From 1b22e6f194ebd8ce745bc0b0ed3c017fd82c44c0 Mon Sep 17 00:00:00 2001 From: Avi Deitcher Date: Thu, 15 Jun 2023 21:33:34 +0300 Subject: [PATCH] replace complex manifest-tool with straight go-containerregistry Signed-off-by: Avi Deitcher --- src/cmd/linuxkit/cache/push.go | 5 +- src/cmd/linuxkit/go.mod | 3 +- src/cmd/linuxkit/go.sum | 2 - src/cmd/linuxkit/pkglib/docker.go | 4 +- src/cmd/linuxkit/pkglib/index.go | 10 +- src/cmd/linuxkit/registry/manifest.go | 73 +++-- .../github.com/docker/distribution/.gitignore | 38 --- .../docker/distribution/.golangci.yml | 20 -- .../github.com/docker/distribution/.mailmap | 49 --- .../docker/distribution/BUILDING.md | 117 ------- .../docker/distribution/CONTRIBUTING.md | 148 --------- .../github.com/docker/distribution/Dockerfile | 50 --- .../docker/distribution/MAINTAINERS | 243 -------------- .../github.com/docker/distribution/Makefile | 102 ------ .../github.com/docker/distribution/README.md | 130 -------- .../github.com/docker/distribution/ROADMAP.md | 267 --------------- .../github.com/docker/distribution/blobs.go | 265 --------------- .../github.com/docker/distribution/doc.go | 7 - .../docker/distribution/docker-bake.hcl | 65 ---- .../github.com/docker/distribution/errors.go | 119 ------- .../docker/distribution/manifest/doc.go | 1 - .../manifest/manifestlist/manifestlist.go | 239 -------------- .../docker/distribution/manifest/versioned.go | 12 - .../docker/distribution/manifests.go | 125 ------- .../docker/distribution/registry.go | 118 ------- .../github.com/docker/distribution/tags.go | 27 -- .../docker/distribution/vendor.conf | 51 --- .../manifest-tool/v2/pkg/registry/fetch.go | 24 -- .../manifest-tool/v2/pkg/registry/fetcher.go | 95 ------ .../manifest-tool/v2/pkg/registry/push.go | 161 ---------- .../manifest-tool/v2/pkg/registry/pusher.go | 181 ----------- .../manifest-tool/v2/pkg/store/store.go | 304 ------------------ .../manifest-tool/v2/pkg/types/image.go | 23 -- .../manifest-tool/v2/pkg/types/input.go | 18 -- .../manifest-tool/v2/pkg/types/manifests.go | 39 --- .../manifest-tool/v2/pkg/types/request.go | 45 --- src/cmd/linuxkit/vendor/modules.txt | 19 -- .../vendor/oras.land/oras-go/v2/LICENSE | 201 ------------ .../oras-go/v2/content/descriptor.go | 40 --- .../oras.land/oras-go/v2/content/graph.go | 106 ------ .../oras-go/v2/content/limitedstorage.go | 50 --- .../oras-go/v2/content/memory/memory.go | 96 ------ .../oras.land/oras-go/v2/content/reader.go | 141 -------- .../oras.land/oras-go/v2/content/resolver.go | 41 --- .../oras.land/oras-go/v2/content/storage.go | 80 ----- .../oras.land/oras-go/v2/errdef/errors.go | 30 -- .../oras-go/v2/internal/cas/memory.go | 88 ----- .../oras-go/v2/internal/cas/proxy.go | 125 ------- .../v2/internal/descriptor/descriptor.go | 88 ----- .../oras-go/v2/internal/docker/mediatype.go | 24 -- .../oras-go/v2/internal/graph/memory.go | 134 -------- .../oras-go/v2/internal/ioutil/io.go | 58 ---- .../oras-go/v2/internal/resolver/memory.go | 61 ---- .../oras-go/v2/internal/status/tracker.go | 43 --- .../oras-go/v2/internal/syncutil/limit.go | 84 ----- .../v2/internal/syncutil/limitgroup.go | 67 ---- .../oras-go/v2/internal/syncutil/merge.go | 140 -------- .../oras-go/v2/internal/syncutil/once.go | 70 ---- .../oras-go/v2/internal/syncutil/pool.go | 64 ---- 59 files changed, 64 insertions(+), 4966 deletions(-) delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/.gitignore delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/.golangci.yml delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/.mailmap delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/BUILDING.md delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/CONTRIBUTING.md delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/Dockerfile delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/MAINTAINERS delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/Makefile delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/README.md delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/ROADMAP.md delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/blobs.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/doc.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/docker-bake.hcl delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/errors.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/doc.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/versioned.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/manifests.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/registry.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/tags.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/docker/distribution/vendor.conf delete mode 100644 src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/fetch.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/fetcher.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/push.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/pusher.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/store/store.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/image.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/input.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/manifests.go delete mode 100644 src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/request.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/LICENSE delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/descriptor.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/graph.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/limitedstorage.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/memory/memory.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/reader.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/resolver.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/storage.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/errdef/errors.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/cas/memory.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/cas/proxy.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/descriptor/descriptor.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/docker/mediatype.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/graph/memory.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/ioutil/io.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/resolver/memory.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/status/tracker.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/limit.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/limitgroup.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/merge.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/once.go delete mode 100644 src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/pool.go diff --git a/src/cmd/linuxkit/cache/push.go b/src/cmd/linuxkit/cache/push.go index e37e2963f..e280dee63 100644 --- a/src/cmd/linuxkit/cache/push.go +++ b/src/cmd/linuxkit/cache/push.go @@ -117,9 +117,10 @@ func (p *Provider) Push(name string, withManifest bool) error { return nil } // Even though we may have pushed the index, we want to be sure that we have an index that includes every architecture on the registry, - // not just those that were in our local cache. So we use manifest-tool library to build a broad index + // not just those that were in our local cache. So we call PushManifest to push an index that includes all arch-specific images + // already in the registry. fmt.Printf("Pushing index based on all arch-specific images in registry %s\n", name) - _, _, err = registry.PushManifest(name) + _, _, err = registry.PushManifest(name, options...) if err != nil { return err } diff --git a/src/cmd/linuxkit/go.mod b/src/cmd/linuxkit/go.mod index 0279a3f20..d078cf66c 100644 --- a/src/cmd/linuxkit/go.mod +++ b/src/cmd/linuxkit/go.mod @@ -55,6 +55,7 @@ require ( require ( github.com/Code-Hex/vz/v3 v3.0.0 github.com/spf13/cobra v1.6.1 + github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 ) require ( @@ -112,7 +113,6 @@ require ( github.com/secure-systems-lab/go-securesystemslib v0.4.0 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect github.com/tonistiigi/fsutil v0.0.0-20230105215944-fb433841cbfa // indirect github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f // indirect @@ -138,5 +138,4 @@ require ( google.golang.org/grpc v1.50.1 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - oras.land/oras-go/v2 v2.0.0 // indirect ) diff --git a/src/cmd/linuxkit/go.sum b/src/cmd/linuxkit/go.sum index 83e05194d..ed4726e70 100644 --- a/src/cmd/linuxkit/go.sum +++ b/src/cmd/linuxkit/go.sum @@ -2371,8 +2371,6 @@ mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIa mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= mvdan.cc/unparam v0.0.0-20200501210554-b37ab49443f7/go.mod h1:HGC5lll35J70Y5v7vCGb9oLhHoScFwkHDJm/05RdSTc= -oras.land/oras-go/v2 v2.0.0 h1:+LRAz92WF7AvYQsQjPEAIw3Xb2zPPhuydjpi4pIHmc0= -oras.land/oras-go/v2 v2.0.0/go.mod h1:iVExH1NxrccIxjsiq17L91WCZ4KIw6jVQyCLsZsu1gc= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= diff --git a/src/cmd/linuxkit/pkglib/docker.go b/src/cmd/linuxkit/pkglib/docker.go index b14442b31..589d4f197 100644 --- a/src/cmd/linuxkit/pkglib/docker.go +++ b/src/cmd/linuxkit/pkglib/docker.go @@ -23,6 +23,8 @@ import ( "github.com/containerd/containerd/reference" "github.com/docker/buildx/util/progress" "github.com/docker/docker/api/types" + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/v1/remote" versioncompare "github.com/hashicorp/go-version" "github.com/linuxkit/linuxkit/src/cmd/linuxkit/registry" "github.com/linuxkit/linuxkit/src/cmd/linuxkit/spec" @@ -384,7 +386,7 @@ func (dr *dockerRunnerImpl) pushWithManifest(img, suffix string, pushImage, push if pushManifest { fmt.Printf("Pushing %s to manifest %s\n", img+suffix, img) - _, _, err = registry.PushManifest(img) + _, _, err = registry.PushManifest(img, remote.WithAuthFromKeychain(authn.DefaultKeychain)) if err != nil { return err } diff --git a/src/cmd/linuxkit/pkglib/index.go b/src/cmd/linuxkit/pkglib/index.go index e4f319f93..b114235b1 100644 --- a/src/cmd/linuxkit/pkglib/index.go +++ b/src/cmd/linuxkit/pkglib/index.go @@ -3,6 +3,8 @@ package pkglib import ( "fmt" + "github.com/google/go-containerregistry/pkg/authn" + "github.com/google/go-containerregistry/pkg/v1/remote" "github.com/linuxkit/linuxkit/src/cmd/linuxkit/registry" "github.com/linuxkit/linuxkit/src/cmd/linuxkit/util" ) @@ -16,13 +18,15 @@ func (p Pkg) Index(bos ...BuildOpt) error { } } name := p.FullTag() + options := []remote.Option{remote.WithAuthFromKeychain(authn.DefaultKeychain)} // Even though we may have pushed the index, we want to be sure that we have an index that includes every architecture on the registry, - // not just those that were in our local cache. So we use manifest-tool library to build a broad index + // not just those that were in our local cache. So we call PushManifest to push an index that includes all arch-specific images + // already in the registry. // push based on tag fmt.Printf("Pushing index based on all arch-specific images in registry %s\n", name) - _, _, err := registry.PushManifest(name) + _, _, err := registry.PushManifest(name, options...) if err != nil { return err } @@ -36,7 +40,7 @@ func (p Pkg) Index(bos ...BuildOpt) error { fullRelTag := util.ReferenceExpand(relTag) fmt.Printf("Pushing index based on all arch-specific images in registry %s\n", fullRelTag) - _, _, err = registry.PushManifest(fullRelTag) + _, _, err = registry.PushManifest(fullRelTag, options...) if err != nil { return err } diff --git a/src/cmd/linuxkit/registry/manifest.go b/src/cmd/linuxkit/registry/manifest.go index fe3355fc8..7156d9664 100644 --- a/src/cmd/linuxkit/registry/manifest.go +++ b/src/cmd/linuxkit/registry/manifest.go @@ -4,9 +4,11 @@ import ( "fmt" "strings" - "github.com/estesp/manifest-tool/v2/pkg/registry" - "github.com/estesp/manifest-tool/v2/pkg/types" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/empty" + "github.com/google/go-containerregistry/pkg/v1/mutate" + "github.com/google/go-containerregistry/pkg/v1/remote" log "github.com/sirupsen/logrus" ) @@ -23,9 +25,12 @@ var platformsToSearchForIndex = []string{ } // PushManifest create a manifest that supports each of the provided platforms and push it out. -func PushManifest(img string) (hash string, length int, err error) { - var srcImages []types.ManifestEntry - +func PushManifest(img string, options ...remote.Option) (hash string, length int64, err error) { + baseRef, err := name.ParseReference(img) + if err != nil { + return hash, length, fmt.Errorf("parsing %s: %w", img, err) + } + adds := make([]mutate.IndexAddendum, 0, len(platformsToSearchForIndex)) for i, platform := range platformsToSearchForIndex { osArchArr := strings.Split(platform, "/") if len(osArchArr) != 2 && len(osArchArr) != 3 { @@ -36,25 +41,47 @@ func PushManifest(img string) (hash string, length int, err error) { if len(osArchArr) == 3 { variant = osArchArr[2] } - srcImages = append(srcImages, types.ManifestEntry{ - Image: fmt.Sprintf("%s-%s", img, arch), - Platform: ocispec.Platform{ - OS: os, - Architecture: arch, - Variant: variant, - }, + refName := fmt.Sprintf("%s-%s", img, arch) + ref, err := name.ParseReference(refName) + if err != nil { + return hash, length, fmt.Errorf("parsing %s: %w", refName, err) + } + remoteDesc, err := remote.Get(ref, options...) + if err != nil { + // TODO: Should distinguish between a 404 and a network error + log.Warnf("image %s not found; skipping: %v", ref, err) + continue + } + img, err := remoteDesc.Image() + if err != nil { + return hash, length, fmt.Errorf("getting image %s: %w", ref, err) + } + desc := remoteDesc.Descriptor + desc.Platform = &v1.Platform{ + OS: os, + Architecture: arch, + Variant: variant, + } + adds = append(adds, mutate.IndexAddendum{ + Add: img, + Descriptor: desc, }) } - yamlInput := types.YAMLInput{ - Image: img, - Manifests: srcImages, + // add the desc to the index we will push + index := mutate.AppendManifests(empty.Index, adds...) + size, err := index.Size() + if err != nil { + return hash, length, fmt.Errorf("getting index size: %w", err) } - - log.Debugf("pushing manifest list for %s -> %#v", img, yamlInput) - - // push the manifest list, ignore missing, do not allow insecure - // we do not provide auth credentials to force resolve them internally - // according to the hostname of image to push - return registry.PushManifestList("", "", yamlInput, true, false, false, types.OCI, "") + dig, err := index.Digest() + if err != nil { + return hash, length, fmt.Errorf("getting index digest: %w", err) + } + log.Debugf("pushing manifest list for %s -> %#v", img, index) + err = remote.WriteIndex(baseRef, index, options...) + if err != nil { + return hash, length, fmt.Errorf("writing index: %w", err) + } + return dig.String(), size, nil } diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/.gitignore b/src/cmd/linuxkit/vendor/github.com/docker/distribution/.gitignore deleted file mode 100644 index 4cf7888e9..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/.gitignore +++ /dev/null @@ -1,38 +0,0 @@ -# Compiled Object files, Static and Dynamic libs (Shared Objects) -*.o -*.a -*.so - -# Folders -_obj -_test - -# Architecture specific extensions/prefixes -*.[568vq] -[568vq].out - -*.cgo1.go -*.cgo2.c -_cgo_defun.c -_cgo_gotypes.go -_cgo_export.* - -_testmain.go - -*.exe -*.test -*.prof - -# never checkin from the bin file (for now) -bin/* - -# Test key files -*.pem - -# Cover profiles -*.out - -# Editor/IDE specific files. -*.sublime-project -*.sublime-workspace -.idea/* diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/.golangci.yml b/src/cmd/linuxkit/vendor/github.com/docker/distribution/.golangci.yml deleted file mode 100644 index 1ba6cb916..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/.golangci.yml +++ /dev/null @@ -1,20 +0,0 @@ -linters: - enable: - - structcheck - - varcheck - - staticcheck - - unconvert - - gofmt - - goimports - - golint - - ineffassign - - vet - - unused - - misspell - disable: - - errcheck - -run: - deadline: 2m - skip-dirs: - - vendor diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/.mailmap b/src/cmd/linuxkit/vendor/github.com/docker/distribution/.mailmap deleted file mode 100644 index 8f3738f3d..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/.mailmap +++ /dev/null @@ -1,49 +0,0 @@ -Stephen J Day Stephen Day -Stephen J Day Stephen Day -Olivier Gambier Olivier Gambier -Brian Bland Brian Bland -Brian Bland Brian Bland -Josh Hawn Josh Hawn -Richard Scothern Richard -Richard Scothern Richard Scothern -Andrew Meredith Andrew Meredith -harche harche -Jessie Frazelle -Sharif Nassar Sharif Nassar -Sven Dowideit Sven Dowideit -Vincent Giersch Vincent Giersch -davidli davidli -Omer Cohen Omer Cohen -Eric Yang Eric Yang -Nikita Tarasov Nikita -Yu Wang yuwaMSFT2 -Yu Wang Yu Wang (UC) -Olivier Gambier dmp -Olivier Gambier Olivier -Olivier Gambier Olivier -Elsan Li 李楠 elsanli(李楠) -Rui Cao ruicao -Gwendolynne Barr gbarr01 -Haibing Zhou 周海兵 zhouhaibing089 -Feng Honglin tifayuki -Helen Xie Helen-xie -Mike Brown Mike Brown -Manish Tomar Manish Tomar -Sakeven Jiang sakeven -Milos Gajdos Milos Gajdos -Derek McGowan Derek McGowa -Adrian Plata Adrian Plata <@users.noreply.github.com> -Sebastiaan van Stijn Sebastiaan van Stijn -Vishesh Jindal Vishesh Jindal -Wang Yan Wang Yan -Chris Patterson Chris Patterson -Eohyung Lee Eohyung Lee -João Pereira <484633+joaodrp@users.noreply.github.com> -Smasherr Smasherr -Thomas Berger Thomas Berger -Samuel Karp Samuel Karp -Justin Cormack -sayboras -CrazyMax -CrazyMax <1951866+crazy-max@users.noreply.github.com> -CrazyMax diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/BUILDING.md b/src/cmd/linuxkit/vendor/github.com/docker/distribution/BUILDING.md deleted file mode 100644 index 2981d016b..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/BUILDING.md +++ /dev/null @@ -1,117 +0,0 @@ - -# Building the registry source - -## Use-case - -This is useful if you intend to actively work on the registry. - -### Alternatives - -Most people should use the [official Registry docker image](https://hub.docker.com/r/library/registry/). - -People looking for advanced operational use cases might consider rolling their own image with a custom Dockerfile inheriting `FROM registry:2`. - -OS X users who want to run natively can do so following [the instructions here](https://github.com/docker/docker.github.io/blob/master/registry/recipes/osx-setup-guide.md). - -### Gotchas - -You are expected to know your way around with go & git. - -If you are a casual user with no development experience, and no preliminary knowledge of go, building from source is probably not a good solution for you. - -## Build the development environment - -The first prerequisite of properly building distribution targets is to have a Go -development environment setup. Please follow [How to Write Go Code](https://golang.org/doc/code.html) -for proper setup. If done correctly, you should have a GOROOT and GOPATH set in the -environment. - -If a Go development environment is setup, one can use `go get` to install the -`registry` command from the current latest: - - go get github.com/docker/distribution/cmd/registry - -The above will install the source repository into the `GOPATH`. - -Now create the directory for the registry data (this might require you to set permissions properly) - - mkdir -p /var/lib/registry - -... or alternatively `export REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/somewhere` if you want to store data into another location. - -The `registry` -binary can then be run with the following: - - $ $GOPATH/bin/registry --version - $GOPATH/bin/registry github.com/docker/distribution v2.0.0-alpha.1+unknown - -> __NOTE:__ While you do not need to use `go get` to checkout the distribution -> project, for these build instructions to work, the project must be checked -> out in the correct location in the `GOPATH`. This should almost always be -> `$GOPATH/src/github.com/docker/distribution`. - -The registry can be run with the default config using the following -incantation: - - $ $GOPATH/bin/registry serve $GOPATH/src/github.com/docker/distribution/cmd/registry/config-example.yml - INFO[0000] endpoint local-5003 disabled, skipping app.id=34bbec38-a91a-494a-9a3f-b72f9010081f version=v2.0.0-alpha.1+unknown - INFO[0000] endpoint local-8083 disabled, skipping app.id=34bbec38-a91a-494a-9a3f-b72f9010081f version=v2.0.0-alpha.1+unknown - INFO[0000] listening on :5000 app.id=34bbec38-a91a-494a-9a3f-b72f9010081f version=v2.0.0-alpha.1+unknown - INFO[0000] debug server listening localhost:5001 - -If it is working, one should see the above log messages. - -### Repeatable Builds - -For the full development experience, one should `cd` into -`$GOPATH/src/github.com/docker/distribution`. From there, the regular `go` -commands, such as `go test`, should work per package (please see -[Developing](#developing) if they don't work). - -A `Makefile` has been provided as a convenience to support repeatable builds. -Please install the following into `GOPATH` for it to work: - - go get github.com/golang/lint/golint - -Once these commands are available in the `GOPATH`, run `make` to get a full -build: - - $ make - + clean - + fmt - + vet - + lint - + build - github.com/docker/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar - github.com/sirupsen/logrus - github.com/docker/libtrust - ... - github.com/yvasiyarov/gorelic - github.com/docker/distribution/registry/handlers - github.com/docker/distribution/cmd/registry - + test - ... - ok github.com/docker/distribution/digest 7.875s - ok github.com/docker/distribution/manifest 0.028s - ok github.com/docker/distribution/notifications 17.322s - ? github.com/docker/distribution/registry [no test files] - ok github.com/docker/distribution/registry/api/v2 0.101s - ? github.com/docker/distribution/registry/auth [no test files] - ok github.com/docker/distribution/registry/auth/silly 0.011s - ... - + /Users/sday/go/src/github.com/docker/distribution/bin/registry - + /Users/sday/go/src/github.com/docker/distribution/bin/registry-api-descriptor-template - + binaries - -The above provides a repeatable build using the contents of the vendor -directory. This includes formatting, vetting, linting, building, -testing and generating tagged binaries. We can verify this worked by running -the registry binary generated in the "./bin" directory: - - $ ./bin/registry --version - ./bin/registry github.com/docker/distribution v2.0.0-alpha.2-80-g16d8b2c.m - -### Optional build tags - -Optional [build tags](http://golang.org/pkg/go/build/) can be provided using -the environment variable `DOCKER_BUILDTAGS`. diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/CONTRIBUTING.md b/src/cmd/linuxkit/vendor/github.com/docker/distribution/CONTRIBUTING.md deleted file mode 100644 index 4c067d9e7..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/CONTRIBUTING.md +++ /dev/null @@ -1,148 +0,0 @@ -# Contributing to the registry - -## Before reporting an issue... - -### If your problem is with... - - - automated builds - - your account on the [Docker Hub](https://hub.docker.com/) - - any other [Docker Hub](https://hub.docker.com/) issue - -Then please do not report your issue here - you should instead report it to [https://support.docker.com](https://support.docker.com) - -### If you... - - - need help setting up your registry - - can't figure out something - - are not sure what's going on or what your problem is - -Then please do not open an issue here yet - you should first try one of the following support forums: - - - irc: #docker-distribution on freenode - - mailing-list: or https://groups.google.com/a/dockerproject.org/forum/#!forum/distribution - -### Reporting security issues - -The Docker maintainers take security seriously. If you discover a security -issue, please bring it to their attention right away! - -Please **DO NOT** file a public issue, instead send your report privately to -[security@docker.com](mailto:security@docker.com). - -## Reporting an issue properly - -By following these simple rules you will get better and faster feedback on your issue. - - - search the bugtracker for an already reported issue - -### If you found an issue that describes your problem: - - - please read other user comments first, and confirm this is the same issue: a given error condition might be indicative of different problems - you may also find a workaround in the comments - - please refrain from adding "same thing here" or "+1" comments - - you don't need to comment on an issue to get notified of updates: just hit the "subscribe" button - - comment if you have some new, technical and relevant information to add to the case - - __DO NOT__ comment on closed issues or merged PRs. If you think you have a related problem, open up a new issue and reference the PR or issue. - -### If you have not found an existing issue that describes your problem: - - 1. create a new issue, with a succinct title that describes your issue: - - bad title: "It doesn't work with my docker" - - good title: "Private registry push fail: 400 error with E_INVALID_DIGEST" - 2. copy the output of: - - `docker version` - - `docker info` - - `docker exec registry --version` - 3. copy the command line you used to launch your Registry - 4. restart your docker daemon in debug mode (add `-D` to the daemon launch arguments) - 5. reproduce your problem and get your docker daemon logs showing the error - 6. if relevant, copy your registry logs that show the error - 7. provide any relevant detail about your specific Registry configuration (e.g., storage backend used) - 8. indicate if you are using an enterprise proxy, Nginx, or anything else between you and your Registry - -## Contributing a patch for a known bug, or a small correction - -You should follow the basic GitHub workflow: - - 1. fork - 2. commit a change - 3. make sure the tests pass - 4. PR - -Additionally, you must [sign your commits](https://github.com/docker/docker/blob/master/CONTRIBUTING.md#sign-your-work). It's very simple: - - - configure your name with git: `git config user.name "Real Name" && git config user.email mail@example.com` - - sign your commits using `-s`: `git commit -s -m "My commit"` - -Some simple rules to ensure quick merge: - - - clearly point to the issue(s) you want to fix in your PR comment (e.g., `closes #12345`) - - prefer multiple (smaller) PRs addressing individual issues over a big one trying to address multiple issues at once - - if you need to amend your PR following comments, please squash instead of adding more commits - -## Contributing new features - -You are heavily encouraged to first discuss what you want to do. You can do so on the irc channel, or by opening an issue that clearly describes the use case you want to fulfill, or the problem you are trying to solve. - -If this is a major new feature, you should then submit a proposal that describes your technical solution and reasoning. -If you did discuss it first, this will likely be greenlighted very fast. It's advisable to address all feedback on this proposal before starting actual work. - -Then you should submit your implementation, clearly linking to the issue (and possible proposal). - -Your PR will be reviewed by the community, then ultimately by the project maintainers, before being merged. - -It's mandatory to: - - - interact respectfully with other community members and maintainers - more generally, you are expected to abide by the [Docker community rules](https://github.com/docker/docker/blob/master/CONTRIBUTING.md#docker-community-guidelines) - - address maintainers' comments and modify your submission accordingly - - write tests for any new code - -Complying to these simple rules will greatly accelerate the review process, and will ensure you have a pleasant experience in contributing code to the Registry. - -Have a look at a great, successful contribution: the [Swift driver PR](https://github.com/docker/distribution/pull/493) - -## Coding Style - -Unless explicitly stated, we follow all coding guidelines from the Go -community. While some of these standards may seem arbitrary, they somehow seem -to result in a solid, consistent codebase. - -It is possible that the code base does not currently comply with these -guidelines. We are not looking for a massive PR that fixes this, since that -goes against the spirit of the guidelines. All new contributions should make a -best effort to clean up and make the code base better than they left it. -Obviously, apply your best judgement. Remember, the goal here is to make the -code base easier for humans to navigate and understand. Always keep that in -mind when nudging others to comply. - -The rules: - -1. All code should be formatted with `gofmt -s`. -2. All code should pass the default levels of - [`golint`](https://github.com/golang/lint). -3. All code should follow the guidelines covered in [Effective - Go](http://golang.org/doc/effective_go.html) and [Go Code Review - Comments](https://github.com/golang/go/wiki/CodeReviewComments). -4. Comment the code. Tell us the why, the history and the context. -5. Document _all_ declarations and methods, even private ones. Declare - expectations, caveats and anything else that may be important. If a type - gets exported, having the comments already there will ensure it's ready. -6. Variable name length should be proportional to its context and no longer. - `noCommaALongVariableNameLikeThisIsNotMoreClearWhenASimpleCommentWouldDo`. - In practice, short methods will have short variable names and globals will - have longer names. -7. No underscores in package names. If you need a compound name, step back, - and re-examine why you need a compound name. If you still think you need a - compound name, lose the underscore. -8. No utils or helpers packages. If a function is not general enough to - warrant its own package, it has not been written generally enough to be a - part of a util package. Just leave it unexported and well-documented. -9. All tests should run with `go test` and outside tooling should not be - required. No, we don't need another unit testing framework. Assertion - packages are acceptable if they provide _real_ incremental value. -10. Even though we call these "rules" above, they are actually just - guidelines. Since you've read all the rules, you now know that. - -If you are having trouble getting into the mood of idiomatic Go, we recommend -reading through [Effective Go](http://golang.org/doc/effective_go.html). The -[Go Blog](http://blog.golang.org/) is also a great resource. Drinking the -kool-aid is a lot easier than going thirsty. diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/Dockerfile b/src/cmd/linuxkit/vendor/github.com/docker/distribution/Dockerfile deleted file mode 100644 index ae8c040c7..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/Dockerfile +++ /dev/null @@ -1,50 +0,0 @@ -# syntax=docker/dockerfile:1.3 - -ARG GO_VERSION=1.16.15 -ARG GORELEASER_XX_VERSION=1.2.5 - -FROM --platform=$BUILDPLATFORM crazymax/goreleaser-xx:${GORELEASER_XX_VERSION} AS goreleaser-xx -FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine AS base -COPY --from=goreleaser-xx / / -RUN apk add --no-cache file git -WORKDIR /go/src/github.com/docker/distribution - -FROM base AS build -ENV GO111MODULE=auto -ENV CGO_ENABLED=0 -# GIT_REF is used by goreleaser-xx to handle the proper git ref when available. -# It will fallback to the working tree info if empty and use "git tag --points-at" -# or "git describe" to define the version info. -ARG GIT_REF -ARG TARGETPLATFORM -ARG PKG="github.com/distribution/distribution" -ARG BUILDTAGS="include_oss include_gcs" -RUN --mount=type=bind,rw \ - --mount=type=cache,target=/root/.cache/go-build \ - --mount=target=/go/pkg/mod,type=cache \ - goreleaser-xx --debug \ - --name="registry" \ - --dist="/out" \ - --main="./cmd/registry" \ - --flags="-v" \ - --ldflags="-s -w -X '$PKG/version.Version={{.Version}}' -X '$PKG/version.Revision={{.Commit}}' -X '$PKG/version.Package=$PKG'" \ - --tags="$BUILDTAGS" \ - --files="LICENSE" \ - --files="README.md" - -FROM scratch AS artifact -COPY --from=build /out/*.tar.gz / -COPY --from=build /out/*.zip / -COPY --from=build /out/*.sha256 / - -FROM scratch AS binary -COPY --from=build /usr/local/bin/registry* / - -FROM alpine:3.14 -RUN apk add --no-cache ca-certificates -COPY cmd/registry/config-dev.yml /etc/docker/registry/config.yml -COPY --from=build /usr/local/bin/registry /bin/registry -VOLUME ["/var/lib/registry"] -EXPOSE 5000 -ENTRYPOINT ["registry"] -CMD ["serve", "/etc/docker/registry/config.yml"] diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/MAINTAINERS b/src/cmd/linuxkit/vendor/github.com/docker/distribution/MAINTAINERS deleted file mode 100644 index 3183620c5..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/MAINTAINERS +++ /dev/null @@ -1,243 +0,0 @@ -# Distribution maintainers file -# -# This file describes who runs the docker/distribution project and how. -# This is a living document - if you see something out of date or missing, speak up! -# -# It is structured to be consumable by both humans and programs. -# To extract its contents programmatically, use any TOML-compliant parser. -# - -[Rules] - - [Rules.maintainers] - - title = "What is a maintainer?" - - text = """ -There are different types of maintainers, with different responsibilities, but -all maintainers have 3 things in common: - -1) They share responsibility in the project's success. -2) They have made a long-term, recurring time investment to improve the project. -3) They spend that time doing whatever needs to be done, not necessarily what -is the most interesting or fun. - -Maintainers are often under-appreciated, because their work is harder to appreciate. -It's easy to appreciate a really cool and technically advanced feature. It's harder -to appreciate the absence of bugs, the slow but steady improvement in stability, -or the reliability of a release process. But those things distinguish a good -project from a great one. -""" - - [Rules.reviewer] - - title = "What is a reviewer?" - - text = """ -A reviewer is a core role within the project. -They share in reviewing issues and pull requests and their LGTM count towards the -required LGTM count to merge a code change into the project. - -Reviewers are part of the organization but do not have write access. -Becoming a reviewer is a core aspect in the journey to becoming a maintainer. -""" - - [Rules.adding-maintainers] - - title = "How are maintainers added?" - - text = """ -Maintainers are first and foremost contributors that have shown they are -committed to the long term success of a project. Contributors wanting to become -maintainers are expected to be deeply involved in contributing code, pull -request review, and triage of issues in the project for more than three months. - -Just contributing does not make you a maintainer, it is about building trust -with the current maintainers of the project and being a person that they can -depend on and trust to make decisions in the best interest of the project. - -Periodically, the existing maintainers curate a list of contributors that have -shown regular activity on the project over the prior months. From this list, -maintainer candidates are selected and proposed on the maintainers mailing list. - -After a candidate has been announced on the maintainers mailing list, the -existing maintainers are given five business days to discuss the candidate, -raise objections and cast their vote. Candidates must be approved by at least 66% of the current maintainers by adding their vote on the mailing -list. Only maintainers of the repository that the candidate is proposed for are -allowed to vote. - -If a candidate is approved, a maintainer will contact the candidate to invite -the candidate to open a pull request that adds the contributor to the -MAINTAINERS file. The candidate becomes a maintainer once the pull request is -merged. -""" - - [Rules.stepping-down-policy] - - title = "Stepping down policy" - - text = """ -Life priorities, interests, and passions can change. If you're a maintainer but -feel you must remove yourself from the list, inform other maintainers that you -intend to step down, and if possible, help find someone to pick up your work. -At the very least, ensure your work can be continued where you left off. - -After you've informed other maintainers, create a pull request to remove -yourself from the MAINTAINERS file. -""" - - [Rules.inactive-maintainers] - - title = "Removal of inactive maintainers" - - text = """ -Similar to the procedure for adding new maintainers, existing maintainers can -be removed from the list if they do not show significant activity on the -project. Periodically, the maintainers review the list of maintainers and their -activity over the last three months. - -If a maintainer has shown insufficient activity over this period, a neutral -person will contact the maintainer to ask if they want to continue being -a maintainer. If the maintainer decides to step down as a maintainer, they -open a pull request to be removed from the MAINTAINERS file. - -If the maintainer wants to remain a maintainer, but is unable to perform the -required duties they can be removed with a vote of at least 66% of -the current maintainers. An e-mail is sent to the -mailing list, inviting maintainers of the project to vote. The voting period is -five business days. Issues related to a maintainer's performance should be -discussed with them among the other maintainers so that they are not surprised -by a pull request removing them. -""" - - [Rules.decisions] - - title = "How are decisions made?" - - text = """ -Short answer: EVERYTHING IS A PULL REQUEST. - -distribution is an open-source project with an open design philosophy. This means -that the repository is the source of truth for EVERY aspect of the project, -including its philosophy, design, road map, and APIs. *If it's part of the -project, it's in the repo. If it's in the repo, it's part of the project.* - -As a result, all decisions can be expressed as changes to the repository. An -implementation change is a change to the source code. An API change is a change -to the API specification. A philosophy change is a change to the philosophy -manifesto, and so on. - -All decisions affecting distribution, big and small, follow the same 3 steps: - -* Step 1: Open a pull request. Anyone can do this. - -* Step 2: Discuss the pull request. Anyone can do this. - -* Step 3: Merge or refuse the pull request. Who does this depends on the nature -of the pull request and which areas of the project it affects. -""" - - [Rules.DCO] - - title = "Helping contributors with the DCO" - - text = """ -The [DCO or `Sign your work`]( -https://github.com/moby/moby/blob/master/CONTRIBUTING.md#sign-your-work) -requirement is not intended as a roadblock or speed bump. - -Some distribution contributors are not as familiar with `git`, or have used a web -based editor, and thus asking them to `git commit --amend -s` is not the best -way forward. - -In this case, maintainers can update the commits based on clause (c) of the DCO. -The most trivial way for a contributor to allow the maintainer to do this, is to -add a DCO signature in a pull requests's comment, or a maintainer can simply -note that the change is sufficiently trivial that it does not substantially -change the existing contribution - i.e., a spelling change. - -When you add someone's DCO, please also add your own to keep a log. -""" - - [Rules."no direct push"] - - title = "I'm a maintainer. Should I make pull requests too?" - - text = """ -Yes. Nobody should ever push to master directly. All changes should be -made through a pull request. -""" - - [Rules.tsc] - - title = "Conflict Resolution and technical disputes" - - text = """ -distribution defers to the [Technical Steering Committee](https://github.com/moby/tsc) for escalations and resolution on disputes for technical matters." - """ - - [Rules.meta] - - title = "How is this process changed?" - - text = "Just like everything else: by making a pull request :)" - -# Current project organization -[Org] - - [Org.Maintainers] - people = [ - "dmcgowan", - "dmp42", - "stevvooe", - ] - [Org.Reviewers] - people = [ - "manishtomar", - "caervs", - "davidswu", - "RobbKistler" - ] - -[people] - -# A reference list of all people associated with the project. -# All other sections should refer to people by their canonical key -# in the people section. - - # ADD YOURSELF HERE IN ALPHABETICAL ORDER - - [people.caervs] - Name = "Ryan Abrams" - Email = "rdabrams@gmail.com" - GitHub = "caervs" - - [people.davidswu] - Name = "David Wu" - Email = "dwu7401@gmail.com" - GitHub = "davidswu" - - [people.dmcgowan] - Name = "Derek McGowan" - Email = "derek@mcgstyle.net" - GitHub = "dmcgowan" - - [people.dmp42] - Name = "Olivier Gambier" - Email = "olivier@docker.com" - GitHub = "dmp42" - - [people.manishtomar] - Name = "Manish Tomar" - Email = "manish.tomar@docker.com" - GitHub = "manishtomar" - - [people.RobbKistler] - Name = "Robb Kistler" - Email = "robb.kistler@docker.com" - GitHub = "RobbKistler" - - [people.stevvooe] - Name = "Stephen Day" - Email = "stephen.day@docker.com" - GitHub = "stevvooe" diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/Makefile b/src/cmd/linuxkit/vendor/github.com/docker/distribution/Makefile deleted file mode 100644 index 331da2732..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/Makefile +++ /dev/null @@ -1,102 +0,0 @@ -# Root directory of the project (absolute path). -ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST)))) - -# Used to populate version variable in main package. -VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always) -REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) - - -PKG=github.com/docker/distribution - -# Project packages. -PACKAGES=$(shell go list -tags "${BUILDTAGS}" ./... | grep -v /vendor/) -INTEGRATION_PACKAGE=${PKG} -COVERAGE_PACKAGES=$(filter-out ${PKG}/registry/storage/driver/%,${PACKAGES}) - - -# Project binaries. -COMMANDS=registry digest registry-api-descriptor-template - -# Allow turning off function inlining and variable registerization -ifeq (${DISABLE_OPTIMIZATION},true) - GO_GCFLAGS=-gcflags "-N -l" - VERSION:="$(VERSION)-noopt" -endif - -WHALE = "+" - -# Go files -# -TESTFLAGS_RACE= -GOFILES=$(shell find . -type f -name '*.go') -GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) -GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PKG) $(EXTRA_LDFLAGS)' - -BINARIES=$(addprefix bin/,$(COMMANDS)) - -# Flags passed to `go test` -TESTFLAGS ?= -v $(TESTFLAGS_RACE) -TESTFLAGS_PARALLEL ?= 8 - -.PHONY: all build binaries check clean test test-race test-full integration coverage -.DEFAULT: all - -all: binaries - -# This only needs to be generated by hand when cutting full releases. -version/version.go: - @echo "$(WHALE) $@" - ./version/version.sh > $@ - -check: ## run all linters (TODO: enable "unused", "varcheck", "ineffassign", "unconvert", "staticheck", "goimports", "structcheck") - @echo "$(WHALE) $@" - golangci-lint run - -test: ## run tests, except integration test with test.short - @echo "$(WHALE) $@" - @go test ${GO_TAGS} -test.short ${TESTFLAGS} $(filter-out ${INTEGRATION_PACKAGE},${PACKAGES}) - -test-race: ## run tests, except integration test with test.short and race - @echo "$(WHALE) $@" - @go test ${GO_TAGS} -race -test.short ${TESTFLAGS} $(filter-out ${INTEGRATION_PACKAGE},${PACKAGES}) - -test-full: ## run tests, except integration tests - @echo "$(WHALE) $@" - @go test ${GO_TAGS} ${TESTFLAGS} $(filter-out ${INTEGRATION_PACKAGE},${PACKAGES}) - -integration: ## run integration tests - @echo "$(WHALE) $@" - @go test ${TESTFLAGS} -parallel ${TESTFLAGS_PARALLEL} ${INTEGRATION_PACKAGE} - -coverage: ## generate coverprofiles from the unit tests - @echo "$(WHALE) $@" - @rm -f coverage.txt - @go test ${GO_TAGS} -i ${TESTFLAGS} $(filter-out ${INTEGRATION_PACKAGE},${COVERAGE_PACKAGES}) 2> /dev/null - @( for pkg in $(filter-out ${INTEGRATION_PACKAGE},${COVERAGE_PACKAGES}); do \ - go test ${GO_TAGS} ${TESTFLAGS} \ - -cover \ - -coverprofile=profile.out \ - -covermode=atomic $$pkg || exit; \ - if [ -f profile.out ]; then \ - cat profile.out >> coverage.txt; \ - rm profile.out; \ - fi; \ - done ) - -FORCE: - -# Build a binary from a cmd. -bin/%: cmd/% FORCE - @echo "$(WHALE) $@${BINARY_SUFFIX}" - @go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< - -binaries: $(BINARIES) ## build binaries - @echo "$(WHALE) $@" - -build: - @echo "$(WHALE) $@" - @go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} ${GO_LDFLAGS} ${GO_TAGS} $(PACKAGES) - -clean: ## clean up binaries - @echo "$(WHALE) $@" - @rm -f $(BINARIES) diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/README.md b/src/cmd/linuxkit/vendor/github.com/docker/distribution/README.md deleted file mode 100644 index e513c18e9..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/README.md +++ /dev/null @@ -1,130 +0,0 @@ -# Distribution - -The Docker toolset to pack, ship, store, and deliver content. - -This repository provides the Docker Registry 2.0 implementation -for storing and distributing Docker images. It supersedes the -[docker/docker-registry](https://github.com/docker/docker-registry) -project with a new API design, focused around security and performance. - - - -[![Circle CI](https://circleci.com/gh/docker/distribution/tree/master.svg?style=svg)](https://circleci.com/gh/docker/distribution/tree/master) -[![GoDoc](https://godoc.org/github.com/docker/distribution?status.svg)](https://godoc.org/github.com/docker/distribution) - -This repository contains the following components: - -|**Component** |Description | -|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| **registry** | An implementation of the [Docker Registry HTTP API V2](docs/spec/api.md) for use with docker 1.6+. | -| **libraries** | A rich set of libraries for interacting with distribution components. Please see [godoc](https://godoc.org/github.com/docker/distribution) for details. **Note**: These libraries are **unstable**. | -| **specifications** | _Distribution_ related specifications are available in [docs/spec](docs/spec) | -| **documentation** | Docker's full documentation set is available at [docs.docker.com](https://docs.docker.com). This repository [contains the subset](docs/) related just to the registry. | - -### How does this integrate with Docker engine? - -This project should provide an implementation to a V2 API for use in the [Docker -core project](https://github.com/docker/docker). The API should be embeddable -and simplify the process of securely pulling and pushing content from `docker` -daemons. - -### What are the long term goals of the Distribution project? - -The _Distribution_ project has the further long term goal of providing a -secure tool chain for distributing content. The specifications, APIs and tools -should be as useful with Docker as they are without. - -Our goal is to design a professional grade and extensible content distribution -system that allow users to: - -* Enjoy an efficient, secured and reliable way to store, manage, package and - exchange content -* Hack/roll their own on top of healthy open-source components -* Implement their own home made solution through good specs, and solid - extensions mechanism. - -## More about Registry 2.0 - -The new registry implementation provides the following benefits: - -- faster push and pull -- new, more efficient implementation -- simplified deployment -- pluggable storage backend -- webhook notifications - -For information on upcoming functionality, please see [ROADMAP.md](ROADMAP.md). - -### Who needs to deploy a registry? - -By default, Docker users pull images from Docker's public registry instance. -[Installing Docker](https://docs.docker.com/engine/installation/) gives users this -ability. Users can also push images to a repository on Docker's public registry, -if they have a [Docker Hub](https://hub.docker.com/) account. - -For some users and even companies, this default behavior is sufficient. For -others, it is not. - -For example, users with their own software products may want to maintain a -registry for private, company images. Also, you may wish to deploy your own -image repository for images used to test or in continuous integration. For these -use cases and others, [deploying your own registry instance](https://github.com/docker/docker.github.io/blob/master/registry/deploying.md) -may be the better choice. - -### Migration to Registry 2.0 - -For those who have previously deployed their own registry based on the Registry -1.0 implementation and wish to deploy a Registry 2.0 while retaining images, -data migration is required. A tool to assist with migration efforts has been -created. For more information see [docker/migrator](https://github.com/docker/migrator). - -## Contribute - -Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute -issues, fixes, and patches to this project. If you are contributing code, see -the instructions for [building a development environment](BUILDING.md). - -## Support - -If any issues are encountered while using the _Distribution_ project, several -avenues are available for support: - - - - - - - - - - - - - - - - - - -
- IRC - - #docker-distribution on FreeNode -
- Issue Tracker - - github.com/docker/distribution/issues -
- Google Groups - - https://groups.google.com/a/dockerproject.org/forum/#!forum/distribution -
- Mailing List - - docker@dockerproject.org -
- - -## License - -This project is distributed under [Apache License, Version 2.0](LICENSE). diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/ROADMAP.md b/src/cmd/linuxkit/vendor/github.com/docker/distribution/ROADMAP.md deleted file mode 100644 index 701127afe..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/ROADMAP.md +++ /dev/null @@ -1,267 +0,0 @@ -# Roadmap - -The Distribution Project consists of several components, some of which are -still being defined. This document defines the high-level goals of the -project, identifies the current components, and defines the release- -relationship to the Docker Platform. - -* [Distribution Goals](#distribution-goals) -* [Distribution Components](#distribution-components) -* [Project Planning](#project-planning): release-relationship to the Docker Platform. - -This road map is a living document, providing an overview of the goals and -considerations made in respect of the future of the project. - -## Distribution Goals - -- Replace the existing [docker registry](github.com/docker/docker-registry) - implementation as the primary implementation. -- Replace the existing push and pull code in the docker engine with the - distribution package. -- Define a strong data model for distributing docker images -- Provide a flexible distribution tool kit for use in the docker platform -- Unlock new distribution models - -## Distribution Components - -Components of the Distribution Project are managed via github [milestones](https://github.com/docker/distribution/milestones). Upcoming -features and bugfixes for a component will be added to the relevant milestone. If a feature or -bugfix is not part of a milestone, it is currently unscheduled for -implementation. - -* [Registry](#registry) -* [Distribution Package](#distribution-package) - -*** - -### Registry - -The new Docker registry is the main portion of the distribution repository. -Registry 2.0 is the first release of the next-generation registry. This was -primarily focused on implementing the [new registry -API](https://github.com/docker/distribution/blob/master/docs/spec/api.md), -with a focus on security and performance. - -Following from the Distribution project goals above, we have a set of goals -for registry v2 that we would like to follow in the design. New features -should be compared against these goals. - -#### Data Storage and Distribution First - -The registry's first goal is to provide a reliable, consistent storage -location for Docker images. The registry should only provide the minimal -amount of indexing required to fetch image data and no more. - -This means we should be selective in new features and API additions, including -those that may require expensive, ever growing indexes. Requests should be -servable in "constant time". - -#### Content Addressability - -All data objects used in the registry API should be content addressable. -Content identifiers should be secure and verifiable. This provides a secure, -reliable base from which to build more advanced content distribution systems. - -#### Content Agnostic - -In the past, changes to the image format would require large changes in Docker -and the Registry. By decoupling the distribution and image format, we can -allow the formats to progress without having to coordinate between the two. -This means that we should be focused on decoupling Docker from the registry -just as much as decoupling the registry from Docker. Such an approach will -allow us to unlock new distribution models that haven't been possible before. - -We can take this further by saying that the new registry should be content -agnostic. The registry provides a model of names, tags, manifests and content -addresses and that model can be used to work with content. - -#### Simplicity - -The new registry should be closer to a microservice component than its -predecessor. This means it should have a narrower API and a low number of -service dependencies. It should be easy to deploy. - -This means that other solutions should be explored before changing the API or -adding extra dependencies. If functionality is required, can it be added as an -extension or companion service. - -#### Extensibility - -The registry should provide extension points to add functionality. By keeping -the scope narrow, but providing the ability to add functionality. - -Features like search, indexing, synchronization and registry explorers fall -into this category. No such feature should be added unless we've found it -impossible to do through an extension. - -#### Active Feature Discussions - -The following are feature discussions that are currently active. - -If you don't see your favorite, unimplemented feature, feel free to contact us -via IRC or the mailing list and we can talk about adding it. The goal here is -to make sure that new features go through a rigid design process before -landing in the registry. - -##### Proxying to other Registries - -A _pull-through caching_ mode exists for the registry, but is restricted from -within the docker client to only mirror the official Docker Hub. This functionality -can be expanded when image provenance has been specified and implemented in the -distribution project. - -##### Metadata storage - -Metadata for the registry is currently stored with the manifest and layer data on -the storage backend. While this is a big win for simplicity and reliably maintaining -state, it comes with the cost of consistency and high latency. The mutable registry -metadata operations should be abstracted behind an API which will allow ACID compliant -storage systems to handle metadata. - -##### Peer to Peer transfer - -Discussion has started here: https://docs.google.com/document/d/1rYDpSpJiQWmCQy8Cuiaa3NH-Co33oK_SC9HeXYo87QA/edit - -##### Indexing, Search and Discovery - -The original registry provided some implementation of search for use with -private registries. Support has been elided from V2 since we'd like to both -decouple search functionality from the registry. The makes the registry -simpler to deploy, especially in use cases where search is not needed, and -let's us decouple the image format from the registry. - -There are explorations into using the catalog API and notification system to -build external indexes. The current line of thought is that we will define a -common search API to index and query docker images. Such a system could be run -as a companion to a registry or set of registries to power discovery. - -The main issue with search and discovery is that there are so many ways to -accomplish it. There are two aspects to this project. The first is deciding on -how it will be done, including an API definition that can work with changing -data formats. The second is the process of integrating with `docker search`. -We expect that someone attempts to address the problem with the existing tools -and propose it as a standard search API or uses it to inform a standardization -process. Once this has been explored, we integrate with the docker client. - -Please see the following for more detail: - -- https://github.com/docker/distribution/issues/206 - -##### Deletes - -> __NOTE:__ Deletes are a much asked for feature. Before requesting this -feature or participating in discussion, we ask that you read this section in -full and understand the problems behind deletes. - -While, at first glance, implementing deleting seems simple, there are a number -mitigating factors that make many solutions not ideal or even pathological in -the context of a registry. The following paragraph discuss the background and -approaches that could be applied to arrive at a solution. - -The goal of deletes in any system is to remove unused or unneeded data. Only -data requested for deletion should be removed and no other data. Removing -unintended data is worse than _not_ removing data that was requested for -removal but ideally, both are supported. Generally, according to this rule, we -err on holding data longer than needed, ensuring that it is only removed when -we can be certain that it can be removed. With the current behavior, we opt to -hold onto the data forever, ensuring that data cannot be incorrectly removed. - -To understand the problems with implementing deletes, one must understand the -data model. All registry data is stored in a filesystem layout, implemented on -a "storage driver", effectively a _virtual file system_ (VFS). The storage -system must assume that this VFS layer will be eventually consistent and has -poor read- after-write consistency, since this is the lower common denominator -among the storage drivers. This is mitigated by writing values in reverse- -dependent order, but makes wider transactional operations unsafe. - -Layered on the VFS model is a content-addressable _directed, acyclic graph_ -(DAG) made up of blobs. Manifests reference layers. Tags reference manifests. -Since the same data can be referenced by multiple manifests, we only store -data once, even if it is in different repositories. Thus, we have a set of -blobs, referenced by tags and manifests. If we want to delete a blob we need -to be certain that it is no longer referenced by another manifest or tag. When -we delete a manifest, we also can try to delete the referenced blobs. Deciding -whether or not a blob has an active reference is the crux of the problem. - -Conceptually, deleting a manifest and its resources is quite simple. Just find -all the manifests, enumerate the referenced blobs and delete the blobs not in -that set. An astute observer will recognize this as a garbage collection -problem. As with garbage collection in programming languages, this is very -simple when one always has a consistent view. When one adds parallelism and an -inconsistent view of data, it becomes very challenging. - -A simple example can demonstrate this. Let's say we are deleting a manifest -_A_ in one process. We scan the manifest and decide that all the blobs are -ready for deletion. Concurrently, we have another process accepting a new -manifest _B_ referencing one or more blobs from the manifest _A_. Manifest _B_ -is accepted and all the blobs are considered present, so the operation -proceeds. The original process then deletes the referenced blobs, assuming -they were unreferenced. The manifest _B_, which we thought had all of its data -present, can no longer be served by the registry, since the dependent data has -been deleted. - -Deleting data from the registry safely requires some way to coordinate this -operation. The following approaches are being considered: - -- _Reference Counting_ - Maintain a count of references to each blob. This is - challenging for a number of reasons: 1. maintaining a consistent consensus - of reference counts across a set of Registries and 2. Building the initial - list of reference counts for an existing registry. These challenges can be - met with a consensus protocol like Paxos or Raft in the first case and a - necessary but simple scan in the second.. -- _Lock the World GC_ - Halt all writes to the data store. Walk the data store - and find all blob references. Delete all unreferenced blobs. This approach - is very simple but requires disabling writes for a period of time while the - service reads all data. This is slow and expensive but very accurate and - effective. -- _Generational GC_ - Do something similar to above but instead of blocking - writes, writes are sent to another storage backend while reads are broadcast - to the new and old backends. GC is then performed on the read-only portion. - Because writes land in the new backend, the data in the read-only section - can be safely deleted. The main drawbacks of this approach are complexity - and coordination. -- _Centralized Oracle_ - Using a centralized, transactional database, we can - know exactly which data is referenced at any given time. This avoids - coordination problem by managing this data in a single location. We trade - off metadata scalability for simplicity and performance. This is a very good - option for most registry deployments. This would create a bottleneck for - registry metadata. However, metadata is generally not the main bottleneck - when serving images. - -Please let us know if other solutions exist that we have yet to enumerate. -Note that for any approach, implementation is a massive consideration. For -example, a mark-sweep based solution may seem simple but the amount of work in -coordination offset the extra work it might take to build a _Centralized -Oracle_. We'll accept proposals for any solution but please coordinate with us -before dropping code. - -At this time, we have traded off simplicity and ease of deployment for disk -space. Simplicity and ease of deployment tend to reduce developer involvement, -which is currently the most expensive resource in software engineering. Taking -on any solution for deletes will greatly effect these factors, trading off -very cheap disk space for a complex deployment and operational story. - -Please see the following issues for more detail: - -- https://github.com/docker/distribution/issues/422 -- https://github.com/docker/distribution/issues/461 -- https://github.com/docker/distribution/issues/462 - -### Distribution Package - -At its core, the Distribution Project is a set of Go packages that make up -Distribution Components. At this time, most of these packages make up the -Registry implementation. - -The package itself is considered unstable. If you're using it, please take care to vendor the dependent version. - -For feature additions, please see the Registry section. In the future, we may break out a -separate Roadmap for distribution-specific features that apply to more than -just the registry. - -*** - -### Project Planning - -An [Open-Source Planning Process](https://github.com/docker/distribution/wiki/Open-Source-Planning-Process) is used to define the Roadmap. [Project Pages](https://github.com/docker/distribution/wiki) define the goals for each Milestone and identify current progress. - diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/blobs.go b/src/cmd/linuxkit/vendor/github.com/docker/distribution/blobs.go deleted file mode 100644 index 2a659eaa3..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/blobs.go +++ /dev/null @@ -1,265 +0,0 @@ -package distribution - -import ( - "context" - "errors" - "fmt" - "io" - "net/http" - "time" - - "github.com/docker/distribution/reference" - "github.com/opencontainers/go-digest" - v1 "github.com/opencontainers/image-spec/specs-go/v1" -) - -var ( - // ErrBlobExists returned when blob already exists - ErrBlobExists = errors.New("blob exists") - - // ErrBlobDigestUnsupported when blob digest is an unsupported version. - ErrBlobDigestUnsupported = errors.New("unsupported blob digest") - - // ErrBlobUnknown when blob is not found. - ErrBlobUnknown = errors.New("unknown blob") - - // ErrBlobUploadUnknown returned when upload is not found. - ErrBlobUploadUnknown = errors.New("blob upload unknown") - - // ErrBlobInvalidLength returned when the blob has an expected length on - // commit, meaning mismatched with the descriptor or an invalid value. - ErrBlobInvalidLength = errors.New("blob invalid length") -) - -// ErrBlobInvalidDigest returned when digest check fails. -type ErrBlobInvalidDigest struct { - Digest digest.Digest - Reason error -} - -func (err ErrBlobInvalidDigest) Error() string { - return fmt.Sprintf("invalid digest for referenced layer: %v, %v", - err.Digest, err.Reason) -} - -// ErrBlobMounted returned when a blob is mounted from another repository -// instead of initiating an upload session. -type ErrBlobMounted struct { - From reference.Canonical - Descriptor Descriptor -} - -func (err ErrBlobMounted) Error() string { - return fmt.Sprintf("blob mounted from: %v to: %v", - err.From, err.Descriptor) -} - -// Descriptor describes targeted content. Used in conjunction with a blob -// store, a descriptor can be used to fetch, store and target any kind of -// blob. The struct also describes the wire protocol format. Fields should -// only be added but never changed. -type Descriptor struct { - // MediaType describe the type of the content. All text based formats are - // encoded as utf-8. - MediaType string `json:"mediaType,omitempty"` - - // Size in bytes of content. - Size int64 `json:"size,omitempty"` - - // Digest uniquely identifies the content. A byte stream can be verified - // against this digest. - Digest digest.Digest `json:"digest,omitempty"` - - // URLs contains the source URLs of this content. - URLs []string `json:"urls,omitempty"` - - // Annotations contains arbitrary metadata relating to the targeted content. - Annotations map[string]string `json:"annotations,omitempty"` - - // Platform describes the platform which the image in the manifest runs on. - // This should only be used when referring to a manifest. - Platform *v1.Platform `json:"platform,omitempty"` - - // NOTE: Before adding a field here, please ensure that all - // other options have been exhausted. Much of the type relationships - // depend on the simplicity of this type. -} - -// Descriptor returns the descriptor, to make it satisfy the Describable -// interface. Note that implementations of Describable are generally objects -// which can be described, not simply descriptors; this exception is in place -// to make it more convenient to pass actual descriptors to functions that -// expect Describable objects. -func (d Descriptor) Descriptor() Descriptor { - return d -} - -// BlobStatter makes blob descriptors available by digest. The service may -// provide a descriptor of a different digest if the provided digest is not -// canonical. -type BlobStatter interface { - // Stat provides metadata about a blob identified by the digest. If the - // blob is unknown to the describer, ErrBlobUnknown will be returned. - Stat(ctx context.Context, dgst digest.Digest) (Descriptor, error) -} - -// BlobDeleter enables deleting blobs from storage. -type BlobDeleter interface { - Delete(ctx context.Context, dgst digest.Digest) error -} - -// BlobEnumerator enables iterating over blobs from storage -type BlobEnumerator interface { - Enumerate(ctx context.Context, ingester func(dgst digest.Digest) error) error -} - -// BlobDescriptorService manages metadata about a blob by digest. Most -// implementations will not expose such an interface explicitly. Such mappings -// should be maintained by interacting with the BlobIngester. Hence, this is -// left off of BlobService and BlobStore. -type BlobDescriptorService interface { - BlobStatter - - // SetDescriptor assigns the descriptor to the digest. The provided digest and - // the digest in the descriptor must map to identical content but they may - // differ on their algorithm. The descriptor must have the canonical - // digest of the content and the digest algorithm must match the - // annotators canonical algorithm. - // - // Such a facility can be used to map blobs between digest domains, with - // the restriction that the algorithm of the descriptor must match the - // canonical algorithm (ie sha256) of the annotator. - SetDescriptor(ctx context.Context, dgst digest.Digest, desc Descriptor) error - - // Clear enables descriptors to be unlinked - Clear(ctx context.Context, dgst digest.Digest) error -} - -// BlobDescriptorServiceFactory creates middleware for BlobDescriptorService. -type BlobDescriptorServiceFactory interface { - BlobAccessController(svc BlobDescriptorService) BlobDescriptorService -} - -// ReadSeekCloser is the primary reader type for blob data, combining -// io.ReadSeeker with io.Closer. -type ReadSeekCloser interface { - io.ReadSeeker - io.Closer -} - -// BlobProvider describes operations for getting blob data. -type BlobProvider interface { - // Get returns the entire blob identified by digest along with the descriptor. - Get(ctx context.Context, dgst digest.Digest) ([]byte, error) - - // Open provides a ReadSeekCloser to the blob identified by the provided - // descriptor. If the blob is not known to the service, an error will be - // returned. - Open(ctx context.Context, dgst digest.Digest) (ReadSeekCloser, error) -} - -// BlobServer can serve blobs via http. -type BlobServer interface { - // ServeBlob attempts to serve the blob, identified by dgst, via http. The - // service may decide to redirect the client elsewhere or serve the data - // directly. - // - // This handler only issues successful responses, such as 2xx or 3xx, - // meaning it serves data or issues a redirect. If the blob is not - // available, an error will be returned and the caller may still issue a - // response. - // - // The implementation may serve the same blob from a different digest - // domain. The appropriate headers will be set for the blob, unless they - // have already been set by the caller. - ServeBlob(ctx context.Context, w http.ResponseWriter, r *http.Request, dgst digest.Digest) error -} - -// BlobIngester ingests blob data. -type BlobIngester interface { - // Put inserts the content p into the blob service, returning a descriptor - // or an error. - Put(ctx context.Context, mediaType string, p []byte) (Descriptor, error) - - // Create allocates a new blob writer to add a blob to this service. The - // returned handle can be written to and later resumed using an opaque - // identifier. With this approach, one can Close and Resume a BlobWriter - // multiple times until the BlobWriter is committed or cancelled. - Create(ctx context.Context, options ...BlobCreateOption) (BlobWriter, error) - - // Resume attempts to resume a write to a blob, identified by an id. - Resume(ctx context.Context, id string) (BlobWriter, error) -} - -// BlobCreateOption is a general extensible function argument for blob creation -// methods. A BlobIngester may choose to honor any or none of the given -// BlobCreateOptions, which can be specific to the implementation of the -// BlobIngester receiving them. -// TODO (brianbland): unify this with ManifestServiceOption in the future -type BlobCreateOption interface { - Apply(interface{}) error -} - -// CreateOptions is a collection of blob creation modifiers relevant to general -// blob storage intended to be configured by the BlobCreateOption.Apply method. -type CreateOptions struct { - Mount struct { - ShouldMount bool - From reference.Canonical - // Stat allows to pass precalculated descriptor to link and return. - // Blob access check will be skipped if set. - Stat *Descriptor - } -} - -// BlobWriter provides a handle for inserting data into a blob store. -// Instances should be obtained from BlobWriteService.Writer and -// BlobWriteService.Resume. If supported by the store, a writer can be -// recovered with the id. -type BlobWriter interface { - io.WriteCloser - io.ReaderFrom - - // Size returns the number of bytes written to this blob. - Size() int64 - - // ID returns the identifier for this writer. The ID can be used with the - // Blob service to later resume the write. - ID() string - - // StartedAt returns the time this blob write was started. - StartedAt() time.Time - - // Commit completes the blob writer process. The content is verified - // against the provided provisional descriptor, which may result in an - // error. Depending on the implementation, written data may be validated - // against the provisional descriptor fields. If MediaType is not present, - // the implementation may reject the commit or assign "application/octet- - // stream" to the blob. The returned descriptor may have a different - // digest depending on the blob store, referred to as the canonical - // descriptor. - Commit(ctx context.Context, provisional Descriptor) (canonical Descriptor, err error) - - // Cancel ends the blob write without storing any data and frees any - // associated resources. Any data written thus far will be lost. Cancel - // implementations should allow multiple calls even after a commit that - // result in a no-op. This allows use of Cancel in a defer statement, - // increasing the assurance that it is correctly called. - Cancel(ctx context.Context) error -} - -// BlobService combines the operations to access, read and write blobs. This -// can be used to describe remote blob services. -type BlobService interface { - BlobStatter - BlobProvider - BlobIngester -} - -// BlobStore represent the entire suite of blob related operations. Such an -// implementation can access, read, write, delete and serve blobs. -type BlobStore interface { - BlobService - BlobServer - BlobDeleter -} diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/doc.go b/src/cmd/linuxkit/vendor/github.com/docker/distribution/doc.go deleted file mode 100644 index bdd8cb708..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/doc.go +++ /dev/null @@ -1,7 +0,0 @@ -// Package distribution will define the interfaces for the components of -// docker distribution. The goal is to allow users to reliably package, ship -// and store content related to docker images. -// -// This is currently a work in progress. More details are available in the -// README.md. -package distribution diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/docker-bake.hcl b/src/cmd/linuxkit/vendor/github.com/docker/distribution/docker-bake.hcl deleted file mode 100644 index 4dd5a100c..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/docker-bake.hcl +++ /dev/null @@ -1,65 +0,0 @@ -// GITHUB_REF is the actual ref that triggers the workflow -// https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables -variable "GITHUB_REF" { - default = "" -} - -target "_common" { - args = { - GIT_REF = GITHUB_REF - } -} - -group "default" { - targets = ["image-local"] -} - -// Special target: https://github.com/docker/metadata-action#bake-definition -target "docker-metadata-action" { - tags = ["registry:local"] -} - -target "binary" { - inherits = ["_common"] - target = "binary" - output = ["./bin"] -} - -target "artifact" { - inherits = ["_common"] - target = "artifact" - output = ["./bin"] -} - -target "artifact-all" { - inherits = ["artifact"] - platforms = [ - "linux/amd64", - "linux/arm/v6", - "linux/arm/v7", - "linux/arm64", - "linux/ppc64le", - "linux/s390x" - ] -} - -target "image" { - inherits = ["_common", "docker-metadata-action"] -} - -target "image-local" { - inherits = ["image"] - output = ["type=docker"] -} - -target "image-all" { - inherits = ["image"] - platforms = [ - "linux/amd64", - "linux/arm/v6", - "linux/arm/v7", - "linux/arm64", - "linux/ppc64le", - "linux/s390x" - ] -} diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/errors.go b/src/cmd/linuxkit/vendor/github.com/docker/distribution/errors.go deleted file mode 100644 index 8e0b788d6..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/errors.go +++ /dev/null @@ -1,119 +0,0 @@ -package distribution - -import ( - "errors" - "fmt" - "strings" - - "github.com/opencontainers/go-digest" -) - -// ErrAccessDenied is returned when an access to a requested resource is -// denied. -var ErrAccessDenied = errors.New("access denied") - -// ErrManifestNotModified is returned when a conditional manifest GetByTag -// returns nil due to the client indicating it has the latest version -var ErrManifestNotModified = errors.New("manifest not modified") - -// ErrUnsupported is returned when an unimplemented or unsupported action is -// performed -var ErrUnsupported = errors.New("operation unsupported") - -// ErrSchemaV1Unsupported is returned when a client tries to upload a schema v1 -// manifest but the registry is configured to reject it -var ErrSchemaV1Unsupported = errors.New("manifest schema v1 unsupported") - -// ErrTagUnknown is returned if the given tag is not known by the tag service -type ErrTagUnknown struct { - Tag string -} - -func (err ErrTagUnknown) Error() string { - return fmt.Sprintf("unknown tag=%s", err.Tag) -} - -// ErrRepositoryUnknown is returned if the named repository is not known by -// the registry. -type ErrRepositoryUnknown struct { - Name string -} - -func (err ErrRepositoryUnknown) Error() string { - return fmt.Sprintf("unknown repository name=%s", err.Name) -} - -// ErrRepositoryNameInvalid should be used to denote an invalid repository -// name. Reason may set, indicating the cause of invalidity. -type ErrRepositoryNameInvalid struct { - Name string - Reason error -} - -func (err ErrRepositoryNameInvalid) Error() string { - return fmt.Sprintf("repository name %q invalid: %v", err.Name, err.Reason) -} - -// ErrManifestUnknown is returned if the manifest is not known by the -// registry. -type ErrManifestUnknown struct { - Name string - Tag string -} - -func (err ErrManifestUnknown) Error() string { - return fmt.Sprintf("unknown manifest name=%s tag=%s", err.Name, err.Tag) -} - -// ErrManifestUnknownRevision is returned when a manifest cannot be found by -// revision within a repository. -type ErrManifestUnknownRevision struct { - Name string - Revision digest.Digest -} - -func (err ErrManifestUnknownRevision) Error() string { - return fmt.Sprintf("unknown manifest name=%s revision=%s", err.Name, err.Revision) -} - -// ErrManifestUnverified is returned when the registry is unable to verify -// the manifest. -type ErrManifestUnverified struct{} - -func (ErrManifestUnverified) Error() string { - return "unverified manifest" -} - -// ErrManifestVerification provides a type to collect errors encountered -// during manifest verification. Currently, it accepts errors of all types, -// but it may be narrowed to those involving manifest verification. -type ErrManifestVerification []error - -func (errs ErrManifestVerification) Error() string { - var parts []string - for _, err := range errs { - parts = append(parts, err.Error()) - } - - return fmt.Sprintf("errors verifying manifest: %v", strings.Join(parts, ",")) -} - -// ErrManifestBlobUnknown returned when a referenced blob cannot be found. -type ErrManifestBlobUnknown struct { - Digest digest.Digest -} - -func (err ErrManifestBlobUnknown) Error() string { - return fmt.Sprintf("unknown blob %v on manifest", err.Digest) -} - -// ErrManifestNameInvalid should be used to denote an invalid manifest -// name. Reason may set, indicating the cause of invalidity. -type ErrManifestNameInvalid struct { - Name string - Reason error -} - -func (err ErrManifestNameInvalid) Error() string { - return fmt.Sprintf("manifest name %q invalid: %v", err.Name, err.Reason) -} diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/doc.go b/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/doc.go deleted file mode 100644 index 88367b0a0..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/doc.go +++ /dev/null @@ -1 +0,0 @@ -package manifest diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go b/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go deleted file mode 100644 index bea2341c7..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go +++ /dev/null @@ -1,239 +0,0 @@ -package manifestlist - -import ( - "encoding/json" - "errors" - "fmt" - - "github.com/docker/distribution" - "github.com/docker/distribution/manifest" - "github.com/opencontainers/go-digest" - v1 "github.com/opencontainers/image-spec/specs-go/v1" -) - -const ( - // MediaTypeManifestList specifies the mediaType for manifest lists. - MediaTypeManifestList = "application/vnd.docker.distribution.manifest.list.v2+json" -) - -// SchemaVersion provides a pre-initialized version structure for this -// packages version of the manifest. -var SchemaVersion = manifest.Versioned{ - SchemaVersion: 2, - MediaType: MediaTypeManifestList, -} - -// OCISchemaVersion provides a pre-initialized version structure for this -// packages OCIschema version of the manifest. -var OCISchemaVersion = manifest.Versioned{ - SchemaVersion: 2, - MediaType: v1.MediaTypeImageIndex, -} - -func init() { - manifestListFunc := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) { - m := new(DeserializedManifestList) - err := m.UnmarshalJSON(b) - if err != nil { - return nil, distribution.Descriptor{}, err - } - - if m.MediaType != MediaTypeManifestList { - err = fmt.Errorf("mediaType in manifest list should be '%s' not '%s'", - MediaTypeManifestList, m.MediaType) - - return nil, distribution.Descriptor{}, err - } - - dgst := digest.FromBytes(b) - return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: MediaTypeManifestList}, err - } - err := distribution.RegisterManifestSchema(MediaTypeManifestList, manifestListFunc) - if err != nil { - panic(fmt.Sprintf("Unable to register manifest: %s", err)) - } - - imageIndexFunc := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) { - if err := validateIndex(b); err != nil { - return nil, distribution.Descriptor{}, err - } - m := new(DeserializedManifestList) - err := m.UnmarshalJSON(b) - if err != nil { - return nil, distribution.Descriptor{}, err - } - - if m.MediaType != "" && m.MediaType != v1.MediaTypeImageIndex { - err = fmt.Errorf("if present, mediaType in image index should be '%s' not '%s'", - v1.MediaTypeImageIndex, m.MediaType) - - return nil, distribution.Descriptor{}, err - } - - dgst := digest.FromBytes(b) - return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: v1.MediaTypeImageIndex}, err - } - err = distribution.RegisterManifestSchema(v1.MediaTypeImageIndex, imageIndexFunc) - if err != nil { - panic(fmt.Sprintf("Unable to register OCI Image Index: %s", err)) - } -} - -// PlatformSpec specifies a platform where a particular image manifest is -// applicable. -type PlatformSpec struct { - // Architecture field specifies the CPU architecture, for example - // `amd64` or `ppc64`. - Architecture string `json:"architecture"` - - // OS specifies the operating system, for example `linux` or `windows`. - OS string `json:"os"` - - // OSVersion is an optional field specifying the operating system - // version, for example `10.0.10586`. - OSVersion string `json:"os.version,omitempty"` - - // OSFeatures is an optional field specifying an array of strings, - // each listing a required OS feature (for example on Windows `win32k`). - OSFeatures []string `json:"os.features,omitempty"` - - // Variant is an optional field specifying a variant of the CPU, for - // example `ppc64le` to specify a little-endian version of a PowerPC CPU. - Variant string `json:"variant,omitempty"` - - // Features is an optional field specifying an array of strings, each - // listing a required CPU feature (for example `sse4` or `aes`). - Features []string `json:"features,omitempty"` -} - -// A ManifestDescriptor references a platform-specific manifest. -type ManifestDescriptor struct { - distribution.Descriptor - - // Platform specifies which platform the manifest pointed to by the - // descriptor runs on. - Platform PlatformSpec `json:"platform"` -} - -// ManifestList references manifests for various platforms. -type ManifestList struct { - manifest.Versioned - - // Config references the image configuration as a blob. - Manifests []ManifestDescriptor `json:"manifests"` -} - -// References returns the distribution descriptors for the referenced image -// manifests. -func (m ManifestList) References() []distribution.Descriptor { - dependencies := make([]distribution.Descriptor, len(m.Manifests)) - for i := range m.Manifests { - dependencies[i] = m.Manifests[i].Descriptor - } - - return dependencies -} - -// DeserializedManifestList wraps ManifestList with a copy of the original -// JSON. -type DeserializedManifestList struct { - ManifestList - - // canonical is the canonical byte representation of the Manifest. - canonical []byte -} - -// FromDescriptors takes a slice of descriptors, and returns a -// DeserializedManifestList which contains the resulting manifest list -// and its JSON representation. -func FromDescriptors(descriptors []ManifestDescriptor) (*DeserializedManifestList, error) { - var mediaType string - if len(descriptors) > 0 && descriptors[0].Descriptor.MediaType == v1.MediaTypeImageManifest { - mediaType = v1.MediaTypeImageIndex - } else { - mediaType = MediaTypeManifestList - } - - return FromDescriptorsWithMediaType(descriptors, mediaType) -} - -// FromDescriptorsWithMediaType is for testing purposes, it's useful to be able to specify the media type explicitly -func FromDescriptorsWithMediaType(descriptors []ManifestDescriptor, mediaType string) (*DeserializedManifestList, error) { - m := ManifestList{ - Versioned: manifest.Versioned{ - SchemaVersion: 2, - MediaType: mediaType, - }, - } - - m.Manifests = make([]ManifestDescriptor, len(descriptors)) - copy(m.Manifests, descriptors) - - deserialized := DeserializedManifestList{ - ManifestList: m, - } - - var err error - deserialized.canonical, err = json.MarshalIndent(&m, "", " ") - return &deserialized, err -} - -// UnmarshalJSON populates a new ManifestList struct from JSON data. -func (m *DeserializedManifestList) UnmarshalJSON(b []byte) error { - m.canonical = make([]byte, len(b)) - // store manifest list in canonical - copy(m.canonical, b) - - // Unmarshal canonical JSON into ManifestList object - var manifestList ManifestList - if err := json.Unmarshal(m.canonical, &manifestList); err != nil { - return err - } - - m.ManifestList = manifestList - - return nil -} - -// MarshalJSON returns the contents of canonical. If canonical is empty, -// marshals the inner contents. -func (m *DeserializedManifestList) MarshalJSON() ([]byte, error) { - if len(m.canonical) > 0 { - return m.canonical, nil - } - - return nil, errors.New("JSON representation not initialized in DeserializedManifestList") -} - -// Payload returns the raw content of the manifest list. The contents can be -// used to calculate the content identifier. -func (m DeserializedManifestList) Payload() (string, []byte, error) { - var mediaType string - if m.MediaType == "" { - mediaType = v1.MediaTypeImageIndex - } else { - mediaType = m.MediaType - } - - return mediaType, m.canonical, nil -} - -// unknownDocument represents a manifest, manifest list, or index that has not -// yet been validated -type unknownDocument struct { - Config interface{} `json:"config,omitempty"` - Layers interface{} `json:"layers,omitempty"` -} - -// validateIndex returns an error if the byte slice is invalid JSON or if it -// contains fields that belong to a manifest -func validateIndex(b []byte) error { - var doc unknownDocument - if err := json.Unmarshal(b, &doc); err != nil { - return err - } - if doc.Config != nil || doc.Layers != nil { - return errors.New("index: expected index but found manifest") - } - return nil -} diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/versioned.go b/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/versioned.go deleted file mode 100644 index caa6b14e8..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifest/versioned.go +++ /dev/null @@ -1,12 +0,0 @@ -package manifest - -// Versioned provides a struct with the manifest schemaVersion and mediaType. -// Incoming content with unknown schema version can be decoded against this -// struct to check the version. -type Versioned struct { - // SchemaVersion is the image manifest schema that this image follows - SchemaVersion int `json:"schemaVersion"` - - // MediaType is the media type of this schema. - MediaType string `json:"mediaType,omitempty"` -} diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifests.go b/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifests.go deleted file mode 100644 index 8f84a220a..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/manifests.go +++ /dev/null @@ -1,125 +0,0 @@ -package distribution - -import ( - "context" - "fmt" - "mime" - - "github.com/opencontainers/go-digest" -) - -// Manifest represents a registry object specifying a set of -// references and an optional target -type Manifest interface { - // References returns a list of objects which make up this manifest. - // A reference is anything which can be represented by a - // distribution.Descriptor. These can consist of layers, resources or other - // manifests. - // - // While no particular order is required, implementations should return - // them from highest to lowest priority. For example, one might want to - // return the base layer before the top layer. - References() []Descriptor - - // Payload provides the serialized format of the manifest, in addition to - // the media type. - Payload() (mediaType string, payload []byte, err error) -} - -// ManifestBuilder creates a manifest allowing one to include dependencies. -// Instances can be obtained from a version-specific manifest package. Manifest -// specific data is passed into the function which creates the builder. -type ManifestBuilder interface { - // Build creates the manifest from his builder. - Build(ctx context.Context) (Manifest, error) - - // References returns a list of objects which have been added to this - // builder. The dependencies are returned in the order they were added, - // which should be from base to head. - References() []Descriptor - - // AppendReference includes the given object in the manifest after any - // existing dependencies. If the add fails, such as when adding an - // unsupported dependency, an error may be returned. - // - // The destination of the reference is dependent on the manifest type and - // the dependency type. - AppendReference(dependency Describable) error -} - -// ManifestService describes operations on image manifests. -type ManifestService interface { - // Exists returns true if the manifest exists. - Exists(ctx context.Context, dgst digest.Digest) (bool, error) - - // Get retrieves the manifest specified by the given digest - Get(ctx context.Context, dgst digest.Digest, options ...ManifestServiceOption) (Manifest, error) - - // Put creates or updates the given manifest returning the manifest digest - Put(ctx context.Context, manifest Manifest, options ...ManifestServiceOption) (digest.Digest, error) - - // Delete removes the manifest specified by the given digest. Deleting - // a manifest that doesn't exist will return ErrManifestNotFound - Delete(ctx context.Context, dgst digest.Digest) error -} - -// ManifestEnumerator enables iterating over manifests -type ManifestEnumerator interface { - // Enumerate calls ingester for each manifest. - Enumerate(ctx context.Context, ingester func(digest.Digest) error) error -} - -// Describable is an interface for descriptors -type Describable interface { - Descriptor() Descriptor -} - -// ManifestMediaTypes returns the supported media types for manifests. -func ManifestMediaTypes() (mediaTypes []string) { - for t := range mappings { - if t != "" { - mediaTypes = append(mediaTypes, t) - } - } - return -} - -// UnmarshalFunc implements manifest unmarshalling a given MediaType -type UnmarshalFunc func([]byte) (Manifest, Descriptor, error) - -var mappings = make(map[string]UnmarshalFunc) - -// UnmarshalManifest looks up manifest unmarshal functions based on -// MediaType -func UnmarshalManifest(ctHeader string, p []byte) (Manifest, Descriptor, error) { - // Need to look up by the actual media type, not the raw contents of - // the header. Strip semicolons and anything following them. - var mediaType string - if ctHeader != "" { - var err error - mediaType, _, err = mime.ParseMediaType(ctHeader) - if err != nil { - return nil, Descriptor{}, err - } - } - - unmarshalFunc, ok := mappings[mediaType] - if !ok { - unmarshalFunc, ok = mappings[""] - if !ok { - return nil, Descriptor{}, fmt.Errorf("unsupported manifest media type and no default available: %s", mediaType) - } - } - - return unmarshalFunc(p) -} - -// RegisterManifestSchema registers an UnmarshalFunc for a given schema type. This -// should be called from specific -func RegisterManifestSchema(mediaType string, u UnmarshalFunc) error { - if _, ok := mappings[mediaType]; ok { - return fmt.Errorf("manifest media type registration would overwrite existing: %s", mediaType) - } - mappings[mediaType] = u - return nil -} diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/registry.go b/src/cmd/linuxkit/vendor/github.com/docker/distribution/registry.go deleted file mode 100644 index 6c3210989..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/registry.go +++ /dev/null @@ -1,118 +0,0 @@ -package distribution - -import ( - "context" - - "github.com/docker/distribution/reference" -) - -// Scope defines the set of items that match a namespace. -type Scope interface { - // Contains returns true if the name belongs to the namespace. - Contains(name string) bool -} - -type fullScope struct{} - -func (f fullScope) Contains(string) bool { - return true -} - -// GlobalScope represents the full namespace scope which contains -// all other scopes. -var GlobalScope = Scope(fullScope{}) - -// Namespace represents a collection of repositories, addressable by name. -// Generally, a namespace is backed by a set of one or more services, -// providing facilities such as registry access, trust, and indexing. -type Namespace interface { - // Scope describes the names that can be used with this Namespace. The - // global namespace will have a scope that matches all names. The scope - // effectively provides an identity for the namespace. - Scope() Scope - - // Repository should return a reference to the named repository. The - // registry may or may not have the repository but should always return a - // reference. - Repository(ctx context.Context, name reference.Named) (Repository, error) - - // Repositories fills 'repos' with a lexicographically sorted catalog of repositories - // up to the size of 'repos' and returns the value 'n' for the number of entries - // which were filled. 'last' contains an offset in the catalog, and 'err' will be - // set to io.EOF if there are no more entries to obtain. - Repositories(ctx context.Context, repos []string, last string) (n int, err error) - - // Blobs returns a blob enumerator to access all blobs - Blobs() BlobEnumerator - - // BlobStatter returns a BlobStatter to control - BlobStatter() BlobStatter -} - -// RepositoryEnumerator describes an operation to enumerate repositories -type RepositoryEnumerator interface { - Enumerate(ctx context.Context, ingester func(string) error) error -} - -// RepositoryRemover removes given repository -type RepositoryRemover interface { - Remove(ctx context.Context, name reference.Named) error -} - -// ManifestServiceOption is a function argument for Manifest Service methods -type ManifestServiceOption interface { - Apply(ManifestService) error -} - -// WithTag allows a tag to be passed into Put -func WithTag(tag string) ManifestServiceOption { - return WithTagOption{tag} -} - -// WithTagOption holds a tag -type WithTagOption struct{ Tag string } - -// Apply conforms to the ManifestServiceOption interface -func (o WithTagOption) Apply(m ManifestService) error { - // no implementation - return nil -} - -// WithManifestMediaTypes lists the media types the client wishes -// the server to provide. -func WithManifestMediaTypes(mediaTypes []string) ManifestServiceOption { - return WithManifestMediaTypesOption{mediaTypes} -} - -// WithManifestMediaTypesOption holds a list of accepted media types -type WithManifestMediaTypesOption struct{ MediaTypes []string } - -// Apply conforms to the ManifestServiceOption interface -func (o WithManifestMediaTypesOption) Apply(m ManifestService) error { - // no implementation - return nil -} - -// Repository is a named collection of manifests and layers. -type Repository interface { - // Named returns the name of the repository. - Named() reference.Named - - // Manifests returns a reference to this repository's manifest service. - // with the supplied options applied. - Manifests(ctx context.Context, options ...ManifestServiceOption) (ManifestService, error) - - // Blobs returns a reference to this repository's blob service. - Blobs(ctx context.Context) BlobStore - - // TODO(stevvooe): The above BlobStore return can probably be relaxed to - // be a BlobService for use with clients. This will allow such - // implementations to avoid implementing ServeBlob. - - // Tags returns a reference to this repositories tag service - Tags(ctx context.Context) TagService -} - -// TODO(stevvooe): Must add close methods to all these. May want to change the -// way instances are created to better reflect internal dependency -// relationships. diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/tags.go b/src/cmd/linuxkit/vendor/github.com/docker/distribution/tags.go deleted file mode 100644 index f22df2b85..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/tags.go +++ /dev/null @@ -1,27 +0,0 @@ -package distribution - -import ( - "context" -) - -// TagService provides access to information about tagged objects. -type TagService interface { - // Get retrieves the descriptor identified by the tag. Some - // implementations may differentiate between "trusted" tags and - // "untrusted" tags. If a tag is "untrusted", the mapping will be returned - // as an ErrTagUntrusted error, with the target descriptor. - Get(ctx context.Context, tag string) (Descriptor, error) - - // Tag associates the tag with the provided descriptor, updating the - // current association, if needed. - Tag(ctx context.Context, tag string, desc Descriptor) error - - // Untag removes the given tag association - Untag(ctx context.Context, tag string) error - - // All returns the set of tags managed by this tag service - All(ctx context.Context) ([]string, error) - - // Lookup returns the set of tags referencing the given digest. - Lookup(ctx context.Context, digest Descriptor) ([]string, error) -} diff --git a/src/cmd/linuxkit/vendor/github.com/docker/distribution/vendor.conf b/src/cmd/linuxkit/vendor/github.com/docker/distribution/vendor.conf deleted file mode 100644 index bd1b4bff6..000000000 --- a/src/cmd/linuxkit/vendor/github.com/docker/distribution/vendor.conf +++ /dev/null @@ -1,51 +0,0 @@ -github.com/Azure/azure-sdk-for-go 4650843026a7fdec254a8d9cf893693a254edd0b -github.com/Azure/go-autorest eaa7994b2278094c904d31993d26f56324db3052 -github.com/sirupsen/logrus 3d4380f53a34dcdc95f0c1db702615992b38d9a4 -github.com/aws/aws-sdk-go f831d5a0822a1ad72420ab18c6269bca1ddaf490 -github.com/bshuster-repo/logrus-logstash-hook d2c0ecc1836d91814e15e23bb5dc309c3ef51f4a -github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9 -github.com/bugsnag/bugsnag-go b1d153021fcd90ca3f080db36bec96dc690fb274 -github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702 -github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782 -github.com/denverdino/aliyungo afedced274aa9a7fcdd47ac97018f0f8db4e5de2 -github.com/dgrijalva/jwt-go 4bbdd8ac624fc7a9ef7aec841c43d99b5fe65a29 https://github.com/golang-jwt/jwt.git # v3.2.2 -github.com/docker/go-metrics 399ea8c73916000c64c2c76e8da00ca82f8387ab -github.com/docker/libtrust fa567046d9b14f6aa788882a950d69651d230b21 -github.com/garyburd/redigo 535138d7bcd717d6531c701ef5933d98b1866257 -github.com/go-ini/ini 2ba15ac2dc9cdf88c110ec2dc0ced7fa45f5678c -github.com/golang/protobuf 8d92cf5fc15a4382f8964b08e1f42a75c0591aa3 -github.com/gorilla/handlers 60c7bfde3e33c201519a200a4507a158cc03a17b -github.com/gorilla/mux 599cba5e7b6137d46ddf58fb1765f5d928e69604 -github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 -github.com/jmespath/go-jmespath bd40a432e4c76585ef6b72d3fd96fb9b6dc7b68d -github.com/marstr/guid 8bd9a64bf37eb297b492a4101fb28e80ac0b290f -github.com/satori/go.uuid f58768cc1a7a7e77a3bd49e98cdd21419399b6a3 -github.com/matttproud/golang_protobuf_extensions c12348ce28de40eed0136aa2b644d0ee0650e56c -github.com/miekg/dns 271c58e0c14f552178ea321a545ff9af38930f39 -github.com/mitchellh/mapstructure 482a9fd5fa83e8c4e7817413b80f3eb8feec03ef -github.com/ncw/swift a0320860b16212c2b59b4912bb6508cda1d7cee6 -github.com/prometheus/client_golang c332b6f63c0658a65eca15c0e5247ded801cf564 -github.com/prometheus/client_model 99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c -github.com/prometheus/common 89604d197083d4781071d3c65855d24ecfb0a563 -github.com/prometheus/procfs cb4147076ac75738c9a7d279075a253c0cc5acbd -github.com/Shopify/logrus-bugsnag 577dee27f20dd8f1a529f82210094af593be12bd -github.com/spf13/cobra 312092086bed4968099259622145a0c9ae280064 -github.com/spf13/pflag 5644820622454e71517561946e3d94b9f9db6842 -github.com/xenolf/lego a9d8cec0e6563575e5868a005359ac97911b5985 -github.com/yvasiyarov/go-metrics 57bccd1ccd43f94bb17fdd8bf3007059b802f85e -github.com/yvasiyarov/gorelic a9bba5b9ab508a086f9a12b8c51fab68478e2128 -github.com/yvasiyarov/newrelic_platform_go b21fdbd4370f3717f3bbd2bf41c223bc273068e6 -golang.org/x/crypto c10c31b5e94b6f7a0283272dc2bb27163dcea24b -golang.org/x/net 4876518f9e71663000c348837735820161a42df7 -golang.org/x/oauth2 045497edb6234273d67dbc25da3f2ddbc4c4cacf -golang.org/x/time a4bde12657593d5e90d0533a3e4fd95e635124cb -google.golang.org/api 9bf6e6e569ff057f75d9604a46c52928f17d2b54 -google.golang.org/appengine 12d5545dc1cfa6047a286d5e853841b6471f4c19 -google.golang.org/cloud 975617b05ea8a58727e6c1a06b6161ff4185a9f2 -google.golang.org/grpc d3ddb4469d5a1b949fc7a7da7c1d6a0d1b6de994 -gopkg.in/check.v1 64131543e7896d5bcc6bd5a76287eb75ea96c673 -gopkg.in/square/go-jose.v1 40d457b439244b546f023d056628e5184136899b -gopkg.in/yaml.v2 v2.2.1 -rsc.io/letsencrypt e770c10b0f1a64775ae91d240407ce00d1a5bdeb https://github.com/dmcgowan/letsencrypt.git -github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb -github.com/opencontainers/image-spec 67d2d5658fe0476ab9bf414cec164077ebff3920 # v1.0.2 diff --git a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/fetch.go b/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/fetch.go deleted file mode 100644 index 072b16693..000000000 --- a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/fetch.go +++ /dev/null @@ -1,24 +0,0 @@ -package registry - -import ( - "context" - - "github.com/containerd/containerd/remotes" - "github.com/docker/distribution/reference" - "github.com/estesp/manifest-tool/v2/pkg/store" - "github.com/estesp/manifest-tool/v2/pkg/types" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" -) - -func FetchDescriptor(resolver remotes.Resolver, memoryStore *store.MemoryStore, imageRef reference.Named) (ocispec.Descriptor, error) { - return Fetch(context.Background(), memoryStore, types.NewRequest(imageRef, "", allMediaTypes(), resolver)) -} - -func allMediaTypes() []string { - return []string{ - types.MediaTypeDockerSchema2Manifest, - types.MediaTypeDockerSchema2ManifestList, - ocispec.MediaTypeImageManifest, - ocispec.MediaTypeImageIndex, - } -} diff --git a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/fetcher.go b/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/fetcher.go deleted file mode 100644 index 62d4269d3..000000000 --- a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/fetcher.go +++ /dev/null @@ -1,95 +0,0 @@ -package registry - -import ( - "context" - "encoding/json" - - ccontent "github.com/containerd/containerd/content" - "github.com/containerd/containerd/images" - "github.com/containerd/containerd/remotes" - "github.com/containerd/containerd/remotes/docker" - "github.com/estesp/manifest-tool/v2/pkg/store" - "github.com/estesp/manifest-tool/v2/pkg/types" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" -) - -// Fetch uses a registry (distribution spec) API to retrieve a specific image manifest from a registry -func Fetch(ctx context.Context, cs *store.MemoryStore, req *types.Request) (ocispec.Descriptor, error) { - - resolver := req.Resolver() - - // Retrieve manifest from registry - name, desc, err := resolver.Resolve(ctx, req.Reference().String()) - if err != nil { - return ocispec.Descriptor{}, err - } - fetcher, err := resolver.Fetcher(ctx, name) - if err != nil { - return ocispec.Descriptor{}, err - } - - appendDistSrcLabelHandler, err := docker.AppendDistributionSourceLabel(cs, req.Reference().String()) - if err != nil { - return ocispec.Descriptor{}, err - } - - handlers := []images.Handler{ - remotes.FetchHandler(cs, fetcher), - nonLayerChildHandler(cs), - appendDistSrcLabelHandler, - } - // This traverses the OCI descriptor to fetch the image and store it into the local store initialized above. - // All content hashes are verified in this step - if err := images.Dispatch(ctx, images.Handlers(handlers...), nil, desc); err != nil { - return ocispec.Descriptor{}, err - } - return desc, nil -} - -// nonLayerChildHandler returns the immediate children of content described by the descriptor, skipping layers -// and any other non-manifest/config descriptors. This code is copied and modified (to remove layer retrieval) -// from the "images.Children" handler in containerd -func nonLayerChildHandler(provider ccontent.Provider) images.HandlerFunc { - return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { - var descs []ocispec.Descriptor - switch desc.MediaType { - case types.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest: - p, err := ccontent.ReadBlob(ctx, provider, desc) - if err != nil { - return nil, err - } - var manifest ocispec.Manifest - if err := json.Unmarshal(p, &manifest); err != nil { - return nil, err - } - - descs = append(descs, manifest.Config) - case types.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: - p, err := ccontent.ReadBlob(ctx, provider, desc) - if err != nil { - return nil, err - } - var index ocispec.Index - if err := json.Unmarshal(p, &index); err != nil { - return nil, err - } - - descs = append(descs, index.Manifests...) - case ocispec.MediaTypeImageLayer, ocispec.MediaTypeImageLayerGzip, types.MediaTypeDockerTarGzipLayer: - // we want to save the descriptor info about layers in our content store - // in case we are going to handle push of a manifest list (will need to handle - // have the details for doing blob mounting on manifest list/index push) - cs, ok := provider.(*store.MemoryStore) - if ok { - // a slight hack to get the info about layers without the actual layer content - // into our content store - cs.Set(desc, []byte{}) - } - default: - // if we aren't at a manifest or index/manifestlist then we can stop walking - return nil, nil - - } - return descs, nil - } -} diff --git a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/push.go b/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/push.go deleted file mode 100644 index dd9674cdc..000000000 --- a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/push.go +++ /dev/null @@ -1,161 +0,0 @@ -package registry - -import ( - "context" - "encoding/json" - "fmt" - "strings" - - "github.com/docker/distribution/reference" - "github.com/estesp/manifest-tool/v2/pkg/store" - "github.com/estesp/manifest-tool/v2/pkg/types" - "github.com/estesp/manifest-tool/v2/pkg/util" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/sirupsen/logrus" -) - -func PushManifestList(username, password string, input types.YAMLInput, ignoreMissing, insecure, plainHttp bool, manifestType types.ManifestType, configDir string) (hash string, length int, err error) { - // resolve the target image reference for the combined manifest list/index - targetRef, err := reference.ParseNormalizedNamed(input.Image) - if err != nil { - return hash, length, fmt.Errorf("Error parsing name for manifest list (%s): %v", input.Image, err) - } - - var configDirs []string - if configDir != "" { - configDirs = append(configDirs, configDir) - } - resolver := util.NewResolver(username, password, insecure, - plainHttp, configDirs...) - - manifestList := types.ManifestList{ - Name: input.Image, - Reference: targetRef, - Resolver: resolver, - Type: manifestType, - } - // create an in-memory store for OCI descriptors and content used during the push operation - memoryStore := store.NewMemoryStore() - - logrus.Info("Retrieving digests of member images") - for _, img := range input.Manifests { - ref, err := util.ParseName(img.Image) - if err != nil { - return hash, length, fmt.Errorf("Unable to parse image reference: %s: %v", img.Image, err) - } - if reference.Domain(targetRef) != reference.Domain(ref) { - return hash, length, fmt.Errorf("Source image (%s) registry does not match target image (%s) registry", ref, targetRef) - } - descriptor, err := FetchDescriptor(resolver, memoryStore, ref) - if err != nil { - if ignoreMissing { - logrus.Warnf("Couldn't access image '%q'. Skipping due to 'ignore missing' configuration.", img.Image) - continue - } - return hash, length, fmt.Errorf("Inspect of image %q failed with error: %v", img.Image, err) - } - - // Check that only member images of type OCI manifest or Docker v2.2 manifest are included - switch descriptor.MediaType { - case ocispec.MediaTypeImageIndex, types.MediaTypeDockerSchema2ManifestList: - return hash, length, fmt.Errorf("Cannot include an image in a manifest list/index which is already a multi-platform image: %s", img.Image) - case ocispec.MediaTypeImageManifest, types.MediaTypeDockerSchema2Manifest: - // valid image type to include - default: - return hash, length, fmt.Errorf("Cannot include unknown media type '%s' in a manifest list/index push", descriptor.MediaType) - } - _, db, _ := memoryStore.Get(descriptor) - var man ocispec.Manifest - if err := json.Unmarshal(db, &man); err != nil { - return hash, length, fmt.Errorf("Could not unmarshal manifest object from descriptor for image '%s': %v", img.Image, err) - } - _, cb, _ := memoryStore.Get(man.Config) - var imgConfig types.Image - if err := json.Unmarshal(cb, &imgConfig); err != nil { - return hash, length, fmt.Errorf("Could not unmarshal config object from descriptor for image '%s': %v", img.Image, err) - } - // set labels for handling distribution source to get automatic cross-repo blob mounting for the layers - info, _ := memoryStore.Info(context.TODO(), descriptor.Digest) - for _, layer := range man.Layers { - // only need to handle cross-repo blob mount for distributable layer types - if skippable(layer.MediaType) { - continue - } - info.Digest = layer.Digest - if _, err := memoryStore.Update(context.TODO(), info, ""); err != nil { - logrus.Warnf("couldn't update in-memory store labels for %v: %v", info.Digest, err) - } - } - - // finalize the platform object that will be used to push with this manifest - descriptor.Platform, err = resolvePlatform(descriptor, img, imgConfig) - if err != nil { - return hash, length, fmt.Errorf("Unable to create platform object for manifest %s: %v", descriptor.Digest.String(), err) - } - manifest := types.Manifest{ - Descriptor: descriptor, - PushRef: false, - } - - if reference.Path(ref) != reference.Path(targetRef) { - // the target manifest list/index is located in a different repo; need to push - // the manifest as a digest to the target repo before the list/index is pushed - manifest.PushRef = true - } - manifestList.Manifests = append(manifestList.Manifests, manifest) - } - - if ignoreMissing && len(manifestList.Manifests) == 0 { - // we need to verify we at least have one valid entry in the list - // otherwise our manifest list will be totally empty - return hash, length, fmt.Errorf("all entries were skipped due to missing source image references; no manifest list to push") - } - - return Push(manifestList, input.Tags, memoryStore) -} - -func resolvePlatform(descriptor ocispec.Descriptor, img types.ManifestEntry, imgConfig types.Image) (*ocispec.Platform, error) { - platform := &img.Platform - // fill os/arch from inspected image if not specified in input YAML - if platform.OS == "" && platform.Architecture == "" { - // prefer a full platform object, if one is already available (and appears to have meaningful content) - if descriptor.Platform != nil && (descriptor.Platform.OS != "" || descriptor.Platform.Architecture != "") { - platform = descriptor.Platform - } else if imgConfig.OS != "" || imgConfig.Architecture != "" { - platform.OS = imgConfig.OS - platform.Architecture = imgConfig.Architecture - } - } - // if Variant is specified in the origin image but not the descriptor or YAML, bubble it up - if imgConfig.Variant != "" && platform.Variant == "" { - platform.Variant = imgConfig.Variant - } - // Windows: if the origin image has OSFeature and/or OSVersion information, and - // these values were not specified in the creation YAML, then - // retain the origin values in the Platform definition for the manifest list: - if imgConfig.OSVersion != "" && platform.OSVersion == "" { - platform.OSVersion = imgConfig.OSVersion - } - if len(imgConfig.OSFeatures) > 0 && len(platform.OSFeatures) == 0 { - platform.OSFeatures = imgConfig.OSFeatures - } - - // validate os/arch input - if !util.IsValidOSArch(platform.OS, platform.Architecture, platform.Variant) { - return nil, fmt.Errorf("Manifest entry for image %s has unsupported os/arch or os/arch/variant combination: %s/%s/%s", img.Image, platform.OS, platform.Architecture, platform.Variant) - } - return platform, nil -} - -func skippable(mediaType string) bool { - // skip foreign/non-distributable layers - if strings.Index(mediaType, "foreign") > 0 || strings.Index(mediaType, "nondistributable") > 0 { - return true - } - // skip manifests (OCI or Dockerv2) as they are already handled on push references code - switch mediaType { - case ocispec.MediaTypeImageManifest, types.MediaTypeDockerSchema2Manifest: - return true - } - return false -} diff --git a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/pusher.go b/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/pusher.go deleted file mode 100644 index 24c791d81..000000000 --- a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/registry/pusher.go +++ /dev/null @@ -1,181 +0,0 @@ -package registry - -import ( - "context" - "encoding/json" - "fmt" - "strings" - - "github.com/estesp/manifest-tool/v2/pkg/store" - "github.com/estesp/manifest-tool/v2/pkg/types" - - "github.com/containerd/containerd/images" - "github.com/containerd/containerd/remotes" - "github.com/docker/distribution/manifest/manifestlist" - "github.com/docker/distribution/reference" - "github.com/opencontainers/go-digest" - specs "github.com/opencontainers/image-spec/specs-go" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -) - -// Push performs the actions required to push content to the specified registry endpoint -func Push(m types.ManifestList, addedTags []string, ms *store.MemoryStore) (string, int, error) { - // push manifest references to target ref (if required) - baseRef := reference.TrimNamed(m.Reference) - for _, man := range m.Manifests { - if man.PushRef { - ref, err := reference.WithDigest(baseRef, man.Descriptor.Digest) - if err != nil { - return "", 0, errors.Wrapf(err, "Error parsing reference for target manifest component push: %s", m.Reference.String()) - } - err = push(ref, man.Descriptor, m.Resolver, ms) - if err != nil { - return "", 0, errors.Wrapf(err, "Error pushing target manifest component reference: %s", ref.String()) - } - logrus.Infof("pushed manifest component reference (%s) to target namespace: %s", man.Descriptor.Digest.String(), ref.String()) - } - } - // build the manifest list/index entry to be pushed and save it in the content store - desc, indexJSON, err := buildManifest(m) - if err != nil { - return "", 0, errors.Wrap(err, "Error creating manifest list/index JSON") - } - ms.Set(desc, indexJSON) - - if err := push(m.Reference, desc, m.Resolver, ms); err != nil { - if strings.Contains(fmt.Sprint(err), "cannot reuse body") { - // until containerd/containerd issue #5978 (https://github.com/containerd/containerd/issues/5978) is - // fixed, we can work around this by attempting the push again now that the auth 401 is handled for - // registries like GCR and Quay.io - logrus.Debugf("body re-use error; will retry: %+v", err) - err := push(m.Reference, desc, m.Resolver, ms) - if err != nil { - return "", 0, errors.Wrapf(err, "Error pushing manifest list/index to registry: %s", desc.Digest.String()) - } - } else { - return "", 0, errors.Wrapf(err, "Error pushing manifest list/index to registry: %s", desc.Digest.String()) - } - } - for _, tag := range addedTags { - taggedRef, err := reference.WithTag(baseRef, tag) - logrus.Infof("pushing extra tag '%s' to manifest list/index: %s", tag, desc.Digest.String()) - if err != nil { - return "", 0, errors.Wrapf(err, "Error creating additional tag reference: %s", tag) - } - if err = pushTagOnly(taggedRef, desc, m.Resolver, ms); err != nil { - return "", 0, errors.Wrapf(err, "Error pushing additional tag reference: %s", tag) - } - } - return desc.Digest.String(), int(desc.Size), nil -} - -func buildManifest(m types.ManifestList) (ocispec.Descriptor, []byte, error) { - var ( - index interface{} - mediaType string - ) - switch m.Type { - case types.Docker: - index = dockerManifestList(m.Manifests) - mediaType = types.MediaTypeDockerSchema2ManifestList - - case types.OCI: - index = ociIndex(m.Manifests) - mediaType = ocispec.MediaTypeImageIndex - } - bytes, err := json.MarshalIndent(index, "", " ") - if err != nil { - return ocispec.Descriptor{}, []byte{}, err - } - desc := ocispec.Descriptor{ - Digest: digest.FromBytes(bytes), - MediaType: mediaType, - Size: int64(len(bytes)), - Annotations: map[string]string{}, - } - desc.Annotations[ocispec.AnnotationRefName] = m.Name - return desc, bytes, nil -} - -func push(ref reference.Reference, desc ocispec.Descriptor, resolver remotes.Resolver, ms *store.MemoryStore) error { - ctx := context.Background() - pusher, err := resolver.Pusher(ctx, ref.String()) - if err != nil { - return err - } - wrapper := func(f images.Handler) images.Handler { - return images.HandlerFunc(func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { - children, err := f.Handle(ctx, desc) - if err != nil { - return nil, err - } - filtered := children[:0] - for _, c := range children { - if !skippable(c.MediaType) { - filtered = append(filtered, c) - } - } - return filtered, nil - }) - } - return remotes.PushContent(ctx, pusher, desc, ms, nil, nil, wrapper) -} - -// used to push only a tag for the "additional tags" feature of manifest-tool -func pushTagOnly(ref reference.Reference, desc ocispec.Descriptor, resolver remotes.Resolver, ms *store.MemoryStore) error { - ctx := context.Background() - pusher, err := resolver.Pusher(ctx, ref.String()) - if err != nil { - return err - } - // wrapper will not descend to children; all components have already been pushed and we only want an additional - // tag on the root descriptor (e.g. pushing a "4.2", "4", and "latest" tags after pushing a full "4.2.2" image) - wrapper := func(f images.Handler) images.Handler { - return images.HandlerFunc(func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { - _, err := f.Handle(ctx, desc) - if err != nil { - return nil, err - } - return nil, nil - }) - } - desc.Annotations[ocispec.AnnotationRefName] = ref.String() - return remotes.PushContent(ctx, pusher, desc, ms, nil, nil, wrapper) -} - -func ociIndex(m []types.Manifest) ocispec.Index { - index := ocispec.Index{ - Versioned: specs.Versioned{ - SchemaVersion: 2, - }, - } - for _, man := range m { - index.Manifests = append(index.Manifests, man.Descriptor) - } - return index -} - -func dockerManifestList(m []types.Manifest) manifestlist.ManifestList { - ml := manifestlist.ManifestList{ - Versioned: manifestlist.SchemaVersion, - } - for _, man := range m { - ml.Manifests = append(ml.Manifests, dockerConvert(man.Descriptor)) - } - return ml -} - -func dockerConvert(m ocispec.Descriptor) manifestlist.ManifestDescriptor { - var md manifestlist.ManifestDescriptor - md.Digest = m.Digest - md.Size = m.Size - md.MediaType = m.MediaType - md.Platform.Architecture = m.Platform.Architecture - md.Platform.OS = m.Platform.OS - md.Platform.Variant = m.Platform.Variant - md.Platform.OSFeatures = m.Platform.OSFeatures - md.Platform.OSVersion = m.Platform.OSVersion - return md -} diff --git a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/store/store.go b/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/store/store.go deleted file mode 100644 index 01b37cfc6..000000000 --- a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/store/store.go +++ /dev/null @@ -1,304 +0,0 @@ -package store - -import ( - "bytes" - "context" - "io" - "sync" - "time" - - ccontent "github.com/containerd/containerd/content" - "github.com/containerd/containerd/errdefs" - "github.com/opencontainers/go-digest" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" - "oras.land/oras-go/v2/content/memory" -) - -// ensure interface -var ( - _ ccontent.Manager = &MemoryStore{} - _ ccontent.Provider = &MemoryStore{} - _ ccontent.Ingester = &MemoryStore{} - _ ccontent.ReaderAt = sizeReaderAt{} -) - -type labelStore struct { - l sync.RWMutex - labels map[digest.Digest]map[string]string -} - -// MemoryStore implements a simple in-memory content store for labels and -// descriptors (and associated content for manifests and configs) -type MemoryStore struct { - store *memory.Store - labels labelStore - nameMap map[string]ocispec.Descriptor -} - -func newLabelStore() labelStore { - return labelStore{ - labels: map[digest.Digest]map[string]string{}, - } -} - -// NewMemoryStore creates a memory store that implements the proper -// content interfaces to support simple push/inspect operations on -// containerd's content in a memory-only context -func NewMemoryStore() *MemoryStore { - return &MemoryStore{ - store: memory.New(), - labels: newLabelStore(), - nameMap: map[string]ocispec.Descriptor{}, - } -} - -// Update updates mutable label field content related to a descriptor -func (m *MemoryStore) Update(ctx context.Context, info ccontent.Info, fieldpaths ...string) (ccontent.Info, error) { - newLabels, err := m.update(info.Digest, info.Labels) - if err != nil { - return ccontent.Info{}, nil - } - info.Labels = newLabels - return info, nil -} - -// Walk is unimplemented -func (m *MemoryStore) Walk(ctx context.Context, fn ccontent.WalkFunc, filters ...string) error { - // unimplemented - return nil -} - -func (m *MemoryStore) update(d digest.Digest, update map[string]string) (map[string]string, error) { - m.labels.l.Lock() - labels, ok := m.labels.labels[d] - if !ok { - labels = map[string]string{} - } - for k, v := range update { - if v == "" { - delete(labels, k) - } else { - labels[k] = v - } - } - m.labels.labels[d] = labels - m.labels.l.Unlock() - - return labels, nil -} - -// Delete is unimplemented as we don't use it in the flow of manifest-tool -func (m *MemoryStore) Delete(ctx context.Context, d digest.Digest) error { - return nil -} - -// Info returns the info for a specific digest -func (m *MemoryStore) Info(ctx context.Context, d digest.Digest) (ccontent.Info, error) { - m.labels.l.RLock() - info := ccontent.Info{ - Digest: d, - Labels: m.labels.labels[d], - } - m.labels.l.RUnlock() - return info, nil -} - -// ReaderAt returns a reader for a descriptor -func (m *MemoryStore) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (ccontent.ReaderAt, error) { - rc, err := m.store.Fetch(context.Background(), desc) - if err != nil { - return nil, errdefs.ErrNotFound - } - defer rc.Close() - - var buf bytes.Buffer - if _, err := io.Copy(&buf, rc); err != nil { - return nil, err - } - - return sizeReaderAt{ - readAtCloser: nopCloser{ - ReaderAt: bytes.NewReader(buf.Bytes()), - }, - size: desc.Size, - }, nil -} - -// Writer returns a content writer given the specific options -func (m *MemoryStore) Writer(ctx context.Context, opts ...ccontent.WriterOpt) (ccontent.Writer, error) { - // this function is the original `Writer` implementation from oras 0.9.x, copied as-is - // given that oras-go v1.2.x has changed the signature and the implementation under a "Pusher" method - var wOpts ccontent.WriterOpts - for _, opt := range opts { - if err := opt(&wOpts); err != nil { - return nil, err - } - } - desc := wOpts.Desc - - name, _ := resolveName(desc) - - now := time.Now() - return &memoryWriter{ - store: m.store, - buffer: bytes.NewBuffer(nil), - desc: desc, - digester: digest.Canonical.Digester(), - status: ccontent.Status{ - Ref: name, - Total: desc.Size, - StartedAt: now, - UpdatedAt: now, - }, - }, nil -} - -// Get returns the content for a specific descriptor -func (m *MemoryStore) Get(desc ocispec.Descriptor) (ocispec.Descriptor, []byte, bool) { - rc, err := m.store.Fetch(context.Background(), desc) - if err != nil { - return desc, nil, false - } - defer rc.Close() - - var buf bytes.Buffer - if _, err := io.Copy(&buf, rc); err != nil { - return desc, nil, false - } - return desc, buf.Bytes(), true -} - -// Set sets the content for a specific descriptor -func (m *MemoryStore) Set(desc ocispec.Descriptor, content []byte) { - if name, ok := resolveName(desc); ok { - m.nameMap[name] = desc - } - _ = m.store.Push(context.Background(), desc, bytes.NewReader(content)) -} - -// GetByName retrieves a descriptor based on the associated name -func (m *MemoryStore) GetByName(name string) (desc ocispec.Descriptor, content []byte, found bool) { - desc, found = m.nameMap[name] - if !found { - return desc, nil, false - } - return m.Get(desc) -} - -// Abort is not implemented or needed in this context -func (m *MemoryStore) Abort(ctx context.Context, ref string) error { - return nil -} - -// ListStatuses is not implemented or needed in this context -func (m *MemoryStore) ListStatuses(ctx context.Context, filters ...string) ([]ccontent.Status, error) { - return []ccontent.Status{}, nil -} - -// Status is not implemented or needed in this context -func (m *MemoryStore) Status(ctx context.Context, ref string) (ccontent.Status, error) { - return ccontent.Status{}, nil -} - -// the rest of this file contains the original "memoryWriter" implementation -// from oras 0.9.x to support the `Writer` function above as well as the -// `ReaderAt` implementation that uses the interfaces below - -type readAtCloser interface { - io.ReaderAt - io.Closer -} - -type sizeReaderAt struct { - readAtCloser - size int64 -} - -func (ra sizeReaderAt) Size() int64 { - return ra.size -} - -type nopCloser struct { - io.ReaderAt -} - -func (nopCloser) Close() error { - return nil -} - -type memoryWriter struct { - store *memory.Store - buffer *bytes.Buffer - desc ocispec.Descriptor - digester digest.Digester - status ccontent.Status -} - -func (w *memoryWriter) Status() (ccontent.Status, error) { - return w.status, nil -} - -// Digest returns the current digest of the content, up to the current write. -// -// Cannot be called concurrently with `Write`. -func (w *memoryWriter) Digest() digest.Digest { - return w.digester.Digest() -} - -// Write p to the transaction. -func (w *memoryWriter) Write(p []byte) (n int, err error) { - n, err = w.buffer.Write(p) - w.digester.Hash().Write(p[:n]) - w.status.Offset += int64(len(p)) - w.status.UpdatedAt = time.Now() - return n, err -} - -func (w *memoryWriter) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...ccontent.Opt) error { - var base ccontent.Info - for _, opt := range opts { - if err := opt(&base); err != nil { - return err - } - } - - if w.buffer == nil { - return errors.Wrap(errdefs.ErrFailedPrecondition, "cannot commit on closed writer") - } - content := w.buffer.Bytes() - w.buffer = nil - - if size > 0 && size != int64(len(content)) { - return errors.Wrapf(errdefs.ErrFailedPrecondition, "unexpected commit size %d, expected %d", len(content), size) - } - if dgst := w.digester.Digest(); expected != "" && expected != dgst { - return errors.Wrapf(errdefs.ErrFailedPrecondition, "unexpected commit digest %s, expected %s", dgst, expected) - } - - _ = w.store.Push(context.Background(), w.desc, bytes.NewReader(content)) - return nil -} - -func (w *memoryWriter) Close() error { - w.buffer = nil - return nil -} - -func (w *memoryWriter) Truncate(size int64) error { - if size != 0 { - return errdefs.ErrInvalidArgument - } - w.status.Offset = 0 - w.digester.Hash().Reset() - w.buffer.Truncate(0) - return nil -} - -func resolveName(desc ocispec.Descriptor) (string, bool) { - if desc.Annotations == nil { - return "", false - } - name, ok := desc.Annotations[ocispec.AnnotationRefName] - return name, ok -} diff --git a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/image.go b/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/image.go deleted file mode 100644 index 61d3f34cd..000000000 --- a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/image.go +++ /dev/null @@ -1,23 +0,0 @@ -package types - -import ( - ocispec "github.com/opencontainers/image-spec/specs-go/v1" -) - -const ( - // MediaTypeDockerSchema2Manifest is the Docker v2.2 schema media type for a manifest object - MediaTypeDockerSchema2Manifest = "application/vnd.docker.distribution.manifest.v2+json" - // MediaTypeDockerSchema2ManifestList is the Docker v2.2 schema media type for a manifest list object - MediaTypeDockerSchema2ManifestList = "application/vnd.docker.distribution.manifest.list.v2+json" - // MediaTypeDockerTarGzipLayer is the Docker schema media type for a tar+gzip filesystem layer - MediaTypeDockerTarGzipLayer = "application/vnd.docker.image.rootfs.diff.tar.gzip" -) - -// Image struct handles Windows support extensions to OCI spec -type Image struct { - ocispec.Image - // TODO https://github.com/opencontainers/image-spec/pull/809 - Variant string `json:"variant,omitempty"` - OSVersion string `json:"os.version,omitempty"` - OSFeatures []string `json:"os.features,omitempty"` -} diff --git a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/input.go b/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/input.go deleted file mode 100644 index e0618de68..000000000 --- a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/input.go +++ /dev/null @@ -1,18 +0,0 @@ -package types - -import ocispec "github.com/opencontainers/image-spec/specs-go/v1" - -// YAMLInput contains the parsed yaml fields from the push -// command of manifest-tool -type YAMLInput struct { - Image string - Tags []string - Manifests []ManifestEntry -} - -// ManifestEntry contains an image reference and it's corresponding OCI -// platform definition (OS/Arch/Variant) -type ManifestEntry struct { - Image string - Platform ocispec.Platform -} diff --git a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/manifests.go b/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/manifests.go deleted file mode 100644 index f0c4af6d7..000000000 --- a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/manifests.go +++ /dev/null @@ -1,39 +0,0 @@ -package types - -import ( - "github.com/containerd/containerd/remotes" - "github.com/docker/distribution/reference" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" -) - -// ManifestType specifies whether to use the OCI index media type and -// format or the Docker manifestList media type and format for the -// registry push operation. -type ManifestType int - -const ( - // OCI is used to specify the "index" type - OCI ManifestType = iota - // Docker is used for the "manifestList" type - Docker -) - -// ManifestList represents the information necessary to assemble and -// push the right data to a registry to form a manifestlist or OCI index -// entry. -type ManifestList struct { - Name string - Type ManifestType - Reference reference.Named - Resolver remotes.Resolver - Manifests []Manifest -} - -// Manifest is an ocispec.Descriptor of media type manifest (OCI or Docker) -// along with a boolean to help determine whether a reference to the manifest -// must be pushed to the target (manifest list) repo location before finalizing -// the manifest list push operation. -type Manifest struct { - Descriptor ocispec.Descriptor - PushRef bool -} diff --git a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/request.go b/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/request.go deleted file mode 100644 index c2d651b3e..000000000 --- a/src/cmd/linuxkit/vendor/github.com/estesp/manifest-tool/v2/pkg/types/request.go +++ /dev/null @@ -1,45 +0,0 @@ -package types - -import ( - "github.com/containerd/containerd/remotes" - "github.com/docker/distribution/reference" - digest "github.com/opencontainers/go-digest" -) - -// Request represents a registry reference and (optional) digest to a specific container manifest -type Request struct { - reference reference.Named - digest digest.Digest - mediaTypes []string - resolver remotes.Resolver -} - -// NewRequest creates a request from supplied image parameters -func NewRequest(ref reference.Named, digest digest.Digest, mediaTypes []string, resolver remotes.Resolver) *Request { - return &Request{ - reference: ref, - digest: digest, - mediaTypes: mediaTypes, - resolver: resolver, - } -} - -// MediaTypes returns the media type string for this image -func (r *Request) MediaTypes() []string { - return r.mediaTypes -} - -// Reference returns the image reference as a `Named` object -func (r *Request) Reference() reference.Named { - return r.reference -} - -// Digest returns the image digest hash of this image manifest -func (r *Request) Digest() digest.Digest { - return r.digest -} - -// Resolver returns the containerd remote's Docker resolver to use for the request -func (r *Request) Resolver() remotes.Resolver { - return r.resolver -} diff --git a/src/cmd/linuxkit/vendor/modules.txt b/src/cmd/linuxkit/vendor/modules.txt index 3eac76367..065650161 100644 --- a/src/cmd/linuxkit/vendor/modules.txt +++ b/src/cmd/linuxkit/vendor/modules.txt @@ -218,10 +218,7 @@ github.com/docker/cli/cli/connhelper/commandconn github.com/docker/cli/cli/connhelper/ssh # github.com/docker/distribution v2.8.1+incompatible ## explicit -github.com/docker/distribution github.com/docker/distribution/digestset -github.com/docker/distribution/manifest -github.com/docker/distribution/manifest/manifestlist github.com/docker/distribution/reference github.com/docker/distribution/registry/client/auth/challenge # github.com/docker/docker v23.0.0-rc.1+incompatible @@ -261,9 +258,6 @@ github.com/docker/go-connections/tlsconfig github.com/docker/go-units # github.com/estesp/manifest-tool/v2 v2.0.7-0.20230216152337-24a86fc0b513 ## explicit; go 1.19 -github.com/estesp/manifest-tool/v2/pkg/registry -github.com/estesp/manifest-tool/v2/pkg/store -github.com/estesp/manifest-tool/v2/pkg/types github.com/estesp/manifest-tool/v2/pkg/util # github.com/felixge/httpsnoop v1.0.2 ## explicit; go 1.13 @@ -904,16 +898,3 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# oras.land/oras-go/v2 v2.0.0 -## explicit; go 1.18 -oras.land/oras-go/v2/content -oras.land/oras-go/v2/content/memory -oras.land/oras-go/v2/errdef -oras.land/oras-go/v2/internal/cas -oras.land/oras-go/v2/internal/descriptor -oras.land/oras-go/v2/internal/docker -oras.land/oras-go/v2/internal/graph -oras.land/oras-go/v2/internal/ioutil -oras.land/oras-go/v2/internal/resolver -oras.land/oras-go/v2/internal/status -oras.land/oras-go/v2/internal/syncutil diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/LICENSE b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/LICENSE deleted file mode 100644 index a67d16938..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2021 ORAS Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/descriptor.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/descriptor.go deleted file mode 100644 index 8e6c25dec..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/descriptor.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package content - -import ( - "github.com/opencontainers/go-digest" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/internal/descriptor" -) - -// NewDescriptorFromBytes returns a descriptor, given the content and media type. -// If no media type is specified, "application/octet-stream" will be used. -func NewDescriptorFromBytes(mediaType string, content []byte) ocispec.Descriptor { - if mediaType == "" { - mediaType = descriptor.DefaultMediaType - } - return ocispec.Descriptor{ - MediaType: mediaType, - Digest: digest.FromBytes(content), - Size: int64(len(content)), - } -} - -// Equal returns true if two descriptors point to the same content. -func Equal(a, b ocispec.Descriptor) bool { - return a.Size == b.Size && a.Digest == b.Digest && a.MediaType == b.MediaType -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/graph.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/graph.go deleted file mode 100644 index 642789f9b..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/graph.go +++ /dev/null @@ -1,106 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package content - -import ( - "context" - "encoding/json" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/internal/docker" -) - -// PredecessorFinder finds out the nodes directly pointing to a given node of a -// directed acyclic graph. -// In other words, returns the "parents" of the current descriptor. -// PredecessorFinder is an extension of Storage. -type PredecessorFinder interface { - // Predecessors returns the nodes directly pointing to the current node. - Predecessors(ctx context.Context, node ocispec.Descriptor) ([]ocispec.Descriptor, error) -} - -// GraphStorage represents a CAS that supports direct predecessor node finding. -type GraphStorage interface { - Storage - PredecessorFinder -} - -// ReadOnlyGraphStorage represents a read-only GraphStorage. -type ReadOnlyGraphStorage interface { - ReadOnlyStorage - PredecessorFinder -} - -// Successors returns the nodes directly pointed by the current node. -// In other words, returns the "children" of the current descriptor. -func Successors(ctx context.Context, fetcher Fetcher, node ocispec.Descriptor) ([]ocispec.Descriptor, error) { - switch node.MediaType { - case docker.MediaTypeManifest: - content, err := FetchAll(ctx, fetcher, node) - if err != nil { - return nil, err - } - // OCI manifest schema can be used to marshal docker manifest - var manifest ocispec.Manifest - if err := json.Unmarshal(content, &manifest); err != nil { - return nil, err - } - return append([]ocispec.Descriptor{manifest.Config}, manifest.Layers...), nil - case ocispec.MediaTypeImageManifest: - content, err := FetchAll(ctx, fetcher, node) - if err != nil { - return nil, err - } - var manifest ocispec.Manifest - if err := json.Unmarshal(content, &manifest); err != nil { - return nil, err - } - var nodes []ocispec.Descriptor - if manifest.Subject != nil { - nodes = append(nodes, *manifest.Subject) - } - nodes = append(nodes, manifest.Config) - return append(nodes, manifest.Layers...), nil - case docker.MediaTypeManifestList, ocispec.MediaTypeImageIndex: - content, err := FetchAll(ctx, fetcher, node) - if err != nil { - return nil, err - } - - // docker manifest list and oci index are equivalent for successors. - var index ocispec.Index - if err := json.Unmarshal(content, &index); err != nil { - return nil, err - } - return index.Manifests, nil - case ocispec.MediaTypeArtifactManifest: - content, err := FetchAll(ctx, fetcher, node) - if err != nil { - return nil, err - } - - var manifest ocispec.Artifact - if err := json.Unmarshal(content, &manifest); err != nil { - return nil, err - } - var nodes []ocispec.Descriptor - if manifest.Subject != nil { - nodes = append(nodes, *manifest.Subject) - } - return append(nodes, manifest.Blobs...), nil - } - return nil, nil -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/limitedstorage.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/limitedstorage.go deleted file mode 100644 index 9a6df2f82..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/limitedstorage.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package content - -import ( - "context" - "fmt" - "io" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/errdef" -) - -// LimitedStorage represents a CAS with a push size limit. -type LimitedStorage struct { - Storage // underlying storage - PushLimit int64 // max size for push -} - -// Push pushes the content, matching the expected descriptor. -// The size of the content cannot exceed the push size limit. -func (ls *LimitedStorage) Push(ctx context.Context, expected ocispec.Descriptor, content io.Reader) error { - if expected.Size > ls.PushLimit { - return fmt.Errorf( - "content size %v exceeds push size limit %v: %w", - expected.Size, - ls.PushLimit, - errdef.ErrSizeExceedsLimit) - } - - return ls.Storage.Push(ctx, expected, io.LimitReader(content, expected.Size)) -} - -// LimitStorage returns a storage with a push size limit. -func LimitStorage(s Storage, n int64) *LimitedStorage { - return &LimitedStorage{s, n} -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/memory/memory.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/memory/memory.go deleted file mode 100644 index f4e6c1d96..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/memory/memory.go +++ /dev/null @@ -1,96 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package memory provides implementation of a memory backed content store. -package memory - -import ( - "context" - "fmt" - "io" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/content" - "oras.land/oras-go/v2/errdef" - "oras.land/oras-go/v2/internal/cas" - "oras.land/oras-go/v2/internal/graph" - "oras.land/oras-go/v2/internal/resolver" -) - -// Store represents a memory based store, which implements `oras.Target`. -type Store struct { - storage content.Storage - resolver content.TagResolver - graph *graph.Memory -} - -// New creates a new memory based store. -func New() *Store { - return &Store{ - storage: cas.NewMemory(), - resolver: resolver.NewMemory(), - graph: graph.NewMemory(), - } -} - -// Fetch fetches the content identified by the descriptor. -func (s *Store) Fetch(ctx context.Context, target ocispec.Descriptor) (io.ReadCloser, error) { - return s.storage.Fetch(ctx, target) -} - -// Push pushes the content, matching the expected descriptor. -func (s *Store) Push(ctx context.Context, expected ocispec.Descriptor, reader io.Reader) error { - if err := s.storage.Push(ctx, expected, reader); err != nil { - return err - } - - // index predecessors. - // there is no data consistency issue as long as deletion is not implemented - // for the memory store. - return s.graph.Index(ctx, s.storage, expected) -} - -// Exists returns true if the described content exists. -func (s *Store) Exists(ctx context.Context, target ocispec.Descriptor) (bool, error) { - return s.storage.Exists(ctx, target) -} - -// Resolve resolves a reference to a descriptor. -func (s *Store) Resolve(ctx context.Context, reference string) (ocispec.Descriptor, error) { - return s.resolver.Resolve(ctx, reference) -} - -// Tag tags a descriptor with a reference string. -// Returns ErrNotFound if the tagged content does not exist. -func (s *Store) Tag(ctx context.Context, desc ocispec.Descriptor, reference string) error { - exists, err := s.storage.Exists(ctx, desc) - if err != nil { - return err - } - if !exists { - return fmt.Errorf("%s: %s: %w", desc.Digest, desc.MediaType, errdef.ErrNotFound) - } - return s.resolver.Tag(ctx, desc, reference) -} - -// Predecessors returns the nodes directly pointing to the current node. -// Predecessors returns nil without error if the node does not exists in the -// store. -// Like other operations, calling Predecessors() is go-routine safe. However, -// it does not necessarily correspond to any consistent snapshot of the stored -// contents. -func (s *Store) Predecessors(ctx context.Context, node ocispec.Descriptor) ([]ocispec.Descriptor, error) { - return s.graph.Predecessors(ctx, node) -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/reader.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/reader.go deleted file mode 100644 index 11d27b236..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/reader.go +++ /dev/null @@ -1,141 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package content - -import ( - "errors" - "fmt" - "io" - - "github.com/opencontainers/go-digest" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" -) - -var ( - // ErrInvalidDescriptorSize is returned by ReadAll() when - // the descriptor has an invalid size. - ErrInvalidDescriptorSize = errors.New("invalid descriptor size") - - // ErrMismatchedDigest is returned by ReadAll() when - // the descriptor has an invalid digest. - ErrMismatchedDigest = errors.New("mismatched digest") - - // ErrTrailingData is returned by ReadAll() when - // there exists trailing data unread when the read terminates. - ErrTrailingData = errors.New("trailing data") -) - -var ( - // errEarlyVerify is returned by VerifyReader.Verify() when - // Verify() is called before completing reading the entire content blob. - errEarlyVerify = errors.New("early verify") -) - -// VerifyReader reads the content described by its descriptor and verifies -// against its size and digest. -type VerifyReader struct { - base *io.LimitedReader - verifier digest.Verifier - verified bool - err error -} - -// Read reads up to len(p) bytes into p. It returns the number of bytes -// read (0 <= n <= len(p)) and any error encountered. -func (vr *VerifyReader) Read(p []byte) (n int, err error) { - if vr.err != nil { - return 0, vr.err - } - - n, err = vr.base.Read(p) - if err != nil { - if err == io.EOF && vr.base.N > 0 { - err = io.ErrUnexpectedEOF - } - vr.err = err - } - return -} - -// Verify verifies the read content against the size and the digest. -func (vr *VerifyReader) Verify() error { - if vr.verified { - return nil - } - if vr.err == nil { - if vr.base.N > 0 { - return errEarlyVerify - } - } else if vr.err != io.EOF { - return vr.err - } - - if err := ensureEOF(vr.base.R); err != nil { - vr.err = err - return vr.err - } - if !vr.verifier.Verified() { - vr.err = ErrMismatchedDigest - return vr.err - } - - vr.verified = true - vr.err = io.EOF - return nil -} - -// NewVerifyReader wraps r for reading content with verification against desc. -func NewVerifyReader(r io.Reader, desc ocispec.Descriptor) *VerifyReader { - verifier := desc.Digest.Verifier() - lr := &io.LimitedReader{ - R: io.TeeReader(r, verifier), - N: desc.Size, - } - return &VerifyReader{ - base: lr, - verifier: verifier, - } -} - -// ReadAll safely reads the content described by the descriptor. -// The read content is verified against the size and the digest -// using a VerifyReader. -func ReadAll(r io.Reader, desc ocispec.Descriptor) ([]byte, error) { - if desc.Size < 0 { - return nil, ErrInvalidDescriptorSize - } - buf := make([]byte, desc.Size) - - vr := NewVerifyReader(r, desc) - if _, err := io.ReadFull(vr, buf); err != nil { - return nil, fmt.Errorf("read failed: %w", err) - } - if err := vr.Verify(); err != nil { - return nil, err - } - return buf, nil -} - -// ensureEOF ensures the read operation ends with an EOF and no -// trailing data is present. -func ensureEOF(r io.Reader) error { - var peek [1]byte - _, err := io.ReadFull(r, peek[:]) - if err != io.EOF { - return ErrTrailingData - } - return nil -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/resolver.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/resolver.go deleted file mode 100644 index b536b5ddc..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/resolver.go +++ /dev/null @@ -1,41 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package content provides implementations to access content stores. -package content - -import ( - "context" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" -) - -// Resolver resolves reference tags. -type Resolver interface { - // Resolve resolves a reference to a descriptor. - Resolve(ctx context.Context, reference string) (ocispec.Descriptor, error) -} - -// Tagger tags reference tags. -type Tagger interface { - // Tag tags a descriptor with a reference string. - Tag(ctx context.Context, desc ocispec.Descriptor, reference string) error -} - -// TagResolver provides reference tag indexing services. -type TagResolver interface { - Tagger - Resolver -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/storage.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/storage.go deleted file mode 100644 index 971142cbf..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/content/storage.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package content - -import ( - "context" - "io" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" -) - -// Fetcher fetches content. -type Fetcher interface { - // Fetch fetches the content identified by the descriptor. - Fetch(ctx context.Context, target ocispec.Descriptor) (io.ReadCloser, error) -} - -// Pusher pushes content. -type Pusher interface { - // Push pushes the content, matching the expected descriptor. - // Reader is perferred to Writer so that the suitable buffer size can be - // chosen by the underlying implementation. Furthermore, the implementation - // can also do reflection on the Reader for more advanced I/O optimization. - Push(ctx context.Context, expected ocispec.Descriptor, content io.Reader) error -} - -// Storage represents a content-addressable storage (CAS) where contents are -// accessed via Descriptors. -// The storage is designed to handle blobs of large sizes. -type Storage interface { - ReadOnlyStorage - Pusher -} - -// ReadOnlyStorage represents a read-only Storage. -type ReadOnlyStorage interface { - Fetcher - - // Exists returns true if the described content exists. - Exists(ctx context.Context, target ocispec.Descriptor) (bool, error) -} - -// Deleter removes content. -// Deleter is an extension of Storage. -type Deleter interface { - // Delete removes the content identified by the descriptor. - Delete(ctx context.Context, target ocispec.Descriptor) error -} - -// FetchAll safely fetches the content described by the descriptor. -// The fetched content is verified against the size and the digest. -func FetchAll(ctx context.Context, fetcher Fetcher, desc ocispec.Descriptor) ([]byte, error) { - rc, err := fetcher.Fetch(ctx, desc) - if err != nil { - return nil, err - } - defer rc.Close() - return ReadAll(rc, desc) -} - -// FetcherFunc is the basic Fetch method defined in Fetcher. -type FetcherFunc func(ctx context.Context, target ocispec.Descriptor) (io.ReadCloser, error) - -// Fetch performs Fetch operation by the FetcherFunc. -func (fn FetcherFunc) Fetch(ctx context.Context, target ocispec.Descriptor) (io.ReadCloser, error) { - return fn(ctx, target) -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/errdef/errors.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/errdef/errors.go deleted file mode 100644 index 030360edb..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/errdef/errors.go +++ /dev/null @@ -1,30 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package errdef - -import "errors" - -// Common errors used in ORAS -var ( - ErrAlreadyExists = errors.New("already exists") - ErrInvalidDigest = errors.New("invalid digest") - ErrInvalidReference = errors.New("invalid reference") - ErrMissingReference = errors.New("missing reference") - ErrNotFound = errors.New("not found") - ErrSizeExceedsLimit = errors.New("size exceeds limit") - ErrUnsupported = errors.New("unsupported") - ErrUnsupportedVersion = errors.New("unsupported version") -) diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/cas/memory.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/cas/memory.go deleted file mode 100644 index 7e358e136..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/cas/memory.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cas - -import ( - "bytes" - "context" - "fmt" - "io" - "sync" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - contentpkg "oras.land/oras-go/v2/content" - "oras.land/oras-go/v2/errdef" - "oras.land/oras-go/v2/internal/descriptor" -) - -// Memory is a memory based CAS. -type Memory struct { - content sync.Map // map[descriptor.Descriptor][]byte -} - -// NewMemory creates a new Memory CAS. -func NewMemory() *Memory { - return &Memory{} -} - -// Fetch fetches the content identified by the descriptor. -func (m *Memory) Fetch(_ context.Context, target ocispec.Descriptor) (io.ReadCloser, error) { - key := descriptor.FromOCI(target) - content, exists := m.content.Load(key) - if !exists { - return nil, fmt.Errorf("%s: %s: %w", key.Digest, key.MediaType, errdef.ErrNotFound) - } - return io.NopCloser(bytes.NewReader(content.([]byte))), nil -} - -// Push pushes the content, matching the expected descriptor. -func (m *Memory) Push(_ context.Context, expected ocispec.Descriptor, content io.Reader) error { - key := descriptor.FromOCI(expected) - - // check if the content exists in advance to avoid reading from the content. - if _, exists := m.content.Load(key); exists { - return fmt.Errorf("%s: %s: %w", key.Digest, key.MediaType, errdef.ErrAlreadyExists) - } - - // read and try to store the content. - value, err := contentpkg.ReadAll(content, expected) - if err != nil { - return err - } - if _, exists := m.content.LoadOrStore(key, value); exists { - return fmt.Errorf("%s: %s: %w", key.Digest, key.MediaType, errdef.ErrAlreadyExists) - } - return nil -} - -// Exists returns true if the described content exists. -func (m *Memory) Exists(_ context.Context, target ocispec.Descriptor) (bool, error) { - key := descriptor.FromOCI(target) - _, exists := m.content.Load(key) - return exists, nil -} - -// Map dumps the memory into a built-in map structure. -// Like other operations, calling Map() is go-routine safe. However, it does not -// necessarily correspond to any consistent snapshot of the storage contents. -func (m *Memory) Map() map[descriptor.Descriptor][]byte { - res := make(map[descriptor.Descriptor][]byte) - m.content.Range(func(key, value interface{}) bool { - res[key.(descriptor.Descriptor)] = value.([]byte) - return true - }) - return res -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/cas/proxy.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/cas/proxy.go deleted file mode 100644 index ada5f94e0..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/cas/proxy.go +++ /dev/null @@ -1,125 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cas - -import ( - "context" - "io" - "sync" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/content" - "oras.land/oras-go/v2/internal/ioutil" -) - -// Proxy is a caching proxy for the storage. -// The first fetch call of a described content will read from the remote and -// cache the fetched content. -// The subsequent fetch call will read from the local cache. -type Proxy struct { - content.ReadOnlyStorage - Cache content.Storage - StopCaching bool -} - -// NewProxy creates a proxy for the `base` storage, using the `cache` storage as -// the cache. -func NewProxy(base content.ReadOnlyStorage, cache content.Storage) *Proxy { - return &Proxy{ - ReadOnlyStorage: base, - Cache: cache, - } -} - -// NewProxyWithLimit creates a proxy for the `base` storage, using the `cache` -// storage with a push size limit as the cache. -func NewProxyWithLimit(base content.ReadOnlyStorage, cache content.Storage, pushLimit int64) *Proxy { - limitedCache := content.LimitStorage(cache, pushLimit) - return &Proxy{ - ReadOnlyStorage: base, - Cache: limitedCache, - } -} - -// Fetch fetches the content identified by the descriptor. -func (p *Proxy) Fetch(ctx context.Context, target ocispec.Descriptor) (io.ReadCloser, error) { - if p.StopCaching { - return p.FetchCached(ctx, target) - } - - rc, err := p.Cache.Fetch(ctx, target) - if err == nil { - return rc, nil - } - - rc, err = p.ReadOnlyStorage.Fetch(ctx, target) - if err != nil { - return nil, err - } - pr, pw := io.Pipe() - var wg sync.WaitGroup - wg.Add(1) - var pushErr error - go func() { - defer wg.Done() - pushErr = p.Cache.Push(ctx, target, pr) - if pushErr != nil { - pr.CloseWithError(pushErr) - } - }() - closer := ioutil.CloserFunc(func() error { - rcErr := rc.Close() - if err := pw.Close(); err != nil { - return err - } - wg.Wait() - if pushErr != nil { - return pushErr - } - return rcErr - }) - - return struct { - io.Reader - io.Closer - }{ - Reader: io.TeeReader(rc, pw), - Closer: closer, - }, nil -} - -// FetchCached fetches the content identified by the descriptor. -// If the content is not cached, it will be fetched from the remote without -// caching. -func (p *Proxy) FetchCached(ctx context.Context, target ocispec.Descriptor) (io.ReadCloser, error) { - exists, err := p.Cache.Exists(ctx, target) - if err != nil { - return nil, err - } - if exists { - return p.Cache.Fetch(ctx, target) - } - return p.ReadOnlyStorage.Fetch(ctx, target) -} - -// Exists returns true if the described content exists. -func (p *Proxy) Exists(ctx context.Context, target ocispec.Descriptor) (bool, error) { - exists, err := p.Cache.Exists(ctx, target) - if err == nil && exists { - return true, nil - } - return p.ReadOnlyStorage.Exists(ctx, target) -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/descriptor/descriptor.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/descriptor/descriptor.go deleted file mode 100644 index 596a34da4..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/descriptor/descriptor.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package descriptor - -import ( - "github.com/opencontainers/go-digest" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/internal/docker" -) - -// DefaultMediaType is the media type used when no media type is specified. -const DefaultMediaType string = "application/octet-stream" - -// Descriptor contains the minimun information to describe the disposition of -// targeted content. -// Since it only has strings and integers, Descriptor is a comparable struct. -type Descriptor struct { - // MediaType is the media type of the object this schema refers to. - MediaType string `json:"mediaType,omitempty"` - - // Digest is the digest of the targeted content. - Digest digest.Digest `json:"digest"` - - // Size specifies the size in bytes of the blob. - Size int64 `json:"size"` -} - -// Empty is an empty descriptor -var Empty Descriptor - -// FromOCI shrinks the OCI descriptor to the minimum. -func FromOCI(desc ocispec.Descriptor) Descriptor { - return Descriptor{ - MediaType: desc.MediaType, - Digest: desc.Digest, - Size: desc.Size, - } -} - -// IsForeignLayer checks if a descriptor describes a foreign layer. -func IsForeignLayer(desc ocispec.Descriptor) bool { - switch desc.MediaType { - case ocispec.MediaTypeImageLayerNonDistributable, - ocispec.MediaTypeImageLayerNonDistributableGzip, - ocispec.MediaTypeImageLayerNonDistributableZstd, - docker.MediaTypeForeignLayer: - return true - default: - return false - } -} - -// IsManifest checks if a descriptor describes a manifest. -func IsManifest(desc ocispec.Descriptor) bool { - switch desc.MediaType { - case docker.MediaTypeManifest, - docker.MediaTypeManifestList, - ocispec.MediaTypeImageManifest, - ocispec.MediaTypeImageIndex, - ocispec.MediaTypeArtifactManifest: - return true - default: - return false - } -} - -// Plain returns a plain descriptor that contains only MediaType, Digest and -// Size. -func Plain(desc ocispec.Descriptor) ocispec.Descriptor { - return ocispec.Descriptor{ - MediaType: desc.MediaType, - Digest: desc.Digest, - Size: desc.Size, - } -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/docker/mediatype.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/docker/mediatype.go deleted file mode 100644 index 76a4ba9ed..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/docker/mediatype.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package docker - -// docker media types -const ( - MediaTypeConfig = "application/vnd.docker.container.image.v1+json" - MediaTypeManifestList = "application/vnd.docker.distribution.manifest.list.v2+json" - MediaTypeManifest = "application/vnd.docker.distribution.manifest.v2+json" - MediaTypeForeignLayer = "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip" -) diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/graph/memory.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/graph/memory.go deleted file mode 100644 index 0aa25aee8..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/graph/memory.go +++ /dev/null @@ -1,134 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package graph - -import ( - "context" - "errors" - "sync" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/content" - "oras.land/oras-go/v2/errdef" - "oras.land/oras-go/v2/internal/descriptor" - "oras.land/oras-go/v2/internal/status" - "oras.land/oras-go/v2/internal/syncutil" -) - -// Memory is a memory based PredecessorFinder. -type Memory struct { - predecessors sync.Map // map[descriptor.Descriptor]map[descriptor.Descriptor]ocispec.Descriptor - indexed sync.Map // map[descriptor.Descriptor]any -} - -// NewMemory creates a new memory PredecessorFinder. -func NewMemory() *Memory { - return &Memory{} -} - -// Index indexes predecessors for each direct successor of the given node. -// There is no data consistency issue as long as deletion is not implemented -// for the underlying storage. -func (m *Memory) Index(ctx context.Context, fetcher content.Fetcher, node ocispec.Descriptor) error { - successors, err := content.Successors(ctx, fetcher, node) - if err != nil { - return err - } - - m.index(ctx, node, successors) - return nil -} - -// Index indexes predecessors for all the successors of the given node. -// There is no data consistency issue as long as deletion is not implemented -// for the underlying storage. -func (m *Memory) IndexAll(ctx context.Context, fetcher content.Fetcher, node ocispec.Descriptor) error { - // track content status - tracker := status.NewTracker() - - var fn syncutil.GoFunc[ocispec.Descriptor] - fn = func(ctx context.Context, region *syncutil.LimitedRegion, desc ocispec.Descriptor) error { - // skip the node if other go routine is working on it - _, committed := tracker.TryCommit(desc) - if !committed { - return nil - } - - // skip the node if it has been indexed - key := descriptor.FromOCI(desc) - _, exists := m.indexed.Load(key) - if exists { - return nil - } - - successors, err := content.Successors(ctx, fetcher, desc) - if err != nil { - if errors.Is(err, errdef.ErrNotFound) { - // skip the node if it does not exist - return nil - } - return err - } - m.index(ctx, desc, successors) - m.indexed.Store(key, nil) - - if len(successors) > 0 { - // traverse and index successors - return syncutil.Go(ctx, nil, fn, successors...) - } - return nil - } - return syncutil.Go(ctx, nil, fn, node) -} - -// Predecessors returns the nodes directly pointing to the current node. -// Predecessors returns nil without error if the node does not exists in the -// store. -// Like other operations, calling Predecessors() is go-routine safe. However, -// it does not necessarily correspond to any consistent snapshot of the stored -// contents. -func (m *Memory) Predecessors(_ context.Context, node ocispec.Descriptor) ([]ocispec.Descriptor, error) { - key := descriptor.FromOCI(node) - value, exists := m.predecessors.Load(key) - if !exists { - return nil, nil - } - predecessors := value.(*sync.Map) - - var res []ocispec.Descriptor - predecessors.Range(func(key, value interface{}) bool { - res = append(res, value.(ocispec.Descriptor)) - return true - }) - return res, nil -} - -// index indexes predecessors for each direct successor of the given node. -// There is no data consistency issue as long as deletion is not implemented -// for the underlying storage. -func (m *Memory) index(ctx context.Context, node ocispec.Descriptor, successors []ocispec.Descriptor) { - if len(successors) == 0 { - return - } - - predecessorKey := descriptor.FromOCI(node) - for _, successor := range successors { - successorKey := descriptor.FromOCI(successor) - value, _ := m.predecessors.LoadOrStore(successorKey, &sync.Map{}) - predecessors := value.(*sync.Map) - predecessors.Store(predecessorKey, node) - } -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/ioutil/io.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/ioutil/io.go deleted file mode 100644 index 888d26f89..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/ioutil/io.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package ioutil - -import ( - "fmt" - "io" - "reflect" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/content" -) - -// CloserFunc is the basic Close method defined in io.Closer. -type CloserFunc func() error - -// Close performs close operation by the CloserFunc. -func (fn CloserFunc) Close() error { - return fn() -} - -// CopyBuffer copies from src to dst through the provided buffer -// until either EOF is reached on src, or an error occurs. -// The copied content is verified against the size and the digest. -func CopyBuffer(dst io.Writer, src io.Reader, buf []byte, desc ocispec.Descriptor) error { - // verify while copying - vr := content.NewVerifyReader(src, desc) - if _, err := io.CopyBuffer(dst, vr, buf); err != nil { - return fmt.Errorf("copy failed: %w", err) - } - return vr.Verify() -} - -// nopCloserType is the type of `io.NopCloser()`. -var nopCloserType = reflect.TypeOf(io.NopCloser(nil)) - -// UnwrapNopCloser unwraps the reader wrapped by `io.NopCloser()`. -// Similar implementation can be found in the built-in package `net/http`. -// Reference: https://github.com/golang/go/blob/go1.17.6/src/net/http/transfer.go#L423-L425 -func UnwrapNopCloser(rc io.Reader) io.Reader { - if reflect.TypeOf(rc) == nopCloserType { - return reflect.ValueOf(rc).Field(0).Interface().(io.Reader) - } - return rc -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/resolver/memory.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/resolver/memory.go deleted file mode 100644 index 6fac5e2d0..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/resolver/memory.go +++ /dev/null @@ -1,61 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resolver - -import ( - "context" - "sync" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/errdef" -) - -// Memory is a memory based resolver. -type Memory struct { - index sync.Map // map[string]ocispec.Descriptor -} - -// NewMemory creates a new Memory resolver. -func NewMemory() *Memory { - return &Memory{} -} - -// Resolve resolves a reference to a descriptor. -func (m *Memory) Resolve(_ context.Context, reference string) (ocispec.Descriptor, error) { - desc, ok := m.index.Load(reference) - if !ok { - return ocispec.Descriptor{}, errdef.ErrNotFound - } - return desc.(ocispec.Descriptor), nil -} - -// Tag tags a descriptor with a reference string. -func (m *Memory) Tag(_ context.Context, desc ocispec.Descriptor, reference string) error { - m.index.Store(reference, desc) - return nil -} - -// Map dumps the memory into a built-in map structure. -// Like other operations, calling Map() is go-routine safe. However, it does not -// necessarily correspond to any consistent snapshot of the storage contents. -func (m *Memory) Map() map[string]ocispec.Descriptor { - res := make(map[string]ocispec.Descriptor) - m.index.Range(func(key, value interface{}) bool { - res[key.(string)] = value.(ocispec.Descriptor) - return true - }) - return res -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/status/tracker.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/status/tracker.go deleted file mode 100644 index 1a48bb5af..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/status/tracker.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package status - -import ( - "sync" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/internal/descriptor" -) - -// Tracker tracks content status described by a descriptor. -type Tracker struct { - status sync.Map // map[descriptor.Descriptor]chan struct{} -} - -// NewTracker creates a new content status tracker. -func NewTracker() *Tracker { - return &Tracker{} -} - -// TryCommit tries to commit the work for the target descriptor. -// Returns true if committed. A channel is also returned for sending -// notifications. Once the work is done, the channel should be closed. -// Returns false if the work is done or still in progress. -func (t *Tracker) TryCommit(target ocispec.Descriptor) (chan struct{}, bool) { - key := descriptor.FromOCI(target) - status, exists := t.status.LoadOrStore(key, make(chan struct{})) - return status.(chan struct{}), !exists -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/limit.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/limit.go deleted file mode 100644 index 2a05d4ea2..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/limit.go +++ /dev/null @@ -1,84 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package syncutil - -import ( - "context" - - "golang.org/x/sync/errgroup" - "golang.org/x/sync/semaphore" -) - -// LimitedRegion provides a way to bound concurrent access to a code block. -type LimitedRegion struct { - ctx context.Context - limiter *semaphore.Weighted - ended bool -} - -// LimitRegion creates a new LimitedRegion. -func LimitRegion(ctx context.Context, limiter *semaphore.Weighted) *LimitedRegion { - if limiter == nil { - return nil - } - return &LimitedRegion{ - ctx: ctx, - limiter: limiter, - ended: true, - } -} - -// Start starts the region with concurrency limit. -func (lr *LimitedRegion) Start() error { - if lr == nil || !lr.ended { - return nil - } - if err := lr.limiter.Acquire(lr.ctx, 1); err != nil { - return err - } - lr.ended = false - return nil -} - -// End ends the region with concurrency limit. -func (lr *LimitedRegion) End() { - if lr == nil || lr.ended { - return - } - lr.limiter.Release(1) - lr.ended = true -} - -// GoFunc represents a function that can be invoked by Go. -type GoFunc[T any] func(ctx context.Context, region *LimitedRegion, t T) error - -// Go concurrently invokes fn on items. -func Go[T any](ctx context.Context, limiter *semaphore.Weighted, fn GoFunc[T], items ...T) error { - eg, egCtx := errgroup.WithContext(ctx) - for _, item := range items { - region := LimitRegion(ctx, limiter) - if err := region.Start(); err != nil { - return err - } - eg.Go(func(t T) func() error { - return func() error { - defer region.End() - return fn(egCtx, region, t) - } - }(item)) - } - return eg.Wait() -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/limitgroup.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/limitgroup.go deleted file mode 100644 index 1071bedc9..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/limitgroup.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package syncutil - -import ( - "context" - - "golang.org/x/sync/errgroup" -) - -// A LimitedGroup is a collection of goroutines working on subtasks that are part of -// the same overall task. -type LimitedGroup struct { - grp *errgroup.Group - ctx context.Context -} - -// LimitGroup returns a new LimitedGroup and an associated Context derived from ctx. -// -// The number of active goroutines in this group is limited to the given limit. -// A negative value indicates no limit. -// -// The derived Context is canceled the first time a function passed to Go -// returns a non-nil error or the first time Wait returns, whichever occurs -// first. -func LimitGroup(ctx context.Context, limit int) (*LimitedGroup, context.Context) { - grp, ctx := errgroup.WithContext(ctx) - grp.SetLimit(limit) - return &LimitedGroup{grp: grp, ctx: ctx}, ctx -} - -// Go calls the given function in a new goroutine. -// It blocks until the new goroutine can be added without the number of -// active goroutines in the group exceeding the configured limit. -// -// The first call to return a non-nil error cancels the group's context. -// After which, any subsequent calls to Go will not execute their given function. -// The error will be returned by Wait. -func (g *LimitedGroup) Go(f func() error) { - g.grp.Go(func() error { - select { - case <-g.ctx.Done(): - return g.ctx.Err() - default: - return f() - } - }) -} - -// Wait blocks until all function calls from the Go method have returned, then -// returns the first non-nil error (if any) from them. -func (g *LimitedGroup) Wait() error { - return g.grp.Wait() -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/merge.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/merge.go deleted file mode 100644 index 44788990c..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/merge.go +++ /dev/null @@ -1,140 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package syncutil - -import "sync" - -// mergeStatus represents the merge status of an item. -type mergeStatus struct { - // main indicates if items are being merged by the current go-routine. - main bool - // err represents the error of the merge operation. - err error -} - -// Merge represents merge operations on items. -// The state transfer is shown as below: -// -// +----------+ -// | Start +--------+-------------+ -// +----+-----+ | | -// | | | -// v v v -// +----+-----+ +----+----+ +----+----+ -// +-------+ Prepare +<--+ Pending +-->+ Waiting | -// | +----+-----+ +---------+ +----+----+ -// | | | -// | v | -// | + ---+---- + | -// On Error | Resolve | | -// | + ---+---- + | -// | | | -// | v | -// | +----+-----+ | -// +------>+ Complete +<---------------------+ -// +----+-----+ -// | -// v -// +----+-----+ -// | End | -// +----------+ -type Merge[T any] struct { - lock sync.Mutex - committed bool - items []T - status chan mergeStatus - pending []T - pendingStatus chan mergeStatus -} - -// Do merges concurrent operations of items into a single call of prepare and -// resolve. -// If Do is called multiple times concurrently, only one of the calls will be -// selected to invoke prepare and resolve. -func (m *Merge[T]) Do(item T, prepare func() error, resolve func(items []T) error) error { - status := <-m.assign(item) - if status.main { - err := prepare() - items := m.commit() - if err == nil { - err = resolve(items) - } - m.complete(err) - return err - } - return status.err -} - -// assign adds a new item into the item list. -func (m *Merge[T]) assign(item T) <-chan mergeStatus { - m.lock.Lock() - defer m.lock.Unlock() - - if m.committed { - if m.pendingStatus == nil { - m.pendingStatus = make(chan mergeStatus, 1) - } - m.pending = append(m.pending, item) - return m.pendingStatus - } - - if m.status == nil { - m.status = make(chan mergeStatus, 1) - m.status <- mergeStatus{main: true} - } - m.items = append(m.items, item) - return m.status -} - -// commit closes the assignment window, and the assigned items will be ready -// for resolve. -func (m *Merge[T]) commit() []T { - m.lock.Lock() - defer m.lock.Unlock() - - m.committed = true - return m.items -} - -// complete completes the previous merge, and moves the pending items to the -// stage for the next merge. -func (m *Merge[T]) complete(err error) { - // notify results - if err == nil { - close(m.status) - } else { - remaining := len(m.items) - 1 - status := m.status - for remaining > 0 { - status <- mergeStatus{err: err} - remaining-- - } - } - - // move pending items to the stage - m.lock.Lock() - defer m.lock.Unlock() - - m.committed = false - m.items = m.pending - m.status = m.pendingStatus - m.pending = nil - m.pendingStatus = nil - - if m.status != nil { - m.status <- mergeStatus{main: true} - } -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/once.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/once.go deleted file mode 100644 index 1d5571980..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/once.go +++ /dev/null @@ -1,70 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package syncutil - -import "context" - -// Once is an object that will perform exactly one action. -// Unlike sync.Once, this Once allowes the action to have return values. -type Once struct { - result interface{} - err error - status chan bool -} - -// NewOnce creates a new Once instance. -func NewOnce() *Once { - status := make(chan bool, 1) - status <- true - return &Once{ - status: status, - } -} - -// Do calls the function f if and only if Do is being called first time or all -// previous function calls are cancelled, deadline exceeded, or panicking. -// When `once.Do(ctx, f)` is called multiple times, the return value of the -// first call of the function f is stored, and is directly returned for other -// calls. -// Besides the return value of the function f, including the error, Do returns -// true if the function f passed is called first and is not cancelled, deadline -// exceeded, or panicking. Otherwise, returns false. -func (o *Once) Do(ctx context.Context, f func() (interface{}, error)) (bool, interface{}, error) { - defer func() { - if r := recover(); r != nil { - o.status <- true - panic(r) - } - }() - for { - select { - case inProgress := <-o.status: - if !inProgress { - return false, o.result, o.err - } - result, err := f() - if err == context.Canceled || err == context.DeadlineExceeded { - o.status <- true - return false, nil, err - } - o.result, o.err = result, err - close(o.status) - return true, result, err - case <-ctx.Done(): - return false, nil, ctx.Err() - } - } -} diff --git a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/pool.go b/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/pool.go deleted file mode 100644 index 6fb4a69c5..000000000 --- a/src/cmd/linuxkit/vendor/oras.land/oras-go/v2/internal/syncutil/pool.go +++ /dev/null @@ -1,64 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package syncutil - -import "sync" - -// poolItem represents an item in Pool. -type poolItem[T any] struct { - value T - refCount int -} - -// Pool is a scalable pool with items identified by keys. -type Pool[T any] struct { - // New optionally specifies a function to generate a value when Get would - // otherwise return nil. - // It may not be changed concurrently with calls to Get. - New func() T - - lock sync.Mutex - items map[any]*poolItem[T] -} - -// Get gets the value identified by key. -// The caller should invoke the returned function after using the returned item. -func (p *Pool[T]) Get(key any) (*T, func()) { - p.lock.Lock() - defer p.lock.Unlock() - - item, ok := p.items[key] - if !ok { - if p.items == nil { - p.items = make(map[any]*poolItem[T]) - } - item = &poolItem[T]{} - if p.New != nil { - item.value = p.New() - } - p.items[key] = item - } - item.refCount++ - - return &item.value, func() { - p.lock.Lock() - defer p.lock.Unlock() - item.refCount-- - if item.refCount <= 0 { - delete(p.items, key) - } - } -}