containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19951 from Luap99/small-remote 

podman-remote debloat: remove libimage dependency
This commit is contained in:
OpenShift Merge Robot 2023-09-14 15:27:45 +02:00 committed by GitHub
parent 61b9a38bd0 6b7f718b4b
commit 33e565520f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
200 changed files with 12439 additions and 14260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/podman/images/build.go
View File

@ -184,6 +184,7 @@ func buildFlags(cmd *cobra.Command) {
_ = flags.MarkHidden("compress")
_ = flags.MarkHidden("output")
_ = flags.MarkHidden("logsplit")
_ = flags.MarkHidden("cw")
}
}
@ -575,6 +576,14 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
}
}
var confidentialWorkloadOptions buildahDefine.ConfidentialWorkloadOptions
if c.Flag("cw").Changed {
confidentialWorkloadOptions, err = parse.GetConfidentialWorkloadOptions(flags.CWOptions)
if err != nil {
return nil, err
}
}
opts := buildahDefine.BuildOptions{
AddCapabilities: flags.CapAdd,
AdditionalTags: tags,
@ -587,6 +596,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
CacheFrom: cacheFrom,
CacheTo: cacheTo,
CacheTTL: cacheTTL,
ConfidentialWorkload: confidentialWorkloadOptions,
CommonBuildOpts: commonOpts,
Compression: compression,
ConfigureNetwork: networkPolicy,
@ -605,6 +615,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
Isolation: isolation,
Jobs: &flags.Jobs,
Labels: flags.Label,
LayerLabels: flags.LayerLabel,
Layers: flags.Layers,
LogRusage: flags.LogRusage,
LogFile: flags.Logfile,

4
cmd/podman/system/reset.go
View File

@ -9,7 +9,7 @@ import (
"os"
"strings"
"github.com/containers/buildah/pkg/parse"
"github.com/containers/buildah/pkg/volumes"
"github.com/containers/common/pkg/completion"
"github.com/containers/podman/v4/cmd/podman/registry"
"github.com/containers/podman/v4/cmd/podman/validate"
@ -97,7 +97,7 @@ func reset(cmd *cobra.Command, args []string) {
logrus.Error(err)
}
// Clean build cache if any
err = parse.CleanCacheMount()
err = volumes.CleanCacheMount()
if err != nil {
logrus.Error(err)
}

68
docs/source/markdown/podman-build.1.md.in
View File

@ -222,6 +222,66 @@ Set additional flags to pass to the C Preprocessor cpp(1). Containerfiles ending
@@option creds
#### **--cw**=*options*
Produce an image suitable for use as a confidential workload running in a
trusted execution environment (TEE) using krun (i.e., *crun* built with the
libkrun feature enabled and invoked as *krun*). Instead of the conventional
contents, the root filesystem of the image will contain an encrypted disk image
and configuration information for krun.
The value for *options* is a comma-separated list of key=value pairs, supplying
configuration information which is needed for producing the additional data
which will be included in the container image.
Recognized _keys_ are:
*attestation_url*: The location of a key broker / attestation server.
If a value is specified, the new image's workload ID, along with the passphrase
used to encrypt the disk image, will be registered with the server, and the
server's location will be stored in the container image.
At run-time, krun is expected to contact the server to retrieve the passphrase
using the workload ID, which is also stored in the container image.
If no value is specified, a *passphrase* value *must* be specified.
*cpus*: The number of virtual CPUs which the image expects to be run with at
run-time. If not specified, a default value will be supplied.
*firmware_library*: The location of the libkrunfw-sev shared library. If not
specified, `buildah` checks for its presence in a number of hard-coded
locations.
*memory*: The amount of memory which the image expects to be run with at
run-time, as a number of megabytes. If not specified, a default value will be
supplied.
*passphrase*: The passphrase to use to encrypt the disk image which will be
included in the container image.
If no value is specified, but an *attestation_url* value is specified, a
randomly-generated passphrase will be used.
The authors recommend setting an *attestation_url* but not a *passphrase*.
*slop*: Extra space to allocate for the disk image compared to the size of the
container image's contents, expressed either as a percentage (..%) or a size
value (bytes, or larger units if suffixes like KB or MB are present), or a sum
of two or more such specifications. If not specified, `buildah` guesses that
25% more space than the contents will be enough, but this option is provided in
case its guess is wrong.
*type*: The type of trusted execution environment (TEE) which the image should
be marked for use with. Accepted values are "SEV" (AMD Secure Encrypted
Virtualization - Encrypted State) and "SNP" (AMD Secure Encrypted
Virtualization - Secure Nested Paging). If not specified, defaults to "SNP".
*workload_id*: A workload identifier which will be recorded in the container
image, to be used at run-time for retrieving the passphrase which was used to
encrypt the disk image. If not specified, a semi-random value will be derived
from the base image's image ID.
This option is not supported on the remote client, including Mac and Windows
(excluding WSL2) machines.
#### **--decryption-key**=*key[:passphrase]*
The [key[:passphrase]] to be used for decryption of images. Key can point to
@ -396,6 +456,14 @@ capabilities is a subset of the default list.
If the specified capabilities are not in the default set, Podman prints an error
message and runs the container with the default capabilities.
#### **--layer-label**=*label[=value]*
Add an intermediate image *label* (e.g. label=*value*) to the intermediate
image metadata. It can be used multiple times.
If *label* is named, but neither `=` nor a `value` is provided, then
the *label* is set to an empty value.
#### **--layers**
Cache intermediate images during the build process (Default is `true`).

18
go.mod
View File

@ -12,14 +12,14 @@ require (
github.com/container-orchestrated-devices/container-device-interface v0.6.1
github.com/containernetworking/cni v1.1.2
github.com/containernetworking/plugins v1.3.0
github.com/containers/buildah v1.31.1-0.20230722114901-5ece066f82c6
github.com/containers/common v0.55.1-0.20230912125309-7fa3c55bd517
github.com/containers/buildah v1.31.1-0.20230914090547-70d8ab94953a
github.com/containers/common v0.56.0
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.27.1-0.20230911141411-81c35e010bab
github.com/containers/image/v5 v5.28.0
github.com/containers/libhvee v0.4.1-0.20230905135638-56fb23533417
github.com/containers/ocicrypt v1.1.8
github.com/containers/psgo v1.8.0
github.com/containers/storage v1.50.0
github.com/containers/storage v1.50.2
github.com/coreos/go-systemd/v22 v22.5.0
github.com/coreos/stream-metadata-go v0.4.3
github.com/crc-org/vfkit v0.1.1
@ -78,17 +78,19 @@ require (
require (
dario.cat/mergo v1.0.0 // indirect
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/Microsoft/hcsshim v0.11.0 // indirect
github.com/Microsoft/hcsshim v0.12.0-rc.0 // indirect
github.com/VividCortex/ewma v1.2.0 // indirect
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
github.com/aead/serpent v0.0.0-20160714141033-fba169763ea6 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/bytedance/sonic v1.9.1 // indirect
github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
github.com/chzyer/readline v1.5.1 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
github.com/containerd/containerd v1.7.5 // indirect
github.com/containerd/cgroups/v3 v3.0.2 // indirect
github.com/containerd/containerd v1.7.6 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
github.com/containers/luksy v0.0.0-20230808154129-d2d74a56682f // indirect
github.com/coreos/go-oidc/v3 v3.6.0 // indirect
github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f // indirect
github.com/cyberphone/json-canonicalization v0.0.0-20230710064741-aa7fe85c7dbd // indirect
@ -191,7 +193,7 @@ require (
golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
google.golang.org/grpc v1.56.2 // indirect
google.golang.org/grpc v1.57.0 // indirect
gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect

36
go.sum
View File

@ -67,8 +67,8 @@ github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn
github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
github.com/Microsoft/hcsshim v0.11.0 h1:7EFNIY4igHEXUdj1zXgAyU3fLc7QfOKHbkldRVTBdiM=
github.com/Microsoft/hcsshim v0.11.0/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM=
github.com/Microsoft/hcsshim v0.12.0-rc.0 h1:wX/F5huJxH9APBkhKSEAqaiZsuBvbbDnyBROZAqsSaY=
github.com/Microsoft/hcsshim v0.12.0-rc.0/go.mod h1:rvOnw3YlfoNnEp45wReUngvsXbwRW+AFQ10GVjG1kMU=
github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
@ -82,6 +82,8 @@ github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1o
github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
github.com/aead/serpent v0.0.0-20160714141033-fba169763ea6 h1:5L8Mj9Co9sJVgW3TpYk2gxGJnDjsYuboNTcRmbtGKGs=
github.com/aead/serpent v0.0.0-20160714141033-fba169763ea6/go.mod h1:3HgLJ9d18kXMLQlJvIY3+FszZYMxCz8WfE2MQ7hDY0w=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@ -166,8 +168,8 @@ github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4S
github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo=
github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
@ -188,8 +190,8 @@ github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09Zvgq
github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
github.com/containerd/containerd v1.7.5 h1:i9T9XpAWMe11BHMN7pu1BZqOGjXaKTPyz2v+KYOZgkY=
github.com/containerd/containerd v1.7.5/go.mod h1:ieJNCSzASw2shSGYLHx8NAE7WsZ/gEigo5fQ78W5Zvw=
github.com/containerd/containerd v1.7.6 h1:oNAVsnhPoy4BTPQivLgTzI9Oleml9l/+eYIDYXRCYo8=
github.com/containerd/containerd v1.7.6/go.mod h1:SY6lrkkuJT40BVNO37tlYTSnKJnP5AXBc0fhx0q+TJ4=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
@ -245,18 +247,20 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV
github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
github.com/containernetworking/plugins v1.3.0 h1:QVNXMT6XloyMUoO2wUOqWTC1hWFV62Q6mVDp5H1HnjM=
github.com/containernetworking/plugins v1.3.0/go.mod h1:Pc2wcedTQQCVuROOOaLBPPxrEXqqXBFt3cZ+/yVg6l0=
github.com/containers/buildah v1.31.1-0.20230722114901-5ece066f82c6 h1:K/S8SFQsnnNTF0Ws58SrBD9L0EuClzAG8Zp08d7+6AA=
github.com/containers/buildah v1.31.1-0.20230722114901-5ece066f82c6/go.mod h1:0sptTFBBtSznLqoTh80DfvMOCNbdRsNRgVOKhBhrupA=
github.com/containers/common v0.55.1-0.20230912125309-7fa3c55bd517 h1:VbCiDKqzPx8N1gyB1vtXKbI0HpX7QaFK9/9d0n4HgU4=
github.com/containers/common v0.55.1-0.20230912125309-7fa3c55bd517/go.mod h1:udRQMEx9cbPslGo/yCKmnBr7NJ6aVrqGOLKLs/c1Lqc=
github.com/containers/buildah v1.31.1-0.20230914090547-70d8ab94953a h1:2vUJdbZUfOcS0ehO16gEKZ6dPKoM+PEw7CKCdEOsoSc=
github.com/containers/buildah v1.31.1-0.20230914090547-70d8ab94953a/go.mod h1:sN3rA3DbnqekNz3bNdkqWduuirYDuMs54LUCOZOomBE=
github.com/containers/common v0.56.0 h1:hysHUsEai1EkMXanU26UV55wMXns/a6AYmaFqJ4fEMY=
github.com/containers/common v0.56.0/go.mod h1:IjaDdfUtcs2CfCcJMZxuut4XlvkTkY9Nlqkso9xCOq4=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.27.1-0.20230911141411-81c35e010bab h1:bAK5q9Coo11AMbtK/rojwOssSa+kXqAVhPYlHNmBZPE=
github.com/containers/image/v5 v5.27.1-0.20230911141411-81c35e010bab/go.mod h1:h4O2N9IxSqe/O/ThgOkPk/JaK2j+jhbEM8GhNI5WtbI=
github.com/containers/image/v5 v5.28.0 h1:H4cWbdI88UA/mDb6SxMo3IxpmS1BSs/Kifvhwt9g048=
github.com/containers/image/v5 v5.28.0/go.mod h1:9aPnNkwHNHgGl9VlQxXEshvmOJRbdRAc1rNDD6sP2eU=
github.com/containers/libhvee v0.4.1-0.20230905135638-56fb23533417 h1:fr+j21PD+IYR6Kvlf2Zrm1x9oAjV12T2Vz3oZIGTusw=
github.com/containers/libhvee v0.4.1-0.20230905135638-56fb23533417/go.mod h1:HiXu8GZyjzGjU834fROO00Ka/4B1IM8qxy/6q6x1f+4=
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA=
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
github.com/containers/luksy v0.0.0-20230808154129-d2d74a56682f h1:/HjLNYkVoUJNT4mm2dzGl63x7nD6YHxxI/k1kR0TkzA=
github.com/containers/luksy v0.0.0-20230808154129-d2d74a56682f/go.mod h1:hEjwW0sePqkTahMzbzeDsQEXN2zdF2VAccqSj5vb1NY=
github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
@ -265,8 +269,8 @@ github.com/containers/ocicrypt v1.1.8/go.mod h1:jM362hyBtbwLMWzXQZTlkjKGAQf/BN/L
github.com/containers/psgo v1.8.0 h1:2loGekmGAxM9ir5OsXWEfGwFxorMPYnc6gEDsGFQvhY=
github.com/containers/psgo v1.8.0/go.mod h1:T8ZxnX3Ur4RvnhxFJ7t8xJ1F48RhiZB4rSrOaR/qGHc=
github.com/containers/storage v1.43.0/go.mod h1:uZ147thiIFGdVTjMmIw19knttQnUCl3y9zjreHrg11s=
github.com/containers/storage v1.50.0 h1:b46xv6ewEV3KLP3y9fLAZ8x+ZAEaAkkFkZ8FTkY3YPA=
github.com/containers/storage v1.50.0/go.mod h1:XuzgVgTBiVKOREY1AKgY1u4ZMK4+feUGHTcqabFwJ68=
github.com/containers/storage v1.50.2 h1:Fys4BjFUVNRBEXlO70hFI48VW4EXsgnGisTpk9tTMsE=
github.com/containers/storage v1.50.2/go.mod h1:dpspZsUrcKD8SpTofvKWhwPDHD0MkO4Q7VE+oYdWkiA=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
@ -1472,8 +1476,8 @@ google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTp
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
google.golang.org/grpc v1.56.2 h1:fVRFRnXvU+x6C4IlHZewvJOVHoOv1TUuQyoRsYnB4bI=
google.golang.org/grpc v1.56.2/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

2
hack/golangci-lint.sh
View File

@ -11,7 +11,7 @@ BUILD_TAGS[tunnel]="${BUILD_TAGS[default]},remote"
declare -A SKIP_DIRS
SKIP_DIRS[abi]=""
# TODO: add "remote" build tag to pkg/api
SKIP_DIRS[tunnel]="pkg/api"
SKIP_DIRS[tunnel]="pkg/api,pkg/domain/infra/abi"
[[ $1 == run ]] && shift

2
pkg/api/handlers/compat/images_build.go
View File

@ -108,6 +108,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
Jobs int `schema:"jobs"`
LabelOpts string `schema:"labelopts"`
Labels string `schema:"labels"`
LayerLabels []string `schema:"layerLabel"`
Layers bool `schema:"layers"`
LogRusage bool `schema:"rusage"`
Manifest string `schema:"manifest"`
@ -686,6 +687,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
Isolation: isolation,
Jobs: &jobs,
Labels: labels,
LayerLabels: query.LayerLabels,
Layers: query.Layers,
LogRusage: query.LogRusage,
Manifest: query.Manifest,

6
pkg/api/server/register_images.go
View File

@ -1552,6 +1552,12 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error {
// JSON map of key, value pairs to set as labels on the new image
// (As of version 1.xx)
// - in: query
// name: layerLabel
// description: Add an intermediate image *label* (e.g. label=*value*) to the intermediate image metadata.
// type: array
// items:
// type: string
// - in: query
// name: layers
// type: boolean
// default: true

3
pkg/bindings/images/build.go
View File

@ -217,6 +217,9 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
params.Set("apparmor", options.CommonBuildOpts.ApparmorProfile)
}
for _, layerLabel := range options.LayerLabels {
params.Add("layerLabel", layerLabel)
}
if options.Layers {
params.Set("layers", "1")
}

3
pkg/checkpoint/checkpoint_restore.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package checkpoint
import (

4
pkg/specgen/generate/config_common.go
View File

@ -1,5 +1,5 @@
//go:build linux || ignore || freebsd
// +build linux ignore freebsd
//go:build !remote
// +build !remote
package generate

3
pkg/specgen/generate/config_common_test.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/config_freebsd.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/config_linux.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

16
pkg/specgen/generate/config_linux_nocgo.go
View File

@ -1,16 +0,0 @@
//go:build linux && !cgo
// +build linux,!cgo
package generate
import (
"errors"
"github.com/containers/common/libimage"
"github.com/containers/podman/v4/pkg/specgen"
spec "github.com/opencontainers/runtime-spec/specs-go"
)
func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *libimage.Image) (*spec.LinuxSeccomp, error) {
return nil, errors.New("not implemented")
}

4
pkg/specgen/generate/config_linux_cgo.go → pkg/specgen/generate/config_linux_seccomp.go
View File

@ -1,5 +1,5 @@
//go:build linux && cgo
// +build linux,cgo
//go:build linux && !remote
// +build linux,!remote
package generate

3
pkg/specgen/generate/config_linux_test.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/container.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/container_create.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/kube/kube.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package kube
import (

3
pkg/specgen/generate/kube/kube_test.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package kube
import (

4
pkg/specgen/generate/kube/play_test.go
View File

@ -1,5 +1,5 @@
//go:build linux
// +build linux
//go:build linux && !remote
// +build linux,!remote
package kube

3
pkg/specgen/generate/kube/seccomp.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package kube
import (

3
pkg/specgen/generate/kube/volume.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package kube
import (

3
pkg/specgen/generate/namespaces.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/namespaces_freebsd.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/namespaces_linux.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

16
pkg/specgen/generate/namespaces_unsupported.go
View File

@ -1,16 +0,0 @@
//go:build !linux && !freebsd
// +build !linux,!freebsd
package generate
import (
"errors"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/pkg/specgen"
"github.com/opencontainers/runtime-tools/generate"
)
func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt *libpod.Runtime, pod *libpod.Pod) error {
return errors.New("unsupported specConfigureNamespaces")
}

3
pkg/specgen/generate/oci.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/oci_freebsd.go
View File

@ -1,4 +1,5 @@
//go:build freebsd
//go:build !remote
// +build !remote
package generate

3
pkg/specgen/generate/oci_linux.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

24
pkg/specgen/generate/oci_unsupported.go
View File

@ -1,24 +0,0 @@
//go:build !linux && !freebsd
// +build !linux,!freebsd
package generate
import (
"context"
"errors"
"github.com/containers/common/libimage"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/pkg/specgen"
spec "github.com/opencontainers/runtime-spec/specs-go"
)
// SpecGenToOCI returns the base configuration for the container.
func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runtime, rtc *config.Config, newImage *libimage.Image, mounts []spec.Mount, pod *libpod.Pod, finalCmd []string, compatibleOptions *libpod.InfraInherit) (*spec.Spec, error) {
return nil, errors.New("unsupported SpecGenToOCI")
}
func WeightDevices(wtDevices map[string]spec.LinuxWeightDevice) ([]spec.LinuxWeightDevice, error) {
return []spec.LinuxWeightDevice{}, errors.New("unsupported WeightDevices")
}

3
pkg/specgen/generate/pause_image.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/pod_create.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/pod_create_test.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/ports.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/ports_bench_test.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/ports_test.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/security_freebsd.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/security_linux.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

24
pkg/specgen/generate/security_unsupported.go
View File

@ -1,24 +0,0 @@
//go:build !linux && !freebsd
// +build !linux,!freebsd
package generate
import (
"errors"
"github.com/containers/common/libimage"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/pkg/specgen"
"github.com/opencontainers/runtime-tools/generate"
)
// setLabelOpts sets the label options of the SecurityConfig according to the
// input.
func setLabelOpts(s *specgen.SpecGenerator, runtime *libpod.Runtime, pidConfig specgen.Namespace, ipcConfig specgen.Namespace) error {
return errors.New("unsupported setLabelOpts")
}
func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, newImage *libimage.Image, rtc *config.Config) error {
return errors.New("unsupported securityConfigureGenerator")
}

3
pkg/specgen/generate/storage.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/storage_freebsd.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/storage_linux.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

3
pkg/specgen/generate/validate.go
View File

@ -1,3 +1,6 @@
//go:build !remote
// +build !remote
package generate
import (

18
pkg/specgen/specgen.go
View File

@ -6,7 +6,6 @@ import (
"strings"
"syscall"
"github.com/containers/common/libimage"
nettypes "github.com/containers/common/libnetwork/types"
"github.com/containers/image/v5/manifest"
"github.com/containers/podman/v4/libpod/define"
@ -570,20 +569,9 @@ type SpecGenerator struct {
ContainerResourceConfig
ContainerHealthCheckConfig
image *libimage.Image `json:"-"`
resolvedImageName string `json:"-"`
}
// SetImage sets the associated for the generator.
func (s *SpecGenerator) SetImage(image *libimage.Image, resolvedImageName string) {
s.image = image
s.resolvedImageName = resolvedImageName
}
// Image returns the associated image for the generator.
// May be nil if no image has been set yet.
func (s *SpecGenerator) GetImage() (*libimage.Image, string) {
return s.image, s.resolvedImageName
//nolint:unused // this is needed for the local client but golangci-lint
// does not seems to happy when we test the remote stub
cacheLibImage
}
func (s *SpecGenerator) IsInitContainer() bool {

23
pkg/specgen/specgen_local.go Normal file
View File

@ -0,0 +1,23 @@
//go:build !remote
// +build !remote
package specgen
import "github.com/containers/common/libimage"
type cacheLibImage struct {
image *libimage.Image `json:"-"`
resolvedImageName string `json:"-"`
}
// SetImage sets the associated for the generator.
func (s *SpecGenerator) SetImage(image *libimage.Image, resolvedImageName string) {
s.image = image
s.resolvedImageName = resolvedImageName
}
// Image returns the associated image for the generator.
// May be nil if no image has been set yet.
func (s *SpecGenerator) GetImage() (*libimage.Image, string) {
return s.image, s.resolvedImageName
}

10
pkg/specgen/specgen_remote.go Normal file
View File

@ -0,0 +1,10 @@
//go:build remote
// +build remote
package specgen
// Empty stub we do not use any libimage on the remote client,
// this drastically decreases binary size for the remote client.
//
//nolint:unused // this is needed for the local client
type cacheLibImage struct{}

57
vendor/github.com/Microsoft/go-winio/tools/mkwinsyscall/doc.go generated vendored
View File

@ -1,57 +0,0 @@
/*
mkwinsyscall generates windows system call bodies
It parses all files specified on command line containing function
prototypes (like syscall_windows.go) and prints system call bodies
to standard output.
The prototypes are marked by lines beginning with "//sys" and read
like func declarations if //sys is replaced by func, but:
- The parameter lists must give a name for each argument. This
includes return parameters.
- The parameter lists must give a type for each argument:
the (x, y, z int) shorthand is not allowed.
- If the return parameter is an error number, it must be named err.
- If go func name needs to be different from its winapi dll name,
the winapi name could be specified at the end, after "=" sign, like
//sys LoadLibrary(libname string) (handle uint32, err error) = LoadLibraryA
- Each function that returns err needs to supply a condition, that
return value of winapi will be tested against to detect failure.
This would set err to windows "last-error", otherwise it will be nil.
The value can be provided at end of //sys declaration, like
//sys LoadLibrary(libname string) (handle uint32, err error) [failretval==-1] = LoadLibraryA
and is [failretval==0] by default.
- If the function name ends in a "?", then the function not existing is non-
fatal, and an error will be returned instead of panicking.
Usage:
mkwinsyscall [flags] [path ...]
Flags
-output string
Output file name (standard output if omitted).
-sort
Sort DLL and function declarations (default true).
Intended to help transition from older versions of mkwinsyscall by making diffs
easier to read and understand.
-systemdll
Whether all DLLs should be loaded from the Windows system directory (default true).
-trace
Generate print statement after every syscall.
-utf16
Encode string arguments as UTF-16 for syscalls not ending in 'A' or 'W' (default true).
-winio
Import this package ("github.com/Microsoft/go-winio").
*/
package main

1059
vendor/github.com/Microsoft/go-winio/tools/mkwinsyscall/mkwinsyscall.go generated vendored
View File

File diff suppressed because it is too large Load Diff

4
vendor/github.com/Microsoft/hcsshim/.gitignore generated vendored
View File

@ -37,6 +37,10 @@ rootfs-conv/*
deps/*
out/*
# protobuf files
# only files at root of the repo, otherwise this will cause issues with vendoring
/protobuf/*
# test results
test/results

30
vendor/github.com/Microsoft/hcsshim/.golangci.yml generated vendored
View File

@ -21,17 +21,31 @@ linters:
# - unused
- gofmt # whether code was gofmt-ed
- govet # enabled by default, but just to be sure
- nolintlint # ill-formed or insufficient nolint directives
- stylecheck # golint replacement
- thelper # test helpers without t.Helper()
linters-settings:
govet:
enable-all: true
disable:
# struct order is often for Win32 compat
# also, ignore pointer bytes/GC issues for now until performance becomes an issue
- fieldalignment
check-shadowing: true
stylecheck:
# https://staticcheck.io/docs/checks
checks: ["all"]
issues:
exclude-rules:
# err is very often shadowed in nested scopes
- linters:
- govet
text: '^shadow: declaration of "err" shadows declaration'
# path is relative to module root, which is ./test/
- path: cri-containerd
linters:
@ -135,3 +149,19 @@ issues:
linters:
- stylecheck
Text: "ST1003:"
# v0 APIs are deprecated, but still retained for backwards compatability
- path: cmd\\ncproxy\\
linters:
- staticcheck
text: "^SA1019: .*(ncproxygrpc|nodenetsvc)[/]?v0"
- path: internal\\tools\\networkagent
linters:
- staticcheck
text: "^SA1019: .*nodenetsvc[/]?v0"
- path: internal\\vhdx\\info
linters:
- stylecheck
Text: "ST1003:"

57
vendor/github.com/Microsoft/hcsshim/Protobuild.toml generated vendored
View File

@ -1,48 +1,25 @@
version = "1"
generator = "gogoctrd"
plugins = ["grpc", "fieldpath"]
version = "2"
generators = ["go", "go-grpc"]
# Control protoc include paths. Below are usually some good defaults, but feel
# free to try it without them if it works for your project.
# Control protoc include paths.
[includes]
# Include paths that will be added before all others. Typically, you want to
# treat the root of the project as an include, but this may not be necessary.
before = ["./protobuf"]
# Paths that should be treated as include roots in relation to the vendor
# directory. These will be calculated with the vendor directory nearest the
# target package.
packages = ["github.com/gogo/protobuf"]
# defaults are "/usr/local/include" and "/usr/include", which don't exist on Windows.
# override defaults to supress errors about non-existant directories.
after = []
# This section maps protobuf imports to Go packages. These will become
# `-M` directives in the call to the go protobuf generator.
# This section maps protobuf imports to Go packages.
[packages]
"gogoproto/gogo.proto" = "github.com/gogo/protobuf/gogoproto"
"google/protobuf/any.proto" = "github.com/gogo/protobuf/types"
"google/protobuf/empty.proto" = "github.com/gogo/protobuf/types"
"google/protobuf/struct.proto" = "github.com/gogo/protobuf/types"
"google/protobuf/descriptor.proto" = "github.com/gogo/protobuf/protoc-gen-gogo/descriptor"
"google/protobuf/field_mask.proto" = "github.com/gogo/protobuf/types"
"google/protobuf/timestamp.proto" = "github.com/gogo/protobuf/types"
"google/protobuf/duration.proto" = "github.com/gogo/protobuf/types"
"github/containerd/cgroups/stats/v1/metrics.proto" = "github.com/containerd/cgroups/stats/v1"
# github.com/containerd/cgroups protofiles still list their go path as "github.com/containerd/cgroups/cgroup1/stats"
"github.com/containerd/cgroups/v3/cgroup1/stats/metrics.proto" = "github.com/containerd/cgroups/v3/cgroup1/stats"
[[overrides]]
prefixes = ["github.com/Microsoft/hcsshim/internal/shimdiag"]
plugins = ["ttrpc"]
[[overrides]]
prefixes = ["github.com/Microsoft/hcsshim/internal/extendedtask"]
plugins = ["ttrpc"]
[[overrides]]
prefixes = ["github.com/Microsoft/hcsshim/internal/computeagent"]
plugins = ["ttrpc"]
[[overrides]]
prefixes = ["github.com/Microsoft/hcsshim/internal/ncproxyttrpc"]
plugins = ["ttrpc"]
[[overrides]]
prefixes = ["github.com/Microsoft/hcsshim/internal/vmservice"]
plugins = ["ttrpc"]
prefixes = [
"github.com/Microsoft/hcsshim/internal/shimdiag",
"github.com/Microsoft/hcsshim/internal/extendedtask",
"github.com/Microsoft/hcsshim/internal/computeagent",
"github.com/Microsoft/hcsshim/internal/ncproxyttrpc",
"github.com/Microsoft/hcsshim/internal/vmservice",
]
generators = ["go", "go-ttrpc"]

4
vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go generated vendored
View File

@ -16,7 +16,9 @@ import (
"github.com/Microsoft/hcsshim/internal/security"
)
const defaultVHDXBlockSizeInMB = 1
const (
defaultVHDXBlockSizeInMB = 1
)
// SetupContainerBaseLayer is a helper to setup a containers scratch. It
// will create and format the vhdx's inside and the size is configurable with the sizeInGB

2
vendor/github.com/Microsoft/hcsshim/computestorage/storage.go generated vendored
View File

@ -11,7 +11,7 @@ import (
//sys hcsImportLayer(layerPath string, sourceFolderPath string, layerData string) (hr error) = computestorage.HcsImportLayer?
//sys hcsExportLayer(layerPath string, exportFolderPath string, layerData string, options string) (hr error) = computestorage.HcsExportLayer?
//sys hcsDestroyLayer(layerPath string) (hr error) = computestorage.HcsDestoryLayer?
//sys hcsDestroyLayer(layerPath string) (hr error) = computestorage.HcsDestroyLayer?
//sys hcsSetupBaseOSLayer(layerPath string, handle windows.Handle, options string) (hr error) = computestorage.HcsSetupBaseOSLayer?
//sys hcsInitializeWritableLayer(writableLayerPath string, layerData string, options string) (hr error) = computestorage.HcsInitializeWritableLayer?
//sys hcsAttachLayerStorageFilter(layerPath string, layerData string) (hr error) = computestorage.HcsAttachLayerStorageFilter?

6
vendor/github.com/Microsoft/hcsshim/computestorage/zsyscall_windows.go generated vendored
View File

@ -43,7 +43,7 @@ var (
modcomputestorage = windows.NewLazySystemDLL("computestorage.dll")
procHcsAttachLayerStorageFilter = modcomputestorage.NewProc("HcsAttachLayerStorageFilter")
procHcsDestoryLayer = modcomputestorage.NewProc("HcsDestoryLayer")
procHcsDestroyLayer = modcomputestorage.NewProc("HcsDestroyLayer")
procHcsDetachLayerStorageFilter = modcomputestorage.NewProc("HcsDetachLayerStorageFilter")
procHcsExportLayer = modcomputestorage.NewProc("HcsExportLayer")
procHcsFormatWritableLayerVhd = modcomputestorage.NewProc("HcsFormatWritableLayerVhd")
@ -93,11 +93,11 @@ func hcsDestroyLayer(layerPath string) (hr error) {
}
func _hcsDestroyLayer(layerPath *uint16) (hr error) {
hr = procHcsDestoryLayer.Find()
hr = procHcsDestroyLayer.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall(procHcsDestoryLayer.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
r0, _, _ := syscall.Syscall(procHcsDestroyLayer.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff

25
vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cim_mount.go generated vendored Normal file
View File

@ -0,0 +1,25 @@
/*
* HCS API
*
* No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
*
* API version: 2.5
* Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
*/
package hcsschema
const (
CimMountFlagNone uint32 = 0x0
CimMountFlagChildOnly uint32 = 0x1
CimMountFlagEnableDax uint32 = 0x2
CimMountFlagCacheFiles uint32 = 0x4
CimMountFlagCacheRegions uint32 = 0x8
)
type CimMount struct {
ImagePath string `json:"ImagePath,omitempty"`
FileSystemName string `json:"FileSystemName,omitempty"`
VolumeGuid string `json:"VolumeGuid,omitempty"`
MountFlags uint32 `json:"MountFlags,omitempty"`
}

2
vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/isolation_settings.go generated vendored
View File

@ -17,5 +17,5 @@ type IsolationSettings struct {
DebugPort int64 `json:"DebugPort,omitempty"`
// Optional data passed by host on isolated virtual machine start
LaunchData string `json:"LaunchData,omitempty"`
HclEnabled bool `json:"HclEnabled,omitempty"`
HclEnabled *bool `json:"HclEnabled,omitempty"`
}

2
vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/properties.go generated vendored
View File

@ -10,7 +10,7 @@
package hcsschema
import (
v1 "github.com/containerd/cgroups/stats/v1"
v1 "github.com/containerd/cgroups/v3/cgroup1/stats"
)
type Properties struct {

2
vendor/github.com/Microsoft/hcsshim/internal/jobobject/jobobject.go generated vendored
View File

@ -167,7 +167,7 @@ func Create(ctx context.Context, options *Options) (_ *JobObject, err error) {
//
// Returns a JobObject structure and an error if there is one.
func Open(ctx context.Context, options *Options) (_ *JobObject, err error) {
if options == nil || (options != nil && options.Name == "") {
if options == nil || options.Name == "" {
return nil, errors.New("no job object name specified to open")
}

42
vendor/github.com/Microsoft/hcsshim/internal/log/format.go generated vendored
View File

@ -10,6 +10,9 @@ import (
"time"
"github.com/containerd/containerd/log"
"github.com/sirupsen/logrus"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/proto"
)
const TimeFormat = log.RFC3339NanoFixed
@ -59,25 +62,48 @@ func formatAddr(a net.Addr) string {
func Format(ctx context.Context, v interface{}) string {
b, err := encode(v)
if err != nil {
G(ctx).WithError(err).Warning("could not format value")
// logging errors aren't really warning worthy, and can potentially spam a lot of logs out
G(ctx).WithFields(logrus.Fields{
logrus.ErrorKey: err,
"type": fmt.Sprintf("%T", v),
}).Debug("could not format value")
return ""
}
return string(b)
}
func encode(v interface{}) ([]byte, error) {
return encodeBuffer(&bytes.Buffer{}, v)
}
func encode(v interface{}) (_ []byte, err error) {
if m, ok := v.(proto.Message); ok {
// use canonical JSON encoding for protobufs (instead of [encoding/json])
// https://protobuf.dev/programming-guides/proto3/#json
var b []byte
b, err = protojson.MarshalOptions{
AllowPartial: true,
// protobuf defaults to camel case for JSON encoding; use proto field name instead (snake case)
UseProtoNames: true,
}.Marshal(m)
if err == nil {
// the protojson marshaller tries to unmarshal anypb.Any fields, which can
// fail for types encoded with "github.com/containerd/typeurl/v2"
// we can try creating a dedicated protoregistry.MessageTypeResolver that uses typeurl, but, its
// more robust to fall back on json marshalling for errors in general
return b, nil
}
func encodeBuffer(buf *bytes.Buffer, v interface{}) ([]byte, error) {
}
buf := &bytes.Buffer{}
enc := json.NewEncoder(buf)
enc.SetEscapeHTML(false)
enc.SetIndent("", "")
if err := enc.Encode(v); err != nil {
err = fmt.Errorf("could not marshall %T to JSON for logging: %w", v, err)
return nil, err
if jErr := enc.Encode(v); jErr != nil {
if err != nil {
// TODO (go1.20): use multierror via fmt.Errorf("...: %w; ...: %w", ...)
return nil, fmt.Errorf("protojson encoding: %v; json encoding: %w", err, jErr)
}
return nil, fmt.Errorf("json encoding: %w", jErr)
}
// encoder.Encode appends a newline to the end

8
vendor/github.com/Microsoft/hcsshim/internal/log/scrub.go generated vendored
View File

@ -55,7 +55,7 @@ func ScrubProcessParameters(s string) (string, error) {
}
pp.Environment = map[string]string{_scrubbedReplacement: _scrubbedReplacement}
b, err := encodeBuffer(bytes.NewBuffer(b[:0]), pp)
b, err := encode(pp)
if err != nil {
return "", err
}
@ -89,11 +89,11 @@ func scrubBridgeCreate(m genMap) error {
}
func scrubLinuxHostedSystem(m genMap) error {
if m, ok := index(m, "OciSpecification"); ok {
if m, ok := index(m, "OciSpecification"); ok { //nolint:govet // shadow
if _, ok := m["annotations"]; ok {
m["annotations"] = map[string]string{_scrubbedReplacement: _scrubbedReplacement}
}
if m, ok := index(m, "process"); ok {
if m, ok := index(m, "process"); ok { //nolint:govet // shadow
if _, ok := m["env"]; ok {
m["env"] = []string{_scrubbedReplacement}
return nil
@ -113,7 +113,7 @@ func scrubExecuteProcess(m genMap) error {
if !isRequestBase(m) {
return ErrUnknownType
}
if m, ok := index(m, "Settings"); ok {
if m, ok := index(m, "Settings"); ok { //nolint:govet // shadow
if ss, ok := m["ProcessParameters"]; ok {
// ProcessParameters is a json encoded struct passed as a regular sting field
s, ok := ss.(string)

8
vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go generated vendored
View File

@ -276,7 +276,7 @@ func RemoveAllRelative(path string, root *os.File) error {
}
// It is necessary to use os.Open as Readdirnames does not work with
// OpenRelative. This is safe because the above lstatrelative fails
// OpenRelative. This is safe because the above LstatRelative fails
// if the target is outside the root, and we know this is not a
// symlink from the above FILE_ATTRIBUTE_REPARSE_POINT check.
fd, err := os.Open(filepath.Join(root.Name(), path))
@ -293,12 +293,12 @@ func RemoveAllRelative(path string, root *os.File) error {
for {
names, err1 := fd.Readdirnames(100)
for _, name := range names {
err1 := RemoveAllRelative(path+string(os.PathSeparator)+name, root)
if err == nil {
err = err1
if err2 := RemoveAllRelative(path+string(os.PathSeparator)+name, root); err == nil {
err = err2
}
}
if err1 == io.EOF {
// Readdirnames has no more files to return
break
}
// If Readdirnames returned an error, use it.

4
vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayerreader.go generated vendored
View File

@ -72,8 +72,8 @@ func (r *baseLayerReader) walkUntilCancelled() error {
return err
}
utilityVMAbsPath := filepath.Join(r.root, utilityVMPath)
utilityVMFilesAbsPath := filepath.Join(r.root, utilityVMFilesPath)
utilityVMAbsPath := filepath.Join(r.root, UtilityVMPath)
utilityVMFilesAbsPath := filepath.Join(r.root, UtilityVMFilesPath)
// Ignore a UtilityVM without Files, that's not _really_ a UtiltyVM
if _, err = os.Lstat(utilityVMFilesAbsPath); err != nil {

13
vendor/github.com/Microsoft/hcsshim/internal/wclayer/converttobaselayer.go generated vendored
View File

@ -5,7 +5,6 @@ import (
"fmt"
"os"
"path/filepath"
"syscall"
"github.com/Microsoft/hcsshim/internal/hcserror"
"github.com/Microsoft/hcsshim/internal/longpath"
@ -37,7 +36,7 @@ func ensureHive(path string, root *os.File) (err error) {
return fmt.Errorf("getting path: %w", err)
}
var key syscall.Handle
var key winapi.ORHKey
err = winapi.ORCreateHive(&key)
if err != nil {
return fmt.Errorf("creating hive: %w", err)
@ -72,7 +71,7 @@ func ensureBaseLayer(root *os.File) (hasUtilityVM bool, err error) {
}
}
stat, err := safefile.LstatRelative(utilityVMFilesPath, root)
stat, err := safefile.LstatRelative(UtilityVMFilesPath, root)
if os.IsNotExist(err) {
return false, nil
@ -83,7 +82,7 @@ func ensureBaseLayer(root *os.File) (hasUtilityVM bool, err error) {
}
if !stat.Mode().IsDir() {
fullPath := filepath.Join(root.Name(), utilityVMFilesPath)
fullPath := filepath.Join(root.Name(), UtilityVMFilesPath)
return false, errors.Errorf("%s has unexpected file mode %s", fullPath, stat.Mode().String())
}
@ -92,7 +91,7 @@ func ensureBaseLayer(root *os.File) (hasUtilityVM bool, err error) {
// Just check that this exists as a regular file. If it exists but is not a valid registry hive,
// ProcessUtilityVMImage will complain:
// "The registry could not read in, or write out, or flush, one of the files that contain the system's image of the registry."
bcdPath := filepath.Join(utilityVMFilesPath, bcdRelativePath)
bcdPath := filepath.Join(UtilityVMFilesPath, bcdRelativePath)
stat, err = safefile.LstatRelative(bcdPath, root)
if err != nil {
@ -122,12 +121,12 @@ func convertToBaseLayer(ctx context.Context, root *os.File) error {
return nil
}
err = safefile.EnsureNotReparsePointRelative(utilityVMPath, root)
err = safefile.EnsureNotReparsePointRelative(UtilityVMPath, root)
if err != nil {
return err
}
utilityVMPath := filepath.Join(root.Name(), utilityVMPath)
utilityVMPath := filepath.Join(root.Name(), UtilityVMPath)
return ProcessUtilityVMImage(ctx, utilityVMPath)
}

39
vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go generated vendored
View File

@ -29,10 +29,19 @@ var mutatedUtilityVMFiles = map[string]bool{
}
const (
filesPath = `Files`
hivesPath = `Hives`
utilityVMPath = `UtilityVM`
utilityVMFilesPath = `UtilityVM\Files`
filesPath = `Files`
HivesPath = `Hives`
UtilityVMPath = `UtilityVM`
UtilityVMFilesPath = `UtilityVM\Files`
RegFilesPath = `Files\Windows\System32\config`
BcdFilePath = `UtilityVM\Files\EFI\Microsoft\Boot\BCD`
BootMgrFilePath = `UtilityVM\Files\EFI\Microsoft\Boot\bootmgfw.efi`
ContainerBaseVhd = `blank-base.vhdx`
ContainerScratchVhd = `blank.vhdx`
UtilityVMBaseVhd = `SystemTemplateBase.vhdx`
UtilityVMScratchVhd = `SystemTemplate.vhdx`
LayoutFileName = `layout`
UvmBuildFileName = `uvmbuildversion`
)
func openFileOrDir(path string, mode uint32, createDisposition uint32) (file *os.File, err error) {
@ -243,11 +252,11 @@ func (r *legacyLayerReader) Next() (path string, size int64, fileInfo *winio.Fil
if !hasPathPrefix(path, filesPath) {
size = fe.fi.Size()
r.backupReader = winio.NewBackupFileReader(f, false)
if path == hivesPath || path == filesPath {
if path == HivesPath || path == filesPath {
// The Hives directory has a non-deterministic file time because of the
// nature of the import process. Use the times from System_Delta.
var g *os.File
g, err = os.Open(filepath.Join(r.root, hivesPath, `System_Delta`))
g, err = os.Open(filepath.Join(r.root, HivesPath, `System_Delta`))
if err != nil {
return
}
@ -409,7 +418,7 @@ func (w *legacyLayerWriter) CloseRoots() {
func (w *legacyLayerWriter) initUtilityVM() error {
if !w.HasUtilityVM {
err := safefile.MkdirRelative(utilityVMPath, w.destRoot)
err := safefile.MkdirRelative(UtilityVMPath, w.destRoot)
if err != nil {
return err
}
@ -417,7 +426,7 @@ func (w *legacyLayerWriter) initUtilityVM() error {
// clone the utility VM from the parent layer into this layer. Use hard
// links to avoid unnecessary copying, since most of the files are
// immutable.
err = cloneTree(w.parentRoots[0], w.destRoot, utilityVMFilesPath, mutatedUtilityVMFiles)
err = cloneTree(w.parentRoots[0], w.destRoot, UtilityVMFilesPath, mutatedUtilityVMFiles)
if err != nil {
return fmt.Errorf("cloning the parent utility VM image failed: %s", err)
}
@ -592,7 +601,7 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro
return err
}
if name == utilityVMPath {
if name == UtilityVMPath {
return w.initUtilityVM()
}
@ -601,11 +610,11 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro
}
name = filepath.Clean(name)
if hasPathPrefix(name, utilityVMPath) {
if hasPathPrefix(name, UtilityVMPath) {
if !w.HasUtilityVM {
return errors.New("missing UtilityVM directory")
}
if !hasPathPrefix(name, utilityVMFilesPath) && name != utilityVMFilesPath {
if !hasPathPrefix(name, UtilityVMFilesPath) && name != UtilityVMFilesPath {
return errors.New("invalid UtilityVM layer")
}
createDisposition := uint32(winapi.FILE_OPEN)
@ -699,7 +708,7 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro
return err
}
if hasPathPrefix(name, hivesPath) {
if hasPathPrefix(name, HivesPath) {
w.backupWriter = winio.NewBackupFileWriter(f, false)
w.bufWriter.Reset(w.backupWriter)
} else {
@ -731,14 +740,14 @@ func (w *legacyLayerWriter) AddLink(name string, target string) error {
// Look for cross-layer hard link targets in the parent layers, since
// nothing is in the destination path yet.
roots = w.parentRoots
} else if hasPathPrefix(target, utilityVMFilesPath) {
} else if hasPathPrefix(target, UtilityVMFilesPath) {
// Since the utility VM is fully cloned into the destination path
// already, look for cross-layer hard link targets directly in the
// destination path.
roots = []*os.File{w.destRoot}
}
if roots == nil || (!hasPathPrefix(name, filesPath) && !hasPathPrefix(name, utilityVMFilesPath)) {
if roots == nil || (!hasPathPrefix(name, filesPath) && !hasPathPrefix(name, UtilityVMFilesPath)) {
return errors.New("invalid hard link in layer")
}
@ -777,7 +786,7 @@ func (w *legacyLayerWriter) Remove(name string) error {
name = filepath.Clean(name)
if hasPathPrefix(name, filesPath) {
w.Tombstones = append(w.Tombstones, name)
} else if hasPathPrefix(name, utilityVMFilesPath) {
} else if hasPathPrefix(name, UtilityVMFilesPath) {
err := w.initUtilityVM()
if err != nil {
return err

45
vendor/github.com/Microsoft/hcsshim/internal/winapi/cimfs.go generated vendored Normal file
View File

@ -0,0 +1,45 @@
package winapi
import (
"unsafe"
"github.com/Microsoft/go-winio/pkg/guid"
"golang.org/x/sys/windows"
)
type g = guid.GUID
type FsHandle uintptr
type StreamHandle uintptr
type CimFsFileMetadata struct {
Attributes uint32
FileSize int64
CreationTime windows.Filetime
LastWriteTime windows.Filetime
ChangeTime windows.Filetime
LastAccessTime windows.Filetime
SecurityDescriptorBuffer unsafe.Pointer
SecurityDescriptorSize uint32
ReparseDataBuffer unsafe.Pointer
ReparseDataSize uint32
ExtendedAttributes unsafe.Pointer
EACount uint32
}
//sys CimMountImage(imagePath string, fsName string, flags uint32, volumeID *g) (hr error) = cimfs.CimMountImage?
//sys CimDismountImage(volumeID *g) (hr error) = cimfs.CimDismountImage?
//sys CimCreateImage(imagePath string, oldFSName *uint16, newFSName *uint16, cimFSHandle *FsHandle) (hr error) = cimfs.CimCreateImage?
//sys CimCloseImage(cimFSHandle FsHandle) (hr error) = cimfs.CimCloseImage?
//sys CimCommitImage(cimFSHandle FsHandle) (hr error) = cimfs.CimCommitImage?
//sys CimCreateFile(cimFSHandle FsHandle, path string, file *CimFsFileMetadata, cimStreamHandle *StreamHandle) (hr error) = cimfs.CimCreateFile?
//sys CimCloseStream(cimStreamHandle StreamHandle) (hr error) = cimfs.CimCloseStream?
//sys CimWriteStream(cimStreamHandle StreamHandle, buffer uintptr, bufferSize uint32) (hr error) = cimfs.CimWriteStream?
//sys CimDeletePath(cimFSHandle FsHandle, path string) (hr error) = cimfs.CimDeletePath?
//sys CimCreateHardLink(cimFSHandle FsHandle, newPath string, oldPath string) (hr error) = cimfs.CimCreateHardLink?
//sys CimCreateAlternateStream(cimFSHandle FsHandle, path string, size uint64, cimStreamHandle *StreamHandle) (hr error) = cimfs.CimCreateAlternateStream?

37
vendor/github.com/Microsoft/hcsshim/internal/winapi/offlinereg.go generated vendored Normal file
View File

@ -0,0 +1,37 @@
package winapi
// Offline registry management API
type ORHKey uintptr
type RegType uint32
const (
// Registry value types: https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-value-types
REG_TYPE_NONE RegType = 0
REG_TYPE_SZ RegType = 1
REG_TYPE_EXPAND_SZ RegType = 2
REG_TYPE_BINARY RegType = 3
REG_TYPE_DWORD RegType = 4
REG_TYPE_DWORD_LITTLE_ENDIAN RegType = 4
REG_TYPE_DWORD_BIG_ENDIAN RegType = 5
REG_TYPE_LINK RegType = 6
REG_TYPE_MULTI_SZ RegType = 7
REG_TYPE_RESOURCE_LIST RegType = 8
REG_TYPE_FULL_RESOURCE_DESCRIPTOR RegType = 9
REG_TYPE_RESOURCE_REQUIREMENTS_LIST RegType = 10
REG_TYPE_QWORD RegType = 11
REG_TYPE_QWORD_LITTLE_ENDIAN RegType = 11
)
//sys ORCreateHive(key *ORHKey) (win32err error) = offreg.ORCreateHive
//sys ORMergeHives(hiveHandles []ORHKey, result *ORHKey) (win32err error) = offreg.ORMergeHives
//sys OROpenHive(hivePath string, result *ORHKey) (win32err error) = offreg.OROpenHive
//sys ORCloseHive(handle ORHKey) (win32err error) = offreg.ORCloseHive
//sys ORSaveHive(handle ORHKey, hivePath string, osMajorVersion uint32, osMinorVersion uint32) (win32err error) = offreg.ORSaveHive
//sys OROpenKey(handle ORHKey, subKey string, result *ORHKey) (win32err error) = offreg.OROpenKey
//sys ORCloseKey(handle ORHKey) (win32err error) = offreg.ORCloseKey
//sys ORCreateKey(handle ORHKey, subKey string, class uintptr, options uint32, securityDescriptor uintptr, result *ORHKey, disposition *uint32) (win32err error) = offreg.ORCreateKey
//sys ORDeleteKey(handle ORHKey, subKey string) (win32err error) = offreg.ORDeleteKey
//sys ORGetValue(handle ORHKey, subKey string, value string, valueType *uint32, data *byte, dataLen *uint32) (win32err error) = offreg.ORGetValue
//sys ORSetValue(handle ORHKey, valueName string, valueType uint32, data *byte, dataLen uint32) (win32err error) = offreg.ORSetValue

5
vendor/github.com/Microsoft/hcsshim/internal/winapi/ofreg.go generated vendored
View File

@ -1,5 +0,0 @@
package winapi
//sys ORCreateHive(key *syscall.Handle) (regerrno error) = offreg.ORCreateHive
//sys ORSaveHive(key syscall.Handle, file string, OsMajorVersion uint32, OsMinorVersion uint32) (regerrno error) = offreg.ORSaveHive
//sys ORCloseHive(key syscall.Handle) (regerrno error) = offreg.ORCloseHive

6
vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go generated vendored
View File

@ -80,3 +80,9 @@ func ConvertStringSetToSlice(buf []byte) ([]string, error) {
}
return nil, errors.New("string set malformed: missing null terminator at end of buffer")
}
// ParseUtf16LE parses a UTF-16LE byte array into a string (without passing
// through a uint16 or rune array).
func ParseUtf16LE(b []byte) string {
return windows.UTF16PtrToString((*uint16)(unsafe.Pointer(&b[0])))
}

400
vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go generated vendored
View File

@ -43,6 +43,7 @@ var (
modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
modbindfltapi = windows.NewLazySystemDLL("bindfltapi.dll")
modcfgmgr32 = windows.NewLazySystemDLL("cfgmgr32.dll")
modcimfs = windows.NewLazySystemDLL("cimfs.dll")
modiphlpapi = windows.NewLazySystemDLL("iphlpapi.dll")
modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
modnetapi32 = windows.NewLazySystemDLL("netapi32.dll")
@ -55,6 +56,17 @@ var (
procCM_Get_Device_ID_ListA = modcfgmgr32.NewProc("CM_Get_Device_ID_ListA")
procCM_Get_Device_ID_List_SizeA = modcfgmgr32.NewProc("CM_Get_Device_ID_List_SizeA")
procCM_Locate_DevNodeW = modcfgmgr32.NewProc("CM_Locate_DevNodeW")
procCimCloseImage = modcimfs.NewProc("CimCloseImage")
procCimCloseStream = modcimfs.NewProc("CimCloseStream")
procCimCommitImage = modcimfs.NewProc("CimCommitImage")
procCimCreateAlternateStream = modcimfs.NewProc("CimCreateAlternateStream")
procCimCreateFile = modcimfs.NewProc("CimCreateFile")
procCimCreateHardLink = modcimfs.NewProc("CimCreateHardLink")
procCimCreateImage = modcimfs.NewProc("CimCreateImage")
procCimDeletePath = modcimfs.NewProc("CimDeletePath")
procCimDismountImage = modcimfs.NewProc("CimDismountImage")
procCimMountImage = modcimfs.NewProc("CimMountImage")
procCimWriteStream = modcimfs.NewProc("CimWriteStream")
procSetJobCompartmentId = modiphlpapi.NewProc("SetJobCompartmentId")
procClosePseudoConsole = modkernel32.NewProc("ClosePseudoConsole")
procCopyFileW = modkernel32.NewProc("CopyFileW")
@ -84,8 +96,16 @@ var (
procNtSetInformationFile = modntdll.NewProc("NtSetInformationFile")
procRtlNtStatusToDosError = modntdll.NewProc("RtlNtStatusToDosError")
procORCloseHive = modoffreg.NewProc("ORCloseHive")
procORCloseKey = modoffreg.NewProc("ORCloseKey")
procORCreateHive = modoffreg.NewProc("ORCreateHive")
procORCreateKey = modoffreg.NewProc("ORCreateKey")
procORDeleteKey = modoffreg.NewProc("ORDeleteKey")
procORGetValue = modoffreg.NewProc("ORGetValue")
procORMergeHives = modoffreg.NewProc("ORMergeHives")
procOROpenHive = modoffreg.NewProc("OROpenHive")
procOROpenKey = modoffreg.NewProc("OROpenKey")
procORSaveHive = modoffreg.NewProc("ORSaveHive")
procORSetValue = modoffreg.NewProc("ORSetValue")
)
func LogonUser(username *uint16, domain *uint16, password *uint16, logonType uint32, logonProvider uint32, token *windows.Token) (err error) {
@ -164,6 +184,235 @@ func _CMLocateDevNode(pdnDevInst *uint32, pDeviceID *uint16, uFlags uint32) (hr
return
}
func CimCloseImage(cimFSHandle FsHandle) (hr error) {
hr = procCimCloseImage.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall(procCimCloseImage.Addr(), 1, uintptr(cimFSHandle), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func CimCloseStream(cimStreamHandle StreamHandle) (hr error) {
hr = procCimCloseStream.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall(procCimCloseStream.Addr(), 1, uintptr(cimStreamHandle), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func CimCommitImage(cimFSHandle FsHandle) (hr error) {
hr = procCimCommitImage.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall(procCimCommitImage.Addr(), 1, uintptr(cimFSHandle), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func CimCreateAlternateStream(cimFSHandle FsHandle, path string, size uint64, cimStreamHandle *StreamHandle) (hr error) {
var _p0 *uint16
_p0, hr = syscall.UTF16PtrFromString(path)
if hr != nil {
return
}
return _CimCreateAlternateStream(cimFSHandle, _p0, size, cimStreamHandle)
}
func _CimCreateAlternateStream(cimFSHandle FsHandle, path *uint16, size uint64, cimStreamHandle *StreamHandle) (hr error) {
hr = procCimCreateAlternateStream.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall6(procCimCreateAlternateStream.Addr(), 4, uintptr(cimFSHandle), uintptr(unsafe.Pointer(path)), uintptr(size), uintptr(unsafe.Pointer(cimStreamHandle)), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func CimCreateFile(cimFSHandle FsHandle, path string, file *CimFsFileMetadata, cimStreamHandle *StreamHandle) (hr error) {
var _p0 *uint16
_p0, hr = syscall.UTF16PtrFromString(path)
if hr != nil {
return
}
return _CimCreateFile(cimFSHandle, _p0, file, cimStreamHandle)
}
func _CimCreateFile(cimFSHandle FsHandle, path *uint16, file *CimFsFileMetadata, cimStreamHandle *StreamHandle) (hr error) {
hr = procCimCreateFile.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall6(procCimCreateFile.Addr(), 4, uintptr(cimFSHandle), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(file)), uintptr(unsafe.Pointer(cimStreamHandle)), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func CimCreateHardLink(cimFSHandle FsHandle, newPath string, oldPath string) (hr error) {
var _p0 *uint16
_p0, hr = syscall.UTF16PtrFromString(newPath)
if hr != nil {
return
}
var _p1 *uint16
_p1, hr = syscall.UTF16PtrFromString(oldPath)
if hr != nil {
return
}
return _CimCreateHardLink(cimFSHandle, _p0, _p1)
}
func _CimCreateHardLink(cimFSHandle FsHandle, newPath *uint16, oldPath *uint16) (hr error) {
hr = procCimCreateHardLink.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall(procCimCreateHardLink.Addr(), 3, uintptr(cimFSHandle), uintptr(unsafe.Pointer(newPath)), uintptr(unsafe.Pointer(oldPath)))
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func CimCreateImage(imagePath string, oldFSName *uint16, newFSName *uint16, cimFSHandle *FsHandle) (hr error) {
var _p0 *uint16
_p0, hr = syscall.UTF16PtrFromString(imagePath)
if hr != nil {
return
}
return _CimCreateImage(_p0, oldFSName, newFSName, cimFSHandle)
}
func _CimCreateImage(imagePath *uint16, oldFSName *uint16, newFSName *uint16, cimFSHandle *FsHandle) (hr error) {
hr = procCimCreateImage.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall6(procCimCreateImage.Addr(), 4, uintptr(unsafe.Pointer(imagePath)), uintptr(unsafe.Pointer(oldFSName)), uintptr(unsafe.Pointer(newFSName)), uintptr(unsafe.Pointer(cimFSHandle)), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func CimDeletePath(cimFSHandle FsHandle, path string) (hr error) {
var _p0 *uint16
_p0, hr = syscall.UTF16PtrFromString(path)
if hr != nil {
return
}
return _CimDeletePath(cimFSHandle, _p0)
}
func _CimDeletePath(cimFSHandle FsHandle, path *uint16) (hr error) {
hr = procCimDeletePath.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall(procCimDeletePath.Addr(), 2, uintptr(cimFSHandle), uintptr(unsafe.Pointer(path)), 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func CimDismountImage(volumeID *g) (hr error) {
hr = procCimDismountImage.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall(procCimDismountImage.Addr(), 1, uintptr(unsafe.Pointer(volumeID)), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func CimMountImage(imagePath string, fsName string, flags uint32, volumeID *g) (hr error) {
var _p0 *uint16
_p0, hr = syscall.UTF16PtrFromString(imagePath)
if hr != nil {
return
}
var _p1 *uint16
_p1, hr = syscall.UTF16PtrFromString(fsName)
if hr != nil {
return
}
return _CimMountImage(_p0, _p1, flags, volumeID)
}
func _CimMountImage(imagePath *uint16, fsName *uint16, flags uint32, volumeID *g) (hr error) {
hr = procCimMountImage.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall6(procCimMountImage.Addr(), 4, uintptr(unsafe.Pointer(imagePath)), uintptr(unsafe.Pointer(fsName)), uintptr(flags), uintptr(unsafe.Pointer(volumeID)), 0, 0)
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func CimWriteStream(cimStreamHandle StreamHandle, buffer uintptr, bufferSize uint32) (hr error) {
hr = procCimWriteStream.Find()
if hr != nil {
return
}
r0, _, _ := syscall.Syscall(procCimWriteStream.Addr(), 3, uintptr(cimStreamHandle), uintptr(buffer), uintptr(bufferSize))
if int32(r0) < 0 {
if r0&0x1fff0000 == 0x00070000 {
r0 &= 0xffff
}
hr = syscall.Errno(r0)
}
return
}
func SetJobCompartmentId(handle windows.Handle, compartmentId uint32) (win32Err error) {
r0, _, _ := syscall.Syscall(procSetJobCompartmentId.Addr(), 2, uintptr(handle), uintptr(compartmentId), 0)
if r0 != 0 {
@ -381,35 +630,162 @@ func RtlNtStatusToDosError(status uint32) (winerr error) {
return
}
func ORCloseHive(key syscall.Handle) (regerrno error) {
r0, _, _ := syscall.Syscall(procORCloseHive.Addr(), 1, uintptr(key), 0, 0)
func ORCloseHive(handle ORHKey) (win32err error) {
r0, _, _ := syscall.Syscall(procORCloseHive.Addr(), 1, uintptr(handle), 0, 0)
if r0 != 0 {
regerrno = syscall.Errno(r0)
win32err = syscall.Errno(r0)
}
return
}
func ORCreateHive(key *syscall.Handle) (regerrno error) {
func ORCloseKey(handle ORHKey) (win32err error) {
r0, _, _ := syscall.Syscall(procORCloseKey.Addr(), 1, uintptr(handle), 0, 0)
if r0 != 0 {
win32err = syscall.Errno(r0)
}
return
}
func ORCreateHive(key *ORHKey) (win32err error) {
r0, _, _ := syscall.Syscall(procORCreateHive.Addr(), 1, uintptr(unsafe.Pointer(key)), 0, 0)
if r0 != 0 {
regerrno = syscall.Errno(r0)
win32err = syscall.Errno(r0)
}
return
}
func ORSaveHive(key syscall.Handle, file string, OsMajorVersion uint32, OsMinorVersion uint32) (regerrno error) {
func ORCreateKey(handle ORHKey, subKey string, class uintptr, options uint32, securityDescriptor uintptr, result *ORHKey, disposition *uint32) (win32err error) {
var _p0 *uint16
_p0, regerrno = syscall.UTF16PtrFromString(file)
if regerrno != nil {
_p0, win32err = syscall.UTF16PtrFromString(subKey)
if win32err != nil {
return
}
return _ORSaveHive(key, _p0, OsMajorVersion, OsMinorVersion)
return _ORCreateKey(handle, _p0, class, options, securityDescriptor, result, disposition)
}
func _ORSaveHive(key syscall.Handle, file *uint16, OsMajorVersion uint32, OsMinorVersion uint32) (regerrno error) {
r0, _, _ := syscall.Syscall6(procORSaveHive.Addr(), 4, uintptr(key), uintptr(unsafe.Pointer(file)), uintptr(OsMajorVersion), uintptr(OsMinorVersion), 0, 0)
func _ORCreateKey(handle ORHKey, subKey *uint16, class uintptr, options uint32, securityDescriptor uintptr, result *ORHKey, disposition *uint32) (win32err error) {
r0, _, _ := syscall.Syscall9(procORCreateKey.Addr(), 7, uintptr(handle), uintptr(unsafe.Pointer(subKey)), uintptr(class), uintptr(options), uintptr(securityDescriptor), uintptr(unsafe.Pointer(result)), uintptr(unsafe.Pointer(disposition)), 0, 0)
if r0 != 0 {
regerrno = syscall.Errno(r0)
win32err = syscall.Errno(r0)
}
return
}
func ORDeleteKey(handle ORHKey, subKey string) (win32err error) {
var _p0 *uint16
_p0, win32err = syscall.UTF16PtrFromString(subKey)
if win32err != nil {
return
}
return _ORDeleteKey(handle, _p0)
}
func _ORDeleteKey(handle ORHKey, subKey *uint16) (win32err error) {
r0, _, _ := syscall.Syscall(procORDeleteKey.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(subKey)), 0)
if r0 != 0 {
win32err = syscall.Errno(r0)
}
return
}
func ORGetValue(handle ORHKey, subKey string, value string, valueType *uint32, data *byte, dataLen *uint32) (win32err error) {
var _p0 *uint16
_p0, win32err = syscall.UTF16PtrFromString(subKey)
if win32err != nil {
return
}
var _p1 *uint16
_p1, win32err = syscall.UTF16PtrFromString(value)
if win32err != nil {
return
}
return _ORGetValue(handle, _p0, _p1, valueType, data, dataLen)
}
func _ORGetValue(handle ORHKey, subKey *uint16, value *uint16, valueType *uint32, data *byte, dataLen *uint32) (win32err error) {
r0, _, _ := syscall.Syscall6(procORGetValue.Addr(), 6, uintptr(handle), uintptr(unsafe.Pointer(subKey)), uintptr(unsafe.Pointer(value)), uintptr(unsafe.Pointer(valueType)), uintptr(unsafe.Pointer(data)), uintptr(unsafe.Pointer(dataLen)))
if r0 != 0 {
win32err = syscall.Errno(r0)
}
return
}
func ORMergeHives(hiveHandles []ORHKey, result *ORHKey) (win32err error) {
var _p0 *ORHKey
if len(hiveHandles) > 0 {
_p0 = &hiveHandles[0]
}
r0, _, _ := syscall.Syscall(procORMergeHives.Addr(), 3, uintptr(unsafe.Pointer(_p0)), uintptr(len(hiveHandles)), uintptr(unsafe.Pointer(result)))
if r0 != 0 {
win32err = syscall.Errno(r0)
}
return
}
func OROpenHive(hivePath string, result *ORHKey) (win32err error) {
var _p0 *uint16
_p0, win32err = syscall.UTF16PtrFromString(hivePath)
if win32err != nil {
return
}
return _OROpenHive(_p0, result)
}
func _OROpenHive(hivePath *uint16, result *ORHKey) (win32err error) {
r0, _, _ := syscall.Syscall(procOROpenHive.Addr(), 2, uintptr(unsafe.Pointer(hivePath)), uintptr(unsafe.Pointer(result)), 0)
if r0 != 0 {
win32err = syscall.Errno(r0)
}
return
}
func OROpenKey(handle ORHKey, subKey string, result *ORHKey) (win32err error) {
var _p0 *uint16
_p0, win32err = syscall.UTF16PtrFromString(subKey)
if win32err != nil {
return
}
return _OROpenKey(handle, _p0, result)
}
func _OROpenKey(handle ORHKey, subKey *uint16, result *ORHKey) (win32err error) {
r0, _, _ := syscall.Syscall(procOROpenKey.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(subKey)), uintptr(unsafe.Pointer(result)))
if r0 != 0 {
win32err = syscall.Errno(r0)
}
return
}
func ORSaveHive(handle ORHKey, hivePath string, osMajorVersion uint32, osMinorVersion uint32) (win32err error) {
var _p0 *uint16
_p0, win32err = syscall.UTF16PtrFromString(hivePath)
if win32err != nil {
return
}
return _ORSaveHive(handle, _p0, osMajorVersion, osMinorVersion)
}
func _ORSaveHive(handle ORHKey, hivePath *uint16, osMajorVersion uint32, osMinorVersion uint32) (win32err error) {
r0, _, _ := syscall.Syscall6(procORSaveHive.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(hivePath)), uintptr(osMajorVersion), uintptr(osMinorVersion), 0, 0)
if r0 != 0 {
win32err = syscall.Errno(r0)
}
return
}
func ORSetValue(handle ORHKey, valueName string, valueType uint32, data *byte, dataLen uint32) (win32err error) {
var _p0 *uint16
_p0, win32err = syscall.UTF16PtrFromString(valueName)
if win32err != nil {
return
}
return _ORSetValue(handle, _p0, valueType, data, dataLen)
}
func _ORSetValue(handle ORHKey, valueName *uint16, valueType uint32, data *byte, dataLen uint32) (win32err error) {
r0, _, _ := syscall.Syscall6(procORSetValue.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(valueName)), uintptr(valueType), uintptr(unsafe.Pointer(data)), uintptr(dataLen), 0)
if r0 != 0 {
win32err = syscall.Errno(r0)
}
return
}

33
vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go generated vendored
View File

@ -5,6 +5,7 @@ import (
"sync"
"golang.org/x/sys/windows"
"golang.org/x/sys/windows/registry"
)
// OSVersion is a wrapper for Windows version information
@ -25,16 +26,15 @@ var (
// The calling application must be manifested to get the correct version information.
func Get() OSVersion {
once.Do(func() {
var err error
v := *windows.RtlGetVersion()
osv = OSVersion{}
osv.Version, err = windows.GetVersion()
if err != nil {
// GetVersion never fails.
panic(err)
}
osv.MajorVersion = uint8(osv.Version & 0xFF)
osv.MinorVersion = uint8(osv.Version >> 8 & 0xFF)
osv.Build = uint16(osv.Version >> 16)
osv.MajorVersion = uint8(v.MajorVersion)
osv.MinorVersion = uint8(v.MinorVersion)
osv.Build = uint16(v.BuildNumber)
// Fill version value so that existing clients don't break
osv.Version = v.BuildNumber << 16
osv.Version = osv.Version | (uint32(v.MinorVersion) << 8)
osv.Version = osv.Version | v.MajorVersion
})
return osv
}
@ -57,3 +57,18 @@ func (osv OSVersion) String() string {
func (osv OSVersion) ToString() string {
return osv.String()
}
// Running `cmd /c ver` shows something like "10.0.20348.1000". The last component ("1000") is the revision
// number
func BuildRevision() (uint32, error) {
k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
if err != nil {
return 0, fmt.Errorf("open `CurrentVersion` registry key: %w", err)
}
defer k.Close()
s, _, err := k.GetIntegerValue("UBR")
if err != nil {
return 0, fmt.Errorf("read `UBR` from registry: %w", err)
}
return uint32(s), nil
}

5
vendor/github.com/Microsoft/hcsshim/tools.go generated vendored
View File

@ -1,5 +0,0 @@
//go:build tools
package hcsshim
import _ "github.com/Microsoft/go-winio/tools/mkwinsyscall"

25
vendor/github.com/aead/serpent/.gitignore generated vendored Normal file
View File

@ -0,0 +1,25 @@
# Compiled Object files, Static and Dynamic libs (Shared Objects)
*.o
*.a
*.so
# Folders
_obj
_test
.vscode
# Architecture specific extensions/prefixes
*.[568vq]
[568vq].out
*.cgo1.go
*.cgo2.c
_cgo_defun.c
_cgo_gotypes.go
_cgo_export.*
_testmain.go
*.exe
*.test
*.prof

21
vendor/github.com/aead/serpent/LICENSE generated vendored Normal file
View File

@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2016 Andreas Auernhammer
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

9
vendor/github.com/aead/serpent/README.md generated vendored Normal file
View File

@ -0,0 +1,9 @@
[![Godoc Reference](https://godoc.org/github.com/aead/serpent?status.svg)](https://godoc.org/github.com/aead/serpent)
## The Serpent block cipher
Serpent is a symmetric key block cipher that was a finalist in the Advanced Encryption Standard (AES) contest,
where it was ranked second to Rijndael. Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen.
### Installation
Install in your GOPATH: `go get -u github.com/aead/serpent`

316
vendor/github.com/aead/serpent/sbox_ref.go generated vendored Normal file
View File

@ -0,0 +1,316 @@
// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
// Use of this source code is governed by a license that can be
// found in the LICENSE file.
package serpent
// The linear transformation of serpent
// This version, tries not to minimize the
// number of registers, but maximize parallism.
func linear(v0, v1, v2, v3 *uint32) {
t0 := ((*v0 << 13) | (*v0 >> (32 - 13)))
t2 := ((*v2 << 3) | (*v2 >> (32 - 3)))
t1 := *v1 ^ t0 ^ t2
t3 := *v3 ^ t2 ^ (t0 << 3)
*v1 = (t1 << 1) | (t1 >> (32 - 1))
*v3 = (t3 << 7) | (t3 >> (32 - 7))
t0 ^= *v1 ^ *v3
t2 ^= *v3 ^ (*v1 << 7)
*v0 = (t0 << 5) | (t0 >> (32 - 5))
*v2 = (t2 << 22) | (t2 >> (32 - 22))
}
// The inverse linear transformation of serpent
// This version, tries not to minimize the
// number of registers, but maximize parallism.
func linearInv(v0, v1, v2, v3 *uint32) {
t2 := (*v2 >> 22) | (*v2 << (32 - 22))
t0 := (*v0 >> 5) | (*v0 << (32 - 5))
t2 ^= *v3 ^ (*v1 << 7)
t0 ^= *v1 ^ *v3
t3 := (*v3 >> 7) | (*v3 << (32 - 7))
t1 := (*v1 >> 1) | (*v1 << (32 - 1))
*v3 = t3 ^ t2 ^ (t0 << 3)
*v1 = t1 ^ t0 ^ t2
*v2 = (t2 >> 3) | (t2 << (32 - 3))
*v0 = (t0 >> 13) | (t0 << (32 - 13))
}
// The following functions sb0,sb1, ..., sb7 represent the 8 Serpent S-Boxes.
// sb0Inv til sb7Inv are the inverse functions (e.g. sb0Inv is the Inverse to sb0
// and vice versa).
// The S-Boxes differ from the original Serpent definitions. This is for
// optimisation. The functions use the Serpent S-Box improvements for (non x86)
// from Dr. B. R. Gladman and Sam Simpson.
// S-Box 0
func sb0(r0, r1, r2, r3 *uint32) {
t0 := *r0 ^ *r3
t1 := *r2 ^ t0
t2 := *r1 ^ t1
*r3 = (*r0 & *r3) ^ t2
t3 := *r0 ^ (*r1 & t0)
*r2 = t2 ^ (*r2 | t3)
t4 := *r3 & (t1 ^ t3)
*r1 = (^t1) ^ t4
*r0 = t4 ^ (^t3)
}
// Inverse S-Box 0
func sb0Inv(r0, r1, r2, r3 *uint32) {
t0 := ^(*r0)
t1 := *r0 ^ *r1
t2 := *r3 ^ (t0 | t1)
t3 := *r2 ^ t2
*r2 = t1 ^ t3
t4 := t0 ^ (*r3 & t1)
*r1 = t2 ^ (*r2 & t4)
*r3 = (*r0 & t2) ^ (t3 | *r1)
*r0 = *r3 ^ (t3 ^ t4)
}
// S-Box 1
func sb1(r0, r1, r2, r3 *uint32) {
t0 := *r1 ^ (^(*r0))
t1 := *r2 ^ (*r0 | t0)
*r2 = *r3 ^ t1
t2 := *r1 ^ (*r3 | t0)
t3 := t0 ^ *r2
*r3 = t3 ^ (t1 & t2)
t4 := t1 ^ t2
*r1 = *r3 ^ t4
*r0 = t1 ^ (t3 & t4)
}
// Inverse S-Box 1
func sb1Inv(r0, r1, r2, r3 *uint32) {
t0 := *r1 ^ *r3
t1 := *r0 ^ (*r1 & t0)
t2 := t0 ^ t1
*r3 = *r2 ^ t2
t3 := *r1 ^ (t0 & t1)
t4 := *r3 | t3
*r1 = t1 ^ t4
t5 := ^(*r1)
t6 := *r3 ^ t3
*r0 = t5 ^ t6
*r2 = t2 ^ (t5 | t6)
}
// S-Box 2
func sb2(r0, r1, r2, r3 *uint32) {
v0 := *r0 // save r0
v3 := *r3 // save r3
t0 := ^v0
t1 := *r1 ^ v3
t2 := *r2 & t0
*r0 = t1 ^ t2
t3 := *r2 ^ t0
t4 := *r2 ^ *r0
t5 := *r1 & t4
*r3 = t3 ^ t5
*r2 = v0 ^ ((v3 | t5) & (*r0 | t3))
*r1 = (t1 ^ *r3) ^ (*r2 ^ (v3 | t0))
}
// Inverse S-Box 2
func sb2Inv(r0, r1, r2, r3 *uint32) {
v0 := *r0 // save r0
v3 := *r3 // save r3
t0 := *r1 ^ v3
t1 := ^t0
t2 := v0 ^ *r2
t3 := *r2 ^ t0
t4 := *r1 & t3
*r0 = t2 ^ t4
t5 := v0 | t1
t6 := v3 ^ t5
t7 := t2 | t6
*r3 = t0 ^ t7
t8 := ^t3
t9 := *r0 | *r3
*r1 = t8 ^ t9
*r2 = (v3 & t8) ^ (t2 ^ t9)
}
// S-Box 3
func sb3(r0, r1, r2, r3 *uint32) {
v1 := *r1 // save r1
v3 := *r3 // save r3
t0 := *r0 ^ *r1
t1 := *r0 & *r2
t2 := *r0 | *r3
t3 := *r2 ^ *r3
t4 := t0 & t2
t5 := t1 | t4
*r2 = t3 ^ t5
t6 := *r1 ^ t2
t7 := t5 ^ t6
t8 := t3 & t7
*r0 = t0 ^ t8
t9 := *r2 & *r0
*r1 = t7 ^ t9
*r3 = (v1 | v3) ^ (t3 ^ t9)
}
// Inverse S-Box 3
func sb3Inv(r0, r1, r2, r3 *uint32) {
t0 := *r0 | *r1
t1 := *r1 ^ *r2
t2 := *r1 & t1
t3 := *r0 ^ t2
t4 := *r2 ^ t3
t5 := *r3 | t3
*r0 = t1 ^ t5
t6 := t1 | t5
t7 := *r3 ^ t6
*r2 = t4 ^ t7
t8 := t0 ^ t7
t9 := *r0 & t8
*r3 = t3 ^ t9
*r1 = *r3 ^ (*r0 ^ t8)
}
// S-Box 4
func sb4(r0, r1, r2, r3 *uint32) {
v0 := *r0 // save r0
t0 := v0 ^ *r3
t1 := *r3 & t0
t2 := *r2 ^ t1
t3 := *r1 | t2
*r3 = t0 ^ t3
t4 := ^(*r1)
t5 := t0 | t4
*r0 = t2 ^ t5
t6 := v0 & *r0
t7 := t0 ^ t4
t8 := t3 & t7
*r2 = t6 ^ t8
*r1 = (v0 ^ t2) ^ (t7 & *r2)
}
// Inverse S-Box 4
func sb4Inv(r0, r1, r2, r3 *uint32) {
v3 := *r3 // save r3
t0 := *r2 | v3
t1 := *r0 & t0
t2 := *r1 ^ t1
t3 := *r0 & t2
t4 := *r2 ^ t3
*r1 = v3 ^ t4
t5 := ^(*r0)
t6 := t4 & *r1
*r3 = t2 ^ t6
t7 := *r1 | t5
t8 := v3 ^ t7
*r0 = *r3 ^ t8
*r2 = (t2 & t8) ^ (*r1 ^ t5)
}
// S-Box 5
func sb5(r0, r1, r2, r3 *uint32) {
v1 := *r1 // save r1
t0 := ^(*r0)
t1 := *r0 ^ v1
t2 := *r0 ^ *r3
t3 := *r2 ^ t0
t4 := t1 | t2
*r0 = t3 ^ t4
t5 := *r3 & *r0
t6 := t1 ^ *r0
*r1 = t5 ^ t6
t7 := t0 | *r0
t8 := t1 | t5
t9 := t2 ^ t7
*r2 = t8 ^ t9
*r3 = (v1 ^ t5) ^ (*r1 & t9)
}
// Inverse S-Box 5
func sb5Inv(r0, r1, r2, r3 *uint32) {
v0 := *r0 // save r0
v1 := *r1 // save r1
v3 := *r3 // save r3
t0 := ^(*r2)
t1 := v1 & t0
t2 := v3 ^ t1
t3 := v0 & t2
t4 := v1 ^ t0
*r3 = t3 ^ t4
t5 := v1 | *r3
t6 := v0 & t5
*r1 = t2 ^ t6
t7 := v0 | v3
t8 := t0 ^ t5
*r0 = t7 ^ t8
*r2 = (v1 & t7) ^ (t3 | (v0 ^ *r2))
}
// S-Box 6
func sb6(r0, r1, r2, r3 *uint32) {
t0 := ^(*r0)
t1 := *r0 ^ *r3
t2 := *r1 ^ t1
t3 := t0 | t1
t4 := *r2 ^ t3
*r1 = *r1 ^ t4
t5 := t1 | *r1
t6 := *r3 ^ t5
t7 := t4 & t6
*r2 = t2 ^ t7
t8 := t4 ^ t6
*r0 = *r2 ^ t8
*r3 = (^t4) ^ (t2 & t8)
}
// Inverse S-Box 6
func sb6Inv(r0, r1, r2, r3 *uint32) {
v1 := *r1 // save r1
v3 := *r3 // save r3
t0 := ^(*r0)
t1 := *r0 ^ v1
t2 := *r2 ^ t1
t3 := *r2 | t0
t4 := v3 ^ t3
*r1 = t2 ^ t4
t5 := t2 & t4
t6 := t1 ^ t5
t7 := v1 | t6
*r3 = t4 ^ t7
t8 := v1 | *r3
*r0 = t6 ^ t8
*r2 = (v3 & t0) ^ (t2 ^ t8)
}
// S-Box 7
func sb7(r0, r1, r2, r3 *uint32) {
t0 := *r1 ^ *r2
t1 := *r2 & t0
t2 := *r3 ^ t1
t3 := *r0 ^ t2
t4 := *r3 | t0
t5 := t3 & t4
*r1 = *r1 ^ t5
t6 := t2 | *r1
t7 := *r0 & t3
*r3 = t0 ^ t7
t8 := t3 ^ t6
t9 := *r3 & t8
*r2 = t2 ^ t9
*r0 = (^t8) ^ (*r3 & *r2)
}
// Inverse S-Box 7
func sb7Inv(r0, r1, r2, r3 *uint32) {
v0 := *r0 // save r0
v3 := *r3 // save r3
t0 := *r2 | (v0 & *r1)
t1 := v3 & (v0 | *r1)
*r3 = t0 ^ t1
t2 := ^v3
t3 := *r1 ^ t1
t4 := t3 | (*r3 ^ t2)
*r1 = v0 ^ t4
*r0 = (*r2 ^ t3) ^ (v3 | *r1)
*r2 = (t0 ^ *r1) ^ (*r0 ^ (v0 & *r3))
}

119
vendor/github.com/aead/serpent/serpent.go generated vendored Normal file
View File

@ -0,0 +1,119 @@
// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
// Use of this source code is governed by a license that can be
// found in the LICENSE file.
// Package serpent implements the Serpent block cipher
// submitted to the AES challenge. Serpent was designed by
// Ross Anderson, Eli Biham und Lars Knudsen.
// The block cipher takes a 128, 192 or 256 bit key and
// has a block size of 128 bit.
package serpent // import "github.com/aead/serpent"
import (
"crypto/cipher"
"errors"
)
// BlockSize is the serpent block size in bytes.
const BlockSize = 16
const phi = 0x9e3779b9 // The Serpent phi constant (sqrt(5) - 1) * 2**31
var errKeySize = errors.New("invalid key size")
// NewCipher returns a new cipher.Block implementing the serpent block cipher.
// The key argument must be 128, 192 or 256 bit (16, 24, 32 byte).
func NewCipher(key []byte) (cipher.Block, error) {
if k := len(key); k != 16 && k != 24 && k != 32 {
return nil, errKeySize
}
s := &subkeys{}
s.keySchedule(key)
return s, nil
}
// The 132 32 bit subkeys of serpent
type subkeys [132]uint32
func (s *subkeys) BlockSize() int { return BlockSize }
func (s *subkeys) Encrypt(dst, src []byte) {
if len(src) < BlockSize {
panic("src buffer to small")
}
if len(dst) < BlockSize {
panic("dst buffer to small")
}
encryptBlock(dst, src, s)
}
func (s *subkeys) Decrypt(dst, src []byte) {
if len(src) < BlockSize {
panic("src buffer to small")
}
if len(dst) < BlockSize {
panic("dst buffer to small")
}
decryptBlock(dst, src, s)
}
// The key schedule of serpent.
func (s *subkeys) keySchedule(key []byte) {
var k [16]uint32
j := 0
for i := 0; i+4 <= len(key); i += 4 {
k[j] = uint32(key[i]) | uint32(key[i+1])<<8 | uint32(key[i+2])<<16 | uint32(key[i+3])<<24
j++
}
if j < 8 {
k[j] = 1
}
for i := 8; i < 16; i++ {
x := k[i-8] ^ k[i-5] ^ k[i-3] ^ k[i-1] ^ phi ^ uint32(i-8)
k[i] = (x << 11) | (x >> 21)
s[i-8] = k[i]
}
for i := 8; i < 132; i++ {
x := s[i-8] ^ s[i-5] ^ s[i-3] ^ s[i-1] ^ phi ^ uint32(i)
s[i] = (x << 11) | (x >> 21)
}
sb3(&s[0], &s[1], &s[2], &s[3])
sb2(&s[4], &s[5], &s[6], &s[7])
sb1(&s[8], &s[9], &s[10], &s[11])
sb0(&s[12], &s[13], &s[14], &s[15])
sb7(&s[16], &s[17], &s[18], &s[19])
sb6(&s[20], &s[21], &s[22], &s[23])
sb5(&s[24], &s[25], &s[26], &s[27])
sb4(&s[28], &s[29], &s[30], &s[31])
sb3(&s[32], &s[33], &s[34], &s[35])
sb2(&s[36], &s[37], &s[38], &s[39])
sb1(&s[40], &s[41], &s[42], &s[43])
sb0(&s[44], &s[45], &s[46], &s[47])
sb7(&s[48], &s[49], &s[50], &s[51])
sb6(&s[52], &s[53], &s[54], &s[55])
sb5(&s[56], &s[57], &s[58], &s[59])
sb4(&s[60], &s[61], &s[62], &s[63])
sb3(&s[64], &s[65], &s[66], &s[67])
sb2(&s[68], &s[69], &s[70], &s[71])
sb1(&s[72], &s[73], &s[74], &s[75])
sb0(&s[76], &s[77], &s[78], &s[79])
sb7(&s[80], &s[81], &s[82], &s[83])
sb6(&s[84], &s[85], &s[86], &s[87])
sb5(&s[88], &s[89], &s[90], &s[91])
sb4(&s[92], &s[93], &s[94], &s[95])
sb3(&s[96], &s[97], &s[98], &s[99])
sb2(&s[100], &s[101], &s[102], &s[103])
sb1(&s[104], &s[105], &s[106], &s[107])
sb0(&s[108], &s[109], &s[110], &s[111])
sb7(&s[112], &s[113], &s[114], &s[115])
sb6(&s[116], &s[117], &s[118], &s[119])
sb5(&s[120], &s[121], &s[122], &s[123])
sb4(&s[124], &s[125], &s[126], &s[127])
sb3(&s[128], &s[129], &s[130], &s[131])
}

276
vendor/github.com/aead/serpent/serpent_ref.go generated vendored Normal file
View File

@ -0,0 +1,276 @@
// Copyright (c) 2016 Andreas Auernhammer. All rights reserved.
// Use of this source code is governed by a license that can be
// found in the LICENSE file.
package serpent
// Encrypts one block with the given 132 sub-keys sk.
func encryptBlock(dst, src []byte, sk *subkeys) {
// Transform the input block to 4 x 32 bit registers
r0 := uint32(src[0]) | uint32(src[1])<<8 | uint32(src[2])<<16 | uint32(src[3])<<24
r1 := uint32(src[4]) | uint32(src[5])<<8 | uint32(src[6])<<16 | uint32(src[7])<<24
r2 := uint32(src[8]) | uint32(src[9])<<8 | uint32(src[10])<<16 | uint32(src[11])<<24
r3 := uint32(src[12]) | uint32(src[13])<<8 | uint32(src[14])<<16 | uint32(src[15])<<24
// Encrypt the block with the 132 sub-keys and 8 S-Boxes
r0, r1, r2, r3 = r0^sk[0], r1^sk[1], r2^sk[2], r3^sk[3]
sb0(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[4], r1^sk[5], r2^sk[6], r3^sk[7]
sb1(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[8], r1^sk[9], r2^sk[10], r3^sk[11]
sb2(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[12], r1^sk[13], r2^sk[14], r3^sk[15]
sb3(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[16], r1^sk[17], r2^sk[18], r3^sk[19]
sb4(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[20], r1^sk[21], r2^sk[22], r3^sk[23]
sb5(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[24], r1^sk[25], r2^sk[26], r3^sk[27]
sb6(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[28], r1^sk[29], r2^sk[30], r3^sk[31]
sb7(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[32], r1^sk[33], r2^sk[34], r3^sk[35]
sb0(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[36], r1^sk[37], r2^sk[38], r3^sk[39]
sb1(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[40], r1^sk[41], r2^sk[42], r3^sk[43]
sb2(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[44], r1^sk[45], r2^sk[46], r3^sk[47]
sb3(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[48], r1^sk[49], r2^sk[50], r3^sk[51]
sb4(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[52], r1^sk[53], r2^sk[54], r3^sk[55]
sb5(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[56], r1^sk[57], r2^sk[58], r3^sk[59]
sb6(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[60], r1^sk[61], r2^sk[62], r3^sk[63]
sb7(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[64], r1^sk[65], r2^sk[66], r3^sk[67]
sb0(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[68], r1^sk[69], r2^sk[70], r3^sk[71]
sb1(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[72], r1^sk[73], r2^sk[74], r3^sk[75]
sb2(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[76], r1^sk[77], r2^sk[78], r3^sk[79]
sb3(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[80], r1^sk[81], r2^sk[82], r3^sk[83]
sb4(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[84], r1^sk[85], r2^sk[86], r3^sk[87]
sb5(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[88], r1^sk[89], r2^sk[90], r3^sk[91]
sb6(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[92], r1^sk[93], r2^sk[94], r3^sk[95]
sb7(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[96], r1^sk[97], r2^sk[98], r3^sk[99]
sb0(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[100], r1^sk[101], r2^sk[102], r3^sk[103]
sb1(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[104], r1^sk[105], r2^sk[106], r3^sk[107]
sb2(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[108], r1^sk[109], r2^sk[110], r3^sk[111]
sb3(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[112], r1^sk[113], r2^sk[114], r3^sk[115]
sb4(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[116], r1^sk[117], r2^sk[118], r3^sk[119]
sb5(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[120], r1^sk[121], r2^sk[122], r3^sk[123]
sb6(&r0, &r1, &r2, &r3)
linear(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[124], r1^sk[125], r2^sk[126], r3^sk[127]
sb7(&r0, &r1, &r2, &r3)
// whitening
r0 ^= sk[128]
r1 ^= sk[129]
r2 ^= sk[130]
r3 ^= sk[131]
// write the encrypted block to the output
dst[0] = byte(r0)
dst[1] = byte(r0 >> 8)
dst[2] = byte(r0 >> 16)
dst[3] = byte(r0 >> 24)
dst[4] = byte(r1)
dst[5] = byte(r1 >> 8)
dst[6] = byte(r1 >> 16)
dst[7] = byte(r1 >> 24)
dst[8] = byte(r2)
dst[9] = byte(r2 >> 8)
dst[10] = byte(r2 >> 16)
dst[11] = byte(r2 >> 24)
dst[12] = byte(r3)
dst[13] = byte(r3 >> 8)
dst[14] = byte(r3 >> 16)
dst[15] = byte(r3 >> 24)
}
// Decrypts one block with the given 132 sub-keys sk.
func decryptBlock(dst, src []byte, sk *subkeys) {
// Transform the input block to 4 x 32 bit registers
r0 := uint32(src[0]) | uint32(src[1])<<8 | uint32(src[2])<<16 | uint32(src[3])<<24
r1 := uint32(src[4]) | uint32(src[5])<<8 | uint32(src[6])<<16 | uint32(src[7])<<24
r2 := uint32(src[8]) | uint32(src[9])<<8 | uint32(src[10])<<16 | uint32(src[11])<<24
r3 := uint32(src[12]) | uint32(src[13])<<8 | uint32(src[14])<<16 | uint32(src[15])<<24
// undo whitening
r0 ^= sk[128]
r1 ^= sk[129]
r2 ^= sk[130]
r3 ^= sk[131]
// Decrypt the block with the 132 sub-keys and 8 S-Boxes
sb7Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[124], r1^sk[125], r2^sk[126], r3^sk[127]
linearInv(&r0, &r1, &r2, &r3)
sb6Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[120], r1^sk[121], r2^sk[122], r3^sk[123]
linearInv(&r0, &r1, &r2, &r3)
sb5Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[116], r1^sk[117], r2^sk[118], r3^sk[119]
linearInv(&r0, &r1, &r2, &r3)
sb4Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[112], r1^sk[113], r2^sk[114], r3^sk[115]
linearInv(&r0, &r1, &r2, &r3)
sb3Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[108], r1^sk[109], r2^sk[110], r3^sk[111]
linearInv(&r0, &r1, &r2, &r3)
sb2Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[104], r1^sk[105], r2^sk[106], r3^sk[107]
linearInv(&r0, &r1, &r2, &r3)
sb1Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[100], r1^sk[101], r2^sk[102], r3^sk[103]
linearInv(&r0, &r1, &r2, &r3)
sb0Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[96], r1^sk[97], r2^sk[98], r3^sk[99]
linearInv(&r0, &r1, &r2, &r3)
sb7Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[92], r1^sk[93], r2^sk[94], r3^sk[95]
linearInv(&r0, &r1, &r2, &r3)
sb6Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[88], r1^sk[89], r2^sk[90], r3^sk[91]
linearInv(&r0, &r1, &r2, &r3)
sb5Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[84], r1^sk[85], r2^sk[86], r3^sk[87]
linearInv(&r0, &r1, &r2, &r3)
sb4Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[80], r1^sk[81], r2^sk[82], r3^sk[83]
linearInv(&r0, &r1, &r2, &r3)
sb3Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[76], r1^sk[77], r2^sk[78], r3^sk[79]
linearInv(&r0, &r1, &r2, &r3)
sb2Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[72], r1^sk[73], r2^sk[74], r3^sk[75]
linearInv(&r0, &r1, &r2, &r3)
sb1Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[68], r1^sk[69], r2^sk[70], r3^sk[71]
linearInv(&r0, &r1, &r2, &r3)
sb0Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[64], r1^sk[65], r2^sk[66], r3^sk[67]
linearInv(&r0, &r1, &r2, &r3)
sb7Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[60], r1^sk[61], r2^sk[62], r3^sk[63]
linearInv(&r0, &r1, &r2, &r3)
sb6Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[56], r1^sk[57], r2^sk[58], r3^sk[59]
linearInv(&r0, &r1, &r2, &r3)
sb5Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[52], r1^sk[53], r2^sk[54], r3^sk[55]
linearInv(&r0, &r1, &r2, &r3)
sb4Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[48], r1^sk[49], r2^sk[50], r3^sk[51]
linearInv(&r0, &r1, &r2, &r3)
sb3Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[44], r1^sk[45], r2^sk[46], r3^sk[47]
linearInv(&r0, &r1, &r2, &r3)
sb2Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[40], r1^sk[41], r2^sk[42], r3^sk[43]
linearInv(&r0, &r1, &r2, &r3)
sb1Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[36], r1^sk[37], r2^sk[38], r3^sk[39]
linearInv(&r0, &r1, &r2, &r3)
sb0Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[32], r1^sk[33], r2^sk[34], r3^sk[35]
linearInv(&r0, &r1, &r2, &r3)
sb7Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[28], r1^sk[29], r2^sk[30], r3^sk[31]
linearInv(&r0, &r1, &r2, &r3)
sb6Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[24], r1^sk[25], r2^sk[26], r3^sk[27]
linearInv(&r0, &r1, &r2, &r3)
sb5Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[20], r1^sk[21], r2^sk[22], r3^sk[23]
linearInv(&r0, &r1, &r2, &r3)
sb4Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[16], r1^sk[17], r2^sk[18], r3^sk[19]
linearInv(&r0, &r1, &r2, &r3)
sb3Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[12], r1^sk[13], r2^sk[14], r3^sk[15]
linearInv(&r0, &r1, &r2, &r3)
sb2Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[8], r1^sk[9], r2^sk[10], r3^sk[11]
linearInv(&r0, &r1, &r2, &r3)
sb1Inv(&r0, &r1, &r2, &r3)
r0, r1, r2, r3 = r0^sk[4], r1^sk[5], r2^sk[6], r3^sk[7]
linearInv(&r0, &r1, &r2, &r3)
sb0Inv(&r0, &r1, &r2, &r3)
r0 ^= sk[0]
r1 ^= sk[1]
r2 ^= sk[2]
r3 ^= sk[3]
// write the decrypted block to the output
dst[0] = byte(r0)
dst[1] = byte(r0 >> 8)
dst[2] = byte(r0 >> 16)
dst[3] = byte(r0 >> 24)
dst[4] = byte(r1)
dst[5] = byte(r1 >> 8)
dst[6] = byte(r1 >> 16)
dst[7] = byte(r1 >> 24)
dst[8] = byte(r2)
dst[9] = byte(r2 >> 8)
dst[10] = byte(r2 >> 16)
dst[11] = byte(r2 >> 24)
dst[12] = byte(r3)
dst[13] = byte(r3 >> 8)
dst[14] = byte(r3 >> 16)
dst[15] = byte(r3 >> 24)
}

6125
vendor/github.com/containerd/cgroups/stats/v1/metrics.pb.go generated vendored
View File

File diff suppressed because it is too large Load Diff

0
vendor/github.com/containerd/cgroups/LICENSE → vendor/github.com/containerd/cgroups/v3/LICENSE generated vendored
View File

2
vendor/github.com/containerd/cgroups/stats/v1/doc.go → vendor/github.com/containerd/cgroups/v3/cgroup1/stats/doc.go generated vendored
View File

@ -14,4 +14,4 @@
limitations under the License.
*/
package v1
package stats

1959
vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.go generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

27
vendor/github.com/containerd/cgroups/stats/v1/metrics.pb.txt → vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.pb.txt generated vendored
View File

@ -1,7 +1,6 @@
file {
name: "github.com/containerd/cgroups/stats/v1/metrics.proto"
name: "github.com/containerd/cgroups/cgroup1/stats/metrics.proto"
package: "io.containerd.cgroups.v1"
dependency: "gogoproto/gogo.proto"
message_type {
name: "Metrics"
field {
@ -26,9 +25,6 @@ file {
label: LABEL_OPTIONAL
type: TYPE_MESSAGE
type_name: ".io.containerd.cgroups.v1.CPUStat"
options {
65004: "CPU"
}
json_name: "cpu"
}
field {
@ -175,9 +171,6 @@ file {
number: 4
label: LABEL_REPEATED
type: TYPE_UINT64
options {
65004: "PerCPU"
}
json_name: "perCpu"
}
}
@ -219,9 +212,6 @@ file {
number: 2
label: LABEL_OPTIONAL
type: TYPE_UINT64
options {
65004: "RSS"
}
json_name: "rss"
}
field {
@ -229,9 +219,6 @@ file {
number: 3
label: LABEL_OPTIONAL
type: TYPE_UINT64
options {
65004: "RSSHuge"
}
json_name: "rssHuge"
}
field {
@ -344,9 +331,6 @@ file {
number: 19
label: LABEL_OPTIONAL
type: TYPE_UINT64
options {
65004: "TotalRSS"
}
json_name: "totalRss"
}
field {
@ -354,9 +338,6 @@ file {
number: 20
label: LABEL_OPTIONAL
type: TYPE_UINT64
options {
65004: "TotalRSSHuge"
}
json_name: "totalRssHuge"
}
field {
@ -473,9 +454,6 @@ file {
label: LABEL_OPTIONAL
type: TYPE_MESSAGE
type_name: ".io.containerd.cgroups.v1.MemoryEntry"
options {
65004: "KernelTCP"
}
json_name: "kernelTcp"
}
}
@ -786,5 +764,8 @@ file {
json_name: "nrIoWait"
}
}
options {
go_package: "github.com/containerd/cgroups/cgroup1/stats"
}
syntax: "proto3"
}

16
vendor/github.com/containerd/cgroups/stats/v1/metrics.proto → vendor/github.com/containerd/cgroups/v3/cgroup1/stats/metrics.proto generated vendored
View File

@ -2,12 +2,12 @@ syntax = "proto3";
package io.containerd.cgroups.v1;
import "gogoproto/gogo.proto";
option go_package = "github.com/containerd/cgroups/cgroup1/stats";
message Metrics {
repeated HugetlbStat hugetlb = 1;
PidsStat pids = 2;
CPUStat cpu = 3 [(gogoproto.customname) = "CPU"];
CPUStat cpu = 3;
MemoryStat memory = 4;
BlkIOStat blkio = 5;
RdmaStat rdma = 6;
@ -38,7 +38,7 @@ message CPUUsage {
uint64 total = 1;
uint64 kernel = 2;
uint64 user = 3;
repeated uint64 per_cpu = 4 [(gogoproto.customname) = "PerCPU"];
repeated uint64 per_cpu = 4;
}
@ -50,8 +50,8 @@ message Throttle {
message MemoryStat {
uint64 cache = 1;
uint64 rss = 2 [(gogoproto.customname) = "RSS"];
uint64 rss_huge = 3 [(gogoproto.customname) = "RSSHuge"];
uint64 rss = 2;
uint64 rss_huge = 3;
uint64 mapped_file = 4;
uint64 dirty = 5;
uint64 writeback = 6;
@ -67,8 +67,8 @@ message MemoryStat {
uint64 hierarchical_memory_limit = 16;
uint64 hierarchical_swap_limit = 17;
uint64 total_cache = 18;
uint64 total_rss = 19 [(gogoproto.customname) = "TotalRSS"];
uint64 total_rss_huge = 20 [(gogoproto.customname) = "TotalRSSHuge"];
uint64 total_rss = 19;
uint64 total_rss_huge = 20;
uint64 total_mapped_file = 21;
uint64 total_dirty = 22;
uint64 total_writeback = 23;
@ -84,7 +84,7 @@ message MemoryStat {
MemoryEntry usage = 33;
MemoryEntry swap = 34;
MemoryEntry kernel = 35;
MemoryEntry kernel_tcp = 36 [(gogoproto.customname) = "KernelTCP"];
MemoryEntry kernel_tcp = 36;
}

11
vendor/github.com/containerd/containerd/log/context.go generated vendored
View File

@ -44,6 +44,12 @@ import (
"github.com/sirupsen/logrus"
)
// G is a shorthand for [GetLogger].
//
// We may want to define this locally to a package to get package tagged log
// messages.
var G = GetLogger
// L is an alias for the standard logger.
var L = &Entry{
Logger: logrus.StandardLogger(),
@ -169,11 +175,6 @@ func WithLogger(ctx context.Context, logger *Entry) context.Context {
// GetLogger retrieves the current logger from the context. If no logger is
// available, the default logger is returned.
func GetLogger(ctx context.Context) *Entry {
return G(ctx)
}
// G is a shorthand for [GetLogger].
func G(ctx context.Context) *Entry {
if logger := ctx.Value(loggerKey{}); logger != nil {
return logger.(*Entry)
}

26
vendor/github.com/containerd/containerd/platforms/defaults_windows.go generated vendored
View File

@ -22,6 +22,7 @@ import (
"strconv"
"strings"
"github.com/Microsoft/hcsshim/osversion"
specs "github.com/opencontainers/image-spec/specs-go/v1"
"golang.org/x/sys/windows"
)
@ -50,15 +51,36 @@ func (m windowsmatcher) Match(p specs.Platform) bool {
match := m.defaultMatcher.Match(p)
if match && m.OS == "windows" {
if strings.HasPrefix(p.OSVersion, m.osVersionPrefix) {
// HPC containers do not have OS version filled
if p.OSVersion == "" {
return true
}
return p.OSVersion == ""
hostOsVersion := GetOsVersion(m.osVersionPrefix)
ctrOsVersion := GetOsVersion(p.OSVersion)
return osversion.CheckHostAndContainerCompat(hostOsVersion, ctrOsVersion)
}
return match
}
func GetOsVersion(osVersionPrefix string) osversion.OSVersion {
parts := strings.Split(osVersionPrefix, ".")
if len(parts) < 3 {
return osversion.OSVersion{}
}
majorVersion, _ := strconv.Atoi(parts[0])
minorVersion, _ := strconv.Atoi(parts[1])
buildNumber, _ := strconv.Atoi(parts[2])
return osversion.OSVersion{
MajorVersion: uint8(majorVersion),
MinorVersion: uint8(minorVersion),
Build: uint16(buildNumber),
}
}
// Less sorts matched platforms in front of other platforms.
// For matched platforms, it puts platforms with larger revision
// number in front.

12
vendor/github.com/containerd/containerd/platforms/platforms.go generated vendored
View File

@ -196,6 +196,10 @@ func Parse(specifier string) (specs.Platform, error) {
p.Variant = cpuVariant()
}
if p.OS == "windows" {
p.OSVersion = GetWindowsOsVersion()
}
return p, nil
}
@ -218,6 +222,10 @@ func Parse(specifier string) (specs.Platform, error) {
p.Variant = ""
}
if p.OS == "windows" {
p.OSVersion = GetWindowsOsVersion()
}
return p, nil
case 3:
// we have a fully specified variant, this is rare
@ -227,6 +235,10 @@ func Parse(specifier string) (specs.Platform, error) {
p.Variant = "v8"
}
if p.OS == "windows" {
p.OSVersion = GetWindowsOsVersion()
}
return p, nil
}

4
vendor/github.com/containerd/containerd/platforms/platforms_other.go generated vendored
View File

@ -28,3 +28,7 @@ func newDefaultMatcher(platform specs.Platform) Matcher {
Platform: Normalize(platform),
}
}
func GetWindowsOsVersion() string {
return ""
}

8
vendor/github.com/containerd/containerd/platforms/platforms_windows.go generated vendored
View File

@ -17,7 +17,10 @@
package platforms
import (
"fmt"
specs "github.com/opencontainers/image-spec/specs-go/v1"
"golang.org/x/sys/windows"
)
// NewMatcher returns a Windows matcher that will match on osVersionPrefix if
@ -32,3 +35,8 @@ func newDefaultMatcher(platform specs.Platform) Matcher {
},
}
}
func GetWindowsOsVersion() string {
major, minor, build := windows.RtlGetNtVersionNumbers()
return fmt.Sprintf("%d.%d.%d", major, minor, build)
}

56
vendor/github.com/containers/buildah/.cirrus.yml generated vendored
View File

@ -32,7 +32,7 @@ env:
DEBIAN_NAME: "debian-13"
# Image identifiers
IMAGE_SUFFIX: "c20230614t132754z-f38f37d13"
IMAGE_SUFFIX: "c20230816t191118z-f38f37d13"
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}"
@ -112,7 +112,6 @@ smoke_task:
vendor_task:
name: "Test Vendoring"
alias: vendor
only_if: &not_multiarch $CIRRUS_CRON != 'multiarch'
env:
CIRRUS_WORKING_DIR: "/var/tmp/go/src/github.com/containers/buildah"
@ -137,8 +136,7 @@ cross_build_task:
name: "Cross Compile"
alias: cross_build
only_if: >-
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_CRON != 'multiarch'
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*'
osx_instance:
image: ghcr.io/cirruslabs/macos-ventura-base:latest
@ -160,8 +158,7 @@ unit_task:
alias: unit
only_if: &not_build_docs >-
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*' &&
$CIRRUS_CRON != 'multiarch'
$CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*'
depends_on: &smoke_vendor_cross
- smoke
- vendor
@ -322,52 +319,6 @@ in_podman_task:
<<: *standardlogs
image_build_task: &image-build
name: "Build multi-arch $FLAVOR"
alias: image_build
# Some of these container images take > 1h to build, limit
# this task to a specific Cirrus-Cron entry with this name.
only_if: $CIRRUS_CRON == 'multiarch'
depends_on:
- smoke
timeout_in: 120m # emulation is sssllllooooowwww
gce_instance:
<<: *standardvm
image_name: build-push-${IMAGE_SUFFIX}
# More muscle required for parallel multi-arch build
type: "n2-standard-4"
matrix:
- env:
FLAVOR: upstream
- env:
FLAVOR: testing
- env:
FLAVOR: stable
env:
DISTRO_NV: "${FEDORA_NAME}" # Required for repo cache extraction
BUILDAH_USERNAME: ENCRYPTED[70e1d4f026cba5d82fc067944baab10f7c71c64bb6b75fce4eeb5c106694b3bbc8e08f8a1b926d6e03e85cf4e21833bb]
BUILDAH_PASSWORD: ENCRYPTED[2dc7f4f623bfc856e1d5030df263b9e48ddab39abacea7a8bc714179c188df15fc0a5bb5d3414a24637d4e39aa51b7b5]
CONTAINERS_USERNAME: ENCRYPTED[88cd93c753f78d70e4beb5dbebd4402d682daf45793d7e0fe8b75b358f768e8734aef3f130ffb4ebca9bdea8d220a188]
CONTAINERS_PASSWORD: ENCRYPTED[886cf4cc126e50b2fd7f2792235a22bb79e4b81db43f803a6214a38d3fd6c04cd4e64570b562cb32b04e5fbc435404b6]
main_script:
- source /etc/automation_environment
- main.sh $CIRRUS_REPO_CLONE_URL contrib/buildahimage $FLAVOR
test_image_build_task:
<<: *image-build
alias: test_image_build
# Allow this to run inside a PR w/ [CI:BUILD] only.
only_if: $CIRRUS_PR != '' && $CIRRUS_CHANGE_TITLE =~ '.*CI:BUILD.*'
# This takes a LONG time, only run when requested. N/B: Any task
# made to depend on this one will block FOREVER unless triggered.
# DO NOT ADD THIS TASK AS DEPENDENCY FOR `success_task`.
trigger_type: manual
# Overwrite all 'env', don't push anything, just do the build.
env:
DRYRUN: 1
# Status aggregator for all tests. This task simply ensures a defined
# set of tasks all passed, and allows confirming that based on the status
# of this task.
@ -384,7 +335,6 @@ success_task:
- cross_build
- integration
- in_podman
- image_build
container:
image: "quay.io/libpod/alpine:latest"

40
vendor/github.com/containers/buildah/.packit.yaml generated vendored
View File

@ -2,29 +2,35 @@
# See the documentation for more information:
# https://packit.dev/docs/configuration/
# Build targets can be found at:
# https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/
# and
# https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/
specfile_path: rpm/buildah.spec
upstream_tag_template: v{version}
jobs:
- &copr
job: copr_build
trigger: pull_request
owner: rhcontainerbot
project: packit-builds
enable_net: true
srpm_build_deps:
- make
srpm_build_deps:
- make
- <<: *copr
# Run on commit to main branch
jobs:
- job: copr_build
trigger: pull_request
# keep in sync with https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next
enable_net: true
targets:
- fedora-all-x86_64
- fedora-all-aarch64
- fedora-eln-x86_64
- fedora-eln-aarch64
- centos-stream+epel-next-8-x86_64
- centos-stream+epel-next-8-aarch64
- centos-stream+epel-next-9-x86_64
- centos-stream+epel-next-9-aarch64
additional_repos:
- "copr://rhcontainerbot/podman-next"
# Run on commit to main branch
- job: copr_build
trigger: commit
branch: main
owner: rhcontainerbot
project: podman-next
enable_net: true
- job: propose_downstream
trigger: release

20
vendor/github.com/containers/buildah/Makefile generated vendored
View File

@ -39,7 +39,7 @@ LIBSECCOMP_COMMIT := release-2.3
EXTRA_LDFLAGS ?=
BUILDAH_LDFLAGS := $(GO_LDFLAGS) '-X main.GitCommit=$(GIT_COMMIT) -X main.buildInfo=$(SOURCE_DATE_EPOCH) -X main.cniVersion=$(CNI_COMMIT) $(EXTRA_LDFLAGS)'
SOURCES=*.go imagebuildah/*.go bind/*.go chroot/*.go copier/*.go define/*.go docker/*.go internal/parse/*.go internal/source/*.go internal/util/*.go manifests/*.go pkg/chrootuser/*.go pkg/cli/*.go pkg/completion/*.go pkg/formats/*.go pkg/overlay/*.go pkg/parse/*.go pkg/rusage/*.go pkg/sshagent/*.go pkg/umask/*.go pkg/util/*.go util/*.go
SOURCES=*.go imagebuildah/*.go bind/*.go chroot/*.go copier/*.go define/*.go docker/*.go internal/mkcw/*.go internal/mkcw/types/*.go internal/parse/*.go internal/source/*.go internal/util/*.go manifests/*.go pkg/chrootuser/*.go pkg/cli/*.go pkg/completion/*.go pkg/formats/*.go pkg/overlay/*.go pkg/parse/*.go pkg/rusage/*.go pkg/sshagent/*.go pkg/umask/*.go pkg/util/*.go util/*.go
LINTFLAGS ?=
@ -69,14 +69,26 @@ static:
mkdir -p ./bin
cp -rfp ./result/bin/* ./bin/
bin/buildah: $(SOURCES) cmd/buildah/*.go
bin/buildah: $(SOURCES) cmd/buildah/*.go internal/mkcw/embed/entrypoint.gz
$(GO_BUILD) $(BUILDAH_LDFLAGS) $(GO_GCFLAGS) "$(GOGCFLAGS)" -o $@ $(BUILDFLAGS) ./cmd/buildah
ifneq ($(shell as --version | grep x86_64),)
internal/mkcw/embed/entrypoint: internal/mkcw/embed/entrypoint.s
$(AS) -o $(patsubst %.s,%.o,$^) $^
$(LD) -o $@ $(patsubst %.s,%.o,$^)
strip $@
else
.PHONY: internal/mkcw/embed/entrypoint
endif
internal/mkcw/embed/entrypoint.gz: internal/mkcw/embed/entrypoint
$(RM) $@
gzip -k $^
.PHONY: buildah
buildah: bin/buildah
# TODO: remove `grep -v loong64` from `ALL_CROSS_TARGETS` once go.etcd.io/bbolt 1.3.7 is out.
ALL_CROSS_TARGETS := $(addprefix bin/buildah.,$(subst /,.,$(shell $(GO) tool dist list | grep -v loong64)))
ALL_CROSS_TARGETS := $(addprefix bin/buildah.,$(subst /,.,$(shell $(GO) tool dist list)))
LINUX_CROSS_TARGETS := $(filter bin/buildah.linux.%,$(ALL_CROSS_TARGETS))
DARWIN_CROSS_TARGETS := $(filter bin/buildah.darwin.%,$(ALL_CROSS_TARGETS))
WINDOWS_CROSS_TARGETS := $(addsuffix .exe,$(filter bin/buildah.windows.%,$(ALL_CROSS_TARGETS)))

14
vendor/github.com/containers/buildah/buildah.go generated vendored
View File

@ -386,6 +386,11 @@ type ImportFromImageOptions struct {
SystemContext *types.SystemContext
}
// ConfidentialWorkloadOptions encapsulates options which control whether or not
// we output an image whose rootfs contains a LUKS-compatibly-encrypted disk image
// instead of the usual rootfs contents.
type ConfidentialWorkloadOptions = define.ConfidentialWorkloadOptions
// NewBuilder creates a new build container.
func NewBuilder(ctx context.Context, store storage.Store, options BuilderOptions) (*Builder, error) {
if options.CommonBuildOpts == nil {
@ -433,6 +438,9 @@ func OpenBuilder(store storage.Store, container string) (*Builder, error) {
b.store = store
b.fixupConfig(nil)
b.setupLogger()
if b.CommonBuildOpts == nil {
b.CommonBuildOpts = &CommonBuildOptions{}
}
return b, nil
}
@ -469,6 +477,9 @@ func OpenBuilderByPath(store storage.Store, path string) (*Builder, error) {
b.store = store
b.fixupConfig(nil)
b.setupLogger()
if b.CommonBuildOpts == nil {
b.CommonBuildOpts = &CommonBuildOptions{}
}
return b, nil
}
if err != nil {
@ -506,6 +517,9 @@ func OpenAllBuilders(store storage.Store) (builders []*Builder, err error) {
b.store = store
b.setupLogger()
b.fixupConfig(nil)
if b.CommonBuildOpts == nil {
b.CommonBuildOpts = &CommonBuildOptions{}
}
builders = append(builders, b)
continue
}

6
vendor/github.com/containers/buildah/chroot/seccomp.go generated vendored
View File

@ -79,9 +79,11 @@ func setSeccomp(spec *specs.Spec) error {
case specs.ArchS390X:
return libseccomp.ArchS390X
case specs.ArchPARISC:
/* fallthrough */ /* for now */
return libseccomp.ArchPARISC
case specs.ArchPARISC64:
/* fallthrough */ /* for now */
return libseccomp.ArchPARISC64
case specs.ArchRISCV64:
return libseccomp.ArchRISCV64
default:
logrus.Errorf("unmappable arch %v", specArch)
}

4
vendor/github.com/containers/buildah/commit.go generated vendored
View File

@ -105,6 +105,10 @@ type CommitOptions struct {
// integers in the slice represent 0-indexed layer indices, with support for negative
// indexing. i.e. 0 is the first layer, -1 is the last (top-most) layer.
OciEncryptLayers *[]int
// ConfidentialWorkloadOptions is used to force the output image's rootfs to contain a
// LUKS-compatibly encrypted disk image (for use with krun) instead of the usual
// contents of a rootfs.
ConfidentialWorkloadOptions ConfidentialWorkloadOptions
// UnsetEnvs is a list of environments to not add to final image.
// Deprecated: use UnsetEnv() before committing instead.
UnsetEnvs []string

217
vendor/github.com/containers/buildah/convertcw.go generated vendored Normal file
View File

@ -0,0 +1,217 @@
package buildah
import (
"context"
"fmt"
"io"
"time"
"github.com/containers/buildah/define"
"github.com/containers/buildah/internal/mkcw"
"github.com/containers/image/v5/docker/reference"
"github.com/containers/image/v5/types"
encconfig "github.com/containers/ocicrypt/config"
"github.com/containers/storage"
"github.com/containers/storage/pkg/archive"
"github.com/opencontainers/go-digest"
"github.com/sirupsen/logrus"
)
// CWConvertImageOptions provides both required and optional bits of
// configuration for CWConvertImage().
type CWConvertImageOptions struct {
// Required parameters.
InputImage string
// If supplied, we'll tag the resulting image with the specified name.
Tag string
OutputImage types.ImageReference
// If supplied, we'll register the workload with this server.
// Practically necessary if DiskEncryptionPassphrase is not set, in
// which case we'll generate one and throw it away after.
AttestationURL string
// Used to measure the environment. If left unset (0), defaults will be applied.
CPUs int
Memory int
// Can be manually set. If left unset ("", false, nil), reasonable values will be used.
TeeType define.TeeType
IgnoreAttestationErrors bool
WorkloadID string
DiskEncryptionPassphrase string
Slop string
FirmwareLibrary string
BaseImage string
Logger *logrus.Logger
// Passed through to BuilderOptions. Most settings won't make
// sense to be made available here because we don't launch a process.
ContainerSuffix string
PullPolicy PullPolicy
BlobDirectory string
SignaturePolicyPath string
ReportWriter io.Writer
IDMappingOptions *IDMappingOptions
Format string
MaxPullRetries int
PullRetryDelay time.Duration
OciDecryptConfig *encconfig.DecryptConfig
MountLabel string
}
// CWConvertImage takes the rootfs and configuration from one image, generates a
// LUKS-encrypted disk image that more or less includes them both, and puts the
// result into a new container image.
// Returns the new image's ID and digest on success, along with a canonical
// reference for it if a repository name was specified.
func CWConvertImage(ctx context.Context, systemContext *types.SystemContext, store storage.Store, options CWConvertImageOptions) (string, reference.Canonical, digest.Digest, error) {
// Apply our defaults if some options aren't set.
logger := options.Logger
if logger == nil {
logger = logrus.StandardLogger()
}
// Now create the target working container, pulling the base image if
// there is one and it isn't present.
builderOptions := BuilderOptions{
FromImage: options.BaseImage,
SystemContext: systemContext,
Logger: logger,
ContainerSuffix: options.ContainerSuffix,
PullPolicy: options.PullPolicy,
BlobDirectory: options.BlobDirectory,
SignaturePolicyPath: options.SignaturePolicyPath,
ReportWriter: options.ReportWriter,
IDMappingOptions: options.IDMappingOptions,
Format: options.Format,
MaxPullRetries: options.MaxPullRetries,
PullRetryDelay: options.PullRetryDelay,
OciDecryptConfig: options.OciDecryptConfig,
MountLabel: options.MountLabel,
}
target, err := NewBuilder(ctx, store, builderOptions)
if err != nil {
return "", nil, "", fmt.Errorf("creating container from target image: %w", err)
}
defer func() {
if err := target.Delete(); err != nil {
logrus.Warnf("deleting target container: %v", err)
}
}()
targetDir, err := target.Mount("")
if err != nil {
return "", nil, "", fmt.Errorf("mounting target container: %w", err)
}
defer func() {
if err := target.Unmount(); err != nil {
logrus.Warnf("unmounting target container: %v", err)
}
}()
// Mount the source image, pulling it first if necessary.
builderOptions = BuilderOptions{
FromImage: options.InputImage,
SystemContext: systemContext,
Logger: logger,
ContainerSuffix: options.ContainerSuffix,
PullPolicy: options.PullPolicy,
BlobDirectory: options.BlobDirectory,
SignaturePolicyPath: options.SignaturePolicyPath,
ReportWriter: options.ReportWriter,
IDMappingOptions: options.IDMappingOptions,
Format: options.Format,
MaxPullRetries: options.MaxPullRetries,
PullRetryDelay: options.PullRetryDelay,
OciDecryptConfig: options.OciDecryptConfig,
MountLabel: options.MountLabel,
}
source, err := NewBuilder(ctx, store, builderOptions)
if err != nil {
return "", nil, "", fmt.Errorf("creating container from source image: %w", err)
}
defer func() {
if err := source.Delete(); err != nil {
logrus.Warnf("deleting source container: %v", err)
}
}()
sourceInfo := GetBuildInfo(source)
if err != nil {
return "", nil, "", fmt.Errorf("retrieving info about source image: %w", err)
}
sourceImageID := sourceInfo.FromImageID
sourceSize, err := store.ImageSize(sourceImageID)
if err != nil {
return "", nil, "", fmt.Errorf("computing size of source image: %w", err)
}
sourceDir, err := source.Mount("")
if err != nil {
return "", nil, "", fmt.Errorf("mounting source container: %w", err)
}
defer func() {
if err := source.Unmount(); err != nil {
logrus.Warnf("unmounting source container: %v", err)
}
}()
// Generate the image contents.
archiveOptions := mkcw.ArchiveOptions{
AttestationURL: options.AttestationURL,
CPUs: options.CPUs,
Memory: options.Memory,
TempDir: targetDir,
TeeType: options.TeeType,
IgnoreAttestationErrors: options.IgnoreAttestationErrors,
ImageSize: sourceSize,
WorkloadID: options.WorkloadID,
DiskEncryptionPassphrase: options.DiskEncryptionPassphrase,
Slop: options.Slop,
FirmwareLibrary: options.FirmwareLibrary,
Logger: logger,
}
rc, workloadConfig, err := mkcw.Archive(sourceDir, &source.OCIv1, archiveOptions)
if err != nil {
return "", nil, "", fmt.Errorf("generating encrypted image content: %w", err)
}
if err = archive.Untar(rc, targetDir, &archive.TarOptions{}); err != nil {
if err = rc.Close(); err != nil {
logger.Warnf("cleaning up: %v", err)
}
return "", nil, "", fmt.Errorf("saving encrypted image content: %w", err)
}
if err = rc.Close(); err != nil {
return "", nil, "", fmt.Errorf("cleaning up: %w", err)
}
// Commit the image. Clear out most of the configuration (if there is any — we default
// to scratch as a base) so that an engine that doesn't or can't set up a TEE will just
// run the static entrypoint. The rest of the configuration which the runtime consults
// is in the .krun_config.json file in the encrypted filesystem.
logger.Log(logrus.DebugLevel, "committing disk image")
target.ClearAnnotations()
target.ClearEnv()
target.ClearLabels()
target.ClearOnBuild()
target.ClearPorts()
target.ClearVolumes()
target.SetCmd(nil)
target.SetCreatedBy(fmt.Sprintf(": convert %q for use with %q", sourceImageID, workloadConfig.Type))
target.SetDomainname("")
target.SetEntrypoint([]string{"/entrypoint"})
target.SetHealthcheck(nil)
target.SetHostname("")
target.SetMaintainer("")
target.SetShell(nil)
target.SetUser("")
target.SetWorkDir("")
commitOptions := CommitOptions{
SystemContext: systemContext,
}
if options.Tag != "" {
commitOptions.AdditionalTags = append(commitOptions.AdditionalTags, options.Tag)
}
return target.Commit(ctx, options.OutputImage, commitOptions)
}

5
vendor/github.com/containers/buildah/copier/copier.go generated vendored
View File

@ -19,7 +19,6 @@ import (
"syscall"
"time"
"github.com/containers/buildah/util"
"github.com/containers/image/v5/pkg/compression"
"github.com/containers/storage/pkg/archive"
"github.com/containers/storage/pkg/fileutils"
@ -1141,7 +1140,7 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
cb := func() error {
tw := tar.NewWriter(bulkWriter)
defer tw.Close()
hardlinkChecker := new(util.HardlinkChecker)
hardlinkChecker := new(hardlinkChecker)
itemsCopied := 0
for i, item := range queue {
// if we're not discarding the names of individual directories, keep track of this one
@ -1353,7 +1352,7 @@ func handleRename(rename map[string]string, name string) string {
return name
}
func copierHandlerGetOne(srcfi os.FileInfo, symlinkTarget, name, contentPath string, options GetOptions, tw *tar.Writer, hardlinkChecker *util.HardlinkChecker, idMappings *idtools.IDMappings) error {
func copierHandlerGetOne(srcfi os.FileInfo, symlinkTarget, name, contentPath string, options GetOptions, tw *tar.Writer, hardlinkChecker *hardlinkChecker, idMappings *idtools.IDMappings) error {
// build the header using the name provided
hdr, err := tar.FileInfoHeader(srcfi, symlinkTarget)
if err != nil {

3
vendor/github.com/containers/buildah/util/util_not_uint64.go → vendor/github.com/containers/buildah/copier/hardlink_not_uint64.go generated vendored
View File

@ -1,6 +1,7 @@
//go:build darwin || (linux && mips) || (linux && mipsle) || (linux && mips64) || (linux && mips64le)
// +build darwin linux,mips linux,mipsle linux,mips64 linux,mips64le
package util
package copier
import (
"syscall"

2
vendor/github.com/containers/buildah/util/util_uint64.go → vendor/github.com/containers/buildah/copier/hardlink_uint64.go generated vendored
View File

@ -1,7 +1,7 @@
//go:build (linux && !mips && !mipsle && !mips64 && !mips64le) || freebsd
// +build linux,!mips,!mipsle,!mips64,!mips64le freebsd
package util
package copier
import (
"syscall"

Some files were not shown because too many files have changed in this diff Show More