diff --git a/go.mod b/go.mod index 82781fea613..ce149173be7 100644 --- a/go.mod +++ b/go.mod @@ -116,7 +116,7 @@ require ( k8s.io/mount-utils v0.0.0 k8s.io/pod-security-admission v0.0.0 k8s.io/sample-apiserver v0.0.0 - k8s.io/system-validators v1.9.0 + k8s.io/system-validators v1.8.0 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 sigs.k8s.io/knftables v0.0.17 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 diff --git a/go.sum b/go.sum index 929fdb6c74f..5ead99abe06 100644 --- a/go.sum +++ b/go.sum @@ -432,6 +432,7 @@ github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M5 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -710,8 +711,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2 h1:GKE9U8BH16uynoxQii0auTjmmmuZ3O0LFMN6S0lPPhI= k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= -k8s.io/system-validators v1.9.0 h1:/y04BRRDthIyUZnTdKGtJQKG70wIN0zoEAk9U0pAkuo= -k8s.io/system-validators v1.9.0/go.mod h1:YOnJVzSiCretQi8s8KNy8s2ZOzXWfqAhc1B2uoxnJXc= +k8s.io/system-validators v1.8.0 h1:tq05tdO9zdJZnNF3SXrq6LE7Knc/KfJm5wk68467JDg= +k8s.io/system-validators v1.8.0/go.mod h1:gP1Ky+R9wtrSiFbrpEPwWMeYz9yqyy1S/KOh0Vci7WI= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 h1:CPT0ExVicCzcpeN4baWEV2ko2Z/AsiZgEdwgcfwLgMo= diff --git a/hack/unwanted-dependencies.json b/hack/unwanted-dependencies.json index 2019c075207..efcf41306bb 100644 --- a/hack/unwanted-dependencies.json +++ b/hack/unwanted-dependencies.json @@ -210,6 +210,7 @@ "github.com/grpc-ecosystem/go-grpc-middleware", "k8s.io/kubectl", "k8s.io/kubernetes", + "k8s.io/system-validators", "sigs.k8s.io/kustomize/api", "sigs.k8s.io/kustomize/kustomize/v5" ], diff --git a/vendor/k8s.io/system-validators/validators/cgroup_validator_linux.go b/vendor/k8s.io/system-validators/validators/cgroup_validator_linux.go index 8337b75d12a..2122ca8b0ec 100644 --- a/vendor/k8s.io/system-validators/validators/cgroup_validator_linux.go +++ b/vendor/k8s.io/system-validators/validators/cgroup_validator_linux.go @@ -21,13 +21,12 @@ package system import ( "bufio" - "errors" - "fmt" "io/ioutil" "os" "path/filepath" "strings" + "github.com/pkg/errors" "golang.org/x/sys/unix" ) @@ -45,89 +44,43 @@ func (c *CgroupsValidator) Name() string { const ( cgroupsConfigPrefix = "CGROUPS_" - mountsFilePath = "/proc/mounts" + unifiedMountpoint = "/sys/fs/cgroup" ) -// getUnifiedMountpoint checks if the default mount point is available. -// If not, it parses the mounts file to find a valid cgroup mount point. -func getUnifiedMountpoint(path string) (string, error) { - f, err := os.Open(path) - if err != nil { - return "", err - } - defer f.Close() - scanner := bufio.NewScanner(f) - var cgroupV1MountPoint string - for scanner.Scan() { - line := scanner.Text() - if !strings.Contains(line, "cgroup") { - continue - } - // Example fields: `cgroup2 /sys/fs/cgroup cgroup2 rw,seclabel,nosuid,nodev,noexec,relatime 0 0`. - fields := strings.Fields(line) - if len(fields) >= 3 { - switch fields[2] { - case "cgroup2": - // Return the first cgroups v2 mount point directly. - return fields[1], nil - case "cgroup": - // Set the first cgroups v1 mount point only, - // and continue the loop to find if there is a cgroups v2 mount point. - if len(cgroupV1MountPoint) == 0 { - cgroupV1MountPoint = fields[1] - } - } - } - } - // Return cgroups v1 mount point if no cgroups v2 mount point is found. - if len(cgroupV1MountPoint) != 0 { - return cgroupV1MountPoint, nil - } - return "", fmt.Errorf("cannot get a cgroupfs mount point from %q", path) -} - // Validate is part of the system.Validator interface. func (c *CgroupsValidator) Validate(spec SysSpec) (warns, errs []error) { - // Get the subsystems from /sys/fs/cgroup/cgroup.controllers when cgroups v2 is used. + // Get the subsystems from /sys/fs/cgroup/cgroup.controllers when cgroup v2 is used. // /proc/cgroups is meaningless for v2 // https://github.com/torvalds/linux/blob/v5.3/Documentation/admin-guide/cgroup-v2.rst#deprecated-v1-core-features var st unix.Statfs_t - unifiedMountpoint, err := getUnifiedMountpoint(mountsFilePath) - if err != nil { - return nil, []error{fmt.Errorf("cannot get a cgroup mount point: %w", err)} - } + var err error if err := unix.Statfs(unifiedMountpoint, &st); err != nil { - return nil, []error{fmt.Errorf("cannot statfs the cgroupv2 root: %w", err)} + return nil, []error{errors.Wrap(err, "cannot statfs the cgroupv2 root")} } var requiredCgroupSpec []string var optionalCgroupSpec []string var subsystems []string - var warn error if st.Type == unix.CGROUP2_SUPER_MAGIC { - subsystems, err, warn = c.getCgroupV2Subsystems(unifiedMountpoint) + subsystems, err = c.getCgroupV2Subsystems() if err != nil { - return nil, []error{fmt.Errorf("failed to get cgroups v2 subsystems: %w", err)} - } - if warn != nil { - warns = append(warns, warn) + return nil, []error{errors.Wrap(err, "failed to get cgroup v2 subsystems")} } requiredCgroupSpec = spec.CgroupsV2 optionalCgroupSpec = spec.CgroupsV2Optional } else { - warns = append(warns, errors.New("cgroups v1 support is in maintenance mode, please migrate to cgroups v2")) subsystems, err = c.getCgroupV1Subsystems() if err != nil { - return nil, []error{fmt.Errorf("failed to get cgroups v1 subsystems: %w", err)} + return nil, []error{errors.Wrap(err, "failed to get cgroup v1 subsystems")} } requiredCgroupSpec = spec.Cgroups optionalCgroupSpec = spec.CgroupsOptional } if missingRequired := c.validateCgroupSubsystems(requiredCgroupSpec, subsystems, true); len(missingRequired) != 0 { - errs = []error{fmt.Errorf("missing required cgroups: %s", strings.Join(missingRequired, " "))} + errs = []error{errors.Errorf("missing required cgroups: %s", strings.Join(missingRequired, " "))} } if missingOptional := c.validateCgroupSubsystems(optionalCgroupSpec, subsystems, false); len(missingOptional) != 0 { - warns = append(warns, fmt.Errorf("missing optional cgroups: %s", strings.Join(missingOptional, " "))) + warns = []error{errors.Errorf("missing optional cgroups: %s", strings.Join(missingOptional, " "))} } return } @@ -155,10 +108,11 @@ func (c *CgroupsValidator) validateCgroupSubsystems(cgroups, subsystems []string missing = append(missing, cgroup) } return missing + } func (c *CgroupsValidator) getCgroupV1Subsystems() ([]string, error) { - // Get the subsystems from /proc/cgroups when cgroups v1 is used. + // Get the subsystems from /proc/cgroups when cgroup v1 is used. f, err := os.Open("/proc/cgroups") if err != nil { return nil, err @@ -182,50 +136,19 @@ func (c *CgroupsValidator) getCgroupV1Subsystems() ([]string, error) { return subsystems, nil } -func (c *CgroupsValidator) getCgroupV2Subsystems(unifiedMountpoint string) ([]string, error, error) { +func (c *CgroupsValidator) getCgroupV2Subsystems() ([]string, error) { // Some controllers are implicitly enabled by the kernel. // Those controllers do not appear in /sys/fs/cgroup/cgroup.controllers. // https://github.com/torvalds/linux/blob/v5.3/kernel/cgroup/cgroup.c#L433-L434 - // For freezer, we use checkCgroupV2Freeze() to check. - // For others, we assume these are always available, as it is hard to detect availability. - // We hardcode the following as initial controllers. - // - devices: implemented in kernel 4.15. - subsystems := []string{"devices"} - freezeSupported, warn := checkCgroupV2Freeze(unifiedMountpoint) - if freezeSupported { - subsystems = append(subsystems, "freezer") - } + // We assume these are always available, as it is hard to detect availability. + // So, we hardcode the following as "pseudo" controllers. + // - devices: implemented in kernel 4.15 + // - freezer: implemented in kernel 5.2 + pseudo := []string{"devices", "freezer"} data, err := ioutil.ReadFile(filepath.Join(unifiedMountpoint, "cgroup.controllers")) if err != nil { - return nil, err, warn + return nil, err } - subsystems = append(subsystems, strings.Fields(string(data))...) - return subsystems, err, warn -} - -// checkCgroupV2Freeze checks if the freezer controller is enabled in Linux kernels 5.2. -// It determines that by creating a cgroup.freeze file under the unified mountpoint location. -func checkCgroupV2Freeze(unifiedMountpoint string) (isCgroupfs bool, warn error) { - const freezeFile = "cgroup.freeze" - tmpDir, warn := os.MkdirTemp(unifiedMountpoint, "freezer-test") - if warn != nil { - return - } - defer func() { - err := os.RemoveAll(tmpDir) - if err != nil { - warn = fmt.Errorf("error removing directory %q: %v", tmpDir, err) - } - }() - _, warn = os.Stat(filepath.Join(tmpDir, freezeFile)) - if os.IsNotExist(warn) { - return - } else if warn != nil { - // If the err is not NotExist error, it means that `cgroup.freeze` exists. - isCgroupfs = true - warn = fmt.Errorf("could not stat %q file in %q: %v", freezeFile, tmpDir, warn) - return - } - isCgroupfs = true - return + subsystems := append(pseudo, strings.Fields(string(data))...) + return subsystems, nil } diff --git a/vendor/k8s.io/system-validators/validators/docker_validator.go b/vendor/k8s.io/system-validators/validators/docker_validator.go index 0a3c8c3634f..4ebed9f6bfe 100644 --- a/vendor/k8s.io/system-validators/validators/docker_validator.go +++ b/vendor/k8s.io/system-validators/validators/docker_validator.go @@ -19,10 +19,11 @@ package system import ( "bytes" "encoding/json" - "fmt" "os/exec" "regexp" "strings" + + "github.com/pkg/errors" ) var _ Validator = &DockerValidator{} @@ -71,7 +72,7 @@ func (d *DockerValidator) Validate(spec SysSpec) ([]error, []error) { cmd.Stderr = &errb err := cmd.Run() if err != nil { - return nil, []error{fmt.Errorf(`failed executing "docker info --format '{{json .}}'"\noutput: %s\nstderr: %s\nerror: %v`, outb.String(), errb.String(), err)} + return nil, []error{errors.Errorf(`failed executing "docker info --format '{{json .}}'"\noutput: %s\nstderr: %s\nerror: %v`, outb.String(), errb.String(), err)} } if err := d.unmarshalDockerInfo(outb.Bytes(), &info); err != nil { return nil, []error{err} @@ -81,14 +82,14 @@ func (d *DockerValidator) Validate(spec SysSpec) ([]error, []error) { warnings, errs := d.validateDockerInfo(spec.RuntimeSpec.DockerSpec, info) if len(errb.String()) > 0 { - warnings = append(warnings, fmt.Errorf(`the command "docker info --format '{{json.}}'" succeeded with potential warnings\noutput: %s`, errb.String())) + warnings = append(warnings, errors.Errorf(`the command "docker info --format '{{json.}}'" succeeded with potential warnings\noutput: %s`, errb.String())) } return warnings, errs } func (d *DockerValidator) unmarshalDockerInfo(b []byte, info *dockerInfo) error { if err := json.Unmarshal(b, &info); err != nil { - return fmt.Errorf("could not unmarshal the JSON output of 'docker info':\n%s\n err: %w", b, err) + return errors.Wrapf(err, "could not unmarshal the JSON output of 'docker info':\n%s\n", b) } return nil } @@ -96,7 +97,7 @@ func (d *DockerValidator) unmarshalDockerInfo(b []byte, info *dockerInfo) error func (d *DockerValidator) validateDockerInfo(spec *DockerSpec, info dockerInfo) ([]error, []error) { // Validate docker version. if info.ServerErrors != nil { - return nil, []error{fmt.Errorf("error verifying Docker info: %q", strings.Join(info.ServerErrors, `", "`))} + return nil, []error{errors.Errorf("error verifying Docker info: %q", strings.Join(info.ServerErrors, `", "`))} } matched := false @@ -114,7 +115,7 @@ func (d *DockerValidator) validateDockerInfo(spec *DockerSpec, info dockerInfo) r := regexp.MustCompile(ver) if r.MatchString(info.ServerVersion) { d.Reporter.Report(dockerConfigPrefix+"VERSION", info.ServerVersion, good) - w := fmt.Errorf( + w := errors.Errorf( "this Docker version is not on the list of validated versions: %s. Latest validated version: %s", info.ServerVersion, latestValidatedDockerVersion, @@ -122,7 +123,7 @@ func (d *DockerValidator) validateDockerInfo(spec *DockerSpec, info dockerInfo) return []error{w}, nil } d.Reporter.Report(dockerConfigPrefix+"VERSION", info.ServerVersion, bad) - return nil, []error{fmt.Errorf("unsupported docker version: %s", info.ServerVersion)} + return nil, []error{errors.Errorf("unsupported docker version: %s", info.ServerVersion)} } // Validate graph driver. item := dockerConfigPrefix + "GRAPH_DRIVER" @@ -133,5 +134,5 @@ func (d *DockerValidator) validateDockerInfo(spec *DockerSpec, info dockerInfo) } } d.Reporter.Report(item, info.Driver, bad) - return nil, []error{fmt.Errorf("unsupported graph driver: %s", info.Driver)} + return nil, []error{errors.Errorf("unsupported graph driver: %s", info.Driver)} } diff --git a/vendor/k8s.io/system-validators/validators/kernel_validator.go b/vendor/k8s.io/system-validators/validators/kernel_validator.go index 42af3bef26a..d2a8b9de032 100644 --- a/vendor/k8s.io/system-validators/validators/kernel_validator.go +++ b/vendor/k8s.io/system-validators/validators/kernel_validator.go @@ -28,6 +28,8 @@ import ( "path/filepath" "regexp" "strings" + + "github.com/pkg/errors" ) var _ Validator = &KernelValidator{} @@ -63,7 +65,7 @@ func (k *KernelValidator) Validate(spec SysSpec) ([]error, []error) { helper := KernelValidatorHelperImpl{} release, err := helper.GetKernelReleaseVersion() if err != nil { - return nil, []error{fmt.Errorf("failed to get kernel release: %w", err)} + return nil, []error{errors.Wrap(err, "failed to get kernel release")} } k.kernelRelease = release var errs []error @@ -90,14 +92,14 @@ func (k *KernelValidator) validateKernelVersion(kSpec KernelSpec) error { } } k.Reporter.Report("KERNEL_VERSION", k.kernelRelease, bad) - return fmt.Errorf("kernel release %s is unsupported. %s", k.kernelRelease, kSpec.VersionsNote) + return errors.Errorf("unsupported kernel release: %s", k.kernelRelease) } // validateKernelConfig validates the kernel configurations. func (k *KernelValidator) validateKernelConfig(kSpec KernelSpec) error { allConfig, err := k.getKernelConfig() if err != nil { - return fmt.Errorf("failed to parse kernel config: %w", err) + return errors.Wrap(err, "failed to parse kernel config") } return k.validateCachedKernelConfig(allConfig, kSpec) } @@ -166,7 +168,7 @@ func (k *KernelValidator) validateCachedKernelConfig(allConfig map[string]kConfi validateOpt(config, forbidden) } if len(badConfigs) > 0 { - return fmt.Errorf("unexpected kernel config: %s", strings.Join(badConfigs, " ")) + return errors.Errorf("unexpected kernel config: %s", strings.Join(badConfigs, " ")) } return nil } @@ -221,14 +223,14 @@ func (k *KernelValidator) getKernelConfigReader() (io.Reader, error) { // config module and check again. output, err := exec.Command(modprobeCmd, configsModule).CombinedOutput() if err != nil { - return nil, fmt.Errorf("unable to load kernel module: %q, output: %q, err: %w", - configsModule, output, err) + return nil, errors.Wrapf(err, "unable to load kernel module: %q, output: %q, err", + configsModule, output) } // Unload the kernel config module to make sure the validation have no side effect. defer exec.Command(modprobeCmd, "-r", configsModule).Run() loadModule = true } - return nil, fmt.Errorf("no config path in %v is available", possibePaths) + return nil, errors.Errorf("no config path in %v is available", possibePaths) } // getKernelConfig gets kernel config from kernel config file and convert kernel config to internal type. diff --git a/vendor/k8s.io/system-validators/validators/os_validator_unix.go b/vendor/k8s.io/system-validators/validators/os_validator.go similarity index 88% rename from vendor/k8s.io/system-validators/validators/os_validator_unix.go rename to vendor/k8s.io/system-validators/validators/os_validator.go index e28ab62a1de..8a20e51ce21 100644 --- a/vendor/k8s.io/system-validators/validators/os_validator_unix.go +++ b/vendor/k8s.io/system-validators/validators/os_validator.go @@ -1,6 +1,3 @@ -//go:build !windows -// +build !windows - /* Copyright 2016 The Kubernetes Authors. @@ -20,9 +17,10 @@ limitations under the License. package system import ( - "fmt" "os/exec" "strings" + + "github.com/pkg/errors" ) var _ Validator = &OSValidator{} @@ -41,7 +39,7 @@ func (o *OSValidator) Name() string { func (o *OSValidator) Validate(spec SysSpec) ([]error, []error) { os, err := exec.Command("uname").CombinedOutput() if err != nil { - return nil, []error{fmt.Errorf("failed to get OS name: %w", err)} + return nil, []error{errors.Wrap(err, "failed to get os name")} } if err = o.validateOS(strings.TrimSpace(string(os)), spec.OS); err != nil { return nil, []error{err} @@ -52,7 +50,7 @@ func (o *OSValidator) Validate(spec SysSpec) ([]error, []error) { func (o *OSValidator) validateOS(os, specOS string) error { if os != specOS { o.Reporter.Report("OS", os, bad) - return fmt.Errorf("unsupported operating system: %s", os) + return errors.Errorf("unsupported operating system: %s", os) } o.Reporter.Report("OS", os, good) return nil diff --git a/vendor/k8s.io/system-validators/validators/os_validator_windows.go b/vendor/k8s.io/system-validators/validators/os_validator_windows.go deleted file mode 100644 index 4b1db6d8ac9..00000000000 --- a/vendor/k8s.io/system-validators/validators/os_validator_windows.go +++ /dev/null @@ -1,62 +0,0 @@ -//go:build windows -// +build windows - -/* -Copyright 2024 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package system - -import ( - "fmt" - "os/exec" - "strings" -) - -var _ Validator = &OSValidator{} - -// OSValidator validates OS. -type OSValidator struct { - Reporter Reporter -} - -// Name is part of the system.Validator interface. -func (o *OSValidator) Name() string { - return "os" -} - -// Validate is part of the system.Validator interface. -func (o *OSValidator) Validate(spec SysSpec) ([]error, []error) { - args := []string{`(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').ProductName`} - os, err := exec.Command("powershell", args...).Output() - if err != nil { - return nil, []error{fmt.Errorf("failed to get OS name: %w", err)} - } - if err = o.validateOS(strings.TrimSpace(string(os)), spec.OS); err != nil { - return nil, []error{err} - } - return nil, nil -} - -// validateOS would check if the reported string such as 'Windows Server 2019' contains -// the required OS prefix from the spec 'Windows Server'. -func (o *OSValidator) validateOS(os, specOS string) error { - if !strings.HasPrefix(os, specOS) { - o.Reporter.Report("OS", os, bad) - return fmt.Errorf("unsupported operating system: %s", os) - } - o.Reporter.Report("OS", os, good) - return nil -} diff --git a/vendor/k8s.io/system-validators/validators/package_validator_linux.go b/vendor/k8s.io/system-validators/validators/package_validator_linux.go index 01ddab937c2..4e22999cb9a 100644 --- a/vendor/k8s.io/system-validators/validators/package_validator_linux.go +++ b/vendor/k8s.io/system-validators/validators/package_validator_linux.go @@ -20,13 +20,13 @@ limitations under the License. package system import ( - "errors" "fmt" "io/ioutil" "os/exec" "strings" "github.com/blang/semver/v4" + "github.com/pkg/errors" ) // semVerDotsCount is the number of dots in a valid semantic version. @@ -68,7 +68,7 @@ func newDPKG() (packageManager, bool) { func (dpkg) getPackageVersion(packageName string) (string, error) { output, err := exec.Command("dpkg-query", "--show", "--showformat='${Version}'", packageName).Output() if err != nil { - return "", fmt.Errorf("dpkg-query failed: %w", err) + return "", errors.Wrap(err, "dpkg-query failed") } version := extractUpstreamVersion(string(output)) if version == "" { @@ -152,7 +152,7 @@ func (validator *packageValidator) validate(packageSpecs []PackageSpec, manager if versionRange(sv) { validator.reporter.Report(nameWithVerRange, version, good) } else { - errs = append(errs, fmt.Errorf("package \"%s %s\" does not meet the spec \"%s (%s)\"", packageName, sv, packageName, spec.VersionRange)) + errs = append(errs, errors.Errorf("package \"%s %s\" does not meet the spec \"%s (%s)\"", packageName, sv, packageName, spec.VersionRange)) validator.reporter.Report(nameWithVerRange, version, bad) } } @@ -163,7 +163,7 @@ func (validator *packageValidator) validate(packageSpecs []PackageSpec, manager func getKernelRelease() (string, error) { output, err := exec.Command("uname", "-r").Output() if err != nil { - return "", fmt.Errorf("failed to get kernel release: %w", err) + return "", errors.Wrap(err, "failed to get kernel release") } return strings.TrimSpace(string(output)), nil } @@ -173,7 +173,7 @@ func getOSDistro() (string, error) { f := "/etc/lsb-release" b, err := ioutil.ReadFile(f) if err != nil { - return "", fmt.Errorf("failed to read %q: %w", f, err) + return "", errors.Wrapf(err, "failed to read %q", f) } content := string(b) switch { @@ -184,7 +184,7 @@ func getOSDistro() (string, error) { case strings.Contains(content, "CoreOS"): return "coreos", nil default: - return "", fmt.Errorf("failed to get OS distro: %s", content) + return "", errors.Errorf("failed to get OS distro: %s", content) } } @@ -244,11 +244,10 @@ func extractUpstreamVersion(version string) string { } // toSemVerRange converts the input to a semantic version range. -// E.g., -// - ">=1.0" -> ">=1.0.x" -// - ">=1" -> ">=1.x" -// - ">=1 <=2.3" -> ">=1.x <=2.3.x" -// - ">1 || >3.1.0 !4.2" -> ">1.x || >3.1.0 !4.2.x" +// E.g., ">=1.0" -> ">=1.0.x" +// ">=1" -> ">=1.x" +// ">=1 <=2.3" -> ">=1.x <=2.3.x" +// ">1 || >3.1.0 !4.2" -> ">1.x || >3.1.0 !4.2.x" func toSemVerRange(input string) string { var output []string fields := strings.Fields(input) diff --git a/vendor/k8s.io/system-validators/validators/report.go b/vendor/k8s.io/system-validators/validators/report.go index 4bc2e97eb06..8dfc2ad5401 100644 --- a/vendor/k8s.io/system-validators/validators/report.go +++ b/vendor/k8s.io/system-validators/validators/report.go @@ -17,10 +17,11 @@ limitations under the License. package system import ( - "errors" "fmt" "io" "os" + + "github.com/pkg/errors" ) // ValidationResultType is type of the validation result. Different validation results diff --git a/vendor/k8s.io/system-validators/validators/types.go b/vendor/k8s.io/system-validators/validators/types.go index eee7e81762a..6fbae8fd23c 100644 --- a/vendor/k8s.io/system-validators/validators/types.go +++ b/vendor/k8s.io/system-validators/validators/types.go @@ -37,13 +37,11 @@ type KernelConfig struct { // KernelSpec defines the specification for the kernel. Currently, it contains // specification for: -// - Kernel Version -// - Kernel Configuration +// * Kernel Version +// * Kernel Configuration type KernelSpec struct { // Versions define supported kernel version. It is a group of regexps. Versions []string `json:"versions,omitempty"` - // VersionsNote provides additional information if Versions do not match. - VersionsNote string `json:"versionsNote,omitempty"` // Required contains all kernel configurations required to be enabled // (built in or as module). Required []KernelConfig `json:"required,omitempty"` diff --git a/vendor/k8s.io/system-validators/validators/types_unix.go b/vendor/k8s.io/system-validators/validators/types_unix.go index 802c1223d88..b70947fed31 100644 --- a/vendor/k8s.io/system-validators/validators/types_unix.go +++ b/vendor/k8s.io/system-validators/validators/types_unix.go @@ -28,9 +28,7 @@ import ( var DefaultSysSpec = SysSpec{ OS: "Linux", KernelSpec: KernelSpec{ - // 4.19 is an active kernel Long Term Support (LTS) release, tracked in https://www.kernel.org/category/releases.html. - Versions: []string{`^4\.19.*$`, `^4\.[2-9][0-9].*$`, `^([5-9]|[1-9][0-9]+)\.([0-9]+)\.([0-9]+).*$`}, - VersionsNote: "Recommended LTS version from the 4.x series is 4.19. Any 5.x or 6.x versions are also supported. For cgroups v2 support, the minimal version is 4.15 and the recommended version is 5.8+", + Versions: []string{`^3\.[1-9][0-9].*$`, `^([4-9]|[1-9][0-9]+)\.([0-9]+)\.([0-9]+).*$`}, // Requires 3.10+, or newer // TODO(random-liu): Add more config // TODO(random-liu): Add description for each kernel configuration: Required: []KernelConfig{ @@ -40,12 +38,11 @@ var DefaultSysSpec = SysSpec{ {Name: "IPC_NS"}, {Name: "UTS_NS"}, {Name: "CGROUPS"}, - {Name: "CGROUP_BPF"}, // cgroups v2 - {Name: "CGROUP_CPUACCT"}, // cgroups v1 cpuacct + {Name: "CGROUP_CPUACCT"}, {Name: "CGROUP_DEVICE"}, - {Name: "CGROUP_FREEZER"}, // cgroups v1 freezer + {Name: "CGROUP_FREEZER"}, {Name: "CGROUP_PIDS"}, - {Name: "CGROUP_SCHED"}, // cgroups v1 & v2 cpu + {Name: "CGROUP_SCHED"}, {Name: "CPUSETS"}, {Name: "MEMCG"}, {Name: "INET"}, @@ -72,7 +69,7 @@ var DefaultSysSpec = SysSpec{ // and therefore lacks corresponding hugetlb cgroup "hugetlb", // The blkio cgroup is optional since some kernels are compiled without support for block I/O throttling. - // Containerd and cri-o will use blkio to track disk I/O and throttling in both cgroups v1 and v2. + // Containerd and cri-o will use blkio to track disk I/O and throttling in both cgroup v1 and v2. "blkio", }, CgroupsV2: []string{"cpu", "cpuset", "devices", "freezer", "memory", "pids"}, diff --git a/vendor/k8s.io/system-validators/validators/types_windows.go b/vendor/k8s.io/system-validators/validators/types_windows.go index 3333494762a..cce90f6d669 100644 --- a/vendor/k8s.io/system-validators/validators/types_windows.go +++ b/vendor/k8s.io/system-validators/validators/types_windows.go @@ -24,15 +24,14 @@ import ( "strings" ) -// DefaultSysSpec is the default SysSpec for Windows. +// DefaultSysSpec is the default SysSpec for Windows var DefaultSysSpec = SysSpec{ - OS: "Windows Server", + OS: "Microsoft Windows Server 2016", KernelSpec: KernelSpec{ - Versions: []string{`10\.0\.1439[3-9]`, `10\.0\.14[4-9][0-9]{2}`, `10\.0\.1[5-9][0-9]{3}`, `10\.0\.[2-9][0-9]{4}`, `10\.[1-9]+\.[0-9]+`}, //requires >= '10.0.14393' - VersionsNote: "The kernel version should be >= '10.0.14393'", - Required: []KernelConfig{}, - Optional: []KernelConfig{}, - Forbidden: []KernelConfig{}, + Versions: []string{`10\.0\.1439[3-9]`, `10\.0\.14[4-9][0-9]{2}`, `10\.0\.1[5-9][0-9]{3}`, `10\.0\.[2-9][0-9]{4}`, `10\.[1-9]+\.[0-9]+`}, //requires >= '10.0.14393' + Required: []KernelConfig{}, + Optional: []KernelConfig{}, + Forbidden: []KernelConfig{}, }, RuntimeSpec: RuntimeSpec{ DockerSpec: &DockerSpec{ @@ -47,11 +46,9 @@ type KernelValidatorHelperImpl struct{} var _ KernelValidatorHelper = &KernelValidatorHelperImpl{} -// GetKernelReleaseVersion returns the Windows release version (e.g. 10.0.14393) as a string. -// It does not include the UBR (revision) +// GetKernelReleaseVersion returns the windows release version (ex. 10.0.14393) as a string func (o *KernelValidatorHelperImpl) GetKernelReleaseVersion() (string, error) { - args := []string{`$props = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'; ` + - `"$($props.CurrentMajorVersionNumber).$($props.CurrentMinorVersionNumber).$($props.CurrentBuildNumber)"`} + args := []string{"(Get-CimInstance Win32_OperatingSystem).Version"} releaseVersion, err := exec.Command("powershell", args...).Output() if err != nil { return "", err diff --git a/vendor/modules.txt b/vendor/modules.txt index d458758f6fb..528743a4b0b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1173,7 +1173,7 @@ k8s.io/kube-openapi/pkg/validation/validate ## explicit; go 1.23.0 # k8s.io/sample-apiserver v0.0.0 => ./staging/src/k8s.io/sample-apiserver ## explicit; go 1.23.0 -# k8s.io/system-validators v1.9.0 +# k8s.io/system-validators v1.8.0 ## explicit; go 1.16 k8s.io/system-validators/validators # k8s.io/utils v0.0.0-20240711033017-18e509b52bc8