData(nil, &out)) + } + return + } + + c.calcSMPSecret(mutualSecret, true /* we started it */) + outs := c.startSMP(question) + for _, out := range outs { + toSend = append(toSend, c.encode(c.generateData(nil, &out))...) + } + return +} + +// End ends a secure conversation by generating a termination message for +// the peer and switches to unencrypted communication. +func (c *Conversation) End() (toSend [][]byte) { + switch c.state { + case statePlaintext: + return nil + case stateEncrypted: + c.state = statePlaintext + return c.encode(c.generateData(nil, &tlv{typ: tlvTypeDisconnected})) + case stateFinished: + c.state = statePlaintext + return nil + } + panic("unreachable") +} + +// IsEncrypted returns true if a message passed to Send would be encrypted +// before transmission. This result remains valid until the next call to +// Receive or End, which may change the state of the Conversation. +func (c *Conversation) IsEncrypted() bool { + return c.state == stateEncrypted +} + +var fragmentError = errors.New("otr: invalid OTR fragment") + +// processFragment processes a fragmented OTR message and possibly returns a +// complete message. Fragmented messages look like "?OTR,k,n,msg," where k is +// the fragment number (starting from 1), n is the number of fragments in this +// message and msg is a substring of the base64 encoded message. +func (c *Conversation) processFragment(in []byte) (out []byte, err error) { + in = in[len(fragmentPrefix):] // remove "?OTR," + parts := bytes.Split(in, fragmentPartSeparator) + if len(parts) != 4 || len(parts[3]) != 0 { + return nil, fragmentError + } + + k, err := strconv.Atoi(string(parts[0])) + if err != nil { + return nil, fragmentError + } + + n, err := strconv.Atoi(string(parts[1])) + if err != nil { + return nil, fragmentError + } + + if k < 1 || n < 1 || k > n { + return nil, fragmentError + } + + if k == 1 { + c.frag = append(c.frag[:0], parts[2]...) + c.k, c.n = k, n + } else if n == c.n && k == c.k+1 { + c.frag = append(c.frag, parts[2]...) + c.k++ + } else { + c.frag = c.frag[:0] + c.n, c.k = 0, 0 + } + + if c.n > 0 && c.k == c.n { + c.n, c.k = 0, 0 + return c.frag, nil + } + + return nil, nil +} + +func (c *Conversation) generateDHCommit() []byte { + _, err := io.ReadFull(c.rand(), c.r[:]) + if err != nil { + panic("otr: short read from random source") + } + + var xBytes [dhPrivateBytes]byte + c.x = c.randMPI(xBytes[:]) + c.gx = new(big.Int).Exp(g, c.x, p) + c.gy = nil + c.gxBytes = appendMPI(nil, c.gx) + + h := sha256.New() + h.Write(c.gxBytes) + h.Sum(c.digest[:0]) + + aesCipher, err := aes.NewCipher(c.r[:]) + if err != nil { + panic(err.Error()) + } + + var iv [aes.BlockSize]byte + ctr := cipher.NewCTR(aesCipher, iv[:]) + ctr.XORKeyStream(c.gxBytes, c.gxBytes) + + return c.serializeDHCommit() +} + +func (c *Conversation) serializeDHCommit() []byte { + var ret []byte + ret = appendU16(ret, 2) // protocol version + ret = append(ret, msgTypeDHCommit) + ret = appendData(ret, c.gxBytes) + ret = appendData(ret, c.digest[:]) + return ret +} + +func (c *Conversation) processDHCommit(in []byte) error { + var ok1, ok2 bool + c.gxBytes, in, ok1 = getData(in) + digest, in, ok2 := getData(in) + if !ok1 || !ok2 || len(in) > 0 { + return errors.New("otr: corrupt DH commit message") + } + copy(c.digest[:], digest) + return nil +} + +func (c *Conversation) compareToDHCommit(in []byte) (int, error) { + _, in, ok1 := getData(in) + digest, in, ok2 := getData(in) + if !ok1 || !ok2 || len(in) > 0 { + return 0, errors.New("otr: corrupt DH commit message") + } + return bytes.Compare(c.digest[:], digest), nil +} + +func (c *Conversation) generateDHKey() []byte { + var yBytes [dhPrivateBytes]byte + c.y = c.randMPI(yBytes[:]) + c.gy = new(big.Int).Exp(g, c.y, p) + return c.serializeDHKey() +} + +func (c *Conversation) serializeDHKey() []byte { + var ret []byte + ret = appendU16(ret, 2) // protocol version + ret = append(ret, msgTypeDHKey) + ret = appendMPI(ret, c.gy) + return ret +} + +func (c *Conversation) processDHKey(in []byte) (isSame bool, err error) { + gy, in, ok := getMPI(in) + if !ok { + err = errors.New("otr: corrupt DH key message") + return + } + if gy.Cmp(g) < 0 || gy.Cmp(pMinus2) > 0 { + err = errors.New("otr: DH value out of range") + return + } + if c.gy != nil { + isSame = c.gy.Cmp(gy) == 0 + return + } + c.gy = gy + return +} + +func (c *Conversation) generateEncryptedSignature(keys *akeKeys, xFirst bool) ([]byte, []byte) { + var xb []byte + xb = c.PrivateKey.PublicKey.Serialize(xb) + + var verifyData []byte + if xFirst { + verifyData = appendMPI(verifyData, c.gx) + verifyData = appendMPI(verifyData, c.gy) + } else { + verifyData = appendMPI(verifyData, c.gy) + verifyData = appendMPI(verifyData, c.gx) + } + verifyData = append(verifyData, xb...) + verifyData = appendU32(verifyData, c.myKeyId) + + mac := hmac.New(sha256.New, keys.m1[:]) + mac.Write(verifyData) + mb := mac.Sum(nil) + + xb = appendU32(xb, c.myKeyId) + xb = append(xb, c.PrivateKey.Sign(c.rand(), mb)...) + + aesCipher, err := aes.NewCipher(keys.c[:]) + if err != nil { + panic(err.Error()) + } + var iv [aes.BlockSize]byte + ctr := cipher.NewCTR(aesCipher, iv[:]) + ctr.XORKeyStream(xb, xb) + + mac = hmac.New(sha256.New, keys.m2[:]) + encryptedSig := appendData(nil, xb) + mac.Write(encryptedSig) + + return encryptedSig, mac.Sum(nil) +} + +func (c *Conversation) generateRevealSig() []byte { + s := new(big.Int).Exp(c.gy, c.x, p) + c.calcAKEKeys(s) + c.myKeyId++ + + encryptedSig, mac := c.generateEncryptedSignature(&c.revealKeys, true /* gx comes first */) + + c.myCurrentDHPub = c.gx + c.myCurrentDHPriv = c.x + c.rotateDHKeys() + incCounter(&c.myCounter) + + var ret []byte + ret = appendU16(ret, 2) + ret = append(ret, msgTypeRevealSig) + ret = appendData(ret, c.r[:]) + ret = append(ret, encryptedSig...) + ret = append(ret, mac[:20]...) + return ret +} + +func (c *Conversation) processEncryptedSig(encryptedSig, theirMAC []byte, keys *akeKeys, xFirst bool) error { + mac := hmac.New(sha256.New, keys.m2[:]) + mac.Write(appendData(nil, encryptedSig)) + myMAC := mac.Sum(nil)[:20] + + if len(myMAC) != len(theirMAC) || subtle.ConstantTimeCompare(myMAC, theirMAC) == 0 { + return errors.New("bad signature MAC in encrypted signature") + } + + aesCipher, err := aes.NewCipher(keys.c[:]) + if err != nil { + panic(err.Error()) + } + var iv [aes.BlockSize]byte + ctr := cipher.NewCTR(aesCipher, iv[:]) + ctr.XORKeyStream(encryptedSig, encryptedSig) + + sig := encryptedSig + sig, ok1 := c.TheirPublicKey.Parse(sig) + keyId, sig, ok2 := getU32(sig) + if !ok1 || !ok2 { + return errors.New("otr: corrupt encrypted signature") + } + + var verifyData []byte + if xFirst { + verifyData = appendMPI(verifyData, c.gx) + verifyData = appendMPI(verifyData, c.gy) + } else { + verifyData = appendMPI(verifyData, c.gy) + verifyData = appendMPI(verifyData, c.gx) + } + verifyData = c.TheirPublicKey.Serialize(verifyData) + verifyData = appendU32(verifyData, keyId) + + mac = hmac.New(sha256.New, keys.m1[:]) + mac.Write(verifyData) + mb := mac.Sum(nil) + + sig, ok1 = c.TheirPublicKey.Verify(mb, sig) + if !ok1 { + return errors.New("bad signature in encrypted signature") + } + if len(sig) > 0 { + return errors.New("corrupt encrypted signature") + } + + c.theirKeyId = keyId + zero(c.theirLastCtr[:]) + return nil +} + +func (c *Conversation) processRevealSig(in []byte) error { + r, in, ok1 := getData(in) + encryptedSig, in, ok2 := getData(in) + theirMAC := in + if !ok1 || !ok2 || len(theirMAC) != 20 { + return errors.New("otr: corrupt reveal signature message") + } + + aesCipher, err := aes.NewCipher(r) + if err != nil { + return errors.New("otr: cannot create AES cipher from reveal signature message: " + err.Error()) + } + var iv [aes.BlockSize]byte + ctr := cipher.NewCTR(aesCipher, iv[:]) + ctr.XORKeyStream(c.gxBytes, c.gxBytes) + h := sha256.New() + h.Write(c.gxBytes) + digest := h.Sum(nil) + if len(digest) != len(c.digest) || subtle.ConstantTimeCompare(digest, c.digest[:]) == 0 { + return errors.New("otr: bad commit MAC in reveal signature message") + } + var rest []byte + c.gx, rest, ok1 = getMPI(c.gxBytes) + if !ok1 || len(rest) > 0 { + return errors.New("otr: gx corrupt after decryption") + } + if c.gx.Cmp(g) < 0 || c.gx.Cmp(pMinus2) > 0 { + return errors.New("otr: DH value out of range") + } + s := new(big.Int).Exp(c.gx, c.y, p) + c.calcAKEKeys(s) + + if err := c.processEncryptedSig(encryptedSig, theirMAC, &c.revealKeys, true /* gx comes first */); err != nil { + return errors.New("otr: in reveal signature message: " + err.Error()) + } + + c.theirCurrentDHPub = c.gx + c.theirLastDHPub = nil + + return nil +} + +func (c *Conversation) generateSig() []byte { + c.myKeyId++ + + encryptedSig, mac := c.generateEncryptedSignature(&c.sigKeys, false /* gy comes first */) + + c.myCurrentDHPub = c.gy + c.myCurrentDHPriv = c.y + c.rotateDHKeys() + incCounter(&c.myCounter) + + var ret []byte + ret = appendU16(ret, 2) + ret = append(ret, msgTypeSig) + ret = append(ret, encryptedSig...) + ret = append(ret, mac[:macPrefixBytes]...) + return ret +} + +func (c *Conversation) processSig(in []byte) error { + encryptedSig, in, ok1 := getData(in) + theirMAC := in + if !ok1 || len(theirMAC) != macPrefixBytes { + return errors.New("otr: corrupt signature message") + } + + if err := c.processEncryptedSig(encryptedSig, theirMAC, &c.sigKeys, false /* gy comes first */); err != nil { + return errors.New("otr: in signature message: " + err.Error()) + } + + c.theirCurrentDHPub = c.gy + c.theirLastDHPub = nil + + return nil +} + +func (c *Conversation) rotateDHKeys() { + // evict slots using our retired key id + for i := range c.keySlots { + slot := &c.keySlots[i] + if slot.used && slot.myKeyId == c.myKeyId-1 { + slot.used = false + c.oldMACs = append(c.oldMACs, slot.recvMACKey...) + } + } + + c.myLastDHPriv = c.myCurrentDHPriv + c.myLastDHPub = c.myCurrentDHPub + + var xBytes [dhPrivateBytes]byte + c.myCurrentDHPriv = c.randMPI(xBytes[:]) + c.myCurrentDHPub = new(big.Int).Exp(g, c.myCurrentDHPriv, p) + c.myKeyId++ +} + +func (c *Conversation) processData(in []byte) (out []byte, tlvs []tlv, err error) { + origIn := in + flags, in, ok1 := getU8(in) + theirKeyId, in, ok2 := getU32(in) + myKeyId, in, ok3 := getU32(in) + y, in, ok4 := getMPI(in) + counter, in, ok5 := getNBytes(in, 8) + encrypted, in, ok6 := getData(in) + macedData := origIn[:len(origIn)-len(in)] + theirMAC, in, ok7 := getNBytes(in, macPrefixBytes) + _, in, ok8 := getData(in) + if !ok1 || !ok2 || !ok3 || !ok4 || !ok5 || !ok6 || !ok7 || !ok8 || len(in) > 0 { + err = errors.New("otr: corrupt data message") + return + } + + ignoreErrors := flags&1 != 0 + + slot, err := c.calcDataKeys(myKeyId, theirKeyId) + if err != nil { + if ignoreErrors { + err = nil + } + return + } + + mac := hmac.New(sha1.New, slot.recvMACKey) + mac.Write([]byte{0, 2, 3}) + mac.Write(macedData) + myMAC := mac.Sum(nil) + if len(myMAC) != len(theirMAC) || subtle.ConstantTimeCompare(myMAC, theirMAC) == 0 { + if !ignoreErrors { + err = errors.New("otr: bad MAC on data message") + } + return + } + + if bytes.Compare(counter, slot.theirLastCtr[:]) <= 0 { + err = errors.New("otr: counter regressed") + return + } + copy(slot.theirLastCtr[:], counter) + + var iv [aes.BlockSize]byte + copy(iv[:], counter) + aesCipher, err := aes.NewCipher(slot.recvAESKey) + if err != nil { + panic(err.Error()) + } + ctr := cipher.NewCTR(aesCipher, iv[:]) + ctr.XORKeyStream(encrypted, encrypted) + decrypted := encrypted + + if myKeyId == c.myKeyId { + c.rotateDHKeys() + } + if theirKeyId == c.theirKeyId { + // evict slots using their retired key id + for i := range c.keySlots { + slot := &c.keySlots[i] + if slot.used && slot.theirKeyId == theirKeyId-1 { + slot.used = false + c.oldMACs = append(c.oldMACs, slot.recvMACKey...) + } + } + + c.theirLastDHPub = c.theirCurrentDHPub + c.theirKeyId++ + c.theirCurrentDHPub = y + } + + if nulPos := bytes.IndexByte(decrypted, 0); nulPos >= 0 { + out = decrypted[:nulPos] + tlvData := decrypted[nulPos+1:] + for len(tlvData) > 0 { + var t tlv + var ok1, ok2, ok3 bool + + t.typ, tlvData, ok1 = getU16(tlvData) + t.length, tlvData, ok2 = getU16(tlvData) + t.data, tlvData, ok3 = getNBytes(tlvData, int(t.length)) + if !ok1 || !ok2 || !ok3 { + err = errors.New("otr: corrupt tlv data") + return + } + tlvs = append(tlvs, t) + } + } else { + out = decrypted + } + + return +} + +func (c *Conversation) generateData(msg []byte, extra *tlv) []byte { + slot, err := c.calcDataKeys(c.myKeyId-1, c.theirKeyId) + if err != nil { + panic("otr: failed to generate sending keys: " + err.Error()) + } + + var plaintext []byte + plaintext = append(plaintext, msg...) + plaintext = append(plaintext, 0) + + padding := paddingGranularity - ((len(plaintext) + 4) % paddingGranularity) + plaintext = appendU16(plaintext, tlvTypePadding) + plaintext = appendU16(plaintext, uint16(padding)) + for i := 0; i < padding; i++ { + plaintext = append(plaintext, 0) + } + + if extra != nil { + plaintext = appendU16(plaintext, extra.typ) + plaintext = appendU16(plaintext, uint16(len(extra.data))) + plaintext = append(plaintext, extra.data...) + } + + encrypted := make([]byte, len(plaintext)) + + var iv [aes.BlockSize]byte + copy(iv[:], c.myCounter[:]) + aesCipher, err := aes.NewCipher(slot.sendAESKey) + if err != nil { + panic(err.Error()) + } + ctr := cipher.NewCTR(aesCipher, iv[:]) + ctr.XORKeyStream(encrypted, plaintext) + + var ret []byte + ret = appendU16(ret, 2) + ret = append(ret, msgTypeData) + ret = append(ret, 0 /* flags */) + ret = appendU32(ret, c.myKeyId-1) + ret = appendU32(ret, c.theirKeyId) + ret = appendMPI(ret, c.myCurrentDHPub) + ret = append(ret, c.myCounter[:]...) + ret = appendData(ret, encrypted) + + mac := hmac.New(sha1.New, slot.sendMACKey) + mac.Write(ret) + ret = append(ret, mac.Sum(nil)[:macPrefixBytes]...) + ret = appendData(ret, c.oldMACs) + c.oldMACs = nil + incCounter(&c.myCounter) + + return ret +} + +func incCounter(counter *[8]byte) { + for i := 7; i >= 0; i-- { + counter[i]++ + if counter[i] > 0 { + break + } + } +} + +// calcDataKeys computes the keys used to encrypt a data message given the key +// IDs. +func (c *Conversation) calcDataKeys(myKeyId, theirKeyId uint32) (slot *keySlot, err error) { + // Check for a cache hit. + for i := range c.keySlots { + slot = &c.keySlots[i] + if slot.used && slot.theirKeyId == theirKeyId && slot.myKeyId == myKeyId { + return + } + } + + // Find an empty slot to write into. + slot = nil + for i := range c.keySlots { + if !c.keySlots[i].used { + slot = &c.keySlots[i] + break + } + } + if slot == nil { + return nil, errors.New("otr: internal error: no more key slots") + } + + var myPriv, myPub, theirPub *big.Int + + if myKeyId == c.myKeyId { + myPriv = c.myCurrentDHPriv + myPub = c.myCurrentDHPub + } else if myKeyId == c.myKeyId-1 { + myPriv = c.myLastDHPriv + myPub = c.myLastDHPub + } else { + err = errors.New("otr: peer requested keyid " + strconv.FormatUint(uint64(myKeyId), 10) + " when I'm on " + strconv.FormatUint(uint64(c.myKeyId), 10)) + return + } + + if theirKeyId == c.theirKeyId { + theirPub = c.theirCurrentDHPub + } else if theirKeyId == c.theirKeyId-1 && c.theirLastDHPub != nil { + theirPub = c.theirLastDHPub + } else { + err = errors.New("otr: peer requested keyid " + strconv.FormatUint(uint64(myKeyId), 10) + " when they're on " + strconv.FormatUint(uint64(c.myKeyId), 10)) + return + } + + var sendPrefixByte, recvPrefixByte [1]byte + + if myPub.Cmp(theirPub) > 0 { + // we're the high end + sendPrefixByte[0], recvPrefixByte[0] = 1, 2 + } else { + // we're the low end + sendPrefixByte[0], recvPrefixByte[0] = 2, 1 + } + + s := new(big.Int).Exp(theirPub, myPriv, p) + sBytes := appendMPI(nil, s) + + h := sha1.New() + h.Write(sendPrefixByte[:]) + h.Write(sBytes) + slot.sendAESKey = h.Sum(slot.sendAESKey[:0])[:16] + + h.Reset() + h.Write(slot.sendAESKey) + slot.sendMACKey = h.Sum(slot.sendMACKey[:0]) + + h.Reset() + h.Write(recvPrefixByte[:]) + h.Write(sBytes) + slot.recvAESKey = h.Sum(slot.recvAESKey[:0])[:16] + + h.Reset() + h.Write(slot.recvAESKey) + slot.recvMACKey = h.Sum(slot.recvMACKey[:0]) + + slot.theirKeyId = theirKeyId + slot.myKeyId = myKeyId + slot.used = true + + zero(slot.theirLastCtr[:]) + return +} + +func (c *Conversation) calcAKEKeys(s *big.Int) { + mpi := appendMPI(nil, s) + h := sha256.New() + + var cBytes [32]byte + hashWithPrefix(c.SSID[:], 0, mpi, h) + + hashWithPrefix(cBytes[:], 1, mpi, h) + copy(c.revealKeys.c[:], cBytes[:16]) + copy(c.sigKeys.c[:], cBytes[16:]) + + hashWithPrefix(c.revealKeys.m1[:], 2, mpi, h) + hashWithPrefix(c.revealKeys.m2[:], 3, mpi, h) + hashWithPrefix(c.sigKeys.m1[:], 4, mpi, h) + hashWithPrefix(c.sigKeys.m2[:], 5, mpi, h) +} + +func hashWithPrefix(out []byte, prefix byte, in []byte, h hash.Hash) { + h.Reset() + var p [1]byte + p[0] = prefix + h.Write(p[:]) + h.Write(in) + if len(out) == h.Size() { + h.Sum(out[:0]) + } else { + digest := h.Sum(nil) + copy(out, digest) + } +} + +func (c *Conversation) encode(msg []byte) [][]byte { + b64 := make([]byte, base64.StdEncoding.EncodedLen(len(msg))+len(msgPrefix)+1) + base64.StdEncoding.Encode(b64[len(msgPrefix):], msg) + copy(b64, msgPrefix) + b64[len(b64)-1] = '.' + + if c.FragmentSize < minFragmentSize || len(b64) <= c.FragmentSize { + // We can encode this in a single fragment. + return [][]byte{b64} + } + + // We have to fragment this message. + var ret [][]byte + bytesPerFragment := c.FragmentSize - minFragmentSize + numFragments := (len(b64) + bytesPerFragment) / bytesPerFragment + + for i := 0; i < numFragments; i++ { + frag := []byte("?OTR," + strconv.Itoa(i+1) + "," + strconv.Itoa(numFragments) + ",") + todo := bytesPerFragment + if todo > len(b64) { + todo = len(b64) + } + frag = append(frag, b64[:todo]...) + b64 = b64[todo:] + frag = append(frag, ',') + ret = append(ret, frag) + } + + return ret +} + +func (c *Conversation) reset() { + c.myKeyId = 0 + + for i := range c.keySlots { + c.keySlots[i].used = false + } +} + +type PublicKey struct { + dsa.PublicKey +} + +func (pk *PublicKey) Parse(in []byte) ([]byte, bool) { + var ok bool + var pubKeyType uint16 + + if pubKeyType, in, ok = getU16(in); !ok || pubKeyType != 0 { + return nil, false + } + if pk.P, in, ok = getMPI(in); !ok { + return nil, false + } + if pk.Q, in, ok = getMPI(in); !ok { + return nil, false + } + if pk.G, in, ok = getMPI(in); !ok { + return nil, false + } + if pk.Y, in, ok = getMPI(in); !ok { + return nil, false + } + + return in, true +} + +func (pk *PublicKey) Serialize(in []byte) []byte { + in = appendU16(in, 0) + in = appendMPI(in, pk.P) + in = appendMPI(in, pk.Q) + in = appendMPI(in, pk.G) + in = appendMPI(in, pk.Y) + return in +} + +// Fingerprint returns the 20-byte, binary fingerprint of the PublicKey. +func (pk *PublicKey) Fingerprint() []byte { + b := pk.Serialize(nil) + h := sha1.New() + h.Write(b[2:]) + return h.Sum(nil) +} + +func (pk *PublicKey) Verify(hashed, sig []byte) ([]byte, bool) { + if len(sig) != 2*dsaSubgroupBytes { + return nil, false + } + r := new(big.Int).SetBytes(sig[:dsaSubgroupBytes]) + s := new(big.Int).SetBytes(sig[dsaSubgroupBytes:]) + ok := dsa.Verify(&pk.PublicKey, hashed, r, s) + return sig[dsaSubgroupBytes*2:], ok +} + +type PrivateKey struct { + PublicKey + dsa.PrivateKey +} + +func (priv *PrivateKey) Sign(rand io.Reader, hashed []byte) []byte { + r, s, err := dsa.Sign(rand, &priv.PrivateKey, hashed) + if err != nil { + panic(err.Error()) + } + rBytes := r.Bytes() + sBytes := s.Bytes() + if len(rBytes) > dsaSubgroupBytes || len(sBytes) > dsaSubgroupBytes { + panic("DSA signature too large") + } + + out := make([]byte, 2*dsaSubgroupBytes) + copy(out[dsaSubgroupBytes-len(rBytes):], rBytes) + copy(out[len(out)-len(sBytes):], sBytes) + return out +} + +func (priv *PrivateKey) Serialize(in []byte) []byte { + in = priv.PublicKey.Serialize(in) + in = appendMPI(in, priv.PrivateKey.X) + return in +} + +func (priv *PrivateKey) Parse(in []byte) ([]byte, bool) { + in, ok := priv.PublicKey.Parse(in) + if !ok { + return in, ok + } + priv.PrivateKey.PublicKey = priv.PublicKey.PublicKey + priv.PrivateKey.X, in, ok = getMPI(in) + return in, ok +} + +func (priv *PrivateKey) Generate(rand io.Reader) { + if err := dsa.GenerateParameters(&priv.PrivateKey.PublicKey.Parameters, rand, dsa.L1024N160); err != nil { + panic(err.Error()) + } + if err := dsa.GenerateKey(&priv.PrivateKey, rand); err != nil { + panic(err.Error()) + } + priv.PublicKey.PublicKey = priv.PrivateKey.PublicKey +} + +func notHex(r rune) bool { + if r >= '0' && r <= '9' || + r >= 'a' && r <= 'f' || + r >= 'A' && r <= 'F' { + return false + } + + return true +} + +// Import parses the contents of a libotr private key file. +func (priv *PrivateKey) Import(in []byte) bool { + mpiStart := []byte(" #") + + mpis := make([]*big.Int, 5) + + for i := 0; i < len(mpis); i++ { + start := bytes.Index(in, mpiStart) + if start == -1 { + return false + } + in = in[start+len(mpiStart):] + end := bytes.IndexFunc(in, notHex) + if end == -1 { + return false + } + hexBytes := in[:end] + in = in[end:] + + if len(hexBytes)&1 != 0 { + return false + } + + mpiBytes := make([]byte, len(hexBytes)/2) + if _, err := hex.Decode(mpiBytes, hexBytes); err != nil { + return false + } + + mpis[i] = new(big.Int).SetBytes(mpiBytes) + } + + for _, mpi := range mpis { + if mpi.Sign() <= 0 { + return false + } + } + + priv.PrivateKey.P = mpis[0] + priv.PrivateKey.Q = mpis[1] + priv.PrivateKey.G = mpis[2] + priv.PrivateKey.Y = mpis[3] + priv.PrivateKey.X = mpis[4] + priv.PublicKey.PublicKey = priv.PrivateKey.PublicKey + + a := new(big.Int).Exp(priv.PrivateKey.G, priv.PrivateKey.X, priv.PrivateKey.P) + return a.Cmp(priv.PrivateKey.Y) == 0 +} + +func getU8(in []byte) (uint8, []byte, bool) { + if len(in) < 1 { + return 0, in, false + } + return in[0], in[1:], true +} + +func getU16(in []byte) (uint16, []byte, bool) { + if len(in) < 2 { + return 0, in, false + } + r := uint16(in[0])<<8 | uint16(in[1]) + return r, in[2:], true +} + +func getU32(in []byte) (uint32, []byte, bool) { + if len(in) < 4 { + return 0, in, false + } + r := uint32(in[0])<<24 | uint32(in[1])<<16 | uint32(in[2])<<8 | uint32(in[3]) + return r, in[4:], true +} + +func getMPI(in []byte) (*big.Int, []byte, bool) { + l, in, ok := getU32(in) + if !ok || uint32(len(in)) < l { + return nil, in, false + } + r := new(big.Int).SetBytes(in[:l]) + return r, in[l:], true +} + +func getData(in []byte) ([]byte, []byte, bool) { + l, in, ok := getU32(in) + if !ok || uint32(len(in)) < l { + return nil, in, false + } + return in[:l], in[l:], true +} + +func getNBytes(in []byte, n int) ([]byte, []byte, bool) { + if len(in) < n { + return nil, in, false + } + return in[:n], in[n:], true +} + +func appendU16(out []byte, v uint16) []byte { + out = append(out, byte(v>>8), byte(v)) + return out +} + +func appendU32(out []byte, v uint32) []byte { + out = append(out, byte(v>>24), byte(v>>16), byte(v>>8), byte(v)) + return out +} + +func appendData(out, v []byte) []byte { + out = appendU32(out, uint32(len(v))) + out = append(out, v...) + return out +} + +func appendMPI(out []byte, v *big.Int) []byte { + vBytes := v.Bytes() + out = appendU32(out, uint32(len(vBytes))) + out = append(out, vBytes...) + return out +} + +func appendMPIs(out []byte, mpis ...*big.Int) []byte { + for _, mpi := range mpis { + out = appendMPI(out, mpi) + } + return out +} + +func zero(b []byte) { + for i := range b { + b[i] = 0 + } +} diff --git a/vendor/golang.org/x/crypto/otr/smp.go b/vendor/golang.org/x/crypto/otr/smp.go new file mode 100644 index 000000000..dc6de4ee0 --- /dev/null +++ b/vendor/golang.org/x/crypto/otr/smp.go @@ -0,0 +1,572 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// This file implements the Socialist Millionaires Protocol as described in +// http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html. The protocol +// specification is required in order to understand this code and, where +// possible, the variable names in the code match up with the spec. + +package otr + +import ( + "bytes" + "crypto/sha256" + "errors" + "hash" + "math/big" +) + +type smpFailure string + +func (s smpFailure) Error() string { + return string(s) +} + +var smpFailureError = smpFailure("otr: SMP protocol failed") +var smpSecretMissingError = smpFailure("otr: mutual secret needed") + +const smpVersion = 1 + +const ( + smpState1 = iota + smpState2 + smpState3 + smpState4 +) + +type smpState struct { + state int + a2, a3, b2, b3, pb, qb *big.Int + g2a, g3a *big.Int + g2, g3 *big.Int + g3b, papb, qaqb, ra *big.Int + saved *tlv + secret *big.Int + question string +} + +func (c *Conversation) startSMP(question string) (tlvs []tlv) { + if c.smp.state != smpState1 { + tlvs = append(tlvs, c.generateSMPAbort()) + } + tlvs = append(tlvs, c.generateSMP1(question)) + c.smp.question = "" + c.smp.state = smpState2 + return +} + +func (c *Conversation) resetSMP() { + c.smp.state = smpState1 + c.smp.secret = nil + c.smp.question = "" +} + +func (c *Conversation) processSMP(in tlv) (out tlv, complete bool, err error) { + data := in.data + + switch in.typ { + case tlvTypeSMPAbort: + if c.smp.state != smpState1 { + err = smpFailureError + } + c.resetSMP() + return + case tlvTypeSMP1WithQuestion: + // We preprocess this into a SMP1 message. + nulPos := bytes.IndexByte(data, 0) + if nulPos == -1 { + err = errors.New("otr: SMP message with question didn't contain a NUL byte") + return + } + c.smp.question = string(data[:nulPos]) + data = data[nulPos+1:] + } + + numMPIs, data, ok := getU32(data) + if !ok || numMPIs > 20 { + err = errors.New("otr: corrupt SMP message") + return + } + + mpis := make([]*big.Int, numMPIs) + for i := range mpis { + var ok bool + mpis[i], data, ok = getMPI(data) + if !ok { + err = errors.New("otr: corrupt SMP message") + return + } + } + + switch in.typ { + case tlvTypeSMP1, tlvTypeSMP1WithQuestion: + if c.smp.state != smpState1 { + c.resetSMP() + out = c.generateSMPAbort() + return + } + if c.smp.secret == nil { + err = smpSecretMissingError + return + } + if err = c.processSMP1(mpis); err != nil { + return + } + c.smp.state = smpState3 + out = c.generateSMP2() + case tlvTypeSMP2: + if c.smp.state != smpState2 { + c.resetSMP() + out = c.generateSMPAbort() + return + } + if out, err = c.processSMP2(mpis); err != nil { + out = c.generateSMPAbort() + return + } + c.smp.state = smpState4 + case tlvTypeSMP3: + if c.smp.state != smpState3 { + c.resetSMP() + out = c.generateSMPAbort() + return + } + if out, err = c.processSMP3(mpis); err != nil { + return + } + c.smp.state = smpState1 + c.smp.secret = nil + complete = true + case tlvTypeSMP4: + if c.smp.state != smpState4 { + c.resetSMP() + out = c.generateSMPAbort() + return + } + if err = c.processSMP4(mpis); err != nil { + out = c.generateSMPAbort() + return + } + c.smp.state = smpState1 + c.smp.secret = nil + complete = true + default: + panic("unknown SMP message") + } + + return +} + +func (c *Conversation) calcSMPSecret(mutualSecret []byte, weStarted bool) { + h := sha256.New() + h.Write([]byte{smpVersion}) + if weStarted { + h.Write(c.PrivateKey.PublicKey.Fingerprint()) + h.Write(c.TheirPublicKey.Fingerprint()) + } else { + h.Write(c.TheirPublicKey.Fingerprint()) + h.Write(c.PrivateKey.PublicKey.Fingerprint()) + } + h.Write(c.SSID[:]) + h.Write(mutualSecret) + c.smp.secret = new(big.Int).SetBytes(h.Sum(nil)) +} + +func (c *Conversation) generateSMP1(question string) tlv { + var randBuf [16]byte + c.smp.a2 = c.randMPI(randBuf[:]) + c.smp.a3 = c.randMPI(randBuf[:]) + g2a := new(big.Int).Exp(g, c.smp.a2, p) + g3a := new(big.Int).Exp(g, c.smp.a3, p) + h := sha256.New() + + r2 := c.randMPI(randBuf[:]) + r := new(big.Int).Exp(g, r2, p) + c2 := new(big.Int).SetBytes(hashMPIs(h, 1, r)) + d2 := new(big.Int).Mul(c.smp.a2, c2) + d2.Sub(r2, d2) + d2.Mod(d2, q) + if d2.Sign() < 0 { + d2.Add(d2, q) + } + + r3 := c.randMPI(randBuf[:]) + r.Exp(g, r3, p) + c3 := new(big.Int).SetBytes(hashMPIs(h, 2, r)) + d3 := new(big.Int).Mul(c.smp.a3, c3) + d3.Sub(r3, d3) + d3.Mod(d3, q) + if d3.Sign() < 0 { + d3.Add(d3, q) + } + + var ret tlv + if len(question) > 0 { + ret.typ = tlvTypeSMP1WithQuestion + ret.data = append(ret.data, question...) + ret.data = append(ret.data, 0) + } else { + ret.typ = tlvTypeSMP1 + } + ret.data = appendU32(ret.data, 6) + ret.data = appendMPIs(ret.data, g2a, c2, d2, g3a, c3, d3) + return ret +} + +func (c *Conversation) processSMP1(mpis []*big.Int) error { + if len(mpis) != 6 { + return errors.New("otr: incorrect number of arguments in SMP1 message") + } + g2a := mpis[0] + c2 := mpis[1] + d2 := mpis[2] + g3a := mpis[3] + c3 := mpis[4] + d3 := mpis[5] + h := sha256.New() + + r := new(big.Int).Exp(g, d2, p) + s := new(big.Int).Exp(g2a, c2, p) + r.Mul(r, s) + r.Mod(r, p) + t := new(big.Int).SetBytes(hashMPIs(h, 1, r)) + if c2.Cmp(t) != 0 { + return errors.New("otr: ZKP c2 incorrect in SMP1 message") + } + r.Exp(g, d3, p) + s.Exp(g3a, c3, p) + r.Mul(r, s) + r.Mod(r, p) + t.SetBytes(hashMPIs(h, 2, r)) + if c3.Cmp(t) != 0 { + return errors.New("otr: ZKP c3 incorrect in SMP1 message") + } + + c.smp.g2a = g2a + c.smp.g3a = g3a + return nil +} + +func (c *Conversation) generateSMP2() tlv { + var randBuf [16]byte + b2 := c.randMPI(randBuf[:]) + c.smp.b3 = c.randMPI(randBuf[:]) + r2 := c.randMPI(randBuf[:]) + r3 := c.randMPI(randBuf[:]) + r4 := c.randMPI(randBuf[:]) + r5 := c.randMPI(randBuf[:]) + r6 := c.randMPI(randBuf[:]) + + g2b := new(big.Int).Exp(g, b2, p) + g3b := new(big.Int).Exp(g, c.smp.b3, p) + + r := new(big.Int).Exp(g, r2, p) + h := sha256.New() + c2 := new(big.Int).SetBytes(hashMPIs(h, 3, r)) + d2 := new(big.Int).Mul(b2, c2) + d2.Sub(r2, d2) + d2.Mod(d2, q) + if d2.Sign() < 0 { + d2.Add(d2, q) + } + + r.Exp(g, r3, p) + c3 := new(big.Int).SetBytes(hashMPIs(h, 4, r)) + d3 := new(big.Int).Mul(c.smp.b3, c3) + d3.Sub(r3, d3) + d3.Mod(d3, q) + if d3.Sign() < 0 { + d3.Add(d3, q) + } + + c.smp.g2 = new(big.Int).Exp(c.smp.g2a, b2, p) + c.smp.g3 = new(big.Int).Exp(c.smp.g3a, c.smp.b3, p) + c.smp.pb = new(big.Int).Exp(c.smp.g3, r4, p) + c.smp.qb = new(big.Int).Exp(g, r4, p) + r.Exp(c.smp.g2, c.smp.secret, p) + c.smp.qb.Mul(c.smp.qb, r) + c.smp.qb.Mod(c.smp.qb, p) + + s := new(big.Int) + s.Exp(c.smp.g2, r6, p) + r.Exp(g, r5, p) + s.Mul(r, s) + s.Mod(s, p) + r.Exp(c.smp.g3, r5, p) + cp := new(big.Int).SetBytes(hashMPIs(h, 5, r, s)) + + // D5 = r5 - r4 cP mod q and D6 = r6 - y cP mod q + + s.Mul(r4, cp) + r.Sub(r5, s) + d5 := new(big.Int).Mod(r, q) + if d5.Sign() < 0 { + d5.Add(d5, q) + } + + s.Mul(c.smp.secret, cp) + r.Sub(r6, s) + d6 := new(big.Int).Mod(r, q) + if d6.Sign() < 0 { + d6.Add(d6, q) + } + + var ret tlv + ret.typ = tlvTypeSMP2 + ret.data = appendU32(ret.data, 11) + ret.data = appendMPIs(ret.data, g2b, c2, d2, g3b, c3, d3, c.smp.pb, c.smp.qb, cp, d5, d6) + return ret +} + +func (c *Conversation) processSMP2(mpis []*big.Int) (out tlv, err error) { + if len(mpis) != 11 { + err = errors.New("otr: incorrect number of arguments in SMP2 message") + return + } + g2b := mpis[0] + c2 := mpis[1] + d2 := mpis[2] + g3b := mpis[3] + c3 := mpis[4] + d3 := mpis[5] + pb := mpis[6] + qb := mpis[7] + cp := mpis[8] + d5 := mpis[9] + d6 := mpis[10] + h := sha256.New() + + r := new(big.Int).Exp(g, d2, p) + s := new(big.Int).Exp(g2b, c2, p) + r.Mul(r, s) + r.Mod(r, p) + s.SetBytes(hashMPIs(h, 3, r)) + if c2.Cmp(s) != 0 { + err = errors.New("otr: ZKP c2 failed in SMP2 message") + return + } + + r.Exp(g, d3, p) + s.Exp(g3b, c3, p) + r.Mul(r, s) + r.Mod(r, p) + s.SetBytes(hashMPIs(h, 4, r)) + if c3.Cmp(s) != 0 { + err = errors.New("otr: ZKP c3 failed in SMP2 message") + return + } + + c.smp.g2 = new(big.Int).Exp(g2b, c.smp.a2, p) + c.smp.g3 = new(big.Int).Exp(g3b, c.smp.a3, p) + + r.Exp(g, d5, p) + s.Exp(c.smp.g2, d6, p) + r.Mul(r, s) + s.Exp(qb, cp, p) + r.Mul(r, s) + r.Mod(r, p) + + s.Exp(c.smp.g3, d5, p) + t := new(big.Int).Exp(pb, cp, p) + s.Mul(s, t) + s.Mod(s, p) + t.SetBytes(hashMPIs(h, 5, s, r)) + if cp.Cmp(t) != 0 { + err = errors.New("otr: ZKP cP failed in SMP2 message") + return + } + + var randBuf [16]byte + r4 := c.randMPI(randBuf[:]) + r5 := c.randMPI(randBuf[:]) + r6 := c.randMPI(randBuf[:]) + r7 := c.randMPI(randBuf[:]) + + pa := new(big.Int).Exp(c.smp.g3, r4, p) + r.Exp(c.smp.g2, c.smp.secret, p) + qa := new(big.Int).Exp(g, r4, p) + qa.Mul(qa, r) + qa.Mod(qa, p) + + r.Exp(g, r5, p) + s.Exp(c.smp.g2, r6, p) + r.Mul(r, s) + r.Mod(r, p) + + s.Exp(c.smp.g3, r5, p) + cp.SetBytes(hashMPIs(h, 6, s, r)) + + r.Mul(r4, cp) + d5 = new(big.Int).Sub(r5, r) + d5.Mod(d5, q) + if d5.Sign() < 0 { + d5.Add(d5, q) + } + + r.Mul(c.smp.secret, cp) + d6 = new(big.Int).Sub(r6, r) + d6.Mod(d6, q) + if d6.Sign() < 0 { + d6.Add(d6, q) + } + + r.ModInverse(qb, p) + qaqb := new(big.Int).Mul(qa, r) + qaqb.Mod(qaqb, p) + + ra := new(big.Int).Exp(qaqb, c.smp.a3, p) + r.Exp(qaqb, r7, p) + s.Exp(g, r7, p) + cr := new(big.Int).SetBytes(hashMPIs(h, 7, s, r)) + + r.Mul(c.smp.a3, cr) + d7 := new(big.Int).Sub(r7, r) + d7.Mod(d7, q) + if d7.Sign() < 0 { + d7.Add(d7, q) + } + + c.smp.g3b = g3b + c.smp.qaqb = qaqb + + r.ModInverse(pb, p) + c.smp.papb = new(big.Int).Mul(pa, r) + c.smp.papb.Mod(c.smp.papb, p) + c.smp.ra = ra + + out.typ = tlvTypeSMP3 + out.data = appendU32(out.data, 8) + out.data = appendMPIs(out.data, pa, qa, cp, d5, d6, ra, cr, d7) + return +} + +func (c *Conversation) processSMP3(mpis []*big.Int) (out tlv, err error) { + if len(mpis) != 8 { + err = errors.New("otr: incorrect number of arguments in SMP3 message") + return + } + pa := mpis[0] + qa := mpis[1] + cp := mpis[2] + d5 := mpis[3] + d6 := mpis[4] + ra := mpis[5] + cr := mpis[6] + d7 := mpis[7] + h := sha256.New() + + r := new(big.Int).Exp(g, d5, p) + s := new(big.Int).Exp(c.smp.g2, d6, p) + r.Mul(r, s) + s.Exp(qa, cp, p) + r.Mul(r, s) + r.Mod(r, p) + + s.Exp(c.smp.g3, d5, p) + t := new(big.Int).Exp(pa, cp, p) + s.Mul(s, t) + s.Mod(s, p) + t.SetBytes(hashMPIs(h, 6, s, r)) + if t.Cmp(cp) != 0 { + err = errors.New("otr: ZKP cP failed in SMP3 message") + return + } + + r.ModInverse(c.smp.qb, p) + qaqb := new(big.Int).Mul(qa, r) + qaqb.Mod(qaqb, p) + + r.Exp(qaqb, d7, p) + s.Exp(ra, cr, p) + r.Mul(r, s) + r.Mod(r, p) + + s.Exp(g, d7, p) + t.Exp(c.smp.g3a, cr, p) + s.Mul(s, t) + s.Mod(s, p) + t.SetBytes(hashMPIs(h, 7, s, r)) + if t.Cmp(cr) != 0 { + err = errors.New("otr: ZKP cR failed in SMP3 message") + return + } + + var randBuf [16]byte + r7 := c.randMPI(randBuf[:]) + rb := new(big.Int).Exp(qaqb, c.smp.b3, p) + + r.Exp(qaqb, r7, p) + s.Exp(g, r7, p) + cr = new(big.Int).SetBytes(hashMPIs(h, 8, s, r)) + + r.Mul(c.smp.b3, cr) + d7 = new(big.Int).Sub(r7, r) + d7.Mod(d7, q) + if d7.Sign() < 0 { + d7.Add(d7, q) + } + + out.typ = tlvTypeSMP4 + out.data = appendU32(out.data, 3) + out.data = appendMPIs(out.data, rb, cr, d7) + + r.ModInverse(c.smp.pb, p) + r.Mul(pa, r) + r.Mod(r, p) + s.Exp(ra, c.smp.b3, p) + if r.Cmp(s) != 0 { + err = smpFailureError + } + + return +} + +func (c *Conversation) processSMP4(mpis []*big.Int) error { + if len(mpis) != 3 { + return errors.New("otr: incorrect number of arguments in SMP4 message") + } + rb := mpis[0] + cr := mpis[1] + d7 := mpis[2] + h := sha256.New() + + r := new(big.Int).Exp(c.smp.qaqb, d7, p) + s := new(big.Int).Exp(rb, cr, p) + r.Mul(r, s) + r.Mod(r, p) + + s.Exp(g, d7, p) + t := new(big.Int).Exp(c.smp.g3b, cr, p) + s.Mul(s, t) + s.Mod(s, p) + t.SetBytes(hashMPIs(h, 8, s, r)) + if t.Cmp(cr) != 0 { + return errors.New("otr: ZKP cR failed in SMP4 message") + } + + r.Exp(rb, c.smp.a3, p) + if r.Cmp(c.smp.papb) != 0 { + return smpFailureError + } + + return nil +} + +func (c *Conversation) generateSMPAbort() tlv { + return tlv{typ: tlvTypeSMPAbort} +} + +func hashMPIs(h hash.Hash, magic byte, mpis ...*big.Int) []byte { + if h != nil { + h.Reset() + } else { + h = sha256.New() + } + + h.Write([]byte{magic}) + for _, mpi := range mpis { + h.Write(appendMPI(nil, mpi)) + } + return h.Sum(nil) +} diff --git a/vendor/golang.org/x/crypto/ssh/test/doc.go b/vendor/golang.org/x/crypto/ssh/test/doc.go new file mode 100644 index 000000000..198f0ca1e --- /dev/null +++ b/vendor/golang.org/x/crypto/ssh/test/doc.go @@ -0,0 +1,7 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package test contains integration tests for the +// golang.org/x/crypto/ssh package. +package test // import "golang.org/x/crypto/ssh/test" diff --git a/vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c b/vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c new file mode 100644 index 000000000..2794a563a --- /dev/null +++ b/vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c @@ -0,0 +1,173 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// sshd_test_pw.c +// Wrapper to inject test password data for sshd PAM authentication +// +// This wrapper implements custom versions of getpwnam, getpwnam_r, +// getspnam and getspnam_r. These functions first call their real +// libc versions, then check if the requested user matches test user +// specified in env variable TEST_USER and if so replace the password +// with crypted() value of TEST_PASSWD env variable. +// +// Compile: +// gcc -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c +// +// Compile with debug: +// gcc -DVERBOSE -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c +// +// Run sshd: +// LD_PRELOAD="sshd_test_pw.so" TEST_USER="..." TEST_PASSWD="..." sshd ... + +// +build ignore + +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include + +#ifdef VERBOSE +#define DEBUG(X...) fprintf(stderr, X) +#else +#define DEBUG(X...) while (0) { } +#endif + +/* crypt() password */ +static char * +pwhash(char *passwd) { + return strdup(crypt(passwd, "$6$")); +} + +/* Pointers to real functions in libc */ +static struct passwd * (*real_getpwnam)(const char *) = NULL; +static int (*real_getpwnam_r)(const char *, struct passwd *, char *, size_t, struct passwd **) = NULL; +static struct spwd * (*real_getspnam)(const char *) = NULL; +static int (*real_getspnam_r)(const char *, struct spwd *, char *, size_t, struct spwd **) = NULL; + +/* Cached test user and test password */ +static char *test_user = NULL; +static char *test_passwd_hash = NULL; + +static void +init(void) { + /* Fetch real libc function pointers */ + real_getpwnam = dlsym(RTLD_NEXT, "getpwnam"); + real_getpwnam_r = dlsym(RTLD_NEXT, "getpwnam_r"); + real_getspnam = dlsym(RTLD_NEXT, "getspnam"); + real_getspnam_r = dlsym(RTLD_NEXT, "getspnam_r"); + + /* abort if env variables are not defined */ + if (getenv("TEST_USER") == NULL || getenv("TEST_PASSWD") == NULL) { + fprintf(stderr, "env variables TEST_USER and TEST_PASSWD are missing\n"); + abort(); + } + + /* Fetch test user and test password from env */ + test_user = strdup(getenv("TEST_USER")); + test_passwd_hash = pwhash(getenv("TEST_PASSWD")); + + DEBUG("sshd_test_pw init():\n"); + DEBUG("\treal_getpwnam: %p\n", real_getpwnam); + DEBUG("\treal_getpwnam_r: %p\n", real_getpwnam_r); + DEBUG("\treal_getspnam: %p\n", real_getspnam); + DEBUG("\treal_getspnam_r: %p\n", real_getspnam_r); + DEBUG("\tTEST_USER: '%s'\n", test_user); + DEBUG("\tTEST_PASSWD: '%s'\n", getenv("TEST_PASSWD")); + DEBUG("\tTEST_PASSWD_HASH: '%s'\n", test_passwd_hash); +} + +static int +is_test_user(const char *name) { + if (test_user != NULL && strcmp(test_user, name) == 0) + return 1; + return 0; +} + +/* getpwnam */ + +struct passwd * +getpwnam(const char *name) { + struct passwd *pw; + + DEBUG("sshd_test_pw getpwnam(%s)\n", name); + + if (real_getpwnam == NULL) + init(); + if ((pw = real_getpwnam(name)) == NULL) + return NULL; + + if (is_test_user(name)) + pw->pw_passwd = strdup(test_passwd_hash); + + return pw; +} + +/* getpwnam_r */ + +int +getpwnam_r(const char *name, + struct passwd *pwd, + char *buf, + size_t buflen, + struct passwd **result) { + int r; + + DEBUG("sshd_test_pw getpwnam_r(%s)\n", name); + + if (real_getpwnam_r == NULL) + init(); + if ((r = real_getpwnam_r(name, pwd, buf, buflen, result)) != 0 || *result == NULL) + return r; + + if (is_test_user(name)) + pwd->pw_passwd = strdup(test_passwd_hash); + + return 0; +} + +/* getspnam */ + +struct spwd * +getspnam(const char *name) { + struct spwd *sp; + + DEBUG("sshd_test_pw getspnam(%s)\n", name); + + if (real_getspnam == NULL) + init(); + if ((sp = real_getspnam(name)) == NULL) + return NULL; + + if (is_test_user(name)) + sp->sp_pwdp = strdup(test_passwd_hash); + + return sp; +} + +/* getspnam_r */ + +int +getspnam_r(const char *name, + struct spwd *spbuf, + char *buf, + size_t buflen, + struct spwd **spbufp) { + int r; + + DEBUG("sshd_test_pw getspnam_r(%s)\n", name); + + if (real_getspnam_r == NULL) + init(); + if ((r = real_getspnam_r(name, spbuf, buf, buflen, spbufp)) != 0) + return r; + + if (is_test_user(name)) + spbuf->sp_pwdp = strdup(test_passwd_hash); + + return r; +} diff --git a/vendor/golang.org/x/sys/windows/svc/event.go b/vendor/golang.org/x/sys/windows/svc/event.go new file mode 100644 index 000000000..0508e2288 --- /dev/null +++ b/vendor/golang.org/x/sys/windows/svc/event.go @@ -0,0 +1,48 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build windows + +package svc + +import ( + "errors" + + "golang.org/x/sys/windows" +) + +// event represents auto-reset, initially non-signaled Windows event. +// It is used to communicate between go and asm parts of this package. +type event struct { + h windows.Handle +} + +func newEvent() (*event, error) { + h, err := windows.CreateEvent(nil, 0, 0, nil) + if err != nil { + return nil, err + } + return &event{h: h}, nil +} + +func (e *event) Close() error { + return windows.CloseHandle(e.h) +} + +func (e *event) Set() error { + return windows.SetEvent(e.h) +} + +func (e *event) Wait() error { + s, err := windows.WaitForSingleObject(e.h, windows.INFINITE) + switch s { + case windows.WAIT_OBJECT_0: + break + case windows.WAIT_FAILED: + return err + default: + return errors.New("unexpected result from WaitForSingleObject") + } + return nil +} diff --git a/vendor/golang.org/x/sys/windows/svc/go12.c b/vendor/golang.org/x/sys/windows/svc/go12.c new file mode 100644 index 000000000..6f1be1fa3 --- /dev/null +++ b/vendor/golang.org/x/sys/windows/svc/go12.c @@ -0,0 +1,24 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build windows +// +build !go1.3 + +// copied from pkg/runtime +typedef unsigned int uint32; +typedef unsigned long long int uint64; +#ifdef _64BIT +typedef uint64 uintptr; +#else +typedef uint32 uintptr; +#endif + +// from sys_386.s or sys_amd64.s +void ·servicemain(void); + +void +·getServiceMain(uintptr *r) +{ + *r = (uintptr)·servicemain; +} diff --git a/vendor/golang.org/x/sys/windows/svc/go12.go b/vendor/golang.org/x/sys/windows/svc/go12.go new file mode 100644 index 000000000..6f0a924ea --- /dev/null +++ b/vendor/golang.org/x/sys/windows/svc/go12.go @@ -0,0 +1,11 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build windows +// +build !go1.3 + +package svc + +// from go12.c +func getServiceMain(r *uintptr) diff --git a/vendor/golang.org/x/sys/windows/svc/go13.go b/vendor/golang.org/x/sys/windows/svc/go13.go new file mode 100644 index 000000000..432a9e796 --- /dev/null +++ b/vendor/golang.org/x/sys/windows/svc/go13.go @@ -0,0 +1,31 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build windows +// +build go1.3 + +package svc + +import "unsafe" + +const ptrSize = 4 << (^uintptr(0) >> 63) // unsafe.Sizeof(uintptr(0)) but an ideal const + +// Should be a built-in for unsafe.Pointer? +func add(p unsafe.Pointer, x uintptr) unsafe.Pointer { + return unsafe.Pointer(uintptr(p) + x) +} + +// funcPC returns the entry PC of the function f. +// It assumes that f is a func value. Otherwise the behavior is undefined. +func funcPC(f interface{}) uintptr { + return **(**uintptr)(add(unsafe.Pointer(&f), ptrSize)) +} + +// from sys_386.s and sys_amd64.s +func servicectlhandler(ctl uint32) uintptr +func servicemain(argc uint32, argv **uint16) + +func getServiceMain(r *uintptr) { + *r = funcPC(servicemain) +} diff --git a/vendor/golang.org/x/sys/windows/svc/security.go b/vendor/golang.org/x/sys/windows/svc/security.go new file mode 100644 index 000000000..6fbc9236e --- /dev/null +++ b/vendor/golang.org/x/sys/windows/svc/security.go @@ -0,0 +1,62 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build windows + +package svc + +import ( + "unsafe" + + "golang.org/x/sys/windows" +) + +func allocSid(subAuth0 uint32) (*windows.SID, error) { + var sid *windows.SID + err := windows.AllocateAndInitializeSid(&windows.SECURITY_NT_AUTHORITY, + 1, subAuth0, 0, 0, 0, 0, 0, 0, 0, &sid) + if err != nil { + return nil, err + } + return sid, nil +} + +// IsAnInteractiveSession determines if calling process is running interactively. +// It queries the process token for membership in the Interactive group. +// http://stackoverflow.com/questions/2668851/how-do-i-detect-that-my-application-is-running-as-service-or-in-an-interactive-s +func IsAnInteractiveSession() (bool, error) { + interSid, err := allocSid(windows.SECURITY_INTERACTIVE_RID) + if err != nil { + return false, err + } + defer windows.FreeSid(interSid) + + serviceSid, err := allocSid(windows.SECURITY_SERVICE_RID) + if err != nil { + return false, err + } + defer windows.FreeSid(serviceSid) + + t, err := windows.OpenCurrentProcessToken() + if err != nil { + return false, err + } + defer t.Close() + + gs, err := t.GetTokenGroups() + if err != nil { + return false, err + } + p := unsafe.Pointer(&gs.Groups[0]) + groups := (*[2 << 20]windows.SIDAndAttributes)(p)[:gs.GroupCount] + for _, g := range groups { + if windows.EqualSid(g.Sid, interSid) { + return true, nil + } + if windows.EqualSid(g.Sid, serviceSid) { + return false, nil + } + } + return false, nil +} diff --git a/vendor/golang.org/x/sys/windows/svc/service.go b/vendor/golang.org/x/sys/windows/svc/service.go new file mode 100644 index 000000000..903cba3f1 --- /dev/null +++ b/vendor/golang.org/x/sys/windows/svc/service.go @@ -0,0 +1,363 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build windows + +// Package svc provides everything required to build Windows service. +// +package svc + +import ( + "errors" + "runtime" + "syscall" + "unsafe" + + "golang.org/x/sys/windows" +) + +// State describes service execution state (Stopped, Running and so on). +type State uint32 + +const ( + Stopped = State(windows.SERVICE_STOPPED) + StartPending = State(windows.SERVICE_START_PENDING) + StopPending = State(windows.SERVICE_STOP_PENDING) + Running = State(windows.SERVICE_RUNNING) + ContinuePending = State(windows.SERVICE_CONTINUE_PENDING) + PausePending = State(windows.SERVICE_PAUSE_PENDING) + Paused = State(windows.SERVICE_PAUSED) +) + +// Cmd represents service state change request. It is sent to a service +// by the service manager, and should be actioned upon by the service. +type Cmd uint32 + +const ( + Stop = Cmd(windows.SERVICE_CONTROL_STOP) + Pause = Cmd(windows.SERVICE_CONTROL_PAUSE) + Continue = Cmd(windows.SERVICE_CONTROL_CONTINUE) + Interrogate = Cmd(windows.SERVICE_CONTROL_INTERROGATE) + Shutdown = Cmd(windows.SERVICE_CONTROL_SHUTDOWN) + ParamChange = Cmd(windows.SERVICE_CONTROL_PARAMCHANGE) + NetBindAdd = Cmd(windows.SERVICE_CONTROL_NETBINDADD) + NetBindRemove = Cmd(windows.SERVICE_CONTROL_NETBINDREMOVE) + NetBindEnable = Cmd(windows.SERVICE_CONTROL_NETBINDENABLE) + NetBindDisable = Cmd(windows.SERVICE_CONTROL_NETBINDDISABLE) + DeviceEvent = Cmd(windows.SERVICE_CONTROL_DEVICEEVENT) + HardwareProfileChange = Cmd(windows.SERVICE_CONTROL_HARDWAREPROFILECHANGE) + PowerEvent = Cmd(windows.SERVICE_CONTROL_POWEREVENT) + SessionChange = Cmd(windows.SERVICE_CONTROL_SESSIONCHANGE) +) + +// Accepted is used to describe commands accepted by the service. +// Note that Interrogate is always accepted. +type Accepted uint32 + +const ( + AcceptStop = Accepted(windows.SERVICE_ACCEPT_STOP) + AcceptShutdown = Accepted(windows.SERVICE_ACCEPT_SHUTDOWN) + AcceptPauseAndContinue = Accepted(windows.SERVICE_ACCEPT_PAUSE_CONTINUE) + AcceptParamChange = Accepted(windows.SERVICE_ACCEPT_PARAMCHANGE) + AcceptNetBindChange = Accepted(windows.SERVICE_ACCEPT_NETBINDCHANGE) + AcceptHardwareProfileChange = Accepted(windows.SERVICE_ACCEPT_HARDWAREPROFILECHANGE) + AcceptPowerEvent = Accepted(windows.SERVICE_ACCEPT_POWEREVENT) + AcceptSessionChange = Accepted(windows.SERVICE_ACCEPT_SESSIONCHANGE) +) + +// Status combines State and Accepted commands to fully describe running service. +type Status struct { + State State + Accepts Accepted + CheckPoint uint32 // used to report progress during a lengthy operation + WaitHint uint32 // estimated time required for a pending operation, in milliseconds +} + +// ChangeRequest is sent to the service Handler to request service status change. +type ChangeRequest struct { + Cmd Cmd + EventType uint32 + EventData uintptr + CurrentStatus Status +} + +// Handler is the interface that must be implemented to build Windows service. +type Handler interface { + + // Execute will be called by the package code at the start of + // the service, and the service will exit once Execute completes. + // Inside Execute you must read service change requests from r and + // act accordingly. You must keep service control manager up to date + // about state of your service by writing into s as required. + // args contains service name followed by argument strings passed + // to the service. + // You can provide service exit code in exitCode return parameter, + // with 0 being "no error". You can also indicate if exit code, + // if any, is service specific or not by using svcSpecificEC + // parameter. + Execute(args []string, r <-chan ChangeRequest, s chan<- Status) (svcSpecificEC bool, exitCode uint32) +} + +var ( + // These are used by asm code. + goWaitsH uintptr + cWaitsH uintptr + ssHandle uintptr + sName *uint16 + sArgc uintptr + sArgv **uint16 + ctlHandlerExProc uintptr + cSetEvent uintptr + cWaitForSingleObject uintptr + cRegisterServiceCtrlHandlerExW uintptr +) + +func init() { + k := syscall.MustLoadDLL("kernel32.dll") + cSetEvent = k.MustFindProc("SetEvent").Addr() + cWaitForSingleObject = k.MustFindProc("WaitForSingleObject").Addr() + a := syscall.MustLoadDLL("advapi32.dll") + cRegisterServiceCtrlHandlerExW = a.MustFindProc("RegisterServiceCtrlHandlerExW").Addr() +} + +// The HandlerEx prototype also has a context pointer but since we don't use +// it at start-up time we don't have to pass it over either. +type ctlEvent struct { + cmd Cmd + eventType uint32 + eventData uintptr + errno uint32 +} + +// service provides access to windows service api. +type service struct { + name string + h windows.Handle + cWaits *event + goWaits *event + c chan ctlEvent + handler Handler +} + +func newService(name string, handler Handler) (*service, error) { + var s service + var err error + s.name = name + s.c = make(chan ctlEvent) + s.handler = handler + s.cWaits, err = newEvent() + if err != nil { + return nil, err + } + s.goWaits, err = newEvent() + if err != nil { + s.cWaits.Close() + return nil, err + } + return &s, nil +} + +func (s *service) close() error { + s.cWaits.Close() + s.goWaits.Close() + return nil +} + +type exitCode struct { + isSvcSpecific bool + errno uint32 +} + +func (s *service) updateStatus(status *Status, ec *exitCode) error { + if s.h == 0 { + return errors.New("updateStatus with no service status handle") + } + var t windows.SERVICE_STATUS + t.ServiceType = windows.SERVICE_WIN32_OWN_PROCESS + t.CurrentState = uint32(status.State) + if status.Accepts&AcceptStop != 0 { + t.ControlsAccepted |= windows.SERVICE_ACCEPT_STOP + } + if status.Accepts&AcceptShutdown != 0 { + t.ControlsAccepted |= windows.SERVICE_ACCEPT_SHUTDOWN + } + if status.Accepts&AcceptPauseAndContinue != 0 { + t.ControlsAccepted |= windows.SERVICE_ACCEPT_PAUSE_CONTINUE + } + if status.Accepts&AcceptParamChange != 0 { + t.ControlsAccepted |= windows.SERVICE_ACCEPT_PARAMCHANGE + } + if status.Accepts&AcceptNetBindChange != 0 { + t.ControlsAccepted |= windows.SERVICE_ACCEPT_NETBINDCHANGE + } + if status.Accepts&AcceptHardwareProfileChange != 0 { + t.ControlsAccepted |= windows.SERVICE_ACCEPT_HARDWAREPROFILECHANGE + } + if status.Accepts&AcceptPowerEvent != 0 { + t.ControlsAccepted |= windows.SERVICE_ACCEPT_POWEREVENT + } + if status.Accepts&AcceptSessionChange != 0 { + t.ControlsAccepted |= windows.SERVICE_ACCEPT_SESSIONCHANGE + } + if ec.errno == 0 { + t.Win32ExitCode = windows.NO_ERROR + t.ServiceSpecificExitCode = windows.NO_ERROR + } else if ec.isSvcSpecific { + t.Win32ExitCode = uint32(windows.ERROR_SERVICE_SPECIFIC_ERROR) + t.ServiceSpecificExitCode = ec.errno + } else { + t.Win32ExitCode = ec.errno + t.ServiceSpecificExitCode = windows.NO_ERROR + } + t.CheckPoint = status.CheckPoint + t.WaitHint = status.WaitHint + return windows.SetServiceStatus(s.h, &t) +} + +const ( + sysErrSetServiceStatusFailed = uint32(syscall.APPLICATION_ERROR) + iota + sysErrNewThreadInCallback +) + +func (s *service) run() { + s.goWaits.Wait() + s.h = windows.Handle(ssHandle) + argv := (*[100]*int16)(unsafe.Pointer(sArgv))[:sArgc] + args := make([]string, len(argv)) + for i, a := range argv { + args[i] = syscall.UTF16ToString((*[1 << 20]uint16)(unsafe.Pointer(a))[:]) + } + + cmdsToHandler := make(chan ChangeRequest) + changesFromHandler := make(chan Status) + exitFromHandler := make(chan exitCode) + + go func() { + ss, errno := s.handler.Execute(args, cmdsToHandler, changesFromHandler) + exitFromHandler <- exitCode{ss, errno} + }() + + status := Status{State: Stopped} + ec := exitCode{isSvcSpecific: true, errno: 0} + var outch chan ChangeRequest + inch := s.c + var cmd Cmd + var evtype uint32 + var evdata uintptr +loop: + for { + select { + case r := <-inch: + if r.errno != 0 { + ec.errno = r.errno + break loop + } + inch = nil + outch = cmdsToHandler + cmd = r.cmd + evtype = r.eventType + evdata = r.eventData + case outch <- ChangeRequest{cmd, evtype, evdata, status}: + inch = s.c + outch = nil + case c := <-changesFromHandler: + err := s.updateStatus(&c, &ec) + if err != nil { + // best suitable error number + ec.errno = sysErrSetServiceStatusFailed + if err2, ok := err.(syscall.Errno); ok { + ec.errno = uint32(err2) + } + break loop + } + status = c + case ec = <-exitFromHandler: + break loop + } + } + + s.updateStatus(&Status{State: Stopped}, &ec) + s.cWaits.Set() +} + +func newCallback(fn interface{}) (cb uintptr, err error) { + defer func() { + r := recover() + if r == nil { + return + } + cb = 0 + switch v := r.(type) { + case string: + err = errors.New(v) + case error: + err = v + default: + err = errors.New("unexpected panic in syscall.NewCallback") + } + }() + return syscall.NewCallback(fn), nil +} + +// BUG(brainman): There is no mechanism to run multiple services +// inside one single executable. Perhaps, it can be overcome by +// using RegisterServiceCtrlHandlerEx Windows api. + +// Run executes service name by calling appropriate handler function. +func Run(name string, handler Handler) error { + runtime.LockOSThread() + + tid := windows.GetCurrentThreadId() + + s, err := newService(name, handler) + if err != nil { + return err + } + + ctlHandler := func(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr { + e := ctlEvent{cmd: Cmd(ctl), eventType: evtype, eventData: evdata} + // We assume that this callback function is running on + // the same thread as Run. Nowhere in MS documentation + // I could find statement to guarantee that. So putting + // check here to verify, otherwise things will go bad + // quickly, if ignored. + i := windows.GetCurrentThreadId() + if i != tid { + e.errno = sysErrNewThreadInCallback + } + s.c <- e + // Always return NO_ERROR (0) for now. + return 0 + } + + var svcmain uintptr + getServiceMain(&svcmain) + t := []windows.SERVICE_TABLE_ENTRY{ + {syscall.StringToUTF16Ptr(s.name), svcmain}, + {nil, 0}, + } + + goWaitsH = uintptr(s.goWaits.h) + cWaitsH = uintptr(s.cWaits.h) + sName = t[0].ServiceName + ctlHandlerExProc, err = newCallback(ctlHandler) + if err != nil { + return err + } + + go s.run() + + err = windows.StartServiceCtrlDispatcher(&t[0]) + if err != nil { + return err + } + return nil +} + +// StatusHandle returns service status handle. It is safe to call this function +// from inside the Handler.Execute because then it is guaranteed to be set. +// This code will have to change once multiple services are possible per process. +func StatusHandle() windows.Handle { + return windows.Handle(ssHandle) +} diff --git a/vendor/golang.org/x/sys/windows/svc/sys_386.s b/vendor/golang.org/x/sys/windows/svc/sys_386.s new file mode 100644 index 000000000..2c82a9d91 --- /dev/null +++ b/vendor/golang.org/x/sys/windows/svc/sys_386.s @@ -0,0 +1,68 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build windows + +// func servicemain(argc uint32, argv **uint16) +TEXT ·servicemain(SB),7,$0 + MOVL argc+0(FP), AX + MOVL AX, ·sArgc(SB) + MOVL argv+4(FP), AX + MOVL AX, ·sArgv(SB) + + PUSHL BP + PUSHL BX + PUSHL SI + PUSHL DI + + SUBL $12, SP + + MOVL ·sName(SB), AX + MOVL AX, (SP) + MOVL $·servicectlhandler(SB), AX + MOVL AX, 4(SP) + MOVL $0, 8(SP) + MOVL ·cRegisterServiceCtrlHandlerExW(SB), AX + MOVL SP, BP + CALL AX + MOVL BP, SP + CMPL AX, $0 + JE exit + MOVL AX, ·ssHandle(SB) + + MOVL ·goWaitsH(SB), AX + MOVL AX, (SP) + MOVL ·cSetEvent(SB), AX + MOVL SP, BP + CALL AX + MOVL BP, SP + + MOVL ·cWaitsH(SB), AX + MOVL AX, (SP) + MOVL $-1, AX + MOVL AX, 4(SP) + MOVL ·cWaitForSingleObject(SB), AX + MOVL SP, BP + CALL AX + MOVL BP, SP + +exit: + ADDL $12, SP + + POPL DI + POPL SI + POPL BX + POPL BP + + MOVL 0(SP), CX + ADDL $12, SP + JMP CX + +// I do not know why, but this seems to be the only way to call +// ctlHandlerProc on Windows 7. + +// func servicectlhandler(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr { +TEXT ·servicectlhandler(SB),7,$0 + MOVL ·ctlHandlerExProc(SB), CX + JMP CX diff --git a/vendor/golang.org/x/sys/windows/svc/sys_amd64.s b/vendor/golang.org/x/sys/windows/svc/sys_amd64.s new file mode 100644 index 000000000..06b425900 --- /dev/null +++ b/vendor/golang.org/x/sys/windows/svc/sys_amd64.s @@ -0,0 +1,42 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build windows + +// func servicemain(argc uint32, argv **uint16) +TEXT ·servicemain(SB),7,$0 + MOVL CX, ·sArgc(SB) + MOVL DX, ·sArgv(SB) + + SUBQ $32, SP // stack for the first 4 syscall params + + MOVQ ·sName(SB), CX + MOVQ $·servicectlhandler(SB), DX + // BUG(pastarmovj): Figure out a way to pass in context in R8. + MOVQ ·cRegisterServiceCtrlHandlerExW(SB), AX + CALL AX + CMPQ AX, $0 + JE exit + MOVQ AX, ·ssHandle(SB) + + MOVQ ·goWaitsH(SB), CX + MOVQ ·cSetEvent(SB), AX + CALL AX + + MOVQ ·cWaitsH(SB), CX + MOVQ $4294967295, DX + MOVQ ·cWaitForSingleObject(SB), AX + CALL AX + +exit: + ADDQ $32, SP + RET + +// I do not know why, but this seems to be the only way to call +// ctlHandlerProc on Windows 7. + +// func ·servicectlhandler(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr { +TEXT ·servicectlhandler(SB),7,$0 + MOVQ ·ctlHandlerExProc(SB), AX + JMP AX diff --git a/vendor/k8s.io/kubernetes/build/README.md b/vendor/k8s.io/kubernetes/build/README.md new file mode 100644 index 000000000..cd453e3cc --- /dev/null +++ b/vendor/k8s.io/kubernetes/build/README.md @@ -0,0 +1,110 @@ +# Building Kubernetes + +Building Kubernetes is easy if you take advantage of the containerized build environment. This document will help guide you through understanding this build process. + +## Requirements + +1. Docker, using one of the following configurations: + * **Mac OS X** You can either use Docker for Mac or docker-machine. See installation instructions [here](https://docs.docker.com/docker-for-mac/). + **Note**: You will want to set the Docker VM to have at least 3GB of initial memory or building will likely fail. (See: [#11852]( http://issue.k8s.io/11852)). + * **Linux with local Docker** Install Docker according to the [instructions](https://docs.docker.com/installation/#installation) for your OS. + * **Remote Docker engine** Use a big machine in the cloud to build faster. This is a little trickier so look at the section later on. +2. **Optional** [Google Cloud SDK](https://developers.google.com/cloud/sdk/) + +You must install and configure Google Cloud SDK if you want to upload your release to Google Cloud Storage and may safely omit this otherwise. + +## Overview + +While it is possible to build Kubernetes using a local golang installation, we have a build process that runs in a Docker container. This simplifies initial set up and provides for a very consistent build and test environment. + +## Key scripts + +The following scripts are found in the `build/` directory. Note that all scripts must be run from the Kubernetes root directory. + +* `build/run.sh`: Run a command in a build docker container. Common invocations: + * `build/run.sh make`: Build just linux binaries in the container. Pass options and packages as necessary. + * `build/run.sh make cross`: Build all binaries for all platforms + * `build/run.sh make test`: Run all unit tests + * `build/run.sh make test-integration`: Run integration test + * `build/run.sh make test-cmd`: Run CLI tests +* `build/copy-output.sh`: This will copy the contents of `_output/dockerized/bin` from the Docker container to the local `_output/dockerized/bin`. It will also copy out specific file patterns that are generated as part of the build process. This is run automatically as part of `build/run.sh`. +* `build/make-clean.sh`: Clean out the contents of `_output`, remove any locally built container images and remove the data container. +* `/build/shell.sh`: Drop into a `bash` shell in a build container with a snapshot of the current repo code. + +## Basic Flow + +The scripts directly under `build/` are used to build and test. They will ensure that the `kube-build` Docker image is built (based on `build/build-image/Dockerfile`) and then execute the appropriate command in that container. These scripts will both ensure that the right data is cached from run to run for incremental builds and will copy the results back out of the container. + +The `kube-build` container image is built by first creating a "context" directory in `_output/images/build-image`. It is done there instead of at the root of the Kubernetes repo to minimize the amount of data we need to package up when building the image. + +There are 3 different containers instances that are run from this image. The first is a "data" container to store all data that needs to persist across to support incremental builds. Next there is an "rsync" container that is used to transfer data in and out to the data container. Lastly there is a "build" container that is used for actually doing build actions. The data container persists across runs while the rsync and build containers are deleted after each use. + +`rsync` is used transparently behind the scenes to efficiently move data in and out of the container. This will use an ephemeral port picked by Docker. You can modify this by setting the `KUBE_RSYNC_PORT` env variable. + +All Docker names are suffixed with a hash derived from the file path (to allow concurrent usage on things like CI machines) and a version number. When the version number changes all state is cleared and clean build is started. This allows the build infrastructure to be changed and signal to CI systems that old artifacts need to be deleted. + +## Proxy Settings + +If you are behind a proxy and you are letting these scripts use `docker-machine` to set up your local VM for you on macOS, you need to export proxy settings for Kubernetes build, the following environment variables should be defined. + +``` +export KUBERNETES_HTTP_PROXY=http://username:password@proxyaddr:proxyport +export KUBERNETES_HTTPS_PROXY=https://username:password@proxyaddr:proxyport +``` + +Optionally, you can specify addresses of no proxy for Kubernetes build, for example + +``` +export KUBERNETES_NO_PROXY=127.0.0.1 +``` + +If you are using sudo to make Kubernetes build for example make quick-release, you need run `sudo -E make quick-release` to pass the environment variables. + +## Really Remote Docker Engine + +It is possible to use a Docker Engine that is running remotely (under your desk or in the cloud). Docker must be configured to connect to that machine and the local rsync port must be forwarded (via SSH or nc) from localhost to the remote machine. + +To do this easily with GCE and `docker-machine`, do something like this: +``` +# Create the remote docker machine on GCE. This is a pretty beefy machine with SSD disk. +KUBE_BUILD_VM=k8s-build +KUBE_BUILD_GCE_PROJECT= +docker-machine create \ + --driver=google \ + --google-project=${KUBE_BUILD_GCE_PROJECT} \ + --google-zone=us-west1-a \ + --google-machine-type=n1-standard-8 \ + --google-disk-size=50 \ + --google-disk-type=pd-ssd \ + ${KUBE_BUILD_VM} + +# Set up local docker to talk to that machine +eval $(docker-machine env ${KUBE_BUILD_VM}) + +# Pin down the port that rsync will be exposed on on the remote machine +export KUBE_RSYNC_PORT=8730 + +# forward local 8730 to that machine so that rsync works +docker-machine ssh ${KUBE_BUILD_VM} -L ${KUBE_RSYNC_PORT}:localhost:${KUBE_RSYNC_PORT} -N & +``` + +Look at `docker-machine stop`, `docker-machine start` and `docker-machine rm` to manage this VM. + +## Releasing + +The `build/release.sh` script will build a release. It will build binaries, run tests, (optionally) build runtime Docker images. + +The main output is a tar file: `kubernetes.tar.gz`. This includes: +* Cross compiled client utilities. +* Script (`kubectl`) for picking and running the right client binary based on platform. +* Examples +* Cluster deployment scripts for various clouds +* Tar file containing all server binaries + +In addition, there are some other tar files that are created: +* `kubernetes-client-*.tar.gz` Client binaries for a specific platform. +* `kubernetes-server-*.tar.gz` Server binaries for a specific platform. + +When building final release tars, they are first staged into `_output/release-stage` before being tar'd up and put into `_output/release-tars`. + +[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/build/README.md?pixel)]() diff --git a/vendor/k8s.io/kubernetes/build/pause/orphan.c b/vendor/k8s.io/kubernetes/build/pause/orphan.c new file mode 100644 index 000000000..07f490de9 --- /dev/null +++ b/vendor/k8s.io/kubernetes/build/pause/orphan.c @@ -0,0 +1,36 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +/* Creates a zombie to be reaped by init. Useful for testing. */ + +#include +#include + +int main() { + pid_t pid; + pid = fork(); + if (pid == 0) { + while (getppid() > 1) + ; + printf("Child exiting: pid=%d ppid=%d\n", getpid(), getppid()); + return 0; + } else if (pid > 0) { + printf("Parent exiting: pid=%d ppid=%d\n", getpid(), getppid()); + return 0; + } + perror("Could not create child"); + return 1; +} diff --git a/vendor/k8s.io/kubernetes/build/pause/pause.c b/vendor/k8s.io/kubernetes/build/pause/pause.c new file mode 100644 index 000000000..95966f438 --- /dev/null +++ b/vendor/k8s.io/kubernetes/build/pause/pause.c @@ -0,0 +1,68 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include +#include +#include +#include +#include +#include +#include + +#define STRINGIFY(x) #x +#define VERSION_STRING(x) STRINGIFY(x) + +#ifndef VERSION +#define VERSION HEAD +#endif + +static void sigdown(int signo) { + psignal(signo, "Shutting down, got signal"); + exit(0); +} + +static void sigreap(int signo) { + while (waitpid(-1, NULL, WNOHANG) > 0) + ; +} + +int main(int argc, char **argv) { + int i; + for (i = 1; i < argc; ++i) { + if (!strcasecmp(argv[i], "-v")) { + printf("pause.c %s\n", VERSION_STRING(VERSION)); + return 0; + } + } + + if (getpid() != 1) + /* Not an error because pause sees use outside of infra containers. */ + fprintf(stderr, "Warning: pause should be the first process\n"); + + if (sigaction(SIGINT, &(struct sigaction){.sa_handler = sigdown}, NULL) < 0) + return 1; + if (sigaction(SIGTERM, &(struct sigaction){.sa_handler = sigdown}, NULL) < 0) + return 2; + if (sigaction(SIGCHLD, &(struct sigaction){.sa_handler = sigreap, + .sa_flags = SA_NOCLDSTOP}, + NULL) < 0) + return 3; + + for (;;) + pause(); + fprintf(stderr, "Error: infinite loop terminated\n"); + return 42; +}