Migrating these functions to allow them being shared between moby, docker/cli,
and containerd, and to allow using them without importing all of sys / system,
which (in containerd) also depends on hcsshim and more.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/moby/swarmkit/compare/616e8db4c3b0...6068d1894d46
a replace rule was needed (similar as in github.com/docker/docker) to fix some
dependency issues;
github.com/docker/cli/cli/trust imports
github.com/theupdateframework/notary/trustpinning tested by
github.com/theupdateframework/notary/trustpinning.test imports
github.com/cloudflare/cfssl/helpers imports
github.com/google/certificate-transparency-go imports
go.etcd.io/etcd/v3 imports
go.etcd.io/etcd/tests/v3/integration imports
go.etcd.io/etcd/server/v3/embed imports
go.opentelemetry.io/otel/semconv: module go.opentelemetry.io/otel@latest found (v1.7.0), but does not contain package go.opentelemetry.io/otel/semconv
github.com/docker/cli/cli/trust imports
github.com/theupdateframework/notary/trustpinning tested by
github.com/theupdateframework/notary/trustpinning.test imports
github.com/cloudflare/cfssl/helpers imports
github.com/google/certificate-transparency-go imports
go.etcd.io/etcd/v3 imports
go.etcd.io/etcd/tests/v3/integration imports
go.etcd.io/etcd/server/v3/embed imports
go.opentelemetry.io/otel/exporters/otlp imports
go.opentelemetry.io/otel/sdk/metric/controller/basic imports
go.opentelemetry.io/otel/metric/registry: module go.opentelemetry.io/otel/metric@latest found (v0.30.0), but does not contain package go.opentelemetry.io/otel/metric/registry
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some warnings about go1.16 compatibility, so including them here:
+ go mod tidy -modfile=vendor.mod
github.com/docker/cli/cli/registry/client imports
github.com/docker/distribution/registry/api/v2 imports
github.com/gorilla/mux loaded from github.com/gorilla/mux@v1.7.0,
but go 1.16 would select v1.8.0
github.com/docker/cli/cli/compose/loader imports
gopkg.in/yaml.v2 tested by
gopkg.in/yaml.v2.test imports
gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f,
but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c
github.com/docker/cli/cli/command imports
github.com/theupdateframework/notary/client tested by
github.com/theupdateframework/notary/client.test imports
github.com/theupdateframework/notary/server imports
github.com/theupdateframework/notary/utils imports
github.com/Shopify/logrus-bugsnag loaded from github.com/Shopify/logrus-bugsnag@v0.0.0-20170309145241-6dbc35f2c30d,
but go 1.16 would select v0.0.0-20171204204709-577dee27f20d
github.com/docker/cli/cli/command imports
github.com/theupdateframework/notary/client tested by
github.com/theupdateframework/notary/client.test imports
github.com/theupdateframework/notary/server/storage imports
gopkg.in/rethinkdb/rethinkdb-go.v6 imports
github.com/opentracing/opentracing-go loaded from github.com/opentracing/opentracing-go@v1.1.0,
but go 1.16 would select v1.2.0
github.com/docker/cli/cli/command imports
github.com/theupdateframework/notary/client tested by
github.com/theupdateframework/notary/client.test imports
github.com/theupdateframework/notary/server/storage imports
gopkg.in/rethinkdb/rethinkdb-go.v6 imports
github.com/opentracing/opentracing-go/ext loaded from github.com/opentracing/opentracing-go@v1.1.0,
but go 1.16 would select v1.2.0
github.com/docker/cli/cli/command imports
github.com/theupdateframework/notary/client tested by
github.com/theupdateframework/notary/client.test imports
github.com/theupdateframework/notary/server/storage imports
gopkg.in/rethinkdb/rethinkdb-go.v6 imports
github.com/opentracing/opentracing-go/log loaded from github.com/opentracing/opentracing-go@v1.1.0,
but go 1.16 would select v1.2.0
github.com/docker/cli/cli/command imports
github.com/theupdateframework/notary/client tested by
github.com/theupdateframework/notary/client.test imports
github.com/theupdateframework/notary/server imports
github.com/theupdateframework/notary/utils imports
github.com/spf13/viper imports
github.com/spf13/afero loaded from github.com/spf13/afero@v1.1.2,
but go 1.16 would select v1.2.2
github.com/docker/cli/cli/command imports
github.com/theupdateframework/notary/client tested by
github.com/theupdateframework/notary/client.test imports
github.com/theupdateframework/notary/server imports
github.com/theupdateframework/notary/utils imports
github.com/spf13/viper imports
github.com/spf13/cast loaded from github.com/spf13/cast@v1.3.0,
but go 1.16 would select v1.3.1
github.com/docker/cli/cli/command imports
github.com/theupdateframework/notary/client tested by
github.com/theupdateframework/notary/client.test imports
github.com/theupdateframework/notary/server imports
github.com/theupdateframework/notary/utils imports
github.com/spf13/viper imports
github.com/spf13/jwalterweatherman loaded from github.com/spf13/jwalterweatherman@v1.0.0,
but go 1.16 would select v1.1.0
github.com/docker/cli/cli/command imports
github.com/theupdateframework/notary/client tested by
github.com/theupdateframework/notary/client.test imports
github.com/theupdateframework/notary/server imports
github.com/theupdateframework/notary/utils imports
github.com/spf13/viper imports
gopkg.in/ini.v1 loaded from gopkg.in/ini.v1@v1.51.0,
but go 1.16 would select v1.56.0
github.com/docker/cli/cli/command imports
github.com/theupdateframework/notary/client tested by
github.com/theupdateframework/notary/client.test imports
github.com/theupdateframework/notary/server imports
github.com/theupdateframework/notary/utils imports
github.com/spf13/viper imports
github.com/spf13/afero imports
github.com/spf13/afero/mem loaded from github.com/spf13/afero@v1.1.2,
but go 1.16 would select v1.2.2
To upgrade to the versions selected by go 1.16:
go mod tidy -go=1.16 && go mod tidy -go=1.17
If reproducibility with go 1.16 is not needed:
go mod tidy -compat=1.17
For other options, see:
https://golang.org/doc/modules/pruning
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/golang/crypto/compare/5770296d904e...3147a52a75dd
This version contains a fix for CVE-2022-27191 (not sure if it affects us).
From the golang mailing list:
Hello gophers,
Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
client authentication support for signature algorithms based on SHA-2 for use with
existing RSA keys.
Previously, a client would fail to authenticate with RSA keys to servers that
reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
and—starting today March 15, 2022 for recently uploaded keys.
We are providing this announcement as the error (“ssh: unable to authenticate”)
might otherwise be difficult to troubleshoot.
Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
fixes a potential security issue where an attacker could cause a crash in a
golang.org/x/crypto/ssh server under these conditions:
- The server has been configured by passing a Signer to ServerConfig.AddHostKey.
- The Signer passed to AddHostKey does not also implement AlgorithmSigner.
- The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.
Servers that only use Signer implementations provided by the ssh package are
unaffected. This is CVE-2022-27191.
Alla prossima,
Filippo for the Go Security team
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>