build: go 1.24
We were running behind and there were quite some deprecations to update. This was mostly in the upstream copy/pasta package but seems quite minimal.
This commit is contained in:
.drone.ymlDockerfileMakefileclientconn.gopicker_wrapper.gomodules.txt
cli
go.modgo.sumpkg/upstream
vendor
github.com
ProtonMail
go-crypto
internal
byteutil
ocb
openpgp
charmbracelet
colorprofile
.golangci-soft.yml.golangci.yml.goreleaser.ymlLICENSEREADME.mdenv.goenv_other.goenv_windows.goprofile.gowriter.go
lipgloss
.gitignore.golangci.yml.goreleaser.ymlREADME.mdTaskfile.yamlalign.goborders.gocolor.goget.goranges.goset.gostyle.go
table
log
.golangci.ymljson.golevel.golevel_121.golevel_no121.gologger.gologger_121.gologger_no121.gopkg.gostdlog.gotext.go
x
ansi
color.gocsi.goctrl.gocursor.godcs.gographics.goiterm2.gokitty.go
kitty
method.gomode.gomouse.gonotification.goosc.goparams.goparser.goparser
parser_decode.goparser_handler.goparser_sync.goscreen.gosequence.gostatus.gostyle.gotruncate.goutil.gowidth.gowinop.gowrap.goxterm.gocellbuf
LICENSEbuffer.gocell.goerrors.gogeom.gohardscroll.gohashmap.golink.goscreen.gosequence.gostyle.gotabstop.goutils.gowrap.gowriter.go
term
cloudflare
circl
cyphar
filepath-securejoin
docker
cli
cli-plugins
cli
cobra.gorequired.go
command
compose
config
connhelper
commandconn
context
debug
error.goflags
hints
manifest
store
registry
client
trust
internal
opts
docker-credential-helpers
client
docker
AUTHORS
api
common.goswagger.yaml
types
client.go
common
container
commit.gocontainer.gocontainer_top.gocontainer_update.goexec.gohealth.gohostconfig.gonetwork_settings.goport.gostats.gotop_response.goupdate_response.go
filters
image
mount
network
registry
storage
system
types.gotypes_deprecated.goclient
build_cancel.gobuild_prune.gocheckpoint.gocheckpoint_create.gocheckpoint_delete.gocheckpoint_list.goclient.goclient_interfaces.goconfig_create.goconfig_inspect.goconfig_list.goconfig_remove.goconfig_update.gocontainer_attach.gocontainer_commit.gocontainer_copy.gocontainer_create.gocontainer_diff.gocontainer_exec.gocontainer_export.gocontainer_inspect.gocontainer_kill.gocontainer_list.gocontainer_logs.gocontainer_pause.gocontainer_prune.gocontainer_remove.gocontainer_rename.gocontainer_resize.gocontainer_restart.gocontainer_start.gocontainer_stats.gocontainer_stop.gocontainer_top.gocontainer_unpause.gocontainer_update.gocontainer_wait.godisk_usage.godistribution_inspect.goerrors.goevents.gohijack.goimage_build.goimage_create.goimage_history.goimage_history_opts.goimage_import.goimage_inspect.goimage_inspect_opts.goimage_list.goimage_load.goimage_load_opts.goimage_prune.goimage_pull.goimage_push.goimage_remove.goimage_save.goimage_save_opts.goimage_search.goinfo.gointerface_stable.gologin.gonetwork_connect.gonetwork_create.gonetwork_disconnect.gonetwork_inspect.gonetwork_list.gonetwork_prune.gonetwork_remove.gonode_inspect.gonode_list.gonode_remove.gonode_update.gooptions.goping.goplugin_disable.goplugin_enable.goplugin_inspect.goplugin_install.goplugin_list.goplugin_push.goplugin_remove.goplugin_set.goplugin_upgrade.gorequest.gosecret_create.gosecret_inspect.gosecret_list.gosecret_remove.gosecret_update.goservice_create.goservice_inspect.goservice_list.goservice_logs.goservice_remove.goservice_update.goswarm_get_unlock_key.goswarm_init.goswarm_inspect.goswarm_unlock.gotask_inspect.gotask_list.gotask_logs.goutils.goversion.govolume_create.govolume_inspect.govolume_list.govolume_prune.govolume_remove.govolume_update.go
errdefs
internal
lazyregexp
pkg
archive
archive.goarchive_linux.goarchive_other.goarchive_unix.goarchive_windows.gochanges.gochanges_linux.gochanges_other.gochanges_unix.gochanges_windows.gocopy.gocopy_unix.gocopy_windows.godev_freebsd.godev_unix.godiff.gotime.gotime_linux.gotime_nonwindows.gotime_unsupported.gotime_windows.gowhiteouts.gowrap.goxattr_supported.goxattr_supported_linux.goxattr_supported_unix.goxattr_unsupported.go
atomicwriter
idtools
idtools.goidtools_unix.goidtools_windows.gousergroupadd_linux.gousergroupadd_unsupported.goutils_unix.go
ioutils
jsonmessage
pools
stringid
system
args_windows.gochtimes.gochtimes_nowindows.goerrors.gofilesys.gofilesys_unix.gofilesys_windows.goinit_windows.golstat_unix.golstat_windows.gomknod.gomknod_freebsd.gomknod_unix.gostat_bsd.gostat_darwin.gostat_illumos.gostat_linux.gostat_openbsd.gostat_unix.gostat_windows.goutimes_unix.goutimes_unsupported.goxattrs.goxattrs_linux.goxattrs_unsupported.go
registry
go-git
go-git
v5
google
go-cmp
cmp
grpc-ecosystem
grpc-gateway
v2
klauspost
compress
mattn
mmcloughlin
avo
muesli
termenv
opencontainers
image-spec
specs-go
pjbgf
prometheus
client_golang
prometheus
desc.gogo_collector_latest.gohistogram.go
internal
metric.goprocess_collector.goprocess_collector_darwin.goprocess_collector_mem_cgo_darwin.cprocess_collector_mem_cgo_darwin.goprocess_collector_mem_nocgo_darwin.goprocess_collector_not_supported.goprocess_collector_procfsenabled.goprocess_collector_wasip1.goprocess_collector_windows.gopromhttp
summary.gocommon
schollz
progressbar
skeema
spf13
cobra
README.mdactive_help.gobash_completionsV2.gocobra.gocommand.gocompletions.gopowershell_completions.go
pflag
xo
go.opentelemetry.io
contrib
instrumentation
net
http
otelhttp
otel
.gitignore.golangci.ymlCHANGELOG.mdCONTRIBUTING.mdMakefileREADME.mdRELEASING.mddependencies.Dockerfilerenovate.jsonrequirements.txt
exporters
otlp
sdk
semconv
trace
version.goversions.yamlgolang.org
x
crypto
exp
mod
net
context
http2
internal
httpcommon
proxy
sync
errgroup
sys
cpu
unix
auxv.goauxv_unsupported.gosyscall_solaris.gozerrors_linux.gozerrors_linux_386.gozerrors_linux_amd64.gozerrors_linux_arm.gozerrors_linux_arm64.gozerrors_linux_loong64.gozerrors_linux_mips.gozerrors_linux_mips64.gozerrors_linux_mips64le.gozerrors_linux_mipsle.gozerrors_linux_ppc.gozerrors_linux_ppc64.gozerrors_linux_ppc64le.gozerrors_linux_riscv64.gozerrors_linux_s390x.gozerrors_linux_sparc64.gozsyscall_solaris_amd64.gozsysnum_linux_386.gozsysnum_linux_amd64.gozsysnum_linux_arm.gozsysnum_linux_arm64.gozsysnum_linux_loong64.gozsysnum_linux_mips.gozsysnum_linux_mips64.gozsysnum_linux_mips64le.gozsysnum_linux_mipsle.gozsysnum_linux_ppc.gozsysnum_linux_ppc64.gozsysnum_linux_ppc64le.gozsysnum_linux_riscv64.gozsysnum_linux_s390x.gozsysnum_linux_sparc64.goztypes_linux.go
text
language
time
rate
tools
LICENSEPATENTS
go
gcexportdata
packages
types
internal
aliases
event
gcimporter
bimport.goexportdata.gogcimporter.goiexport.goiimport.goiimport_go122.gopredeclared.gosupport.goureader_yes.go
gocommand
packagesinternal
pkgbits
stdlib
typeparams
typesinternal
versions
google.golang.org
genproto
googleapis
grpc
balancer
balancer_wrapper.gobinarylog
grpc_binarylog_v1
credentials
dialoptions.gohealth
grpc_health_v1
internal
balancer
gracefulswitch
envconfig
grpcsync
internal.goproxyattributes
resolver
delegatingresolver
transport
resolver
resolver_wrapper.gorpc_util.goserver.goservice_config.gostream.goversion.goprotobuf
encoding
internal
encoding
tag
filedesc
filetype
flags
genid
impl
codec_field.gocodec_map.gocodec_map_go111.gocodec_map_go112.gocodec_message.gocodec_message_opaque.goconvert_map.golazy.golegacy_message.gomessage.gomessage_opaque.gomessage_reflect.gomessage_reflect_field.gopointer_unsafe.govalidate.goweak.go
version
proto
reflect
protoreflect
types
known
anypb
durationpb
fieldmaskpb
structpb
timestamppb
wrapperspb
gotest.tools
v3
assert
fs
internal
49
vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go
generated
vendored
49
vendor/github.com/cyphar/filepath-securejoin/mkdir_linux.go
generated
vendored
@ -21,6 +21,33 @@ var (
|
||||
errPossibleAttack = errors.New("possible attack detected")
|
||||
)
|
||||
|
||||
// modePermExt is like os.ModePerm except that it also includes the set[ug]id
|
||||
// and sticky bits.
|
||||
const modePermExt = os.ModePerm | os.ModeSetuid | os.ModeSetgid | os.ModeSticky
|
||||
|
||||
//nolint:cyclop // this function needs to handle a lot of cases
|
||||
func toUnixMode(mode os.FileMode) (uint32, error) {
|
||||
sysMode := uint32(mode.Perm())
|
||||
if mode&os.ModeSetuid != 0 {
|
||||
sysMode |= unix.S_ISUID
|
||||
}
|
||||
if mode&os.ModeSetgid != 0 {
|
||||
sysMode |= unix.S_ISGID
|
||||
}
|
||||
if mode&os.ModeSticky != 0 {
|
||||
sysMode |= unix.S_ISVTX
|
||||
}
|
||||
// We don't allow file type bits.
|
||||
if mode&os.ModeType != 0 {
|
||||
return 0, fmt.Errorf("%w %+.3o (%s): type bits not permitted", errInvalidMode, mode, mode)
|
||||
}
|
||||
// We don't allow other unknown modes.
|
||||
if mode&^modePermExt != 0 || sysMode&unix.S_IFMT != 0 {
|
||||
return 0, fmt.Errorf("%w %+.3o (%s): unknown mode bits", errInvalidMode, mode, mode)
|
||||
}
|
||||
return sysMode, nil
|
||||
}
|
||||
|
||||
// MkdirAllHandle is equivalent to [MkdirAll], except that it is safer to use
|
||||
// in two respects:
|
||||
//
|
||||
@ -39,17 +66,17 @@ var (
|
||||
// a brand new lookup of unsafePath (such as with [SecureJoin] or openat2) after
|
||||
// doing [MkdirAll]. If you intend to open the directory after creating it, you
|
||||
// should use MkdirAllHandle.
|
||||
func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err error) {
|
||||
// Make sure there are no os.FileMode bits set.
|
||||
if mode&^0o7777 != 0 {
|
||||
return nil, fmt.Errorf("%w for mkdir 0o%.3o", errInvalidMode, mode)
|
||||
func MkdirAllHandle(root *os.File, unsafePath string, mode os.FileMode) (_ *os.File, Err error) {
|
||||
unixMode, err := toUnixMode(mode)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// On Linux, mkdirat(2) (and os.Mkdir) silently ignore the suid and sgid
|
||||
// bits. We could also silently ignore them but since we have very few
|
||||
// users it seems more prudent to return an error so users notice that
|
||||
// these bits will not be set.
|
||||
if mode&^0o1777 != 0 {
|
||||
return nil, fmt.Errorf("%w for mkdir 0o%.3o: suid and sgid are ignored by mkdir", errInvalidMode, mode)
|
||||
if unixMode&^0o1777 != 0 {
|
||||
return nil, fmt.Errorf("%w for mkdir %+.3o: suid and sgid are ignored by mkdir", errInvalidMode, mode)
|
||||
}
|
||||
|
||||
// Try to open as much of the path as possible.
|
||||
@ -104,9 +131,6 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err
|
||||
return nil, fmt.Errorf("%w: yet-to-be-created path %q contains '..' components", unix.ENOENT, remainingPath)
|
||||
}
|
||||
|
||||
// Make sure the mode doesn't have any type bits.
|
||||
mode &^= unix.S_IFMT
|
||||
|
||||
// Create the remaining components.
|
||||
for _, part := range remainingParts {
|
||||
switch part {
|
||||
@ -123,7 +147,7 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err
|
||||
// directory at the same time as us. In that case, just continue on as
|
||||
// if we created it (if the created inode is not a directory, the
|
||||
// following open call will fail).
|
||||
if err := unix.Mkdirat(int(currentDir.Fd()), part, uint32(mode)); err != nil && !errors.Is(err, unix.EEXIST) {
|
||||
if err := unix.Mkdirat(int(currentDir.Fd()), part, unixMode); err != nil && !errors.Is(err, unix.EEXIST) {
|
||||
err = &os.PathError{Op: "mkdirat", Path: currentDir.Name() + "/" + part, Err: err}
|
||||
// Make the error a bit nicer if the directory is dead.
|
||||
if deadErr := isDeadInode(currentDir); deadErr != nil {
|
||||
@ -196,10 +220,7 @@ func MkdirAllHandle(root *os.File, unsafePath string, mode int) (_ *os.File, Err
|
||||
// If you plan to open the directory after you have created it or want to use
|
||||
// an open directory handle as the root, you should use [MkdirAllHandle] instead.
|
||||
// This function is a wrapper around [MkdirAllHandle].
|
||||
//
|
||||
// NOTE: The mode argument must be set the unix mode bits (unix.S_I...), not
|
||||
// the Go generic mode bits ([os.FileMode]...).
|
||||
func MkdirAll(root, unsafePath string, mode int) error {
|
||||
func MkdirAll(root, unsafePath string, mode os.FileMode) error {
|
||||
rootDir, err := os.OpenFile(root, unix.O_PATH|unix.O_DIRECTORY|unix.O_CLOEXEC, 0)
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
Reference in New Issue
Block a user