Merge pull request #3224 from thaJeztah/20.10_backport_bump_go_1.16.6

[20.10 backport] Bump go 1.16.6

.circleci/config.yml

@@ -4,13 +4,13 @@ jobs:
 
   lint:
     working_directory: /work
-    docker: [{image: 'docker:19.03-git'}]
+    docker: [{image: 'docker:20.10-git'}]
     environment:
       DOCKER_BUILDKIT: 1
     steps:
       - checkout
       - setup_remote_docker:
-          version: 19.03.12
+          version: 20.10.6
           reusable: true
           exclusive: false
       - run:
@@ -39,7 +39,7 @@ jobs:
 
   cross:
     working_directory: /work
-    docker: [{image: 'docker:19.03-git'}]
+    docker: [{image: 'docker:20.10-git'}]
     environment:
       DOCKER_BUILDKIT: 1
       BUILDX_VERSION: "v0.5.1"
@@ -47,7 +47,7 @@ jobs:
     steps:
       - checkout
       - setup_remote_docker:
-          version: 19.03.12
+          version: 20.10.6
           reusable: true
           exclusive: false
       - run:
@@ -69,13 +69,13 @@ jobs:
 
   test:
     working_directory: /work
-    docker: [{image: 'docker:19.03-git'}]
+    docker: [{image: 'docker:20.10-git'}]
     environment:
       DOCKER_BUILDKIT: 1
     steps:
       - checkout
       - setup_remote_docker:
-          version: 19.03.12
+          version: 20.10.6
           reusable: true
           exclusive: false
       - run:
@@ -116,13 +116,13 @@ jobs:
 
   validate:
     working_directory: /work
-    docker: [{image: 'docker:19.03-git'}]
+    docker: [{image: 'docker:20.10-git'}]
     environment:
       DOCKER_BUILDKIT: 1
     steps:
       - checkout
       - setup_remote_docker:
-          version: 19.03.12
+          version: 20.10.6
           reusable: true
           exclusive: false
       - run:

Dockerfile

@@ -1,17 +1,17 @@
-#syntax=docker/dockerfile:1.2
+# syntax=docker/dockerfile:1.3
 
 ARG BASE_VARIANT=alpine
-ARG GO_VERSION=1.13.15
+ARG GO_VERSION=1.16.6
 
 FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${BASE_VARIANT} AS gostable
-FROM --platform=$BUILDPLATFORM golang:1.16-${BASE_VARIANT} AS golatest	
+FROM --platform=$BUILDPLATFORM golang:1.17rc1-${BASE_VARIANT} AS golatest
 
-FROM gostable AS go-linux	
-FROM golatest AS go-darwin
-FROM golatest AS go-windows-amd64
-FROM golatest AS go-windows-386
-FROM golatest AS go-windows-arm
-FROM --platform=$BUILDPLATFORM tonistiigi/golang:497feff1-${BASE_VARIANT} AS go-windows-arm64
+FROM gostable AS go-linux
+FROM gostable AS go-darwin
+FROM gostable AS go-windows-amd64
+FROM gostable AS go-windows-386
+FROM gostable AS go-windows-arm
+FROM golatest AS go-windows-arm64
 FROM go-windows-${TARGETARCH} AS go-windows
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx@sha256:620d36a9d7f1e3b102a5c7e8eff12081ac363828b3a44390f24fa8da2d49383d AS xx

Jenkinsfile

@@ -1,6 +1,6 @@
 pipeline {
     agent {
-        label "linux && x86_64"
+        label "amd64 && ubuntu-1804 && overlay2"
     }
 
     options {
@@ -21,9 +21,9 @@ pipeline {
                     make -f docker.Makefile test-e2e-non-experimental"
             }
         }
-        stage("e2e (non-experimental) - 18.09 engine") {
+        stage("e2e (non-experimental) - 19.03 engine") {
             steps {
-                sh "E2E_ENGINE_VERSION=18.09-dind \
+                sh "E2E_ENGINE_VERSION=19.03-dind \
                   E2E_UNIQUE_ID=clie2e${BUILD_NUMBER} \
                   IMAGE_TAG=clie2e${BUILD_NUMBER} \
                   make -f docker.Makefile test-e2e-non-experimental"

appveyor.yml

@@ -4,7 +4,7 @@ clone_folder: c:\gopath\src\github.com\docker\cli
 
 environment:
   GOPATH: c:\gopath
-  GOVERSION: 1.13.15
+  GOVERSION: 1.16.6
   DEPVERSION: v0.4.1
 
 install:

cli/command/cli.go

@@ -255,7 +255,7 @@ func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions, ops ...Initialize
 		if tlsconfig.IsErrEncryptedKey(err) {
 			passRetriever := passphrase.PromptRetrieverWithInOut(cli.In(), cli.Out(), nil)
 			newClient := func(password string) (client.APIClient, error) {
-				cli.dockerEndpoint.TLSPassword = password
+				cli.dockerEndpoint.TLSPassword = password //nolint: staticcheck // SA1019: cli.dockerEndpoint.TLSPassword is deprecated
 				return newAPIClientFromEndpoint(cli.dockerEndpoint, cli.configFile)
 			}
 			cli.client, err = getClientWithPassword(passRetriever, newClient)

cli/command/cli_test.go

@@ -6,7 +6,6 @@ import (
 	"crypto/x509"
 	"fmt"
 	"io/ioutil"
-	"net/http"
 	"os"
 	"runtime"
 	"testing"
@@ -80,24 +79,6 @@ func TestNewAPIClientFromFlagsWithAPIVersionFromEnv(t *testing.T) {
 	assert.Check(t, is.Equal(customVersion, apiclient.ClientVersion()))
 }
 
-func TestNewAPIClientFromFlagsWithHttpProxyEnv(t *testing.T) {
-	defer env.Patch(t, "HTTP_PROXY", "http://proxy.acme.com:1234")()
-	defer env.Patch(t, "DOCKER_HOST", "tcp://docker.acme.com:2376")()
-
-	opts := &flags.CommonOptions{}
-	configFile := &configfile.ConfigFile{}
-	apiclient, err := NewAPIClientFromFlags(opts, configFile)
-	assert.NilError(t, err)
-	transport, ok := apiclient.HTTPClient().Transport.(*http.Transport)
-	assert.Assert(t, ok)
-	assert.Assert(t, transport.Proxy != nil)
-	request, err := http.NewRequest(http.MethodGet, "tcp://docker.acme.com:2376", nil)
-	assert.NilError(t, err)
-	url, err := transport.Proxy(request)
-	assert.NilError(t, err)
-	assert.Check(t, is.Equal("http://proxy.acme.com:1234", url.String()))
-}
-
 type fakeClient struct {
 	client.Client
 	pingFunc   func() (types.Ping, error)

cli/command/container/create_test.go

@@ -133,7 +133,7 @@ func TestCreateContainerImagePullPolicy(t *testing.T) {
 				return ioutil.NopCloser(strings.NewReader("")), nil
 			},
 			infoFunc: func() (types.Info, error) {
-				return types.Info{IndexServerAddress: "http://indexserver"}, nil
+				return types.Info{IndexServerAddress: "https://indexserver.example.com"}, nil
 			},
 		}
 		cli := test.NewFakeCli(client)

cli/command/context/create.go

@@ -62,8 +62,11 @@ func newCreateCommand(dockerCli command.Cli) *cobra.Command {
 		&opts.DefaultStackOrchestrator,
 		"default-stack-orchestrator", "",
 		"Default orchestrator for stack operations to use with this context (swarm|kubernetes|all)")
+	flags.SetAnnotation("default-stack-orchestrator", "deprecated", nil)
 	flags.StringToStringVar(&opts.Docker, "docker", nil, "set the docker endpoint")
 	flags.StringToStringVar(&opts.Kubernetes, "kubernetes", nil, "set the kubernetes endpoint")
+	flags.SetAnnotation("kubernetes", "kubernetes", nil)
+	flags.SetAnnotation("kubernetes", "deprecated", nil)
 	flags.StringVar(&opts.From, "from", "", "create context from a named context")
 	return cmd
 }

cli/command/context/create_test.go

@@ -169,7 +169,7 @@ func validateTestKubeEndpoint(t *testing.T, s store.Reader, name string) {
 	kubeMeta := ctxMetadata.Endpoints[kubernetes.KubernetesEndpoint].(kubernetes.EndpointMeta)
 	kubeEP, err := kubeMeta.WithTLSData(s, name)
 	assert.NilError(t, err)
-	assert.Equal(t, "https://someserver", kubeEP.Host)
+	assert.Equal(t, "https://someserver.example.com", kubeEP.Host)
 	assert.Equal(t, "the-ca", string(kubeEP.TLSData.CA))
 	assert.Equal(t, "the-cert", string(kubeEP.TLSData.Cert))
 	assert.Equal(t, "the-key", string(kubeEP.TLSData.Key))
@@ -287,7 +287,7 @@ func TestCreateFromContext(t *testing.T) {
 			assert.Equal(t, newContextTyped.Description, c.expectedDescription)
 			assert.Equal(t, newContextTyped.StackOrchestrator, c.expectedOrchestrator)
 			assert.Equal(t, dockerEndpoint.Host, "tcp://42.42.42.42:2375")
-			assert.Equal(t, kubeEndpoint.Host, "https://someserver")
+			assert.Equal(t, kubeEndpoint.Host, "https://someserver.example.com")
 		})
 	}
 }
@@ -361,7 +361,7 @@ func TestCreateFromCurrent(t *testing.T) {
 			assert.Equal(t, newContextTyped.Description, c.expectedDescription)
 			assert.Equal(t, newContextTyped.StackOrchestrator, c.expectedOrchestrator)
 			assert.Equal(t, dockerEndpoint.Host, "tcp://42.42.42.42:2375")
-			assert.Equal(t, kubeEndpoint.Host, "https://someserver")
+			assert.Equal(t, kubeEndpoint.Host, "https://someserver.example.com")
 		})
 	}
 }

cli/command/context/export.go

@@ -46,6 +46,8 @@ func newExportCommand(dockerCli command.Cli) *cobra.Command {
 
 	flags := cmd.Flags()
 	flags.BoolVar(&opts.Kubeconfig, "kubeconfig", false, "Export as a kubeconfig file")
+	flags.SetAnnotation("kubeconfig", "kubernetes", nil)
+	flags.SetAnnotation("kubeconfig", "deprecated", nil)
 	return cmd
 }
 

cli/command/context/list_test.go

@@ -18,7 +18,7 @@ func createTestContextWithKubeAndSwarm(t *testing.T, cli command.Cli, name strin
 		DefaultStackOrchestrator: orchestrator,
 		Description:              "description of " + name,
 		Kubernetes:               map[string]string{keyFrom: "default"},
-		Docker:                   map[string]string{keyHost: "https://someswarmserver"},
+		Docker:                   map[string]string{keyHost: "https://someswarmserver.example.com"},
 	})
 	assert.NilError(t, err)
 }

cli/command/context/testdata/inspect.golden

@@ -7,11 +7,11 @@
         },
         "Endpoints": {
             "docker": {
-                "Host": "https://someswarmserver",
+                "Host": "https://someswarmserver.example.com",
                 "SkipTLSVerify": false
             },
             "kubernetes": {
-                "Host": "https://someserver",
+                "Host": "https://someserver.example.com",
                 "SkipTLSVerify": false,
                 "DefaultNamespace": "default"
             }

cli/command/context/testdata/list.golden

@@ -1,5 +1,5 @@
-NAME        DESCRIPTION                               DOCKER ENDPOINT               KUBERNETES ENDPOINT            ORCHESTRATOR
-current *   description of current                    https://someswarmserver       https://someserver (default)   all
-default     Current DOCKER_HOST based configuration   unix:///var/run/docker.sock                                  swarm
-other       description of other                      https://someswarmserver       https://someserver (default)   all
-unset       description of unset                      https://someswarmserver       https://someserver (default)   
+NAME        DESCRIPTION                               DOCKER ENDPOINT                       KUBERNETES ENDPOINT                        ORCHESTRATOR
+current *   description of current                    https://someswarmserver.example.com   https://someserver.example.com (default)   all
+default     Current DOCKER_HOST based configuration   unix:///var/run/docker.sock                                                      swarm
+other       description of other                      https://someswarmserver.example.com   https://someserver.example.com (default)   all
+unset       description of unset                      https://someswarmserver.example.com   https://someserver.example.com (default)   

cli/command/context/testdata/test-kubeconfig

@@ -2,7 +2,7 @@ apiVersion: v1
 clusters:
 - cluster:
     certificate-authority-data: dGhlLWNh
-    server: https://someserver
+    server: https://someserver.example.com
   name: test-cluster
 contexts:
 - context:

cli/command/context/update.go

@@ -61,8 +61,11 @@ func newUpdateCommand(dockerCli command.Cli) *cobra.Command {
 		&opts.DefaultStackOrchestrator,
 		"default-stack-orchestrator", "",
 		"Default orchestrator for stack operations to use with this context (swarm|kubernetes|all)")
+	flags.SetAnnotation("default-stack-orchestrator", "deprecated", nil)
 	flags.StringToStringVar(&opts.Docker, "docker", nil, "set the docker endpoint")
 	flags.StringToStringVar(&opts.Kubernetes, "kubernetes", nil, "set the kubernetes endpoint")
+	flags.SetAnnotation("kubernetes", "kubernetes", nil)
+	flags.SetAnnotation("kubernetes", "deprecated", nil)
 	return cmd
 }
 

cli/command/image/trust_test.go

@@ -15,17 +15,17 @@ import (
 )
 
 func TestENVTrustServer(t *testing.T) {
-	defer env.PatchAll(t, map[string]string{"DOCKER_CONTENT_TRUST_SERVER": "https://notary-test.com:5000"})()
+	defer env.PatchAll(t, map[string]string{"DOCKER_CONTENT_TRUST_SERVER": "https://notary-test.example.com:5000"})()
 	indexInfo := &registrytypes.IndexInfo{Name: "testserver"}
 	output, err := trust.Server(indexInfo)
-	expectedStr := "https://notary-test.com:5000"
+	expectedStr := "https://notary-test.example.com:5000"
 	if err != nil || output != expectedStr {
 		t.Fatalf("Expected server to be %s, got %s", expectedStr, output)
 	}
 }
 
 func TestHTTPENVTrustServer(t *testing.T) {
-	defer env.PatchAll(t, map[string]string{"DOCKER_CONTENT_TRUST_SERVER": "http://notary-test.com:5000"})()
+	defer env.PatchAll(t, map[string]string{"DOCKER_CONTENT_TRUST_SERVER": "http://notary-test.example.com:5000"})()
 	indexInfo := &registrytypes.IndexInfo{Name: "testserver"}
 	_, err := trust.Server(indexInfo)
 	if err == nil {

cli/command/registry_test.go

@@ -66,10 +66,10 @@ func TestElectAuthServer(t *testing.T) {
 			},
 		},
 		{
-			expectedAuthServer: "https://foo.bar",
+			expectedAuthServer: "https://foo.example.com",
 			expectedWarning:    "",
 			infoFunc: func() (types.Info, error) {
-				return types.Info{IndexServerAddress: "https://foo.bar"}, nil
+				return types.Info{IndexServerAddress: "https://foo.example.com"}, nil
 			},
 		},
 		{

cli/command/stack/cmd.go

@@ -69,7 +69,9 @@ func NewStackCommand(dockerCli command.Cli) *cobra.Command {
 	flags := cmd.PersistentFlags()
 	flags.String("kubeconfig", "", "Kubernetes config file")
 	flags.SetAnnotation("kubeconfig", "kubernetes", nil)
+	flags.SetAnnotation("kubeconfig", "deprecated", nil)
 	flags.String("orchestrator", "", "Orchestrator to use (swarm|kubernetes|all)")
+	flags.SetAnnotation("orchestrator", "deprecated", nil)
 	return cmd
 }
 

cli/command/stack/kubernetes/cli.go

@@ -50,6 +50,7 @@ func NewOptions(flags *flag.FlagSet, orchestrator command.Orchestrator) Options
 func AddNamespaceFlag(flags *flag.FlagSet) {
 	flags.String("namespace", "", "Kubernetes namespace to use")
 	flags.SetAnnotation("namespace", "kubernetes", nil)
+	flags.SetAnnotation("namespace", "deprecated", nil)
 }
 
 // WrapCli wraps command.Cli with kubernetes specifics

cli/command/stack/list.go

@@ -30,8 +30,10 @@ func newListCommand(dockerCli command.Cli, common *commonOptions) *cobra.Command
 	flags.StringVar(&opts.Format, "format", "", "Pretty-print stacks using a Go template")
 	flags.StringSliceVar(&opts.Namespaces, "namespace", []string{}, "Kubernetes namespaces to use")
 	flags.SetAnnotation("namespace", "kubernetes", nil)
+	flags.SetAnnotation("namespace", "deprecated", nil)
 	flags.BoolVarP(&opts.AllNamespaces, "all-namespaces", "", false, "List stacks from all Kubernetes namespaces")
 	flags.SetAnnotation("all-namespaces", "kubernetes", nil)
+	flags.SetAnnotation("all-namespaces", "deprecated", nil)
 	return cmd
 }
 

cli/command/swarm/ca_test.go

@@ -104,20 +104,20 @@ func TestDisplayTrustRootInvalidFlags(t *testing.T) {
 			errorMsg: "flag requires the `--rotate` flag to update the CA",
 		},
 		{
-			args:     []string{"--external-ca=protocol=cfssl,url=https://some.com/https/url"},
+			args:     []string{"--external-ca=protocol=cfssl,url=https://some.example.com/https/url"},
 			errorMsg: "flag requires the `--rotate` flag to update the CA",
 		},
 		{ // to make sure we're not erroring because we didn't provide a CA cert and external CA
 			args: []string{
 				"--ca-cert=" + tmpfile,
-				"--external-ca=protocol=cfssl,url=https://some.com/https/url",
+				"--external-ca=protocol=cfssl,url=https://some.example.com/https/url",
 			},
 			errorMsg: "flag requires the `--rotate` flag to update the CA",
 		},
 		{
 			args: []string{
 				"--rotate",
-				"--external-ca=protocol=cfssl,url=https://some.com/https/url",
+				"--external-ca=protocol=cfssl,url=https://some.example.com/https/url",
 			},
 			errorMsg: "rotating to an external CA requires the `--ca-cert` flag to specify the external CA's cert - " +
 				"to add an external CA with the current root CA certificate, use the `update` command instead",
@@ -243,7 +243,7 @@ func TestUpdateSwarmSpecCertAndExternalCA(t *testing.T) {
 		"--rotate",
 		"--detach",
 		"--ca-cert=" + certfile,
-		"--external-ca=protocol=cfssl,url=https://some.external.ca"})
+		"--external-ca=protocol=cfssl,url=https://some.external.ca.example.com"})
 	cmd.SetOut(cli.OutBuffer())
 	assert.NilError(t, cmd.Execute())
 
@@ -253,7 +253,7 @@ func TestUpdateSwarmSpecCertAndExternalCA(t *testing.T) {
 	expected.CAConfig.ExternalCAs = []*swarm.ExternalCA{
 		{
 			Protocol: swarm.ExternalCAProtocolCFSSL,
-			URL:      "https://some.external.ca",
+			URL:      "https://some.external.ca.example.com",
 			CACert:   cert,
 			Options:  make(map[string]string),
 		},
@@ -281,7 +281,7 @@ func TestUpdateSwarmSpecCertAndKeyAndExternalCA(t *testing.T) {
 		"--detach",
 		"--ca-cert=" + certfile,
 		"--ca-key=" + keyfile,
-		"--external-ca=protocol=cfssl,url=https://some.external.ca"})
+		"--external-ca=protocol=cfssl,url=https://some.external.ca.example.com"})
 	cmd.SetOut(cli.OutBuffer())
 	assert.NilError(t, cmd.Execute())
 
@@ -291,7 +291,7 @@ func TestUpdateSwarmSpecCertAndKeyAndExternalCA(t *testing.T) {
 	expected.CAConfig.ExternalCAs = []*swarm.ExternalCA{
 		{
 			Protocol: swarm.ExternalCAProtocolCFSSL,
-			URL:      "https://some.external.ca",
+			URL:      "https://some.external.ca.example.com",
 			CACert:   cert,
 			Options:  make(map[string]string),
 		},

cli/command/system/version.go

@@ -114,6 +114,7 @@ func NewVersionCommand(dockerCli command.Cli) *cobra.Command {
 	flags.StringVarP(&opts.format, "format", "f", "", "Format the output using the given Go template")
 	flags.StringVar(&opts.kubeConfig, "kubeconfig", "", "Kubernetes config file")
 	flags.SetAnnotation("kubeconfig", "kubernetes", nil)
+	flags.SetAnnotation("kubeconfig", "deprecated", nil)
 
 	return cmd
 }

cli/config/configfile/file_test.go

@@ -27,16 +27,19 @@ func TestEncodeAuth(t *testing.T) {
 }
 
 func TestProxyConfig(t *testing.T) {
-	httpProxy := "http://proxy.mycorp.com:3128"
-	httpsProxy := "https://user:password@proxy.mycorp.com:3129"
-	ftpProxy := "http://ftpproxy.mycorp.com:21"
-	noProxy := "*.intra.mycorp.com"
-	defaultProxyConfig := ProxyConfig{
-		HTTPProxy:  httpProxy,
-		HTTPSProxy: httpsProxy,
-		FTPProxy:   ftpProxy,
-		NoProxy:    noProxy,
-	}
+	var (
+		httpProxy  = "http://proxy.mycorp.example.com:3128"
+		httpsProxy = "https://user:password@proxy.mycorp.example.com:3129"
+		ftpProxy   = "http://ftpproxy.mycorp.example.com:21"
+		noProxy    = "*.intra.mycorp.example.com"
+
+		defaultProxyConfig = ProxyConfig{
+			HTTPProxy:  httpProxy,
+			HTTPSProxy: httpsProxy,
+			FTPProxy:   ftpProxy,
+			NoProxy:    noProxy,
+		}
+	)
 
 	cfg := ConfigFile{
 		Proxies: map[string]ProxyConfig{
@@ -59,18 +62,21 @@ func TestProxyConfig(t *testing.T) {
 }
 
 func TestProxyConfigOverride(t *testing.T) {
-	httpProxy := "http://proxy.mycorp.com:3128"
-	overrideHTTPProxy := "http://proxy.example.com:3128"
-	overrideNoProxy := ""
-	httpsProxy := "https://user:password@proxy.mycorp.com:3129"
-	ftpProxy := "http://ftpproxy.mycorp.com:21"
-	noProxy := "*.intra.mycorp.com"
-	defaultProxyConfig := ProxyConfig{
-		HTTPProxy:  httpProxy,
-		HTTPSProxy: httpsProxy,
-		FTPProxy:   ftpProxy,
-		NoProxy:    noProxy,
-	}
+	var (
+		httpProxy         = "http://proxy.mycorp.example.com:3128"
+		httpProxyOverride = "http://proxy.example.com:3128"
+		httpsProxy        = "https://user:password@proxy.mycorp.example.com:3129"
+		ftpProxy          = "http://ftpproxy.mycorp.example.com:21"
+		noProxy           = "*.intra.mycorp.example.com"
+		noProxyOverride   = ""
+
+		defaultProxyConfig = ProxyConfig{
+			HTTPProxy:  httpProxy,
+			HTTPSProxy: httpsProxy,
+			FTPProxy:   ftpProxy,
+			NoProxy:    noProxy,
+		}
+	)
 
 	cfg := ConfigFile{
 		Proxies: map[string]ProxyConfig{
@@ -84,46 +90,49 @@ func TestProxyConfigOverride(t *testing.T) {
 	}
 
 	ropts := map[string]*string{
-		"HTTP_PROXY": clone(overrideHTTPProxy),
-		"NO_PROXY":   clone(overrideNoProxy),
+		"HTTP_PROXY": clone(httpProxyOverride),
+		"NO_PROXY":   clone(noProxyOverride),
 	}
 	proxyConfig := cfg.ParseProxyConfig("/var/run/docker.sock", ropts)
 	expected := map[string]*string{
-		"HTTP_PROXY":  &overrideHTTPProxy,
+		"HTTP_PROXY":  &httpProxyOverride,
 		"http_proxy":  &httpProxy,
 		"HTTPS_PROXY": &httpsProxy,
 		"https_proxy": &httpsProxy,
 		"FTP_PROXY":   &ftpProxy,
 		"ftp_proxy":   &ftpProxy,
-		"NO_PROXY":    &overrideNoProxy,
+		"NO_PROXY":    &noProxyOverride,
 		"no_proxy":    &noProxy,
 	}
 	assert.Check(t, is.DeepEqual(expected, proxyConfig))
 }
 
 func TestProxyConfigPerHost(t *testing.T) {
-	httpProxy := "http://proxy.mycorp.com:3128"
-	httpsProxy := "https://user:password@proxy.mycorp.com:3129"
-	ftpProxy := "http://ftpproxy.mycorp.com:21"
-	noProxy := "*.intra.mycorp.com"
+	var (
+		httpProxy  = "http://proxy.mycorp.example.com:3128"
+		httpsProxy = "https://user:password@proxy.mycorp.example.com:3129"
+		ftpProxy   = "http://ftpproxy.mycorp.example.com:21"
+		noProxy    = "*.intra.mycorp.example.com"
 
-	extHTTPProxy := "http://proxy.example.com:3128"
-	extHTTPSProxy := "https://user:password@proxy.example.com:3129"
-	extFTPProxy := "http://ftpproxy.example.com:21"
-	extNoProxy := "*.intra.example.com"
+		extHTTPProxy  = "http://proxy.example.com:3128"
+		extHTTPSProxy = "https://user:password@proxy.example.com:3129"
+		extFTPProxy   = "http://ftpproxy.example.com:21"
+		extNoProxy    = "*.intra.example.com"
 
-	defaultProxyConfig := ProxyConfig{
-		HTTPProxy:  httpProxy,
-		HTTPSProxy: httpsProxy,
-		FTPProxy:   ftpProxy,
-		NoProxy:    noProxy,
-	}
-	externalProxyConfig := ProxyConfig{
-		HTTPProxy:  extHTTPProxy,
-		HTTPSProxy: extHTTPSProxy,
-		FTPProxy:   extFTPProxy,
-		NoProxy:    extNoProxy,
-	}
+		defaultProxyConfig = ProxyConfig{
+			HTTPProxy:  httpProxy,
+			HTTPSProxy: httpsProxy,
+			FTPProxy:   ftpProxy,
+			NoProxy:    noProxy,
+		}
+
+		externalProxyConfig = ProxyConfig{
+			HTTPProxy:  extHTTPProxy,
+			HTTPSProxy: extHTTPSProxy,
+			FTPProxy:   extFTPProxy,
+			NoProxy:    extNoProxy,
+		}
+	)
 
 	cfg := ConfigFile{
 		Proxies: map[string]ProxyConfig{
@@ -226,9 +235,11 @@ func TestGetAllCredentialsCredsStore(t *testing.T) {
 }
 
 func TestGetAllCredentialsCredHelper(t *testing.T) {
-	testCredHelperSuffix := "test_cred_helper"
-	testCredHelperRegistryHostname := "credhelper.com"
-	testExtraCredHelperRegistryHostname := "somethingweird.com"
+	const (
+		testCredHelperSuffix                = "test_cred_helper"
+		testCredHelperRegistryHostname      = "credhelper.com"
+		testExtraCredHelperRegistryHostname = "somethingweird.com"
+	)
 
 	unexpectedCredHelperAuth := types.AuthConfig{
 		Username: "file_store_user",
@@ -265,9 +276,11 @@ func TestGetAllCredentialsCredHelper(t *testing.T) {
 }
 
 func TestGetAllCredentialsFileStoreAndCredHelper(t *testing.T) {
-	testFileStoreRegistryHostname := "example.com"
-	testCredHelperSuffix := "test_cred_helper"
-	testCredHelperRegistryHostname := "credhelper.com"
+	const (
+		testFileStoreRegistryHostname  = "example.com"
+		testCredHelperSuffix           = "test_cred_helper"
+		testCredHelperRegistryHostname = "credhelper.com"
+	)
 
 	expectedFileStoreAuth := types.AuthConfig{
 		Username: "file_store_user",
@@ -301,10 +314,12 @@ func TestGetAllCredentialsFileStoreAndCredHelper(t *testing.T) {
 }
 
 func TestGetAllCredentialsCredStoreAndCredHelper(t *testing.T) {
-	testCredStoreSuffix := "test_creds_store"
-	testCredStoreRegistryHostname := "credstore.com"
-	testCredHelperSuffix := "test_cred_helper"
-	testCredHelperRegistryHostname := "credhelper.com"
+	const (
+		testCredStoreSuffix            = "test_creds_store"
+		testCredStoreRegistryHostname  = "credstore.com"
+		testCredHelperSuffix           = "test_cred_helper"
+		testCredHelperRegistryHostname = "credhelper.com"
+	)
 
 	configFile := New("filename")
 	configFile.CredentialsStore = testCredStoreSuffix
@@ -343,9 +358,11 @@ func TestGetAllCredentialsCredStoreAndCredHelper(t *testing.T) {
 }
 
 func TestGetAllCredentialsCredHelperOverridesDefaultStore(t *testing.T) {
-	testCredStoreSuffix := "test_creds_store"
-	testCredHelperSuffix := "test_cred_helper"
-	testRegistryHostname := "example.com"
+	const (
+		testCredStoreSuffix  = "test_creds_store"
+		testCredHelperSuffix = "test_cred_helper"
+		testRegistryHostname = "example.com"
+	)
 
 	configFile := New("filename")
 	configFile.CredentialsStore = testCredStoreSuffix
@@ -424,38 +441,36 @@ func TestCheckKubernetesConfigurationRaiseAnErrorOnInvalidValue(t *testing.T) {
 		expectError bool
 	}{
 		{
-			"no kubernetes config is valid",
-			nil,
-			false,
+			name: "no kubernetes config is valid",
 		},
 		{
-			"enabled is valid",
-			&KubernetesConfig{AllNamespaces: "enabled"},
-			false,
+			name:   "enabled is valid",
+			config: &KubernetesConfig{AllNamespaces: "enabled"},
 		},
 		{
-			"disabled is valid",
-			&KubernetesConfig{AllNamespaces: "disabled"},
-			false,
+			name:   "disabled is valid",
+			config: &KubernetesConfig{AllNamespaces: "disabled"},
 		},
 		{
-			"empty string is valid",
-			&KubernetesConfig{AllNamespaces: ""},
-			false,
+			name:   "empty string is valid",
+			config: &KubernetesConfig{AllNamespaces: ""},
 		},
 		{
-			"other value is invalid",
-			&KubernetesConfig{AllNamespaces: "unknown"},
-			true,
+			name:        "other value is invalid",
+			config:      &KubernetesConfig{AllNamespaces: "unknown"},
+			expectError: true,
 		},
 	}
-	for _, test := range testCases {
-		err := checkKubernetesConfiguration(test.config)
-		if test.expectError {
-			assert.Assert(t, err != nil, test.name)
-		} else {
-			assert.NilError(t, err, test.name)
-		}
+	for _, tc := range testCases {
+		test := tc
+		t.Run(test.name, func(t *testing.T) {
+			err := checkKubernetesConfiguration(test.config)
+			if test.expectError {
+				assert.Assert(t, err != nil, test.name)
+			} else {
+				assert.NilError(t, err, test.name)
+			}
+		})
 	}
 }
 

cli/config/credentials/file_store_test.go

@@ -70,7 +70,7 @@ func TestFileStoreGet(t *testing.T) {
 
 func TestFileStoreGetAll(t *testing.T) {
 	s1 := "https://example.com"
-	s2 := "https://example2.com"
+	s2 := "https://example2.example.com"
 	f := newStore(map[string]types.AuthConfig{
 		s1: {
 			Auth:          "super_secret_token",
@@ -80,7 +80,7 @@ func TestFileStoreGetAll(t *testing.T) {
 		s2: {
 			Auth:          "super_secret_token2",
 			Email:         "foo@example2.com",
-			ServerAddress: "https://example2.com",
+			ServerAddress: "https://example2.example.com",
 		},
 	})
 

cli/connhelper/connhelper.go

@@ -49,7 +49,7 @@ func getConnectionHelper(daemonURL string, sshFlags []string) (*ConnectionHelper
 			Dialer: func(ctx context.Context, network, addr string) (net.Conn, error) {
 				return commandconn.New(ctx, "ssh", append(sshFlags, sp.Args("docker", "system", "dial-stdio")...)...)
 			},
-			Host: "http://docker",
+			Host: "http://docker.example.com",
 		}, nil
 	}
 	// Future version may support plugins via ~/.docker/config.json. e.g. "dind"
@@ -63,6 +63,6 @@ func GetCommandConnectionHelper(cmd string, flags ...string) (*ConnectionHelper,
 		Dialer: func(ctx context.Context, network, addr string) (net.Conn, error) {
 			return commandconn.New(ctx, cmd, flags...)
 		},
-		Host: "http://docker",
+		Host: "http://docker.example.com",
 	}, nil
 }

cli/context/docker/load.go

@@ -26,7 +26,12 @@ type EndpointMeta = context.EndpointMetaBase
 // a Docker Engine endpoint, with its tls data
 type Endpoint struct {
 	EndpointMeta
-	TLSData     *context.TLSData
+	TLSData *context.TLSData
+
+	// Deprecated: Use of encrypted TLS private keys has been deprecated, and
+	// will be removed in a future release. Golang has deprecated support for
+	// legacy PEM encryption (as specified in RFC 1423), as it is insecure by
+	// design (see https://go-review.googlesource.com/c/go/+/264159).
 	TLSPassword string
 }
 
@@ -66,8 +71,9 @@ func (c *Endpoint) tlsConfig() (*tls.Config, error) {
 		}
 
 		var err error
-		if x509.IsEncryptedPEMBlock(pemBlock) {
-			keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(c.TLSPassword))
+		// TODO should we follow Golang, and deprecate RFC 1423 encryption, and produce a warning (or just error)? see https://github.com/docker/cli/issues/3212
+		if x509.IsEncryptedPEMBlock(pemBlock) { //nolint: staticcheck // SA1019: x509.IsEncryptedPEMBlock is deprecated, and insecure by design
+			keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(c.TLSPassword)) //nolint: staticcheck // SA1019: x509.IsEncryptedPEMBlock is deprecated, and insecure by design
 			if err != nil {
 				return nil, errors.Wrap(err, "private key is encrypted, but could not decrypt it")
 			}

dockerfiles/Dockerfile.binary-native

@@ -1,4 +1,4 @@
-ARG GO_VERSION=1.13.15
+ARG GO_VERSION=1.16.6
 
 FROM    golang:${GO_VERSION}-alpine
 

dockerfiles/Dockerfile.dev

@@ -1,5 +1,6 @@
-# syntax=docker/dockerfile:1.1.7-experimental
-ARG GO_VERSION=1.13.15
+# syntax=docker/dockerfile:1.3
+
+ARG GO_VERSION=1.16.6
 
 FROM golang:${GO_VERSION}-alpine AS golang
 ENV  CGO_ENABLED=0
@@ -9,21 +10,21 @@ ARG ESC_VERSION=v0.2.0
 RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg/mod \
     --mount=type=tmpfs,target=/go/src/ \
-    GO111MODULE=on go get github.com/mjibson/esc@${ESC_VERSION}
+    GO111MODULE=on go install github.com/mjibson/esc@${ESC_VERSION}
 
 FROM golang AS gotestsum
 ARG GOTESTSUM_VERSION=v0.4.0
 RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg/mod \
     --mount=type=tmpfs,target=/go/src/ \
-    GO111MODULE=on go get gotest.tools/gotestsum@${GOTESTSUM_VERSION}
+    GO111MODULE=on go install gotest.tools/gotestsum@${GOTESTSUM_VERSION}
 
 FROM golang AS vndr
 ARG VNDR_VERSION=v0.1.2
 RUN --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=cache,target=/go/pkg/mod \
     --mount=type=tmpfs,target=/go/src/ \
-    GO111MODULE=on go get github.com/LK4D4/vndr@${VNDR_VERSION}
+    GO111MODULE=on go install github.com/LK4D4/vndr@${VNDR_VERSION}
 
 FROM golang AS dev
 RUN  apk add --no-cache \
@@ -43,4 +44,5 @@ COPY --from=vndr      /go/bin/* /go/bin/
 COPY --from=gotestsum /go/bin/* /go/bin/
 
 WORKDIR /go/src/github.com/docker/cli
+ENV GO111MODULE=auto
 COPY . .

dockerfiles/Dockerfile.e2e

@@ -1,4 +1,4 @@
-ARG GO_VERSION=1.13.15
+ARG GO_VERSION=1.16.6
 
 # Use Debian based image as docker-compose requires glibc.
 FROM golang:${GO_VERSION}-buster

dockerfiles/Dockerfile.lint

@@ -1,6 +1,6 @@
-# syntax=docker/dockerfile:1.1.3-experimental
+# syntax=docker/dockerfile:1.3
 
-ARG GO_VERSION=1.13.15
+ARG GO_VERSION=1.16.6
 ARG GOLANGCI_LINTER_SHA="v1.21.0"
 
 FROM    golang:${GO_VERSION}-alpine AS build
@@ -13,6 +13,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
         go get github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINTER_SHA}
 
 FROM    golang:${GO_VERSION}-alpine AS lint
+ENV     GO111MODULE=off
 ENV     CGO_ENABLED=0
 ENV     DISABLE_WARN_OUTSIDE_CONTAINER=1
 COPY --from=build /go/bin/golangci-lint /usr/local/bin

docs/deprecated.md

@@ -50,6 +50,8 @@ The table below provides an overview of the current status of deprecated feature
 
 Status     | Feature                                                                                                                            | Deprecated | Remove
 -----------|------------------------------------------------------------------------------------------------------------------------------------|------------|------------
+Deprecated | [Support for encrypted TLS private keys](#support-for-encrypted-tls-private-keys)                                                  | v20.10     | -
+Deprecated | [Kubernetes stack and context support](#kubernetes-stack-and-context-support)                                                      | v20.10     | -
 Deprecated | [Pulling images from non-compliant image registries](#pulling-images-from-non-compliant-image-registries)                          | v20.10     | -
 Deprecated | [Linux containers on Windows (LCOW)](#linux-containers-on-windows-lcow-experimental)                                               | v20.10     | -
 Deprecated | [BLKIO weight options with cgroups v1](#blkio-weight-options–with-cgroups-v1)                                                      | v20.10     | -
@@ -97,6 +99,22 @@ Removed    | [`--api-enable-cors` flag on `dockerd`](#--api-enable-cors-flag-on-
 Removed    | [`--run` flag on `docker commit`](#--run-flag-on-docker-commit)                                                                    | v0.10      | v1.13
 Removed    | [Three arguments form in `docker import`](#three-arguments-form-in-docker-import)                                                  | v0.6.7     | v1.12
 
+### Support for encrypted TLS private keys
+
+**Deprecated in Release: v20.10**
+
+Use of encrypted TLS private keys has been deprecated, and will be removed in a
+future release. Golang has deprecated support for legacy PEM encryption (as
+specified in [RFC 1423](https://datatracker.ietf.org/doc/html/rfc1423)), as it
+is insecure by design (see [https://go-review.googlesource.com/c/go/+/264159](https://go-review.googlesource.com/c/go/+/264159)).
+
+### Kubernetes stack and context support
+
+**Deprecated in Release: v20.10**
+
+Following the deprecation of [Compose on Kubernetes](https://github.com/docker/compose-on-kubernetes), support for
+Kubernetes in the `stack` and `context` commands in the docker CLI is now marked as deprecated as well.
+
 ### Pulling images from non-compliant image registries
 
 **Deprecated in Release: v20.10**

docs/reference/commandline/network_create.md

@@ -175,7 +175,7 @@ equivalent docker daemon flags used for docker0 bridge:
 | `com.docker.network.bridge.enable_icc`           | `--icc`     | Enable or Disable Inter Container Connectivity        |
 | `com.docker.network.bridge.host_binding_ipv4`    | `--ip`      | Default IP when binding container ports               |
 | `com.docker.network.driver.mtu`                  | `--mtu`     | Set the containers network MTU                        |
-| `com.docker.network.container_interface_prefix`  | -           | Set a custom prefix for container interfaces          |
+| `com.docker.network.container_iface_prefix`      | -           | Set a custom prefix for container interfaces          |
 
 The following arguments can be passed to `docker network create` for any
 network driver, again with their approximate equivalents to `docker daemon`.

docs/reference/commandline/run.md

@@ -470,7 +470,7 @@ $ docker run -itd --network=my-net --ip=10.10.9.75 busybox
 If you want to add a running container to a network use the `docker network connect` subcommand.
 
 You can connect multiple containers to the same network. Once connected, the
-containers can communicate easily need only another container's IP address
+containers can communicate easily using only another container's IP address
 or name. For `overlay` networks or custom plugins that support multi-host
 connectivity, containers connected to the same multi-host network but launched
 from different Engines can also communicate in this way.

docs/yaml/yaml.go

@@ -199,6 +199,9 @@ func genFlagResult(flags *pflag.FlagSet) []cmdOption {
 		if _, ok := flag.Annotations["experimental"]; ok {
 			opt.Experimental = true
 		}
+		if _, ok := flag.Annotations["deprecated"]; ok {
+			opt.Deprecated = true
+		}
 		if v, ok := flag.Annotations["version"]; ok {
 			opt.MinAPIVersion = v[0]
 		}

e2e/global/cli_test.go

@@ -1,9 +1,13 @@
 package global
 
 import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
 	"testing"
 
 	"github.com/docker/cli/internal/test/environment"
+	"gotest.tools/v3/assert"
 	"gotest.tools/v3/icmd"
 	"gotest.tools/v3/skip"
 )
@@ -22,3 +26,42 @@ func TestTLSVerify(t *testing.T) {
 	result = icmd.RunCmd(icmd.Command("docker", "--tlsverify=true", "ps"))
 	result.Assert(t, icmd.Expected{ExitCode: 1, Err: "ca.pem"})
 }
+
+// TestTCPSchemeUsesHTTPProxyEnv verifies that the cli uses HTTP_PROXY if
+// DOCKER_HOST is set to use the 'tcp://' scheme.
+//
+// Prior to go1.16, https:// schemes would use HTTPS_PROXY, and any other
+// scheme would use HTTP_PROXY. However, golang/net@7b1cca2 (per a request in
+// golang/go#40909) changed this behavior to only use HTTP_PROXY for http://
+// schemes, no longer using a proxy for any other scheme.
+//
+// Docker uses the tcp:// scheme as a default for API connections, to indicate
+// that the API is not "purely" HTTP. Various parts in the code also *require*
+// this scheme to be used. While we could change the default and allow http(s)
+// schemes to be used, doing so will take time, taking into account that there
+// are many installs in existence that have tcp:// configured as DOCKER_HOST.
+//
+// Note that due to Golang's use of sync.Once for proxy-detection, this test
+// cannot be done as a unit-test, hence it being an e2e test.
+func TestTCPSchemeUsesHTTPProxyEnv(t *testing.T) {
+	const responseJSON = `{"Version": "99.99.9", "ApiVersion": "1.41", "MinAPIVersion": "1.12"}`
+	var received string
+	proxyServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		received = r.Host
+		w.Header().Set("Content-Type", "application/json")
+		_, _ = w.Write([]byte(responseJSON))
+	}))
+	defer proxyServer.Close()
+
+	// Configure the CLI to use our proxyServer. DOCKER_HOST can point to any
+	// address (as it won't be connected to), but must use tcp:// for this test,
+	// to verify it's using HTTP_PROXY.
+	result := icmd.RunCmd(
+		icmd.Command("docker", "version", "--format", "{{ .Server.Version }}"),
+		icmd.WithEnv("HTTP_PROXY="+proxyServer.URL, "DOCKER_HOST=tcp://docker.acme.example.com:2376"),
+	)
+	// Verify the command ran successfully, and that it connected to the proxyServer
+	result.Assert(t, icmd.Success)
+	assert.Equal(t, strings.TrimSpace(result.Stdout()), "99.99.9")
+	assert.Equal(t, received, "docker.acme.example.com:2376")
+}

scripts/build/plugins

@@ -17,5 +17,5 @@ for p in cli-plugins/examples/* "$@" ; do
 
     echo "Building statically linked $TARGET"
     export CGO_ENABLED=0
-    go build -o "${TARGET}" --ldflags "${LDFLAGS}" "github.com/docker/cli/${p}"
+    GO111MODULE=auto go build -o "${TARGET}" --ldflags "${LDFLAGS}" "github.com/docker/cli/${p}"
 done

scripts/test/e2e/run

@@ -71,6 +71,7 @@ runtests() {
         PATH="$PWD/build/:/usr/bin:/usr/local/bin:/usr/local/go/bin" \
         HOME="$HOME" \
         DOCKER_CLI_E2E_PLUGINS_EXTRA_DIRS="$PWD/build/plugins-linux-amd64" \
+        GO111MODULE=auto \
         "$(command -v gotestsum)" -- ${TESTDIRS:-./e2e/...} ${TESTFLAGS-}
 }
 

vendor.conf

@@ -1,5 +1,5 @@
 cloud.google.com/go                                 ceeb313ad77b789a7fa5287b36a1d127b69b7093 # v0.44.3
-github.com/Azure/go-ansiterm                        d6e3b3328b783f23731bc4d058875b0371ff8109
+github.com/Azure/go-ansiterm                        d185dfc1b5a126116ea5a19e148e29d16b4574c9
 github.com/beorn7/perks                             37c8de3658fcb183f997c4e13e8337516ab753e6 # v1.0.1
 github.com/cespare/xxhash/v2                        d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1
 github.com/containerd/console                       5d7e1412f07b502a01029ea20e20e0d2be31fa7c # v1.0.1
@@ -8,19 +8,19 @@ github.com/containerd/continuity                    efbc4488d8fe1bdc16bde3b2d299
 github.com/containerd/cgroups                       0b889c03f102012f1d93a97ddd3ef71cd6f4f510
 github.com/containerd/typeurl                       cd3ce7159eae562a4f60ceff37dada11a939d247 # v1.0.1
 github.com/coreos/etcd                              d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12
-github.com/cpuguy83/go-md2man/v2                    f79a8a8ca69da163eee19ab442bedad7a35bba5a # v2.0.0
+github.com/cpuguy83/go-md2man/v2                    b1ec32e02fe539480dc03e3bf381c20066e7c6cc # v2.0.1
 github.com/creack/pty                               2a38352e8b4d7ab6c336eef107e42a55e72e7fbc # v1.1.11
 github.com/davecgh/go-spew                          8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1
 github.com/docker/compose-on-kubernetes             78e6a00beda64ac8ccb9fec787e601fe2ce0d5bb # v0.5.0-alpha1
 github.com/docker/distribution                      0d3efadf0154c2b8a4e7b6621fff9809655cc580
-github.com/docker/docker                            46229ca1d815cfd4b50eb377ac75ad8300e13a85
-github.com/docker/docker-credential-helpers         38bea2ce277ad0c9d2a6230692b0606ca5286526
+github.com/docker/docker                            b0f5bc36fea9dfb9672e1e9b1278ebab797b9ee0 # v20.10.7
+github.com/docker/docker-credential-helpers         fc9290adbcf1594e78910e2f0334090eaee0e1ee # v0.6.4
 github.com/docker/go                                d30aec9fd63c35133f8f79c3412ad91a3b08be06 # Contains a customized version of canonical/json and is used by Notary. The package is periodically rebased on current Go versions.
 github.com/docker/go-connections                    7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
 github.com/docker/go-events                         e31b211e4f1cd09aa76fe4ac244571fab96ae47f
 github.com/docker/go-metrics                        b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
 github.com/docker/go-units                          519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
-github.com/docker/swarmkit                          d6592ddefd8a5319aadff74c558b816b1a0b2590
+github.com/docker/swarmkit                          17d8d4e4d8bdec33d386e6362d3537fa9493ba00
 github.com/evanphx/json-patch                       72bf35d0ff611848c1dc9df0f976c81192392fa5 # v4.1.0
 github.com/fvbommel/sortorder                       26fad50c6b32a3064c09ed089865c16f2f3615f6 # v1.0.2
 github.com/gofrs/flock                              6caa7350c26b838538005fae7dbee4e69d9398db # v0.7.3
@@ -49,7 +49,7 @@ github.com/miekg/pkcs11                             210dc1e16747c5ba98a03bcbcf72
 github.com/mitchellh/mapstructure                   d16e9488127408e67948eb43b6d3fbb9f222da10 # v1.3.2
 github.com/moby/buildkit                            8142d66b5ebde79846b869fba30d9d30633e74aa # v0.8.1
 github.com/moby/sys                                 1bc8673b57550ddf85262eb0fed0aac651a37dab # symlink/v0.1.0 (latest tag, either mount/vXXX, mountinfo/vXXX or symlink/vXXX)
-github.com/moby/term                                bea5bbe245bf407372d477f1361d2ff042d2f556
+github.com/moby/term                                3f7ff695adc6a35abc925370dd0a4dafb48ec64d
 github.com/modern-go/concurrent                     bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
 github.com/modern-go/reflect2                       4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd # 1.0.1
 github.com/morikuni/aec                             39771216ff4c63d11f5e604076f9c45e8be1067b # v1.0.0
@@ -62,8 +62,7 @@ github.com/prometheus/client_golang                 6edbbd9e560190e318cdc5b4d3e6
 github.com/prometheus/client_model                  7bc5445566f0fe75b15de23e6b93886e982d7bf9 # v0.2.0
 github.com/prometheus/common                        d978bcb1309602d68bb4ba69cf3f8ed900e07308 # v0.9.1
 github.com/prometheus/procfs                        46159f73e74d1cb8dc223deef9b2d049286f46b1 # v0.0.11
-github.com/russross/blackfriday/v2                  d3b5b032dc8e8927d31a5071b56e14c89f045135 # v2.0.1
-github.com/shurcooL/sanitized_anchor_name           7bfe4c7ecddb3666a94b053b422cdd8f5aaa3615 # v1.0.0
+github.com/russross/blackfriday/v2                  4c9bf9512682b995722660a4196c0013228e2049 # v2.1.0
 github.com/sirupsen/logrus                          6699a89a232f3db797f2e280639854bbc4b89725 # v1.7.0
 github.com/spf13/cobra                              86f8bfd7fef868a174e1b606783bd7f5c82ddf8f # v1.1.1
 github.com/spf13/pflag                              2e9d26c8c37aae03e3f9d4e90b7116f5accb7cab # v1.0.5

vendor/github.com/Azure/go-ansiterm/go.mod

@@ -0,0 +1,5 @@
+module github.com/Azure/go-ansiterm
+
+go 1.16
+
+require golang.org/x/sys v0.0.0-20210616094352-59db8d763f22

vendor/github.com/Azure/go-ansiterm/winterm/ansi.go

@@ -10,6 +10,7 @@ import (
 	"syscall"
 
 	"github.com/Azure/go-ansiterm"
+	windows "golang.org/x/sys/windows"
 )
 
 // Windows keyboard constants
@@ -162,15 +163,28 @@ func ensureInRange(n int16, min int16, max int16) int16 {
 
 func GetStdFile(nFile int) (*os.File, uintptr) {
 	var file *os.File
-	switch nFile {
-	case syscall.STD_INPUT_HANDLE:
+
+	// syscall uses negative numbers
+	// windows package uses very big uint32
+	// Keep these switches split so we don't have to convert ints too much.
+	switch uint32(nFile) {
+	case windows.STD_INPUT_HANDLE:
 		file = os.Stdin
-	case syscall.STD_OUTPUT_HANDLE:
+	case windows.STD_OUTPUT_HANDLE:
 		file = os.Stdout
-	case syscall.STD_ERROR_HANDLE:
+	case windows.STD_ERROR_HANDLE:
 		file = os.Stderr
 	default:
-		panic(fmt.Errorf("Invalid standard handle identifier: %v", nFile))
+		switch nFile {
+		case syscall.STD_INPUT_HANDLE:
+			file = os.Stdin
+		case syscall.STD_OUTPUT_HANDLE:
+			file = os.Stdout
+		case syscall.STD_ERROR_HANDLE:
+			file = os.Stderr
+		default:
+			panic(fmt.Errorf("Invalid standard handle identifier: %v", nFile))
+		}
 	}
 
 	fd, err := syscall.GetStdHandle(nFile)

vendor/github.com/containerd/continuity/fs/copy.go

@@ -1,176 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"sync"
-
-	"github.com/pkg/errors"
-)
-
-var bufferPool = &sync.Pool{
-	New: func() interface{} {
-		buffer := make([]byte, 32*1024)
-		return &buffer
-	},
-}
-
-// XAttrErrorHandlers transform a non-nil xattr error.
-// Return nil to ignore an error.
-// xattrKey can be empty for listxattr operation.
-type XAttrErrorHandler func(dst, src, xattrKey string, err error) error
-
-type copyDirOpts struct {
-	xeh XAttrErrorHandler
-}
-
-type CopyDirOpt func(*copyDirOpts) error
-
-// WithXAttrErrorHandler allows specifying XAttrErrorHandler
-// If nil XAttrErrorHandler is specified (default), CopyDir stops
-// on a non-nil xattr error.
-func WithXAttrErrorHandler(xeh XAttrErrorHandler) CopyDirOpt {
-	return func(o *copyDirOpts) error {
-		o.xeh = xeh
-		return nil
-	}
-}
-
-// WithAllowXAttrErrors allows ignoring xattr errors.
-func WithAllowXAttrErrors() CopyDirOpt {
-	xeh := func(dst, src, xattrKey string, err error) error {
-		return nil
-	}
-	return WithXAttrErrorHandler(xeh)
-}
-
-// CopyDir copies the directory from src to dst.
-// Most efficient copy of files is attempted.
-func CopyDir(dst, src string, opts ...CopyDirOpt) error {
-	var o copyDirOpts
-	for _, opt := range opts {
-		if err := opt(&o); err != nil {
-			return err
-		}
-	}
-	inodes := map[uint64]string{}
-	return copyDirectory(dst, src, inodes, &o)
-}
-
-func copyDirectory(dst, src string, inodes map[uint64]string, o *copyDirOpts) error {
-	stat, err := os.Stat(src)
-	if err != nil {
-		return errors.Wrapf(err, "failed to stat %s", src)
-	}
-	if !stat.IsDir() {
-		return errors.Errorf("source %s is not directory", src)
-	}
-
-	if st, err := os.Stat(dst); err != nil {
-		if err := os.Mkdir(dst, stat.Mode()); err != nil {
-			return errors.Wrapf(err, "failed to mkdir %s", dst)
-		}
-	} else if !st.IsDir() {
-		return errors.Errorf("cannot copy to non-directory: %s", dst)
-	} else {
-		if err := os.Chmod(dst, stat.Mode()); err != nil {
-			return errors.Wrapf(err, "failed to chmod on %s", dst)
-		}
-	}
-
-	fis, err := ioutil.ReadDir(src)
-	if err != nil {
-		return errors.Wrapf(err, "failed to read %s", src)
-	}
-
-	if err := copyFileInfo(stat, dst); err != nil {
-		return errors.Wrapf(err, "failed to copy file info for %s", dst)
-	}
-
-	if err := copyXAttrs(dst, src, o.xeh); err != nil {
-		return errors.Wrap(err, "failed to copy xattrs")
-	}
-
-	for _, fi := range fis {
-		source := filepath.Join(src, fi.Name())
-		target := filepath.Join(dst, fi.Name())
-
-		switch {
-		case fi.IsDir():
-			if err := copyDirectory(target, source, inodes, o); err != nil {
-				return err
-			}
-			continue
-		case (fi.Mode() & os.ModeType) == 0:
-			link, err := getLinkSource(target, fi, inodes)
-			if err != nil {
-				return errors.Wrap(err, "failed to get hardlink")
-			}
-			if link != "" {
-				if err := os.Link(link, target); err != nil {
-					return errors.Wrap(err, "failed to create hard link")
-				}
-			} else if err := CopyFile(target, source); err != nil {
-				return errors.Wrap(err, "failed to copy files")
-			}
-		case (fi.Mode() & os.ModeSymlink) == os.ModeSymlink:
-			link, err := os.Readlink(source)
-			if err != nil {
-				return errors.Wrapf(err, "failed to read link: %s", source)
-			}
-			if err := os.Symlink(link, target); err != nil {
-				return errors.Wrapf(err, "failed to create symlink: %s", target)
-			}
-		case (fi.Mode() & os.ModeDevice) == os.ModeDevice:
-			if err := copyDevice(target, fi); err != nil {
-				return errors.Wrapf(err, "failed to create device")
-			}
-		default:
-			// TODO: Support pipes and sockets
-			return errors.Wrapf(err, "unsupported mode %s", fi.Mode())
-		}
-		if err := copyFileInfo(fi, target); err != nil {
-			return errors.Wrap(err, "failed to copy file info")
-		}
-
-		if err := copyXAttrs(target, source, o.xeh); err != nil {
-			return errors.Wrap(err, "failed to copy xattrs")
-		}
-	}
-
-	return nil
-}
-
-// CopyFile copies the source file to the target.
-// The most efficient means of copying is used for the platform.
-func CopyFile(target, source string) error {
-	src, err := os.Open(source)
-	if err != nil {
-		return errors.Wrapf(err, "failed to open source %s", source)
-	}
-	defer src.Close()
-	tgt, err := os.Create(target)
-	if err != nil {
-		return errors.Wrapf(err, "failed to open target %s", target)
-	}
-	defer tgt.Close()
-
-	return copyFileContent(tgt, src)
-}

vendor/github.com/containerd/continuity/fs/copy_linux.go

@@ -1,147 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"io"
-	"os"
-	"syscall"
-
-	"github.com/containerd/continuity/sysx"
-	"github.com/pkg/errors"
-	"golang.org/x/sys/unix"
-)
-
-func copyFileInfo(fi os.FileInfo, name string) error {
-	st := fi.Sys().(*syscall.Stat_t)
-	if err := os.Lchown(name, int(st.Uid), int(st.Gid)); err != nil {
-		if os.IsPermission(err) {
-			// Normally if uid/gid are the same this would be a no-op, but some
-			// filesystems may still return EPERM... for instance NFS does this.
-			// In such a case, this is not an error.
-			if dstStat, err2 := os.Lstat(name); err2 == nil {
-				st2 := dstStat.Sys().(*syscall.Stat_t)
-				if st.Uid == st2.Uid && st.Gid == st2.Gid {
-					err = nil
-				}
-			}
-		}
-		if err != nil {
-			return errors.Wrapf(err, "failed to chown %s", name)
-		}
-	}
-
-	if (fi.Mode() & os.ModeSymlink) != os.ModeSymlink {
-		if err := os.Chmod(name, fi.Mode()); err != nil {
-			return errors.Wrapf(err, "failed to chmod %s", name)
-		}
-	}
-
-	timespec := []unix.Timespec{
-		unix.NsecToTimespec(syscall.TimespecToNsec(StatAtime(st))),
-		unix.NsecToTimespec(syscall.TimespecToNsec(StatMtime(st))),
-	}
-	if err := unix.UtimesNanoAt(unix.AT_FDCWD, name, timespec, unix.AT_SYMLINK_NOFOLLOW); err != nil {
-		return errors.Wrapf(err, "failed to utime %s", name)
-	}
-
-	return nil
-}
-
-const maxSSizeT = int64(^uint(0) >> 1)
-
-func copyFileContent(dst, src *os.File) error {
-	st, err := src.Stat()
-	if err != nil {
-		return errors.Wrap(err, "unable to stat source")
-	}
-
-	size := st.Size()
-	first := true
-	srcFd := int(src.Fd())
-	dstFd := int(dst.Fd())
-
-	for size > 0 {
-		// Ensure that we are never trying to copy more than SSIZE_MAX at a
-		// time and at the same time avoids overflows when the file is larger
-		// than 4GB on 32-bit systems.
-		var copySize int
-		if size > maxSSizeT {
-			copySize = int(maxSSizeT)
-		} else {
-			copySize = int(size)
-		}
-		n, err := unix.CopyFileRange(srcFd, nil, dstFd, nil, copySize, 0)
-		if err != nil {
-			if (err != unix.ENOSYS && err != unix.EXDEV) || !first {
-				return errors.Wrap(err, "copy file range failed")
-			}
-
-			buf := bufferPool.Get().(*[]byte)
-			_, err = io.CopyBuffer(dst, src, *buf)
-			bufferPool.Put(buf)
-			return errors.Wrap(err, "userspace copy failed")
-		}
-
-		first = false
-		size -= int64(n)
-	}
-
-	return nil
-}
-
-func copyXAttrs(dst, src string, xeh XAttrErrorHandler) error {
-	xattrKeys, err := sysx.LListxattr(src)
-	if err != nil {
-		e := errors.Wrapf(err, "failed to list xattrs on %s", src)
-		if xeh != nil {
-			e = xeh(dst, src, "", e)
-		}
-		return e
-	}
-	for _, xattr := range xattrKeys {
-		data, err := sysx.LGetxattr(src, xattr)
-		if err != nil {
-			e := errors.Wrapf(err, "failed to get xattr %q on %s", xattr, src)
-			if xeh != nil {
-				if e = xeh(dst, src, xattr, e); e == nil {
-					continue
-				}
-			}
-			return e
-		}
-		if err := sysx.LSetxattr(dst, xattr, data, 0); err != nil {
-			e := errors.Wrapf(err, "failed to set xattr %q on %s", xattr, dst)
-			if xeh != nil {
-				if e = xeh(dst, src, xattr, e); e == nil {
-					continue
-				}
-			}
-			return e
-		}
-	}
-
-	return nil
-}
-
-func copyDevice(dst string, fi os.FileInfo) error {
-	st, ok := fi.Sys().(*syscall.Stat_t)
-	if !ok {
-		return errors.New("unsupported stat type")
-	}
-	return unix.Mknod(dst, uint32(fi.Mode()), int(st.Rdev))
-}

vendor/github.com/containerd/continuity/fs/copy_unix.go

@@ -1,112 +0,0 @@
-// +build darwin freebsd openbsd solaris
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"io"
-	"os"
-	"syscall"
-
-	"github.com/containerd/continuity/sysx"
-	"github.com/pkg/errors"
-	"golang.org/x/sys/unix"
-)
-
-func copyFileInfo(fi os.FileInfo, name string) error {
-	st := fi.Sys().(*syscall.Stat_t)
-	if err := os.Lchown(name, int(st.Uid), int(st.Gid)); err != nil {
-		if os.IsPermission(err) {
-			// Normally if uid/gid are the same this would be a no-op, but some
-			// filesystems may still return EPERM... for instance NFS does this.
-			// In such a case, this is not an error.
-			if dstStat, err2 := os.Lstat(name); err2 == nil {
-				st2 := dstStat.Sys().(*syscall.Stat_t)
-				if st.Uid == st2.Uid && st.Gid == st2.Gid {
-					err = nil
-				}
-			}
-		}
-		if err != nil {
-			return errors.Wrapf(err, "failed to chown %s", name)
-		}
-	}
-
-	if (fi.Mode() & os.ModeSymlink) != os.ModeSymlink {
-		if err := os.Chmod(name, fi.Mode()); err != nil {
-			return errors.Wrapf(err, "failed to chmod %s", name)
-		}
-	}
-
-	timespec := []syscall.Timespec{StatAtime(st), StatMtime(st)}
-	if err := syscall.UtimesNano(name, timespec); err != nil {
-		return errors.Wrapf(err, "failed to utime %s", name)
-	}
-
-	return nil
-}
-
-func copyFileContent(dst, src *os.File) error {
-	buf := bufferPool.Get().(*[]byte)
-	_, err := io.CopyBuffer(dst, src, *buf)
-	bufferPool.Put(buf)
-
-	return err
-}
-
-func copyXAttrs(dst, src string, xeh XAttrErrorHandler) error {
-	xattrKeys, err := sysx.LListxattr(src)
-	if err != nil {
-		e := errors.Wrapf(err, "failed to list xattrs on %s", src)
-		if xeh != nil {
-			e = xeh(dst, src, "", e)
-		}
-		return e
-	}
-	for _, xattr := range xattrKeys {
-		data, err := sysx.LGetxattr(src, xattr)
-		if err != nil {
-			e := errors.Wrapf(err, "failed to get xattr %q on %s", xattr, src)
-			if xeh != nil {
-				if e = xeh(dst, src, xattr, e); e == nil {
-					continue
-				}
-			}
-			return e
-		}
-		if err := sysx.LSetxattr(dst, xattr, data, 0); err != nil {
-			e := errors.Wrapf(err, "failed to set xattr %q on %s", xattr, dst)
-			if xeh != nil {
-				if e = xeh(dst, src, xattr, e); e == nil {
-					continue
-				}
-			}
-			return e
-		}
-	}
-
-	return nil
-}
-
-func copyDevice(dst string, fi os.FileInfo) error {
-	st, ok := fi.Sys().(*syscall.Stat_t)
-	if !ok {
-		return errors.New("unsupported stat type")
-	}
-	return unix.Mknod(dst, uint32(fi.Mode()), int(st.Rdev))
-}

vendor/github.com/containerd/continuity/fs/copy_windows.go

@@ -1,49 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"io"
-	"os"
-
-	"github.com/pkg/errors"
-)
-
-func copyFileInfo(fi os.FileInfo, name string) error {
-	if err := os.Chmod(name, fi.Mode()); err != nil {
-		return errors.Wrapf(err, "failed to chmod %s", name)
-	}
-
-	// TODO: copy windows specific metadata
-
-	return nil
-}
-
-func copyFileContent(dst, src *os.File) error {
-	buf := bufferPool.Get().(*[]byte)
-	_, err := io.CopyBuffer(dst, src, *buf)
-	bufferPool.Put(buf)
-	return err
-}
-
-func copyXAttrs(dst, src string, xeh XAttrErrorHandler) error {
-	return nil
-}
-
-func copyDevice(dst string, fi os.FileInfo) error {
-	return errors.New("device copy not supported")
-}

vendor/github.com/containerd/continuity/fs/diff.go

@@ -1,326 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"context"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"golang.org/x/sync/errgroup"
-
-	"github.com/sirupsen/logrus"
-)
-
-// ChangeKind is the type of modification that
-// a change is making.
-type ChangeKind int
-
-const (
-	// ChangeKindUnmodified represents an unmodified
-	// file
-	ChangeKindUnmodified = iota
-
-	// ChangeKindAdd represents an addition of
-	// a file
-	ChangeKindAdd
-
-	// ChangeKindModify represents a change to
-	// an existing file
-	ChangeKindModify
-
-	// ChangeKindDelete represents a delete of
-	// a file
-	ChangeKindDelete
-)
-
-func (k ChangeKind) String() string {
-	switch k {
-	case ChangeKindUnmodified:
-		return "unmodified"
-	case ChangeKindAdd:
-		return "add"
-	case ChangeKindModify:
-		return "modify"
-	case ChangeKindDelete:
-		return "delete"
-	default:
-		return ""
-	}
-}
-
-// Change represents single change between a diff and its parent.
-type Change struct {
-	Kind ChangeKind
-	Path string
-}
-
-// ChangeFunc is the type of function called for each change
-// computed during a directory changes calculation.
-type ChangeFunc func(ChangeKind, string, os.FileInfo, error) error
-
-// Changes computes changes between two directories calling the
-// given change function for each computed change. The first
-// directory is intended to the base directory and second
-// directory the changed directory.
-//
-// The change callback is called by the order of path names and
-// should be appliable in that order.
-//  Due to this apply ordering, the following is true
-//  - Removed directory trees only create a single change for the root
-//    directory removed. Remaining changes are implied.
-//  - A directory which is modified to become a file will not have
-//    delete entries for sub-path items, their removal is implied
-//    by the removal of the parent directory.
-//
-// Opaque directories will not be treated specially and each file
-// removed from the base directory will show up as a removal.
-//
-// File content comparisons will be done on files which have timestamps
-// which may have been truncated. If either of the files being compared
-// has a zero value nanosecond value, each byte will be compared for
-// differences. If 2 files have the same seconds value but different
-// nanosecond values where one of those values is zero, the files will
-// be considered unchanged if the content is the same. This behavior
-// is to account for timestamp truncation during archiving.
-func Changes(ctx context.Context, a, b string, changeFn ChangeFunc) error {
-	if a == "" {
-		logrus.Debugf("Using single walk diff for %s", b)
-		return addDirChanges(ctx, changeFn, b)
-	} else if diffOptions := detectDirDiff(b, a); diffOptions != nil {
-		logrus.Debugf("Using single walk diff for %s from %s", diffOptions.diffDir, a)
-		return diffDirChanges(ctx, changeFn, a, diffOptions)
-	}
-
-	logrus.Debugf("Using double walk diff for %s from %s", b, a)
-	return doubleWalkDiff(ctx, changeFn, a, b)
-}
-
-func addDirChanges(ctx context.Context, changeFn ChangeFunc, root string) error {
-	return filepath.Walk(root, func(path string, f os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-
-		// Rebase path
-		path, err = filepath.Rel(root, path)
-		if err != nil {
-			return err
-		}
-
-		path = filepath.Join(string(os.PathSeparator), path)
-
-		// Skip root
-		if path == string(os.PathSeparator) {
-			return nil
-		}
-
-		return changeFn(ChangeKindAdd, path, f, nil)
-	})
-}
-
-// diffDirOptions is used when the diff can be directly calculated from
-// a diff directory to its base, without walking both trees.
-type diffDirOptions struct {
-	diffDir      string
-	skipChange   func(string) (bool, error)
-	deleteChange func(string, string, os.FileInfo) (string, error)
-}
-
-// diffDirChanges walks the diff directory and compares changes against the base.
-func diffDirChanges(ctx context.Context, changeFn ChangeFunc, base string, o *diffDirOptions) error {
-	changedDirs := make(map[string]struct{})
-	return filepath.Walk(o.diffDir, func(path string, f os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-
-		// Rebase path
-		path, err = filepath.Rel(o.diffDir, path)
-		if err != nil {
-			return err
-		}
-
-		path = filepath.Join(string(os.PathSeparator), path)
-
-		// Skip root
-		if path == string(os.PathSeparator) {
-			return nil
-		}
-
-		// TODO: handle opaqueness, start new double walker at this
-		// location to get deletes, and skip tree in single walker
-
-		if o.skipChange != nil {
-			if skip, err := o.skipChange(path); skip {
-				return err
-			}
-		}
-
-		var kind ChangeKind
-
-		deletedFile, err := o.deleteChange(o.diffDir, path, f)
-		if err != nil {
-			return err
-		}
-
-		// Find out what kind of modification happened
-		if deletedFile != "" {
-			path = deletedFile
-			kind = ChangeKindDelete
-			f = nil
-		} else {
-			// Otherwise, the file was added
-			kind = ChangeKindAdd
-
-			// ...Unless it already existed in a base, in which case, it's a modification
-			stat, err := os.Stat(filepath.Join(base, path))
-			if err != nil && !os.IsNotExist(err) {
-				return err
-			}
-			if err == nil {
-				// The file existed in the base, so that's a modification
-
-				// However, if it's a directory, maybe it wasn't actually modified.
-				// If you modify /foo/bar/baz, then /foo will be part of the changed files only because it's the parent of bar
-				if stat.IsDir() && f.IsDir() {
-					if f.Size() == stat.Size() && f.Mode() == stat.Mode() && sameFsTime(f.ModTime(), stat.ModTime()) {
-						// Both directories are the same, don't record the change
-						return nil
-					}
-				}
-				kind = ChangeKindModify
-			}
-		}
-
-		// If /foo/bar/file.txt is modified, then /foo/bar must be part of the changed files.
-		// This block is here to ensure the change is recorded even if the
-		// modify time, mode and size of the parent directory in the rw and ro layers are all equal.
-		// Check https://github.com/docker/docker/pull/13590 for details.
-		if f.IsDir() {
-			changedDirs[path] = struct{}{}
-		}
-		if kind == ChangeKindAdd || kind == ChangeKindDelete {
-			parent := filepath.Dir(path)
-			if _, ok := changedDirs[parent]; !ok && parent != "/" {
-				pi, err := os.Stat(filepath.Join(o.diffDir, parent))
-				if err := changeFn(ChangeKindModify, parent, pi, err); err != nil {
-					return err
-				}
-				changedDirs[parent] = struct{}{}
-			}
-		}
-
-		return changeFn(kind, path, f, nil)
-	})
-}
-
-// doubleWalkDiff walks both directories to create a diff
-func doubleWalkDiff(ctx context.Context, changeFn ChangeFunc, a, b string) (err error) {
-	g, ctx := errgroup.WithContext(ctx)
-
-	var (
-		c1 = make(chan *currentPath)
-		c2 = make(chan *currentPath)
-
-		f1, f2 *currentPath
-		rmdir  string
-	)
-	g.Go(func() error {
-		defer close(c1)
-		return pathWalk(ctx, a, c1)
-	})
-	g.Go(func() error {
-		defer close(c2)
-		return pathWalk(ctx, b, c2)
-	})
-	g.Go(func() error {
-		for c1 != nil || c2 != nil {
-			if f1 == nil && c1 != nil {
-				f1, err = nextPath(ctx, c1)
-				if err != nil {
-					return err
-				}
-				if f1 == nil {
-					c1 = nil
-				}
-			}
-
-			if f2 == nil && c2 != nil {
-				f2, err = nextPath(ctx, c2)
-				if err != nil {
-					return err
-				}
-				if f2 == nil {
-					c2 = nil
-				}
-			}
-			if f1 == nil && f2 == nil {
-				continue
-			}
-
-			var f os.FileInfo
-			k, p := pathChange(f1, f2)
-			switch k {
-			case ChangeKindAdd:
-				if rmdir != "" {
-					rmdir = ""
-				}
-				f = f2.f
-				f2 = nil
-			case ChangeKindDelete:
-				// Check if this file is already removed by being
-				// under of a removed directory
-				if rmdir != "" && strings.HasPrefix(f1.path, rmdir) {
-					f1 = nil
-					continue
-				} else if f1.f.IsDir() {
-					rmdir = f1.path + string(os.PathSeparator)
-				} else if rmdir != "" {
-					rmdir = ""
-				}
-				f1 = nil
-			case ChangeKindModify:
-				same, err := sameFile(f1, f2)
-				if err != nil {
-					return err
-				}
-				if f1.f.IsDir() && !f2.f.IsDir() {
-					rmdir = f1.path + string(os.PathSeparator)
-				} else if rmdir != "" {
-					rmdir = ""
-				}
-				f = f2.f
-				f1 = nil
-				f2 = nil
-				if same {
-					if !isLinked(f) {
-						continue
-					}
-					k = ChangeKindUnmodified
-				}
-			}
-			if err := changeFn(k, p, f, nil); err != nil {
-				return err
-			}
-		}
-		return nil
-	})
-
-	return g.Wait()
-}

vendor/github.com/containerd/continuity/fs/diff_unix.go

@@ -1,74 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"bytes"
-	"os"
-	"syscall"
-
-	"github.com/containerd/continuity/sysx"
-	"github.com/pkg/errors"
-)
-
-// detectDirDiff returns diff dir options if a directory could
-// be found in the mount info for upper which is the direct
-// diff with the provided lower directory
-func detectDirDiff(upper, lower string) *diffDirOptions {
-	// TODO: get mount options for upper
-	// TODO: detect AUFS
-	// TODO: detect overlay
-	return nil
-}
-
-// compareSysStat returns whether the stats are equivalent,
-// whether the files are considered the same file, and
-// an error
-func compareSysStat(s1, s2 interface{}) (bool, error) {
-	ls1, ok := s1.(*syscall.Stat_t)
-	if !ok {
-		return false, nil
-	}
-	ls2, ok := s2.(*syscall.Stat_t)
-	if !ok {
-		return false, nil
-	}
-
-	return ls1.Mode == ls2.Mode && ls1.Uid == ls2.Uid && ls1.Gid == ls2.Gid && ls1.Rdev == ls2.Rdev, nil
-}
-
-func compareCapabilities(p1, p2 string) (bool, error) {
-	c1, err := sysx.LGetxattr(p1, "security.capability")
-	if err != nil && err != sysx.ENODATA {
-		return false, errors.Wrapf(err, "failed to get xattr for %s", p1)
-	}
-	c2, err := sysx.LGetxattr(p2, "security.capability")
-	if err != nil && err != sysx.ENODATA {
-		return false, errors.Wrapf(err, "failed to get xattr for %s", p2)
-	}
-	return bytes.Equal(c1, c2), nil
-}
-
-func isLinked(f os.FileInfo) bool {
-	s, ok := f.Sys().(*syscall.Stat_t)
-	if !ok {
-		return false
-	}
-	return !f.IsDir() && s.Nlink > 1
-}

vendor/github.com/containerd/continuity/fs/diff_windows.go

@@ -1,48 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"os"
-
-	"golang.org/x/sys/windows"
-)
-
-func detectDirDiff(upper, lower string) *diffDirOptions {
-	return nil
-}
-
-func compareSysStat(s1, s2 interface{}) (bool, error) {
-	f1, ok := s1.(windows.Win32FileAttributeData)
-	if !ok {
-		return false, nil
-	}
-	f2, ok := s2.(windows.Win32FileAttributeData)
-	if !ok {
-		return false, nil
-	}
-	return f1.FileAttributes == f2.FileAttributes, nil
-}
-
-func compareCapabilities(p1, p2 string) (bool, error) {
-	// TODO: Use windows equivalent
-	return true, nil
-}
-
-func isLinked(os.FileInfo) bool {
-	return false
-}

vendor/github.com/containerd/continuity/fs/dtype_linux.go

@@ -1,103 +0,0 @@
-// +build linux
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"syscall"
-	"unsafe"
-)
-
-func locateDummyIfEmpty(path string) (string, error) {
-	children, err := ioutil.ReadDir(path)
-	if err != nil {
-		return "", err
-	}
-	if len(children) != 0 {
-		return "", nil
-	}
-	dummyFile, err := ioutil.TempFile(path, "fsutils-dummy")
-	if err != nil {
-		return "", err
-	}
-	name := dummyFile.Name()
-	err = dummyFile.Close()
-	return name, err
-}
-
-// SupportsDType returns whether the filesystem mounted on path supports d_type
-func SupportsDType(path string) (bool, error) {
-	// locate dummy so that we have at least one dirent
-	dummy, err := locateDummyIfEmpty(path)
-	if err != nil {
-		return false, err
-	}
-	if dummy != "" {
-		defer os.Remove(dummy)
-	}
-
-	visited := 0
-	supportsDType := true
-	fn := func(ent *syscall.Dirent) bool {
-		visited++
-		if ent.Type == syscall.DT_UNKNOWN {
-			supportsDType = false
-			// stop iteration
-			return true
-		}
-		// continue iteration
-		return false
-	}
-	if err = iterateReadDir(path, fn); err != nil {
-		return false, err
-	}
-	if visited == 0 {
-		return false, fmt.Errorf("did not hit any dirent during iteration %s", path)
-	}
-	return supportsDType, nil
-}
-
-func iterateReadDir(path string, fn func(*syscall.Dirent) bool) error {
-	d, err := os.Open(path)
-	if err != nil {
-		return err
-	}
-	defer d.Close()
-	fd := int(d.Fd())
-	buf := make([]byte, 4096)
-	for {
-		nbytes, err := syscall.ReadDirent(fd, buf)
-		if err != nil {
-			return err
-		}
-		if nbytes == 0 {
-			break
-		}
-		for off := 0; off < nbytes; {
-			ent := (*syscall.Dirent)(unsafe.Pointer(&buf[off]))
-			if stop := fn(ent); stop {
-				return nil
-			}
-			off += int(ent.Reclen)
-		}
-	}
-	return nil
-}

vendor/github.com/containerd/continuity/fs/du.go

@@ -1,38 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import "context"
-
-// Usage of disk information
-type Usage struct {
-	Inodes int64
-	Size   int64
-}
-
-// DiskUsage counts the number of inodes and disk usage for the resources under
-// path.
-func DiskUsage(ctx context.Context, roots ...string) (Usage, error) {
-	return diskUsage(ctx, roots...)
-}
-
-// DiffUsage counts the numbers of inodes and disk usage in the
-// diff between the 2 directories. The first path is intended
-// as the base directory and the second as the changed directory.
-func DiffUsage(ctx context.Context, a, b string) (Usage, error) {
-	return diffUsage(ctx, a, b)
-}

vendor/github.com/containerd/continuity/fs/du_unix.go

@@ -1,110 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"context"
-	"os"
-	"path/filepath"
-	"syscall"
-)
-
-type inode struct {
-	// TODO(stevvooe): Can probably reduce memory usage by not tracking
-	// device, but we can leave this right for now.
-	dev, ino uint64
-}
-
-func newInode(stat *syscall.Stat_t) inode {
-	return inode{
-		// Dev is uint32 on darwin/bsd, uint64 on linux/solaris
-		dev: uint64(stat.Dev), // nolint: unconvert
-		// Ino is uint32 on bsd, uint64 on darwin/linux/solaris
-		ino: uint64(stat.Ino), // nolint: unconvert
-	}
-}
-
-func diskUsage(ctx context.Context, roots ...string) (Usage, error) {
-
-	var (
-		size   int64
-		inodes = map[inode]struct{}{} // expensive!
-	)
-
-	for _, root := range roots {
-		if err := filepath.Walk(root, func(path string, fi os.FileInfo, err error) error {
-			if err != nil {
-				return err
-			}
-
-			select {
-			case <-ctx.Done():
-				return ctx.Err()
-			default:
-			}
-
-			inoKey := newInode(fi.Sys().(*syscall.Stat_t))
-			if _, ok := inodes[inoKey]; !ok {
-				inodes[inoKey] = struct{}{}
-				size += fi.Size()
-			}
-
-			return nil
-		}); err != nil {
-			return Usage{}, err
-		}
-	}
-
-	return Usage{
-		Inodes: int64(len(inodes)),
-		Size:   size,
-	}, nil
-}
-
-func diffUsage(ctx context.Context, a, b string) (Usage, error) {
-	var (
-		size   int64
-		inodes = map[inode]struct{}{} // expensive!
-	)
-
-	if err := Changes(ctx, a, b, func(kind ChangeKind, _ string, fi os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-
-		if kind == ChangeKindAdd || kind == ChangeKindModify {
-			inoKey := newInode(fi.Sys().(*syscall.Stat_t))
-			if _, ok := inodes[inoKey]; !ok {
-				inodes[inoKey] = struct{}{}
-				size += fi.Size()
-			}
-
-			return nil
-
-		}
-		return nil
-	}); err != nil {
-		return Usage{}, err
-	}
-
-	return Usage{
-		Inodes: int64(len(inodes)),
-		Size:   size,
-	}, nil
-}

vendor/github.com/containerd/continuity/fs/du_windows.go

@@ -1,82 +0,0 @@
-// +build windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"context"
-	"os"
-	"path/filepath"
-)
-
-func diskUsage(ctx context.Context, roots ...string) (Usage, error) {
-	var (
-		size int64
-	)
-
-	// TODO(stevvooe): Support inodes (or equivalent) for windows.
-
-	for _, root := range roots {
-		if err := filepath.Walk(root, func(path string, fi os.FileInfo, err error) error {
-			if err != nil {
-				return err
-			}
-
-			select {
-			case <-ctx.Done():
-				return ctx.Err()
-			default:
-			}
-
-			size += fi.Size()
-			return nil
-		}); err != nil {
-			return Usage{}, err
-		}
-	}
-
-	return Usage{
-		Size: size,
-	}, nil
-}
-
-func diffUsage(ctx context.Context, a, b string) (Usage, error) {
-	var (
-		size int64
-	)
-
-	if err := Changes(ctx, a, b, func(kind ChangeKind, _ string, fi os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-
-		if kind == ChangeKindAdd || kind == ChangeKindModify {
-			size += fi.Size()
-
-			return nil
-
-		}
-		return nil
-	}); err != nil {
-		return Usage{}, err
-	}
-
-	return Usage{
-		Size: size,
-	}, nil
-}

vendor/github.com/containerd/continuity/fs/hardlink.go

@@ -1,43 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import "os"
-
-// GetLinkInfo returns an identifier representing the node a hardlink is pointing
-// to. If the file is not hard linked then 0 will be returned.
-func GetLinkInfo(fi os.FileInfo) (uint64, bool) {
-	return getLinkInfo(fi)
-}
-
-// getLinkSource returns a path for the given name and
-// file info to its link source in the provided inode
-// map. If the given file name is not in the map and
-// has other links, it is added to the inode map
-// to be a source for other link locations.
-func getLinkSource(name string, fi os.FileInfo, inodes map[uint64]string) (string, error) {
-	inode, isHardlink := getLinkInfo(fi)
-	if !isHardlink {
-		return "", nil
-	}
-
-	path, ok := inodes[inode]
-	if !ok {
-		inodes[inode] = name
-	}
-	return path, nil
-}

vendor/github.com/containerd/continuity/fs/hardlink_unix.go

@@ -1,34 +0,0 @@
-// +build !windows
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"os"
-	"syscall"
-)
-
-func getLinkInfo(fi os.FileInfo) (uint64, bool) {
-	s, ok := fi.Sys().(*syscall.Stat_t)
-	if !ok {
-		return 0, false
-	}
-
-	// Ino is uint32 on bsd, uint64 on darwin/linux/solaris
-	return uint64(s.Ino), !fi.IsDir() && s.Nlink > 1 // nolint: unconvert
-}

vendor/github.com/containerd/continuity/fs/hardlink_windows.go

@@ -1,23 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import "os"
-
-func getLinkInfo(fi os.FileInfo) (uint64, bool) {
-	return 0, false
-}

vendor/github.com/containerd/continuity/fs/path.go

@@ -1,311 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"bytes"
-	"context"
-	"io"
-	"os"
-	"path/filepath"
-
-	"github.com/pkg/errors"
-)
-
-var (
-	errTooManyLinks = errors.New("too many links")
-)
-
-type currentPath struct {
-	path     string
-	f        os.FileInfo
-	fullPath string
-}
-
-func pathChange(lower, upper *currentPath) (ChangeKind, string) {
-	if lower == nil {
-		if upper == nil {
-			panic("cannot compare nil paths")
-		}
-		return ChangeKindAdd, upper.path
-	}
-	if upper == nil {
-		return ChangeKindDelete, lower.path
-	}
-
-	switch i := directoryCompare(lower.path, upper.path); {
-	case i < 0:
-		// File in lower that is not in upper
-		return ChangeKindDelete, lower.path
-	case i > 0:
-		// File in upper that is not in lower
-		return ChangeKindAdd, upper.path
-	default:
-		return ChangeKindModify, upper.path
-	}
-}
-
-func directoryCompare(a, b string) int {
-	l := len(a)
-	if len(b) < l {
-		l = len(b)
-	}
-	for i := 0; i < l; i++ {
-		c1, c2 := a[i], b[i]
-		if c1 == filepath.Separator {
-			c1 = byte(0)
-		}
-		if c2 == filepath.Separator {
-			c2 = byte(0)
-		}
-		if c1 < c2 {
-			return -1
-		}
-		if c1 > c2 {
-			return +1
-		}
-	}
-	if len(a) < len(b) {
-		return -1
-	}
-	if len(a) > len(b) {
-		return +1
-	}
-	return 0
-}
-
-func sameFile(f1, f2 *currentPath) (bool, error) {
-	if os.SameFile(f1.f, f2.f) {
-		return true, nil
-	}
-
-	equalStat, err := compareSysStat(f1.f.Sys(), f2.f.Sys())
-	if err != nil || !equalStat {
-		return equalStat, err
-	}
-
-	if eq, err := compareCapabilities(f1.fullPath, f2.fullPath); err != nil || !eq {
-		return eq, err
-	}
-
-	// If not a directory also check size, modtime, and content
-	if !f1.f.IsDir() {
-		if f1.f.Size() != f2.f.Size() {
-			return false, nil
-		}
-		t1 := f1.f.ModTime()
-		t2 := f2.f.ModTime()
-
-		if t1.Unix() != t2.Unix() {
-			return false, nil
-		}
-
-		// If the timestamp may have been truncated in both of the
-		// files, check content of file to determine difference
-		if t1.Nanosecond() == 0 && t2.Nanosecond() == 0 {
-			if (f1.f.Mode() & os.ModeSymlink) == os.ModeSymlink {
-				return compareSymlinkTarget(f1.fullPath, f2.fullPath)
-			}
-			if f1.f.Size() == 0 { // if file sizes are zero length, the files are the same by definition
-				return true, nil
-			}
-			return compareFileContent(f1.fullPath, f2.fullPath)
-		} else if t1.Nanosecond() != t2.Nanosecond() {
-			return false, nil
-		}
-	}
-
-	return true, nil
-}
-
-func compareSymlinkTarget(p1, p2 string) (bool, error) {
-	t1, err := os.Readlink(p1)
-	if err != nil {
-		return false, err
-	}
-	t2, err := os.Readlink(p2)
-	if err != nil {
-		return false, err
-	}
-	return t1 == t2, nil
-}
-
-const compareChuckSize = 32 * 1024
-
-// compareFileContent compares the content of 2 same sized files
-// by comparing each byte.
-func compareFileContent(p1, p2 string) (bool, error) {
-	f1, err := os.Open(p1)
-	if err != nil {
-		return false, err
-	}
-	defer f1.Close()
-	f2, err := os.Open(p2)
-	if err != nil {
-		return false, err
-	}
-	defer f2.Close()
-
-	b1 := make([]byte, compareChuckSize)
-	b2 := make([]byte, compareChuckSize)
-	for {
-		n1, err1 := f1.Read(b1)
-		if err1 != nil && err1 != io.EOF {
-			return false, err1
-		}
-		n2, err2 := f2.Read(b2)
-		if err2 != nil && err2 != io.EOF {
-			return false, err2
-		}
-		if n1 != n2 || !bytes.Equal(b1[:n1], b2[:n2]) {
-			return false, nil
-		}
-		if err1 == io.EOF && err2 == io.EOF {
-			return true, nil
-		}
-	}
-}
-
-func pathWalk(ctx context.Context, root string, pathC chan<- *currentPath) error {
-	return filepath.Walk(root, func(path string, f os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-
-		// Rebase path
-		path, err = filepath.Rel(root, path)
-		if err != nil {
-			return err
-		}
-
-		path = filepath.Join(string(os.PathSeparator), path)
-
-		// Skip root
-		if path == string(os.PathSeparator) {
-			return nil
-		}
-
-		p := &currentPath{
-			path:     path,
-			f:        f,
-			fullPath: filepath.Join(root, path),
-		}
-
-		select {
-		case <-ctx.Done():
-			return ctx.Err()
-		case pathC <- p:
-			return nil
-		}
-	})
-}
-
-func nextPath(ctx context.Context, pathC <-chan *currentPath) (*currentPath, error) {
-	select {
-	case <-ctx.Done():
-		return nil, ctx.Err()
-	case p := <-pathC:
-		return p, nil
-	}
-}
-
-// RootPath joins a path with a root, evaluating and bounding any
-// symlink to the root directory.
-func RootPath(root, path string) (string, error) {
-	if path == "" {
-		return root, nil
-	}
-	var linksWalked int // to protect against cycles
-	for {
-		i := linksWalked
-		newpath, err := walkLinks(root, path, &linksWalked)
-		if err != nil {
-			return "", err
-		}
-		path = newpath
-		if i == linksWalked {
-			newpath = filepath.Join("/", newpath)
-			if path == newpath {
-				return filepath.Join(root, newpath), nil
-			}
-			path = newpath
-		}
-	}
-}
-
-func walkLink(root, path string, linksWalked *int) (newpath string, islink bool, err error) {
-	if *linksWalked > 255 {
-		return "", false, errTooManyLinks
-	}
-
-	path = filepath.Join("/", path)
-	if path == "/" {
-		return path, false, nil
-	}
-	realPath := filepath.Join(root, path)
-
-	fi, err := os.Lstat(realPath)
-	if err != nil {
-		// If path does not yet exist, treat as non-symlink
-		if os.IsNotExist(err) {
-			return path, false, nil
-		}
-		return "", false, err
-	}
-	if fi.Mode()&os.ModeSymlink == 0 {
-		return path, false, nil
-	}
-	newpath, err = os.Readlink(realPath)
-	if err != nil {
-		return "", false, err
-	}
-	*linksWalked++
-	return newpath, true, nil
-}
-
-func walkLinks(root, path string, linksWalked *int) (string, error) {
-	switch dir, file := filepath.Split(path); {
-	case dir == "":
-		newpath, _, err := walkLink(root, file, linksWalked)
-		return newpath, err
-	case file == "":
-		if os.IsPathSeparator(dir[len(dir)-1]) {
-			if dir == "/" {
-				return dir, nil
-			}
-			return walkLinks(root, dir[:len(dir)-1], linksWalked)
-		}
-		newpath, _, err := walkLink(root, dir, linksWalked)
-		return newpath, err
-	default:
-		newdir, err := walkLinks(root, dir, linksWalked)
-		if err != nil {
-			return "", err
-		}
-		newpath, islink, err := walkLink(root, filepath.Join(newdir, file), linksWalked)
-		if err != nil {
-			return "", err
-		}
-		if !islink {
-			return newpath, nil
-		}
-		if filepath.IsAbs(newpath) {
-			return newpath, nil
-		}
-		return filepath.Join(newdir, newpath), nil
-	}
-}

vendor/github.com/containerd/continuity/fs/stat_darwinfreebsd.go

@@ -1,44 +0,0 @@
-// +build darwin freebsd
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"syscall"
-	"time"
-)
-
-// StatAtime returns the access time from a stat struct
-func StatAtime(st *syscall.Stat_t) syscall.Timespec {
-	return st.Atimespec
-}
-
-// StatCtime returns the created time from a stat struct
-func StatCtime(st *syscall.Stat_t) syscall.Timespec {
-	return st.Ctimespec
-}
-
-// StatMtime returns the modified time from a stat struct
-func StatMtime(st *syscall.Stat_t) syscall.Timespec {
-	return st.Mtimespec
-}
-
-// StatATimeAsTime returns the access time as a time.Time
-func StatATimeAsTime(st *syscall.Stat_t) time.Time {
-	return time.Unix(int64(st.Atimespec.Sec), int64(st.Atimespec.Nsec)) // nolint: unconvert
-}

vendor/github.com/containerd/continuity/fs/stat_linuxopenbsd.go

@@ -1,45 +0,0 @@
-// +build linux openbsd
-
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import (
-	"syscall"
-	"time"
-)
-
-// StatAtime returns the Atim
-func StatAtime(st *syscall.Stat_t) syscall.Timespec {
-	return st.Atim
-}
-
-// StatCtime returns the Ctim
-func StatCtime(st *syscall.Stat_t) syscall.Timespec {
-	return st.Ctim
-}
-
-// StatMtime returns the Mtim
-func StatMtime(st *syscall.Stat_t) syscall.Timespec {
-	return st.Mtim
-}
-
-// StatATimeAsTime returns st.Atim as a time.Time
-func StatATimeAsTime(st *syscall.Stat_t) time.Time {
-	// The int64 conversions ensure the line compiles for 32-bit systems as well.
-	return time.Unix(int64(st.Atim.Sec), int64(st.Atim.Nsec)) // nolint: unconvert
-}

vendor/github.com/containerd/continuity/fs/time.go

@@ -1,29 +0,0 @@
-/*
-   Copyright The containerd Authors.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
-*/
-
-package fs
-
-import "time"
-
-// Gnu tar and the go tar writer don't have sub-second mtime
-// precision, which is problematic when we apply changes via tar
-// files, we handle this by comparing for exact times, *or* same
-// second count and either a or b having exactly 0 nanoseconds
-func sameFsTime(a, b time.Time) bool {
-	return a == b ||
-		(a.Unix() == b.Unix() &&
-			(a.Nanosecond() == 0 || b.Nanosecond() == 0))
-}

vendor/github.com/cpuguy83/go-md2man/v2/go.mod

@@ -1,9 +1,5 @@
 module github.com/cpuguy83/go-md2man/v2
 
-go 1.12
+go 1.11
 
-require (
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/russross/blackfriday/v2 v2.0.1
-	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
-)
+require github.com/russross/blackfriday/v2 v2.1.0

vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go

@@ -15,7 +15,7 @@ type roffRenderer struct {
 	extensions   blackfriday.Extensions
 	listCounters []int
 	firstHeader  bool
-	defineTerm   bool
+	firstDD      bool
 	listDepth    int
 }
 
@@ -42,7 +42,8 @@ const (
 	quoteCloseTag    = "\n.RE\n"
 	listTag          = "\n.RS\n"
 	listCloseTag     = "\n.RE\n"
-	arglistTag       = "\n.TP\n"
+	dtTag            = "\n.TP\n"
+	dd2Tag           = "\n"
 	tableStart       = "\n.TS\nallbox;\n"
 	tableEnd         = ".TE\n"
 	tableCellStart   = "T{\n"
@@ -90,7 +91,7 @@ func (r *roffRenderer) RenderNode(w io.Writer, node *blackfriday.Node, entering
 
 	switch node.Type {
 	case blackfriday.Text:
-		r.handleText(w, node, entering)
+		escapeSpecialChars(w, node.Literal)
 	case blackfriday.Softbreak:
 		out(w, crTag)
 	case blackfriday.Hardbreak:
@@ -150,40 +151,21 @@ func (r *roffRenderer) RenderNode(w io.Writer, node *blackfriday.Node, entering
 		out(w, codeCloseTag)
 	case blackfriday.Table:
 		r.handleTable(w, node, entering)
-	case blackfriday.TableCell:
-		r.handleTableCell(w, node, entering)
 	case blackfriday.TableHead:
 	case blackfriday.TableBody:
 	case blackfriday.TableRow:
 		// no action as cell entries do all the nroff formatting
 		return blackfriday.GoToNext
+	case blackfriday.TableCell:
+		r.handleTableCell(w, node, entering)
+	case blackfriday.HTMLSpan:
+		// ignore other HTML tags
 	default:
 		fmt.Fprintln(os.Stderr, "WARNING: go-md2man does not handle node type "+node.Type.String())
 	}
 	return walkAction
 }
 
-func (r *roffRenderer) handleText(w io.Writer, node *blackfriday.Node, entering bool) {
-	var (
-		start, end string
-	)
-	// handle special roff table cell text encapsulation
-	if node.Parent.Type == blackfriday.TableCell {
-		if len(node.Literal) > 30 {
-			start = tableCellStart
-			end = tableCellEnd
-		} else {
-			// end rows that aren't terminated by "tableCellEnd" with a cr if end of row
-			if node.Parent.Next == nil && !node.Parent.IsHeader {
-				end = crTag
-			}
-		}
-	}
-	out(w, start)
-	escapeSpecialChars(w, node.Literal)
-	out(w, end)
-}
-
 func (r *roffRenderer) handleHeading(w io.Writer, node *blackfriday.Node, entering bool) {
 	if entering {
 		switch node.Level {
@@ -230,15 +212,20 @@ func (r *roffRenderer) handleItem(w io.Writer, node *blackfriday.Node, entering
 		if node.ListFlags&blackfriday.ListTypeOrdered != 0 {
 			out(w, fmt.Sprintf(".IP \"%3d.\" 5\n", r.listCounters[len(r.listCounters)-1]))
 			r.listCounters[len(r.listCounters)-1]++
+		} else if node.ListFlags&blackfriday.ListTypeTerm != 0 {
+			// DT (definition term): line just before DD (see below).
+			out(w, dtTag)
+			r.firstDD = true
 		} else if node.ListFlags&blackfriday.ListTypeDefinition != 0 {
-			// state machine for handling terms and following definitions
-			// since blackfriday does not distinguish them properly, nor
-			// does it seperate them into separate lists as it should
-			if !r.defineTerm {
-				out(w, arglistTag)
-				r.defineTerm = true
+			// DD (definition description): line that starts with ": ".
+			//
+			// We have to distinguish between the first DD and the
+			// subsequent ones, as there should be no vertical
+			// whitespace between the DT and the first DD.
+			if r.firstDD {
+				r.firstDD = false
 			} else {
-				r.defineTerm = false
+				out(w, dd2Tag)
 			}
 		} else {
 			out(w, ".IP \\(bu 2\n")
@@ -251,7 +238,7 @@ func (r *roffRenderer) handleItem(w io.Writer, node *blackfriday.Node, entering
 func (r *roffRenderer) handleTable(w io.Writer, node *blackfriday.Node, entering bool) {
 	if entering {
 		out(w, tableStart)
-		//call walker to count cells (and rows?) so format section can be produced
+		// call walker to count cells (and rows?) so format section can be produced
 		columns := countColumns(node)
 		out(w, strings.Repeat("l ", columns)+"\n")
 		out(w, strings.Repeat("l ", columns)+".\n")
@@ -261,28 +248,41 @@ func (r *roffRenderer) handleTable(w io.Writer, node *blackfriday.Node, entering
 }
 
 func (r *roffRenderer) handleTableCell(w io.Writer, node *blackfriday.Node, entering bool) {
-	var (
-		start, end string
-	)
-	if node.IsHeader {
-		start = codespanTag
-		end = codespanCloseTag
-	}
 	if entering {
+		var start string
 		if node.Prev != nil && node.Prev.Type == blackfriday.TableCell {
-			out(w, "\t"+start)
-		} else {
-			out(w, start)
+			start = "\t"
 		}
+		if node.IsHeader {
+			start += codespanTag
+		} else if nodeLiteralSize(node) > 30 {
+			start += tableCellStart
+		}
+		out(w, start)
 	} else {
-		// need to carriage return if we are at the end of the header row
-		if node.IsHeader && node.Next == nil {
-			end = end + crTag
+		var end string
+		if node.IsHeader {
+			end = codespanCloseTag
+		} else if nodeLiteralSize(node) > 30 {
+			end = tableCellEnd
+		}
+		if node.Next == nil && end != tableCellEnd {
+			// Last cell: need to carriage return if we are at the end of the
+			// header row and content isn't wrapped in a "tablecell"
+			end += crTag
 		}
 		out(w, end)
 	}
 }
 
+func nodeLiteralSize(node *blackfriday.Node) int {
+	total := 0
+	for n := node.FirstChild; n != nil; n = n.FirstChild {
+		total += len(n.Literal)
+	}
+	return total
+}
+
 // because roff format requires knowing the column count before outputting any table
 // data we need to walk a table tree and count the columns
 func countColumns(node *blackfriday.Node) int {
@@ -309,15 +309,6 @@ func out(w io.Writer, output string) {
 	io.WriteString(w, output) // nolint: errcheck
 }
 
-func needsBackslash(c byte) bool {
-	for _, r := range []byte("-_&\\~") {
-		if c == r {
-			return true
-		}
-	}
-	return false
-}
-
 func escapeSpecialChars(w io.Writer, text []byte) {
 	for i := 0; i < len(text); i++ {
 		// escape initial apostrophe or period
@@ -328,7 +319,7 @@ func escapeSpecialChars(w io.Writer, text []byte) {
 		// directly copy normal characters
 		org := i
 
-		for i < len(text) && !needsBackslash(text[i]) {
+		for i < len(text) && text[i] != '\\' {
 			i++
 		}
 		if i > org {

vendor/github.com/docker/docker-credential-helpers/credentials/version.go

@@ -1,4 +1,4 @@
 package credentials
 
 // Version holds a string describing the current version
-const Version = "0.6.3"
+const Version = "0.6.4"

vendor/github.com/docker/docker/client/client.go

@@ -2,7 +2,7 @@
 Package client is a Go client for the Docker Engine API.
 
 For more information about the Engine API, see the documentation:
-https://docs.docker.com/engine/reference/api/
+https://docs.docker.com/engine/api/
 
 Usage
 

vendor/github.com/docker/docker/pkg/archive/archive.go

@@ -402,10 +402,24 @@ func fillGo18FileTypeBits(mode int64, fi os.FileInfo) int64 {
 // ReadSecurityXattrToTarHeader reads security.capability xattr from filesystem
 // to a tar header
 func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
+	const (
+		// Values based on linux/include/uapi/linux/capability.h
+		xattrCapsSz2    = 20
+		versionOffset   = 3
+		vfsCapRevision2 = 2
+		vfsCapRevision3 = 3
+	)
 	capability, _ := system.Lgetxattr(path, "security.capability")
 	if capability != nil {
+		length := len(capability)
+		if capability[versionOffset] == vfsCapRevision3 {
+			// Convert VFS_CAP_REVISION_3 to VFS_CAP_REVISION_2 as root UID makes no
+			// sense outside the user namespace the archive is built in.
+			capability[versionOffset] = vfsCapRevision2
+			length = xattrCapsSz2
+		}
 		hdr.Xattrs = make(map[string]string)
-		hdr.Xattrs["security.capability"] = string(capability)
+		hdr.Xattrs["security.capability"] = string(capability[:length])
 	}
 	return nil
 }
@@ -739,13 +753,18 @@ func TarWithOptions(srcPath string, options *TarOptions) (io.ReadCloser, error)
 		return nil, err
 	}
 
+	whiteoutConverter, err := getWhiteoutConverter(options.WhiteoutFormat, options.InUserNS)
+	if err != nil {
+		return nil, err
+	}
+
 	go func() {
 		ta := newTarAppender(
 			idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps),
 			compressWriter,
 			options.ChownOpts,
 		)
-		ta.WhiteoutConverter = getWhiteoutConverter(options.WhiteoutFormat, options.InUserNS)
+		ta.WhiteoutConverter = whiteoutConverter
 
 		defer func() {
 			// Make sure to check the error on Close.
@@ -903,7 +922,10 @@ func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) err
 	var dirs []*tar.Header
 	idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps)
 	rootIDs := idMapping.RootPair()
-	whiteoutConverter := getWhiteoutConverter(options.WhiteoutFormat, options.InUserNS)
+	whiteoutConverter, err := getWhiteoutConverter(options.WhiteoutFormat, options.InUserNS)
+	if err != nil {
+		return err
+	}
 
 	// Iterate through the files in the archive.
 loop:
@@ -917,6 +939,12 @@ loop:
 			return err
 		}
 
+		// ignore XGlobalHeader early to avoid creating parent directories for them
+		if hdr.Typeflag == tar.TypeXGlobalHeader {
+			logrus.Debugf("PAX Global Extended Headers found for %s and ignored", hdr.Name)
+			continue
+		}
+
 		// Normalize name, for safety and for a simple is-root check
 		// This keeps "../" as-is, but normalizes "/../" to "/". Or Windows:
 		// This keeps "..\" as-is, but normalizes "\..\" to "\".
@@ -936,7 +964,7 @@ loop:
 			parent := filepath.Dir(hdr.Name)
 			parentPath := filepath.Join(dest, parent)
 			if _, err := os.Lstat(parentPath); err != nil && os.IsNotExist(err) {
-				err = idtools.MkdirAllAndChownNew(parentPath, 0777, rootIDs)
+				err = idtools.MkdirAllAndChownNew(parentPath, 0755, rootIDs)
 				if err != nil {
 					return err
 				}

vendor/github.com/docker/docker/pkg/archive/archive_linux.go

@@ -2,29 +2,26 @@ package archive // import "github.com/docker/docker/pkg/archive"
 
 import (
 	"archive/tar"
-	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
-	"syscall"
 
-	"github.com/containerd/continuity/fs"
 	"github.com/docker/docker/pkg/system"
-	"github.com/moby/sys/mount"
 	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )
 
-func getWhiteoutConverter(format WhiteoutFormat, inUserNS bool) tarWhiteoutConverter {
+func getWhiteoutConverter(format WhiteoutFormat, inUserNS bool) (tarWhiteoutConverter, error) {
 	if format == OverlayWhiteoutFormat {
-		return overlayWhiteoutConverter{inUserNS: inUserNS}
+		if inUserNS {
+			return nil, errors.New("specifying OverlayWhiteoutFormat is not allowed in userns")
+		}
+		return overlayWhiteoutConverter{}, nil
 	}
-	return nil
+	return nil, nil
 }
 
 type overlayWhiteoutConverter struct {
-	inUserNS bool
 }
 
 func (overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi os.FileInfo) (wo *tar.Header, err error) {
@@ -77,13 +74,7 @@ func (c overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (boo
 	if base == WhiteoutOpaqueDir {
 		err := unix.Setxattr(dir, "trusted.overlay.opaque", []byte{'y'}, 0)
 		if err != nil {
-			if c.inUserNS {
-				if err = replaceDirWithOverlayOpaque(dir); err != nil {
-					return false, errors.Wrapf(err, "replaceDirWithOverlayOpaque(%q) failed", dir)
-				}
-			} else {
-				return false, errors.Wrapf(err, "setxattr(%q, trusted.overlay.opaque=y)", dir)
-			}
+			return false, errors.Wrapf(err, "setxattr(%q, trusted.overlay.opaque=y)", dir)
 		}
 		// don't write the file itself
 		return false, err
@@ -95,19 +86,7 @@ func (c overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (boo
 		originalPath := filepath.Join(dir, originalBase)
 
 		if err := unix.Mknod(originalPath, unix.S_IFCHR, 0); err != nil {
-			if c.inUserNS {
-				// Ubuntu and a few distros support overlayfs in userns.
-				//
-				// Although we can't call mknod directly in userns (at least on bionic kernel 4.15),
-				// we can still create 0,0 char device using mknodChar0Overlay().
-				//
-				// NOTE: we don't need this hack for the containerd snapshotter+unpack model.
-				if err := mknodChar0Overlay(originalPath); err != nil {
-					return false, errors.Wrapf(err, "failed to mknodChar0UserNS(%q)", originalPath)
-				}
-			} else {
-				return false, errors.Wrapf(err, "failed to mknod(%q, S_IFCHR, 0)", originalPath)
-			}
+			return false, errors.Wrapf(err, "failed to mknod(%q, S_IFCHR, 0)", originalPath)
 		}
 		if err := os.Chown(originalPath, hdr.Uid, hdr.Gid); err != nil {
 			return false, err
@@ -119,146 +98,3 @@ func (c overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (boo
 
 	return true, nil
 }
-
-// mknodChar0Overlay creates 0,0 char device by mounting overlayfs and unlinking.
-// This function can be used for creating 0,0 char device in userns on Ubuntu.
-//
-// Steps:
-// * Mkdir lower,upper,merged,work
-// * Create lower/dummy
-// * Mount overlayfs
-// * Unlink merged/dummy
-// * Unmount overlayfs
-// * Make sure a 0,0 char device is created as upper/dummy
-// * Rename upper/dummy to cleansedOriginalPath
-func mknodChar0Overlay(cleansedOriginalPath string) error {
-	dir := filepath.Dir(cleansedOriginalPath)
-	tmp, err := ioutil.TempDir(dir, "mc0o")
-	if err != nil {
-		return errors.Wrapf(err, "failed to create a tmp directory under %s", dir)
-	}
-	defer os.RemoveAll(tmp)
-	lower := filepath.Join(tmp, "l")
-	upper := filepath.Join(tmp, "u")
-	work := filepath.Join(tmp, "w")
-	merged := filepath.Join(tmp, "m")
-	for _, s := range []string{lower, upper, work, merged} {
-		if err := os.MkdirAll(s, 0700); err != nil {
-			return errors.Wrapf(err, "failed to mkdir %s", s)
-		}
-	}
-	dummyBase := "d"
-	lowerDummy := filepath.Join(lower, dummyBase)
-	if err := ioutil.WriteFile(lowerDummy, []byte{}, 0600); err != nil {
-		return errors.Wrapf(err, "failed to create a dummy lower file %s", lowerDummy)
-	}
-	// lowerdir needs ":" to be escaped: https://github.com/moby/moby/issues/40939#issuecomment-627098286
-	lowerEscaped := strings.ReplaceAll(lower, ":", "\\:")
-	mOpts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerEscaped, upper, work)
-	if err := mount.Mount("overlay", merged, "overlay", mOpts); err != nil {
-		return err
-	}
-	mergedDummy := filepath.Join(merged, dummyBase)
-	if err := os.Remove(mergedDummy); err != nil {
-		syscall.Unmount(merged, 0)
-		return errors.Wrapf(err, "failed to unlink %s", mergedDummy)
-	}
-	if err := syscall.Unmount(merged, 0); err != nil {
-		return errors.Wrapf(err, "failed to unmount %s", merged)
-	}
-	upperDummy := filepath.Join(upper, dummyBase)
-	if err := isChar0(upperDummy); err != nil {
-		return err
-	}
-	if err := os.Rename(upperDummy, cleansedOriginalPath); err != nil {
-		return errors.Wrapf(err, "failed to rename %s to %s", upperDummy, cleansedOriginalPath)
-	}
-	return nil
-}
-
-func isChar0(path string) error {
-	osStat, err := os.Stat(path)
-	if err != nil {
-		return errors.Wrapf(err, "failed to stat %s", path)
-	}
-	st, ok := osStat.Sys().(*syscall.Stat_t)
-	if !ok {
-		return errors.Errorf("got unsupported stat for %s", path)
-	}
-	if os.FileMode(st.Mode)&syscall.S_IFMT != syscall.S_IFCHR {
-		return errors.Errorf("%s is not a character device, got mode=%d", path, st.Mode)
-	}
-	if st.Rdev != 0 {
-		return errors.Errorf("%s is not a 0,0 character device, got Rdev=%d", path, st.Rdev)
-	}
-	return nil
-}
-
-// replaceDirWithOverlayOpaque replaces path with a new directory with trusted.overlay.opaque
-// xattr. The contents of the directory are preserved.
-func replaceDirWithOverlayOpaque(path string) error {
-	if path == "/" {
-		return errors.New("replaceDirWithOverlayOpaque: path must not be \"/\"")
-	}
-	dir := filepath.Dir(path)
-	tmp, err := ioutil.TempDir(dir, "rdwoo")
-	if err != nil {
-		return errors.Wrapf(err, "failed to create a tmp directory under %s", dir)
-	}
-	defer os.RemoveAll(tmp)
-	// newPath is a new empty directory crafted with trusted.overlay.opaque xattr.
-	// we copy the content of path into newPath, remove path, and rename newPath to path.
-	newPath, err := createDirWithOverlayOpaque(tmp)
-	if err != nil {
-		return errors.Wrapf(err, "createDirWithOverlayOpaque(%q) failed", tmp)
-	}
-	if err := fs.CopyDir(newPath, path); err != nil {
-		return errors.Wrapf(err, "CopyDir(%q, %q) failed", newPath, path)
-	}
-	if err := os.RemoveAll(path); err != nil {
-		return err
-	}
-	return os.Rename(newPath, path)
-}
-
-// createDirWithOverlayOpaque creates a directory with trusted.overlay.opaque xattr,
-// without calling setxattr, so as to allow creating opaque dir in userns on Ubuntu.
-func createDirWithOverlayOpaque(tmp string) (string, error) {
-	lower := filepath.Join(tmp, "l")
-	upper := filepath.Join(tmp, "u")
-	work := filepath.Join(tmp, "w")
-	merged := filepath.Join(tmp, "m")
-	for _, s := range []string{lower, upper, work, merged} {
-		if err := os.MkdirAll(s, 0700); err != nil {
-			return "", errors.Wrapf(err, "failed to mkdir %s", s)
-		}
-	}
-	dummyBase := "d"
-	lowerDummy := filepath.Join(lower, dummyBase)
-	if err := os.MkdirAll(lowerDummy, 0700); err != nil {
-		return "", errors.Wrapf(err, "failed to create a dummy lower directory %s", lowerDummy)
-	}
-	// lowerdir needs ":" to be escaped: https://github.com/moby/moby/issues/40939#issuecomment-627098286
-	lowerEscaped := strings.ReplaceAll(lower, ":", "\\:")
-	mOpts := fmt.Sprintf("lowerdir=%s,upperdir=%s,workdir=%s", lowerEscaped, upper, work)
-	if err := mount.Mount("overlay", merged, "overlay", mOpts); err != nil {
-		return "", err
-	}
-	mergedDummy := filepath.Join(merged, dummyBase)
-	if err := os.Remove(mergedDummy); err != nil {
-		syscall.Unmount(merged, 0)
-		return "", errors.Wrapf(err, "failed to rmdir %s", mergedDummy)
-	}
-	// upperDummy becomes a 0,0-char device file here
-	if err := os.Mkdir(mergedDummy, 0700); err != nil {
-		syscall.Unmount(merged, 0)
-		return "", errors.Wrapf(err, "failed to mkdir %s", mergedDummy)
-	}
-	// upperDummy becomes a directory with trusted.overlay.opaque xattr
-	// (but can't be verified in userns)
-	if err := syscall.Unmount(merged, 0); err != nil {
-		return "", errors.Wrapf(err, "failed to unmount %s", merged)
-	}
-	upperDummy := filepath.Join(upper, dummyBase)
-	return upperDummy, nil
-}

vendor/github.com/docker/docker/pkg/archive/archive_other.go

@@ -2,6 +2,6 @@
 
 package archive // import "github.com/docker/docker/pkg/archive"
 
-func getWhiteoutConverter(format WhiteoutFormat, inUserNS bool) tarWhiteoutConverter {
-	return nil
+func getWhiteoutConverter(format WhiteoutFormat, inUserNS bool) (tarWhiteoutConverter, error) {
+	return nil, nil
 }

vendor/github.com/docker/docker/pkg/archive/archive_unix.go

@@ -81,11 +81,6 @@ func getFileUIDGID(stat interface{}) (idtools.Identity, error) {
 // handleTarTypeBlockCharFifo is an OS-specific helper function used by
 // createTarFile to handle the following types of header: Block; Char; Fifo
 func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
-	if sys.RunningInUserNS() {
-		// cannot create a device if running in user namespace
-		return nil
-	}
-
 	mode := uint32(hdr.Mode & 07777)
 	switch hdr.Typeflag {
 	case tar.TypeBlock:
@@ -96,7 +91,12 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
 		mode |= unix.S_IFIFO
 	}
 
-	return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
+	err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
+	if errors.Is(err, syscall.EPERM) && sys.RunningInUserNS() {
+		// In most cases, cannot create a device if running in user namespace
+		err = nil
+	}
+	return err
 }
 
 func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {

vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go

@@ -245,38 +245,51 @@ func NewIdentityMapping(name string) (*IdentityMapping, error) {
 		return nil, fmt.Errorf("Could not get user for username %s: %v", name, err)
 	}
 
-	uid := strconv.Itoa(usr.Uid)
-
-	subuidRangesWithUserName, err := parseSubuid(name)
+	subuidRanges, err := lookupSubUIDRanges(usr)
 	if err != nil {
 		return nil, err
 	}
-	subgidRangesWithUserName, err := parseSubgid(name)
+	subgidRanges, err := lookupSubGIDRanges(usr)
 	if err != nil {
 		return nil, err
 	}
 
-	subuidRangesWithUID, err := parseSubuid(uid)
-	if err != nil {
-		return nil, err
-	}
-	subgidRangesWithUID, err := parseSubgid(uid)
-	if err != nil {
-		return nil, err
-	}
-
-	subuidRanges := append(subuidRangesWithUserName, subuidRangesWithUID...)
-	subgidRanges := append(subgidRangesWithUserName, subgidRangesWithUID...)
-
-	if len(subuidRanges) == 0 {
-		return nil, errors.Errorf("no subuid ranges found for user %q", name)
-	}
-	if len(subgidRanges) == 0 {
-		return nil, errors.Errorf("no subgid ranges found for user %q", name)
-	}
-
 	return &IdentityMapping{
-		uids: createIDMap(subuidRanges),
-		gids: createIDMap(subgidRanges),
+		uids: subuidRanges,
+		gids: subgidRanges,
 	}, nil
 }
+
+func lookupSubUIDRanges(usr user.User) ([]IDMap, error) {
+	rangeList, err := parseSubuid(strconv.Itoa(usr.Uid))
+	if err != nil {
+		return nil, err
+	}
+	if len(rangeList) == 0 {
+		rangeList, err = parseSubuid(usr.Name)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if len(rangeList) == 0 {
+		return nil, errors.Errorf("no subuid ranges found for user %q", usr.Name)
+	}
+	return createIDMap(rangeList), nil
+}
+
+func lookupSubGIDRanges(usr user.User) ([]IDMap, error) {
+	rangeList, err := parseSubgid(strconv.Itoa(usr.Uid))
+	if err != nil {
+		return nil, err
+	}
+	if len(rangeList) == 0 {
+		rangeList, err = parseSubgid(usr.Name)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if len(rangeList) == 0 {
+		return nil, errors.Errorf("no subgid ranges found for user %q", usr.Name)
+	}
+	return createIDMap(rangeList), nil
+}

vendor/github.com/docker/docker/pkg/signal/signal.go

@@ -12,9 +12,16 @@ import (
 )
 
 // CatchAll catches all signals and relays them to the specified channel.
+// SIGURG is not handled, as it's used by the Go runtime to support
+// preemptable system calls.
 func CatchAll(sigc chan os.Signal) {
 	var handledSigs []os.Signal
-	for _, s := range SignalMap {
+	for n, s := range SignalMap {
+		if n == "URG" {
+			// Do not handle SIGURG, as in go1.14+, the go runtime issues
+			// SIGURG as an interrupt to support preemptable system calls on Linux.
+			continue
+		}
 		handledSigs = append(handledSigs, s)
 	}
 	signal.Notify(sigc, handledSigs...)

vendor/github.com/docker/docker/vendor.conf

@@ -1,5 +1,5 @@
 github.com/Azure/go-ansiterm                        d6e3b3328b783f23731bc4d058875b0371ff8109
-github.com/Microsoft/hcsshim                        9dcb42f100215f8d375b4a9265e5bba009217a85 # moby branch
+github.com/Microsoft/hcsshim                        89a9a3b524264d34985f1d48793ab2b2d2e430f6 # moby branch
 github.com/Microsoft/go-winio                       5b44b70ab3ab4d291a7c1d28afe7b4afeced0ed4 # v0.4.15
 github.com/docker/libtrust                          9cbd2a1374f46905c68a4eb3694a130610adc62a
 github.com/golang/gddo                              72a348e765d293ed6d1ded7b699591f14d6cd921
@@ -33,7 +33,7 @@ github.com/imdario/mergo                            1afb36080aec31e0d1528973ebe6
 golang.org/x/sync                                   cd5d95a43a6e21273425c7ae415d3df9ea832eeb
 
 # buildkit
-github.com/moby/buildkit                            68bb095353c65bc3993fd534c26cf77fe05e61b1 # v0.8 branch
+github.com/moby/buildkit                            244e8cde639f71a05a1a2e0670bd88e0206ce55c # v0.8.3-3-g244e8cde
 github.com/tonistiigi/fsutil                        0834f99b7b85462efb69b4f571a4fa3ca7da5ac9
 github.com/tonistiigi/units                         6950e57a87eaf136bbe44ef2ec8e75b9e3569de2
 github.com/grpc-ecosystem/grpc-opentracing          8e809c8a86450a29b90dcc9efbf062d0fe6d9746
@@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware        3c51f7f332123e8be5a157c0802a
 # libnetwork
 
 # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
-github.com/docker/libnetwork                        fa125a3512ee0f6187721c88582bf8c4378bd4d7 
+github.com/docker/libnetwork                        64b7a4574d1426139437d20e81c0b6d391130ec8
 github.com/docker/go-events                         e31b211e4f1cd09aa76fe4ac244571fab96ae47f
 github.com/armon/go-radix                           e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 github.com/armon/go-metrics                         eb0af217e5e9747e41dd5303755356b62d28e3ec
@@ -72,7 +72,7 @@ github.com/coreos/go-semver                         8ab6407b697782a06568d4b7f1db
 github.com/ugorji/go                                b4c50a2b199d93b13dc15e78929cfb23bfdf21ab # v1.1.1
 github.com/hashicorp/consul                         9a9cc9341bb487651a0399e3fc5e1e8a42e62dd9 # v0.5.2
 github.com/miekg/dns                                6c0c4e6581f8e173cc562c8b3363ab984e4ae071 # v1.1.27
-github.com/ishidawataru/sctp                        6e2cb1366111dcf547c13531e3a263a067715847
+github.com/ishidawataru/sctp                        f2269e66cdee387bd321445d5d300893449805be
 go.etcd.io/bbolt                                    232d8fc87f50244f9c808f4745759e08a304c029 # v1.3.5
 
 # get graph and distribution packages
@@ -142,7 +142,7 @@ github.com/gogo/googleapis                          01e0f9cca9b92166042241267ee2
 github.com/cilium/ebpf                              1c8d4c9ef7759622653a1d319284a44652333b28
 
 # cluster
-github.com/docker/swarmkit                          d6592ddefd8a5319aadff74c558b816b1a0b2590
+github.com/docker/swarmkit                          17d8d4e4d8bdec33d386e6362d3537fa9493ba00
 github.com/gogo/protobuf                            5628607bb4c51c3157aacc3a50f0ab707582b805 # v1.3.1
 github.com/golang/protobuf                          84668698ea25b64748563aa20726db66a6b8d299 # v1.3.5
 github.com/cloudflare/cfssl                         5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2

vendor/github.com/moby/term/go.mod

@@ -3,10 +3,10 @@ module github.com/moby/term
 go 1.13
 
 require (
-	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78
+	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
 	github.com/creack/pty v1.1.11
 	github.com/google/go-cmp v0.4.0
 	github.com/pkg/errors v0.9.1 // indirect
-	golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a
+	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
 	gotest.tools/v3 v3.0.2
 )

vendor/github.com/moby/term/windows/console.go

@@ -29,7 +29,7 @@ func GetHandleInfo(in interface{}) (uintptr, bool) {
 
 // IsConsole returns true if the given file descriptor is a Windows Console.
 // The code assumes that GetConsoleMode will return an error for file descriptors that are not a console.
-// Deprecated: use golang.org/x/sys/windows.GetConsoleMode() or golang.org/x/crypto/ssh/terminal.IsTerminal()
+// Deprecated: use golang.org/x/sys/windows.GetConsoleMode() or golang.org/x/term.IsTerminal()
 var IsConsole = isConsole
 
 func isConsole(fd uintptr) bool {

vendor/github.com/russross/blackfriday/v2/README.md

@@ -1,4 +1,6 @@
-Blackfriday [![Build Status](https://travis-ci.org/russross/blackfriday.svg?branch=master)](https://travis-ci.org/russross/blackfriday)
+Blackfriday
+[![Build Status][BuildV2SVG]][BuildV2URL]
+[![PkgGoDev][PkgGoDevV2SVG]][PkgGoDevV2URL]
 ===========
 
 Blackfriday is a [Markdown][1] processor implemented in [Go][2]. It
@@ -16,19 +18,21 @@ It started as a translation from C of [Sundown][3].
 Installation
 ------------
 
-Blackfriday is compatible with any modern Go release. With Go 1.7 and git
-installed:
+Blackfriday is compatible with modern Go releases in module mode.
+With Go installed:
 
-    go get gopkg.in/russross/blackfriday.v2
+    go get github.com/russross/blackfriday/v2
 
-will download, compile, and install the package into your `$GOPATH`
-directory hierarchy. Alternatively, you can achieve the same if you
-import it into a project:
+will resolve and add the package to the current development module,
+then build and install it. Alternatively, you can achieve the same
+if you import it in a package:
 
-    import "gopkg.in/russross/blackfriday.v2"
+    import "github.com/russross/blackfriday/v2"
 
 and `go get` without parameters.
 
+Legacy GOPATH mode is unsupported.
+
 
 Versions
 --------
@@ -36,13 +40,9 @@ Versions
 Currently maintained and recommended version of Blackfriday is `v2`. It's being
 developed on its own branch: https://github.com/russross/blackfriday/tree/v2 and the
 documentation is available at
-https://godoc.org/gopkg.in/russross/blackfriday.v2.
+https://pkg.go.dev/github.com/russross/blackfriday/v2.
 
-It is `go get`-able via via [gopkg.in][6] at `gopkg.in/russross/blackfriday.v2`,
-but we highly recommend using package management tool like [dep][7] or
-[Glide][8] and make use of semantic versioning. With package management you
-should import `github.com/russross/blackfriday` and specify that you're using
-version 2.0.0.
+It is `go get`-able in module mode at `github.com/russross/blackfriday/v2`.
 
 Version 2 offers a number of improvements over v1:
 
@@ -62,6 +62,11 @@ Potential drawbacks:
   v2. See issue [#348](https://github.com/russross/blackfriday/issues/348) for
   tracking.
 
+If you are still interested in the legacy `v1`, you can import it from
+`github.com/russross/blackfriday`. Documentation for the legacy v1 can be found
+here: https://pkg.go.dev/github.com/russross/blackfriday.
+
+
 Usage
 -----
 
@@ -91,7 +96,7 @@ Here's an example of simple usage of Blackfriday together with Bluemonday:
 ```go
 import (
     "github.com/microcosm-cc/bluemonday"
-    "github.com/russross/blackfriday"
+    "github.com/russross/blackfriday/v2"
 )
 
 // ...
@@ -104,6 +109,8 @@ html := bluemonday.UGCPolicy().SanitizeBytes(unsafe)
 If you want to customize the set of options, use `blackfriday.WithExtensions`,
 `blackfriday.WithRenderer` and `blackfriday.WithRefOverride`.
 
+### `blackfriday-tool`
+
 You can also check out `blackfriday-tool` for a more complete example
 of how to use it. Download and install it using:
 
@@ -114,7 +121,7 @@ markdown file using a standalone program.  You can also browse the
 source directly on github if you are just looking for some example
 code:
 
-* <http://github.com/russross/blackfriday-tool>
+* <https://github.com/russross/blackfriday-tool>
 
 Note that if you have not already done so, installing
 `blackfriday-tool` will be sufficient to download and install
@@ -123,6 +130,22 @@ installed in `$GOPATH/bin`.  This is a statically-linked binary that
 can be copied to wherever you need it without worrying about
 dependencies and library versions.
 
+### Sanitized anchor names
+
+Blackfriday includes an algorithm for creating sanitized anchor names
+corresponding to a given input text. This algorithm is used to create
+anchors for headings when `AutoHeadingIDs` extension is enabled. The
+algorithm has a specification, so that other packages can create
+compatible anchor names and links to those anchors.
+
+The specification is located at https://pkg.go.dev/github.com/russross/blackfriday/v2#hdr-Sanitized_Anchor_Names.
+
+[`SanitizedAnchorName`](https://pkg.go.dev/github.com/russross/blackfriday/v2#SanitizedAnchorName) exposes this functionality, and can be used to
+create compatible links to the anchor names generated by blackfriday.
+This algorithm is also implemented in a small standalone package at
+[`github.com/shurcooL/sanitized_anchor_name`](https://pkg.go.dev/github.com/shurcooL/sanitized_anchor_name). It can be useful for clients
+that want a small package and don't need full functionality of blackfriday.
+
 
 Features
 --------
@@ -199,6 +222,15 @@ implements the following extensions:
     You can use 3 or more backticks to mark the beginning of the
     block, and the same number to mark the end of the block.
 
+    To preserve classes of fenced code blocks while using the bluemonday
+    HTML sanitizer, use the following policy:
+
+    ```go
+    p := bluemonday.UGCPolicy()
+    p.AllowAttrs("class").Matching(regexp.MustCompile("^language-[a-zA-Z0-9]+$")).OnElements("code")
+    html := p.SanitizeBytes(unsafe)
+    ```
+
 *   **Definition lists**. A simple definition list is made of a single-line
     term followed by a colon and the definition for that term.
 
@@ -250,7 +282,7 @@ Other renderers
 Blackfriday is structured to allow alternative rendering engines. Here
 are a few of note:
 
-*   [github_flavored_markdown](https://godoc.org/github.com/shurcooL/github_flavored_markdown):
+*   [github_flavored_markdown](https://pkg.go.dev/github.com/shurcooL/github_flavored_markdown):
     provides a GitHub Flavored Markdown renderer with fenced code block
     highlighting, clickable heading anchor links.
 
@@ -261,20 +293,28 @@ are a few of note:
 *   [markdownfmt](https://github.com/shurcooL/markdownfmt): like gofmt,
     but for markdown.
 
-*   [LaTeX output](https://github.com/Ambrevar/Blackfriday-LaTeX):
+*   [LaTeX output](https://gitlab.com/ambrevar/blackfriday-latex):
     renders output as LaTeX.
 
+*   [bfchroma](https://github.com/Depado/bfchroma/): provides convenience
+    integration with the [Chroma](https://github.com/alecthomas/chroma) code
+    highlighting library. bfchroma is only compatible with v2 of Blackfriday and
+    provides a drop-in renderer ready to use with Blackfriday, as well as
+    options and means for further customization.
+
 *   [Blackfriday-Confluence](https://github.com/kentaro-m/blackfriday-confluence): provides a [Confluence Wiki Markup](https://confluence.atlassian.com/doc/confluence-wiki-markup-251003035.html) renderer.
 
+*   [Blackfriday-Slack](https://github.com/karriereat/blackfriday-slack): converts markdown to slack message style
 
-Todo
+
+TODO
 ----
 
 *   More unit testing
-*   Improve unicode support. It does not understand all unicode
+*   Improve Unicode support. It does not understand all Unicode
     rules (about what constitutes a letter, a punctuation symbol,
     etc.), so it may fail to detect word boundaries correctly in
-    some instances. It is safe on all utf-8 input.
+    some instances. It is safe on all UTF-8 input.
 
 
 License
@@ -286,6 +326,10 @@ License
    [1]: https://daringfireball.net/projects/markdown/ "Markdown"
    [2]: https://golang.org/ "Go Language"
    [3]: https://github.com/vmg/sundown "Sundown"
-   [4]: https://godoc.org/gopkg.in/russross/blackfriday.v2#Parse "Parse func"
+   [4]: https://pkg.go.dev/github.com/russross/blackfriday/v2#Parse "Parse func"
    [5]: https://github.com/microcosm-cc/bluemonday "Bluemonday"
-   [6]: https://labix.org/gopkg.in "gopkg.in"
+
+   [BuildV2SVG]: https://travis-ci.org/russross/blackfriday.svg?branch=v2
+   [BuildV2URL]: https://travis-ci.org/russross/blackfriday
+   [PkgGoDevV2SVG]: https://pkg.go.dev/badge/github.com/russross/blackfriday/v2
+   [PkgGoDevV2URL]: https://pkg.go.dev/github.com/russross/blackfriday/v2

vendor/github.com/russross/blackfriday/v2/block.go

@@ -18,8 +18,7 @@ import (
 	"html"
 	"regexp"
 	"strings"
-
-	"github.com/shurcooL/sanitized_anchor_name"
+	"unicode"
 )
 
 const (
@@ -259,7 +258,7 @@ func (p *Markdown) prefixHeading(data []byte) int {
 	}
 	if end > i {
 		if id == "" && p.extensions&AutoHeadingIDs != 0 {
-			id = sanitized_anchor_name.Create(string(data[i:end]))
+			id = SanitizedAnchorName(string(data[i:end]))
 		}
 		block := p.addBlock(Heading, data[i:end])
 		block.HeadingID = id
@@ -673,6 +672,7 @@ func (p *Markdown) fencedCodeBlock(data []byte, doRender bool) int {
 	if beg == 0 || beg >= len(data) {
 		return 0
 	}
+	fenceLength := beg - 1
 
 	var work bytes.Buffer
 	work.Write([]byte(info))
@@ -706,6 +706,7 @@ func (p *Markdown) fencedCodeBlock(data []byte, doRender bool) int {
 	if doRender {
 		block := p.addBlock(CodeBlock, work.Bytes()) // TODO: get rid of temp buffer
 		block.IsFenced = true
+		block.FenceLength = fenceLength
 		finalizeCodeBlock(block)
 	}
 
@@ -1503,7 +1504,7 @@ func (p *Markdown) paragraph(data []byte) int {
 
 				id := ""
 				if p.extensions&AutoHeadingIDs != 0 {
-					id = sanitized_anchor_name.Create(string(data[prev:eol]))
+					id = SanitizedAnchorName(string(data[prev:eol]))
 				}
 
 				block := p.addBlock(Heading, data[prev:eol])
@@ -1588,3 +1589,24 @@ func skipUntilChar(text []byte, start int, char byte) int {
 	}
 	return i
 }
+
+// SanitizedAnchorName returns a sanitized anchor name for the given text.
+//
+// It implements the algorithm specified in the package comment.
+func SanitizedAnchorName(text string) string {
+	var anchorName []rune
+	futureDash := false
+	for _, r := range text {
+		switch {
+		case unicode.IsLetter(r) || unicode.IsNumber(r):
+			if futureDash && len(anchorName) > 0 {
+				anchorName = append(anchorName, '-')
+			}
+			futureDash = false
+			anchorName = append(anchorName, unicode.ToLower(r))
+		default:
+			futureDash = true
+		}
+	}
+	return string(anchorName)
+}

vendor/github.com/russross/blackfriday/v2/doc.go

@@ -15,4 +15,32 @@
 //
 // If you're interested in calling Blackfriday from command line, see
 // https://github.com/russross/blackfriday-tool.
+//
+// Sanitized Anchor Names
+//
+// Blackfriday includes an algorithm for creating sanitized anchor names
+// corresponding to a given input text. This algorithm is used to create
+// anchors for headings when AutoHeadingIDs extension is enabled. The
+// algorithm is specified below, so that other packages can create
+// compatible anchor names and links to those anchors.
+//
+// The algorithm iterates over the input text, interpreted as UTF-8,
+// one Unicode code point (rune) at a time. All runes that are letters (category L)
+// or numbers (category N) are considered valid characters. They are mapped to
+// lower case, and included in the output. All other runes are considered
+// invalid characters. Invalid characters that precede the first valid character,
+// as well as invalid character that follow the last valid character
+// are dropped completely. All other sequences of invalid characters
+// between two valid characters are replaced with a single dash character '-'.
+//
+// SanitizedAnchorName exposes this functionality, and can be used to
+// create compatible links to the anchor names generated by blackfriday.
+// This algorithm is also implemented in a small standalone package at
+// github.com/shurcooL/sanitized_anchor_name. It can be useful for clients
+// that want a small package and don't need full functionality of blackfriday.
 package blackfriday
+
+// NOTE: Keep Sanitized Anchor Name algorithm in sync with package
+//       github.com/shurcooL/sanitized_anchor_name.
+//       Otherwise, users of sanitized_anchor_name will get anchor names
+//       that are incompatible with those generated by blackfriday.

vendor/github.com/russross/blackfriday/v2/esc.go

@@ -13,13 +13,27 @@ var htmlEscaper = [256][]byte{
 }
 
 func escapeHTML(w io.Writer, s []byte) {
+	escapeEntities(w, s, false)
+}
+
+func escapeAllHTML(w io.Writer, s []byte) {
+	escapeEntities(w, s, true)
+}
+
+func escapeEntities(w io.Writer, s []byte, escapeValidEntities bool) {
 	var start, end int
 	for end < len(s) {
 		escSeq := htmlEscaper[s[end]]
 		if escSeq != nil {
-			w.Write(s[start:end])
-			w.Write(escSeq)
-			start = end + 1
+			isEntity, entityEnd := nodeIsEntity(s, end)
+			if isEntity && !escapeValidEntities {
+				w.Write(s[start : entityEnd+1])
+				start = entityEnd + 1
+			} else {
+				w.Write(s[start:end])
+				w.Write(escSeq)
+				start = end + 1
+			}
 		}
 		end++
 	}
@@ -28,6 +42,28 @@ func escapeHTML(w io.Writer, s []byte) {
 	}
 }
 
+func nodeIsEntity(s []byte, end int) (isEntity bool, endEntityPos int) {
+	isEntity = false
+	endEntityPos = end + 1
+
+	if s[end] == '&' {
+		for endEntityPos < len(s) {
+			if s[endEntityPos] == ';' {
+				if entities[string(s[end:endEntityPos+1])] {
+					isEntity = true
+					break
+				}
+			}
+			if !isalnum(s[endEntityPos]) && s[endEntityPos] != '&' && s[endEntityPos] != '#' {
+				break
+			}
+			endEntityPos++
+		}
+	}
+
+	return isEntity, endEntityPos
+}
+
 func escLink(w io.Writer, text []byte) {
 	unesc := html.UnescapeString(string(text))
 	escapeHTML(w, []byte(unesc))

vendor/github.com/russross/blackfriday/v2/html.go

@@ -132,7 +132,10 @@ func NewHTMLRenderer(params HTMLRendererParameters) *HTMLRenderer {
 	}
 
 	if params.FootnoteReturnLinkContents == "" {
-		params.FootnoteReturnLinkContents = `<sup>[return]</sup>`
+		// U+FE0E is VARIATION SELECTOR-15.
+		// It suppresses automatic emoji presentation of the preceding
+		// U+21A9 LEFTWARDS ARROW WITH HOOK on iOS and iPadOS.
+		params.FootnoteReturnLinkContents = "<span aria-label='Return'>↩\ufe0e</span>"
 	}
 
 	return &HTMLRenderer{
@@ -616,7 +619,7 @@ func (r *HTMLRenderer) RenderNode(w io.Writer, node *Node, entering bool) WalkSt
 		}
 	case Code:
 		r.out(w, codeTag)
-		escapeHTML(w, node.Literal)
+		escapeAllHTML(w, node.Literal)
 		r.out(w, codeCloseTag)
 	case Document:
 		break
@@ -762,7 +765,7 @@ func (r *HTMLRenderer) RenderNode(w io.Writer, node *Node, entering bool) WalkSt
 		r.cr(w)
 		r.out(w, preTag)
 		r.tag(w, codeTag[:len(codeTag)-1], attrs)
-		escapeHTML(w, node.Literal)
+		escapeAllHTML(w, node.Literal)
 		r.out(w, codeCloseTag)
 		r.out(w, preCloseTag)
 		if node.Parent.Type != Item {

vendor/github.com/russross/blackfriday/v2/inline.go

@@ -278,7 +278,7 @@ func link(p *Markdown, data []byte, offset int) (int, *Node) {
 		case data[i] == '\n':
 			textHasNl = true
 
-		case data[i-1] == '\\':
+		case isBackslashEscaped(data, i):
 			continue
 
 		case data[i] == '[':

vendor/github.com/russross/blackfriday/v2/node.go

@@ -199,7 +199,8 @@ func (n *Node) InsertBefore(sibling *Node) {
 	}
 }
 
-func (n *Node) isContainer() bool {
+// IsContainer returns true if 'n' can contain children.
+func (n *Node) IsContainer() bool {
 	switch n.Type {
 	case Document:
 		fallthrough
@@ -238,6 +239,11 @@ func (n *Node) isContainer() bool {
 	}
 }
 
+// IsLeaf returns true if 'n' is a leaf node.
+func (n *Node) IsLeaf() bool {
+	return !n.IsContainer()
+}
+
 func (n *Node) canContain(t NodeType) bool {
 	if n.Type == List {
 		return t == Item
@@ -309,11 +315,11 @@ func newNodeWalker(root *Node) *nodeWalker {
 }
 
 func (nw *nodeWalker) next() {
-	if (!nw.current.isContainer() || !nw.entering) && nw.current == nw.root {
+	if (!nw.current.IsContainer() || !nw.entering) && nw.current == nw.root {
 		nw.current = nil
 		return
 	}
-	if nw.entering && nw.current.isContainer() {
+	if nw.entering && nw.current.IsContainer() {
 		if nw.current.FirstChild != nil {
 			nw.current = nw.current.FirstChild
 			nw.entering = true

vendor/github.com/shurcooL/sanitized_anchor_name/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2015 Dmitri Shuralyov
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

vendor/github.com/shurcooL/sanitized_anchor_name/README.md

@@ -1,36 +0,0 @@
-sanitized_anchor_name
-=====================
-
-[![Build Status](https://travis-ci.org/shurcooL/sanitized_anchor_name.svg?branch=master)](https://travis-ci.org/shurcooL/sanitized_anchor_name) [![GoDoc](https://godoc.org/github.com/shurcooL/sanitized_anchor_name?status.svg)](https://godoc.org/github.com/shurcooL/sanitized_anchor_name)
-
-Package sanitized_anchor_name provides a func to create sanitized anchor names.
-
-Its logic can be reused by multiple packages to create interoperable anchor names
-and links to those anchors.
-
-At this time, it does not try to ensure that generated anchor names
-are unique, that responsibility falls on the caller.
-
-Installation
-------------
-
-```bash
-go get -u github.com/shurcooL/sanitized_anchor_name
-```
-
-Example
--------
-
-```Go
-anchorName := sanitized_anchor_name.Create("This is a header")
-
-fmt.Println(anchorName)
-
-// Output:
-// this-is-a-header
-```
-
-License
--------
-
--	[MIT License](LICENSE)

vendor/github.com/shurcooL/sanitized_anchor_name/go.mod

@@ -1 +0,0 @@
-module github.com/shurcooL/sanitized_anchor_name

vendor/github.com/shurcooL/sanitized_anchor_name/main.go

@@ -1,29 +0,0 @@
-// Package sanitized_anchor_name provides a func to create sanitized anchor names.
-//
-// Its logic can be reused by multiple packages to create interoperable anchor names
-// and links to those anchors.
-//
-// At this time, it does not try to ensure that generated anchor names
-// are unique, that responsibility falls on the caller.
-package sanitized_anchor_name // import "github.com/shurcooL/sanitized_anchor_name"
-
-import "unicode"
-
-// Create returns a sanitized anchor name for the given text.
-func Create(text string) string {
-	var anchorName []rune
-	var futureDash = false
-	for _, r := range text {
-		switch {
-		case unicode.IsLetter(r) || unicode.IsNumber(r):
-			if futureDash && len(anchorName) > 0 {
-				anchorName = append(anchorName, '-')
-			}
-			futureDash = false
-			anchorName = append(anchorName, unicode.ToLower(r))
-		default:
-			futureDash = true
-		}
-	}
-	return string(anchorName)
-}