From 76870ee06fd3e8ae4cf9f82bb46f8866afd84870 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Fri, 11 Feb 2022 22:17:22 -0800 Subject: [PATCH] vendor: update docker and fsutil Brings in fixes for the pattern matcher. Signed-off-by: Tonis Tiigi --- go.mod | 4 +- go.sum | 8 +- .../github.com/docker/docker/api/swagger.yaml | 10 ++- .../docker/docker/pkg/fileutils/fileutils.go | 64 +++++++++++++-- .../system/{mknod_linux.go => mknod_unix.go} | 3 + .../docker/profiles/seccomp/default.json | 3 +- .../docker/profiles/seccomp/default_linux.go | 1 + vendor/github.com/tonistiigi/fsutil/walker.go | 81 +++++++++++++++++-- vendor/modules.txt | 6 +- 9 files changed, 156 insertions(+), 24 deletions(-) rename vendor/github.com/docker/docker/pkg/system/{mknod_linux.go => mknod_unix.go} (84%) diff --git a/go.mod b/go.mod index e521641a0aaf..a6af97bdd5c4 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( github.com/serialx/hashring v0.0.0-20190422032157-8b2912629002 github.com/sirupsen/logrus v1.8.1 github.com/stretchr/testify v1.7.0 - github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0 + github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274 github.com/tonistiigi/go-actions-cache v0.0.0-20211202175116-9642704158ff github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f @@ -124,4 +124,4 @@ require ( gotest.tools/v3 v3.0.3 // indirect ) -replace github.com/docker/docker => github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible +replace github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible diff --git a/go.sum b/go.sum index 0e8f53a1c92a..f3b40feb9622 100644 --- a/go.sum +++ b/go.sum @@ -440,8 +440,8 @@ github.com/docker/distribution v2.6.0-rc.1.0.20180327202408-83389a148052+incompa github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible h1:gUm2bOLaaAPkV1z4te7ahrXTWyA+PNNWroISSOttSgU= -github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible h1:IDzw9qR4h7PF3aEriDajLKrkvc3owPWHasPKUEliWUE= +github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= @@ -1230,8 +1230,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1 github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= github.com/tommy-muehle/go-mnd v1.3.1-0.20200224220436-e6f9a994e8fa/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= github.com/tonistiigi/fsutil v0.0.0-20201103201449-0834f99b7b85/go.mod h1:a7cilN64dG941IOXfhJhlH0qB92hxJ9A1ewrdUmJ6xo= -github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0 h1:1s9pEdOzN6AuOsBXKpAoSVupUDsGx2v6Fee/hIto8Vg= -github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0/go.mod h1:oPAfvw32vlUJSjyDcQ3Bu0nb2ON2B+G0dtVN/SZNJiA= +github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274 h1:wbyZxD6IPFp0sl5uscMOJRsz5UKGFiNiD16e+MVfKZY= +github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274/go.mod h1:oPAfvw32vlUJSjyDcQ3Bu0nb2ON2B+G0dtVN/SZNJiA= github.com/tonistiigi/go-actions-cache v0.0.0-20211202175116-9642704158ff h1:n8i1G5sBFmY8aDteg5Kf2rdU15KnFcS807QrYRM9/yQ= github.com/tonistiigi/go-actions-cache v0.0.0-20211202175116-9642704158ff/go.mod h1:qqvyZqkfwkoJuPU/bw61bItaoO0SJ8YSW0vSVRRvsRg= github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea h1:SXhTLE6pb6eld/v/cCndK0AMpt1wiVFb/YYmqB3/QG0= diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml index b8b3ea094655..594c126464d7 100644 --- a/vendor/github.com/docker/docker/api/swagger.yaml +++ b/vendor/github.com/docker/docker/api/swagger.yaml @@ -8782,12 +8782,20 @@ paths: if `tty` was specified as part of creating and starting the exec instance. operationId: "ExecResize" responses: - 201: + 200: description: "No error" + 400: + description: "bad parameter" + schema: + $ref: "#/definitions/ErrorResponse" 404: description: "No such exec instance" schema: $ref: "#/definitions/ErrorResponse" + 500: + description: "Server error" + schema: + $ref: "#/definitions/ErrorResponse" parameters: - name: "id" in: "path" diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go index 77152a6678ed..d6307953595f 100644 --- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go +++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils.go @@ -285,12 +285,23 @@ func (pm *PatternMatcher) Patterns() []*Pattern { // Pattern defines a single regexp used to filter file paths. type Pattern struct { + matchType matchType cleanedPattern string dirs []string regexp *regexp.Regexp exclusion bool } +type matchType int + +const ( + unknownMatch matchType = iota + exactMatch + prefixMatch + suffixMatch + regexpMatch +) + func (p *Pattern) String() string { return p.cleanedPattern } @@ -301,18 +312,34 @@ func (p *Pattern) Exclusion() bool { } func (p *Pattern) match(path string) (bool, error) { - if p.regexp == nil { - if err := p.compile(); err != nil { + if p.matchType == unknownMatch { + if err := p.compile(string(os.PathSeparator)); err != nil { return false, filepath.ErrBadPattern } } - b := p.regexp.MatchString(path) + switch p.matchType { + case exactMatch: + return path == p.cleanedPattern, nil + case prefixMatch: + // strip trailing ** + return strings.HasPrefix(path, p.cleanedPattern[:len(p.cleanedPattern)-2]), nil + case suffixMatch: + // strip leading ** + suffix := p.cleanedPattern[2:] + if strings.HasSuffix(path, suffix) { + return true, nil + } + // **/foo matches "foo" + return suffix[0] == os.PathSeparator && path == suffix[1:], nil + case regexpMatch: + return p.regexp.MatchString(path), nil + } - return b, nil + return false, nil } -func (p *Pattern) compile() error { +func (p *Pattern) compile(sl string) error { regStr := "^" pattern := p.cleanedPattern // Go through the pattern and convert it to a regexp. @@ -320,13 +347,13 @@ func (p *Pattern) compile() error { var scan scanner.Scanner scan.Init(strings.NewReader(pattern)) - sl := string(os.PathSeparator) escSL := sl if sl == `\` { escSL += `\` } - for scan.Peek() != scanner.EOF { + p.matchType = exactMatch + for i := 0; scan.Peek() != scanner.EOF; i++ { ch := scan.Next() if ch == '*' { @@ -341,20 +368,32 @@ func (p *Pattern) compile() error { if scan.Peek() == scanner.EOF { // is "**EOF" - to align with .gitignore just accept all - regStr += ".*" + if p.matchType == exactMatch { + p.matchType = prefixMatch + } else { + regStr += ".*" + p.matchType = regexpMatch + } } else { // is "**" // Note that this allows for any # of /'s (even 0) because // the .* will eat everything, even /'s regStr += "(.*" + escSL + ")?" + p.matchType = regexpMatch + } + + if i == 0 { + p.matchType = suffixMatch } } else { // is "*" so map it to anything but "/" regStr += "[^" + escSL + "]*" + p.matchType = regexpMatch } } else if ch == '?' { // "?" is any char except "/" regStr += "[^" + escSL + "]" + p.matchType = regexpMatch } else if shouldEscape(ch) { // Escape some regexp special chars that have no meaning // in golang's filepath.Match @@ -371,14 +410,22 @@ func (p *Pattern) compile() error { } if scan.Peek() != scanner.EOF { regStr += `\` + string(scan.Next()) + p.matchType = regexpMatch } else { regStr += `\` } + } else if ch == '[' || ch == ']' { + regStr += string(ch) + p.matchType = regexpMatch } else { regStr += string(ch) } } + if p.matchType != regexpMatch { + return nil + } + regStr += "$" re, err := regexp.Compile(regStr) @@ -387,6 +434,7 @@ func (p *Pattern) compile() error { } p.regexp = re + p.matchType = regexpMatch return nil } diff --git a/vendor/github.com/docker/docker/pkg/system/mknod_linux.go b/vendor/github.com/docker/docker/pkg/system/mknod_unix.go similarity index 84% rename from vendor/github.com/docker/docker/pkg/system/mknod_linux.go rename to vendor/github.com/docker/docker/pkg/system/mknod_unix.go index 5c65f8a49c31..4586aad19e68 100644 --- a/vendor/github.com/docker/docker/pkg/system/mknod_linux.go +++ b/vendor/github.com/docker/docker/pkg/system/mknod_unix.go @@ -1,3 +1,6 @@ +//go:build !freebsd && !windows +// +build !freebsd,!windows + package system // import "github.com/docker/docker/pkg/system" import ( diff --git a/vendor/github.com/docker/docker/profiles/seccomp/default.json b/vendor/github.com/docker/docker/profiles/seccomp/default.json index fbf3ac839648..80213ddaca1a 100644 --- a/vendor/github.com/docker/docker/profiles/seccomp/default.json +++ b/vendor/github.com/docker/docker/profiles/seccomp/default.json @@ -474,7 +474,8 @@ }, { "names": [ - "sync_file_range2" + "sync_file_range2", + "swapcontext" ], "action": "SCMP_ACT_ALLOW", "includes": { diff --git a/vendor/github.com/docker/docker/profiles/seccomp/default_linux.go b/vendor/github.com/docker/docker/profiles/seccomp/default_linux.go index f7d93d2cc4f7..e51f1018aabe 100644 --- a/vendor/github.com/docker/docker/profiles/seccomp/default_linux.go +++ b/vendor/github.com/docker/docker/profiles/seccomp/default_linux.go @@ -474,6 +474,7 @@ func DefaultProfile() *Seccomp { LinuxSyscall: specs.LinuxSyscall{ Names: []string{ "sync_file_range2", + "swapcontext", }, Action: specs.ActAllow, }, diff --git a/vendor/github.com/tonistiigi/fsutil/walker.go b/vendor/github.com/tonistiigi/fsutil/walker.go index b41d1bd5fc09..d0b5114b4038 100644 --- a/vendor/github.com/tonistiigi/fsutil/walker.go +++ b/vendor/github.com/tonistiigi/fsutil/walker.go @@ -55,18 +55,41 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err includePatterns = dedupePaths(includePatterns) } } + + patternChars := "*[]?^" + if os.PathSeparator != '\\' { + patternChars += `\` + } + + onlyPrefixIncludes := true if len(includePatterns) != 0 { includeMatcher, err = fileutils.NewPatternMatcher(includePatterns) if err != nil { return errors.Wrapf(err, "invalid includepatterns: %s", opt.IncludePatterns) } + + for _, p := range includeMatcher.Patterns() { + if !p.Exclusion() && strings.ContainsAny(patternWithoutTrailingGlob(p), patternChars) { + onlyPrefixIncludes = false + break + } + } + } + onlyPrefixExcludeExceptions := true if opt != nil && opt.ExcludePatterns != nil { excludeMatcher, err = fileutils.NewPatternMatcher(opt.ExcludePatterns) if err != nil { return errors.Wrapf(err, "invalid excludepatterns: %s", opt.ExcludePatterns) } + + for _, p := range excludeMatcher.Patterns() { + if p.Exclusion() && strings.ContainsAny(patternWithoutTrailingGlob(p), patternChars) { + onlyPrefixExcludeExceptions = false + break + } + } } type visitedDir struct { @@ -83,15 +106,12 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err var parentDirs []visitedDir seenFiles := make(map[uint64]string) - return filepath.Walk(root, func(path string, fi os.FileInfo, err error) (retErr error) { + return filepath.Walk(root, func(path string, fi os.FileInfo, walkErr error) (retErr error) { defer func() { if retErr != nil && isNotExist(retErr) { retErr = filepath.SkipDir } }() - if err != nil { - return err - } origpath := path path, err = filepath.Rel(root, path) @@ -141,6 +161,22 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err } if !m { + if fi.IsDir() && onlyPrefixIncludes { + // Optimization: we can skip walking this dir if no include + // patterns could match anything inside it. + dirSlash := path + string(filepath.Separator) + for _, pat := range includeMatcher.Patterns() { + if pat.Exclusion() { + continue + } + patStr := patternWithoutTrailingGlob(pat) + string(filepath.Separator) + if strings.HasPrefix(patStr, dirSlash) { + goto passedIncludeFilter + } + } + return filepath.SkipDir + } + passedIncludeFilter: skip = true } } @@ -160,13 +196,38 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err } if m { - if fi.IsDir() && !excludeMatcher.Exclusions() { + if fi.IsDir() && onlyPrefixExcludeExceptions { + // Optimization: we can skip walking this dir if no + // exceptions to exclude patterns could match anything + // inside it. + if !excludeMatcher.Exclusions() { + return filepath.SkipDir + } + + dirSlash := path + string(filepath.Separator) + for _, pat := range excludeMatcher.Patterns() { + if !pat.Exclusion() { + continue + } + patStr := patternWithoutTrailingGlob(pat) + string(filepath.Separator) + if strings.HasPrefix(patStr, dirSlash) { + goto passedExcludeFilter + } + } return filepath.SkipDir } + passedExcludeFilter: skip = true } } + if walkErr != nil { + if skip && errors.Is(walkErr, os.ErrPermission) { + return nil + } + return walkErr + } + if includeMatcher != nil || excludeMatcher != nil { defer func() { if fi.IsDir() { @@ -228,6 +289,16 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err }) } +func patternWithoutTrailingGlob(p *fileutils.Pattern) string { + patStr := p.String() + // We use filepath.Separator here because fileutils.Pattern patterns + // get transformed to use the native path separator: + // https://github.com/moby/moby/blob/79651b7a979b40e26af353ad283ca7ea5d67a855/pkg/fileutils/fileutils.go#L54 + patStr = strings.TrimSuffix(patStr, string(filepath.Separator)+"**") + patStr = strings.TrimSuffix(patStr, string(filepath.Separator)+"*") + return patStr +} + type StatInfo struct { *types.Stat } diff --git a/vendor/modules.txt b/vendor/modules.txt index f970c95078af..78a91e11bd62 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -219,7 +219,7 @@ github.com/docker/cli/cli/connhelper/commandconn github.com/docker/distribution/digestset github.com/docker/distribution/reference github.com/docker/distribution/registry/api/errcode -# github.com/docker/docker v20.10.7+incompatible => github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible +# github.com/docker/docker v20.10.7+incompatible => github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types @@ -466,7 +466,7 @@ github.com/sirupsen/logrus ## explicit; go 1.13 github.com/stretchr/testify/assert github.com/stretchr/testify/require -# github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0 +# github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274 ## explicit; go 1.13 github.com/tonistiigi/fsutil github.com/tonistiigi/fsutil/copy @@ -716,4 +716,4 @@ gotest.tools/v3/internal/difflib gotest.tools/v3/internal/format gotest.tools/v3/internal/source gotest.tools/v3/poll -# github.com/docker/docker => github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible +# github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible