When read is called on a tarsum with a two different read sizes, specifically the second call larger than the first, the dynamic buffer does not get reallocated causing a slice read error.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Upstream-commit: 5cdf7f507771e159ddd335f3757cd33f7ba4e426
Component: engine
Not breaking the default cipher and algorithm for calculating checksums,
but allow for using alternate block ciphers during the checksum
calculation.
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Upstream-commit: 4e9925d780665149b8bc940d5ba242ada1973c4e
Component: engine
If a tar were constructed with duplicate file names, then depending on
the order, it could result in same tarsum.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: c5e6362c53cbbc09ddbabd5a7323e04438b57d31
Component: engine
Addresses #8057
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Upstream-commit: 4119c9d7d955757092adc3410da8d75f972bd3c1
Component: engine
Tarsum now correctly closes the internal TarWriter which appends
a block of 1024 zeros to the end of the returned archive.
Signed-off-by: Josh Hawn <josh.hawn@docker.com>
Upstream-commit: bc956c6b79dbe9cc7a1ab198f92b6843d072eb28
Component: engine
Now that TarSum can be versioned, move the addition of xattr headers in
to the next version of TarSum
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: 0ecafb8a6909f5d342246aefb9ac97350cef6558
Component: engine
this is to enhance the tarsum algorithm, but _MUST_ be done in lock step
with the same for docker-registry. (PR will be cited)
Docker-DCO-1.1-Signed-off-by: Vincent Batts <vbatts@redhat.com> (github: vbatts)
Upstream-commit: 448c8ecb0fb453bb29fcada5e7486355ccfadbe9
Component: engine
don't export the exsisting TarSum struct and call the interface 'TarSum'
instead.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: ec01eb653db9d5e5b9291c1670dde57e7f742874
Component: engine
This introduces Versions for TarSum checksums.
Fixes: https://github.com/docker/docker/issues/7526
It preserves current functionality and abstracts the interface for
future flexibility of hashing algorithms. As a POC, the VersionDev
Tarsum does not include the mtime in the checksum calculation, and would
solve https://github.com/docker/docker/issues/7387 though this is not a
settled Version is subject to change until a version number is assigned.
Signed-off-by: Vincent Batts <vbatts@redhat.com>
Upstream-commit: 747f89cd327db9d50251b17797c4d825162226d0
Component: engine
If iptables version is < 1.4.11, try to delete the rule vs. checking if it exists. Fixes#6831.
Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jfrazelle@users.noreply.github.com> (github: jfrazelle)
Upstream-commit: f3a68ffa390fb851115c77783fa4031f1d3b2995
Component: engine
This commit makes tarsum buffer allocation dynamic. This change
is required to avoid allocating memory excessively after the archive
buffering changes.
Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
Upstream-commit: 7ef34407509fa76e3ead12a20c8b731f434e1971
Component: engine
--help and help are successful commands so output should not go to error.
QE teams have requested this change, also users doing docker help | less
or docker run --help | less would expect this to work.
Usage statement should only be printed when the user asks for it.
Errors should print error message and then suggest the docker COMMAND --help
command to see usage information.
The current behaviour causes the user to have to search for the error message
and sometimes scrolls right off the screen. For example a error on a
"docker run" command is very difficult to diagnose.
Finally erros should always exit with a non 0 exit code, if the user
makes a CLI error.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Upstream-commit: 61b129d81802e3c988cc0e67e488b24968dd748a
Component: engine
This code is vital to the security of the project and it is important
we assure it is well-maintained and guarded.
I am vested in assuring this code maintains security and
provides as much compatibility as possible between releases.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: cd71f92a7fda7a8bdf328a91c37a759463862aeb
Component: engine
