Revert "vendor: update system-validators to v1.9.0"

2025-07-23 19:56:01 +00:00 · 2024-10-18 10:12:36 +08:00 · 2024-10-18 10:12:36 +08:00 · 93348753e2
commit 93348753e2
parent ded7ad554e
14 changed files with 76 additions and 220 deletions
--- a/go.mod
+++ b/go.mod
@ -116,7 +116,7 @@ require (
 	k8s.io/mount-utils v0.0.0
 	k8s.io/pod-security-admission v0.0.0
 	k8s.io/sample-apiserver v0.0.0
-	k8s.io/system-validators v1.9.0
+	k8s.io/system-validators v1.8.0
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
 	sigs.k8s.io/knftables v0.0.17
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1
--- a/go.sum
+++ b/go.sum
@ -432,6 +432,7 @@ github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M5
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@ -710,8 +711,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2 h1:GKE9U8BH16uynoxQii0auTjmmmuZ3O0LFMN6S0lPPhI=
 k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA=
-k8s.io/system-validators v1.9.0 h1:/y04BRRDthIyUZnTdKGtJQKG70wIN0zoEAk9U0pAkuo=
-k8s.io/system-validators v1.9.0/go.mod h1:YOnJVzSiCretQi8s8KNy8s2ZOzXWfqAhc1B2uoxnJXc=
+k8s.io/system-validators v1.8.0 h1:tq05tdO9zdJZnNF3SXrq6LE7Knc/KfJm5wk68467JDg=
+k8s.io/system-validators v1.8.0/go.mod h1:gP1Ky+R9wtrSiFbrpEPwWMeYz9yqyy1S/KOh0Vci7WI=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 h1:CPT0ExVicCzcpeN4baWEV2ko2Z/AsiZgEdwgcfwLgMo=
--- a/hack/unwanted-dependencies.json
+++ b/hack/unwanted-dependencies.json
@ -210,6 +210,7 @@
        "github.com/grpc-ecosystem/go-grpc-middleware",
        "k8s.io/kubectl",
        "k8s.io/kubernetes",
+        "k8s.io/system-validators",
        "sigs.k8s.io/kustomize/api",
        "sigs.k8s.io/kustomize/kustomize/v5"
      ],
--- a/vendor/k8s.io/system-validators/validators/cgroup_validator_linux.go
+++ b/vendor/k8s.io/system-validators/validators/cgroup_validator_linux.go
@ -21,13 +21,12 @@ package system

 import (
 	"bufio"
-	"errors"
-	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"

+	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )

@ -45,89 +44,43 @@ func (c *CgroupsValidator) Name() string {

 const (
 	cgroupsConfigPrefix = "CGROUPS_"
-	mountsFilePath      = "/proc/mounts"
+	unifiedMountpoint   = "/sys/fs/cgroup"
 )

-// getUnifiedMountpoint checks if the default mount point is available.
-// If not, it parses the mounts file to find a valid cgroup mount point.
-func getUnifiedMountpoint(path string) (string, error) {
-	f, err := os.Open(path)
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-	scanner := bufio.NewScanner(f)
-	var cgroupV1MountPoint string
-	for scanner.Scan() {
-		line := scanner.Text()
-		if !strings.Contains(line, "cgroup") {
-			continue
-		}
-		// Example fields: `cgroup2 /sys/fs/cgroup cgroup2 rw,seclabel,nosuid,nodev,noexec,relatime 0 0`.
-		fields := strings.Fields(line)
-		if len(fields) >= 3 {
-			switch fields[2] {
-			case "cgroup2":
-				// Return the first cgroups v2 mount point directly.
-				return fields[1], nil
-			case "cgroup":
-				// Set the first cgroups v1 mount point only,
-				// and continue the loop to find if there is a cgroups v2 mount point.
-				if len(cgroupV1MountPoint) == 0 {
-					cgroupV1MountPoint = fields[1]
-				}
-			}
-		}
-	}
-	// Return cgroups v1 mount point if no cgroups v2 mount point is found.
-	if len(cgroupV1MountPoint) != 0 {
-		return cgroupV1MountPoint, nil
-	}
-	return "", fmt.Errorf("cannot get a cgroupfs mount point from %q", path)
-}
-
 // Validate is part of the system.Validator interface.
 func (c *CgroupsValidator) Validate(spec SysSpec) (warns, errs []error) {
-	// Get the subsystems from /sys/fs/cgroup/cgroup.controllers when cgroups v2 is used.
+	// Get the subsystems from /sys/fs/cgroup/cgroup.controllers when cgroup v2 is used.
 	// /proc/cgroups is meaningless for v2
 	// https://github.com/torvalds/linux/blob/v5.3/Documentation/admin-guide/cgroup-v2.rst#deprecated-v1-core-features
 	var st unix.Statfs_t
-	unifiedMountpoint, err := getUnifiedMountpoint(mountsFilePath)
-	if err != nil {
-		return nil, []error{fmt.Errorf("cannot get a cgroup mount point: %w", err)}
-	}
+	var err error
 	if err := unix.Statfs(unifiedMountpoint, &st); err != nil {
-		return nil, []error{fmt.Errorf("cannot statfs the cgroupv2 root: %w", err)}
+		return nil, []error{errors.Wrap(err, "cannot statfs the cgroupv2 root")}
 	}
 	var requiredCgroupSpec []string
 	var optionalCgroupSpec []string
 	var subsystems []string
-	var warn error
 	if st.Type == unix.CGROUP2_SUPER_MAGIC {
-		subsystems, err, warn = c.getCgroupV2Subsystems(unifiedMountpoint)
+		subsystems, err = c.getCgroupV2Subsystems()
 		if err != nil {
-			return nil, []error{fmt.Errorf("failed to get cgroups v2 subsystems: %w", err)}
-		}
-		if warn != nil {
-			warns = append(warns, warn)
+			return nil, []error{errors.Wrap(err, "failed to get cgroup v2 subsystems")}
 		}
 		requiredCgroupSpec = spec.CgroupsV2
 		optionalCgroupSpec = spec.CgroupsV2Optional
 	} else {
-		warns = append(warns, errors.New("cgroups v1 support is in maintenance mode, please migrate to cgroups v2"))
 		subsystems, err = c.getCgroupV1Subsystems()
 		if err != nil {
-			return nil, []error{fmt.Errorf("failed to get cgroups v1 subsystems: %w", err)}
+			return nil, []error{errors.Wrap(err, "failed to get cgroup v1 subsystems")}
 		}
 		requiredCgroupSpec = spec.Cgroups
 		optionalCgroupSpec = spec.CgroupsOptional
 	}

 	if missingRequired := c.validateCgroupSubsystems(requiredCgroupSpec, subsystems, true); len(missingRequired) != 0 {
-		errs = []error{fmt.Errorf("missing required cgroups: %s", strings.Join(missingRequired, " "))}
+		errs = []error{errors.Errorf("missing required cgroups: %s", strings.Join(missingRequired, " "))}
 	}
 	if missingOptional := c.validateCgroupSubsystems(optionalCgroupSpec, subsystems, false); len(missingOptional) != 0 {
-		warns = append(warns, fmt.Errorf("missing optional cgroups: %s", strings.Join(missingOptional, " ")))
+		warns = []error{errors.Errorf("missing optional cgroups: %s", strings.Join(missingOptional, " "))}
 	}
 	return
 }
@ -155,10 +108,11 @@ func (c *CgroupsValidator) validateCgroupSubsystems(cgroups, subsystems []string
 		missing = append(missing, cgroup)
 	}
 	return missing
+
 }

 func (c *CgroupsValidator) getCgroupV1Subsystems() ([]string, error) {
-	// Get the subsystems from /proc/cgroups when cgroups v1 is used.
+	// Get the subsystems from /proc/cgroups when cgroup v1 is used.
 	f, err := os.Open("/proc/cgroups")
 	if err != nil {
 		return nil, err
@ -182,50 +136,19 @@ func (c *CgroupsValidator) getCgroupV1Subsystems() ([]string, error) {
 	return subsystems, nil
 }

-func (c *CgroupsValidator) getCgroupV2Subsystems(unifiedMountpoint string) ([]string, error, error) {
+func (c *CgroupsValidator) getCgroupV2Subsystems() ([]string, error) {
 	// Some controllers are implicitly enabled by the kernel.
 	// Those controllers do not appear in /sys/fs/cgroup/cgroup.controllers.
 	// https://github.com/torvalds/linux/blob/v5.3/kernel/cgroup/cgroup.c#L433-L434
-	// For freezer, we use checkCgroupV2Freeze() to check.
-	// For others, we assume these are always available, as it is hard to detect availability.
-	// We hardcode the following as initial controllers.
-	// - devices: implemented in kernel 4.15.
-	subsystems := []string{"devices"}
-	freezeSupported, warn := checkCgroupV2Freeze(unifiedMountpoint)
-	if freezeSupported {
-		subsystems = append(subsystems, "freezer")
-	}
+	// We assume these are always available, as it is hard to detect availability.
+	// So, we hardcode the following as "pseudo" controllers.
+	// - devices: implemented in kernel 4.15
+	// - freezer: implemented in kernel 5.2
+	pseudo := []string{"devices", "freezer"}
 	data, err := ioutil.ReadFile(filepath.Join(unifiedMountpoint, "cgroup.controllers"))
 	if err != nil {
-		return nil, err, warn
+		return nil, err
 	}
-	subsystems = append(subsystems, strings.Fields(string(data))...)
-	return subsystems, err, warn
-}
-
-// checkCgroupV2Freeze checks if the freezer controller is enabled in Linux kernels 5.2.
-// It determines that by creating a cgroup.freeze file under the unified mountpoint location.
-func checkCgroupV2Freeze(unifiedMountpoint string) (isCgroupfs bool, warn error) {
-	const freezeFile = "cgroup.freeze"
-	tmpDir, warn := os.MkdirTemp(unifiedMountpoint, "freezer-test")
-	if warn != nil {
-		return
-	}
-	defer func() {
-		err := os.RemoveAll(tmpDir)
-		if err != nil {
-			warn = fmt.Errorf("error removing directory %q: %v", tmpDir, err)
-		}
-	}()
-	_, warn = os.Stat(filepath.Join(tmpDir, freezeFile))
-	if os.IsNotExist(warn) {
-		return
-	} else if warn != nil {
-		// If the err is not NotExist error, it means that `cgroup.freeze` exists.
-		isCgroupfs = true
-		warn = fmt.Errorf("could not stat %q file in %q: %v", freezeFile, tmpDir, warn)
-		return
-	}
-	isCgroupfs = true
-	return
+	subsystems := append(pseudo, strings.Fields(string(data))...)
+	return subsystems, nil
 }
--- a/vendor/k8s.io/system-validators/validators/docker_validator.go
+++ b/vendor/k8s.io/system-validators/validators/docker_validator.go
@ -19,10 +19,11 @@ package system
 import (
 	"bytes"
 	"encoding/json"
-	"fmt"
 	"os/exec"
 	"regexp"
 	"strings"
+
+	"github.com/pkg/errors"
 )

 var _ Validator = &DockerValidator{}
@ -71,7 +72,7 @@ func (d *DockerValidator) Validate(spec SysSpec) ([]error, []error) {
 	cmd.Stderr = &errb
 	err := cmd.Run()
 	if err != nil {
-		return nil, []error{fmt.Errorf(`failed executing "docker info --format '{{json .}}'"\noutput: %s\nstderr: %s\nerror: %v`, outb.String(), errb.String(), err)}
+		return nil, []error{errors.Errorf(`failed executing "docker info --format '{{json .}}'"\noutput: %s\nstderr: %s\nerror: %v`, outb.String(), errb.String(), err)}
 	}
 	if err := d.unmarshalDockerInfo(outb.Bytes(), &info); err != nil {
 		return nil, []error{err}
@ -81,14 +82,14 @@ func (d *DockerValidator) Validate(spec SysSpec) ([]error, []error) {
 	warnings, errs := d.validateDockerInfo(spec.RuntimeSpec.DockerSpec, info)

 	if len(errb.String()) > 0 {
-		warnings = append(warnings, fmt.Errorf(`the command "docker info --format '{{json.}}'" succeeded with potential warnings\noutput: %s`, errb.String()))
+		warnings = append(warnings, errors.Errorf(`the command "docker info --format '{{json.}}'" succeeded with potential warnings\noutput: %s`, errb.String()))
 	}
 	return warnings, errs
 }

 func (d *DockerValidator) unmarshalDockerInfo(b []byte, info *dockerInfo) error {
 	if err := json.Unmarshal(b, &info); err != nil {
-		return fmt.Errorf("could not unmarshal the JSON output of 'docker info':\n%s\n err: %w", b, err)
+		return errors.Wrapf(err, "could not unmarshal the JSON output of 'docker info':\n%s\n", b)
 	}
 	return nil
 }
@ -96,7 +97,7 @@ func (d *DockerValidator) unmarshalDockerInfo(b []byte, info *dockerInfo) error
 func (d *DockerValidator) validateDockerInfo(spec *DockerSpec, info dockerInfo) ([]error, []error) {
 	// Validate docker version.
 	if info.ServerErrors != nil {
-		return nil, []error{fmt.Errorf("error verifying Docker info: %q", strings.Join(info.ServerErrors, `", "`))}
+		return nil, []error{errors.Errorf("error verifying Docker info: %q", strings.Join(info.ServerErrors, `", "`))}
 	}

 	matched := false
@ -114,7 +115,7 @@ func (d *DockerValidator) validateDockerInfo(spec *DockerSpec, info dockerInfo)
 		r := regexp.MustCompile(ver)
 		if r.MatchString(info.ServerVersion) {
 			d.Reporter.Report(dockerConfigPrefix+"VERSION", info.ServerVersion, good)
-			w := fmt.Errorf(
+			w := errors.Errorf(
 				"this Docker version is not on the list of validated versions: %s. Latest validated version: %s",
 				info.ServerVersion,
 				latestValidatedDockerVersion,
@ -122,7 +123,7 @@ func (d *DockerValidator) validateDockerInfo(spec *DockerSpec, info dockerInfo)
 			return []error{w}, nil
 		}
 		d.Reporter.Report(dockerConfigPrefix+"VERSION", info.ServerVersion, bad)
-		return nil, []error{fmt.Errorf("unsupported docker version: %s", info.ServerVersion)}
+		return nil, []error{errors.Errorf("unsupported docker version: %s", info.ServerVersion)}
 	}
 	// Validate graph driver.
 	item := dockerConfigPrefix + "GRAPH_DRIVER"
@ -133,5 +134,5 @@ func (d *DockerValidator) validateDockerInfo(spec *DockerSpec, info dockerInfo)
 		}
 	}
 	d.Reporter.Report(item, info.Driver, bad)
-	return nil, []error{fmt.Errorf("unsupported graph driver: %s", info.Driver)}
+	return nil, []error{errors.Errorf("unsupported graph driver: %s", info.Driver)}
 }
--- a/vendor/k8s.io/system-validators/validators/kernel_validator.go
+++ b/vendor/k8s.io/system-validators/validators/kernel_validator.go
@ -28,6 +28,8 @@ import (
 	"path/filepath"
 	"regexp"
 	"strings"
+
+	"github.com/pkg/errors"
 )

 var _ Validator = &KernelValidator{}
@ -63,7 +65,7 @@ func (k *KernelValidator) Validate(spec SysSpec) ([]error, []error) {
 	helper := KernelValidatorHelperImpl{}
 	release, err := helper.GetKernelReleaseVersion()
 	if err != nil {
-		return nil, []error{fmt.Errorf("failed to get kernel release: %w", err)}
+		return nil, []error{errors.Wrap(err, "failed to get kernel release")}
 	}
 	k.kernelRelease = release
 	var errs []error
@ -90,14 +92,14 @@ func (k *KernelValidator) validateKernelVersion(kSpec KernelSpec) error {
 		}
 	}
 	k.Reporter.Report("KERNEL_VERSION", k.kernelRelease, bad)
-	return fmt.Errorf("kernel release %s is unsupported. %s", k.kernelRelease, kSpec.VersionsNote)
+	return errors.Errorf("unsupported kernel release: %s", k.kernelRelease)
 }

 // validateKernelConfig validates the kernel configurations.
 func (k *KernelValidator) validateKernelConfig(kSpec KernelSpec) error {
 	allConfig, err := k.getKernelConfig()
 	if err != nil {
-		return fmt.Errorf("failed to parse kernel config: %w", err)
+		return errors.Wrap(err, "failed to parse kernel config")
 	}
 	return k.validateCachedKernelConfig(allConfig, kSpec)
 }
@ -166,7 +168,7 @@ func (k *KernelValidator) validateCachedKernelConfig(allConfig map[string]kConfi
 		validateOpt(config, forbidden)
 	}
 	if len(badConfigs) > 0 {
-		return fmt.Errorf("unexpected kernel config: %s", strings.Join(badConfigs, " "))
+		return errors.Errorf("unexpected kernel config: %s", strings.Join(badConfigs, " "))
 	}
 	return nil
 }
@ -221,14 +223,14 @@ func (k *KernelValidator) getKernelConfigReader() (io.Reader, error) {
 		// config module and check again.
 		output, err := exec.Command(modprobeCmd, configsModule).CombinedOutput()
 		if err != nil {
-			return nil, fmt.Errorf("unable to load kernel module: %q, output: %q, err: %w",
-				configsModule, output, err)
+			return nil, errors.Wrapf(err, "unable to load kernel module: %q, output: %q, err",
+				configsModule, output)
 		}
 		// Unload the kernel config module to make sure the validation have no side effect.
 		defer exec.Command(modprobeCmd, "-r", configsModule).Run()
 		loadModule = true
 	}
-	return nil, fmt.Errorf("no config path in %v is available", possibePaths)
+	return nil, errors.Errorf("no config path in %v is available", possibePaths)
 }

 // getKernelConfig gets kernel config from kernel config file and convert kernel config to internal type.
--- a/vendor/k8s.io/system-validators/validators/os_validator_unix.go
+++ b/vendor/k8s.io/system-validators/validators/os_validator_unix.go
@ -1,6 +1,3 @@
-//go:build !windows
-// +build !windows
-
 /*
 Copyright 2016 The Kubernetes Authors.

@ -20,9 +17,10 @@ limitations under the License.
 package system

 import (
-	"fmt"
 	"os/exec"
 	"strings"
+
+	"github.com/pkg/errors"
 )

 var _ Validator = &OSValidator{}
@ -41,7 +39,7 @@ func (o *OSValidator) Name() string {
 func (o *OSValidator) Validate(spec SysSpec) ([]error, []error) {
 	os, err := exec.Command("uname").CombinedOutput()
 	if err != nil {
-		return nil, []error{fmt.Errorf("failed to get OS name: %w", err)}
+		return nil, []error{errors.Wrap(err, "failed to get os name")}
 	}
 	if err = o.validateOS(strings.TrimSpace(string(os)), spec.OS); err != nil {
 		return nil, []error{err}
@ -52,7 +50,7 @@ func (o *OSValidator) Validate(spec SysSpec) ([]error, []error) {
 func (o *OSValidator) validateOS(os, specOS string) error {
 	if os != specOS {
 		o.Reporter.Report("OS", os, bad)
-		return fmt.Errorf("unsupported operating system: %s", os)
+		return errors.Errorf("unsupported operating system: %s", os)
 	}
 	o.Reporter.Report("OS", os, good)
 	return nil
--- a/vendor/k8s.io/system-validators/validators/os_validator_windows.go
+++ b/vendor/k8s.io/system-validators/validators/os_validator_windows.go
@ -1,62 +0,0 @@
-//go:build windows
-// +build windows
-
-/*
-Copyright 2024 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package system
-
-import (
-	"fmt"
-	"os/exec"
-	"strings"
-)
-
-var _ Validator = &OSValidator{}
-
-// OSValidator validates OS.
-type OSValidator struct {
-	Reporter Reporter
-}
-
-// Name is part of the system.Validator interface.
-func (o *OSValidator) Name() string {
-	return "os"
-}
-
-// Validate is part of the system.Validator interface.
-func (o *OSValidator) Validate(spec SysSpec) ([]error, []error) {
-	args := []string{`(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').ProductName`}
-	os, err := exec.Command("powershell", args...).Output()
-	if err != nil {
-		return nil, []error{fmt.Errorf("failed to get OS name: %w", err)}
-	}
-	if err = o.validateOS(strings.TrimSpace(string(os)), spec.OS); err != nil {
-		return nil, []error{err}
-	}
-	return nil, nil
-}
-
-// validateOS would check if the reported string such as 'Windows Server 2019' contains
-// the required OS prefix from the spec 'Windows Server'.
-func (o *OSValidator) validateOS(os, specOS string) error {
-	if !strings.HasPrefix(os, specOS) {
-		o.Reporter.Report("OS", os, bad)
-		return fmt.Errorf("unsupported operating system: %s", os)
-	}
-	o.Reporter.Report("OS", os, good)
-	return nil
-}
--- a/vendor/k8s.io/system-validators/validators/package_validator_linux.go
+++ b/vendor/k8s.io/system-validators/validators/package_validator_linux.go
@ -20,13 +20,13 @@ limitations under the License.
 package system

 import (
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"os/exec"
 	"strings"

 	"github.com/blang/semver/v4"
+	"github.com/pkg/errors"
 )

 // semVerDotsCount is the number of dots in a valid semantic version.
@ -68,7 +68,7 @@ func newDPKG() (packageManager, bool) {
 func (dpkg) getPackageVersion(packageName string) (string, error) {
 	output, err := exec.Command("dpkg-query", "--show", "--showformat='${Version}'", packageName).Output()
 	if err != nil {
-		return "", fmt.Errorf("dpkg-query failed: %w", err)
+		return "", errors.Wrap(err, "dpkg-query failed")
 	}
 	version := extractUpstreamVersion(string(output))
 	if version == "" {
@ -152,7 +152,7 @@ func (validator *packageValidator) validate(packageSpecs []PackageSpec, manager
 		if versionRange(sv) {
 			validator.reporter.Report(nameWithVerRange, version, good)
 		} else {
-			errs = append(errs, fmt.Errorf("package \"%s %s\" does not meet the spec \"%s (%s)\"", packageName, sv, packageName, spec.VersionRange))
+			errs = append(errs, errors.Errorf("package \"%s %s\" does not meet the spec \"%s (%s)\"", packageName, sv, packageName, spec.VersionRange))
 			validator.reporter.Report(nameWithVerRange, version, bad)
 		}
 	}
@ -163,7 +163,7 @@ func (validator *packageValidator) validate(packageSpecs []PackageSpec, manager
 func getKernelRelease() (string, error) {
 	output, err := exec.Command("uname", "-r").Output()
 	if err != nil {
-		return "", fmt.Errorf("failed to get kernel release: %w", err)
+		return "", errors.Wrap(err, "failed to get kernel release")
 	}
 	return strings.TrimSpace(string(output)), nil
 }
@ -173,7 +173,7 @@ func getOSDistro() (string, error) {
 	f := "/etc/lsb-release"
 	b, err := ioutil.ReadFile(f)
 	if err != nil {
-		return "", fmt.Errorf("failed to read %q: %w", f, err)
+		return "", errors.Wrapf(err, "failed to read %q", f)
 	}
 	content := string(b)
 	switch {
@ -184,7 +184,7 @@ func getOSDistro() (string, error) {
 	case strings.Contains(content, "CoreOS"):
 		return "coreos", nil
 	default:
-		return "", fmt.Errorf("failed to get OS distro: %s", content)
+		return "", errors.Errorf("failed to get OS distro: %s", content)
 	}
 }

@ -244,11 +244,10 @@ func extractUpstreamVersion(version string) string {
 }

 // toSemVerRange converts the input to a semantic version range.
-// E.g.,
-// - ">=1.0"             -> ">=1.0.x"
-// - ">=1"               -> ">=1.x"
-// - ">=1 <=2.3"         -> ">=1.x <=2.3.x"
-// - ">1 || >3.1.0 !4.2" -> ">1.x || >3.1.0 !4.2.x"
+// E.g., ">=1.0"             -> ">=1.0.x"
+//       ">=1"               -> ">=1.x"
+//       ">=1 <=2.3"         -> ">=1.x <=2.3.x"
+//       ">1 || >3.1.0 !4.2" -> ">1.x || >3.1.0 !4.2.x"
 func toSemVerRange(input string) string {
 	var output []string
 	fields := strings.Fields(input)
--- a/vendor/k8s.io/system-validators/validators/report.go
+++ b/vendor/k8s.io/system-validators/validators/report.go
@ -17,10 +17,11 @@ limitations under the License.
 package system

 import (
-	"errors"
 	"fmt"
 	"io"
 	"os"
+
+	"github.com/pkg/errors"
 )

 // ValidationResultType is type of the validation result. Different validation results
--- a/vendor/k8s.io/system-validators/validators/types.go
+++ b/vendor/k8s.io/system-validators/validators/types.go
@ -37,13 +37,11 @@ type KernelConfig struct {

 // KernelSpec defines the specification for the kernel. Currently, it contains
 // specification for:
-//   - Kernel Version
-//   - Kernel Configuration
+//   * Kernel Version
+//   * Kernel Configuration
 type KernelSpec struct {
 	// Versions define supported kernel version. It is a group of regexps.
 	Versions []string `json:"versions,omitempty"`
-	// VersionsNote provides additional information if Versions do not match.
-	VersionsNote string `json:"versionsNote,omitempty"`
 	// Required contains all kernel configurations required to be enabled
 	// (built in or as module).
 	Required []KernelConfig `json:"required,omitempty"`
--- a/vendor/k8s.io/system-validators/validators/types_unix.go
+++ b/vendor/k8s.io/system-validators/validators/types_unix.go
@ -28,9 +28,7 @@ import (
 var DefaultSysSpec = SysSpec{
 	OS: "Linux",
 	KernelSpec: KernelSpec{
-		// 4.19 is an active kernel Long Term Support (LTS) release, tracked in https://www.kernel.org/category/releases.html.
-		Versions:     []string{`^4\.19.*$`, `^4\.[2-9][0-9].*$`, `^([5-9]|[1-9][0-9]+)\.([0-9]+)\.([0-9]+).*$`},
-		VersionsNote: "Recommended LTS version from the 4.x series is 4.19. Any 5.x or 6.x versions are also supported. For cgroups v2 support, the minimal version is 4.15 and the recommended version is 5.8+",
+		Versions: []string{`^3\.[1-9][0-9].*$`, `^([4-9]|[1-9][0-9]+)\.([0-9]+)\.([0-9]+).*$`}, // Requires 3.10+, or newer
 		// TODO(random-liu): Add more config
 		// TODO(random-liu): Add description for each kernel configuration:
 		Required: []KernelConfig{
@ -40,12 +38,11 @@ var DefaultSysSpec = SysSpec{
 			{Name: "IPC_NS"},
 			{Name: "UTS_NS"},
 			{Name: "CGROUPS"},
-			{Name: "CGROUP_BPF"},     // cgroups v2
-			{Name: "CGROUP_CPUACCT"}, // cgroups v1 cpuacct
+			{Name: "CGROUP_CPUACCT"},
 			{Name: "CGROUP_DEVICE"},
-			{Name: "CGROUP_FREEZER"}, // cgroups v1 freezer
+			{Name: "CGROUP_FREEZER"},
 			{Name: "CGROUP_PIDS"},
-			{Name: "CGROUP_SCHED"}, // cgroups v1 & v2 cpu
+			{Name: "CGROUP_SCHED"},
 			{Name: "CPUSETS"},
 			{Name: "MEMCG"},
 			{Name: "INET"},
@ -72,7 +69,7 @@ var DefaultSysSpec = SysSpec{
 		// and therefore lacks corresponding hugetlb cgroup
 		"hugetlb",
 		// The blkio cgroup is optional since some kernels are compiled without support for block I/O throttling.
-		// Containerd and cri-o will use blkio to track disk I/O and throttling in both cgroups v1 and v2.
+		// Containerd and cri-o will use blkio to track disk I/O and throttling in both cgroup v1 and v2.
 		"blkio",
 	},
 	CgroupsV2: []string{"cpu", "cpuset", "devices", "freezer", "memory", "pids"},
--- a/vendor/k8s.io/system-validators/validators/types_windows.go
+++ b/vendor/k8s.io/system-validators/validators/types_windows.go
@ -24,15 +24,14 @@ import (
 	"strings"
 )

-// DefaultSysSpec is the default SysSpec for Windows.
+// DefaultSysSpec is the default SysSpec for Windows
 var DefaultSysSpec = SysSpec{
-	OS: "Windows Server",
+	OS: "Microsoft Windows Server 2016",
 	KernelSpec: KernelSpec{
-		Versions:     []string{`10\.0\.1439[3-9]`, `10\.0\.14[4-9][0-9]{2}`, `10\.0\.1[5-9][0-9]{3}`, `10\.0\.[2-9][0-9]{4}`, `10\.[1-9]+\.[0-9]+`}, //requires >= '10.0.14393'
-		VersionsNote: "The kernel version should be >= '10.0.14393'",
-		Required:     []KernelConfig{},
-		Optional:     []KernelConfig{},
-		Forbidden:    []KernelConfig{},
+		Versions:  []string{`10\.0\.1439[3-9]`, `10\.0\.14[4-9][0-9]{2}`, `10\.0\.1[5-9][0-9]{3}`, `10\.0\.[2-9][0-9]{4}`, `10\.[1-9]+\.[0-9]+`}, //requires >= '10.0.14393'
+		Required:  []KernelConfig{},
+		Optional:  []KernelConfig{},
+		Forbidden: []KernelConfig{},
 	},
 	RuntimeSpec: RuntimeSpec{
 		DockerSpec: &DockerSpec{
@ -47,11 +46,9 @@ type KernelValidatorHelperImpl struct{}

 var _ KernelValidatorHelper = &KernelValidatorHelperImpl{}

-// GetKernelReleaseVersion returns the Windows release version (e.g. 10.0.14393) as a string.
-// It does not include the UBR (revision)
+// GetKernelReleaseVersion returns the windows release version (ex. 10.0.14393) as a string
 func (o *KernelValidatorHelperImpl) GetKernelReleaseVersion() (string, error) {
-	args := []string{`$props = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'; ` +
-		`"$($props.CurrentMajorVersionNumber).$($props.CurrentMinorVersionNumber).$($props.CurrentBuildNumber)"`}
+	args := []string{"(Get-CimInstance Win32_OperatingSystem).Version"}
 	releaseVersion, err := exec.Command("powershell", args...).Output()
 	if err != nil {
 		return "", err
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -1173,7 +1173,7 @@ k8s.io/kube-openapi/pkg/validation/validate
 ## explicit; go 1.23.0
 # k8s.io/sample-apiserver v0.0.0 => ./staging/src/k8s.io/sample-apiserver
 ## explicit; go 1.23.0
-# k8s.io/system-validators v1.9.0
+# k8s.io/system-validators v1.8.0
 ## explicit; go 1.16
 k8s.io/system-validators/validators
 # k8s.io/utils v0.0.0-20240711033017-18e509b52bc8