[28.x] merge v28.3.3 tag into v28.x

The v28.3.3 tag was created from master, but the v28.x branch
wasn't fast-forwarded, and PR's merged after that. This should
bring the v28.3.3 tag's changes into the v28.x branch.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

vendor/github.com/docker/docker/pkg/ioutils/fswriters_deprecated.go

@@ -1,44 +0,0 @@
-package ioutils
-
-import (
-	"io"
-	"os"
-
-	"github.com/moby/sys/atomicwriter"
-)
-
-// NewAtomicFileWriter returns WriteCloser so that writing to it writes to a
-// temporary file and closing it atomically changes the temporary file to
-// destination path. Writing and closing concurrently is not allowed.
-// NOTE: umask is not considered for the file's permissions.
-//
-// Deprecated: use [atomicwriter.New] instead.
-func NewAtomicFileWriter(filename string, perm os.FileMode) (io.WriteCloser, error) {
-	return atomicwriter.New(filename, perm)
-}
-
-// AtomicWriteFile atomically writes data to a file named by filename and with the specified permission bits.
-// NOTE: umask is not considered for the file's permissions.
-//
-// Deprecated: use [atomicwriter.WriteFile] instead.
-func AtomicWriteFile(filename string, data []byte, perm os.FileMode) error {
-	return atomicwriter.WriteFile(filename, data, perm)
-}
-
-// AtomicWriteSet is used to atomically write a set
-// of files and ensure they are visible at the same time.
-// Must be committed to a new directory.
-//
-// Deprecated: use [atomicwriter.WriteSet] instead.
-type AtomicWriteSet = atomicwriter.WriteSet
-
-// NewAtomicWriteSet creates a new atomic write set to
-// atomically create a set of files. The given directory
-// is used as the base directory for storing files before
-// commit. If no temporary directory is given the system
-// default is used.
-//
-// Deprecated: use [atomicwriter.NewWriteSet] instead.
-func NewAtomicWriteSet(tmpDir string) (*atomicwriter.WriteSet, error) {
-	return atomicwriter.NewWriteSet(tmpDir)
-}

vendor/github.com/docker/docker/pkg/ioutils/readers.go

@@ -1,118 +0,0 @@
-package ioutils
-
-import (
-	"context"
-	"io"
-	"runtime/debug"
-	"sync/atomic"
-
-	"github.com/containerd/log"
-)
-
-// readCloserWrapper wraps an io.Reader, and implements an io.ReadCloser
-// It calls the given callback function when closed. It should be constructed
-// with NewReadCloserWrapper
-type readCloserWrapper struct {
-	io.Reader
-	closer func() error
-	closed atomic.Bool
-}
-
-// Close calls back the passed closer function
-func (r *readCloserWrapper) Close() error {
-	if !r.closed.CompareAndSwap(false, true) {
-		subsequentCloseWarn("ReadCloserWrapper")
-		return nil
-	}
-	return r.closer()
-}
-
-// NewReadCloserWrapper wraps an io.Reader, and implements an io.ReadCloser.
-// It calls the given callback function when closed.
-func NewReadCloserWrapper(r io.Reader, closer func() error) io.ReadCloser {
-	return &readCloserWrapper{
-		Reader: r,
-		closer: closer,
-	}
-}
-
-// cancelReadCloser wraps an io.ReadCloser with a context for cancelling read
-// operations.
-type cancelReadCloser struct {
-	cancel func()
-	pR     *io.PipeReader // Stream to read from
-	pW     *io.PipeWriter
-	closed atomic.Bool
-}
-
-// NewCancelReadCloser creates a wrapper that closes the ReadCloser when the
-// context is cancelled. The returned io.ReadCloser must be closed when it is
-// no longer needed.
-func NewCancelReadCloser(ctx context.Context, in io.ReadCloser) io.ReadCloser {
-	pR, pW := io.Pipe()
-
-	// Create a context used to signal when the pipe is closed
-	doneCtx, cancel := context.WithCancel(context.Background())
-
-	p := &cancelReadCloser{
-		cancel: cancel,
-		pR:     pR,
-		pW:     pW,
-	}
-
-	go func() {
-		_, err := io.Copy(pW, in)
-		select {
-		case <-ctx.Done():
-			// If the context was closed, p.closeWithError
-			// was already called. Calling it again would
-			// change the error that Read returns.
-		default:
-			p.closeWithError(err)
-		}
-		in.Close()
-	}()
-	go func() {
-		for {
-			select {
-			case <-ctx.Done():
-				p.closeWithError(ctx.Err())
-			case <-doneCtx.Done():
-				return
-			}
-		}
-	}()
-
-	return p
-}
-
-// Read wraps the Read method of the pipe that provides data from the wrapped
-// ReadCloser.
-func (p *cancelReadCloser) Read(buf []byte) (int, error) {
-	return p.pR.Read(buf)
-}
-
-// closeWithError closes the wrapper and its underlying reader. It will
-// cause future calls to Read to return err.
-func (p *cancelReadCloser) closeWithError(err error) {
-	_ = p.pW.CloseWithError(err)
-	p.cancel()
-}
-
-// Close closes the wrapper its underlying reader. It will cause
-// future calls to Read to return io.EOF.
-func (p *cancelReadCloser) Close() error {
-	if !p.closed.CompareAndSwap(false, true) {
-		subsequentCloseWarn("cancelReadCloser")
-		return nil
-	}
-	p.closeWithError(io.EOF)
-	return nil
-}
-
-func subsequentCloseWarn(name string) {
-	log.G(context.TODO()).Error("subsequent attempt to close " + name)
-	if log.GetLevel() >= log.DebugLevel {
-		log.G(context.TODO()).Errorf("stack trace: %s", string(debug.Stack()))
-	}
-}

vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go

@@ -1,96 +0,0 @@
-package ioutils
-
-import (
-	"io"
-	"sync"
-)
-
-// WriteFlusher wraps the Write and Flush operation ensuring that every write
-// is a flush. In addition, the Close method can be called to intercept
-// Read/Write calls if the targets lifecycle has already ended.
-type WriteFlusher struct {
-	w           io.Writer
-	flusher     flusher
-	flushed     chan struct{}
-	flushedOnce sync.Once
-	closed      chan struct{}
-	closeLock   sync.Mutex
-}
-
-type flusher interface {
-	Flush()
-}
-
-func (wf *WriteFlusher) Write(b []byte) (int, error) {
-	select {
-	case <-wf.closed:
-		return 0, io.EOF
-	default:
-	}
-
-	n, err := wf.w.Write(b)
-	wf.Flush() // every write is a flush.
-	return n, err
-}
-
-// Flush the stream immediately.
-func (wf *WriteFlusher) Flush() {
-	select {
-	case <-wf.closed:
-		return
-	default:
-	}
-
-	wf.flushedOnce.Do(func() {
-		close(wf.flushed)
-	})
-	wf.flusher.Flush()
-}
-
-// Flushed returns the state of flushed.
-// If it's flushed, return true, or else it return false.
-func (wf *WriteFlusher) Flushed() bool {
-	// BUG(stevvooe): Remove this method. Its use is inherently racy. Seems to
-	// be used to detect whether or a response code has been issued or not.
-	// Another hook should be used instead.
-	var flushed bool
-	select {
-	case <-wf.flushed:
-		flushed = true
-	default:
-	}
-	return flushed
-}
-
-// Close closes the write flusher, disallowing any further writes to the
-// target. After the flusher is closed, all calls to write or flush will
-// result in an error.
-func (wf *WriteFlusher) Close() error {
-	wf.closeLock.Lock()
-	defer wf.closeLock.Unlock()
-
-	select {
-	case <-wf.closed:
-		return io.EOF
-	default:
-		close(wf.closed)
-	}
-	return nil
-}
-
-// nopFlusher represents a type which flush operation is nop.
-type nopFlusher struct{}
-
-// Flush is a nop operation.
-func (f *nopFlusher) Flush() {}
-
-// NewWriteFlusher returns a new WriteFlusher.
-func NewWriteFlusher(w io.Writer) *WriteFlusher {
-	var fl flusher
-	if f, ok := w.(flusher); ok {
-		fl = f
-	} else {
-		fl = &nopFlusher{}
-	}
-	return &WriteFlusher{w: w, flusher: fl, closed: make(chan struct{}), flushed: make(chan struct{})}
-}

vendor/github.com/docker/docker/pkg/ioutils/writers.go

@@ -1,28 +0,0 @@
-package ioutils
-
-import (
-	"io"
-	"sync/atomic"
-)
-
-type writeCloserWrapper struct {
-	io.Writer
-	closer func() error
-	closed atomic.Bool
-}
-
-func (r *writeCloserWrapper) Close() error {
-	if !r.closed.CompareAndSwap(false, true) {
-		subsequentCloseWarn("WriteCloserWrapper")
-		return nil
-	}
-	return r.closer()
-}
-
-// NewWriteCloserWrapper returns a new io.WriteCloser.
-func NewWriteCloserWrapper(r io.Writer, closer func() error) io.WriteCloser {
-	return &writeCloserWrapper{
-		Writer: r,
-		closer: closer,
-	}
-}

vendor/github.com/docker/docker/pkg/longpath/longpath.go

@@ -1,42 +0,0 @@
-// Package longpath introduces some constants and helper functions for handling
-// long paths in Windows.
-//
-// Long paths are expected to be prepended with "\\?\" and followed by either a
-// drive letter, a UNC server\share, or a volume identifier.
-package longpath
-
-import (
-	"os"
-	"runtime"
-	"strings"
-)
-
-// longPathPrefix is the longpath prefix for Windows file paths.
-const longPathPrefix = `\\?\`
-
-// AddPrefix adds the Windows long path prefix to the path provided if
-// it does not already have it.
-func AddPrefix(path string) string {
-	if strings.HasPrefix(path, longPathPrefix) {
-		return path
-	}
-	if strings.HasPrefix(path, `\\`) {
-		// This is a UNC path, so we need to add 'UNC' to the path as well.
-		return longPathPrefix + `UNC` + path[1:]
-	}
-	return longPathPrefix + path
-}
-
-// MkdirTemp is the equivalent of [os.MkdirTemp], except that on Windows
-// the result is in Windows longpath format. On Unix systems it is
-// equivalent to [os.MkdirTemp].
-func MkdirTemp(dir, prefix string) (string, error) {
-	tempDir, err := os.MkdirTemp(dir, prefix)
-	if err != nil {
-		return "", err
-	}
-	if runtime.GOOS != "windows" {
-		return tempDir, nil
-	}
-	return AddPrefix(tempDir), nil
-}

vendor/github.com/docker/docker/pkg/stringid/stringid.go

@@ -1,63 +0,0 @@
-// Package stringid provides helper functions for dealing with string identifiers
-package stringid
-
-import (
-	"crypto/rand"
-	"encoding/hex"
-	"strings"
-)
-
-const (
-	shortLen = 12
-	fullLen  = 64
-)
-
-// TruncateID returns a shorthand version of a string identifier for convenience.
-// A collision with other shorthands is very unlikely, but possible.
-// In case of a collision a lookup with TruncIndex.Get() will fail, and the caller
-// will need to use a longer prefix, or the full-length Id.
-func TruncateID(id string) string {
-	if i := strings.IndexRune(id, ':'); i >= 0 {
-		id = id[i+1:]
-	}
-	if len(id) > shortLen {
-		id = id[:shortLen]
-	}
-	return id
-}
-
-// GenerateRandomID returns a unique, 64-character ID consisting of a-z, 0-9.
-// It guarantees that the ID, when truncated ([TruncateID]) does not consist
-// of numbers only, so that the truncated ID can be used as hostname for
-// containers.
-func GenerateRandomID() string {
-	b := make([]byte, 32)
-	for {
-		if _, err := rand.Read(b); err != nil {
-			panic(err) // This shouldn't happen
-		}
-		id := hex.EncodeToString(b)
-
-		// make sure that the truncated ID does not consist of only numeric
-		// characters, as it's used as default hostname for containers.
-		//
-		// See:
-		// - https://github.com/moby/moby/issues/3869
-		// - https://bugzilla.redhat.com/show_bug.cgi?id=1059122
-		if allNum(id[:shortLen]) {
-			// all numbers; try again
-			continue
-		}
-		return id
-	}
-}
-
-// allNum checks whether id consists of only numbers (0-9).
-func allNum(id string) bool {
-	for _, c := range []byte(id) {
-		if c > '9' || c < '0' {
-			return false
-		}
-	}
-	return true
-}

vendor/modules.txt

@@ -95,14 +95,11 @@ github.com/docker/docker/client
 github.com/docker/docker/internal/lazyregexp
 github.com/docker/docker/internal/multierror
 github.com/docker/docker/pkg/homedir
-github.com/docker/docker/pkg/ioutils
 github.com/docker/docker/pkg/jsonmessage
-github.com/docker/docker/pkg/longpath
 github.com/docker/docker/pkg/process
 github.com/docker/docker/pkg/progress
 github.com/docker/docker/pkg/stdcopy
 github.com/docker/docker/pkg/streamformatter
-github.com/docker/docker/pkg/stringid
 github.com/docker/docker/registry
 # github.com/docker/docker-credential-helpers v0.9.3
 ## explicit; go 1.21