From a2a647ff4253775315cd7822d34b2e0062fc3cbb Mon Sep 17 00:00:00 2001 From: Utz Bacher Date: Tue, 9 May 2017 23:56:08 +0200 Subject: [PATCH 01/37] adding rpm builds for ppc64le and s390x Signed-off-by: Christy Perez Signed-off-by: Christopher Jones Signed-off-by: Dominik Dingel Signed-off-by: Thorsten Winkler Signed-off-by: Utz Bacher Upstream-commit: 539e976aa9d5c6ffd25904ed961210628ff31c60 Component: engine --- .../builder/rpm/ppc64le/centos-7/Dockerfile | 19 +++ .../contrib/builder/rpm/ppc64le/generate.sh | 58 +++++-- .../rpm/ppc64le/opensuse-42.1/Dockerfile | 20 +++ .../engine/contrib/builder/rpm/s390x/build.sh | 10 ++ .../rpm/s390x/clefos-base-s390x-7/Dockerfile | 19 +++ .../contrib/builder/rpm/s390x/generate.sh | 145 ++++++++++++++++++ .../s390x/opensuse-tumbleweed-1/Dockerfile | 20 +++ 7 files changed, 281 insertions(+), 10 deletions(-) create mode 100644 components/engine/contrib/builder/rpm/ppc64le/centos-7/Dockerfile create mode 100644 components/engine/contrib/builder/rpm/ppc64le/opensuse-42.1/Dockerfile create mode 100755 components/engine/contrib/builder/rpm/s390x/build.sh create mode 100644 components/engine/contrib/builder/rpm/s390x/clefos-base-s390x-7/Dockerfile create mode 100755 components/engine/contrib/builder/rpm/s390x/generate.sh create mode 100644 components/engine/contrib/builder/rpm/s390x/opensuse-tumbleweed-1/Dockerfile diff --git a/components/engine/contrib/builder/rpm/ppc64le/centos-7/Dockerfile b/components/engine/contrib/builder/rpm/ppc64le/centos-7/Dockerfile new file mode 100644 index 0000000000..5885137206 --- /dev/null +++ b/components/engine/contrib/builder/rpm/ppc64le/centos-7/Dockerfile @@ -0,0 +1,19 @@ +# +# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/ppc64le/generate.sh"! +# + +FROM ppc64le/centos:7 + +RUN yum groupinstall -y "Development Tools" +RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs +RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common + +ENV GO_VERSION 1.8.1 +RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local +ENV PATH $PATH:/usr/local/go/bin + +ENV AUTO_GOPATH 1 + +ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux +ENV RUNC_BUILDTAGS seccomp selinux + diff --git a/components/engine/contrib/builder/rpm/ppc64le/generate.sh b/components/engine/contrib/builder/rpm/ppc64le/generate.sh index b9f657c12d..cb0c81b964 100755 --- a/components/engine/contrib/builder/rpm/ppc64le/generate.sh +++ b/components/engine/contrib/builder/rpm/ppc64le/generate.sh @@ -4,8 +4,8 @@ set -e # usage: ./generate.sh [versions] # ie: ./generate.sh # to update all Dockerfiles in this directory -# or: ./generate.sh -# to only update fedora-23/Dockerfile +# or: ./generate.sh centos-7 +# to only update centos-7/Dockerfile # or: ./generate.sh fedora-newversion # to create a new folder and a Dockerfile within it @@ -20,8 +20,9 @@ versions=( "${versions[@]%/}" ) for version in "${versions[@]}"; do distro="${version%-*}" suite="${version##*-}" - from="${distro}:${suite}" + from="ppc64le/${distro}:${suite}" installer=yum + if [[ "$distro" == "fedora" ]]; then installer=dnf fi @@ -33,7 +34,7 @@ for version in "${versions[@]}"; do # THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/ppc64le/generate.sh"! # - FROM ppc64le/$from + FROM $from EOF echo >> "$version/Dockerfile" @@ -42,14 +43,33 @@ for version in "${versions[@]}"; do runcBuildTags= case "$from" in - # add centos and opensuse tools install bits later - fedora:*) + ppc64le/fedora:*) echo "RUN ${installer} -y upgrade" >> "$version/Dockerfile" + ;; + *) ;; + esac + + case "$from" in + ppc64le/centos:*) + # get "Development Tools" packages dependencies + echo 'RUN yum groupinstall -y "Development Tools"' >> "$version/Dockerfile" + + if [[ "$version" == "centos-7" ]]; then + echo 'RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs' >> "$version/Dockerfile" + fi + ;; + ppc64le/opensuse:*) + # Add the ppc64le repo (hopefully the image is updated soon) + # get rpm-build and curl packages and dependencies + echo "RUN zypper addrepo -n ppc64le-oss -f https://download.opensuse.org/ports/ppc/distribution/leap/${suite}/repo/oss/ ppc64le-oss" >> "$version/Dockerfile" + echo "RUN zypper addrepo -n ppc64le-updates -f https://download.opensuse.org/ports/update/${suite}/ ppc64le-updates" >> "$version/Dockerfile" + echo 'RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build' >> "$version/Dockerfile" + ;; + *) echo "RUN ${installer} install -y @development-tools fedora-packager" >> "$version/Dockerfile" ;; esac - # this list is sorted alphabetically; please keep it that way packages=( btrfs-progs-devel # for "btrfs/ioctl.h" (and "version.h" if possible) device-mapper-devel # for "libdevmapper.h" @@ -60,15 +80,20 @@ for version in "${versions[@]}"; do pkgconfig # for the pkg-config command selinux-policy selinux-policy-devel + sqlite-devel # for "sqlite3.h" systemd-devel # for "sd-journal.h" and libraries tar # older versions of dev-tools do not have tar git # required for containerd and runc clone cmake # tini build + vim-common # tini build ) # opensuse does not have the right libseccomp libs case "$from" in - # add opensuse libseccomp package substitution when adding build support + ppc64le/opensuse:*) + packages=( "${packages[@]/libseccomp-devel}" ) + runcBuildTags="selinux" + ;; *) extraBuildTags+=' seccomp' runcBuildTags="seccomp selinux" @@ -76,7 +101,17 @@ for version in "${versions[@]}"; do esac case "$from" in - # add opensuse btrfs package substitution when adding build support + ppc64le/opensuse:*) + packages=( "${packages[@]/btrfs-progs-devel/libbtrfs-devel}" ) + packages=( "${packages[@]/pkgconfig/pkg-config}" ) + packages=( "${packages[@]/vim-common/vim}" ) + if [[ "$from" == "ppc64le/opensuse:13."* ]]; then + packages+=( systemd-rpm-macros ) + fi + + # use zypper + echo "RUN zypper --non-interactive install ${packages[*]}" >> "$version/Dockerfile" + ;; *) echo "RUN ${installer} install -y ${packages[*]}" >> "$version/Dockerfile" ;; @@ -84,12 +119,15 @@ for version in "${versions[@]}"; do echo >> "$version/Dockerfile" + awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile.ppc64le >> "$version/Dockerfile" echo 'RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile" echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile" - echo >> "$version/Dockerfile" + + echo >> "$version/Dockerfile" echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile" + echo >> "$version/Dockerfile" # print build tags in alphabetical order diff --git a/components/engine/contrib/builder/rpm/ppc64le/opensuse-42.1/Dockerfile b/components/engine/contrib/builder/rpm/ppc64le/opensuse-42.1/Dockerfile new file mode 100644 index 0000000000..1bfcef84f9 --- /dev/null +++ b/components/engine/contrib/builder/rpm/ppc64le/opensuse-42.1/Dockerfile @@ -0,0 +1,20 @@ +# +# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/ppc64le/generate.sh"! +# + +FROM ppc64le/opensuse:42.1 + +RUN zypper addrepo -n ppc64le-oss -f https://download.opensuse.org/ports/ppc/distribution/leap/42.1/repo/oss/ ppc64le-oss +RUN zypper addrepo -n ppc64le-updates -f https://download.opensuse.org/ports/update/42.1/ ppc64le-updates +RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build +RUN zypper --non-interactive install libbtrfs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim + +ENV GO_VERSION 1.8.1 +RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local +ENV PATH $PATH:/usr/local/go/bin + +ENV AUTO_GOPATH 1 + +ENV DOCKER_BUILDTAGS pkcs11 selinux +ENV RUNC_BUILDTAGS selinux + diff --git a/components/engine/contrib/builder/rpm/s390x/build.sh b/components/engine/contrib/builder/rpm/s390x/build.sh new file mode 100755 index 0000000000..1e3565a34a --- /dev/null +++ b/components/engine/contrib/builder/rpm/s390x/build.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -e + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +set -x +./generate.sh +for d in */; do + docker build -t "dockercore/builder-rpm:$(basename "$d")" "$d" +done diff --git a/components/engine/contrib/builder/rpm/s390x/clefos-base-s390x-7/Dockerfile b/components/engine/contrib/builder/rpm/s390x/clefos-base-s390x-7/Dockerfile new file mode 100644 index 0000000000..78a232c4e7 --- /dev/null +++ b/components/engine/contrib/builder/rpm/s390x/clefos-base-s390x-7/Dockerfile @@ -0,0 +1,19 @@ +# +# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/s390x/generate.sh"! +# + +FROM sinenomine/clefos-base-s390x + + +RUN touch /var/lib/rpm/* && yum groupinstall -y "Development Tools" +RUN touch /var/lib/rpm/* && yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common + +ENV GO_VERSION 1.8.1 +RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local +ENV PATH $PATH:/usr/local/go/bin + +ENV AUTO_GOPATH 1 + +ENV DOCKER_BUILDTAGS pkcs11 seccomp selinux +ENV RUNC_BUILDTAGS seccomp selinux +RUN ln -s /usr/bin/gcc /usr/bin/s390x-linux-gnu-gcc diff --git a/components/engine/contrib/builder/rpm/s390x/generate.sh b/components/engine/contrib/builder/rpm/s390x/generate.sh new file mode 100755 index 0000000000..7e9a9cf6a3 --- /dev/null +++ b/components/engine/contrib/builder/rpm/s390x/generate.sh @@ -0,0 +1,145 @@ +#!/usr/bin/env bash +set -e + +# This file is used to auto-generate Dockerfiles for making rpms via 'make rpm' +# +# usage: ./generate.sh [versions] +# ie: ./generate.sh +# to update all Dockerfiles in this directory +# or: ./generate.sh centos-7 +# to only update centos-7/Dockerfile +# or: ./generate.sh fedora-newversion +# to create a new folder and a Dockerfile within it + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +versions=( "$@" ) +if [ ${#versions[@]} -eq 0 ]; then + versions=( */ ) +fi +versions=( "${versions[@]%/}" ) + +for version in "${versions[@]}"; do + echo "${versions[@]}" + distro="${version%-*}" + suite="${version##*-}" + case "$distro" in + *opensuse*) + from="opensuse/s390x:tumbleweed" + ;; + *clefos*) + from="sinenomine/${distro}" + ;; + *) + echo No appropriate or supported image available. + exit 1 + ;; + esac + installer=yum + + mkdir -p "$version" + echo "$version -> FROM $from" + cat > "$version/Dockerfile" <<-EOF + # + # THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/s390x/generate.sh"! + # + + FROM $from + + EOF + + echo >> "$version/Dockerfile" + + extraBuildTags='pkcs11' + runcBuildTags= + + case "$from" in + *clefos*) + # Fix for RHBZ #1213602 + get "Development Tools" packages dependencies + echo 'RUN touch /var/lib/rpm/* && yum groupinstall -y "Development Tools"' >> "$version/Dockerfile" + ;; + *opensuse*) + echo "RUN zypper ar https://download.opensuse.org/ports/zsystems/tumbleweed/repo/oss/ tumbleweed" >> "$version/Dockerfile" + # get rpm-build and curl packages and dependencies + echo 'RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build' >> "$version/Dockerfile" + ;; + *) + echo No appropriate or supported image available. + exit 1 + ;; + esac + + packages=( + btrfs-progs-devel # for "btrfs/ioctl.h" (and "version.h" if possible) + device-mapper-devel # for "libdevmapper.h" + glibc-static + libseccomp-devel # for "seccomp.h" & "libseccomp.so" + libselinux-devel # for "libselinux.so" + libtool-ltdl-devel # for pkcs11 "ltdl.h" + pkgconfig # for the pkg-config command + selinux-policy + selinux-policy-devel + sqlite-devel # for "sqlite3.h" + systemd-devel # for "sd-journal.h" and libraries + tar # older versions of dev-tools do not have tar + git # required for containerd and runc clone + cmake # tini build + vim-common # tini build + ) + + case "$from" in + *clefos*) + extraBuildTags+=' seccomp' + runcBuildTags="seccomp selinux" + ;; + *opensuse*) + packages=( "${packages[@]/libseccomp-devel}" ) + runcBuildTags="selinux" + ;; + *) + echo No appropriate or supported image available. + exit 1 + ;; + esac + + case "$from" in + *clefos*) + # Same RHBZ fix needed on all yum lines + echo "RUN touch /var/lib/rpm/* && ${installer} install -y ${packages[*]}" >> "$version/Dockerfile" + ;; + *opensuse*) + packages=( "${packages[@]/btrfs-progs-devel/libbtrfs-devel}" ) + packages=( "${packages[@]/pkgconfig/pkg-config}" ) + packages=( "${packages[@]/vim-common/vim}" ) + + packages+=( systemd-rpm-macros ) # for use of >= opensuse:13.* + + # use zypper + echo "RUN zypper --non-interactive install ${packages[*]}" >> "$version/Dockerfile" + ;; + *) + echo No appropriate or supported image available. + exit 1 + ;; + esac + + echo >> "$version/Dockerfile" + + awk '$1 == "ENV" && $2 == "GO_VERSION" { print; exit }' ../../../../Dockerfile.s390x >> "$version/Dockerfile" + echo 'RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local' >> "$version/Dockerfile" + echo 'ENV PATH $PATH:/usr/local/go/bin' >> "$version/Dockerfile" + + echo >> "$version/Dockerfile" + + echo 'ENV AUTO_GOPATH 1' >> "$version/Dockerfile" + + echo >> "$version/Dockerfile" + + # print build tags in alphabetical order + buildTags=$( echo "selinux $extraBuildTags" | xargs -n1 | sort -n | tr '\n' ' ' | sed -e 's/[[:space:]]*$//' ) + + echo "ENV DOCKER_BUILDTAGS $buildTags" >> "$version/Dockerfile" + echo "ENV RUNC_BUILDTAGS $runcBuildTags" >> "$version/Dockerfile" + # TODO: Investigate why "s390x-linux-gnu-gcc" is required + echo "RUN ln -s /usr/bin/gcc /usr/bin/s390x-linux-gnu-gcc" >> "$version/Dockerfile" +done diff --git a/components/engine/contrib/builder/rpm/s390x/opensuse-tumbleweed-1/Dockerfile b/components/engine/contrib/builder/rpm/s390x/opensuse-tumbleweed-1/Dockerfile new file mode 100644 index 0000000000..de55b1f987 --- /dev/null +++ b/components/engine/contrib/builder/rpm/s390x/opensuse-tumbleweed-1/Dockerfile @@ -0,0 +1,20 @@ +# +# THIS FILE IS AUTOGENERATED; SEE "contrib/builder/rpm/s390x/generate.sh"! +# + +FROM opensuse/s390x:tumbleweed + + +RUN zypper ar https://download.opensuse.org/ports/zsystems/tumbleweed/repo/oss/ tumbleweed +RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build +RUN zypper --non-interactive install libbtrfs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim systemd-rpm-macros + +ENV GO_VERSION 1.8.1 +RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local +ENV PATH $PATH:/usr/local/go/bin + +ENV AUTO_GOPATH 1 + +ENV DOCKER_BUILDTAGS pkcs11 selinux +ENV RUNC_BUILDTAGS selinux +RUN ln -s /usr/bin/gcc /usr/bin/s390x-linux-gnu-gcc From b1680367c9a7a4bf3b65f21e31503c88ff24ad53 Mon Sep 17 00:00:00 2001 From: Sandeep Bansal Date: Thu, 18 May 2017 19:41:06 -0700 Subject: [PATCH 02/37] Adding support for DNS search on RS1 Signed-off-by: Sandeep Bansal Upstream-commit: b8e8dcd6e031d005a2d46d95f84da35b436cd870 Component: engine --- components/engine/daemon/start_windows.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/components/engine/daemon/start_windows.go b/components/engine/daemon/start_windows.go index 0f9739091a..348576981f 100644 --- a/components/engine/daemon/start_windows.go +++ b/components/engine/daemon/start_windows.go @@ -9,7 +9,6 @@ import ( "github.com/docker/docker/container" "github.com/docker/docker/layer" "github.com/docker/docker/libcontainerd" - "github.com/docker/docker/pkg/system" "golang.org/x/sys/windows/registry" ) @@ -32,12 +31,6 @@ func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Contain } dnsSearch := daemon.getDNSSearchSettings(container) - if dnsSearch != nil { - osv := system.GetOSVersion() - if osv.Build < 14997 { - return nil, fmt.Errorf("dns-search option is not supported on the current platform") - } - } // Generate the layer folder of the layer options layerOpts := &libcontainerd.LayerOption{} From 93bcab0aa88048b3094906b995cbd34521a8913e Mon Sep 17 00:00:00 2001 From: Nishant Totla Date: Thu, 18 May 2017 15:00:25 -0700 Subject: [PATCH 03/37] Ensure service images get default tag and print familiar strings Signed-off-by: Nishant Totla Upstream-commit: 5efcec77170dd6c4087d4f1fb3695c32d94edfb4 Component: engine --- components/engine/client/service_create.go | 31 ++++++++++++++++------ components/engine/client/service_update.go | 8 ++++-- 2 files changed, 29 insertions(+), 10 deletions(-) diff --git a/components/engine/client/service_create.go b/components/engine/client/service_create.go index e78f35fb8f..71a7583e86 100644 --- a/components/engine/client/service_create.go +++ b/components/engine/client/service_create.go @@ -24,14 +24,18 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, headers["X-Registry-Auth"] = []string{options.EncodedRegistryAuth} } + // ensure that the image is tagged + if taggedImg := imageWithTagString(service.TaskTemplate.ContainerSpec.Image); taggedImg != "" { + service.TaskTemplate.ContainerSpec.Image = taggedImg + } + // Contact the registry to retrieve digest and platform information if options.QueryRegistry { distributionInspect, err := cli.DistributionInspect(ctx, service.TaskTemplate.ContainerSpec.Image, options.EncodedRegistryAuth) distErr = err if err == nil { // now pin by digest if the image doesn't already contain a digest - img := imageWithDigestString(service.TaskTemplate.ContainerSpec.Image, distributionInspect.Descriptor.Digest) - if img != "" { + if img := imageWithDigestString(service.TaskTemplate.ContainerSpec.Image, distributionInspect.Descriptor.Digest); img != "" { service.TaskTemplate.ContainerSpec.Image = img } // add platforms that are compatible with the service @@ -55,22 +59,33 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, } // imageWithDigestString takes an image string and a digest, and updates -// the image string if it didn't originally contain a digest. It assumes -// that the image string is not an image ID +// the image string if it didn't originally contain a digest. It returns +// an empty string if there are no updates. func imageWithDigestString(image string, dgst digest.Digest) string { - ref, err := reference.ParseAnyReference(image) + namedRef, err := reference.ParseNormalizedNamed(image) if err == nil { - if _, isCanonical := ref.(reference.Canonical); !isCanonical { - namedRef, _ := ref.(reference.Named) + if _, isCanonical := namedRef.(reference.Canonical); !isCanonical { + // ensure that image gets a default tag if none is provided img, err := reference.WithDigest(namedRef, dgst) if err == nil { - return img.String() + return reference.FamiliarString(img) } } } return "" } +// imageWithTagString takes an image string, and returns a tagged image +// string, adding a 'latest' tag if one was not provided. It returns an +// emptry string if a canonical reference was provided +func imageWithTagString(image string) string { + namedRef, err := reference.ParseNormalizedNamed(image) + if err == nil { + return reference.FamiliarString(reference.TagNameOnly(namedRef)) + } + return "" +} + // updateServicePlatforms updates the Platforms in swarm.Placement to list // all compatible platforms for the service, as found in distributionInspect // and returns a pointer to the new or updated swarm.Placement struct diff --git a/components/engine/client/service_update.go b/components/engine/client/service_update.go index 0cb35a1991..412790b5dd 100644 --- a/components/engine/client/service_update.go +++ b/components/engine/client/service_update.go @@ -35,6 +35,11 @@ func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version query.Set("version", strconv.FormatUint(version.Index, 10)) + // ensure that the image is tagged + if taggedImg := imageWithTagString(service.TaskTemplate.ContainerSpec.Image); taggedImg != "" { + service.TaskTemplate.ContainerSpec.Image = taggedImg + } + // Contact the registry to retrieve digest and platform information // This happens only when the image has changed if options.QueryRegistry { @@ -42,8 +47,7 @@ func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version distErr = err if err == nil { // now pin by digest if the image doesn't already contain a digest - img := imageWithDigestString(service.TaskTemplate.ContainerSpec.Image, distributionInspect.Descriptor.Digest) - if img != "" { + if img := imageWithDigestString(service.TaskTemplate.ContainerSpec.Image, distributionInspect.Descriptor.Digest); img != "" { service.TaskTemplate.ContainerSpec.Image = img } // add platforms that are compatible with the service From 8d6081fcd1ebee6291f250876ce16350d9f0dd1e Mon Sep 17 00:00:00 2001 From: Nishant Totla Date: Thu, 18 May 2017 17:10:49 -0700 Subject: [PATCH 04/37] Adding unit tests for pin by digest (client) Signed-off-by: Nishant Totla Upstream-commit: 75c7536d2e2e328b644bf69153de879d1d197988 Component: engine --- .../engine/client/service_create_test.go | 90 +++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/components/engine/client/service_create_test.go b/components/engine/client/service_create_test.go index 2ece62b993..3c5ba5a5fc 100644 --- a/components/engine/client/service_create_test.go +++ b/components/engine/client/service_create_test.go @@ -13,6 +13,7 @@ import ( "github.com/docker/docker/api/types" registrytypes "github.com/docker/docker/api/types/registry" "github.com/docker/docker/api/types/swarm" + "github.com/opencontainers/go-digest" "github.com/opencontainers/image-spec/specs-go/v1" "golang.org/x/net/context" ) @@ -121,3 +122,92 @@ func TestServiceCreateCompatiblePlatforms(t *testing.T) { t.Fatalf("expected `service_amd64`, got %s", r.ID) } } + +func TestServiceCreateDigestPinning(t *testing.T) { + dgst := "sha256:c0537ff6a5218ef531ece93d4984efc99bbf3f7497c0a7726c88e2bb7584dc96" + dgstAlt := "sha256:37ffbf3f7497c07584dc9637ffbf3f7497c0758c0537ffbf3f7497c0c88e2bb7" + serviceCreateImage := "" + pinByDigestTests := []struct { + img string // input image provided by the user + expected string // expected image after digest pinning + }{ + // default registry returns familiar string + {"docker.io/library/alpine", "alpine:latest@" + dgst}, + // provided tag is preserved and digest added + {"alpine:edge", "alpine:edge@" + dgst}, + // image with provided alternative digest remains unchanged + {"alpine@" + dgstAlt, "alpine@" + dgstAlt}, + // image with provided tag and alternative digest remains unchanged + {"alpine:edge@" + dgstAlt, "alpine:edge@" + dgstAlt}, + // image on alternative registry does not result in familiar string + {"alternate.registry/library/alpine", "alternate.registry/library/alpine:latest@" + dgst}, + // unresolvable image does not get a digest + {"cannotresolve", "cannotresolve:latest"}, + } + + client := &Client{ + client: newMockClient(func(req *http.Request) (*http.Response, error) { + if strings.HasPrefix(req.URL.Path, "/services/create") { + // reset and set image received by the service create endpoint + serviceCreateImage = "" + var service swarm.ServiceSpec + if err := json.NewDecoder(req.Body).Decode(&service); err != nil { + return nil, fmt.Errorf("could not parse service create request") + } + serviceCreateImage = service.TaskTemplate.ContainerSpec.Image + + b, err := json.Marshal(types.ServiceCreateResponse{ + ID: "service_id", + }) + if err != nil { + return nil, err + } + return &http.Response{ + StatusCode: http.StatusOK, + Body: ioutil.NopCloser(bytes.NewReader(b)), + }, nil + } else if strings.HasPrefix(req.URL.Path, "/distribution/cannotresolve") { + // unresolvable image + return nil, fmt.Errorf("cannot resolve image") + } else if strings.HasPrefix(req.URL.Path, "/distribution/") { + // resolvable images + b, err := json.Marshal(registrytypes.DistributionInspect{ + Descriptor: v1.Descriptor{ + Digest: digest.Digest(dgst), + }, + }) + if err != nil { + return nil, err + } + return &http.Response{ + StatusCode: http.StatusOK, + Body: ioutil.NopCloser(bytes.NewReader(b)), + }, nil + } + return nil, fmt.Errorf("unexpected URL '%s'", req.URL.Path) + }), + } + + // run pin by digest tests + for _, p := range pinByDigestTests { + r, err := client.ServiceCreate(context.Background(), swarm.ServiceSpec{ + TaskTemplate: swarm.TaskSpec{ + ContainerSpec: swarm.ContainerSpec{ + Image: p.img, + }, + }, + }, types.ServiceCreateOptions{QueryRegistry: true}) + + if err != nil { + t.Fatal(err) + } + + if r.ID != "service_id" { + t.Fatalf("expected `service_id`, got %s", r.ID) + } + + if p.expected != serviceCreateImage { + t.Fatalf("expected image %s, got %s", p.expected, serviceCreateImage) + } + } +} From caad7b93319561fe1790c214d2cab245101ba32b Mon Sep 17 00:00:00 2001 From: Dong Chen Date: Fri, 19 May 2017 03:25:14 -0700 Subject: [PATCH 05/37] Event tests need to wait for events Signed-off-by: Dong Chen Upstream-commit: 59b2d0473af5155bb31adcc17bc36857ebd13a15 Component: engine --- .../integration-cli/docker_cli_swarm_test.go | 157 ++++++++---------- 1 file changed, 71 insertions(+), 86 deletions(-) diff --git a/components/engine/integration-cli/docker_cli_swarm_test.go b/components/engine/integration-cli/docker_cli_swarm_test.go index 9f0e2d115a..8a8c8d0fcd 100644 --- a/components/engine/integration-cli/docker_cli_swarm_test.go +++ b/components/engine/integration-cli/docker_cli_swarm_test.go @@ -2002,6 +2002,35 @@ func (s *DockerSwarmSuite) TestSwarmJoinLeave(c *check.C) { } } +const defaultRetryCount = 10 + +func waitForEvent(c *check.C, d *daemon.Swarm, since string, filter string, event string, retry int) string { + if retry < 1 { + c.Fatalf("retry count %d is invalid. It should be no less than 1", retry) + return "" + } + var out string + for i := 0; i < retry; i++ { + until := daemonUnixTime(c) + var err error + if len(filter) > 0 { + out, err = d.Cmd("events", "--since", since, "--until", until, filter) + } else { + out, err = d.Cmd("events", "--since", since, "--until", until) + } + c.Assert(err, checker.IsNil, check.Commentf(out)) + if strings.Contains(out, event) { + return strings.TrimSpace(out) + } + // no need to sleep after last retry + if i < retry-1 { + time.Sleep(200 * time.Millisecond) + } + } + c.Fatalf("docker events output '%s' doesn't contain event '%s'", out, event) + return "" +} + func (s *DockerSwarmSuite) TestSwarmClusterEventsSource(c *check.C) { d1 := s.AddDaemon(c, true, true) d2 := s.AddDaemon(c, true, true) @@ -2013,21 +2042,13 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsSource(c *check.C) { networkID := strings.TrimSpace(out) c.Assert(networkID, checker.Not(checker.Equals), "") - until := daemonUnixTime(c) - // d1 is a manager - out, err = d1.Cmd("events", "--since=0", "--until", until, "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(strings.TrimSpace(out), checker.Contains, "network create "+networkID) - - // d2 is a manager - out, err = d2.Cmd("events", "--since=0", "--until", until, "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(strings.TrimSpace(out), checker.Contains, "network create "+networkID) + // d1, d2 are managers that can get swarm events + waitForEvent(c, d1, "0", "-f scope=swarm", "network create "+networkID, defaultRetryCount) + waitForEvent(c, d2, "0", "-f scope=swarm", "network create "+networkID, defaultRetryCount) // d3 is a worker, not able to get cluster events - out, err = d3.Cmd("events", "--since=0", "--until", until, "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "network create ") + out = waitForEvent(c, d3, "0", "-f scope=swarm", "", 1) + c.Assert(out, checker.Not(checker.Contains), "network create ") } func (s *DockerSwarmSuite) TestSwarmClusterEventsScope(c *check.C) { @@ -2038,24 +2059,17 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsScope(c *check.C) { c.Assert(err, checker.IsNil, check.Commentf(out)) serviceID := strings.Split(out, "\n")[0] - until := daemonUnixTime(c) // scope swarm filters cluster events - out, err = d.Cmd("events", "--since=0", "--until", until, "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(strings.TrimSpace(out), checker.Contains, "service create "+serviceID) - c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "container create ") + out = waitForEvent(c, d, "0", "-f scope=swarm", "service create "+serviceID, defaultRetryCount) + c.Assert(out, checker.Not(checker.Contains), "container create ") - // without scope all events are returned - out, err = d.Cmd("events", "--since=0", "--until", until) - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(strings.TrimSpace(out), checker.Contains, "service create "+serviceID) - c.Assert(strings.TrimSpace(out), checker.Contains, "container create ") + // all events are returned if scope is not specified + waitForEvent(c, d, "0", "", "service create "+serviceID, 1) + waitForEvent(c, d, "0", "", "container create ", defaultRetryCount) - // scope local only show non-cluster events - out, err = d.Cmd("events", "--since=0", "--until", until, "-f scope=local") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(strings.TrimSpace(out), checker.Not(checker.Contains), "service create ") - c.Assert(strings.TrimSpace(out), checker.Contains, "container create ") + // scope local only shows non-cluster events + out = waitForEvent(c, d, "0", "-f scope=local", "container create ", 1) + c.Assert(out, checker.Not(checker.Contains), "service create ") } func (s *DockerSwarmSuite) TestSwarmClusterEventsType(c *check.C) { @@ -2072,17 +2086,12 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsType(c *check.C) { networkID := strings.TrimSpace(out) c.Assert(networkID, checker.Not(checker.Equals), "") - until := daemonUnixTime(c) // filter by service - out, err = d.Cmd("events", "--since=0", "--until", until, "-f type=service") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "service create "+serviceID) + out = waitForEvent(c, d, "0", "-f type=service", "service create "+serviceID, defaultRetryCount) c.Assert(out, checker.Not(checker.Contains), "network create") // filter by network - out, err = d.Cmd("events", "--since=0", "--until", until, "-f type=network") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "network create "+networkID) + out = waitForEvent(c, d, "0", "-f type=network", "network create "+networkID, defaultRetryCount) c.Assert(out, checker.Not(checker.Contains), "service create") } @@ -2094,40 +2103,36 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsService(c *check.C) { c.Assert(err, checker.IsNil, check.Commentf(out)) serviceID := strings.Split(out, "\n")[0] - t1 := daemonUnixTime(c) // validate service create event - out, err = d.Cmd("events", "--since=0", "--until", t1, "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "service create "+serviceID) + waitForEvent(c, d, "0", "-f scope=swarm", "service create "+serviceID, defaultRetryCount) + t1 := daemonUnixTime(c) out, err = d.Cmd("service", "update", "--force", "--detach=false", "test") c.Assert(err, checker.IsNil, check.Commentf(out)) - t2 := daemonUnixTime(c) - out, err = d.Cmd("events", "--since", t1, "--until", t2, "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "service update "+serviceID) + // wait for service update start + out = waitForEvent(c, d, t1, "-f scope=swarm", "service update "+serviceID, defaultRetryCount) c.Assert(out, checker.Contains, "updatestate.new=updating") + + // allow service update complete. This is a service with 1 instance + time.Sleep(400 * time.Millisecond) + out = waitForEvent(c, d, t1, "-f scope=swarm", "service update "+serviceID, defaultRetryCount) c.Assert(out, checker.Contains, "updatestate.new=completed, updatestate.old=updating") // scale service + t2 := daemonUnixTime(c) out, err = d.Cmd("service", "scale", "test=3") c.Assert(err, checker.IsNil, check.Commentf(out)) - t3 := daemonUnixTime(c) - out, err = d.Cmd("events", "--since", t2, "--until", t3, "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "service update "+serviceID) + out = waitForEvent(c, d, t2, "-f scope=swarm", "service update "+serviceID, defaultRetryCount) c.Assert(out, checker.Contains, "replicas.new=3, replicas.old=1") // remove service + t3 := daemonUnixTime(c) out, err = d.Cmd("service", "rm", "test") c.Assert(err, checker.IsNil, check.Commentf(out)) - t4 := daemonUnixTime(c) - out, err = d.Cmd("events", "--since", t3, "--until", t4, "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "service remove "+serviceID) + waitForEvent(c, d, t3, "-f scope=swarm", "service remove "+serviceID, defaultRetryCount) } func (s *DockerSwarmSuite) TestSwarmClusterEventsNode(c *check.C) { @@ -2136,38 +2141,28 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsNode(c *check.C) { d3 := s.AddDaemon(c, true, true) d3ID := d3.NodeID + waitForEvent(c, d1, "0", "-f scope=swarm", "node create "+d3ID, defaultRetryCount) + t1 := daemonUnixTime(c) - out, err := d1.Cmd("events", "--since=0", "--until", t1, "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "node create "+d3ID) - - out, err = d1.Cmd("node", "update", "--availability=pause", d3ID) + out, err := d1.Cmd("node", "update", "--availability=pause", d3ID) c.Assert(err, checker.IsNil, check.Commentf(out)) - t2 := daemonUnixTime(c) // filter by type - out, err = d1.Cmd("events", "--since", t1, "--until", t2, "-f type=node") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "node update "+d3ID) + out = waitForEvent(c, d1, t1, "-f type=node", "node update "+d3ID, defaultRetryCount) c.Assert(out, checker.Contains, "availability.new=pause, availability.old=active") + t2 := daemonUnixTime(c) out, err = d1.Cmd("node", "demote", d3ID) c.Assert(err, checker.IsNil, check.Commentf(out)) - t3 := daemonUnixTime(c) - // filter by type and scope - out, err = d1.Cmd("events", "--since", t2, "--until", t3, "-f type=node", "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "node update "+d3ID) + waitForEvent(c, d1, t2, "-f type=node", "node update "+d3ID, defaultRetryCount) + t3 := daemonUnixTime(c) out, err = d1.Cmd("node", "rm", "-f", d3ID) c.Assert(err, checker.IsNil, check.Commentf(out)) - t4 := daemonUnixTime(c) - // filter by type and scope - out, err = d1.Cmd("events", "--since", t3, "--until", t4, "-f type=node", "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "node remove "+d3ID) + // filter by scope + waitForEvent(c, d1, t3, "-f scope=swarm", "node remove "+d3ID, defaultRetryCount) } func (s *DockerSwarmSuite) TestSwarmClusterEventsNetwork(c *check.C) { @@ -2178,20 +2173,15 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsNetwork(c *check.C) { c.Assert(err, checker.IsNil, check.Commentf(out)) networkID := strings.TrimSpace(out) - t1 := daemonUnixTime(c) - out, err = d.Cmd("events", "--since=0", "--until", t1, "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "network create "+networkID) + waitForEvent(c, d, "0", "-f scope=swarm", "network create "+networkID, defaultRetryCount) // remove network + t1 := daemonUnixTime(c) out, err = d.Cmd("network", "rm", "foo") c.Assert(err, checker.IsNil, check.Commentf(out)) - t2 := daemonUnixTime(c) // filtered by network - out, err = d.Cmd("events", "--since", t1, "--until", t2, "-f type=network") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "network remove "+networkID) + waitForEvent(c, d, t1, "-f type=network", "network remove "+networkID, defaultRetryCount) } func (s *DockerSwarmSuite) TestSwarmClusterEventsSecret(c *check.C) { @@ -2206,15 +2196,10 @@ func (s *DockerSwarmSuite) TestSwarmClusterEventsSecret(c *check.C) { }) c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id)) - t1 := daemonUnixTime(c) - out, err := d.Cmd("events", "--since=0", "--until", t1, "-f scope=swarm") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "secret create "+id) + waitForEvent(c, d, "0", "-f scope=swarm", "secret create "+id, defaultRetryCount) + t1 := daemonUnixTime(c) d.DeleteSecret(c, id) - t2 := daemonUnixTime(c) // filtered by secret - out, err = d.Cmd("events", "--since", t1, "--until", t2, "-f type=secret") - c.Assert(err, checker.IsNil, check.Commentf(out)) - c.Assert(out, checker.Contains, "secret remove "+id) + waitForEvent(c, d, t1, "-f type=secret", "secret remove "+id, defaultRetryCount) } From 1f14cbbc58df73f66dd0be492ce04bcf83c76a1d Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Tue, 9 May 2017 18:25:18 -0700 Subject: [PATCH 06/37] Revendor runtime-spec Signed-off-by: Darren Stahl Upstream-commit: b90f294c1cf0dd2bc3f139cd8f339da79595a0bb Component: engine --- components/engine/vendor.conf | 2 +- .../opencontainers/runtime-spec/README.md | 15 +++++++-- .../runtime-spec/specs-go/config.go | 32 ++++++++++++------- .../runtime-spec/specs-go/version.go | 2 +- 4 files changed, 35 insertions(+), 16 deletions(-) diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index f0cedfc22b..f89028b707 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -62,8 +62,8 @@ github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f # When updating, also update RUNC_COMMIT in hack/dockerfile/binaries-commits accordingly github.com/opencontainers/runc 992a5be178a62e026f4069f443c6164912adbf09 -github.com/opencontainers/runtime-spec v1.0.0-rc5 # specs github.com/opencontainers/image-spec f03dbe35d449c54915d235f1a3cf8f585a24babe +github.com/opencontainers/runtime-spec d42f1eb741e6361e858d83fc75aa6893b66292c4 # specs github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 diff --git a/components/engine/vendor/github.com/opencontainers/runtime-spec/README.md b/components/engine/vendor/github.com/opencontainers/runtime-spec/README.md index 6da5f6deb6..1364f6fcb5 100644 --- a/components/engine/vendor/github.com/opencontainers/runtime-spec/README.md +++ b/components/engine/vendor/github.com/opencontainers/runtime-spec/README.md @@ -60,10 +60,16 @@ When in doubt, start on the [mailing-list](#mailing-list). ### Weekly Call -The contributors and maintainers of all OCI projects have a weekly meeting Wednesdays at 2:00 PM (USA Pacific). -Everyone is welcome to participate via [UberConference web][uberconference] or audio-only: 415-968-0849 (no PIN needed.) +The contributors and maintainers of all OCI projects have a weekly meeting on Wednesdays at: + +* 8:00 AM (USA Pacific), during [odd weeks][iso-week]. +* 5:00 PM (USA Pacific), during [even weeks][iso-week]. + +There is an [iCalendar][rfc5545] format for the meetings [here](meeting.ics). + +Everyone is welcome to participate via [UberConference web][uberconference] or audio-only: +1 415 968 0849 (no PIN needed). An initial agenda will be posted to the [mailing list](#mailing-list) earlier in the week, and everyone is welcome to propose additional topics or suggest other agenda alterations there. -Minutes are posted to the [mailing list](#mailing-list) and minutes from past calls are archived to the [wiki][runtime-wiki]. +Minutes are posted to the [mailing list](#mailing-list) and minutes from past calls are archived [here][minutes], with minutes from especially old meetings (September 2015 and earlier) archived [here][runtime-wiki]. ### Mailing List @@ -148,7 +154,10 @@ Read more on [How to Write a Git Commit Message][how-to-git-commit] or the Discu [dev-list]: https://groups.google.com/a/opencontainers.org/forum/#!forum/dev [how-to-git-commit]: http://chris.beams.io/posts/git-commit [irc-logs]: http://ircbot.wl.linuxfoundation.org/eavesdrop/%23opencontainers/ +[iso-week]: https://en.wikipedia.org/wiki/ISO_week_date#Calculating_the_week_number_of_a_given_date +[minutes]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/ [oci]: https://www.opencontainers.org +[rfc5545]: https://tools.ietf.org/html/rfc5545 [runtime-wiki]: https://github.com/opencontainers/runtime-spec/wiki [uberconference]: https://www.uberconference.com/opencontainers diff --git a/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go b/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go index bd8e96a8a6..da9040594c 100644 --- a/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -169,6 +169,9 @@ type Linux struct { ReadonlyPaths []string `json:"readonlyPaths,omitempty"` // MountLabel specifies the selinux context for the mounts in the container. MountLabel string `json:"mountLabel,omitempty"` + // IntelRdt contains Intel Resource Director Technology (RDT) information + // for handling resource constraints (e.g., L3 cache) for the container + IntelRdt *LinuxIntelRdt `json:"intelRdt,omitempty"` } // LinuxNamespace is the configuration for a Linux namespace @@ -247,9 +250,9 @@ type linuxBlockIODevice struct { // LinuxWeightDevice struct holds a `major:minor weight` pair for blkioWeightDevice type LinuxWeightDevice struct { linuxBlockIODevice - // Weight is the bandwidth rate for the device, range is from 10 to 1000 + // Weight is the bandwidth rate for the device. Weight *uint16 `json:"weight,omitempty"` - // LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, range is from 10 to 1000, CFQ scheduler only + // LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, CFQ scheduler only LeafWeight *uint16 `json:"leafWeight,omitempty"` } @@ -262,9 +265,9 @@ type LinuxThrottleDevice struct { // LinuxBlockIO for Linux cgroup 'blkio' resource management type LinuxBlockIO struct { - // Specifies per cgroup weight, range is from 10 to 1000 + // Specifies per cgroup weight Weight *uint16 `json:"blkioWeight,omitempty"` - // Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, CFQ scheduler only + // Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, CFQ scheduler only LeafWeight *uint16 `json:"blkioLeafWeight,omitempty"` // Weight per cgroup per device, can override BlkioWeight WeightDevice []LinuxWeightDevice `json:"blkioWeightDevice,omitempty"` @@ -457,8 +460,8 @@ type WindowsCPUResources struct { Count *uint64 `json:"count,omitempty"` // CPU shares (relative weight to other containers with cpu shares). Range is from 1 to 10000. Shares *uint16 `json:"shares,omitempty"` - // Percent of available CPUs usable by the container. - Percent *uint8 `json:"percent,omitempty"` + // Specifies the portion of processor cycles that this container can use as a percentage times 100. + Maximum *uint16 `json:"maximum,omitempty"` } // WindowsStorageResources contains storage resource management settings. @@ -481,7 +484,7 @@ type WindowsNetworkResources struct { type LinuxSeccomp struct { DefaultAction LinuxSeccompAction `json:"defaultAction"` Architectures []Arch `json:"architectures,omitempty"` - Syscalls []LinuxSyscall `json:"syscalls"` + Syscalls []LinuxSyscall `json:"syscalls,omitempty"` } // Arch used for additional architectures @@ -546,8 +549,15 @@ type LinuxSeccompArg struct { // LinuxSyscall is used to match a syscall in Seccomp type LinuxSyscall struct { - Names []string `json:"names"` - Action LinuxSeccompAction `json:"action"` - Args []LinuxSeccompArg `json:"args"` - Comment string `json:"comment"` + Names []string `json:"names"` + Action LinuxSeccompAction `json:"action"` + Args []LinuxSeccompArg `json:"args,omitempty"` +} + +// LinuxIntelRdt has container runtime resource constraints +// for Intel RDT/CAT which introduced in Linux 4.10 kernel +type LinuxIntelRdt struct { + // The schema for L3 cache id and capacity bitmask (CBM) + // Format: "L3:=;=;..." + L3CacheSchema string `json:"l3CacheSchema,omitempty"` } diff --git a/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go b/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go index 26b34c299c..dfcf0090ee 100644 --- a/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/components/engine/vendor/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -11,7 +11,7 @@ const ( VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-rc5" + VersionDev = "-rc5-dev" ) // Version is the specification version that the package types support. From f1ce9152c02c5630fce91c3e1a0fdc65a2c0afff Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Tue, 9 May 2017 18:25:44 -0700 Subject: [PATCH 07/37] Use CpuMaximum instead of CpuPercent for more precision Signed-off-by: Darren Stahl Upstream-commit: 425973cbb87aef6a32b225a57f5ef2d78d5749d5 Component: engine --- components/engine/daemon/oci_windows.go | 17 ++++++++++------- .../engine/libcontainerd/client_windows.go | 4 ++-- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/components/engine/daemon/oci_windows.go b/components/engine/daemon/oci_windows.go index 0d1d08d263..d180518faa 100644 --- a/components/engine/daemon/oci_windows.go +++ b/components/engine/daemon/oci_windows.go @@ -120,7 +120,7 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { // In s.Windows.Resources cpuShares := uint16(c.HostConfig.CPUShares) - cpuPercent := uint8(c.HostConfig.CPUPercent) + cpuMaximum := uint16(c.HostConfig.CPUPercent) * 100 cpuCount := uint64(c.HostConfig.CPUCount) if c.HostConfig.NanoCPUs > 0 { if isHyperV { @@ -128,21 +128,24 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) { leftoverNanoCPUs := c.HostConfig.NanoCPUs % 1e9 if leftoverNanoCPUs != 0 { cpuCount++ - cpuPercent = uint8(c.HostConfig.NanoCPUs * 100 / int64(cpuCount) / 1e9) + cpuMaximum = uint16(c.HostConfig.NanoCPUs / int64(cpuCount) / (1e9 / 10000)) + if cpuMaximum < 1 { + // The requested NanoCPUs is so small that we rounded to 0, use 1 instead + cpuMaximum = 1 + } } } else { - cpuPercent = uint8(c.HostConfig.NanoCPUs * 100 / int64(sysinfo.NumCPU()) / 1e9) - - if cpuPercent < 1 { + cpuMaximum = uint16(c.HostConfig.NanoCPUs / int64(sysinfo.NumCPU()) / (1e9 / 10000)) + if cpuMaximum < 1 { // The requested NanoCPUs is so small that we rounded to 0, use 1 instead - cpuPercent = 1 + cpuMaximum = 1 } } } memoryLimit := uint64(c.HostConfig.Memory) s.Windows.Resources = &specs.WindowsResources{ CPU: &specs.WindowsCPUResources{ - Percent: &cpuPercent, + Maximum: &cpuMaximum, Shares: &cpuShares, Count: &cpuCount, }, diff --git a/components/engine/libcontainerd/client_windows.go b/components/engine/libcontainerd/client_windows.go index 3d59e944f8..3fe1e43172 100644 --- a/components/engine/libcontainerd/client_windows.go +++ b/components/engine/libcontainerd/client_windows.go @@ -128,8 +128,8 @@ func (clnt *client) Create(containerID string, checkpoint string, checkpointDir if spec.Windows.Resources.CPU.Shares != nil { configuration.ProcessorWeight = uint64(*spec.Windows.Resources.CPU.Shares) } - if spec.Windows.Resources.CPU.Percent != nil { - configuration.ProcessorMaximum = int64(*spec.Windows.Resources.CPU.Percent) * 100 // ProcessorMaximum is a value between 1 and 10000 + if spec.Windows.Resources.CPU.Maximum != nil { + configuration.ProcessorMaximum = int64(*spec.Windows.Resources.CPU.Maximum) } } if spec.Windows.Resources.Memory != nil { From c9ec562beeb7e61fc63f52f3ef2bce0cba5c5c56 Mon Sep 17 00:00:00 2001 From: Evan Hazlett Date: Fri, 19 May 2017 17:10:32 -0400 Subject: [PATCH 08/37] remove RuntimeData from cluster and types Signed-off-by: Evan Hazlett Upstream-commit: 8eeba751983d6499a07fcd21c26f381eb1d17d19 Component: engine --- components/engine/api/swagger.yaml | 3 --- components/engine/api/types/swarm/task.go | 3 --- components/engine/daemon/cluster/convert/service.go | 2 -- 3 files changed, 8 deletions(-) diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml index 4bce7d6610..1ba9c5874c 100644 --- a/components/engine/api/swagger.yaml +++ b/components/engine/api/swagger.yaml @@ -2174,9 +2174,6 @@ definitions: Runtime: description: "Runtime is the type of runtime specified for the task executor." type: "string" - RuntimeData: - description: "RuntimeData is the payload sent to be used with the runtime for the executor." - type: "array" Networks: type: "array" items: diff --git a/components/engine/api/types/swarm/task.go b/components/engine/api/types/swarm/task.go index 9fd52e47d0..a598a79d59 100644 --- a/components/engine/api/types/swarm/task.go +++ b/components/engine/api/types/swarm/task.go @@ -67,9 +67,6 @@ type TaskSpec struct { ForceUpdate uint64 Runtime RuntimeType `json:",omitempty"` - // TODO (ehazlett): this should be removed and instead - // use struct tags (proto) for the runtimes - RuntimeData []byte `json:",omitempty"` } // Resources represents resources (CPU/Memory). diff --git a/components/engine/daemon/cluster/convert/service.go b/components/engine/daemon/cluster/convert/service.go index 2604259b24..3ab212927c 100644 --- a/components/engine/daemon/cluster/convert/service.go +++ b/components/engine/daemon/cluster/convert/service.go @@ -100,7 +100,6 @@ func serviceSpecFromGRPC(spec *swarmapi.ServiceSpec) (*types.ServiceSpec, error) return nil, fmt.Errorf("unknown task runtime type: %s", t.Generic.Payload.TypeUrl) } - taskTemplate.RuntimeData = t.Generic.Payload.Value default: return nil, fmt.Errorf("error creating service; unsupported runtime %T", t) } @@ -176,7 +175,6 @@ func ServiceSpecToGRPC(s types.ServiceSpec) (swarmapi.ServiceSpec, error) { Kind: string(types.RuntimePlugin), Payload: &gogotypes.Any{ TypeUrl: string(types.RuntimeURLPlugin), - Value: s.TaskTemplate.RuntimeData, }, }, } From bce5af578c2cd37b8be2ccd2667b5c5c0c83dc71 Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Fri, 19 May 2017 16:13:52 -0700 Subject: [PATCH 09/37] Revendor go-winio to v0.4.1 Signed-off-by: Darren Stahl Upstream-commit: af7d8d09ef2dde07c9c0004a14e3a28c93007458 Component: engine --- components/engine/vendor.conf | 2 +- .../engine/vendor/github.com/Microsoft/go-winio/file.go | 8 +++++--- .../engine/vendor/github.com/Microsoft/go-winio/pipe.go | 2 ++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index f0cedfc22b..ec1775e693 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -1,7 +1,7 @@ # the following lines are in sorted order, FYI github.com/Azure/go-ansiterm 388960b655244e76e24c75f48631564eaefade62 github.com/Microsoft/hcsshim v0.5.17 -github.com/Microsoft/go-winio v0.4.0 +github.com/Microsoft/go-winio v0.4.1 github.com/Sirupsen/logrus v0.11.0 github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76 github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a diff --git a/components/engine/vendor/github.com/Microsoft/go-winio/file.go b/components/engine/vendor/github.com/Microsoft/go-winio/file.go index 078a5687b6..613f31b520 100644 --- a/components/engine/vendor/github.com/Microsoft/go-winio/file.go +++ b/components/engine/vendor/github.com/Microsoft/go-winio/file.go @@ -124,7 +124,8 @@ func (f *win32File) Close() error { return nil } -// prepareIo prepares for a new IO operation +// prepareIo prepares for a new IO operation. +// The caller must call f.wg.Done() when the IO is finished, prior to Close() returning. func (f *win32File) prepareIo() (*ioOperation, error) { f.wg.Add(1) if f.closing { @@ -155,7 +156,6 @@ func ioCompletionProcessor(h syscall.Handle) { // the operation has actually completed. func (f *win32File) asyncIo(c *ioOperation, d *deadlineHandler, bytes uint32, err error) (int, error) { if err != syscall.ERROR_IO_PENDING { - f.wg.Done() return int(bytes), err } @@ -192,7 +192,6 @@ func (f *win32File) asyncIo(c *ioOperation, d *deadlineHandler, bytes uint32, er // code to ioCompletionProcessor, c must remain alive // until the channel read is complete. runtime.KeepAlive(c) - f.wg.Done() return int(r.bytes), err } @@ -202,6 +201,7 @@ func (f *win32File) Read(b []byte) (int, error) { if err != nil { return 0, err } + defer f.wg.Done() if f.readDeadline.timedout.isSet() { return 0, ErrTimeout @@ -228,6 +228,8 @@ func (f *win32File) Write(b []byte) (int, error) { if err != nil { return 0, err } + defer f.wg.Done() + if f.writeDeadline.timedout.isSet() { return 0, ErrTimeout } diff --git a/components/engine/vendor/github.com/Microsoft/go-winio/pipe.go b/components/engine/vendor/github.com/Microsoft/go-winio/pipe.go index 0ee2641ffc..fa270a310f 100644 --- a/components/engine/vendor/github.com/Microsoft/go-winio/pipe.go +++ b/components/engine/vendor/github.com/Microsoft/go-winio/pipe.go @@ -367,6 +367,8 @@ func connectPipe(p *win32File) error { if err != nil { return err } + defer p.wg.Done() + err = connectNamedPipe(p.handle, &c.o) _, err = p.asyncIo(c, nil, 0, err) if err != nil && err != cERROR_PIPE_CONNECTED { From d150808e813c412e8b8220d16ae0700b5c278206 Mon Sep 17 00:00:00 2001 From: yangshukui Date: Sat, 20 May 2017 11:27:45 +0800 Subject: [PATCH 10/37] Add a restarting check to ContainerAttach Signed-off-by: yangshukui Upstream-commit: 5010e09534c4595ea4bc3f53a415626fc9e9d3b1 Component: engine --- components/engine/daemon/attach.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/components/engine/daemon/attach.go b/components/engine/daemon/attach.go index a892799529..32410393a3 100644 --- a/components/engine/daemon/attach.go +++ b/components/engine/daemon/attach.go @@ -31,7 +31,11 @@ func (daemon *Daemon) ContainerAttach(prefixOrName string, c *backend.ContainerA return err } if container.IsPaused() { - err := fmt.Errorf("Container %s is paused. Unpause the container before attach", prefixOrName) + err := fmt.Errorf("Container %s is paused, unpause the container before attach.", prefixOrName) + return errors.NewRequestConflictError(err) + } + if container.IsRestarting() { + err := fmt.Errorf("Container %s is restarting, wait until the container is running.", prefixOrName) return errors.NewRequestConflictError(err) } From a5644c91a3bccdc85c0c15e1c2c8ea69c540777a Mon Sep 17 00:00:00 2001 From: Boaz Shuster Date: Wed, 17 May 2017 15:30:51 +0300 Subject: [PATCH 11/37] Add container environment variables correctly to the health check The health check process doesn't have all the environment varialbes in the container or has them set incorrectly. This patch should fix that problem. Signed-off-by: Boaz Shuster Upstream-commit: 5836d86ac4d617e837d94010aa60384648ab59ea Component: engine --- components/engine/daemon/health.go | 26 +++++++++++-------- .../integration-cli/docker_cli_health_test.go | 23 ++++++++++++++++ 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/components/engine/daemon/health.go b/components/engine/daemon/health.go index caa8db8447..48cf4c4255 100644 --- a/components/engine/daemon/health.go +++ b/components/engine/daemon/health.go @@ -64,31 +64,35 @@ type cmdProbe struct { // exec the healthcheck command in the container. // Returns the exit code and probe output (if any) -func (p *cmdProbe) run(ctx context.Context, d *Daemon, container *container.Container) (*types.HealthcheckResult, error) { - - cmdSlice := strslice.StrSlice(container.Config.Healthcheck.Test)[1:] +func (p *cmdProbe) run(ctx context.Context, d *Daemon, cntr *container.Container) (*types.HealthcheckResult, error) { + cmdSlice := strslice.StrSlice(cntr.Config.Healthcheck.Test)[1:] if p.shell { - cmdSlice = append(getShell(container.Config), cmdSlice...) + cmdSlice = append(getShell(cntr.Config), cmdSlice...) } entrypoint, args := d.getEntrypointAndArgs(strslice.StrSlice{}, cmdSlice) execConfig := exec.NewConfig() execConfig.OpenStdin = false execConfig.OpenStdout = true execConfig.OpenStderr = true - execConfig.ContainerID = container.ID + execConfig.ContainerID = cntr.ID execConfig.DetachKeys = []byte{} execConfig.Entrypoint = entrypoint execConfig.Args = args execConfig.Tty = false execConfig.Privileged = false - execConfig.User = container.Config.User - execConfig.Env = container.Config.Env + execConfig.User = cntr.Config.User - d.registerExecCommand(container, execConfig) - d.LogContainerEvent(container, "exec_create: "+execConfig.Entrypoint+" "+strings.Join(execConfig.Args, " ")) + linkedEnv, err := d.setupLinkedContainers(cntr) + if err != nil { + return nil, err + } + execConfig.Env = container.ReplaceOrAppendEnvValues(cntr.CreateDaemonEnvironment(execConfig.Tty, linkedEnv), execConfig.Env) + + d.registerExecCommand(cntr, execConfig) + d.LogContainerEvent(cntr, "exec_create: "+execConfig.Entrypoint+" "+strings.Join(execConfig.Args, " ")) output := &limitedBuffer{} - err := d.ContainerExecStart(ctx, execConfig.ID, nil, output, output) + err = d.ContainerExecStart(ctx, execConfig.ID, nil, output, output) if err != nil { return nil, err } @@ -97,7 +101,7 @@ func (p *cmdProbe) run(ctx context.Context, d *Daemon, container *container.Cont return nil, err } if info.ExitCode == nil { - return nil, fmt.Errorf("Healthcheck for container %s has no exit code!", container.ID) + return nil, fmt.Errorf("Healthcheck for container %s has no exit code!", cntr.ID) } // Note: Go's json package will handle invalid UTF-8 for us out := output.String() diff --git a/components/engine/integration-cli/docker_cli_health_test.go b/components/engine/integration-cli/docker_cli_health_test.go index 3e9d048f89..0f78a41d87 100644 --- a/components/engine/integration-cli/docker_cli_health_test.go +++ b/components/engine/integration-cli/docker_cli_health_test.go @@ -139,3 +139,26 @@ func (s *DockerSuite) TestHealth(c *check.C) { c.Check(out, checker.Equals, "[CMD cat /my status]\n") } + +// Github #33021 +func (s *DockerSuite) TestUnsetEnvVarHealthCheck(c *check.C) { + testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows + + imageName := "testhealth" + buildImageSuccessfully(c, imageName, build.WithDockerfile(`FROM busybox +HEALTHCHECK --interval=1s --timeout=5s --retries=5 CMD /bin/sh -c "sleep 1" +ENTRYPOINT /bin/sh -c "sleep 600"`)) + + name := "env_test_health" + // No health status before starting + dockerCmd(c, "run", "-d", "--name", name, "-e", "FOO", imageName) + defer func() { + dockerCmd(c, "rm", "-f", name) + dockerCmd(c, "rmi", imageName) + }() + + // Start + dockerCmd(c, "start", name) + waitForHealthStatus(c, name, "starting", "healthy") + +} From 4a211248b94f1277444601ef4f579e1e48cb6762 Mon Sep 17 00:00:00 2001 From: Dave Tucker Date: Wed, 17 May 2017 15:46:15 +0100 Subject: [PATCH 12/37] client: Expose DaemonHost to client users This commit exposes `Client.host` as `Client.DaemonHost()` This allows users of the client, a CLI for example, to query the Host that the client is attempting to contact and vary their behaviour accordingly. For example, to allow client-side configuration of HTTP proxy settings for a number of different docker hosts. Signed-off-by: Dave Tucker Upstream-commit: 6ce6ae1cd11d888e0c8ede20926b86981cee5ce1 Component: engine --- components/engine/client/client.go | 6 ++++++ components/engine/client/interface.go | 1 + 2 files changed, 7 insertions(+) diff --git a/components/engine/client/client.go b/components/engine/client/client.go index f8f2fc6ad5..34897b9549 100644 --- a/components/engine/client/client.go +++ b/components/engine/client/client.go @@ -247,6 +247,12 @@ func (cli *Client) UpdateClientVersion(v string) { } +// DaemonHost returns the host associated with this instance of the Client. +// This operation doesn't acquire a mutex. +func (cli *Client) DaemonHost() string { + return cli.host +} + // ParseHost verifies that the given host strings is valid. func ParseHost(host string) (string, string, string, error) { protoAddrParts := strings.SplitN(host, "://", 2) diff --git a/components/engine/client/interface.go b/components/engine/client/interface.go index 678a69ddf7..d5f3a14ec3 100644 --- a/components/engine/client/interface.go +++ b/components/engine/client/interface.go @@ -31,6 +31,7 @@ type CommonAPIClient interface { SystemAPIClient VolumeAPIClient ClientVersion() string + DaemonHost() string ServerVersion(ctx context.Context) (types.Version, error) UpdateClientVersion(v string) } From 949950950a113bcd02d6bfc514990877bee87da5 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Mon, 22 May 2017 13:58:28 -0700 Subject: [PATCH 13/37] vendor: Remove docker-credential-helpers This appears to be a remnant from the CLI that is no longer imported anywhere. Remove it from vendor.conf and the vendor directory. Signed-off-by: Aaron Lehmann Upstream-commit: aa6fc939baf0bae00391a0ba703187018055b8bf Component: engine --- components/engine/vendor.conf | 3 - .../docker/docker-credential-helpers/LICENSE | 20 -- .../docker-credential-helpers/README.md | 76 ------ .../osxkeychain/osxkeychain_darwin.c | 228 ------------------ .../osxkeychain/osxkeychain_darwin.go | 170 ------------- .../osxkeychain/osxkeychain_darwin.h | 14 -- .../secretservice/secretservice_linux.c | 162 ------------- .../secretservice/secretservice_linux.go | 115 --------- .../secretservice/secretservice_linux.h | 13 - 9 files changed, 801 deletions(-) delete mode 100644 components/engine/vendor/github.com/docker/docker-credential-helpers/LICENSE delete mode 100644 components/engine/vendor/github.com/docker/docker-credential-helpers/README.md delete mode 100644 components/engine/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.c delete mode 100644 components/engine/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.go delete mode 100644 components/engine/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.h delete mode 100644 components/engine/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.c delete mode 100644 components/engine/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.go delete mode 100644 components/engine/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.h diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index 6100ba8d20..846a8b7315 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -99,9 +99,6 @@ cloud.google.com/go 9d965e63e8cceb1b5d7977a202f0fcb8866d6525 github.com/googleapis/gax-go da06d194a00e19ce00d9011a13931c3f6f6887c7 google.golang.org/genproto b3e7c2fb04031add52c4817f53f43757ccbf9c18 -# native credentials -github.com/docker/docker-credential-helpers v0.5.0 - # containerd github.com/containerd/containerd 3addd840653146c90a254301d6c3a663c7fd6429 github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4 diff --git a/components/engine/vendor/github.com/docker/docker-credential-helpers/LICENSE b/components/engine/vendor/github.com/docker/docker-credential-helpers/LICENSE deleted file mode 100644 index 1ea555e2af..0000000000 --- a/components/engine/vendor/github.com/docker/docker-credential-helpers/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -Copyright (c) 2016 David Calavera - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/components/engine/vendor/github.com/docker/docker-credential-helpers/README.md b/components/engine/vendor/github.com/docker/docker-credential-helpers/README.md deleted file mode 100644 index e795f7c5e4..0000000000 --- a/components/engine/vendor/github.com/docker/docker-credential-helpers/README.md +++ /dev/null @@ -1,76 +0,0 @@ -## Introduction - -docker-credential-helpers is a suite of programs to use native stores to keep Docker credentials safe. - -## Installation - -Go to the [Releases](https://github.com/docker/docker-credential-helpers/releases) page and download the binary that works better for you. Put that binary in your `$PATH`, so Docker can find it. - -### Building from scratch - -The programs in this repository are written with the Go programming language. These instructions assume that you have previous knowledge about the language and you have it installed in your machine. - -1 - Download the source and put it in your `$GOPATH` with `go get`. - -``` -$ go get github.com/docker/docker-credential-helpers -``` - -2 - Use `make` to build the program you want. That will leave any executable in the `bin` directory inside the repository. - -``` -$ cd $GOPATH/docker/docker-credentials-helpers -$ make osxkeychain -``` - -3 - Put that binary in your `$PATH`, so Docker can find it. - -## Usage - -### With the Docker Engine - -Set the `credsStore` option in your `.docker/config.json` file with the suffix of the program you want to use. For instance, set it to `osxkeychain` if you want to use `docker-credential-osxkeychain`. - -```json -{ - "credsStore": "osxkeychain" -} -``` - -### With other command line applications - -The sub-package [client](https://godoc.org/github.com/docker/docker-credential-helpers/client) includes -functions to call external programs from your own command line applications. - -There are three things you need to know if you need to interact with a helper: - -1. The name of the program to execute, for instance `docker-credential-osxkeychain`. -2. The server address to identify the credentials, for instance `https://example.com`. -3. The username and secret to store, when you want to store credentials. - -You can see examples of each function in the [client](https://godoc.org/github.com/docker/docker-credential-helpers/client) documentation. - -### Available programs - -1. osxkeychain: Provides a helper to use the OS X keychain as credentials store. -2. secretservice: Provides a helper to use the D-Bus secret service as credentials store. -3. wincred: Provides a helper to use Windows credentials manager as store. - -## Development - -A credential helper can be any program that can read values from the standard input. We use the first argument in the command line to differentiate the kind of command to execute. There are four valid values: - -- `store`: Adds credentials to the keychain. The payload in the standard input is a JSON document with `ServerURL`, `Username` and `Secret`. -- `get`: Retrieves credentials from the keychain. The payload in the standard input is the raw value for the `ServerURL`. -- `erase`: Removes credentials from the keychain. The payload in the standard input is the raw value for the `ServerURL`. -- `list`: Lists stored credentials. There is no standard input payload. - -This repository also includes libraries to implement new credentials programs in Go. Adding a new helper program is pretty easy. You can see how the OS X keychain helper works in the [osxkeychain](osxkeychain) directory. - -1. Implement the interface `credentials.Helper` in `YOUR_PACKAGE/YOUR_PACKAGE_$GOOS.go` -2. Create a main program in `YOUR_PACKAGE/cmd/main_$GOOS.go`. -3. Add make tasks to build your program and run tests. - -## License - -MIT. See [LICENSE](LICENSE) for more information. diff --git a/components/engine/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.c b/components/engine/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.c deleted file mode 100644 index f84d61ee5d..0000000000 --- a/components/engine/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.c +++ /dev/null @@ -1,228 +0,0 @@ -#include "osxkeychain_darwin.h" -#include -#include -#include -#include - -char *get_error(OSStatus status) { - char *buf = malloc(128); - CFStringRef str = SecCopyErrorMessageString(status, NULL); - int success = CFStringGetCString(str, buf, 128, kCFStringEncodingUTF8); - if (!success) { - strncpy(buf, "Unknown error", 128); - } - return buf; -} - -char *keychain_add(struct Server *server, char *label, char *username, char *secret) { - SecKeychainItemRef item; - - OSStatus status = SecKeychainAddInternetPassword( - NULL, - strlen(server->host), server->host, - 0, NULL, - strlen(username), username, - strlen(server->path), server->path, - server->port, - server->proto, - kSecAuthenticationTypeDefault, - strlen(secret), secret, - &item - ); - - if (status) { - return get_error(status); - } - - SecKeychainAttribute attribute; - SecKeychainAttributeList attrs; - attribute.tag = kSecLabelItemAttr; - attribute.data = label; - attribute.length = strlen(label); - attrs.count = 1; - attrs.attr = &attribute; - - status = SecKeychainItemModifyContent(item, &attrs, 0, NULL); - - if (status) { - return get_error(status); - } - - return NULL; -} - -char *keychain_get(struct Server *server, unsigned int *username_l, char **username, unsigned int *secret_l, char **secret) { - char *tmp; - SecKeychainItemRef item; - - OSStatus status = SecKeychainFindInternetPassword( - NULL, - strlen(server->host), server->host, - 0, NULL, - 0, NULL, - strlen(server->path), server->path, - server->port, - server->proto, - kSecAuthenticationTypeDefault, - secret_l, (void **)&tmp, - &item); - - if (status) { - return get_error(status); - } - - *secret = strdup(tmp); - SecKeychainItemFreeContent(NULL, tmp); - - SecKeychainAttributeList list; - SecKeychainAttribute attr; - - list.count = 1; - list.attr = &attr; - attr.tag = kSecAccountItemAttr; - - status = SecKeychainItemCopyContent(item, NULL, &list, NULL, NULL); - if (status) { - return get_error(status); - } - - *username = strdup(attr.data); - *username_l = attr.length; - SecKeychainItemFreeContent(&list, NULL); - - return NULL; -} - -char *keychain_delete(struct Server *server) { - SecKeychainItemRef item; - - OSStatus status = SecKeychainFindInternetPassword( - NULL, - strlen(server->host), server->host, - 0, NULL, - 0, NULL, - strlen(server->path), server->path, - server->port, - server->proto, - kSecAuthenticationTypeDefault, - 0, NULL, - &item); - - if (status) { - return get_error(status); - } - - status = SecKeychainItemDelete(item); - if (status) { - return get_error(status); - } - return NULL; -} - -char * CFStringToCharArr(CFStringRef aString) { - if (aString == NULL) { - return NULL; - } - CFIndex length = CFStringGetLength(aString); - CFIndex maxSize = - CFStringGetMaximumSizeForEncoding(length, kCFStringEncodingUTF8) + 1; - char *buffer = (char *)malloc(maxSize); - if (CFStringGetCString(aString, buffer, maxSize, - kCFStringEncodingUTF8)) { - return buffer; - } - return NULL; -} - -char *keychain_list(char *credsLabel, char *** paths, char *** accts, unsigned int *list_l) { - CFStringRef credsLabelCF = CFStringCreateWithCString(NULL, credsLabel, kCFStringEncodingUTF8); - CFMutableDictionaryRef query = CFDictionaryCreateMutable (NULL, 1, NULL, NULL); - CFDictionaryAddValue(query, kSecClass, kSecClassInternetPassword); - CFDictionaryAddValue(query, kSecReturnAttributes, kCFBooleanTrue); - CFDictionaryAddValue(query, kSecMatchLimit, kSecMatchLimitAll); - CFDictionaryAddValue(query, kSecAttrLabel, credsLabelCF); - //Use this query dictionary - CFTypeRef result= NULL; - OSStatus status = SecItemCopyMatching( - query, - &result); - - CFRelease(credsLabelCF); - - //Ran a search and store the results in result - if (status) { - return get_error(status); - } - CFIndex numKeys = CFArrayGetCount(result); - *paths = (char **) malloc((int)sizeof(char *)*numKeys); - *accts = (char **) malloc((int)sizeof(char *)*numKeys); - //result is of type CFArray - for(CFIndex i=0; i -*/ -import "C" -import ( - "errors" - "net/url" - "strconv" - "strings" - "unsafe" - - "github.com/docker/docker-credential-helpers/credentials" -) - -// errCredentialsNotFound is the specific error message returned by OS X -// when the credentials are not in the keychain. -const errCredentialsNotFound = "The specified item could not be found in the keychain." - -// Osxkeychain handles secrets using the OS X Keychain as store. -type Osxkeychain struct{} - -// Add adds new credentials to the keychain. -func (h Osxkeychain) Add(creds *credentials.Credentials) error { - h.Delete(creds.ServerURL) - - s, err := splitServer(creds.ServerURL) - if err != nil { - return err - } - defer freeServer(s) - - label := C.CString(credentials.CredsLabel) - defer C.free(unsafe.Pointer(label)) - username := C.CString(creds.Username) - defer C.free(unsafe.Pointer(username)) - secret := C.CString(creds.Secret) - defer C.free(unsafe.Pointer(secret)) - - errMsg := C.keychain_add(s, label, username, secret) - if errMsg != nil { - defer C.free(unsafe.Pointer(errMsg)) - return errors.New(C.GoString(errMsg)) - } - - return nil -} - -// Delete removes credentials from the keychain. -func (h Osxkeychain) Delete(serverURL string) error { - s, err := splitServer(serverURL) - if err != nil { - return err - } - defer freeServer(s) - - errMsg := C.keychain_delete(s) - if errMsg != nil { - defer C.free(unsafe.Pointer(errMsg)) - return errors.New(C.GoString(errMsg)) - } - - return nil -} - -// Get returns the username and secret to use for a given registry server URL. -func (h Osxkeychain) Get(serverURL string) (string, string, error) { - s, err := splitServer(serverURL) - if err != nil { - return "", "", err - } - defer freeServer(s) - - var usernameLen C.uint - var username *C.char - var secretLen C.uint - var secret *C.char - defer C.free(unsafe.Pointer(username)) - defer C.free(unsafe.Pointer(secret)) - - errMsg := C.keychain_get(s, &usernameLen, &username, &secretLen, &secret) - if errMsg != nil { - defer C.free(unsafe.Pointer(errMsg)) - goMsg := C.GoString(errMsg) - if goMsg == errCredentialsNotFound { - return "", "", credentials.NewErrCredentialsNotFound() - } - - return "", "", errors.New(goMsg) - } - - user := C.GoStringN(username, C.int(usernameLen)) - pass := C.GoStringN(secret, C.int(secretLen)) - return user, pass, nil -} - -// List returns the stored URLs and corresponding usernames. -func (h Osxkeychain) List() (map[string]string, error) { - credsLabelC := C.CString(credentials.CredsLabel) - defer C.free(unsafe.Pointer(credsLabelC)) - - var pathsC **C.char - defer C.free(unsafe.Pointer(pathsC)) - var acctsC **C.char - defer C.free(unsafe.Pointer(acctsC)) - var listLenC C.uint - errMsg := C.keychain_list(credsLabelC, &pathsC, &acctsC, &listLenC) - if errMsg != nil { - defer C.free(unsafe.Pointer(errMsg)) - goMsg := C.GoString(errMsg) - return nil, errors.New(goMsg) - } - - defer C.freeListData(&pathsC, listLenC) - defer C.freeListData(&acctsC, listLenC) - - var listLen int - listLen = int(listLenC) - pathTmp := (*[1 << 30]*C.char)(unsafe.Pointer(pathsC))[:listLen:listLen] - acctTmp := (*[1 << 30]*C.char)(unsafe.Pointer(acctsC))[:listLen:listLen] - //taking the array of c strings into go while ignoring all the stuff irrelevant to credentials-helper - resp := make(map[string]string) - for i := 0; i < listLen; i++ { - if C.GoString(pathTmp[i]) == "0" { - continue - } - resp[C.GoString(pathTmp[i])] = C.GoString(acctTmp[i]) - } - return resp, nil -} - -func splitServer(serverURL string) (*C.struct_Server, error) { - u, err := url.Parse(serverURL) - if err != nil { - return nil, err - } - - hostAndPort := strings.Split(u.Host, ":") - host := hostAndPort[0] - var port int - if len(hostAndPort) == 2 { - p, err := strconv.Atoi(hostAndPort[1]) - if err != nil { - return nil, err - } - port = p - } - - proto := C.kSecProtocolTypeHTTPS - if u.Scheme != "https" { - proto = C.kSecProtocolTypeHTTP - } - - return &C.struct_Server{ - proto: C.SecProtocolType(proto), - host: C.CString(host), - port: C.uint(port), - path: C.CString(u.Path), - }, nil -} - -func freeServer(s *C.struct_Server) { - C.free(unsafe.Pointer(s.host)) - C.free(unsafe.Pointer(s.path)) -} diff --git a/components/engine/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.h b/components/engine/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.h deleted file mode 100644 index c54e7d7288..0000000000 --- a/components/engine/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.h +++ /dev/null @@ -1,14 +0,0 @@ -#include - -struct Server { - SecProtocolType proto; - char *host; - char *path; - unsigned int port; -}; - -char *keychain_add(struct Server *server, char *label, char *username, char *secret); -char *keychain_get(struct Server *server, unsigned int *username_l, char **username, unsigned int *secret_l, char **secret); -char *keychain_delete(struct Server *server); -char *keychain_list(char *credsLabel, char *** data, char *** accts, unsigned int *list_l); -void freeListData(char *** data, unsigned int length); \ No newline at end of file diff --git a/components/engine/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.c b/components/engine/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.c deleted file mode 100644 index 35dea92da5..0000000000 --- a/components/engine/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.c +++ /dev/null @@ -1,162 +0,0 @@ -#include -#include -#include "secretservice_linux.h" - -const SecretSchema *docker_get_schema(void) -{ - static const SecretSchema docker_schema = { - "io.docker.Credentials", SECRET_SCHEMA_NONE, - { - { "label", SECRET_SCHEMA_ATTRIBUTE_STRING }, - { "server", SECRET_SCHEMA_ATTRIBUTE_STRING }, - { "username", SECRET_SCHEMA_ATTRIBUTE_STRING }, - { "docker_cli", SECRET_SCHEMA_ATTRIBUTE_STRING }, - { "NULL", 0 }, - } - }; - return &docker_schema; -} - -GError *add(char *label, char *server, char *username, char *secret) { - GError *err = NULL; - - secret_password_store_sync (DOCKER_SCHEMA, SECRET_COLLECTION_DEFAULT, - server, secret, NULL, &err, - "label", label, - "server", server, - "username", username, - "docker_cli", "1", - NULL); - return err; -} - -GError *delete(char *server) { - GError *err = NULL; - - secret_password_clear_sync(DOCKER_SCHEMA, NULL, &err, - "server", server, - "docker_cli", "1", - NULL); - if (err != NULL) - return err; - return NULL; -} - -char *get_attribute(const char *attribute, SecretItem *item) { - GHashTable *attributes; - GHashTableIter iter; - gchar *value, *key; - - attributes = secret_item_get_attributes(item); - g_hash_table_iter_init(&iter, attributes); - while (g_hash_table_iter_next(&iter, (void **)&key, (void **)&value)) { - if (strncmp(key, attribute, strlen(key)) == 0) - return (char *)value; - } - g_hash_table_unref(attributes); - return NULL; -} - -GError *get(char *server, char **username, char **secret) { - GError *err = NULL; - GHashTable *attributes; - SecretService *service; - GList *items, *l; - SecretSearchFlags flags = SECRET_SEARCH_LOAD_SECRETS | SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK; - SecretValue *secretValue; - gsize length; - gchar *value; - - attributes = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free); - g_hash_table_insert(attributes, g_strdup("server"), g_strdup(server)); - g_hash_table_insert(attributes, g_strdup("docker_cli"), g_strdup("1")); - - service = secret_service_get_sync(SECRET_SERVICE_NONE, NULL, &err); - if (err == NULL) { - items = secret_service_search_sync(service, DOCKER_SCHEMA, attributes, flags, NULL, &err); - if (err == NULL) { - for (l = items; l != NULL; l = g_list_next(l)) { - value = secret_item_get_schema_name(l->data); - if (strncmp(value, "io.docker.Credentials", strlen(value)) != 0) { - g_free(value); - continue; - } - g_free(value); - secretValue = secret_item_get_secret(l->data); - if (secret != NULL) { - *secret = strdup(secret_value_get(secretValue, &length)); - secret_value_unref(secretValue); - } - *username = get_attribute("username", l->data); - } - g_list_free_full(items, g_object_unref); - } - g_object_unref(service); - } - g_hash_table_unref(attributes); - if (err != NULL) { - return err; - } - return NULL; -} - -GError *list(char *ref_label, char *** paths, char *** accts, unsigned int *list_l) { - GList *items; - GError *err = NULL; - SecretService *service; - SecretSearchFlags flags = SECRET_SEARCH_LOAD_SECRETS | SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK; - GHashTable *attributes = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free); - - // List credentials with the right label only - g_hash_table_insert(attributes, g_strdup("label"), g_strdup(ref_label)); - - service = secret_service_get_sync(SECRET_SERVICE_NONE, NULL, &err); - if (err != NULL) { - return err; - } - - items = secret_service_search_sync(service, NULL, attributes, flags, NULL, &err); - int numKeys = g_list_length(items); - if (err != NULL) { - return err; - } - - char **tmp_paths = (char **) calloc(1,(int)sizeof(char *)*numKeys); - char **tmp_accts = (char **) calloc(1,(int)sizeof(char *)*numKeys); - - // items now contains our keys from the gnome keyring - // we will now put it in our two lists to return it to go - GList *current; - int listNumber = 0; - for(current = items; current!=NULL; current = current->next) { - char *pathTmp = secret_item_get_label(current->data); - // you cannot have a key without a label in the gnome keyring - char *acctTmp = get_attribute("username",current->data); - if (acctTmp==NULL) { - acctTmp = "account not defined"; - } - - tmp_paths[listNumber] = (char *) calloc(1, sizeof(char)*(strlen(pathTmp)+1)); - tmp_accts[listNumber] = (char *) calloc(1, sizeof(char)*(strlen(acctTmp)+1)); - - memcpy(tmp_paths[listNumber], pathTmp, sizeof(char)*(strlen(pathTmp)+1)); - memcpy(tmp_accts[listNumber], acctTmp, sizeof(char)*(strlen(acctTmp)+1)); - - listNumber = listNumber + 1; - } - - *paths = (char **) realloc(tmp_paths, (int)sizeof(char *)*listNumber); - *accts = (char **) realloc(tmp_accts, (int)sizeof(char *)*listNumber); - - *list_l = listNumber; - - return NULL; -} - -void freeListData(char *** data, unsigned int length) { - int i; - for(i=0; i -*/ -import "C" -import ( - "errors" - "unsafe" - - "github.com/docker/docker-credential-helpers/credentials" -) - -// Secretservice handles secrets using Linux secret-service as a store. -type Secretservice struct{} - -// Add adds new credentials to the keychain. -func (h Secretservice) Add(creds *credentials.Credentials) error { - if creds == nil { - return errors.New("missing credentials") - } - credsLabel := C.CString(credentials.CredsLabel) - defer C.free(unsafe.Pointer(credsLabel)) - server := C.CString(creds.ServerURL) - defer C.free(unsafe.Pointer(server)) - username := C.CString(creds.Username) - defer C.free(unsafe.Pointer(username)) - secret := C.CString(creds.Secret) - defer C.free(unsafe.Pointer(secret)) - - if err := C.add(credsLabel, server, username, secret); err != nil { - defer C.g_error_free(err) - errMsg := (*C.char)(unsafe.Pointer(err.message)) - return errors.New(C.GoString(errMsg)) - } - return nil -} - -// Delete removes credentials from the store. -func (h Secretservice) Delete(serverURL string) error { - if serverURL == "" { - return errors.New("missing server url") - } - server := C.CString(serverURL) - defer C.free(unsafe.Pointer(server)) - - if err := C.delete(server); err != nil { - defer C.g_error_free(err) - errMsg := (*C.char)(unsafe.Pointer(err.message)) - return errors.New(C.GoString(errMsg)) - } - return nil -} - -// Get returns the username and secret to use for a given registry server URL. -func (h Secretservice) Get(serverURL string) (string, string, error) { - if serverURL == "" { - return "", "", errors.New("missing server url") - } - var username *C.char - defer C.free(unsafe.Pointer(username)) - var secret *C.char - defer C.free(unsafe.Pointer(secret)) - server := C.CString(serverURL) - defer C.free(unsafe.Pointer(server)) - - err := C.get(server, &username, &secret) - if err != nil { - defer C.g_error_free(err) - errMsg := (*C.char)(unsafe.Pointer(err.message)) - return "", "", errors.New(C.GoString(errMsg)) - } - user := C.GoString(username) - pass := C.GoString(secret) - if pass == "" { - return "", "", credentials.NewErrCredentialsNotFound() - } - return user, pass, nil -} - -// List returns the stored URLs and corresponding usernames for a given credentials label -func (h Secretservice) List() (map[string]string, error) { - credsLabelC := C.CString(credentials.CredsLabel) - defer C.free(unsafe.Pointer(credsLabelC)) - - var pathsC **C.char - defer C.free(unsafe.Pointer(pathsC)) - var acctsC **C.char - defer C.free(unsafe.Pointer(acctsC)) - var listLenC C.uint - err := C.list(credsLabelC, &pathsC, &acctsC, &listLenC) - if err != nil { - defer C.free(unsafe.Pointer(err)) - return nil, errors.New("Error from list function in secretservice_linux.c likely due to error in secretservice library") - } - defer C.freeListData(&pathsC, listLenC) - defer C.freeListData(&acctsC, listLenC) - - resp := make(map[string]string) - - listLen := int(listLenC) - if listLen == 0 { - return resp, nil - } - pathTmp := (*[1 << 30]*C.char)(unsafe.Pointer(pathsC))[:listLen:listLen] - acctTmp := (*[1 << 30]*C.char)(unsafe.Pointer(acctsC))[:listLen:listLen] - for i := 0; i < listLen; i++ { - resp[C.GoString(pathTmp[i])] = C.GoString(acctTmp[i]) - } - - return resp, nil -} diff --git a/components/engine/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.h b/components/engine/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.h deleted file mode 100644 index a28179db3e..0000000000 --- a/components/engine/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.h +++ /dev/null @@ -1,13 +0,0 @@ -#define SECRET_WITH_UNSTABLE 1 -#define SECRET_API_SUBJECT_TO_CHANGE 1 -#include - -const SecretSchema *docker_get_schema(void) G_GNUC_CONST; - -#define DOCKER_SCHEMA docker_get_schema() - -GError *add(char *label, char *server, char *username, char *secret); -GError *delete(char *server); -GError *get(char *server, char **username, char **secret); -GError *list(char *label, char *** paths, char *** accts, unsigned int *list_l); -void freeListData(char *** data, unsigned int length); From cc72dd24453c968c937674c2d23d3bedb48233cb Mon Sep 17 00:00:00 2001 From: Stanislav Bondarenko Date: Sun, 21 May 2017 13:50:55 -0400 Subject: [PATCH 14/37] Stop referring CLI flags in error messages if API client is unknown Signed-off-by: Stanislav Bondarenko Upstream-commit: 92291a7355dff35be70b5d0ebf634f0232ca6a94 Component: engine --- .../engine/api/server/router/build/build_routes.go | 2 +- components/engine/api/server/router/experimental.go | 2 +- .../integration-cli/docker_cli_netmode_test.go | 2 +- components/engine/runconfig/config_test.go | 8 ++++---- components/engine/runconfig/hostconfig.go | 2 +- components/engine/runconfig/hostconfig_unix.go | 12 ++++++------ components/engine/runconfig/hostconfig_windows.go | 12 ++++++------ .../engine/runconfig/hostconfig_windows_test.go | 2 +- 8 files changed, 21 insertions(+), 21 deletions(-) diff --git a/components/engine/api/server/router/build/build_routes.go b/components/engine/api/server/router/build/build_routes.go index c90b5965b0..21487f7e85 100644 --- a/components/engine/api/server/router/build/build_routes.go +++ b/components/engine/api/server/router/build/build_routes.go @@ -77,7 +77,7 @@ func newImageBuildOptions(ctx context.Context, r *http.Request) (*types.ImageBui } if runtime.GOOS != "windows" && options.SecurityOpt != nil { - return nil, fmt.Errorf("the daemon on this platform does not support --security-opt to build") + return nil, fmt.Errorf("The daemon on this platform does not support setting security options on build") } var buildUlimits = []*units.Ulimit{} diff --git a/components/engine/api/server/router/experimental.go b/components/engine/api/server/router/experimental.go index 51385c2552..ac31f04877 100644 --- a/components/engine/api/server/router/experimental.go +++ b/components/engine/api/server/router/experimental.go @@ -11,7 +11,7 @@ import ( ) var ( - errExperimentalFeature = errors.New("This experimental feature is disabled by default. Start the Docker daemon with --experimental in order to enable it.") + errExperimentalFeature = errors.New("This experimental feature is disabled by default. Start the Docker daemon in experimental mode in order to enable it.") ) // ExperimentalRoute defines an experimental API route that can be enabled or disabled. diff --git a/components/engine/integration-cli/docker_cli_netmode_test.go b/components/engine/integration-cli/docker_cli_netmode_test.go index 7e63e9bf98..deb8f69160 100644 --- a/components/engine/integration-cli/docker_cli_netmode_test.go +++ b/components/engine/integration-cli/docker_cli_netmode_test.go @@ -44,7 +44,7 @@ func (s *DockerSuite) TestNetHostname(c *check.C) { c.Assert(out, checker.Contains, runconfig.ErrConflictNetworkHostname.Error()) out, _ = dockerCmdWithFail(c, "run", "--net=container", "busybox", "ps") - c.Assert(out, checker.Contains, "--net: invalid net mode: invalid container format container:") + c.Assert(out, checker.Contains, "Invalid network mode: invalid container format container:") out, _ = dockerCmdWithFail(c, "run", "--net=weird", "busybox", "ps") c.Assert(out, checker.Contains, "network weird not found") diff --git a/components/engine/runconfig/config_test.go b/components/engine/runconfig/config_test.go index f1f9de5950..83ec363a0b 100644 --- a/components/engine/runconfig/config_test.go +++ b/components/engine/runconfig/config_test.go @@ -75,9 +75,9 @@ func TestDecodeContainerConfig(t *testing.T) { // as to what level of container isolation is supported. func TestDecodeContainerConfigIsolation(t *testing.T) { - // An invalid isolation level + // An Invalid isolation level if _, _, _, err := callDecodeContainerConfigIsolation("invalid"); err != nil { - if !strings.Contains(err.Error(), `invalid --isolation: "invalid"`) { + if !strings.Contains(err.Error(), `Invalid isolation: "invalid"`) { t.Fatal(err) } } @@ -99,7 +99,7 @@ func TestDecodeContainerConfigIsolation(t *testing.T) { } } else { if _, _, _, err := callDecodeContainerConfigIsolation("process"); err != nil { - if !strings.Contains(err.Error(), `invalid --isolation: "process"`) { + if !strings.Contains(err.Error(), `Invalid isolation: "process"`) { t.Fatal(err) } } @@ -112,7 +112,7 @@ func TestDecodeContainerConfigIsolation(t *testing.T) { } } else { if _, _, _, err := callDecodeContainerConfigIsolation("hyperv"); err != nil { - if !strings.Contains(err.Error(), `invalid --isolation: "hyperv"`) { + if !strings.Contains(err.Error(), `Invalid isolation: "hyperv"`) { t.Fatal(err) } } diff --git a/components/engine/runconfig/hostconfig.go b/components/engine/runconfig/hostconfig.go index e8eede1505..24aed1935e 100644 --- a/components/engine/runconfig/hostconfig.go +++ b/components/engine/runconfig/hostconfig.go @@ -45,7 +45,7 @@ func validateNetContainerMode(c *container.Config, hc *container.HostConfig) err parts := strings.Split(string(hc.NetworkMode), ":") if parts[0] == "container" { if len(parts) < 2 || parts[1] == "" { - return fmt.Errorf("--net: invalid net mode: invalid container format container:") + return fmt.Errorf("Invalid network mode: invalid container format container:") } } diff --git a/components/engine/runconfig/hostconfig_unix.go b/components/engine/runconfig/hostconfig_unix.go index a60daa8787..55df5da3ff 100644 --- a/components/engine/runconfig/hostconfig_unix.go +++ b/components/engine/runconfig/hostconfig_unix.go @@ -55,7 +55,7 @@ func validateIsolation(hc *container.HostConfig) error { return nil } if !hc.Isolation.IsValid() { - return fmt.Errorf("invalid --isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS) + return fmt.Errorf("Invalid isolation: %q - %s only supports 'default'", hc.Isolation, runtime.GOOS) } return nil } @@ -68,11 +68,11 @@ func validateQoS(hc *container.HostConfig) error { } if hc.IOMaximumBandwidth != 0 { - return fmt.Errorf("invalid QoS settings: %s does not support --io-maxbandwidth", runtime.GOOS) + return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum bandwidth", runtime.GOOS) } if hc.IOMaximumIOps != 0 { - return fmt.Errorf("invalid QoS settings: %s does not support --io-maxiops", runtime.GOOS) + return fmt.Errorf("Invalid QoS settings: %s does not support configuration of maximum IOPs", runtime.GOOS) } return nil } @@ -86,15 +86,15 @@ func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { } if hc.Resources.CPURealtimePeriod > 0 && !si.CPURealtimePeriod { - return fmt.Errorf("invalid --cpu-rt-period: Your kernel does not support cgroup rt period") + return fmt.Errorf("Your kernel does not support cgroup cpu real-time period") } if hc.Resources.CPURealtimeRuntime > 0 && !si.CPURealtimeRuntime { - return fmt.Errorf("invalid --cpu-rt-runtime: Your kernel does not support cgroup rt runtime") + return fmt.Errorf("Your kernel does not support cgroup cpu real-time runtime") } if hc.Resources.CPURealtimePeriod != 0 && hc.Resources.CPURealtimeRuntime != 0 && hc.Resources.CPURealtimeRuntime > hc.Resources.CPURealtimePeriod { - return fmt.Errorf("invalid --cpu-rt-runtime: rt runtime cannot be higher than rt period") + return fmt.Errorf("cpu real-time runtime cannot be higher than cpu real-time period") } return nil } diff --git a/components/engine/runconfig/hostconfig_windows.go b/components/engine/runconfig/hostconfig_windows.go index 9ca93ae508..5eb956d1b4 100644 --- a/components/engine/runconfig/hostconfig_windows.go +++ b/components/engine/runconfig/hostconfig_windows.go @@ -31,7 +31,7 @@ func validateNetMode(c *container.Config, hc *container.HostConfig) error { } if hc.NetworkMode.IsContainer() && hc.Isolation.IsHyperV() { - return fmt.Errorf("net mode --net=container: unsupported for hyperv isolation") + return fmt.Errorf("Using the network stack of another container is not supported while using Hyper-V Containers") } return nil @@ -46,7 +46,7 @@ func validateIsolation(hc *container.HostConfig) error { return nil } if !hc.Isolation.IsValid() { - return fmt.Errorf("invalid --isolation: %q. Windows supports 'default', 'process', or 'hyperv'", hc.Isolation) + return fmt.Errorf("Invalid isolation: %q. Windows supports 'default', 'process', or 'hyperv'", hc.Isolation) } return nil } @@ -63,10 +63,10 @@ func validateResources(hc *container.HostConfig, si *sysinfo.SysInfo) error { return nil } if hc.Resources.CPURealtimePeriod != 0 { - return fmt.Errorf("invalid --cpu-rt-period: Windows does not support this feature") + return fmt.Errorf("Windows does not support CPU real-time period") } if hc.Resources.CPURealtimeRuntime != 0 { - return fmt.Errorf("invalid --cpu-rt-runtime: Windows does not support this feature") + return fmt.Errorf("Windows does not support CPU real-time runtime") } return nil } @@ -78,7 +78,7 @@ func validatePrivileged(hc *container.HostConfig) error { return nil } if hc.Privileged { - return fmt.Errorf("invalid --privileged: Windows does not support this feature") + return fmt.Errorf("Windows does not support privileged mode") } return nil } @@ -90,7 +90,7 @@ func validateReadonlyRootfs(hc *container.HostConfig) error { return nil } if hc.ReadonlyRootfs { - return fmt.Errorf("invalid --read-only: Windows does not support this feature") + return fmt.Errorf("Windows does not support root filesystem in read-only mode") } return nil } diff --git a/components/engine/runconfig/hostconfig_windows_test.go b/components/engine/runconfig/hostconfig_windows_test.go index 174a65fcb8..b780dc05df 100644 --- a/components/engine/runconfig/hostconfig_windows_test.go +++ b/components/engine/runconfig/hostconfig_windows_test.go @@ -9,7 +9,7 @@ import ( ) func TestValidatePrivileged(t *testing.T) { - expected := "invalid --privileged: Windows does not support this feature" + expected := "Windows does not support privileged mode" err := validatePrivileged(&container.HostConfig{Privileged: true}) if err == nil || err.Error() != expected { t.Fatalf("Expected %s", expected) From 90e101ed150aa10373e1ab32d955646016426f09 Mon Sep 17 00:00:00 2001 From: Ying Li Date: Mon, 22 May 2017 13:52:55 -0700 Subject: [PATCH 15/37] Do not clear swarm directory at the begining of swarm init and swarm join now. However, do clear the directory if init or join fails, because we don't want to leave it in a half-finished state. Signed-off-by: Ying Li Upstream-commit: bf3e9293a66c77a2fddf4e691222898846b4af9f Component: engine --- components/engine/daemon/cluster/swarm.go | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/components/engine/daemon/cluster/swarm.go b/components/engine/daemon/cluster/swarm.go index 8a8d5bf808..ef0596b6cc 100644 --- a/components/engine/daemon/cluster/swarm.go +++ b/components/engine/daemon/cluster/swarm.go @@ -88,10 +88,6 @@ func (c *Cluster) Init(req types.InitRequest) (string, error) { } } - if !req.ForceNewCluster { - clearPersistentState(c.root) - } - nr, err := c.newNodeRunner(nodeStartConfig{ forceNewCluster: req.ForceNewCluster, autolock: req.AutoLockManagers, @@ -109,16 +105,14 @@ func (c *Cluster) Init(req types.InitRequest) (string, error) { c.mu.Unlock() if err := <-nr.Ready(); err != nil { + c.mu.Lock() + c.nr = nil + c.mu.Unlock() if !req.ForceNewCluster { // if failure on first attempt don't keep state if err := clearPersistentState(c.root); err != nil { return "", err } } - if err != nil { - c.mu.Lock() - c.nr = nil - c.mu.Unlock() - } return "", err } state := nr.State() @@ -166,8 +160,6 @@ func (c *Cluster) Join(req types.JoinRequest) error { return err } - clearPersistentState(c.root) - nr, err := c.newNodeRunner(nodeStartConfig{ RemoteAddr: req.RemoteAddrs[0], ListenAddr: net.JoinHostPort(listenHost, listenPort), @@ -193,6 +185,9 @@ func (c *Cluster) Join(req types.JoinRequest) error { c.mu.Lock() c.nr = nil c.mu.Unlock() + if err := clearPersistentState(c.root); err != nil { + return err + } } return err } From 93de81213c30ba0265b4fd534a7e3ef7b2ee2185 Mon Sep 17 00:00:00 2001 From: chrisdias Date: Mon, 8 May 2017 14:32:54 -0700 Subject: [PATCH 16/37] Support FROM...AS syntax for multi stage build dockerfiles Signed-off-by: chrisdias Upstream-commit: 8523e9d108a0e98865673701a7bd0a7929c5260b Component: engine --- .../Syntaxes/Dockerfile.tmLanguage | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/components/engine/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage b/components/engine/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage index 948a9bfc20..5a273337f0 100644 --- a/components/engine/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage +++ b/components/engine/contrib/syntax/textmate/Docker.tmbundle/Syntaxes/Dockerfile.tmLanguage @@ -10,6 +10,23 @@ Dockerfile patterns + + captures + + 1 + + name + keyword.other.special-method.dockerfile + + 2 + + name + keyword.other.special-method.dockerfile + + + match + ^\s*\b(FROM)\b.*?\b(AS)\b + captures From 850d525b5f6a708c3fdef1947ee97f8a95843e6d Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 13 Apr 2017 18:44:36 -0400 Subject: [PATCH 17/37] Extract imageProber and ContainerBackend from Builder Extract a common function for builder.createContainer Extract imageCache for doing cache probes Removes the cacheBuested field from Builder Create a new containerManager class which reduces the interface between the builder and managing containers to 3 functions (from 6) Signed-off-by: Daniel Nephin Upstream-commit: 19f3b0715cf89f336efa286ea1d3f8b57d8c4973 Component: engine --- components/engine/builder/builder.go | 34 +-- .../engine/builder/dockerfile/buildargs.go | 3 +- .../builder/dockerfile/buildargs_test.go | 2 +- .../engine/builder/dockerfile/builder.go | 57 +++-- .../builder/dockerfile/containerbackend.go | 143 ++++++++++++ .../engine/builder/dockerfile/dispatchers.go | 36 +-- .../builder/dockerfile/dispatchers_test.go | 11 +- .../engine/builder/dockerfile/imageprobe.go | 63 ++++++ .../engine/builder/dockerfile/internals.go | 205 ++++-------------- .../builder/dockerfile/mockbackend_test.go | 14 +- .../integration-cli/docker_cli_images_test.go | 2 +- 11 files changed, 335 insertions(+), 235 deletions(-) create mode 100644 components/engine/builder/dockerfile/containerbackend.go create mode 100644 components/engine/builder/dockerfile/imageprobe.go diff --git a/components/engine/builder/builder.go b/components/engine/builder/builder.go index cc7c25955a..1aea99ea90 100644 --- a/components/engine/builder/builder.go +++ b/components/engine/builder/builder.go @@ -7,12 +7,11 @@ package builder import ( "io" - "golang.org/x/net/context" - "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/backend" "github.com/docker/docker/api/types/container" containerpkg "github.com/docker/docker/container" + "golang.org/x/net/context" ) const ( @@ -36,21 +35,10 @@ type Source interface { // Backend abstracts calls to a Docker Daemon. type Backend interface { ImageBackend + ExecBackend - // ContainerAttachRaw attaches to container. - ContainerAttachRaw(cID string, stdin io.ReadCloser, stdout, stderr io.Writer, stream bool, attached chan struct{}) error - // ContainerCreate creates a new Docker container and returns potential warnings - ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error) - // ContainerRm removes a container specified by `id`. - ContainerRm(name string, config *types.ContainerRmConfig) error // Commit creates a new Docker image from an existing Docker container. Commit(string, *backend.ContainerCommitConfig) (string, error) - // ContainerKill stops the container execution abruptly. - ContainerKill(containerID string, sig uint64) error - // ContainerStart starts a new container - ContainerStart(containerID string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error - // ContainerWait stops processing until the given container is stopped. - ContainerWait(ctx context.Context, name string, condition containerpkg.WaitCondition) (<-chan containerpkg.StateStatus, error) // ContainerCreateWorkdir creates the workdir ContainerCreateWorkdir(containerID string) error @@ -59,6 +47,8 @@ type Backend interface { // TODO: extract in the builder instead of passing `decompress` // TODO: use containerd/fs.changestream instead as a source CopyOnBuild(containerID string, destPath string, srcRoot string, srcPath string, decompress bool) error + + ImageCacheBuilder } // ImageBackend are the interface methods required from an image component @@ -66,6 +56,22 @@ type ImageBackend interface { GetImageAndReleasableLayer(ctx context.Context, refOrID string, opts backend.GetImageAndLayerOptions) (Image, ReleaseableLayer, error) } +// ExecBackend contains the interface methods required for executing containers +type ExecBackend interface { + // ContainerAttachRaw attaches to container. + ContainerAttachRaw(cID string, stdin io.ReadCloser, stdout, stderr io.Writer, stream bool, attached chan struct{}) error + // ContainerCreate creates a new Docker container and returns potential warnings + ContainerCreate(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error) + // ContainerRm removes a container specified by `id`. + ContainerRm(name string, config *types.ContainerRmConfig) error + // ContainerKill stops the container execution abruptly. + ContainerKill(containerID string, sig uint64) error + // ContainerStart starts a new container + ContainerStart(containerID string, hostConfig *container.HostConfig, checkpoint string, checkpointDir string) error + // ContainerWait stops processing until the given container is stopped. + ContainerWait(ctx context.Context, name string, condition containerpkg.WaitCondition) (<-chan containerpkg.StateStatus, error) +} + // Result is the output produced by a Builder type Result struct { ImageID string diff --git a/components/engine/builder/dockerfile/buildargs.go b/components/engine/builder/dockerfile/buildargs.go index 44687aaff4..e0daf9a77f 100644 --- a/components/engine/builder/dockerfile/buildargs.go +++ b/components/engine/builder/dockerfile/buildargs.go @@ -2,8 +2,9 @@ package dockerfile import ( "fmt" - "github.com/docker/docker/runconfig/opts" "io" + + "github.com/docker/docker/runconfig/opts" ) // builtinAllowedBuildArgs is list of built-in allowed build args diff --git a/components/engine/builder/dockerfile/buildargs_test.go b/components/engine/builder/dockerfile/buildargs_test.go index 0288770665..77113ea21b 100644 --- a/components/engine/builder/dockerfile/buildargs_test.go +++ b/components/engine/builder/dockerfile/buildargs_test.go @@ -1,9 +1,9 @@ package dockerfile import ( + "bytes" "testing" - "bytes" "github.com/stretchr/testify/assert" ) diff --git a/components/engine/builder/dockerfile/builder.go b/components/engine/builder/dockerfile/builder.go index c77d535df4..f507766220 100644 --- a/components/engine/builder/dockerfile/builder.go +++ b/components/engine/builder/dockerfile/builder.go @@ -35,8 +35,6 @@ var validCommitCommands = map[string]bool{ "workdir": true, } -var defaultLogConfig = container.LogConfig{Type: "none"} - // BuildManager is shared across all Builder objects type BuildManager struct { backend builder.Backend @@ -100,14 +98,13 @@ type Builder struct { docker builder.Backend clientCtx context.Context - tmpContainers map[string]struct{} - buildStages *buildStages - disableCommit bool - cacheBusted bool - buildArgs *buildArgs - imageCache builder.ImageCache - imageSources *imageSources - pathCache pathCache + buildStages *buildStages + disableCommit bool + buildArgs *buildArgs + imageSources *imageSources + pathCache pathCache + containerManager *containerManager + imageProber ImageProber } // newBuilder creates a new Dockerfile builder from an optional dockerfile and a Options. @@ -117,29 +114,23 @@ func newBuilder(clientCtx context.Context, options builderOptions) *Builder { config = new(types.ImageBuildOptions) } b := &Builder{ - clientCtx: clientCtx, - options: config, - Stdout: options.ProgressWriter.StdoutFormatter, - Stderr: options.ProgressWriter.StderrFormatter, - Aux: options.ProgressWriter.AuxFormatter, - Output: options.ProgressWriter.Output, - docker: options.Backend, - tmpContainers: map[string]struct{}{}, - buildArgs: newBuildArgs(config.BuildArgs), - buildStages: newBuildStages(), - imageSources: newImageSources(clientCtx, options), - pathCache: options.PathCache, + clientCtx: clientCtx, + options: config, + Stdout: options.ProgressWriter.StdoutFormatter, + Stderr: options.ProgressWriter.StderrFormatter, + Aux: options.ProgressWriter.AuxFormatter, + Output: options.ProgressWriter.Output, + docker: options.Backend, + buildArgs: newBuildArgs(config.BuildArgs), + buildStages: newBuildStages(), + imageSources: newImageSources(clientCtx, options), + pathCache: options.PathCache, + imageProber: newImageProber(options.Backend, config.CacheFrom, config.NoCache), + containerManager: newContainerManager(options.Backend), } return b } -func (b *Builder) resetImageCache() { - if icb, ok := b.docker.(builder.ImageCacheBuilder); ok { - b.imageCache = icb.MakeImageCache(b.options.CacheFrom) - } - b.cacheBusted = false -} - // Build runs the Dockerfile builder by parsing the Dockerfile and executing // the instructions from the file. func (b *Builder) build(source builder.Source, dockerfile *parser.Result) (*builder.Result, error) { @@ -216,14 +207,14 @@ func (b *Builder) dispatchDockerfileWithCancellation(dockerfile *parser.Result, } if state, err = b.dispatch(opts); err != nil { if b.options.ForceRemove { - b.clearTmp() + b.containerManager.RemoveAll(b.Stdout) } return nil, err } fmt.Fprintf(b.Stdout, " ---> %s\n", stringid.TruncateID(state.imageID)) if b.options.Remove { - b.clearTmp() + b.containerManager.RemoveAll(b.Stdout) } } @@ -258,7 +249,9 @@ func BuildFromConfig(config *container.Config, changes []string) (*container.Con return config, nil } - b := newBuilder(context.Background(), builderOptions{}) + b := newBuilder(context.Background(), builderOptions{ + Options: &types.ImageBuildOptions{NoCache: true}, + }) dockerfile, err := parser.Parse(bytes.NewBufferString(strings.Join(changes, "\n"))) if err != nil { diff --git a/components/engine/builder/dockerfile/containerbackend.go b/components/engine/builder/dockerfile/containerbackend.go new file mode 100644 index 0000000000..aa8001ae60 --- /dev/null +++ b/components/engine/builder/dockerfile/containerbackend.go @@ -0,0 +1,143 @@ +package dockerfile + +import ( + "fmt" + "io" + + "github.com/Sirupsen/logrus" + "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/container" + "github.com/docker/docker/builder" + containerpkg "github.com/docker/docker/container" + "github.com/docker/docker/pkg/stringid" + "github.com/pkg/errors" + "golang.org/x/net/context" +) + +type containerManager struct { + tmpContainers map[string]struct{} + backend builder.ExecBackend +} + +// newContainerManager creates a new container backend +func newContainerManager(docker builder.ExecBackend) *containerManager { + return &containerManager{ + backend: docker, + tmpContainers: make(map[string]struct{}), + } +} + +// Create a container +func (c *containerManager) Create(runConfig *container.Config, hostConfig *container.HostConfig) (container.ContainerCreateCreatedBody, error) { + container, err := c.backend.ContainerCreate(types.ContainerCreateConfig{ + Config: runConfig, + HostConfig: hostConfig, + }) + if err != nil { + return container, err + } + c.tmpContainers[container.ID] = struct{}{} + return container, nil +} + +var errCancelled = errors.New("build cancelled") + +// Run a container by ID +func (c *containerManager) Run(ctx context.Context, cID string, stdout, stderr io.Writer) (err error) { + attached := make(chan struct{}) + errCh := make(chan error) + go func() { + errCh <- c.backend.ContainerAttachRaw(cID, nil, stdout, stderr, true, attached) + }() + select { + case err := <-errCh: + return err + case <-attached: + } + + finished := make(chan struct{}) + cancelErrCh := make(chan error, 1) + go func() { + select { + case <-ctx.Done(): + logrus.Debugln("Build cancelled, killing and removing container:", cID) + c.backend.ContainerKill(cID, 0) + c.removeContainer(cID, stdout) + cancelErrCh <- errCancelled + case <-finished: + cancelErrCh <- nil + } + }() + + if err := c.backend.ContainerStart(cID, nil, "", ""); err != nil { + close(finished) + logCancellationError(cancelErrCh, "error from ContainerStart: "+err.Error()) + return err + } + + // Block on reading output from container, stop on err or chan closed + if err := <-errCh; err != nil { + close(finished) + logCancellationError(cancelErrCh, "error from errCh: "+err.Error()) + return err + } + + waitC, err := c.backend.ContainerWait(ctx, cID, containerpkg.WaitConditionNotRunning) + if err != nil { + close(finished) + logCancellationError(cancelErrCh, fmt.Sprintf("unable to begin ContainerWait: %s", err)) + return err + } + + if status := <-waitC; status.ExitCode() != 0 { + close(finished) + logCancellationError(cancelErrCh, + fmt.Sprintf("a non-zero code from ContainerWait: %d", status.ExitCode())) + return &statusCodeError{code: status.ExitCode(), err: err} + } + + close(finished) + return <-cancelErrCh +} + +func logCancellationError(cancelErrCh chan error, msg string) { + if cancelErr := <-cancelErrCh; cancelErr != nil { + logrus.Debugf("Build cancelled (%v): ", cancelErr, msg) + } +} + +type statusCodeError struct { + code int + err error +} + +func (e *statusCodeError) Error() string { + return e.err.Error() +} + +func (e *statusCodeError) StatusCode() int { + return e.code +} + +func (c *containerManager) removeContainer(containerID string, stdout io.Writer) error { + rmConfig := &types.ContainerRmConfig{ + ForceRemove: true, + RemoveVolume: true, + } + if err := c.backend.ContainerRm(containerID, rmConfig); err != nil { + fmt.Fprintf(stdout, "Error removing intermediate container %s: %v\n", stringid.TruncateID(containerID), err) + return err + } + return nil +} + +// RemoveAll containers managed by this container manager +func (c *containerManager) RemoveAll(stdout io.Writer) { + for containerID := range c.tmpContainers { + if err := c.removeContainer(containerID, stdout); err != nil { + return + } + delete(c.tmpContainers, containerID) + fmt.Fprintf(stdout, "Removing intermediate container %s\n", stringid.TruncateID(containerID)) + } +} diff --git a/components/engine/builder/dockerfile/dispatchers.go b/components/engine/builder/dockerfile/dispatchers.go index 78eeab31c5..dd5714ecb0 100644 --- a/components/engine/builder/dockerfile/dispatchers.go +++ b/components/engine/builder/dockerfile/dispatchers.go @@ -19,11 +19,11 @@ import ( "github.com/Sirupsen/logrus" "github.com/docker/docker/api" - "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/strslice" "github.com/docker/docker/builder" "github.com/docker/docker/builder/dockerfile/parser" + "github.com/docker/docker/pkg/jsonmessage" "github.com/docker/docker/pkg/signal" "github.com/docker/go-connections/nat" "github.com/pkg/errors" @@ -218,7 +218,7 @@ func from(req dispatchRequest) error { return err } - req.builder.resetImageCache() + req.builder.imageProber.Reset() image, err := req.builder.getFromImage(req.shlex, req.args[0]) if err != nil { return err @@ -398,24 +398,15 @@ func workdir(req dispatchRequest) error { comment := "WORKDIR " + runConfig.WorkingDir runConfigWithCommentCmd := copyRunConfig(runConfig, withCmdCommentString(comment)) - if hit, err := req.builder.probeCache(req.state, runConfigWithCommentCmd); err != nil || hit { + containerID, err := req.builder.probeAndCreate(req.state, runConfigWithCommentCmd) + if err != nil || containerID == "" { + return err + } + if err := req.builder.docker.ContainerCreateWorkdir(containerID); err != nil { return err } - container, err := req.builder.docker.ContainerCreate(types.ContainerCreateConfig{ - Config: runConfigWithCommentCmd, - // Set a log config to override any default value set on the daemon - HostConfig: &container.HostConfig{LogConfig: defaultLogConfig}, - }) - if err != nil { - return err - } - req.builder.tmpContainers[container.ID] = struct{}{} - if err := req.builder.docker.ContainerCreateWorkdir(container.ID); err != nil { - return err - } - - return req.builder.commitContainer(req.state, container.ID, runConfigWithCommentCmd) + return req.builder.commitContainer(req.state, containerID, runConfigWithCommentCmd) } // RUN some command yo @@ -471,7 +462,16 @@ func run(req dispatchRequest) error { if err != nil { return err } - if err := req.builder.run(cID, runConfig.Cmd); err != nil { + if err := req.builder.containerManager.Run(req.builder.clientCtx, cID, req.builder.Stdout, req.builder.Stderr); err != nil { + if err, ok := err.(*statusCodeError); ok { + // TODO: change error type, because jsonmessage.JSONError assumes HTTP + return &jsonmessage.JSONError{ + Message: fmt.Sprintf( + "The command '%s' returned a non-zero code: %d", + strings.Join(runConfig.Cmd, " "), err.StatusCode()), + Code: err.StatusCode(), + } + } return err } diff --git a/components/engine/builder/dockerfile/dispatchers_test.go b/components/engine/builder/dockerfile/dispatchers_test.go index 6134ce4a0f..91d00758d4 100644 --- a/components/engine/builder/dockerfile/dispatchers_test.go +++ b/components/engine/builder/dockerfile/dispatchers_test.go @@ -7,6 +7,7 @@ import ( "bytes" "context" + "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/backend" "github.com/docker/docker/api/types/container" @@ -54,7 +55,6 @@ func newBuilderWithMockBackend() *Builder { options: &types.ImageBuildOptions{}, docker: mockBackend, buildArgs: newBuildArgs(make(map[string]*string)), - tmpContainers: make(map[string]struct{}), Stdout: new(bytes.Buffer), clientCtx: ctx, disableCommit: true, @@ -62,7 +62,9 @@ func newBuilderWithMockBackend() *Builder { Options: &types.ImageBuildOptions{}, Backend: mockBackend, }), - buildStages: newBuildStages(), + buildStages: newBuildStages(), + imageProber: newImageProber(mockBackend, nil, false), + containerManager: newContainerManager(mockBackend), } return b } @@ -479,9 +481,12 @@ func TestRunWithBuildArgs(t *testing.T) { return "", nil }, } - b.imageCache = imageCache mockBackend := b.docker.(*MockBackend) + mockBackend.makeImageCacheFunc = func(_ []string) builder.ImageCache { + return imageCache + } + b.imageProber = newImageProber(mockBackend, nil, false) mockBackend.getImageFunc = func(_ string) (builder.Image, builder.ReleaseableLayer, error) { return &mockImage{ id: "abcdef", diff --git a/components/engine/builder/dockerfile/imageprobe.go b/components/engine/builder/dockerfile/imageprobe.go new file mode 100644 index 0000000000..3a3942888c --- /dev/null +++ b/components/engine/builder/dockerfile/imageprobe.go @@ -0,0 +1,63 @@ +package dockerfile + +import ( + "github.com/Sirupsen/logrus" + "github.com/docker/docker/api/types/container" + "github.com/docker/docker/builder" +) + +// ImageProber exposes an Image cache to the Builder. It supports resetting a +// cache. +type ImageProber interface { + Reset() + Probe(parentID string, runConfig *container.Config) (string, error) +} + +type imageProber struct { + cache builder.ImageCache + reset func() builder.ImageCache + cacheBusted bool +} + +func newImageProber(cacheBuilder builder.ImageCacheBuilder, cacheFrom []string, noCache bool) ImageProber { + if noCache { + return &nopProber{} + } + + reset := func() builder.ImageCache { + return cacheBuilder.MakeImageCache(cacheFrom) + } + return &imageProber{cache: reset(), reset: reset} +} + +func (c *imageProber) Reset() { + c.cache = c.reset() + c.cacheBusted = false +} + +// Probe checks if cache match can be found for current build instruction. +// It returns the cachedID if there is a hit, and the empty string on miss +func (c *imageProber) Probe(parentID string, runConfig *container.Config) (string, error) { + if c.cacheBusted { + return "", nil + } + cacheID, err := c.cache.GetCache(parentID, runConfig) + if err != nil { + return "", err + } + if len(cacheID) == 0 { + logrus.Debugf("[BUILDER] Cache miss: %s", runConfig.Cmd) + c.cacheBusted = true + return "", nil + } + logrus.Debugf("[BUILDER] Use cached version: %s", runConfig.Cmd) + return cacheID, nil +} + +type nopProber struct{} + +func (c *nopProber) Reset() {} + +func (c *nopProber) Probe(_ string, _ *container.Config) (string, error) { + return "", nil +} diff --git a/components/engine/builder/dockerfile/internals.go b/components/engine/builder/dockerfile/internals.go index 42fe897b9e..2d02e57a69 100644 --- a/components/engine/builder/dockerfile/internals.go +++ b/components/engine/builder/dockerfile/internals.go @@ -9,12 +9,9 @@ import ( "fmt" "strings" - "github.com/Sirupsen/logrus" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/backend" "github.com/docker/docker/api/types/container" - containerpkg "github.com/docker/docker/container" - "github.com/docker/docker/pkg/jsonmessage" "github.com/docker/docker/pkg/stringid" "github.com/pkg/errors" ) @@ -74,20 +71,11 @@ func (b *Builder) performCopy(state *dispatchState, inst copyInstruction) error runConfigWithCommentCmd := copyRunConfig( state.runConfig, withCmdCommentString(fmt.Sprintf("%s %s in %s ", inst.cmdName, srcHash, inst.dest))) - if hit, err := b.probeCache(state, runConfigWithCommentCmd); err != nil || hit { + containerID, err := b.probeAndCreate(state, runConfigWithCommentCmd) + if err != nil || containerID == "" { return err } - container, err := b.docker.ContainerCreate(types.ContainerCreateConfig{ - Config: runConfigWithCommentCmd, - // Set a log config to override any default value set on the daemon - HostConfig: &container.HostConfig{LogConfig: defaultLogConfig}, - }) - if err != nil { - return err - } - b.tmpContainers[container.ID] = struct{}{} - // Twiddle the destination when it's a relative path - meaning, make it // relative to the WORKINGDIR dest, err := normaliseDest(inst.cmdName, state.runConfig.WorkingDir, inst.dest) @@ -96,11 +84,11 @@ func (b *Builder) performCopy(state *dispatchState, inst copyInstruction) error } for _, info := range inst.infos { - if err := b.docker.CopyOnBuild(container.ID, dest, info.root, info.path, inst.allowLocalDecompression); err != nil { + if err := b.docker.CopyOnBuild(containerID, dest, info.root, info.path, inst.allowLocalDecompression); err != nil { return err } } - return b.commitContainer(state, container.ID, runConfigWithCommentCmd) + return b.commitContainer(state, containerID, runConfigWithCommentCmd) } // For backwards compat, if there's just one info then use it as the @@ -186,166 +174,65 @@ func getShell(c *container.Config) []string { return append([]string{}, c.Shell[:]...) } -// probeCache checks if cache match can be found for current build instruction. -// If an image is found, probeCache returns `(true, nil)`. -// If no image is found, it returns `(false, nil)`. -// If there is any error, it returns `(false, err)`. func (b *Builder) probeCache(dispatchState *dispatchState, runConfig *container.Config) (bool, error) { - c := b.imageCache - if c == nil || b.options.NoCache || b.cacheBusted { - return false, nil - } - cache, err := c.GetCache(dispatchState.imageID, runConfig) - if err != nil { + cachedID, err := b.imageProber.Probe(dispatchState.imageID, runConfig) + if cachedID == "" || err != nil { return false, err } - if len(cache) == 0 { - logrus.Debugf("[BUILDER] Cache miss: %s", runConfig.Cmd) - b.cacheBusted = true - return false, nil - } - fmt.Fprint(b.Stdout, " ---> Using cache\n") - logrus.Debugf("[BUILDER] Use cached version: %s", runConfig.Cmd) - dispatchState.imageID = string(cache) - b.buildStages.update(dispatchState.imageID, runConfig) + dispatchState.imageID = string(cachedID) + b.buildStages.update(dispatchState.imageID, runConfig) return true, nil } +var defaultLogConfig = container.LogConfig{Type: "none"} + +func (b *Builder) probeAndCreate(dispatchState *dispatchState, runConfig *container.Config) (string, error) { + if hit, err := b.probeCache(dispatchState, runConfig); err != nil || hit { + return "", err + } + // Set a log config to override any default value set on the daemon + hostConfig := &container.HostConfig{LogConfig: defaultLogConfig} + container, err := b.containerManager.Create(runConfig, hostConfig) + return container.ID, err +} + func (b *Builder) create(runConfig *container.Config) (string, error) { - resources := container.Resources{ - CgroupParent: b.options.CgroupParent, - CPUShares: b.options.CPUShares, - CPUPeriod: b.options.CPUPeriod, - CPUQuota: b.options.CPUQuota, - CpusetCpus: b.options.CPUSetCPUs, - CpusetMems: b.options.CPUSetMems, - Memory: b.options.Memory, - MemorySwap: b.options.MemorySwap, - Ulimits: b.options.Ulimits, - } - - // TODO: why not embed a hostconfig in builder? - hostConfig := &container.HostConfig{ - SecurityOpt: b.options.SecurityOpt, - Isolation: b.options.Isolation, - ShmSize: b.options.ShmSize, - Resources: resources, - NetworkMode: container.NetworkMode(b.options.NetworkMode), - // Set a log config to override any default value set on the daemon - LogConfig: defaultLogConfig, - ExtraHosts: b.options.ExtraHosts, - } - - // Create the container - c, err := b.docker.ContainerCreate(types.ContainerCreateConfig{ - Config: runConfig, - HostConfig: hostConfig, - }) + hostConfig := hostConfigFromOptions(b.options) + container, err := b.containerManager.Create(runConfig, hostConfig) if err != nil { return "", err } - for _, warning := range c.Warnings { + // TODO: could this be moved into containerManager.Create() ? + for _, warning := range container.Warnings { fmt.Fprintf(b.Stdout, " ---> [Warning] %s\n", warning) } - - b.tmpContainers[c.ID] = struct{}{} - fmt.Fprintf(b.Stdout, " ---> Running in %s\n", stringid.TruncateID(c.ID)) - return c.ID, nil + fmt.Fprintf(b.Stdout, " ---> Running in %s\n", stringid.TruncateID(container.ID)) + return container.ID, nil } -var errCancelled = errors.New("build cancelled") - -func (b *Builder) run(cID string, cmd []string) (err error) { - attached := make(chan struct{}) - errCh := make(chan error) - go func() { - errCh <- b.docker.ContainerAttachRaw(cID, nil, b.Stdout, b.Stderr, true, attached) - }() - - select { - case err := <-errCh: - return err - case <-attached: +func hostConfigFromOptions(options *types.ImageBuildOptions) *container.HostConfig { + resources := container.Resources{ + CgroupParent: options.CgroupParent, + CPUShares: options.CPUShares, + CPUPeriod: options.CPUPeriod, + CPUQuota: options.CPUQuota, + CpusetCpus: options.CPUSetCPUs, + CpusetMems: options.CPUSetMems, + Memory: options.Memory, + MemorySwap: options.MemorySwap, + Ulimits: options.Ulimits, } - finished := make(chan struct{}) - cancelErrCh := make(chan error, 1) - go func() { - select { - case <-b.clientCtx.Done(): - logrus.Debugln("Build cancelled, killing and removing container:", cID) - b.docker.ContainerKill(cID, 0) - b.removeContainer(cID) - cancelErrCh <- errCancelled - case <-finished: - cancelErrCh <- nil - } - }() - - if err := b.docker.ContainerStart(cID, nil, "", ""); err != nil { - close(finished) - if cancelErr := <-cancelErrCh; cancelErr != nil { - logrus.Debugf("Build cancelled (%v) and got an error from ContainerStart: %v", - cancelErr, err) - } - return err - } - - // Block on reading output from container, stop on err or chan closed - if err := <-errCh; err != nil { - close(finished) - if cancelErr := <-cancelErrCh; cancelErr != nil { - logrus.Debugf("Build cancelled (%v) and got an error from errCh: %v", - cancelErr, err) - } - return err - } - - waitC, err := b.docker.ContainerWait(b.clientCtx, cID, containerpkg.WaitConditionNotRunning) - if err != nil { - // Unable to begin waiting for container. - close(finished) - if cancelErr := <-cancelErrCh; cancelErr != nil { - logrus.Debugf("Build cancelled (%v) and unable to begin ContainerWait: %d", cancelErr, err) - } - return err - } - - if status := <-waitC; status.ExitCode() != 0 { - close(finished) - if cancelErr := <-cancelErrCh; cancelErr != nil { - logrus.Debugf("Build cancelled (%v) and got a non-zero code from ContainerWait: %d", cancelErr, status.ExitCode()) - } - // TODO: change error type, because jsonmessage.JSONError assumes HTTP - return &jsonmessage.JSONError{ - Message: fmt.Sprintf("The command '%s' returned a non-zero code: %d", strings.Join(cmd, " "), status.ExitCode()), - Code: status.ExitCode(), - } - } - close(finished) - return <-cancelErrCh -} - -func (b *Builder) removeContainer(c string) error { - rmConfig := &types.ContainerRmConfig{ - ForceRemove: true, - RemoveVolume: true, - } - if err := b.docker.ContainerRm(c, rmConfig); err != nil { - fmt.Fprintf(b.Stdout, "Error removing intermediate container %s: %v\n", stringid.TruncateID(c), err) - return err - } - return nil -} - -func (b *Builder) clearTmp() { - for c := range b.tmpContainers { - if err := b.removeContainer(c); err != nil { - return - } - delete(b.tmpContainers, c) - fmt.Fprintf(b.Stdout, "Removing intermediate container %s\n", stringid.TruncateID(c)) + return &container.HostConfig{ + SecurityOpt: options.SecurityOpt, + Isolation: options.Isolation, + ShmSize: options.ShmSize, + Resources: resources, + NetworkMode: container.NetworkMode(options.NetworkMode), + // Set a log config to override any default value set on the daemon + LogConfig: defaultLogConfig, + ExtraHosts: options.ExtraHosts, } } diff --git a/components/engine/builder/dockerfile/mockbackend_test.go b/components/engine/builder/dockerfile/mockbackend_test.go index 3c273c71bc..08ce18c2e8 100644 --- a/components/engine/builder/dockerfile/mockbackend_test.go +++ b/components/engine/builder/dockerfile/mockbackend_test.go @@ -3,13 +3,11 @@ package dockerfile import ( "io" - "github.com/docker/distribution/reference" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/backend" "github.com/docker/docker/api/types/container" "github.com/docker/docker/builder" containerpkg "github.com/docker/docker/container" - "github.com/docker/docker/image" "golang.org/x/net/context" ) @@ -18,10 +16,7 @@ type MockBackend struct { containerCreateFunc func(config types.ContainerCreateConfig) (container.ContainerCreateCreatedBody, error) commitFunc func(string, *backend.ContainerCommitConfig) (string, error) getImageFunc func(string) (builder.Image, builder.ReleaseableLayer, error) -} - -func (m *MockBackend) TagImageWithReference(image.ID, reference.Named) error { - return nil + makeImageCacheFunc func(cacheFrom []string) builder.ImageCache } func (m *MockBackend) ContainerAttachRaw(cID string, stdin io.ReadCloser, stdout, stderr io.Writer, stream bool, attached chan struct{}) error { @@ -74,6 +69,13 @@ func (m *MockBackend) GetImageAndReleasableLayer(ctx context.Context, refOrID st return &mockImage{id: "theid"}, &mockLayer{}, nil } +func (m *MockBackend) MakeImageCache(cacheFrom []string) builder.ImageCache { + if m.makeImageCacheFunc != nil { + return m.makeImageCacheFunc(cacheFrom) + } + return nil +} + type mockImage struct { id string config *container.Config diff --git a/components/engine/integration-cli/docker_cli_images_test.go b/components/engine/integration-cli/docker_cli_images_test.go index d463db4508..dccbe12626 100644 --- a/components/engine/integration-cli/docker_cli_images_test.go +++ b/components/engine/integration-cli/docker_cli_images_test.go @@ -100,7 +100,7 @@ func (s *DockerSuite) TestImagesFilterLabelMatch(c *check.C) { } // Regression : #15659 -func (s *DockerSuite) TestImagesFilterLabelWithCommit(c *check.C) { +func (s *DockerSuite) TestCommitWithFilterLabel(c *check.C) { // Create a container dockerCmd(c, "run", "--name", "bar", "busybox", "/bin/sh") // Commit with labels "using changes" From bdc8240507007e98bdaf41a5fba519e4ce4edf44 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Tue, 23 May 2017 12:48:22 -0700 Subject: [PATCH 18/37] Fix `request.SockRequestRaw` error check We should check for error before reading the response (response can be nil, and thus this would panic) Signed-off-by: Vincent Demeester Upstream-commit: 45e0376ea361811b2f5d0653a6b103dd39653371 Component: engine --- components/engine/integration-cli/request/request.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/components/engine/integration-cli/request/request.go b/components/engine/integration-cli/request/request.go index cb0e39953e..be3628b9b2 100644 --- a/components/engine/integration-cli/request/request.go +++ b/components/engine/integration-cli/request/request.go @@ -217,13 +217,14 @@ func SockRequestRaw(method, endpoint string, data io.Reader, ct, daemon string, } resp, err := client.Do(req) + if err != nil { + client.Close() + return resp, nil, err + } body := ioutils.NewReadCloserWrapper(resp.Body, func() error { defer resp.Body.Close() return client.Close() }) - if err != nil { - client.Close() - } return resp, body, err } From 5556f64d13d9d0346684d3b4eb209ebc67aafdfb Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Tue, 23 May 2017 14:06:18 -0700 Subject: [PATCH 19/37] Vendor swarmkit 7e096ced Signed-off-by: Aaron Lehmann Upstream-commit: 10df99f9ae48acc9888494223256637a8ca06f50 Component: engine --- .../engine/daemon/cluster/convert/network.go | 12 +- .../cluster/executor/container/container.go | 4 +- components/engine/vendor.conf | 2 +- .../docker/swarmkit/api/specs.pb.go | 437 +++++++++++------- .../docker/swarmkit/api/specs.proto | 12 +- .../networkallocator/drivers_darwin.go | 3 +- .../github.com/docker/swarmkit/vendor.conf | 5 +- 7 files changed, 297 insertions(+), 178 deletions(-) diff --git a/components/engine/daemon/cluster/convert/network.go b/components/engine/daemon/cluster/convert/network.go index 143869a117..6f8b7938ce 100644 --- a/components/engine/daemon/cluster/convert/network.go +++ b/components/engine/daemon/cluster/convert/network.go @@ -36,9 +36,9 @@ func networkFromGRPC(n *swarmapi.Network) types.Network { IPAMOptions: ipamFromGRPC(n.IPAM), } - if n.Spec.ConfigFrom != "" { + if n.Spec.GetNetwork() != "" { network.Spec.ConfigFrom = &networktypes.ConfigReference{ - Network: n.Spec.ConfigFrom, + Network: n.Spec.GetNetwork(), } } @@ -169,9 +169,9 @@ func BasicNetworkFromGRPC(n swarmapi.Network) basictypes.NetworkResource { Labels: n.Spec.Annotations.Labels, } - if n.Spec.ConfigFrom != "" { + if n.Spec.GetNetwork() != "" { nr.ConfigFrom = networktypes.ConfigReference{ - Network: n.Spec.ConfigFrom, + Network: n.Spec.GetNetwork(), } } @@ -221,7 +221,9 @@ func BasicNetworkCreateToGRPC(create basictypes.NetworkCreateRequest) swarmapi.N ns.IPAM.Configs = ipamSpec } if create.ConfigFrom != nil { - ns.ConfigFrom = create.ConfigFrom.Network + ns.ConfigFrom = &swarmapi.NetworkSpec_Network{ + Network: create.ConfigFrom.Network, + } } return ns } diff --git a/components/engine/daemon/cluster/executor/container/container.go b/components/engine/daemon/cluster/executor/container/container.go index bc98e53955..31a9c91e05 100644 --- a/components/engine/daemon/cluster/executor/container/container.go +++ b/components/engine/daemon/cluster/executor/container/container.go @@ -597,9 +597,9 @@ func (c *containerConfig) networkCreateRequest(name string) (clustertypes.Networ Scope: netconst.SwarmScope, } - if na.Network.Spec.ConfigFrom != "" { + if na.Network.Spec.GetNetwork() != "" { options.ConfigFrom = &network.ConfigReference{ - Network: na.Network.Spec.ConfigFrom, + Network: na.Network.Spec.GetNetwork(), } } diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index 846a8b7315..2c24fe0a26 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -104,7 +104,7 @@ github.com/containerd/containerd 3addd840653146c90a254301d6c3a663c7fd6429 github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4 # cluster -github.com/docker/swarmkit 1a3e510517be82d18ac04380b5f71eddf06c2fc0 +github.com/docker/swarmkit eb07af52aa2216100cff1ad0b13df48daa8914bf github.com/gogo/protobuf v0.4 github.com/cloudflare/cfssl 7fb22c8cba7ecaf98e4082d22d65800cf45e042a github.com/google/certificate-transparency d90e65c3a07988180c5b1ece71791c0b6506826e diff --git a/components/engine/vendor/github.com/docker/swarmkit/api/specs.pb.go b/components/engine/vendor/github.com/docker/swarmkit/api/specs.pb.go index c9ea260466..39b0c0abf0 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/api/specs.pb.go +++ b/components/engine/vendor/github.com/docker/swarmkit/api/specs.pb.go @@ -642,16 +642,94 @@ type NetworkSpec struct { // swarm internally created only and it was identified by the name // "ingress" and the label "com.docker.swarm.internal": "true". Ingress bool `protobuf:"varint,7,opt,name=ingress,proto3" json:"ingress,omitempty"` - // ConfigFrom indicates that the network specific configuration - // for this network will be provided via another network, locally - // on the node where this network is being plumbed. - ConfigFrom string `protobuf:"bytes,8,opt,name=config_from,json=configFrom,proto3" json:"config_from,omitempty"` + // ConfigFrom is the source of the configuration for this network. + // + // Types that are valid to be assigned to ConfigFrom: + // *NetworkSpec_Network + ConfigFrom isNetworkSpec_ConfigFrom `protobuf_oneof:"config_from"` } func (m *NetworkSpec) Reset() { *m = NetworkSpec{} } func (*NetworkSpec) ProtoMessage() {} func (*NetworkSpec) Descriptor() ([]byte, []int) { return fileDescriptorSpecs, []int{9} } +type isNetworkSpec_ConfigFrom interface { + isNetworkSpec_ConfigFrom() + MarshalTo([]byte) (int, error) + Size() int +} + +type NetworkSpec_Network struct { + Network string `protobuf:"bytes,8,opt,name=network,proto3,oneof"` +} + +func (*NetworkSpec_Network) isNetworkSpec_ConfigFrom() {} + +func (m *NetworkSpec) GetConfigFrom() isNetworkSpec_ConfigFrom { + if m != nil { + return m.ConfigFrom + } + return nil +} + +func (m *NetworkSpec) GetNetwork() string { + if x, ok := m.GetConfigFrom().(*NetworkSpec_Network); ok { + return x.Network + } + return "" +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*NetworkSpec) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _NetworkSpec_OneofMarshaler, _NetworkSpec_OneofUnmarshaler, _NetworkSpec_OneofSizer, []interface{}{ + (*NetworkSpec_Network)(nil), + } +} + +func _NetworkSpec_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*NetworkSpec) + // config_from + switch x := m.ConfigFrom.(type) { + case *NetworkSpec_Network: + _ = b.EncodeVarint(8<<3 | proto.WireBytes) + _ = b.EncodeStringBytes(x.Network) + case nil: + default: + return fmt.Errorf("NetworkSpec.ConfigFrom has unexpected type %T", x) + } + return nil +} + +func _NetworkSpec_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*NetworkSpec) + switch tag { + case 8: // config_from.network + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + x, err := b.DecodeStringBytes() + m.ConfigFrom = &NetworkSpec_Network{x} + return true, err + default: + return false, nil + } +} + +func _NetworkSpec_OneofSizer(msg proto.Message) (n int) { + m := msg.(*NetworkSpec) + // config_from + switch x := m.ConfigFrom.(type) { + case *NetworkSpec_Network: + n += proto.SizeVarint(8<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(len(x.Network))) + n += len(x.Network) + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + // ClusterSpec specifies global cluster settings. type ClusterSpec struct { Annotations Annotations `protobuf:"bytes,1,opt,name=annotations" json:"annotations"` @@ -1093,6 +1171,16 @@ func (m *NetworkSpec) CopyFrom(src interface{}) { m.IPAM = &IPAMOptions{} github_com_docker_swarmkit_api_deepcopy.Copy(m.IPAM, o.IPAM) } + if o.ConfigFrom != nil { + switch o.ConfigFrom.(type) { + case *NetworkSpec_Network: + v := NetworkSpec_Network{ + Network: o.GetNetwork(), + } + m.ConfigFrom = &v + } + } + } func (m *ClusterSpec) Copy() *ClusterSpec { @@ -2010,15 +2098,24 @@ func (m *NetworkSpec) MarshalTo(dAtA []byte) (int, error) { } i++ } - if len(m.ConfigFrom) > 0 { - dAtA[i] = 0x42 - i++ - i = encodeVarintSpecs(dAtA, i, uint64(len(m.ConfigFrom))) - i += copy(dAtA[i:], m.ConfigFrom) + if m.ConfigFrom != nil { + nn27, err := m.ConfigFrom.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += nn27 } return i, nil } +func (m *NetworkSpec_Network) MarshalTo(dAtA []byte) (int, error) { + i := 0 + dAtA[i] = 0x42 + i++ + i = encodeVarintSpecs(dAtA, i, uint64(len(m.Network))) + i += copy(dAtA[i:], m.Network) + return i, nil +} func (m *ClusterSpec) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -2037,67 +2134,67 @@ func (m *ClusterSpec) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintSpecs(dAtA, i, uint64(m.Annotations.Size())) - n27, err := m.Annotations.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n27 - dAtA[i] = 0x12 - i++ - i = encodeVarintSpecs(dAtA, i, uint64(m.AcceptancePolicy.Size())) - n28, err := m.AcceptancePolicy.MarshalTo(dAtA[i:]) + n28, err := m.Annotations.MarshalTo(dAtA[i:]) if err != nil { return 0, err } i += n28 - dAtA[i] = 0x1a + dAtA[i] = 0x12 i++ - i = encodeVarintSpecs(dAtA, i, uint64(m.Orchestration.Size())) - n29, err := m.Orchestration.MarshalTo(dAtA[i:]) + i = encodeVarintSpecs(dAtA, i, uint64(m.AcceptancePolicy.Size())) + n29, err := m.AcceptancePolicy.MarshalTo(dAtA[i:]) if err != nil { return 0, err } i += n29 - dAtA[i] = 0x22 + dAtA[i] = 0x1a i++ - i = encodeVarintSpecs(dAtA, i, uint64(m.Raft.Size())) - n30, err := m.Raft.MarshalTo(dAtA[i:]) + i = encodeVarintSpecs(dAtA, i, uint64(m.Orchestration.Size())) + n30, err := m.Orchestration.MarshalTo(dAtA[i:]) if err != nil { return 0, err } i += n30 - dAtA[i] = 0x2a + dAtA[i] = 0x22 i++ - i = encodeVarintSpecs(dAtA, i, uint64(m.Dispatcher.Size())) - n31, err := m.Dispatcher.MarshalTo(dAtA[i:]) + i = encodeVarintSpecs(dAtA, i, uint64(m.Raft.Size())) + n31, err := m.Raft.MarshalTo(dAtA[i:]) if err != nil { return 0, err } i += n31 - dAtA[i] = 0x32 + dAtA[i] = 0x2a i++ - i = encodeVarintSpecs(dAtA, i, uint64(m.CAConfig.Size())) - n32, err := m.CAConfig.MarshalTo(dAtA[i:]) + i = encodeVarintSpecs(dAtA, i, uint64(m.Dispatcher.Size())) + n32, err := m.Dispatcher.MarshalTo(dAtA[i:]) if err != nil { return 0, err } i += n32 - dAtA[i] = 0x3a + dAtA[i] = 0x32 i++ - i = encodeVarintSpecs(dAtA, i, uint64(m.TaskDefaults.Size())) - n33, err := m.TaskDefaults.MarshalTo(dAtA[i:]) + i = encodeVarintSpecs(dAtA, i, uint64(m.CAConfig.Size())) + n33, err := m.CAConfig.MarshalTo(dAtA[i:]) if err != nil { return 0, err } i += n33 - dAtA[i] = 0x42 + dAtA[i] = 0x3a i++ - i = encodeVarintSpecs(dAtA, i, uint64(m.EncryptionConfig.Size())) - n34, err := m.EncryptionConfig.MarshalTo(dAtA[i:]) + i = encodeVarintSpecs(dAtA, i, uint64(m.TaskDefaults.Size())) + n34, err := m.TaskDefaults.MarshalTo(dAtA[i:]) if err != nil { return 0, err } i += n34 + dAtA[i] = 0x42 + i++ + i = encodeVarintSpecs(dAtA, i, uint64(m.EncryptionConfig.Size())) + n35, err := m.EncryptionConfig.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n35 return i, nil } @@ -2119,11 +2216,11 @@ func (m *SecretSpec) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintSpecs(dAtA, i, uint64(m.Annotations.Size())) - n35, err := m.Annotations.MarshalTo(dAtA[i:]) + n36, err := m.Annotations.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n35 + i += n36 if len(m.Data) > 0 { dAtA[i] = 0x12 i++ @@ -2151,11 +2248,11 @@ func (m *ConfigSpec) MarshalTo(dAtA []byte) (int, error) { dAtA[i] = 0xa i++ i = encodeVarintSpecs(dAtA, i, uint64(m.Annotations.Size())) - n36, err := m.Annotations.MarshalTo(dAtA[i:]) + n37, err := m.Annotations.MarshalTo(dAtA[i:]) if err != nil { return 0, err } - i += n36 + i += n37 if len(m.Data) > 0 { dAtA[i] = 0x12 i++ @@ -2544,13 +2641,19 @@ func (m *NetworkSpec) Size() (n int) { if m.Ingress { n += 2 } - l = len(m.ConfigFrom) - if l > 0 { - n += 1 + l + sovSpecs(uint64(l)) + if m.ConfigFrom != nil { + n += m.ConfigFrom.Size() } return n } +func (m *NetworkSpec_Network) Size() (n int) { + var l int + _ = l + l = len(m.Network) + n += 1 + l + sovSpecs(uint64(l)) + return n +} func (m *ClusterSpec) Size() (n int) { var l int _ = l @@ -2836,6 +2939,16 @@ func (this *NetworkSpec) String() string { }, "") return s } +func (this *NetworkSpec_Network) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&NetworkSpec_Network{`, + `Network:` + fmt.Sprintf("%v", this.Network) + `,`, + `}`, + }, "") + return s +} func (this *ClusterSpec) String() string { if this == nil { return "nil" @@ -5259,7 +5372,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error { m.Ingress = bool(v != 0) case 8: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConfigFrom", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Network", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -5284,7 +5397,7 @@ func (m *NetworkSpec) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.ConfigFrom = string(dAtA[iNdEx:postIndex]) + m.ConfigFrom = &NetworkSpec_Network{string(dAtA[iNdEx:postIndex])} iNdEx = postIndex default: iNdEx = preIndex @@ -5927,121 +6040,121 @@ var ( func init() { proto.RegisterFile("specs.proto", fileDescriptorSpecs) } var fileDescriptorSpecs = []byte{ - // 1844 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0x4f, 0x73, 0x1b, 0x49, - 0x15, 0xb7, 0x6c, 0x59, 0x7f, 0xde, 0xc8, 0x89, 0xdc, 0x24, 0x61, 0xac, 0xb0, 0xb2, 0xa2, 0x0d, - 0xc1, 0xcb, 0x16, 0x72, 0x61, 0xa8, 0x25, 0x4b, 0x58, 0x40, 0xb2, 0xb4, 0x8e, 0x31, 0x76, 0x54, - 0x6d, 0x6f, 0x20, 0x27, 0x55, 0x7b, 0xa6, 0x2d, 0x4d, 0x79, 0xd4, 0x3d, 0xf4, 0xf4, 0x68, 0x4b, - 0x37, 0x8e, 0x5b, 0xb9, 0x72, 0x76, 0x71, 0xe0, 0xcb, 0xe4, 0x48, 0x71, 0xe2, 0xe4, 0x62, 0xf5, - 0x09, 0xa8, 0xe2, 0x03, 0x40, 0x75, 0x4f, 0x8f, 0x34, 0x4a, 0xc6, 0x49, 0xaa, 0xc8, 0xde, 0xba, - 0xdf, 0xfc, 0x7e, 0xaf, 0x5f, 0xbf, 0xfe, 0x75, 0xbf, 0x37, 0x60, 0x85, 0x01, 0x75, 0xc2, 0x56, - 0x20, 0xb8, 0xe4, 0x08, 0xb9, 0xdc, 0xb9, 0xa4, 0xa2, 0x15, 0x7e, 0x4d, 0xc4, 0xf8, 0xd2, 0x93, - 0xad, 0xc9, 0x4f, 0x6b, 0x96, 0x9c, 0x06, 0xd4, 0x00, 0x6a, 0x77, 0x86, 0x7c, 0xc8, 0xf5, 0x70, - 0x57, 0x8d, 0x8c, 0xb5, 0x3e, 0xe4, 0x7c, 0xe8, 0xd3, 0x5d, 0x3d, 0x3b, 0x8f, 0x2e, 0x76, 0xdd, - 0x48, 0x10, 0xe9, 0x71, 0x66, 0xbe, 0x6f, 0xbd, 0xfe, 0x9d, 0xb0, 0x69, 0xfc, 0xa9, 0x79, 0x95, - 0x87, 0xd2, 0x09, 0x77, 0xe9, 0x69, 0x40, 0x1d, 0x74, 0x00, 0x16, 0x61, 0x8c, 0x4b, 0xcd, 0x0d, - 0xed, 0x5c, 0x23, 0xb7, 0x63, 0xed, 0x6d, 0xb7, 0xde, 0x0c, 0xaa, 0xd5, 0x5e, 0xc0, 0x3a, 0xf9, - 0x57, 0xd7, 0xdb, 0x2b, 0x38, 0xcd, 0x44, 0xbf, 0x81, 0x8a, 0x4b, 0x43, 0x4f, 0x50, 0x77, 0x20, - 0xb8, 0x4f, 0xed, 0xd5, 0x46, 0x6e, 0xe7, 0xd6, 0xde, 0x0f, 0xb2, 0x3c, 0xa9, 0xc5, 0x31, 0xf7, - 0x29, 0xb6, 0x0c, 0x43, 0x4d, 0xd0, 0x01, 0xc0, 0x98, 0x8e, 0xcf, 0xa9, 0x08, 0x47, 0x5e, 0x60, - 0xaf, 0x69, 0xfa, 0x8f, 0x6e, 0xa2, 0xab, 0xd8, 0x5b, 0xc7, 0x73, 0x38, 0x4e, 0x51, 0xd1, 0x31, - 0x54, 0xc8, 0x84, 0x78, 0x3e, 0x39, 0xf7, 0x7c, 0x4f, 0x4e, 0xed, 0xbc, 0x76, 0xf5, 0xc9, 0x5b, - 0x5d, 0xb5, 0x53, 0x04, 0xbc, 0x44, 0x6f, 0xba, 0x00, 0x8b, 0x85, 0xd0, 0x23, 0x28, 0xf6, 0x7b, - 0x27, 0xdd, 0xc3, 0x93, 0x83, 0xea, 0x4a, 0x6d, 0xeb, 0xe5, 0x55, 0xe3, 0xae, 0xf2, 0xb1, 0x00, - 0xf4, 0x29, 0x73, 0x3d, 0x36, 0x44, 0x3b, 0x50, 0x6a, 0xef, 0xef, 0xf7, 0xfa, 0x67, 0xbd, 0x6e, - 0x35, 0x57, 0xab, 0xbd, 0xbc, 0x6a, 0xdc, 0x5b, 0x06, 0xb6, 0x1d, 0x87, 0x06, 0x92, 0xba, 0xb5, - 0xfc, 0x37, 0x7f, 0xab, 0xaf, 0x34, 0xbf, 0xc9, 0x41, 0x25, 0x1d, 0x04, 0x7a, 0x04, 0x85, 0xf6, - 0xfe, 0xd9, 0xe1, 0xf3, 0x5e, 0x75, 0x65, 0x41, 0x4f, 0x23, 0xda, 0x8e, 0xf4, 0x26, 0x14, 0x3d, - 0x84, 0xf5, 0x7e, 0xfb, 0xab, 0xd3, 0x5e, 0x35, 0xb7, 0x08, 0x27, 0x0d, 0xeb, 0x93, 0x28, 0xd4, - 0xa8, 0x2e, 0x6e, 0x1f, 0x9e, 0x54, 0x57, 0xb3, 0x51, 0x5d, 0x41, 0x3c, 0x66, 0x42, 0xf9, 0x6b, - 0x1e, 0xac, 0x53, 0x2a, 0x26, 0x9e, 0xf3, 0x81, 0x25, 0xf2, 0x19, 0xe4, 0x25, 0x09, 0x2f, 0xb5, - 0x34, 0xac, 0x6c, 0x69, 0x9c, 0x91, 0xf0, 0x52, 0x2d, 0x6a, 0xe8, 0x1a, 0xaf, 0x94, 0x21, 0x68, - 0xe0, 0x7b, 0x0e, 0x91, 0xd4, 0xd5, 0xca, 0xb0, 0xf6, 0x7e, 0x98, 0xc5, 0xc6, 0x73, 0x94, 0x89, - 0xff, 0xe9, 0x0a, 0x4e, 0x51, 0xd1, 0x13, 0x28, 0x0c, 0x7d, 0x7e, 0x4e, 0x7c, 0xad, 0x09, 0x6b, - 0xef, 0x41, 0x96, 0x93, 0x03, 0x8d, 0x58, 0x38, 0x30, 0x14, 0xf4, 0x18, 0x0a, 0x51, 0xe0, 0x12, - 0x49, 0xed, 0x82, 0x26, 0x37, 0xb2, 0xc8, 0x5f, 0x69, 0xc4, 0x3e, 0x67, 0x17, 0xde, 0x10, 0x1b, - 0x3c, 0x3a, 0x82, 0x12, 0xa3, 0xf2, 0x6b, 0x2e, 0x2e, 0x43, 0xbb, 0xd8, 0x58, 0xdb, 0xb1, 0xf6, - 0x3e, 0xcd, 0x14, 0x63, 0x8c, 0x69, 0x4b, 0x49, 0x9c, 0xd1, 0x98, 0x32, 0x19, 0xbb, 0xe9, 0xac, - 0xda, 0x39, 0x3c, 0x77, 0x80, 0x7e, 0x05, 0x25, 0xca, 0xdc, 0x80, 0x7b, 0x4c, 0xda, 0xa5, 0x9b, - 0x03, 0xe9, 0x19, 0x8c, 0x4a, 0x26, 0x9e, 0x33, 0x14, 0x5b, 0x70, 0xdf, 0x3f, 0x27, 0xce, 0xa5, - 0x5d, 0x7e, 0xcf, 0x6d, 0xcc, 0x19, 0x9d, 0x02, 0xe4, 0xc7, 0xdc, 0xa5, 0xcd, 0x5d, 0xd8, 0x7c, - 0x23, 0xd5, 0xa8, 0x06, 0x25, 0x93, 0xea, 0x58, 0x23, 0x79, 0x3c, 0x9f, 0x37, 0x6f, 0xc3, 0xc6, - 0x52, 0x5a, 0x9b, 0xff, 0xc8, 0x43, 0x29, 0x39, 0x6b, 0xd4, 0x86, 0xb2, 0xc3, 0x99, 0x24, 0x1e, - 0xa3, 0xc2, 0xc8, 0x2b, 0xf3, 0x64, 0xf6, 0x13, 0x90, 0x62, 0x3d, 0x5d, 0xc1, 0x0b, 0x16, 0xfa, - 0x12, 0xca, 0x82, 0x86, 0x3c, 0x12, 0x0e, 0x0d, 0x8d, 0xbe, 0x76, 0xb2, 0x15, 0x12, 0x83, 0x30, - 0xfd, 0x53, 0xe4, 0x09, 0xaa, 0xb2, 0x1c, 0xe2, 0x05, 0x15, 0x3d, 0x81, 0xa2, 0xa0, 0xa1, 0x24, - 0x42, 0xbe, 0x4d, 0x22, 0x38, 0x86, 0xf4, 0xb9, 0xef, 0x39, 0x53, 0x9c, 0x30, 0xd0, 0x13, 0x28, - 0x07, 0x3e, 0x71, 0xb4, 0x57, 0x7b, 0x5d, 0xd3, 0x3f, 0xca, 0xa2, 0xf7, 0x13, 0x10, 0x5e, 0xe0, - 0xd1, 0xe7, 0x00, 0x3e, 0x1f, 0x0e, 0x5c, 0xe1, 0x4d, 0xa8, 0x30, 0x12, 0xab, 0x65, 0xb1, 0xbb, - 0x1a, 0x81, 0xcb, 0x3e, 0x1f, 0xc6, 0x43, 0x74, 0xf0, 0x7f, 0xe9, 0x2b, 0xa5, 0xad, 0x23, 0x00, - 0x32, 0xff, 0x6a, 0xd4, 0xf5, 0xc9, 0x7b, 0xb9, 0x32, 0x27, 0x92, 0xa2, 0xa3, 0x07, 0x50, 0xb9, - 0xe0, 0xc2, 0xa1, 0x03, 0x73, 0x6b, 0xca, 0x5a, 0x13, 0x96, 0xb6, 0xc5, 0xfa, 0x42, 0x1d, 0x28, - 0x0e, 0x29, 0xa3, 0xc2, 0x73, 0x6c, 0xd0, 0x8b, 0x3d, 0xca, 0xbc, 0x90, 0x31, 0x04, 0x47, 0x4c, - 0x7a, 0x63, 0x6a, 0x56, 0x4a, 0x88, 0x9d, 0x32, 0x14, 0x45, 0xfc, 0xa5, 0xf9, 0x47, 0x40, 0x6f, - 0x62, 0x11, 0x82, 0xfc, 0xa5, 0xc7, 0x5c, 0x2d, 0xac, 0x32, 0xd6, 0x63, 0xd4, 0x82, 0x62, 0x40, - 0xa6, 0x3e, 0x27, 0xae, 0x11, 0xcb, 0x9d, 0x56, 0x5c, 0x2f, 0x5b, 0x49, 0xbd, 0x6c, 0xb5, 0xd9, - 0x14, 0x27, 0xa0, 0xe6, 0x11, 0xdc, 0xcd, 0xdc, 0x32, 0xda, 0x83, 0xca, 0x5c, 0x84, 0x03, 0xcf, - 0x2c, 0xd2, 0xb9, 0x3d, 0xbb, 0xde, 0xb6, 0xe6, 0x6a, 0x3d, 0xec, 0x62, 0x6b, 0x0e, 0x3a, 0x74, - 0x9b, 0x7f, 0x29, 0xc3, 0xc6, 0x92, 0x94, 0xd1, 0x1d, 0x58, 0xf7, 0xc6, 0x64, 0x48, 0x4d, 0x8c, - 0xf1, 0x04, 0xf5, 0xa0, 0xe0, 0x93, 0x73, 0xea, 0x2b, 0x41, 0xab, 0x43, 0xfd, 0xc9, 0x3b, 0xef, - 0x44, 0xeb, 0xf7, 0x1a, 0xdf, 0x63, 0x52, 0x4c, 0xb1, 0x21, 0x23, 0x1b, 0x8a, 0x0e, 0x1f, 0x8f, - 0x09, 0x53, 0x4f, 0xe7, 0xda, 0x4e, 0x19, 0x27, 0x53, 0x95, 0x19, 0x22, 0x86, 0xa1, 0x9d, 0xd7, - 0x66, 0x3d, 0x46, 0x55, 0x58, 0xa3, 0x6c, 0x62, 0xaf, 0x6b, 0x93, 0x1a, 0x2a, 0x8b, 0xeb, 0xc5, - 0x8a, 0x2c, 0x63, 0x35, 0x54, 0xbc, 0x28, 0xa4, 0xc2, 0x2e, 0xc6, 0x19, 0x55, 0x63, 0xf4, 0x0b, - 0x28, 0x8c, 0x79, 0xc4, 0x64, 0x68, 0x97, 0x74, 0xb0, 0x5b, 0x59, 0xc1, 0x1e, 0x2b, 0x84, 0x79, - 0xda, 0x0d, 0x1c, 0xf5, 0x60, 0x33, 0x94, 0x3c, 0x18, 0x0c, 0x05, 0x71, 0xe8, 0x20, 0xa0, 0xc2, - 0xe3, 0xae, 0x79, 0x9a, 0xb6, 0xde, 0x38, 0x94, 0xae, 0x69, 0x72, 0xf0, 0x6d, 0xc5, 0x39, 0x50, - 0x94, 0xbe, 0x66, 0xa0, 0x3e, 0x54, 0x82, 0xc8, 0xf7, 0x07, 0x3c, 0x88, 0xab, 0x54, 0xac, 0xa7, - 0xf7, 0x48, 0x59, 0x3f, 0xf2, 0xfd, 0x67, 0x31, 0x09, 0x5b, 0xc1, 0x62, 0x82, 0xee, 0x41, 0x61, - 0x28, 0x78, 0x14, 0x84, 0xb6, 0xa5, 0x93, 0x61, 0x66, 0xe8, 0x0b, 0x28, 0x86, 0xd4, 0x11, 0x54, - 0x86, 0x76, 0x45, 0x6f, 0xf5, 0xe3, 0xac, 0x45, 0x4e, 0x35, 0x04, 0xd3, 0x0b, 0x2a, 0x28, 0x73, - 0x28, 0x4e, 0x38, 0x68, 0x0b, 0xd6, 0xa4, 0x9c, 0xda, 0x1b, 0x8d, 0xdc, 0x4e, 0xa9, 0x53, 0x9c, - 0x5d, 0x6f, 0xaf, 0x9d, 0x9d, 0xbd, 0xc0, 0xca, 0xa6, 0x5e, 0xd0, 0x11, 0x0f, 0x25, 0x23, 0x63, - 0x6a, 0xdf, 0xd2, 0xb9, 0x9d, 0xcf, 0xd1, 0x0b, 0x00, 0x97, 0x85, 0x03, 0x47, 0x5f, 0x59, 0xfb, - 0xb6, 0xde, 0xdd, 0xa7, 0xef, 0xde, 0x5d, 0xf7, 0xe4, 0xd4, 0x54, 0x91, 0x8d, 0xd9, 0xf5, 0x76, - 0x79, 0x3e, 0xc5, 0x65, 0x97, 0x85, 0xf1, 0x10, 0x75, 0xc0, 0x1a, 0x51, 0xe2, 0xcb, 0x91, 0x33, - 0xa2, 0xce, 0xa5, 0x5d, 0xbd, 0xb9, 0x2c, 0x3c, 0xd5, 0x30, 0xe3, 0x21, 0x4d, 0x52, 0x0a, 0x56, - 0xa1, 0x86, 0xf6, 0xa6, 0xce, 0x55, 0x3c, 0x41, 0x1f, 0x01, 0xf0, 0x80, 0xb2, 0x41, 0x28, 0x5d, - 0x8f, 0xd9, 0x48, 0x6d, 0x19, 0x97, 0x95, 0xe5, 0x54, 0x19, 0xd0, 0x7d, 0xf5, 0x68, 0x13, 0x77, - 0xc0, 0x99, 0x3f, 0xb5, 0xbf, 0xa7, 0xbf, 0x96, 0x94, 0xe1, 0x19, 0xf3, 0xa7, 0x68, 0x1b, 0x2c, - 0xad, 0x8b, 0xd0, 0x1b, 0x32, 0xe2, 0xdb, 0x77, 0x74, 0x3e, 0x40, 0x99, 0x4e, 0xb5, 0x45, 0x9d, - 0x43, 0x9c, 0x8d, 0xd0, 0xbe, 0x7b, 0xf3, 0x39, 0x98, 0x60, 0x17, 0xe7, 0x60, 0x38, 0xe8, 0xd7, - 0x00, 0x81, 0xf0, 0x26, 0x9e, 0x4f, 0x87, 0x34, 0xb4, 0xef, 0xe9, 0x4d, 0xd7, 0x33, 0x5f, 0xeb, - 0x39, 0x0a, 0xa7, 0x18, 0xb5, 0xcf, 0xc1, 0x4a, 0xdd, 0x36, 0x75, 0x4b, 0x2e, 0xe9, 0xd4, 0x5c, - 0x60, 0x35, 0x54, 0x29, 0x99, 0x10, 0x3f, 0x8a, 0x3b, 0xe1, 0x32, 0x8e, 0x27, 0xbf, 0x5c, 0x7d, - 0x9c, 0xab, 0xed, 0x81, 0x95, 0x52, 0x1d, 0xfa, 0x18, 0x36, 0x04, 0x1d, 0x7a, 0xa1, 0x14, 0xd3, - 0x01, 0x89, 0xe4, 0xc8, 0xfe, 0xad, 0x26, 0x54, 0x12, 0x63, 0x3b, 0x92, 0xa3, 0xda, 0x00, 0x16, - 0x87, 0x87, 0x1a, 0x60, 0x29, 0x51, 0x84, 0x54, 0x4c, 0xa8, 0x50, 0xd5, 0x56, 0xe5, 0x3c, 0x6d, - 0x52, 0xe2, 0x0d, 0x29, 0x11, 0xce, 0x48, 0xbf, 0x1d, 0x65, 0x6c, 0x66, 0xea, 0x31, 0x48, 0x6e, - 0x88, 0x79, 0x0c, 0xcc, 0xb4, 0xf9, 0x9f, 0x1c, 0x54, 0xd2, 0x4d, 0x03, 0xda, 0x8f, 0x8b, 0xbd, - 0xde, 0xd2, 0xad, 0xbd, 0xdd, 0x77, 0x35, 0x19, 0xba, 0xb4, 0xfa, 0x91, 0x72, 0x76, 0xac, 0xfa, - 0x7b, 0x4d, 0x46, 0x3f, 0x87, 0xf5, 0x80, 0x0b, 0x99, 0x3c, 0x61, 0xd9, 0x09, 0xe6, 0x22, 0x29, - 0x45, 0x31, 0xb8, 0x39, 0x82, 0x5b, 0xcb, 0xde, 0xd0, 0x43, 0x58, 0x7b, 0x7e, 0xd8, 0xaf, 0xae, - 0xd4, 0xee, 0xbf, 0xbc, 0x6a, 0x7c, 0x7f, 0xf9, 0xe3, 0x73, 0x4f, 0xc8, 0x88, 0xf8, 0x87, 0x7d, - 0xf4, 0x63, 0x58, 0xef, 0x9e, 0x9c, 0x62, 0x5c, 0xcd, 0xd5, 0xb6, 0x5f, 0x5e, 0x35, 0xee, 0x2f, - 0xe3, 0xd4, 0x27, 0x1e, 0x31, 0x17, 0xf3, 0xf3, 0x79, 0xaf, 0xfb, 0xef, 0x55, 0xb0, 0xcc, 0xcb, - 0xfe, 0xa1, 0x7f, 0x87, 0x36, 0xe2, 0x52, 0x9e, 0x5c, 0xd9, 0xd5, 0x77, 0x56, 0xf4, 0x4a, 0x4c, - 0x30, 0x67, 0xfc, 0x00, 0x2a, 0x5e, 0x30, 0xf9, 0x6c, 0x40, 0x19, 0x39, 0xf7, 0x4d, 0xdb, 0x5b, - 0xc2, 0x96, 0xb2, 0xf5, 0x62, 0x93, 0x7a, 0x2f, 0x3c, 0x26, 0xa9, 0x60, 0xa6, 0xa1, 0x2d, 0xe1, - 0xf9, 0x1c, 0x7d, 0x01, 0x79, 0x2f, 0x20, 0x63, 0xd3, 0x86, 0x64, 0xee, 0xe0, 0xb0, 0xdf, 0x3e, - 0x36, 0x1a, 0xec, 0x94, 0x66, 0xd7, 0xdb, 0x79, 0x65, 0xc0, 0x9a, 0x86, 0xea, 0x49, 0x27, 0xa0, - 0x56, 0xd2, 0x6f, 0x7f, 0x09, 0xa7, 0x2c, 0x4a, 0x47, 0x1e, 0x1b, 0x0a, 0x1a, 0x86, 0xba, 0x0a, - 0x94, 0x70, 0x32, 0x55, 0xf7, 0x36, 0xde, 0xf1, 0xe0, 0x42, 0xf0, 0xb1, 0x6e, 0x22, 0xca, 0x18, - 0x62, 0xd3, 0x97, 0x82, 0x8f, 0x9b, 0xff, 0xcd, 0x83, 0xb5, 0xef, 0x47, 0xa1, 0x34, 0xc5, 0xef, - 0x83, 0xa5, 0xfc, 0x05, 0x6c, 0x12, 0xfd, 0x53, 0x45, 0x98, 0xaa, 0x24, 0xba, 0x39, 0x33, 0x69, - 0x7f, 0x98, 0xe9, 0x6e, 0x0e, 0x8e, 0x1b, 0xb9, 0x4e, 0x41, 0xf9, 0xb4, 0x73, 0xb8, 0x4a, 0x5e, - 0xfb, 0x82, 0x4e, 0x61, 0x83, 0x0b, 0x67, 0x44, 0x43, 0x19, 0xd7, 0x1f, 0xf3, 0x13, 0x92, 0xf9, - 0x7b, 0xfa, 0x2c, 0x0d, 0x34, 0x8f, 0x6f, 0x1c, 0xed, 0xb2, 0x0f, 0xf4, 0x18, 0xf2, 0x82, 0x5c, - 0x24, 0x8d, 0x66, 0xe6, 0xd5, 0xc0, 0xe4, 0x42, 0x2e, 0xb9, 0xd0, 0x0c, 0xf4, 0x3b, 0x00, 0xd7, - 0x0b, 0x03, 0x22, 0x9d, 0x11, 0x15, 0xe6, 0x88, 0x33, 0xb7, 0xd8, 0x9d, 0xa3, 0x96, 0xbc, 0xa4, - 0xd8, 0xe8, 0x08, 0xca, 0x0e, 0x49, 0x44, 0x5a, 0xb8, 0xf9, 0xcf, 0x6c, 0xbf, 0x6d, 0x5c, 0x54, - 0x95, 0x8b, 0xd9, 0xf5, 0x76, 0x29, 0xb1, 0xe0, 0x92, 0x43, 0x8c, 0x68, 0x8f, 0x60, 0x43, 0xfd, - 0xb1, 0x0d, 0x5c, 0x7a, 0x41, 0x22, 0x5f, 0xc6, 0xe2, 0xb8, 0xa1, 0x98, 0xa8, 0xf6, 0xbf, 0x6b, - 0x70, 0x26, 0xae, 0x8a, 0x4c, 0xd9, 0xd0, 0x1f, 0x60, 0x93, 0x32, 0x47, 0x4c, 0xb5, 0x44, 0x93, - 0x08, 0x4b, 0x37, 0x6f, 0xb6, 0x37, 0x07, 0x2f, 0x6d, 0xb6, 0x4a, 0x5f, 0xb3, 0x37, 0x3d, 0x80, - 0xb8, 0x3c, 0x7f, 0x58, 0xfd, 0x21, 0xc8, 0xbb, 0x44, 0x12, 0x2d, 0xb9, 0x0a, 0xd6, 0x63, 0xb5, - 0x54, 0xbc, 0xe8, 0x77, 0xbe, 0x54, 0xc7, 0x7e, 0xf5, 0x6d, 0x7d, 0xe5, 0x9f, 0xdf, 0xd6, 0x57, - 0xfe, 0x3c, 0xab, 0xe7, 0x5e, 0xcd, 0xea, 0xb9, 0xbf, 0xcf, 0xea, 0xb9, 0x7f, 0xcd, 0xea, 0xb9, - 0xf3, 0x82, 0xee, 0x9f, 0x7e, 0xf6, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa3, 0xb7, 0x5c, 0xc9, - 0x78, 0x12, 0x00, 0x00, + // 1846 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0xcf, 0x73, 0x1b, 0x49, + 0x15, 0xb6, 0x6c, 0x59, 0x3f, 0xde, 0xc8, 0x89, 0xd2, 0x24, 0x61, 0xac, 0xb0, 0xb2, 0xa2, 0x0d, + 0xc1, 0xcb, 0x16, 0x72, 0x61, 0xa8, 0x25, 0x4b, 0x58, 0x40, 0xb2, 0x84, 0x63, 0x8c, 0x1d, 0x55, + 0xdb, 0x1b, 0xc8, 0x49, 0xd5, 0x9e, 0x69, 0x4b, 0x53, 0x1e, 0x75, 0x0f, 0xdd, 0x3d, 0xda, 0xd2, + 0x8d, 0xe3, 0x56, 0xae, 0x9c, 0x5d, 0x1c, 0xf8, 0x67, 0x72, 0xa4, 0x38, 0x71, 0x72, 0xb1, 0xfe, + 0x17, 0xb8, 0x71, 0x81, 0xea, 0x9e, 0x1e, 0xfd, 0x48, 0xc6, 0x9b, 0x54, 0x11, 0x6e, 0xdd, 0xaf, + 0xbf, 0xef, 0x75, 0xf7, 0xeb, 0xaf, 0xfb, 0xbd, 0x06, 0x47, 0x46, 0xd4, 0x93, 0xad, 0x48, 0x70, + 0xc5, 0x11, 0xf2, 0xb9, 0x77, 0x41, 0x45, 0x4b, 0x7e, 0x45, 0xc4, 0xf8, 0x22, 0x50, 0xad, 0xc9, + 0x8f, 0x6b, 0x8e, 0x9a, 0x46, 0xd4, 0x02, 0x6a, 0x77, 0x87, 0x7c, 0xc8, 0x4d, 0x73, 0x47, 0xb7, + 0xac, 0xb5, 0x3e, 0xe4, 0x7c, 0x18, 0xd2, 0x1d, 0xd3, 0x3b, 0x8b, 0xcf, 0x77, 0xfc, 0x58, 0x10, + 0x15, 0x70, 0x66, 0xc7, 0x37, 0xdf, 0x1c, 0x27, 0x6c, 0x9a, 0x0c, 0x35, 0x2f, 0xf3, 0x50, 0x3a, + 0xe6, 0x3e, 0x3d, 0x89, 0xa8, 0x87, 0xf6, 0xc1, 0x21, 0x8c, 0x71, 0x65, 0xb8, 0xd2, 0xcd, 0x35, + 0x72, 0xdb, 0xce, 0xee, 0x56, 0xeb, 0xed, 0x45, 0xb5, 0xda, 0x73, 0x58, 0x27, 0xff, 0xfa, 0x6a, + 0x6b, 0x05, 0x2f, 0x32, 0xd1, 0xaf, 0xa0, 0xe2, 0x53, 0x19, 0x08, 0xea, 0x0f, 0x04, 0x0f, 0xa9, + 0xbb, 0xda, 0xc8, 0x6d, 0xdf, 0xda, 0xfd, 0x5e, 0x96, 0x27, 0x3d, 0x39, 0xe6, 0x21, 0xc5, 0x8e, + 0x65, 0xe8, 0x0e, 0xda, 0x07, 0x18, 0xd3, 0xf1, 0x19, 0x15, 0x72, 0x14, 0x44, 0xee, 0x9a, 0xa1, + 0xff, 0xe0, 0x26, 0xba, 0x5e, 0x7b, 0xeb, 0x68, 0x06, 0xc7, 0x0b, 0x54, 0x74, 0x04, 0x15, 0x32, + 0x21, 0x41, 0x48, 0xce, 0x82, 0x30, 0x50, 0x53, 0x37, 0x6f, 0x5c, 0x7d, 0xf2, 0xad, 0xae, 0xda, + 0x0b, 0x04, 0xbc, 0x44, 0x6f, 0xfa, 0x00, 0xf3, 0x89, 0xd0, 0x63, 0x28, 0xf6, 0x7b, 0xc7, 0xdd, + 0x83, 0xe3, 0xfd, 0xea, 0x4a, 0x6d, 0xf3, 0xd5, 0x65, 0xe3, 0x9e, 0xf6, 0x31, 0x07, 0xf4, 0x29, + 0xf3, 0x03, 0x36, 0x44, 0xdb, 0x50, 0x6a, 0xef, 0xed, 0xf5, 0xfa, 0xa7, 0xbd, 0x6e, 0x35, 0x57, + 0xab, 0xbd, 0xba, 0x6c, 0xdc, 0x5f, 0x06, 0xb6, 0x3d, 0x8f, 0x46, 0x8a, 0xfa, 0xb5, 0xfc, 0xd7, + 0x7f, 0xad, 0xaf, 0x34, 0xbf, 0xce, 0x41, 0x65, 0x71, 0x11, 0xe8, 0x31, 0x14, 0xda, 0x7b, 0xa7, + 0x07, 0x2f, 0x7a, 0xd5, 0x95, 0x39, 0x7d, 0x11, 0xd1, 0xf6, 0x54, 0x30, 0xa1, 0xe8, 0x11, 0xac, + 0xf7, 0xdb, 0x5f, 0x9e, 0xf4, 0xaa, 0xb9, 0xf9, 0x72, 0x16, 0x61, 0x7d, 0x12, 0x4b, 0x83, 0xea, + 0xe2, 0xf6, 0xc1, 0x71, 0x75, 0x35, 0x1b, 0xd5, 0x15, 0x24, 0x60, 0x76, 0x29, 0x7f, 0xc9, 0x83, + 0x73, 0x42, 0xc5, 0x24, 0xf0, 0x3e, 0xb0, 0x44, 0x3e, 0x83, 0xbc, 0x22, 0xf2, 0xc2, 0x48, 0xc3, + 0xc9, 0x96, 0xc6, 0x29, 0x91, 0x17, 0x7a, 0x52, 0x4b, 0x37, 0x78, 0xad, 0x0c, 0x41, 0xa3, 0x30, + 0xf0, 0x88, 0xa2, 0xbe, 0x51, 0x86, 0xb3, 0xfb, 0xfd, 0x2c, 0x36, 0x9e, 0xa1, 0xec, 0xfa, 0x9f, + 0xad, 0xe0, 0x05, 0x2a, 0x7a, 0x0a, 0x85, 0x61, 0xc8, 0xcf, 0x48, 0x68, 0x34, 0xe1, 0xec, 0x3e, + 0xcc, 0x72, 0xb2, 0x6f, 0x10, 0x73, 0x07, 0x96, 0x82, 0x9e, 0x40, 0x21, 0x8e, 0x7c, 0xa2, 0xa8, + 0x5b, 0x30, 0xe4, 0x46, 0x16, 0xf9, 0x4b, 0x83, 0xd8, 0xe3, 0xec, 0x3c, 0x18, 0x62, 0x8b, 0x47, + 0x87, 0x50, 0x62, 0x54, 0x7d, 0xc5, 0xc5, 0x85, 0x74, 0x8b, 0x8d, 0xb5, 0x6d, 0x67, 0xf7, 0xd3, + 0x4c, 0x31, 0x26, 0x98, 0xb6, 0x52, 0xc4, 0x1b, 0x8d, 0x29, 0x53, 0x89, 0x9b, 0xce, 0xaa, 0x9b, + 0xc3, 0x33, 0x07, 0xe8, 0x17, 0x50, 0xa2, 0xcc, 0x8f, 0x78, 0xc0, 0x94, 0x5b, 0xba, 0x79, 0x21, + 0x3d, 0x8b, 0xd1, 0xc1, 0xc4, 0x33, 0x86, 0x66, 0x0b, 0x1e, 0x86, 0x67, 0xc4, 0xbb, 0x70, 0xcb, + 0xef, 0xb9, 0x8d, 0x19, 0xa3, 0x53, 0x80, 0xfc, 0x98, 0xfb, 0xb4, 0xb9, 0x03, 0x77, 0xde, 0x0a, + 0x35, 0xaa, 0x41, 0xc9, 0x86, 0x3a, 0xd1, 0x48, 0x1e, 0xcf, 0xfa, 0xcd, 0xdb, 0xb0, 0xb1, 0x14, + 0xd6, 0xe6, 0xdf, 0xf3, 0x50, 0x4a, 0xcf, 0x1a, 0xb5, 0xa1, 0xec, 0x71, 0xa6, 0x48, 0xc0, 0xa8, + 0xb0, 0xf2, 0xca, 0x3c, 0x99, 0xbd, 0x14, 0xa4, 0x59, 0xcf, 0x56, 0xf0, 0x9c, 0x85, 0x7e, 0x03, + 0x65, 0x41, 0x25, 0x8f, 0x85, 0x47, 0xa5, 0xd5, 0xd7, 0x76, 0xb6, 0x42, 0x12, 0x10, 0xa6, 0x7f, + 0x8c, 0x03, 0x41, 0x75, 0x94, 0x25, 0x9e, 0x53, 0xd1, 0x53, 0x28, 0x0a, 0x2a, 0x15, 0x11, 0xea, + 0xdb, 0x24, 0x82, 0x13, 0x48, 0x9f, 0x87, 0x81, 0x37, 0xc5, 0x29, 0x03, 0x3d, 0x85, 0x72, 0x14, + 0x12, 0xcf, 0x78, 0x75, 0xd7, 0x0d, 0xfd, 0xa3, 0x2c, 0x7a, 0x3f, 0x05, 0xe1, 0x39, 0x1e, 0x7d, + 0x0e, 0x10, 0xf2, 0xe1, 0xc0, 0x17, 0xc1, 0x84, 0x0a, 0x2b, 0xb1, 0x5a, 0x16, 0xbb, 0x6b, 0x10, + 0xb8, 0x1c, 0xf2, 0x61, 0xd2, 0x44, 0xfb, 0xff, 0x93, 0xbe, 0x16, 0xb4, 0x75, 0x08, 0x40, 0x66, + 0xa3, 0x56, 0x5d, 0x9f, 0xbc, 0x97, 0x2b, 0x7b, 0x22, 0x0b, 0x74, 0xf4, 0x10, 0x2a, 0xe7, 0x5c, + 0x78, 0x74, 0x60, 0x6f, 0x4d, 0xd9, 0x68, 0xc2, 0x31, 0xb6, 0x44, 0x5f, 0xa8, 0x03, 0xc5, 0x21, + 0x65, 0x54, 0x04, 0x9e, 0x0b, 0x66, 0xb2, 0xc7, 0x99, 0x17, 0x32, 0x81, 0xe0, 0x98, 0xa9, 0x60, + 0x4c, 0xed, 0x4c, 0x29, 0xb1, 0x53, 0x86, 0xa2, 0x48, 0x46, 0x9a, 0x7f, 0x00, 0xf4, 0x36, 0x16, + 0x21, 0xc8, 0x5f, 0x04, 0xcc, 0x37, 0xc2, 0x2a, 0x63, 0xd3, 0x46, 0x2d, 0x28, 0x46, 0x64, 0x1a, + 0x72, 0xe2, 0x5b, 0xb1, 0xdc, 0x6d, 0x25, 0xf9, 0xb2, 0x95, 0xe6, 0xcb, 0x56, 0x9b, 0x4d, 0x71, + 0x0a, 0x6a, 0x1e, 0xc2, 0xbd, 0xcc, 0x2d, 0xa3, 0x5d, 0xa8, 0xcc, 0x44, 0x38, 0x08, 0xec, 0x24, + 0x9d, 0xdb, 0xd7, 0x57, 0x5b, 0xce, 0x4c, 0xad, 0x07, 0x5d, 0xec, 0xcc, 0x40, 0x07, 0x7e, 0xf3, + 0xcf, 0x65, 0xd8, 0x58, 0x92, 0x32, 0xba, 0x0b, 0xeb, 0xc1, 0x98, 0x0c, 0xa9, 0x5d, 0x63, 0xd2, + 0x41, 0x3d, 0x28, 0x84, 0xe4, 0x8c, 0x86, 0x5a, 0xd0, 0xfa, 0x50, 0x7f, 0xf4, 0xce, 0x3b, 0xd1, + 0xfa, 0x9d, 0xc1, 0xf7, 0x98, 0x12, 0x53, 0x6c, 0xc9, 0xc8, 0x85, 0xa2, 0xc7, 0xc7, 0x63, 0xc2, + 0xf4, 0xd3, 0xb9, 0xb6, 0x5d, 0xc6, 0x69, 0x57, 0x47, 0x86, 0x88, 0xa1, 0x74, 0xf3, 0xc6, 0x6c, + 0xda, 0xa8, 0x0a, 0x6b, 0x94, 0x4d, 0xdc, 0x75, 0x63, 0xd2, 0x4d, 0x6d, 0xf1, 0x83, 0x44, 0x91, + 0x65, 0xac, 0x9b, 0x9a, 0x17, 0x4b, 0x2a, 0xdc, 0x62, 0x12, 0x51, 0xdd, 0x46, 0x3f, 0x83, 0xc2, + 0x98, 0xc7, 0x4c, 0x49, 0xb7, 0x64, 0x16, 0xbb, 0x99, 0xb5, 0xd8, 0x23, 0x8d, 0xb0, 0x4f, 0xbb, + 0x85, 0xa3, 0x1e, 0xdc, 0x91, 0x8a, 0x47, 0x83, 0xa1, 0x20, 0x1e, 0x1d, 0x44, 0x54, 0x04, 0xdc, + 0xb7, 0x4f, 0xd3, 0xe6, 0x5b, 0x87, 0xd2, 0xb5, 0x45, 0x0e, 0xbe, 0xad, 0x39, 0xfb, 0x9a, 0xd2, + 0x37, 0x0c, 0xd4, 0x87, 0x4a, 0x14, 0x87, 0xe1, 0x80, 0x47, 0x49, 0x96, 0x4a, 0xf4, 0xf4, 0x1e, + 0x21, 0xeb, 0xc7, 0x61, 0xf8, 0x3c, 0x21, 0x61, 0x27, 0x9a, 0x77, 0xd0, 0x7d, 0x28, 0x0c, 0x05, + 0x8f, 0x23, 0xe9, 0x3a, 0x26, 0x18, 0xb6, 0x87, 0xbe, 0x80, 0xa2, 0xa4, 0x9e, 0xa0, 0x4a, 0xba, + 0x15, 0xb3, 0xd5, 0x8f, 0xb3, 0x26, 0x39, 0x31, 0x10, 0x4c, 0xcf, 0xa9, 0xa0, 0xcc, 0xa3, 0x38, + 0xe5, 0xa0, 0x4d, 0x58, 0x53, 0x6a, 0xea, 0x6e, 0x34, 0x72, 0xdb, 0xa5, 0x4e, 0xf1, 0xfa, 0x6a, + 0x6b, 0xed, 0xf4, 0xf4, 0x25, 0xd6, 0x36, 0xfd, 0x82, 0x8e, 0xb8, 0x54, 0x8c, 0x8c, 0xa9, 0x7b, + 0xcb, 0xc4, 0x76, 0xd6, 0x47, 0x2f, 0x01, 0x7c, 0x26, 0x07, 0x9e, 0xb9, 0xb2, 0xee, 0x6d, 0xb3, + 0xbb, 0x4f, 0xdf, 0xbd, 0xbb, 0xee, 0xf1, 0x89, 0xcd, 0x22, 0x1b, 0xd7, 0x57, 0x5b, 0xe5, 0x59, + 0x17, 0x97, 0x7d, 0x26, 0x93, 0x26, 0xea, 0x80, 0x33, 0xa2, 0x24, 0x54, 0x23, 0x6f, 0x44, 0xbd, + 0x0b, 0xb7, 0x7a, 0x73, 0x5a, 0x78, 0x66, 0x60, 0xd6, 0xc3, 0x22, 0x49, 0x2b, 0x58, 0x2f, 0x55, + 0xba, 0x77, 0x4c, 0xac, 0x92, 0x0e, 0xfa, 0x08, 0x80, 0x47, 0x94, 0x0d, 0xa4, 0xf2, 0x03, 0xe6, + 0x22, 0xbd, 0x65, 0x5c, 0xd6, 0x96, 0x13, 0x6d, 0x40, 0x0f, 0xf4, 0xa3, 0x4d, 0xfc, 0x01, 0x67, + 0xe1, 0xd4, 0xfd, 0x8e, 0x19, 0x2d, 0x69, 0xc3, 0x73, 0x16, 0x4e, 0xd1, 0x16, 0x38, 0x46, 0x17, + 0x32, 0x18, 0x32, 0x12, 0xba, 0x77, 0x4d, 0x3c, 0x40, 0x9b, 0x4e, 0x8c, 0x45, 0x9f, 0x43, 0x12, + 0x0d, 0xe9, 0xde, 0xbb, 0xf9, 0x1c, 0xec, 0x62, 0xe7, 0xe7, 0x60, 0x39, 0xe8, 0x97, 0x00, 0x91, + 0x08, 0x26, 0x41, 0x48, 0x87, 0x54, 0xba, 0xf7, 0xcd, 0xa6, 0xeb, 0x99, 0xaf, 0xf5, 0x0c, 0x85, + 0x17, 0x18, 0xb5, 0xcf, 0xc1, 0x59, 0xb8, 0x6d, 0xfa, 0x96, 0x5c, 0xd0, 0xa9, 0xbd, 0xc0, 0xba, + 0xa9, 0x43, 0x32, 0x21, 0x61, 0x9c, 0x54, 0xc2, 0x65, 0x9c, 0x74, 0x7e, 0xbe, 0xfa, 0x24, 0x57, + 0xdb, 0x05, 0x67, 0x41, 0x75, 0xe8, 0x63, 0xd8, 0x10, 0x74, 0x18, 0x48, 0x25, 0xa6, 0x03, 0x12, + 0xab, 0x91, 0xfb, 0x6b, 0x43, 0xa8, 0xa4, 0xc6, 0x76, 0xac, 0x46, 0xb5, 0x01, 0xcc, 0x0f, 0x0f, + 0x35, 0xc0, 0xd1, 0xa2, 0x90, 0x54, 0x4c, 0xa8, 0xd0, 0xd9, 0x56, 0xc7, 0x7c, 0xd1, 0xa4, 0xc5, + 0x2b, 0x29, 0x11, 0xde, 0xc8, 0xbc, 0x1d, 0x65, 0x6c, 0x7b, 0xfa, 0x31, 0x48, 0x6f, 0x88, 0x7d, + 0x0c, 0x6c, 0xb7, 0xf9, 0xaf, 0x1c, 0x54, 0x16, 0x8b, 0x06, 0xb4, 0x97, 0x24, 0x7b, 0xb3, 0xa5, + 0x5b, 0xbb, 0x3b, 0xef, 0x2a, 0x32, 0x4c, 0x6a, 0x0d, 0x63, 0xed, 0xec, 0x48, 0xd7, 0xf7, 0x86, + 0x8c, 0x7e, 0x0a, 0xeb, 0x11, 0x17, 0x2a, 0x7d, 0xc2, 0xb2, 0x03, 0xcc, 0x45, 0x9a, 0x8a, 0x12, + 0x70, 0x73, 0x04, 0xb7, 0x96, 0xbd, 0xa1, 0x47, 0xb0, 0xf6, 0xe2, 0xa0, 0x5f, 0x5d, 0xa9, 0x3d, + 0x78, 0x75, 0xd9, 0xf8, 0xee, 0xf2, 0xe0, 0x8b, 0x40, 0xa8, 0x98, 0x84, 0x07, 0x7d, 0xf4, 0x43, + 0x58, 0xef, 0x1e, 0x9f, 0x60, 0x5c, 0xcd, 0xd5, 0xb6, 0x5e, 0x5d, 0x36, 0x1e, 0x2c, 0xe3, 0xf4, + 0x10, 0x8f, 0x99, 0x8f, 0xf9, 0xd9, 0xac, 0xd6, 0xfd, 0xf7, 0x2a, 0x38, 0xf6, 0x65, 0xff, 0xd0, + 0xdf, 0xa1, 0x8d, 0x24, 0x95, 0xa7, 0x57, 0x76, 0xf5, 0x9d, 0x19, 0xbd, 0x92, 0x10, 0xec, 0x19, + 0x3f, 0x84, 0x4a, 0x10, 0x4d, 0x3e, 0x1b, 0x50, 0x46, 0xce, 0x42, 0x5b, 0xf6, 0x96, 0xb0, 0xa3, + 0x6d, 0xbd, 0xc4, 0xa4, 0xdf, 0x8b, 0x80, 0x29, 0x2a, 0x98, 0x2d, 0x68, 0x4b, 0x78, 0xd6, 0x47, + 0x5f, 0x40, 0x3e, 0x88, 0xc8, 0xd8, 0x96, 0x21, 0x99, 0x3b, 0x38, 0xe8, 0xb7, 0x8f, 0xac, 0x06, + 0x3b, 0xa5, 0xeb, 0xab, 0xad, 0xbc, 0x36, 0x60, 0x43, 0x43, 0xf5, 0xb4, 0x12, 0xd0, 0x33, 0x99, + 0xb7, 0xbf, 0x84, 0x17, 0x2c, 0x5a, 0x47, 0x01, 0x1b, 0x0a, 0x2a, 0xa5, 0xc9, 0x02, 0x25, 0x9c, + 0x76, 0x51, 0x0d, 0x8a, 0xb6, 0x9e, 0x30, 0x05, 0x44, 0x59, 0xe7, 0x6a, 0x6b, 0xe8, 0x6c, 0x80, + 0x93, 0x44, 0x63, 0x70, 0x2e, 0xf8, 0xb8, 0xf9, 0x9f, 0x3c, 0x38, 0x7b, 0x61, 0x2c, 0x95, 0x4d, + 0x83, 0x1f, 0x2c, 0xf8, 0x2f, 0xe1, 0x0e, 0x31, 0xdf, 0x2b, 0xc2, 0x74, 0x4e, 0x31, 0x65, 0x9a, + 0x3d, 0x80, 0x47, 0x99, 0xee, 0x66, 0xe0, 0xa4, 0xa4, 0xeb, 0x14, 0xb4, 0x4f, 0x37, 0x87, 0xab, + 0xe4, 0x8d, 0x11, 0x74, 0x02, 0x1b, 0x5c, 0x78, 0x23, 0x2a, 0x55, 0x92, 0x89, 0xec, 0x77, 0x24, + 0xf3, 0xa3, 0xfa, 0x7c, 0x11, 0x68, 0x9f, 0xe1, 0x64, 0xb5, 0xcb, 0x3e, 0xd0, 0x13, 0xc8, 0x0b, + 0x72, 0x9e, 0x96, 0x9c, 0x99, 0x97, 0x04, 0x93, 0x73, 0xb5, 0xe4, 0xc2, 0x30, 0xd0, 0x6f, 0x01, + 0xfc, 0x40, 0x46, 0x44, 0x79, 0x23, 0x2a, 0xec, 0x61, 0x67, 0x6e, 0xb1, 0x3b, 0x43, 0x2d, 0x79, + 0x59, 0x60, 0xa3, 0x43, 0x28, 0x7b, 0x24, 0x95, 0x6b, 0xe1, 0xe6, 0x3f, 0xda, 0x5e, 0xdb, 0xba, + 0xa8, 0x6a, 0x17, 0xd7, 0x57, 0x5b, 0xa5, 0xd4, 0x82, 0x4b, 0x1e, 0xb1, 0xf2, 0x3d, 0x84, 0x0d, + 0xfd, 0x77, 0x1b, 0xf8, 0xf4, 0x9c, 0xc4, 0xa1, 0x4a, 0x64, 0x72, 0x43, 0x5a, 0xd1, 0x1f, 0x81, + 0xae, 0xc5, 0xd9, 0x75, 0x55, 0xd4, 0x82, 0x0d, 0xfd, 0x1e, 0xee, 0x50, 0xe6, 0x89, 0xa9, 0x11, + 0x6b, 0xba, 0xc2, 0xd2, 0xcd, 0x9b, 0xed, 0xcd, 0xc0, 0x4b, 0x9b, 0xad, 0xd2, 0x37, 0xec, 0xcd, + 0x00, 0x20, 0x49, 0xd4, 0x1f, 0x56, 0x7f, 0x08, 0xf2, 0x3e, 0x51, 0xc4, 0x48, 0xae, 0x82, 0x4d, + 0x5b, 0x4f, 0x95, 0x4c, 0xfa, 0x7f, 0x9f, 0xaa, 0xe3, 0xbe, 0xfe, 0xa6, 0xbe, 0xf2, 0x8f, 0x6f, + 0xea, 0x2b, 0x7f, 0xba, 0xae, 0xe7, 0x5e, 0x5f, 0xd7, 0x73, 0x7f, 0xbb, 0xae, 0xe7, 0xfe, 0x79, + 0x5d, 0xcf, 0x9d, 0x15, 0x4c, 0x25, 0xf5, 0x93, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0xb3, 0x21, + 0x2b, 0x33, 0x82, 0x12, 0x00, 0x00, } diff --git a/components/engine/vendor/github.com/docker/swarmkit/api/specs.proto b/components/engine/vendor/github.com/docker/swarmkit/api/specs.proto index ba842660f2..f7a4d18b2e 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/api/specs.proto +++ b/components/engine/vendor/github.com/docker/swarmkit/api/specs.proto @@ -342,10 +342,14 @@ message NetworkSpec { // "ingress" and the label "com.docker.swarm.internal": "true". bool ingress = 7; - // ConfigFrom indicates that the network specific configuration - // for this network will be provided via another network, locally - // on the node where this network is being plumbed. - string config_from = 8; + // ConfigFrom is the source of the configuration for this network. + oneof config_from { + // Network is the name of a network that provides the network + // specific configuration for this network, locally on the node + // where this network is being plumbed. + string network = 8; + } + } // ClusterSpec specifies global cluster settings. diff --git a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_darwin.go b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_darwin.go index 8cc2e11d79..9b56f7be36 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_darwin.go +++ b/components/engine/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/drivers_darwin.go @@ -3,10 +3,9 @@ package networkallocator import ( "github.com/docker/libnetwork/drivers/overlay/ovmanager" "github.com/docker/libnetwork/drivers/remote" - "github.com/docker/libnetwork/drvregistry" ) -const initializers = []initializer{ +var initializers = []initializer{ {remote.Init, "remote"}, {ovmanager.Init, "overlay"}, } diff --git a/components/engine/vendor/github.com/docker/swarmkit/vendor.conf b/components/engine/vendor/github.com/docker/swarmkit/vendor.conf index 52fa7aafe5..0fdffeb0d5 100644 --- a/components/engine/vendor/github.com/docker/swarmkit/vendor.conf +++ b/components/engine/vendor/github.com/docker/swarmkit/vendor.conf @@ -18,15 +18,16 @@ github.com/prometheus/common ebdfc6da46522d58825777cf1f90490a5b1ef1d8 github.com/prometheus/procfs abf152e5f3e97f2fafac028d2cc06c1feb87ffa5 github.com/docker/distribution b38e5838b7b2f2ad48e06ec4b500011976080621 -github.com/docker/docker 9585d0ea19859c5f145bc763d474190447b91c7b +github.com/docker/docker 77c9728847358a3ed3581d828fb0753017e1afd3 github.com/docker/go-connections 34b5052da6b11e27f5f2e357b38b571ddddd3928 github.com/docker/go-events 37d35add5005832485c0225ec870121b78fcff1c github.com/docker/go-units 954fed01cc617c55d838fa2230073f2cb17386c8 github.com/docker/libkv 9fd56606e928ff1f309808f5d5a0b7a2ef73f9a8 github.com/docker/libnetwork 37e20af882e13dd01ade3658b7aabdae3412118b github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a -github.com/opencontainers/runc 8e8d01d38d7b4fb0a35bf89b72bc3e18c98882d7 +github.com/opencontainers/runc b6b70e53451794e8333e9b602cc096b47a20bd0f github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb +github.com/opencontainers/image-spec f03dbe35d449c54915d235f1a3cf8f585a24babe github.com/davecgh/go-spew 5215b55f46b2b919f50a1df0eaa5886afe4e3b3d github.com/Microsoft/go-winio f778f05015353be65d242f3fedc18695756153bb From e549564e77d15bc7df46e10287591009f8931f79 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Tue, 23 May 2017 16:29:13 -0700 Subject: [PATCH 20/37] Fix cancelling builder on chunked requests Signed-off-by: Tonis Tiigi Upstream-commit: 23628bd7efb0aae565cea5ee040e373b0c93fd8d Component: engine --- components/engine/builder/remotecontext/detect.go | 1 + 1 file changed, 1 insertion(+) diff --git a/components/engine/builder/remotecontext/detect.go b/components/engine/builder/remotecontext/detect.go index 177596093a..448782dcca 100644 --- a/components/engine/builder/remotecontext/detect.go +++ b/components/engine/builder/remotecontext/detect.go @@ -41,6 +41,7 @@ func Detect(config backend.BuildConfig) (remote builder.Source, dockerfile *pars } func newArchiveRemote(rc io.ReadCloser, dockerfilePath string) (builder.Source, *parser.Result, error) { + defer rc.Close() c, err := MakeTarSumContext(rc) if err != nil { return nil, nil, err From 05027a4b96e4766bb384fe434824ac59db00dbf5 Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Tue, 23 May 2017 18:20:47 -0700 Subject: [PATCH 21/37] Update go-winio to v0.4.2 Signed-off-by: Darren Stahl Upstream-commit: 3f13107223a9753d709c196c46f1c846041fc0c3 Component: engine --- components/engine/vendor.conf | 2 +- .../vendor/github.com/Microsoft/go-winio/pipe.go | 15 ++++----------- .../Microsoft/go-winio/zsyscall_windows.go | 14 ++++---------- 3 files changed, 9 insertions(+), 22 deletions(-) diff --git a/components/engine/vendor.conf b/components/engine/vendor.conf index 846a8b7315..8ec354a56b 100644 --- a/components/engine/vendor.conf +++ b/components/engine/vendor.conf @@ -1,7 +1,7 @@ # the following lines are in sorted order, FYI github.com/Azure/go-ansiterm 388960b655244e76e24c75f48631564eaefade62 github.com/Microsoft/hcsshim v0.5.17 -github.com/Microsoft/go-winio v0.4.1 +github.com/Microsoft/go-winio v0.4.2 github.com/Sirupsen/logrus v0.11.0 github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76 github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a diff --git a/components/engine/vendor/github.com/Microsoft/go-winio/pipe.go b/components/engine/vendor/github.com/Microsoft/go-winio/pipe.go index fa270a310f..da706cc8a7 100644 --- a/components/engine/vendor/github.com/Microsoft/go-winio/pipe.go +++ b/components/engine/vendor/github.com/Microsoft/go-winio/pipe.go @@ -13,19 +13,12 @@ import ( ) //sys connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) = ConnectNamedPipe -//sys createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *securityAttributes) (handle syscall.Handle, err error) [failretval==syscall.InvalidHandle] = CreateNamedPipeW -//sys createFile(name string, access uint32, mode uint32, sa *securityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) [failretval==syscall.InvalidHandle] = CreateFileW +//sys createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) [failretval==syscall.InvalidHandle] = CreateNamedPipeW +//sys createFile(name string, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) [failretval==syscall.InvalidHandle] = CreateFileW //sys waitNamedPipe(name string, timeout uint32) (err error) = WaitNamedPipeW //sys getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) = GetNamedPipeInfo //sys getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW //sys localAlloc(uFlags uint32, length uint32) (ptr uintptr) = LocalAlloc -//sys copyMemory(dst uintptr, src uintptr, length uint32) = RtlCopyMemory - -type securityAttributes struct { - Length uint32 - SecurityDescriptor uintptr - InheritHandle uint32 -} const ( cERROR_PIPE_BUSY = syscall.Errno(231) @@ -233,13 +226,13 @@ func makeServerPipeHandle(path string, securityDescriptor []byte, c *PipeConfig, mode |= cPIPE_TYPE_MESSAGE } - sa := &securityAttributes{} + sa := &syscall.SecurityAttributes{} sa.Length = uint32(unsafe.Sizeof(*sa)) if securityDescriptor != nil { len := uint32(len(securityDescriptor)) sa.SecurityDescriptor = localAlloc(0, len) defer localFree(sa.SecurityDescriptor) - copyMemory(sa.SecurityDescriptor, uintptr(unsafe.Pointer(&securityDescriptor[0])), len) + copy((*[0xffff]byte)(unsafe.Pointer(sa.SecurityDescriptor))[:], securityDescriptor) } h, err := createNamedPipe(path, flags, mode, cPIPE_UNLIMITED_INSTANCES, uint32(c.OutputBufferSize), uint32(c.InputBufferSize), 0, sa) if err != nil { diff --git a/components/engine/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go b/components/engine/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go index 857122a3e8..4f7a52eeb7 100644 --- a/components/engine/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go +++ b/components/engine/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go @@ -53,7 +53,6 @@ var ( procGetNamedPipeInfo = modkernel32.NewProc("GetNamedPipeInfo") procGetNamedPipeHandleStateW = modkernel32.NewProc("GetNamedPipeHandleStateW") procLocalAlloc = modkernel32.NewProc("LocalAlloc") - procRtlCopyMemory = modkernel32.NewProc("RtlCopyMemory") procLookupAccountNameW = modadvapi32.NewProc("LookupAccountNameW") procConvertSidToStringSidW = modadvapi32.NewProc("ConvertSidToStringSidW") procConvertStringSecurityDescriptorToSecurityDescriptorW = modadvapi32.NewProc("ConvertStringSecurityDescriptorToSecurityDescriptorW") @@ -141,7 +140,7 @@ func connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) { return } -func createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *securityAttributes) (handle syscall.Handle, err error) { +func createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) { var _p0 *uint16 _p0, err = syscall.UTF16PtrFromString(name) if err != nil { @@ -150,7 +149,7 @@ func createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances ui return _createNamedPipe(_p0, flags, pipeMode, maxInstances, outSize, inSize, defaultTimeout, sa) } -func _createNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *securityAttributes) (handle syscall.Handle, err error) { +func _createNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) { r0, _, e1 := syscall.Syscall9(procCreateNamedPipeW.Addr(), 8, uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(pipeMode), uintptr(maxInstances), uintptr(outSize), uintptr(inSize), uintptr(defaultTimeout), uintptr(unsafe.Pointer(sa)), 0) handle = syscall.Handle(r0) if handle == syscall.InvalidHandle { @@ -163,7 +162,7 @@ func _createNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances return } -func createFile(name string, access uint32, mode uint32, sa *securityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) { +func createFile(name string, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) { var _p0 *uint16 _p0, err = syscall.UTF16PtrFromString(name) if err != nil { @@ -172,7 +171,7 @@ func createFile(name string, access uint32, mode uint32, sa *securityAttributes, return _createFile(_p0, access, mode, sa, createmode, attrs, templatefile) } -func _createFile(name *uint16, access uint32, mode uint32, sa *securityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) { +func _createFile(name *uint16, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) { r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0) handle = syscall.Handle(r0) if handle == syscall.InvalidHandle { @@ -236,11 +235,6 @@ func localAlloc(uFlags uint32, length uint32) (ptr uintptr) { return } -func copyMemory(dst uintptr, src uintptr, length uint32) { - syscall.Syscall(procRtlCopyMemory.Addr(), 3, uintptr(dst), uintptr(src), uintptr(length)) - return -} - func lookupAccountName(systemName *uint16, accountName string, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) { var _p0 *uint16 _p0, err = syscall.UTF16PtrFromString(accountName) From 75a4055d7cabbd8a526d664e9594b8c0e90c2161 Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Wed, 24 May 2017 11:11:23 -0400 Subject: [PATCH 22/37] Ensure that a device mapper task is referenced until task is complete DeviceMapper tasks in go use SetFinalizer to clean up C construct counterparts in the C LVM library. While thats well and good, it relies heavily on the exact interpretation of when the golang garbage collector determines that an object is unreachable is subject to reclaimation. While common sense would assert that for stack variables (which these DM tasks always are), are unreachable when the stack frame in which they are declared returns, thats not the case. According to this: https://golang.org/pkg/runtime/#SetFinalizer The garbage collector decides that, if a function calls into a systemcall (which task.run() always will in LVM), and there are no subsequent references to the task variable within that stack frame, then it can be reclaimed. Those conditions are met in several devmapper.go routines, and if the garbage collector runs in the middle of a deviceMapper operation, then the task can be destroyed while the operation is in progress, leading to crashes, failed operations and other unpredictable behavior. The fix is to use the KeepAlive interface: https://golang.org/pkg/runtime/#KeepAlive The KeepAlive method is effectively an empy reference that fools the garbage collector into thinking that a variable is still reachable. By adding a call to KeepAlive in the task.run() method, we can ensure that the garbage collector won't reclaim a task object until its execution within the deviceMapper C library is complete. Signed-off-by: Neil Horman Upstream-commit: d764d8b16624e4924b3949273089f851efa0f717 Component: engine --- components/engine/pkg/devicemapper/devmapper.go | 1 + 1 file changed, 1 insertion(+) diff --git a/components/engine/pkg/devicemapper/devmapper.go b/components/engine/pkg/devicemapper/devmapper.go index f0a289e098..ef7dba840d 100644 --- a/components/engine/pkg/devicemapper/devmapper.go +++ b/components/engine/pkg/devicemapper/devmapper.go @@ -155,6 +155,7 @@ func (t *Task) run() error { if res := DmTaskRun(t.unmanaged); res != 1 { return ErrTaskRun } + runtime.KeepAlive(t) return nil } From be30b971d7590b6337aa822c09bcee42b4ac09f8 Mon Sep 17 00:00:00 2001 From: John Howard Date: Wed, 24 May 2017 13:39:59 -0700 Subject: [PATCH 23/37] Windows: Remove unused SandboxPath Signed-off-by: John Howard Upstream-commit: 2f038c25868727310992104b7b267fed6c7dad39 Component: engine --- components/engine/daemon/start_windows.go | 4 ---- components/engine/libcontainerd/client_windows.go | 3 --- components/engine/libcontainerd/types_windows.go | 5 ++--- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/components/engine/daemon/start_windows.go b/components/engine/daemon/start_windows.go index 0f9739091a..6ec50d298c 100644 --- a/components/engine/daemon/start_windows.go +++ b/components/engine/daemon/start_windows.go @@ -45,10 +45,6 @@ func (daemon *Daemon) getLibcontainerdCreateOptions(container *container.Contain if err != nil { return nil, fmt.Errorf("failed to get layer metadata - %s", err) } - if hvOpts.IsHyperV { - hvOpts.SandboxPath = filepath.Dir(m["dir"]) - } - layerOpts.LayerFolderPath = m["dir"] // Generate the layer paths of the layer options diff --git a/components/engine/libcontainerd/client_windows.go b/components/engine/libcontainerd/client_windows.go index 3fe1e43172..b04bdbde9b 100644 --- a/components/engine/libcontainerd/client_windows.go +++ b/components/engine/libcontainerd/client_windows.go @@ -49,7 +49,6 @@ const defaultOwner = "docker" // | VolumePath | \\?\\Volume{GUIDa} | | // | LayerFolderPath | %root%\windowsfilter\containerID | %root%\windowsfilter\containerID (servicing only) | // | Layers[] | ID=GUIDb;Path=%root%\windowsfilter\layerID | ID=GUIDb;Path=%root%\windowsfilter\layerID | -// | SandboxPath | | %root%\windowsfilter | // | HvRuntime | | ImagePath=%root%\BaseLayerID\UtilityVM | // +-----------------+--------------------------------------------+---------------------------------------------------+ // @@ -88,7 +87,6 @@ const defaultOwner = "docker" // }], // "HostName": "475c2c58933b", // "MappedDirectories": [], -// "SandboxPath": "C:\\\\control\\\\windowsfilter", // "HvPartition": true, // "EndpointList": ["e1bb1e61-d56f-405e-b75d-fd520cefa0cb"], // "DNSSearchList": "a.com,b.com,c.com", @@ -159,7 +157,6 @@ func (clnt *client) Create(containerID string, checkpoint string, checkpointDir } if h, ok := option.(*HyperVIsolationOption); ok { configuration.HvPartition = h.IsHyperV - configuration.SandboxPath = h.SandboxPath continue } if l, ok := option.(*LayerOption); ok { diff --git a/components/engine/libcontainerd/types_windows.go b/components/engine/libcontainerd/types_windows.go index cf4d640fa1..317bfb0209 100644 --- a/components/engine/libcontainerd/types_windows.go +++ b/components/engine/libcontainerd/types_windows.go @@ -39,10 +39,9 @@ type FlushOption struct { } // HyperVIsolationOption is a CreateOption that indicates whether the runtime -// should start the container as a Hyper-V container, and if so, the sandbox path. +// should start the container as a Hyper-V container. type HyperVIsolationOption struct { - IsHyperV bool - SandboxPath string `json:",omitempty"` + IsHyperV bool } // LayerOption is a CreateOption that indicates to the runtime the layer folder From 292fba1b5985e52ebc10b2413a820b37f7636140 Mon Sep 17 00:00:00 2001 From: Wentao Zhang Date: Thu, 4 May 2017 00:45:35 +0800 Subject: [PATCH 24/37] Fix when containerd restarted, event handler may exit Description: Kill docker-containerd continuously, and use kill -SIGUSR1 to check docker callstacks. And we will find that event handler: startEventsMonitor or handleEventStream will exit. This will only happen when system is busy, containerd need more time to startup, and the monitor gorotine maybe exit. Signed-off-by: Wentao Zhang Upstream-commit: 02ce73f62e73e78a4ec29b29fb2ba552221fe885 Component: engine --- .../engine/libcontainerd/remote_unix.go | 27 ++++++++++++++----- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/components/engine/libcontainerd/remote_unix.go b/components/engine/libcontainerd/remote_unix.go index 54550595ad..9b3af8020f 100644 --- a/components/engine/libcontainerd/remote_unix.go +++ b/components/engine/libcontainerd/remote_unix.go @@ -49,7 +49,7 @@ type remote struct { stateDir string rpcAddr string startDaemon bool - closeManually bool + closedManually bool debugLog bool rpcConn *grpc.ClientConn clients []*client @@ -154,7 +154,7 @@ func (r *remote) handleConnectionChange() { logrus.Debugf("libcontainerd: containerd health check returned error: %v", err) if r.daemonPid != -1 { - if r.closeManually { + if r.closedManually { // Well, we asked for it to stop, just return return } @@ -180,7 +180,7 @@ func (r *remote) Cleanup() { if r.daemonPid == -1 { return } - r.closeManually = true + r.closedManually = true r.rpcConn.Close() // Ask the daemon to quit syscall.Kill(r.daemonPid, syscall.SIGTERM) @@ -280,10 +280,23 @@ func (r *remote) startEventsMonitor() error { er := &containerd.EventsRequest{ Timestamp: tsp, } - events, err := r.apiClient.Events(context.Background(), er, grpc.FailFast(false)) - if err != nil { - return err + + var events containerd.API_EventsClient + for { + events, err = r.apiClient.Events(context.Background(), er, grpc.FailFast(false)) + if err == nil { + break + } + logrus.Warnf("libcontainerd: failed to get events from containerd: %q", err) + + if r.closedManually { + // ignore error if grpc remote connection is closed manually + return nil + } + + <-time.After(100 * time.Millisecond) } + go r.handleEventStream(events) return nil } @@ -293,7 +306,7 @@ func (r *remote) handleEventStream(events containerd.API_EventsClient) { e, err := events.Recv() if err != nil { if grpc.ErrorDesc(err) == transport.ErrConnClosing.Desc && - r.closeManually { + r.closedManually { // ignore error if grpc remote connection is closed manually return } From 3d977924426d127003d6b81d09aa09694bbe804d Mon Sep 17 00:00:00 2001 From: Marianna Date: Wed, 17 May 2017 14:19:13 -0700 Subject: [PATCH 25/37] Add CreatedAt filed to volume. Display when volume is inspected. Closes #32663 by adding CreatedAt field when volume is created. Displaying CreatedAt value when volume is inspected Adding tests to verfiy the new field is correctly populated Signed-off-by: Marianna Moving CreatedAt tests from the CLI Moving the tests added for the newly added CreatedAt field for Volume, from CLI to API tests Signed-off-by: Marianna Upstream-commit: a46f757c4043031379362c5d6b3bad7562ab9fed Component: engine --- components/engine/api/swagger.yaml | 5 +++++ components/engine/api/types/volume.go | 3 +++ components/engine/daemon/volumes.go | 7 +++++-- .../integration-cli/docker_api_volumes_test.go | 13 +++++++++++++ components/engine/volume/drivers/adapter.go | 9 ++++++++- components/engine/volume/local/local_unix.go | 12 ++++++++++++ components/engine/volume/local/local_windows.go | 12 ++++++++++++ components/engine/volume/testutils/testutils.go | 7 +++++++ components/engine/volume/volume.go | 3 +++ 9 files changed, 68 insertions(+), 3 deletions(-) diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml index 0bd9358c1e..cfa94dea4f 100644 --- a/components/engine/api/swagger.yaml +++ b/components/engine/api/swagger.yaml @@ -1047,6 +1047,10 @@ definitions: type: "string" description: "Mount path of the volume on the host." x-nullable: false + CreatedAt: + type: "string" + format: "dateTime" + description: "Time volume was created." Status: type: "object" description: | @@ -1100,6 +1104,7 @@ definitions: com.example.some-label: "some-value" com.example.some-other-label: "some-other-value" Scope: "local" + CreatedAt: "2016-06-07T20:31:11.853781916Z" Network: type: "object" diff --git a/components/engine/api/types/volume.go b/components/engine/api/types/volume.go index da4f8ebd9c..a69b0cfb17 100644 --- a/components/engine/api/types/volume.go +++ b/components/engine/api/types/volume.go @@ -7,6 +7,9 @@ package types // swagger:model Volume type Volume struct { + // Time volume was created. + CreatedAt string `json:"CreatedAt,omitempty"` + // Name of the volume driver used by the volume. // Required: true Driver string `json:"Driver"` diff --git a/components/engine/daemon/volumes.go b/components/engine/daemon/volumes.go index 9f0468e1a4..2fbeac82c0 100644 --- a/components/engine/daemon/volumes.go +++ b/components/engine/daemon/volumes.go @@ -6,6 +6,7 @@ import ( "os" "path/filepath" "strings" + "time" "github.com/Sirupsen/logrus" dockererrors "github.com/docker/docker/api/errors" @@ -27,9 +28,11 @@ type mounts []container.Mount // volumeToAPIType converts a volume.Volume to the type used by the Engine API func volumeToAPIType(v volume.Volume) *types.Volume { + createdAt, _ := v.CreatedAt() tv := &types.Volume{ - Name: v.Name(), - Driver: v.DriverName(), + Name: v.Name(), + Driver: v.DriverName(), + CreatedAt: createdAt.Format(time.RFC3339), } if v, ok := v.(volume.DetailedVolume); ok { tv.Labels = v.Labels() diff --git a/components/engine/integration-cli/docker_api_volumes_test.go b/components/engine/integration-cli/docker_api_volumes_test.go index 3cc03dfb36..f354856d32 100644 --- a/components/engine/integration-cli/docker_api_volumes_test.go +++ b/components/engine/integration-cli/docker_api_volumes_test.go @@ -2,8 +2,11 @@ package main import ( "encoding/json" + "fmt" "net/http" "path/filepath" + "strings" + "time" "github.com/docker/docker/api/types" volumetypes "github.com/docker/docker/api/types/volume" @@ -69,6 +72,8 @@ func (s *DockerSuite) TestVolumesAPIInspect(c *check.C) { config := volumetypes.VolumesCreateBody{ Name: "test", } + // sampling current time minus a minute so to now have false positive in case of delays + now := time.Now().Truncate(time.Minute) status, b, err := request.SockRequest("POST", "/volumes/create", config, daemonHost()) c.Assert(err, check.IsNil) c.Assert(status, check.Equals, http.StatusCreated, check.Commentf(string(b))) @@ -87,4 +92,12 @@ func (s *DockerSuite) TestVolumesAPIInspect(c *check.C) { c.Assert(status, checker.Equals, http.StatusOK, check.Commentf(string(b))) c.Assert(json.Unmarshal(b, &vol), checker.IsNil) c.Assert(vol.Name, checker.Equals, config.Name) + + // comparing CreatedAt field time for the new volume to now. Removing a minute from both to avoid false positive + testCreatedAt, err := time.Parse(time.RFC3339, strings.TrimSpace(vol.CreatedAt)) + c.Assert(err, check.IsNil) + testCreatedAt = testCreatedAt.Truncate(time.Minute) + if !testCreatedAt.Equal(now) { + c.Assert(fmt.Errorf("Time Volume is CreatedAt not equal to current time"), check.NotNil) + } } diff --git a/components/engine/volume/drivers/adapter.go b/components/engine/volume/drivers/adapter.go index 62ef7dfe60..0ec68dad5f 100644 --- a/components/engine/volume/drivers/adapter.go +++ b/components/engine/volume/drivers/adapter.go @@ -4,6 +4,7 @@ import ( "errors" "path/filepath" "strings" + "time" "github.com/Sirupsen/logrus" "github.com/docker/docker/volume" @@ -82,6 +83,7 @@ func (a *volumeDriverAdapter) Get(name string) (volume.Volume, error) { name: v.Name, driverName: a.Name(), eMount: v.Mountpoint, + createdAt: v.CreatedAt, status: v.Status, baseHostPath: a.baseHostPath, }, nil @@ -124,13 +126,15 @@ type volumeAdapter struct { name string baseHostPath string driverName string - eMount string // ephemeral host volume path + eMount string // ephemeral host volume path + createdAt time.Time // time the directory was created status map[string]interface{} } type proxyVolume struct { Name string Mountpoint string + CreatedAt time.Time Status map[string]interface{} } @@ -168,6 +172,9 @@ func (a *volumeAdapter) Unmount(id string) error { return err } +func (a *volumeAdapter) CreatedAt() (time.Time, error) { + return a.createdAt, nil +} func (a *volumeAdapter) Status() map[string]interface{} { out := make(map[string]interface{}, len(a.status)) for k, v := range a.status { diff --git a/components/engine/volume/local/local_unix.go b/components/engine/volume/local/local_unix.go index fb08862cef..5bba5b7068 100644 --- a/components/engine/volume/local/local_unix.go +++ b/components/engine/volume/local/local_unix.go @@ -8,8 +8,11 @@ package local import ( "fmt" "net" + "os" "path/filepath" "strings" + "syscall" + "time" "github.com/pkg/errors" @@ -85,3 +88,12 @@ func (v *localVolume) mount() error { err := mount.Mount(v.opts.MountDevice, v.path, v.opts.MountType, mountOpts) return errors.Wrapf(err, "error while mounting volume with options: %s", v.opts) } + +func (v *localVolume) CreatedAt() (time.Time, error) { + fileInfo, err := os.Stat(v.path) + if err != nil { + return time.Time{}, err + } + sec, nsec := fileInfo.Sys().(*syscall.Stat_t).Ctim.Unix() + return time.Unix(sec, nsec), nil +} diff --git a/components/engine/volume/local/local_windows.go b/components/engine/volume/local/local_windows.go index 1bdb368a0f..6f5d2223ae 100644 --- a/components/engine/volume/local/local_windows.go +++ b/components/engine/volume/local/local_windows.go @@ -5,8 +5,11 @@ package local import ( "fmt" + "os" "path/filepath" "strings" + "syscall" + "time" ) type optsConfig struct{} @@ -32,3 +35,12 @@ func setOpts(v *localVolume, opts map[string]string) error { func (v *localVolume) mount() error { return nil } + +func (v *localVolume) CreatedAt() (time.Time, error) { + fileInfo, err := os.Stat(v.path) + if err != nil { + return time.Time{}, err + } + ft := fileInfo.Sys().(*syscall.Win32FileAttributeData).CreationTime + return time.Unix(0, ft.Nanoseconds()), nil +} diff --git a/components/engine/volume/testutils/testutils.go b/components/engine/volume/testutils/testutils.go index 2dbac02fdb..d54ba44be6 100644 --- a/components/engine/volume/testutils/testutils.go +++ b/components/engine/volume/testutils/testutils.go @@ -2,6 +2,7 @@ package testutils import ( "fmt" + "time" "github.com/docker/docker/volume" ) @@ -27,6 +28,9 @@ func (NoopVolume) Unmount(_ string) error { return nil } // Status proivdes low-level details about the volume func (NoopVolume) Status() map[string]interface{} { return nil } +// CreatedAt provides the time the volume (directory) was created at +func (NoopVolume) CreatedAt() (time.Time, error) { return time.Now(), nil } + // FakeVolume is a fake volume with a random name type FakeVolume struct { name string @@ -56,6 +60,9 @@ func (FakeVolume) Unmount(_ string) error { return nil } // Status proivdes low-level details about the volume func (FakeVolume) Status() map[string]interface{} { return nil } +// CreatedAt provides the time the volume (directory) was created at +func (FakeVolume) CreatedAt() (time.Time, error) { return time.Now(), nil } + // FakeDriver is a driver that generates fake volumes type FakeDriver struct { name string diff --git a/components/engine/volume/volume.go b/components/engine/volume/volume.go index a23d993830..3d5ab73c1a 100644 --- a/components/engine/volume/volume.go +++ b/components/engine/volume/volume.go @@ -6,6 +6,7 @@ import ( "path/filepath" "strings" "syscall" + "time" mounttypes "github.com/docker/docker/api/types/mount" "github.com/docker/docker/pkg/idtools" @@ -64,6 +65,8 @@ type Volume interface { Mount(id string) (string, error) // Unmount unmounts the volume when it is no longer in use. Unmount(id string) error + // CreatedAt returns Volume Creation time + CreatedAt() (time.Time, error) // Status returns low-level status information about a volume Status() map[string]interface{} } From f35cfc66e54fa185488c9cb35a96969d64b5eb86 Mon Sep 17 00:00:00 2001 From: Alfred Landrum Date: Fri, 26 May 2017 12:54:33 -0700 Subject: [PATCH 26/37] prevent image prune panic Signed-off-by: Alfred Landrum Upstream-commit: 32da2a4234c5c68ff466dc1afc91ba98dbbe199a Component: engine --- components/engine/daemon/prune.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/daemon/prune.go b/components/engine/daemon/prune.go index c614de2fe1..602de618c9 100644 --- a/components/engine/daemon/prune.go +++ b/components/engine/daemon/prune.go @@ -216,7 +216,7 @@ func (daemon *Daemon) ImagesPrune(ctx context.Context, pruneFilters filters.Args if !until.IsZero() && img.Created.After(until) { continue } - if !matchLabels(pruneFilters, img.Config.Labels) { + if img.Config != nil && !matchLabels(pruneFilters, img.Config.Labels) { continue } topImages[id] = img From 81bb7bdddffe5d0e3b5966df9661766736295bfa Mon Sep 17 00:00:00 2001 From: Felix Abecassis Date: Fri, 26 May 2017 18:02:31 -0700 Subject: [PATCH 27/37] Do not reuse a http.Request after a failure in callWithRetry Closes: #33412 Signed-off-by: Felix Abecassis Upstream-commit: 62871ef2fa52b0a2e426c30f36d35a9ba1e92fac Component: engine --- components/engine/pkg/plugins/client.go | 10 +++++----- components/engine/pkg/plugins/client_test.go | 21 ++++++++++++++++++++ 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/components/engine/pkg/plugins/client.go b/components/engine/pkg/plugins/client.go index e8e730eb58..84103c7ae7 100644 --- a/components/engine/pkg/plugins/client.go +++ b/components/engine/pkg/plugins/client.go @@ -129,15 +129,15 @@ func (c *Client) SendFile(serviceMethod string, data io.Reader, ret interface{}) } func (c *Client) callWithRetry(serviceMethod string, data io.Reader, retry bool) (io.ReadCloser, error) { - req, err := c.requestFactory.NewRequest(serviceMethod, data) - if err != nil { - return nil, err - } - var retries int start := time.Now() for { + req, err := c.requestFactory.NewRequest(serviceMethod, data) + if err != nil { + return nil, err + } + resp, err := c.http.Do(req) if err != nil { if !retry { diff --git a/components/engine/pkg/plugins/client_test.go b/components/engine/pkg/plugins/client_test.go index 9faad86a15..fc583fe0c2 100644 --- a/components/engine/pkg/plugins/client_test.go +++ b/components/engine/pkg/plugins/client_test.go @@ -6,6 +6,7 @@ import ( "net/http/httptest" "net/url" "reflect" + "strings" "testing" "time" @@ -38,6 +39,26 @@ func TestFailedConnection(t *testing.T) { } } +func TestFailOnce(t *testing.T) { + addr := setupRemotePluginServer() + defer teardownRemotePluginServer() + + failed := false + mux.HandleFunc("/Test.FailOnce", func(w http.ResponseWriter, r *http.Request) { + if !failed { + failed = true + panic("Plugin not ready") + } + }) + + c, _ := NewClient(addr, &tlsconfig.Options{InsecureSkipVerify: true}) + b := strings.NewReader("body") + _, err := c.callWithRetry("Test.FailOnce", b, true) + if err != nil { + t.Fatal(err) + } +} + func TestEchoInputOutput(t *testing.T) { addr := setupRemotePluginServer() defer teardownRemotePluginServer() From 13833c9420f81c3a91ecc5de05a2804eb118b0c2 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 27 May 2017 15:09:12 +0200 Subject: [PATCH 28/37] libcontainerd: fix reaper goroutine position It has observed defunct containerd processes accumulating over time while dockerd was permanently failing to restart containerd. Due to a bug in the runContainerdDaemon() function, dockerd does not clean up its child process if containerd already exits very soon after the (re)start. The reproducer and analysis below comes from docker 1.12.x but bug still applies on latest master. - from libcontainerd/remote_linux.go: 329 func (r *remote) runContainerdDaemon() error { : : // start the containerd child process : 403 if err := cmd.Start(); err != nil { 404 return err 405 } : : // If containerd exits very soon after (re)start, it is possible : // that containerd is already in defunct state at the time when : // dockerd gets here. The setOOMScore() function tries to write : // to /proc/PID_OF_CONTAINERD/oom_score_adj. However, this fails : // with errno EINVAL because containerd is defunct. Please see : // snippets of kernel source code and further explanation below. : 407 if err := setOOMScore(cmd.Process.Pid, r.oomScore); err != nil { 408 utils.KillProcess(cmd.Process.Pid) : : // Due to the error from write() we return here. As the : // goroutine that would clean up the child has not been : // started yet, containerd remains in the defunct state : // and never gets reaped. : 409 return err 410 } : 417 go func() { 418 cmd.Wait() 419 close(r.daemonWaitCh) 420 }() // Reap our child when needed : 423 } This is the kernel function that gets invoked when dockerd tries to write to /proc/PID_OF_CONTAINERD/oom_score_adj. - from fs/proc/base.c: 1197 static ssize_t oom_score_adj_write(struct file *file, ... 1198 size_t count, loff_t *ppos) 1199 { : 1223 task = get_proc_task(file_inode(file)); : : // The defunct containerd process does not have a virtual : // address space anymore, i.e. task->mm is NULL. Thus the : // following code returns errno EINVAL to dockerd. : 1230 if (!task->mm) { 1231 err = -EINVAL; 1232 goto err_task_lock; 1233 } : 1253 err_task_lock: : 1257 return err < 0 ? err : count; 1258 } The purpose of the following program is to demonstrate the behavior of the oom_score_adj_write() function in connection with a defunct process. $ cat defunct_test.c \#include main() { pid_t pid = fork(); if (pid == 0) // child _exit(0); // parent pause(); } $ make defunct_test cc defunct_test.c -o defunct_test $ ./defunct_test & [1] 3142 $ ps -f | grep defunct_test | grep -v grep root 3142 2956 0 13:04 pts/0 00:00:00 ./defunct_test root 3143 3142 0 13:04 pts/0 00:00:00 [defunct_test] $ echo "ps 3143" | crash -s PID PPID CPU TASK ST %MEM VSZ RSS COMM 3143 3142 2 ffff880035def300 ZO 0.0 0 0 defunct_test $ echo "px ((struct task_struct *)0xffff880035def300)->mm" | crash -s $1 = (struct mm_struct *) 0x0 ^^^ task->mm is NULL $ cat /proc/3143/oom_score_adj 0 $ echo 0 > /proc/3143/oom_score_adj -bash: echo: write error: Invalid argument" --- This patch fixes the above issue by making sure we start the reaper goroutine as soon as possible. Signed-off-by: Antonio Murdaca Upstream-commit: 27087eacbf96e6ef9d48a6d3dc89c7c1cff155b4 Component: engine --- components/engine/libcontainerd/remote_unix.go | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/components/engine/libcontainerd/remote_unix.go b/components/engine/libcontainerd/remote_unix.go index 54550595ad..9f666a2788 100644 --- a/components/engine/libcontainerd/remote_unix.go +++ b/components/engine/libcontainerd/remote_unix.go @@ -414,6 +414,18 @@ func (r *remote) runContainerdDaemon() error { if err := cmd.Start(); err != nil { return err } + + // unless strictly necessary, do not add anything in between here + // as the reaper goroutine below needs to kick in as soon as possible + // and any "return" from code paths added here will defeat the reaper + // process. + + r.daemonWaitCh = make(chan struct{}) + go func() { + cmd.Wait() + close(r.daemonWaitCh) + }() // Reap our child when needed + logrus.Infof("libcontainerd: new containerd process, pid: %d", cmd.Process.Pid) if err := setOOMScore(cmd.Process.Pid, r.oomScore); err != nil { system.KillProcess(cmd.Process.Pid) @@ -424,11 +436,6 @@ func (r *remote) runContainerdDaemon() error { return err } - r.daemonWaitCh = make(chan struct{}) - go func() { - cmd.Wait() - close(r.daemonWaitCh) - }() // Reap our child when needed r.daemonPid = cmd.Process.Pid return nil } From dd2f64591efbb4bcab56d51fc3d31052b6e951cc Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Sat, 27 May 2017 12:30:37 -0400 Subject: [PATCH 29/37] Don't unmount entire plugin manager tree on remove This was mistakenly unmounting everything under `plugins/*` instead of just `plugins//*` anytime a plugin is removed. Signed-off-by: Brian Goff Upstream-commit: db5f31732a9868c1e9e4f9a49be70b794ff82d4f Component: engine --- components/engine/plugin/backend_linux.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/engine/plugin/backend_linux.go b/components/engine/plugin/backend_linux.go index 4329983029..1d7f3a838c 100644 --- a/components/engine/plugin/backend_linux.go +++ b/components/engine/plugin/backend_linux.go @@ -633,8 +633,8 @@ func (pm *Manager) Remove(name string, config *types.PluginRmConfig) error { id := p.GetID() pm.config.Store.Remove(p) pluginDir := filepath.Join(pm.config.Root, id) - if err := recursiveUnmount(pm.config.Root); err != nil { - logrus.WithField("dir", pm.config.Root).WithField("id", id).Warn(err) + if err := recursiveUnmount(pluginDir); err != nil { + logrus.WithField("dir", pluginDir).WithField("id", id).Warn(err) } if err := os.RemoveAll(pluginDir); err != nil { logrus.Warnf("unable to remove %q from plugin remove: %v", pluginDir, err) From 1a6d5b7b4c7298cc546d24ccf42031f7a22d58d3 Mon Sep 17 00:00:00 2001 From: Tobias Gesellchen Date: Sat, 27 May 2017 22:37:36 +0200 Subject: [PATCH 30/37] Fix typo in swagger doc Signed-off-by: Tobias Gesellchen Upstream-commit: 56da4f2fb2509f9b2c2bc1c1c609c1dabeaec07d Component: engine --- components/engine/api/swagger.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/engine/api/swagger.yaml b/components/engine/api/swagger.yaml index 1ba9c5874c..cb2ac783e5 100644 --- a/components/engine/api/swagger.yaml +++ b/components/engine/api/swagger.yaml @@ -3119,7 +3119,7 @@ paths: all processes in the container. Freezing the process requires the process to be running. As a result, paused containers are both `Running` _and_ `Paused`. - Use the `Status` field instead to determin if a container's state is "running". + Use the `Status` field instead to determine if a container's state is "running". type: "boolean" Paused: description: "Whether this container is paused." From e9185f10cf778544e5f69d06d8b73ace093c2875 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 19 May 2017 17:35:01 +0200 Subject: [PATCH 31/37] Don't log error if file is already closed When closing the log-file, and the file is already closed, there's no need to log an error. This patch adds a `closed` boolean to check if the file was closed, and if so, skip closing the file. This prevents errors like this being logged: level=error msg="Error closing logger: invalid argument" Signed-off-by: Sebastiaan van Stijn Upstream-commit: 07b51ed300429e88871e40b4d67dc031e2e8901c Component: engine --- .../logger/loggerutils/rotatefilewriter.go | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/components/engine/daemon/logger/loggerutils/rotatefilewriter.go b/components/engine/daemon/logger/loggerutils/rotatefilewriter.go index 99e0964aea..ecb461fcec 100644 --- a/components/engine/daemon/logger/loggerutils/rotatefilewriter.go +++ b/components/engine/daemon/logger/loggerutils/rotatefilewriter.go @@ -1,6 +1,7 @@ package loggerutils import ( + "errors" "os" "strconv" "sync" @@ -11,6 +12,7 @@ import ( // RotateFileWriter is Logger implementation for default Docker logging. type RotateFileWriter struct { f *os.File // store for closing + closed bool mu sync.Mutex capacity int64 //maximum size of each file currentSize int64 // current size of the latest file @@ -42,6 +44,10 @@ func NewRotateFileWriter(logPath string, capacity int64, maxFiles int) (*RotateF //WriteLog write log message to File func (w *RotateFileWriter) Write(message []byte) (int, error) { w.mu.Lock() + if w.closed { + w.mu.Unlock() + return -1, errors.New("cannot write because the output file was closed") + } if err := w.checkCapacityAndRotate(); err != nil { w.mu.Unlock() return -1, err @@ -100,6 +106,8 @@ func rotate(name string, maxFiles int) error { // LogPath returns the location the given writer logs to. func (w *RotateFileWriter) LogPath() string { + w.mu.Lock() + defer w.mu.Unlock() return w.f.Name() } @@ -120,5 +128,14 @@ func (w *RotateFileWriter) NotifyRotateEvict(sub chan interface{}) { // Close closes underlying file and signals all readers to stop. func (w *RotateFileWriter) Close() error { - return w.f.Close() + w.mu.Lock() + defer w.mu.Unlock() + if w.closed { + return nil + } + if err := w.f.Close(); err != nil { + return err + } + w.closed = true + return nil } From 58ecec6e8e9b8c061ef93a6ac0ab697efde0e3a0 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Mon, 29 May 2017 16:22:33 -0700 Subject: [PATCH 32/37] Move cli.Configdir away (in `flags`). This makes integration not depend anymore of `cli` and thus not require `cobra` and other packages to compile. Signed-off-by: Vincent Demeester Upstream-commit: 71d60ec0eb7eeddc73d2cf63748ab7debe3f06af Component: engine --- components/engine/cli/flags/common.go | 3 +-- components/engine/cli/flags/common_test.go | 3 +-- components/engine/cli/{cli.go => flags/configdir.go} | 2 +- components/engine/integration-cli/check_test.go | 4 ++-- .../engine/integration-cli/docker_cli_push_test.go | 10 +++++----- components/engine/integration-cli/trust_server_test.go | 4 ++-- 6 files changed, 12 insertions(+), 14 deletions(-) rename components/engine/cli/{cli.go => flags/configdir.go} (97%) diff --git a/components/engine/cli/flags/common.go b/components/engine/cli/flags/common.go index 8f20111dce..38a793c402 100644 --- a/components/engine/cli/flags/common.go +++ b/components/engine/cli/flags/common.go @@ -6,7 +6,6 @@ import ( "path/filepath" "github.com/Sirupsen/logrus" - "github.com/docker/docker/cli" "github.com/docker/docker/opts" "github.com/docker/go-connections/tlsconfig" "github.com/spf13/pflag" @@ -46,7 +45,7 @@ func NewCommonOptions() *CommonOptions { // InstallFlags adds flags for the common options on the FlagSet func (commonOpts *CommonOptions) InstallFlags(flags *pflag.FlagSet) { if dockerCertPath == "" { - dockerCertPath = cli.ConfigurationDir() + dockerCertPath = ConfigurationDir() } flags.BoolVarP(&commonOpts.Debug, "debug", "D", false, "Enable debug mode") diff --git a/components/engine/cli/flags/common_test.go b/components/engine/cli/flags/common_test.go index 2434b569ec..52aa3d8b54 100644 --- a/components/engine/cli/flags/common_test.go +++ b/components/engine/cli/flags/common_test.go @@ -4,7 +4,6 @@ import ( "path/filepath" "testing" - "github.com/docker/docker/cli" "github.com/spf13/pflag" "github.com/stretchr/testify/assert" ) @@ -26,7 +25,7 @@ func TestCommonOptionsInstallFlags(t *testing.T) { } func defaultPath(filename string) string { - return filepath.Join(cli.ConfigurationDir(), filename) + return filepath.Join(ConfigurationDir(), filename) } func TestCommonOptionsInstallFlagsWithDefaults(t *testing.T) { diff --git a/components/engine/cli/cli.go b/components/engine/cli/flags/configdir.go similarity index 97% rename from components/engine/cli/cli.go rename to components/engine/cli/flags/configdir.go index 4281667192..5ac7b4fbb9 100644 --- a/components/engine/cli/cli.go +++ b/components/engine/cli/flags/configdir.go @@ -1,4 +1,4 @@ -package cli +package flags import ( "os" diff --git a/components/engine/integration-cli/check_test.go b/components/engine/integration-cli/check_test.go index 8ab282ccc3..a1927e4c9a 100644 --- a/components/engine/integration-cli/check_test.go +++ b/components/engine/integration-cli/check_test.go @@ -12,7 +12,7 @@ import ( "testing" "github.com/docker/docker/api/types/swarm" - dcli "github.com/docker/docker/cli" + "github.com/docker/docker/cli/flags" "github.com/docker/docker/integration-cli/cli" "github.com/docker/docker/integration-cli/cli/build/fakestorage" "github.com/docker/docker/integration-cli/daemon" @@ -406,7 +406,7 @@ func (s *DockerTrustSuite) TearDownTest(c *check.C) { } // Remove trusted keys and metadata after test - os.RemoveAll(filepath.Join(dcli.ConfigurationDir(), "trust")) + os.RemoveAll(filepath.Join(flags.ConfigurationDir(), "trust")) s.ds.TearDownTest(c) } diff --git a/components/engine/integration-cli/docker_cli_push_test.go b/components/engine/integration-cli/docker_cli_push_test.go index b85a510833..f0548e6907 100644 --- a/components/engine/integration-cli/docker_cli_push_test.go +++ b/components/engine/integration-cli/docker_cli_push_test.go @@ -12,7 +12,7 @@ import ( "sync" "github.com/docker/distribution/reference" - dcli "github.com/docker/docker/cli" + "github.com/docker/docker/cli/flags" "github.com/docker/docker/integration-cli/checker" "github.com/docker/docker/integration-cli/cli" "github.com/docker/docker/integration-cli/cli/build" @@ -294,7 +294,7 @@ func (s *DockerTrustSuite) TestTrustedPush(c *check.C) { }) // Assert that we rotated the snapshot key to the server by checking our local keystore - contents, err := ioutil.ReadDir(filepath.Join(dcli.ConfigurationDir(), "trust/private/tuf_keys", privateRegistryURL, "dockerclitrusted/pushtest")) + contents, err := ioutil.ReadDir(filepath.Join(flags.ConfigurationDir(), "trust/private/tuf_keys", privateRegistryURL, "dockerclitrusted/pushtest")) c.Assert(err, check.IsNil, check.Commentf("Unable to read local tuf key files")) // Check that we only have 1 key (targets key) c.Assert(contents, checker.HasLen, 1) @@ -399,7 +399,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithReleasesDelegationOnly(c *check.C) s.assertTargetNotInRoles(c, repoName, "latest", "targets") // Try pull after push - os.RemoveAll(filepath.Join(dcli.ConfigurationDir(), "trust")) + os.RemoveAll(filepath.Join(flags.ConfigurationDir(), "trust")) cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{ Out: "Status: Image is up to date", @@ -436,7 +436,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsAllFirstLevelRolesWeHaveKeysFor(c s.assertTargetNotInRoles(c, repoName, "latest", "targets") // Try pull after push - os.RemoveAll(filepath.Join(dcli.ConfigurationDir(), "trust")) + os.RemoveAll(filepath.Join(flags.ConfigurationDir(), "trust")) // pull should fail because none of these are the releases role cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{ @@ -472,7 +472,7 @@ func (s *DockerTrustSuite) TestTrustedPushSignsForRolesWithKeysAndValidPaths(c * s.assertTargetNotInRoles(c, repoName, "latest", "targets") // Try pull after push - os.RemoveAll(filepath.Join(dcli.ConfigurationDir(), "trust")) + os.RemoveAll(filepath.Join(flags.ConfigurationDir(), "trust")) // pull should fail because none of these are the releases role cli.Docker(cli.Args("pull", targetName), trustedCmd).Assert(c, icmd.Expected{ diff --git a/components/engine/integration-cli/trust_server_test.go b/components/engine/integration-cli/trust_server_test.go index b2930d36a5..d1eb62e794 100644 --- a/components/engine/integration-cli/trust_server_test.go +++ b/components/engine/integration-cli/trust_server_test.go @@ -11,7 +11,7 @@ import ( "strings" "time" - dcli "github.com/docker/docker/cli" + "github.com/docker/docker/cli/flags" "github.com/docker/docker/integration-cli/checker" "github.com/docker/docker/integration-cli/cli" icmd "github.com/docker/docker/pkg/testutil/cmd" @@ -108,7 +108,7 @@ func newTestNotary(c *check.C) (*testNotary, error) { "skipTLSVerify": true } }` - if _, err = fmt.Fprintf(clientConfig, template, filepath.Join(dcli.ConfigurationDir(), "trust"), notaryURL); err != nil { + if _, err = fmt.Fprintf(clientConfig, template, filepath.Join(flags.ConfigurationDir(), "trust"), notaryURL); err != nil { os.RemoveAll(tmp) return nil, err } From 9ac5a907347a94a3bbe7a5a249a5e027946816d4 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Wed, 24 May 2017 21:11:16 -0400 Subject: [PATCH 33/37] Bump go to go1.8.3 Note that go1.8.2 contains a security fix (CVE-2017-8932). Signed-off-by: Brian Goff Upstream-commit: 0c7c900e9e66335a6bd486be008af43ae83a5a37 Component: engine --- components/engine/Dockerfile | 2 +- components/engine/Dockerfile.aarch64 | 2 +- components/engine/Dockerfile.armhf | 2 +- components/engine/Dockerfile.ppc64le | 2 +- components/engine/Dockerfile.s390x | 2 +- components/engine/Dockerfile.simple | 2 +- components/engine/Dockerfile.windows | 2 +- .../engine/contrib/builder/deb/aarch64/debian-jessie/Dockerfile | 2 +- .../contrib/builder/deb/aarch64/debian-stretch/Dockerfile | 2 +- .../engine/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile | 2 +- .../engine/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile | 2 +- .../engine/contrib/builder/deb/amd64/debian-jessie/Dockerfile | 2 +- .../engine/contrib/builder/deb/amd64/debian-stretch/Dockerfile | 2 +- .../engine/contrib/builder/deb/amd64/debian-wheezy/Dockerfile | 2 +- .../engine/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile | 2 +- .../engine/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile | 2 +- .../engine/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile | 2 +- .../engine/contrib/builder/deb/amd64/ubuntu-zesty/Dockerfile | 2 +- .../engine/contrib/builder/deb/armhf/debian-jessie/Dockerfile | 2 +- .../engine/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile | 2 +- .../engine/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile | 2 +- .../engine/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile | 2 +- .../engine/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile | 2 +- .../engine/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile | 2 +- .../engine/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile | 2 +- .../contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile | 2 +- .../engine/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile | 2 +- .../engine/contrib/builder/deb/s390x/ubuntu-yakkety/Dockerfile | 2 +- .../contrib/builder/rpm/amd64/amazonlinux-latest/Dockerfile | 2 +- components/engine/contrib/builder/rpm/amd64/centos-7/Dockerfile | 2 +- .../engine/contrib/builder/rpm/amd64/fedora-24/Dockerfile | 2 +- .../engine/contrib/builder/rpm/amd64/fedora-25/Dockerfile | 2 +- .../engine/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile | 2 +- .../engine/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile | 2 +- .../engine/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile | 2 +- .../engine/contrib/builder/rpm/amd64/photon-1.0/Dockerfile | 2 +- components/engine/contrib/builder/rpm/armhf/centos-7/Dockerfile | 2 +- .../engine/contrib/builder/rpm/ppc64le/centos-7/Dockerfile | 2 +- .../engine/contrib/builder/rpm/ppc64le/fedora-24/Dockerfile | 2 +- .../engine/contrib/builder/rpm/ppc64le/opensuse-42.1/Dockerfile | 2 +- .../contrib/builder/rpm/s390x/clefos-base-s390x-7/Dockerfile | 2 +- .../contrib/builder/rpm/s390x/opensuse-tumbleweed-1/Dockerfile | 2 +- components/engine/man/Dockerfile | 2 +- components/engine/man/Dockerfile.aarch64 | 2 +- components/engine/man/Dockerfile.armhf | 2 +- components/engine/man/Dockerfile.ppc64le | 2 +- components/engine/man/Dockerfile.s390x | 2 +- 47 files changed, 47 insertions(+), 47 deletions(-) diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile index 4bfd0b0580..ddcd3e9daa 100644 --- a/components/engine/Dockerfile +++ b/components/engine/Dockerfile @@ -120,7 +120,7 @@ RUN set -x \ # IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines # will need updating, to avoid errors. Ping #docker-maintainers on IRC # with a heads-up. -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \ | tar -xzC /usr/local diff --git a/components/engine/Dockerfile.aarch64 b/components/engine/Dockerfile.aarch64 index ad1e5188be..b96d473d5b 100644 --- a/components/engine/Dockerfile.aarch64 +++ b/components/engine/Dockerfile.aarch64 @@ -98,7 +98,7 @@ RUN set -x \ # bootstrap, so we use golang-go (1.6) as bootstrap to build Go from source code. # We don't use the official ARMv6 released binaries as a GOROOT_BOOTSTRAP, because # not all ARM64 platforms support 32-bit mode. 32-bit mode is optional for ARMv8. -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \ && cd /usr/src/go/src \ && GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash diff --git a/components/engine/Dockerfile.armhf b/components/engine/Dockerfile.armhf index 6a566ba638..fe190a3fd0 100644 --- a/components/engine/Dockerfile.armhf +++ b/components/engine/Dockerfile.armhf @@ -71,7 +71,7 @@ RUN cd /usr/local/lvm2 \ # See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL # Install Go -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \ | tar -xzC /usr/local ENV PATH /go/bin:/usr/local/go/bin:$PATH diff --git a/components/engine/Dockerfile.ppc64le b/components/engine/Dockerfile.ppc64le index 234e90a534..d61205573a 100644 --- a/components/engine/Dockerfile.ppc64le +++ b/components/engine/Dockerfile.ppc64le @@ -95,7 +95,7 @@ RUN set -x \ # Install Go # NOTE: official ppc64le go binaries weren't available until go 1.6.4 and 1.7.4 -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \ | tar -xzC /usr/local diff --git a/components/engine/Dockerfile.s390x b/components/engine/Dockerfile.s390x index f191481c5f..c568480ecd 100644 --- a/components/engine/Dockerfile.s390x +++ b/components/engine/Dockerfile.s390x @@ -88,7 +88,7 @@ RUN cd /usr/local/lvm2 \ && make install_device-mapper # See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \ | tar -xzC /usr/local diff --git a/components/engine/Dockerfile.simple b/components/engine/Dockerfile.simple index ef5557745c..4edc08f9ed 100644 --- a/components/engine/Dockerfile.simple +++ b/components/engine/Dockerfile.simple @@ -53,7 +53,7 @@ RUN set -x \ # IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines # will need updating, to avoid errors. Ping #docker-maintainers on IRC # with a heads-up. -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \ | tar -xzC /usr/local ENV PATH /go/bin:/usr/local/go/bin:$PATH diff --git a/components/engine/Dockerfile.windows b/components/engine/Dockerfile.windows index 0a03830dc9..8f8ee609c4 100644 --- a/components/engine/Dockerfile.windows +++ b/components/engine/Dockerfile.windows @@ -161,7 +161,7 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref # Environment variable notes: # - GO_VERSION must be consistent with 'Dockerfile' used by Linux. # - FROM_DOCKERFILE is used for detection of building within a container. -ENV GO_VERSION=1.8.1 ` +ENV GO_VERSION=1.8.3 ` GIT_VERSION=2.11.1 ` GOPATH=C:\go ` FROM_DOCKERFILE=1 diff --git a/components/engine/contrib/builder/deb/aarch64/debian-jessie/Dockerfile b/components/engine/contrib/builder/deb/aarch64/debian-jessie/Dockerfile index e165da4978..e7f9b9e743 100644 --- a/components/engine/contrib/builder/deb/aarch64/debian-jessie/Dockerfile +++ b/components/engine/contrib/builder/deb/aarch64/debian-jessie/Dockerfile @@ -12,7 +12,7 @@ RUN update-alternatives --install /usr/bin/go go /usr/lib/go-1.6/bin/go 100 # Install Go # aarch64 doesn't have official go binaries, so use the version of go installed from # the image to build go from source. -ENV GO_VERSION 1.7.5 +ENV GO_VERSION 1.8.3 RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \ && cd /usr/src/go/src \ && GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash diff --git a/components/engine/contrib/builder/deb/aarch64/debian-stretch/Dockerfile b/components/engine/contrib/builder/deb/aarch64/debian-stretch/Dockerfile index 00546e256e..f6ac277be6 100644 --- a/components/engine/contrib/builder/deb/aarch64/debian-stretch/Dockerfile +++ b/components/engine/contrib/builder/deb/aarch64/debian-stretch/Dockerfile @@ -9,7 +9,7 @@ RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools bu # Install Go # aarch64 doesn't have official go binaries, so use the version of go installed from # the image to build go from source. -ENV GO_VERSION 1.7.5 +ENV GO_VERSION 1.8.3 RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \ && cd /usr/src/go/src \ && GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash diff --git a/components/engine/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile b/components/engine/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile index f0fc346e2d..7b8c185b84 100644 --- a/components/engine/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile +++ b/components/engine/contrib/builder/deb/aarch64/ubuntu-trusty/Dockerfile @@ -11,7 +11,7 @@ RUN update-alternatives --install /usr/bin/go go /usr/lib/go-1.6/bin/go 100 # Install Go # aarch64 doesn't have official go binaries, so use the version of go installed from # the image to build go from source. -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \ && cd /usr/src/go/src \ && GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash diff --git a/components/engine/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile b/components/engine/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile index c379e651cd..b35ade60f2 100644 --- a/components/engine/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile +++ b/components/engine/contrib/builder/deb/aarch64/ubuntu-xenial/Dockerfile @@ -9,7 +9,7 @@ RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools bu # Install Go # aarch64 doesn't have official go binaries, so use the version of go installed from # the image to build go from source. -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \ && cd /usr/src/go/src \ && GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash diff --git a/components/engine/contrib/builder/deb/amd64/debian-jessie/Dockerfile b/components/engine/contrib/builder/deb/amd64/debian-jessie/Dockerfile index 0ade89d15d..0b41c624ad 100644 --- a/components/engine/contrib/builder/deb/amd64/debian-jessie/Dockerfile +++ b/components/engine/contrib/builder/deb/amd64/debian-jessie/Dockerfile @@ -10,7 +10,7 @@ RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/amd64/debian-stretch/Dockerfile b/components/engine/contrib/builder/deb/amd64/debian-stretch/Dockerfile index be3c19f036..98ce8710cb 100644 --- a/components/engine/contrib/builder/deb/amd64/debian-stretch/Dockerfile +++ b/components/engine/contrib/builder/deb/amd64/debian-stretch/Dockerfile @@ -10,7 +10,7 @@ RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/amd64/debian-wheezy/Dockerfile b/components/engine/contrib/builder/deb/amd64/debian-wheezy/Dockerfile index 9b8cade500..2d86fbb296 100644 --- a/components/engine/contrib/builder/deb/amd64/debian-wheezy/Dockerfile +++ b/components/engine/contrib/builder/deb/amd64/debian-wheezy/Dockerfile @@ -12,7 +12,7 @@ RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list.d RUN apt-get update && apt-get install -y -t wheezy-backports btrfs-tools --no-install-recommends && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install -y apparmor bash-completion build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile b/components/engine/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile index 2d8b196065..3c208c7e64 100644 --- a/components/engine/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile +++ b/components/engine/contrib/builder/deb/amd64/ubuntu-trusty/Dockerfile @@ -6,7 +6,7 @@ FROM ubuntu:trusty RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile b/components/engine/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile index f533a13907..442c9de9d6 100644 --- a/components/engine/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile +++ b/components/engine/contrib/builder/deb/amd64/ubuntu-xenial/Dockerfile @@ -6,7 +6,7 @@ FROM ubuntu:xenial RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile b/components/engine/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile index 8b75cb8766..14222fa028 100644 --- a/components/engine/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile +++ b/components/engine/contrib/builder/deb/amd64/ubuntu-yakkety/Dockerfile @@ -6,7 +6,7 @@ FROM ubuntu:yakkety RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/amd64/ubuntu-zesty/Dockerfile b/components/engine/contrib/builder/deb/amd64/ubuntu-zesty/Dockerfile index 9a19e4b132..74dbb08469 100644 --- a/components/engine/contrib/builder/deb/amd64/ubuntu-zesty/Dockerfile +++ b/components/engine/contrib/builder/deb/amd64/ubuntu-zesty/Dockerfile @@ -6,7 +6,7 @@ FROM ubuntu:zesty RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.7.5 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/armhf/debian-jessie/Dockerfile b/components/engine/contrib/builder/deb/armhf/debian-jessie/Dockerfile index f72e697a19..3c63f47997 100644 --- a/components/engine/contrib/builder/deb/armhf/debian-jessie/Dockerfile +++ b/components/engine/contrib/builder/deb/armhf/debian-jessie/Dockerfile @@ -10,7 +10,7 @@ RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile b/components/engine/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile index 3664834d70..926639c002 100644 --- a/components/engine/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile +++ b/components/engine/contrib/builder/deb/armhf/raspbian-jessie/Dockerfile @@ -10,7 +10,7 @@ RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 # GOARM is the ARM architecture version which is unrelated to the above Golang version ENV GOARM 6 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local diff --git a/components/engine/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile b/components/engine/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile index f3743890a5..ce80b071b0 100644 --- a/components/engine/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile +++ b/components/engine/contrib/builder/deb/armhf/ubuntu-trusty/Dockerfile @@ -6,7 +6,7 @@ FROM armhf/ubuntu:trusty RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile b/components/engine/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile index 6814682563..c25e3524ee 100644 --- a/components/engine/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile +++ b/components/engine/contrib/builder/deb/armhf/ubuntu-xenial/Dockerfile @@ -6,7 +6,7 @@ FROM armhf/ubuntu:xenial RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile b/components/engine/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile index 3cb2b31967..9dc92f0b70 100644 --- a/components/engine/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile +++ b/components/engine/contrib/builder/deb/armhf/ubuntu-yakkety/Dockerfile @@ -6,7 +6,7 @@ FROM armhf/ubuntu:yakkety RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config vim-common libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile b/components/engine/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile index 77bb0f1f2d..76bc9e51bc 100644 --- a/components/engine/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile +++ b/components/engine/contrib/builder/deb/ppc64le/ubuntu-trusty/Dockerfile @@ -6,7 +6,7 @@ FROM ppc64le/ubuntu:trusty RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libsystemd-journal-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile b/components/engine/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile index 1bf7e9120a..9db6bc0e12 100644 --- a/components/engine/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile +++ b/components/engine/contrib/builder/deb/ppc64le/ubuntu-xenial/Dockerfile @@ -6,7 +6,7 @@ FROM ppc64le/ubuntu:xenial RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libseccomp-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile b/components/engine/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile index b94a4de875..535f4b3427 100644 --- a/components/engine/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile +++ b/components/engine/contrib/builder/deb/ppc64le/ubuntu-yakkety/Dockerfile @@ -6,7 +6,7 @@ FROM ppc64le/ubuntu:yakkety RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev pkg-config vim-common libseccomp-dev libsystemd-dev --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile b/components/engine/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile index e96c0cb241..306d3dd74e 100644 --- a/components/engine/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile +++ b/components/engine/contrib/builder/deb/s390x/ubuntu-xenial/Dockerfile @@ -6,7 +6,7 @@ FROM s390x/ubuntu:xenial RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config libsystemd-dev vim-common --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/deb/s390x/ubuntu-yakkety/Dockerfile b/components/engine/contrib/builder/deb/s390x/ubuntu-yakkety/Dockerfile index 0faa6e76f9..d8caa0b0b8 100644 --- a/components/engine/contrib/builder/deb/s390x/ubuntu-yakkety/Dockerfile +++ b/components/engine/contrib/builder/deb/s390x/ubuntu-yakkety/Dockerfile @@ -6,7 +6,7 @@ FROM s390x/ubuntu:yakkety RUN apt-get update && apt-get install -y apparmor bash-completion btrfs-tools build-essential cmake curl ca-certificates debhelper dh-apparmor dh-systemd git libapparmor-dev libdevmapper-dev libltdl-dev libseccomp-dev pkg-config libsystemd-dev vim-common --no-install-recommends && rm -rf /var/lib/apt/lists/* -ENV GO_VERSION 1.7.5 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/amd64/amazonlinux-latest/Dockerfile b/components/engine/contrib/builder/rpm/amd64/amazonlinux-latest/Dockerfile index 348ddbaa58..fd23603fdb 100644 --- a/components/engine/contrib/builder/rpm/amd64/amazonlinux-latest/Dockerfile +++ b/components/engine/contrib/builder/rpm/amd64/amazonlinux-latest/Dockerfile @@ -7,7 +7,7 @@ FROM amazonlinux:latest RUN yum groupinstall -y "Development Tools" RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel tar git cmake vim-common -ENV GO_VERSION 1.7.5 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/amd64/centos-7/Dockerfile b/components/engine/contrib/builder/rpm/amd64/centos-7/Dockerfile index 8a3312c5ec..c64ba0533c 100644 --- a/components/engine/contrib/builder/rpm/amd64/centos-7/Dockerfile +++ b/components/engine/contrib/builder/rpm/amd64/centos-7/Dockerfile @@ -8,7 +8,7 @@ RUN yum groupinstall -y "Development Tools" RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel systemd-devel tar git cmake vim-common -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/amd64/fedora-24/Dockerfile b/components/engine/contrib/builder/rpm/amd64/fedora-24/Dockerfile index 8251defa28..c1c7a45d02 100644 --- a/components/engine/contrib/builder/rpm/amd64/fedora-24/Dockerfile +++ b/components/engine/contrib/builder/rpm/amd64/fedora-24/Dockerfile @@ -8,7 +8,7 @@ RUN dnf -y upgrade RUN dnf install -y @development-tools fedora-packager RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel systemd-devel tar git cmake vim-common -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/amd64/fedora-25/Dockerfile b/components/engine/contrib/builder/rpm/amd64/fedora-25/Dockerfile index aaf5736fb0..8c06f37346 100644 --- a/components/engine/contrib/builder/rpm/amd64/fedora-25/Dockerfile +++ b/components/engine/contrib/builder/rpm/amd64/fedora-25/Dockerfile @@ -8,7 +8,7 @@ RUN dnf -y upgrade RUN dnf install -y @development-tools fedora-packager RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel systemd-devel tar git cmake vim-common -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile b/components/engine/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile index 5e408eeffd..5ea4623963 100644 --- a/components/engine/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile +++ b/components/engine/contrib/builder/rpm/amd64/opensuse-13.2/Dockerfile @@ -7,7 +7,7 @@ FROM opensuse:13.2 RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build RUN zypper --non-interactive install libbtrfs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel systemd-devel tar git cmake vim systemd-rpm-macros -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile b/components/engine/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile index 1e78c9cbd3..108c9d276a 100644 --- a/components/engine/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile +++ b/components/engine/contrib/builder/rpm/amd64/oraclelinux-6/Dockerfile @@ -10,7 +10,7 @@ RUN yum install -y kernel-uek-devel-4.1.12-32.el6uek RUN yum groupinstall -y "Development Tools" RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel tar git cmake vim-common -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile b/components/engine/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile index f4f5a8e36a..4a57c6b5bb 100644 --- a/components/engine/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile +++ b/components/engine/contrib/builder/rpm/amd64/oraclelinux-7/Dockerfile @@ -7,7 +7,7 @@ FROM oraclelinux:7 RUN yum groupinstall -y "Development Tools" RUN yum install -y --enablerepo=ol7_optional_latest btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel systemd-devel tar git cmake vim-common -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/amd64/photon-1.0/Dockerfile b/components/engine/contrib/builder/rpm/amd64/photon-1.0/Dockerfile index 853c73b1a6..a535820897 100644 --- a/components/engine/contrib/builder/rpm/amd64/photon-1.0/Dockerfile +++ b/components/engine/contrib/builder/rpm/amd64/photon-1.0/Dockerfile @@ -7,7 +7,7 @@ FROM photon:1.0 RUN tdnf install -y wget curl ca-certificates gzip make rpm-build sed gcc linux-api-headers glibc-devel binutils libseccomp libltdl-devel elfutils RUN tdnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel systemd-devel tar git cmake vim-common -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/armhf/centos-7/Dockerfile b/components/engine/contrib/builder/rpm/armhf/centos-7/Dockerfile index 3c9b93d881..ece0ad5b2a 100644 --- a/components/engine/contrib/builder/rpm/armhf/centos-7/Dockerfile +++ b/components/engine/contrib/builder/rpm/armhf/centos-7/Dockerfile @@ -9,7 +9,7 @@ RUN yum groupinstall --skip-broken -y "Development Tools" RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common -ENV GO_VERSION 1.7.4 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/ppc64le/centos-7/Dockerfile b/components/engine/contrib/builder/rpm/ppc64le/centos-7/Dockerfile index 5885137206..8299031346 100644 --- a/components/engine/contrib/builder/rpm/ppc64le/centos-7/Dockerfile +++ b/components/engine/contrib/builder/rpm/ppc64le/centos-7/Dockerfile @@ -8,7 +8,7 @@ RUN yum groupinstall -y "Development Tools" RUN yum -y swap -- remove systemd-container systemd-container-libs -- install systemd systemd-libs RUN yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/ppc64le/fedora-24/Dockerfile b/components/engine/contrib/builder/rpm/ppc64le/fedora-24/Dockerfile index 491b99d059..3bb6c0547a 100644 --- a/components/engine/contrib/builder/rpm/ppc64le/fedora-24/Dockerfile +++ b/components/engine/contrib/builder/rpm/ppc64le/fedora-24/Dockerfile @@ -8,7 +8,7 @@ RUN dnf -y upgrade RUN dnf install -y @development-tools fedora-packager RUN dnf install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel systemd-devel tar git cmake -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/ppc64le/opensuse-42.1/Dockerfile b/components/engine/contrib/builder/rpm/ppc64le/opensuse-42.1/Dockerfile index 1bfcef84f9..83e5f62b46 100644 --- a/components/engine/contrib/builder/rpm/ppc64le/opensuse-42.1/Dockerfile +++ b/components/engine/contrib/builder/rpm/ppc64le/opensuse-42.1/Dockerfile @@ -9,7 +9,7 @@ RUN zypper addrepo -n ppc64le-updates -f https://download.opensuse.org/ports/upd RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build RUN zypper --non-interactive install libbtrfs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/s390x/clefos-base-s390x-7/Dockerfile b/components/engine/contrib/builder/rpm/s390x/clefos-base-s390x-7/Dockerfile index 78a232c4e7..9435bf1329 100644 --- a/components/engine/contrib/builder/rpm/s390x/clefos-base-s390x-7/Dockerfile +++ b/components/engine/contrib/builder/rpm/s390x/clefos-base-s390x-7/Dockerfile @@ -8,7 +8,7 @@ FROM sinenomine/clefos-base-s390x RUN touch /var/lib/rpm/* && yum groupinstall -y "Development Tools" RUN touch /var/lib/rpm/* && yum install -y btrfs-progs-devel device-mapper-devel glibc-static libseccomp-devel libselinux-devel libtool-ltdl-devel pkgconfig selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim-common -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/contrib/builder/rpm/s390x/opensuse-tumbleweed-1/Dockerfile b/components/engine/contrib/builder/rpm/s390x/opensuse-tumbleweed-1/Dockerfile index de55b1f987..a36bb74f08 100644 --- a/components/engine/contrib/builder/rpm/s390x/opensuse-tumbleweed-1/Dockerfile +++ b/components/engine/contrib/builder/rpm/s390x/opensuse-tumbleweed-1/Dockerfile @@ -9,7 +9,7 @@ RUN zypper ar https://download.opensuse.org/ports/zsystems/tumbleweed/repo/oss/ RUN zypper --non-interactive install ca-certificates* curl gzip rpm-build RUN zypper --non-interactive install libbtrfs-devel device-mapper-devel glibc-static libselinux-devel libtool-ltdl-devel pkg-config selinux-policy selinux-policy-devel sqlite-devel systemd-devel tar git cmake vim systemd-rpm-macros -ENV GO_VERSION 1.8.1 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" | tar xzC /usr/local ENV PATH $PATH:/usr/local/go/bin diff --git a/components/engine/man/Dockerfile b/components/engine/man/Dockerfile index 80e97ff01e..01a9fc0151 100644 --- a/components/engine/man/Dockerfile +++ b/components/engine/man/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.7.5-alpine +FROM golang:1.8.3-alpine RUN apk add -U git bash curl gcc musl-dev make diff --git a/components/engine/man/Dockerfile.aarch64 b/components/engine/man/Dockerfile.aarch64 index 8553d1f763..80e9feb2d6 100644 --- a/components/engine/man/Dockerfile.aarch64 +++ b/components/engine/man/Dockerfile.aarch64 @@ -2,7 +2,7 @@ FROM aarch64/ubuntu:xenial RUN apt-get update && apt-get install -y git golang-go curl -ENV GO_VERSION 1.7.5 +ENV GO_VERSION 1.8.3 ENV GOARCH arm64 ENV PATH /go/bin:/usr/src/go/bin:$PATH diff --git a/components/engine/man/Dockerfile.armhf b/components/engine/man/Dockerfile.armhf index e7ea495646..3f05d99c32 100644 --- a/components/engine/man/Dockerfile.armhf +++ b/components/engine/man/Dockerfile.armhf @@ -11,7 +11,7 @@ RUN apt-get update && apt-get install -y \ gcc \ make -ENV GO_VERSION 1.7.5 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \ | tar -xzC /usr/local ENV PATH /go/bin:/usr/local/go/bin:$PATH diff --git a/components/engine/man/Dockerfile.ppc64le b/components/engine/man/Dockerfile.ppc64le index fc96ca7691..a170ea4f28 100644 --- a/components/engine/man/Dockerfile.ppc64le +++ b/components/engine/man/Dockerfile.ppc64le @@ -7,7 +7,7 @@ RUN apt-get update && apt-get install -y \ make \ tar -ENV GO_VERSION 1.7.5 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \ | tar -xzC /usr/local ENV PATH /usr/local/go/bin:$PATH diff --git a/components/engine/man/Dockerfile.s390x b/components/engine/man/Dockerfile.s390x index d4bcf1da11..e2a783f698 100644 --- a/components/engine/man/Dockerfile.s390x +++ b/components/engine/man/Dockerfile.s390x @@ -7,7 +7,7 @@ RUN apt-get update && apt-get install -y \ make \ tar -ENV GO_VERSION 1.7.5 +ENV GO_VERSION 1.8.3 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \ | tar -xzC /usr/local ENV PATH /usr/local/go/bin:$PATH From 6ed8b96066314be88aed8662228fd368e16ec277 Mon Sep 17 00:00:00 2001 From: vanderliang Date: Wed, 31 May 2017 14:18:42 +0800 Subject: [PATCH 34/37] Fix downloading image fails when build docker Generate a token for each download process to avoid token expired. Closes: #33441 Signed-off-by: vanderliang Upstream-commit: cb502cd4e894a78e723902a4d2f23174b69430ce Component: engine --- components/engine/contrib/download-frozen-image-v2.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/components/engine/contrib/download-frozen-image-v2.sh b/components/engine/contrib/download-frozen-image-v2.sh index 37b5038938..43bbf7e3cf 100755 --- a/components/engine/contrib/download-frozen-image-v2.sh +++ b/components/engine/contrib/download-frozen-image-v2.sh @@ -157,6 +157,7 @@ while [ $# -gt 0 ]; do echo "skipping existing ${layerId:0:12}" continue fi + token="$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output '.token')" curl -fSL --progress \ -H "Authorization: Bearer $token" \ "https://registry-1.docker.io/v2/$image/blobs/$layerDigest" \ @@ -229,6 +230,7 @@ while [ $# -gt 0 ]; do echo "skipping existing ${layerId:0:12}" continue fi + token="$(curl -fsSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$image:pull" | jq --raw-output '.token')" curl -fSL --progress -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/$image/blobs/$imageLayer" -o "$dir/$layerId/layer.tar" # -C - done ;; From 8e156ee521271a07bcf15d47e0e306544adee0d6 Mon Sep 17 00:00:00 2001 From: Jacob Wen Date: Mon, 22 May 2017 15:15:04 +0800 Subject: [PATCH 35/37] Don't warn if the shm or mquere is not mounted Fix #33328 Signed-off-by: Jacob Wen Upstream-commit: cfa2591d3f2636221e5005b3609aeb572e0c6653 Component: engine --- components/engine/container/container_unix.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/components/engine/container/container_unix.go b/components/engine/container/container_unix.go index b0a32e6d5b..b46e100bb1 100644 --- a/components/engine/container/container_unix.go +++ b/components/engine/container/container_unix.go @@ -13,6 +13,7 @@ import ( containertypes "github.com/docker/docker/api/types/container" mounttypes "github.com/docker/docker/api/types/mount" "github.com/docker/docker/pkg/chrootarchive" + "github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/symlink" "github.com/docker/docker/pkg/system" @@ -220,7 +221,9 @@ func (container *Container) UnmountIpcMounts(unmount func(pth string) error) { warnings = append(warnings, err.Error()) } else if shmPath != "" { if err := unmount(shmPath); err != nil && !os.IsNotExist(err) { - warnings = append(warnings, fmt.Sprintf("failed to umount %s: %v", shmPath, err)) + if mounted, mErr := mount.Mounted(shmPath); mounted || mErr != nil { + warnings = append(warnings, fmt.Sprintf("failed to umount %s: %v", shmPath, err)) + } } } From 421a16553e37b0c79bbd50f63f3ef8d50d263987 Mon Sep 17 00:00:00 2001 From: Raja Sami Date: Thu, 18 May 2017 20:32:48 +0500 Subject: [PATCH 36/37] Increase the Coverage of pkg/platform Signed-off-by: Raja Sami Upstream-commit: bdc87676bfee0f9a26fe12323dbe6875af783645 Component: engine --- .../engine/pkg/platform/utsname_int8_test.go | 16 ++++++++++++++++ .../engine/pkg/platform/utsname_uint8_test.go | 16 ++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 components/engine/pkg/platform/utsname_int8_test.go create mode 100644 components/engine/pkg/platform/utsname_uint8_test.go diff --git a/components/engine/pkg/platform/utsname_int8_test.go b/components/engine/pkg/platform/utsname_int8_test.go new file mode 100644 index 0000000000..9dada23591 --- /dev/null +++ b/components/engine/pkg/platform/utsname_int8_test.go @@ -0,0 +1,16 @@ +// +build linux,386 linux,amd64 linux,arm64 + +package platform + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestCharToString(t *testing.T) { + machineInBytes := [65]int8{120, 56, 54, 95, 54, 52} + machineInString := charsToString(machineInBytes) + assert.NotNil(t, machineInString, "Unable to convert char into string.") + assert.Equal(t, string("x86_64"), machineInString, "Parsed machine code not equal.") +} diff --git a/components/engine/pkg/platform/utsname_uint8_test.go b/components/engine/pkg/platform/utsname_uint8_test.go new file mode 100644 index 0000000000..444b83bdbe --- /dev/null +++ b/components/engine/pkg/platform/utsname_uint8_test.go @@ -0,0 +1,16 @@ +// +build linux,arm linux,ppc64 linux,ppc64le s390x + +package platform + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestTestCharToString(t *testing.T) { + machineInBytes := [65]uint8{120, 56, 54, 95, 54, 52} + machineInString := charsToString(machineInBytes) + assert.NotNil(t, machineInString, "Unable to convert char into string.") + assert.Equal(t, string("x86_64"), machineInString, "Parsed machine code not equal.") +} From 02f992f2b82b3f854ccdd3b16fd1d3168f4f130b Mon Sep 17 00:00:00 2001 From: Chen Min Date: Thu, 1 Jun 2017 19:21:01 +0800 Subject: [PATCH 37/37] Fix Typos: continer,contianer -> container Signed-off-by: Chen Min Upstream-commit: 2b62eb434be4770c101ef79666a952fd7f43a742 Component: engine --- components/engine/client/container_wait.go | 2 +- components/engine/container/state.go | 2 +- components/engine/integration-cli/docker_cli_swarm_test.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/components/engine/client/container_wait.go b/components/engine/client/container_wait.go index af4559c4b9..13b5eea6a9 100644 --- a/components/engine/client/container_wait.go +++ b/components/engine/client/container_wait.go @@ -10,7 +10,7 @@ import ( "github.com/docker/docker/api/types/versions" ) -// ContainerWait waits until the specified continer is in a certain state +// ContainerWait waits until the specified container is in a certain state // indicated by the given condition, either "not-running" (default), // "next-exit", or "removed". // diff --git a/components/engine/container/state.go b/components/engine/container/state.go index e99fe008bb..b87577b1c0 100644 --- a/components/engine/container/state.go +++ b/components/engine/container/state.go @@ -180,7 +180,7 @@ const ( WaitConditionRemoved ) -// Wait waits until the continer is in a certain state indicated by the given +// Wait waits until the container is in a certain state indicated by the given // condition. A context must be used for cancelling the request, controlling // timeouts, and avoiding goroutine leaks. Wait must be called without holding // the state lock. Returns a channel from which the caller will receive the diff --git a/components/engine/integration-cli/docker_cli_swarm_test.go b/components/engine/integration-cli/docker_cli_swarm_test.go index 8a8c8d0fcd..086a6632d2 100644 --- a/components/engine/integration-cli/docker_cli_swarm_test.go +++ b/components/engine/integration-cli/docker_cli_swarm_test.go @@ -448,7 +448,7 @@ func (s *DockerSwarmSuite) TestOverlayAttachableReleaseResourcesOnFailure(c *che out, err = d.Cmd("run", "-d", "--network", "ovnet", "--name", "c1", "--ip", "10.10.9.33", "busybox", "top") c.Assert(err, checker.IsNil, check.Commentf(out)) - // Attempt to attach another contianer with same IP, must fail + // Attempt to attach another container with same IP, must fail _, err = d.Cmd("run", "-d", "--network", "ovnet", "--name", "c2", "--ip", "10.10.9.33", "busybox", "top") c.Assert(err, checker.NotNil)