diff --git a/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch b/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch index 1e84c9a..89ef7c7 100644 --- a/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch +++ b/0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch @@ -1,7 +1,7 @@ -From ec53ee338835c4c1dc583695ac166f36bf3bac5c Mon Sep 17 00:00:00 2001 +From e61934d55312f3c59e2f7900386a76601abaab9e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 12:41:54 +1100 -Subject: [PATCH 1/7] SECRETS: daemon: allow directory creation in /run/secrets +Subject: [PATCH 1/5] SECRETS: daemon: allow directory creation in /run/secrets Since FileMode can have the directory bit set, allow a SecretStore implementation to return secrets that are actually directories. This is @@ -14,7 +14,7 @@ Signed-off-by: Aleksa Sarai 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go -index 4dedc1b21c87..b7c310493e79 100644 +index f572e0d8a865..88573559d537 100644 --- a/daemon/container_operations_unix.go +++ b/daemon/container_operations_unix.go @@ -3,6 +3,7 @@ @@ -25,15 +25,15 @@ index 4dedc1b21c87..b7c310493e79 100644 "context" "fmt" "os" -@@ -16,6 +17,7 @@ import ( - "github.com/docker/docker/daemon/links" +@@ -17,6 +18,7 @@ import ( + "github.com/docker/docker/daemon/network" "github.com/docker/docker/errdefs" "github.com/docker/docker/libnetwork" + "github.com/docker/docker/pkg/archive" "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/process" "github.com/docker/docker/pkg/stringid" -@@ -240,9 +242,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { +@@ -240,9 +242,6 @@ func (daemon *Daemon) setupSecretDir(ctr *container.Container) (setupErr error) if err != nil { return errors.Wrap(err, "unable to get secret from secret store") } @@ -43,7 +43,7 @@ index 4dedc1b21c87..b7c310493e79 100644 uid, err := strconv.Atoi(s.File.UID) if err != nil { -@@ -253,6 +252,24 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { +@@ -253,6 +252,24 @@ func (daemon *Daemon) setupSecretDir(ctr *container.Container) (setupErr error) return err } @@ -69,5 +69,5 @@ index 4dedc1b21c87..b7c310493e79 100644 return errors.Wrap(err, "error setting ownership for secret") } -- -2.45.2 +2.47.1 diff --git a/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch b/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch index 20d77b2..d8af0bf 100644 --- a/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch +++ b/0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch @@ -1,7 +1,7 @@ -From 7ab9590b94925a03e0f16285492a73dbc231800c Mon Sep 17 00:00:00 2001 +From 817e18ec54327e35fb619b7f1735a7345bb43982 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 8 Mar 2017 11:43:29 +1100 -Subject: [PATCH 2/7] SECRETS: SUSE: implement SUSE container secrets +Subject: [PATCH 2/5] SECRETS: SUSE: implement SUSE container secrets This allows for us to pass in host credentials to a container, allowing for SUSEConnect to work with containers. @@ -23,10 +23,10 @@ Signed-off-by: Aleksa Sarai create mode 100644 daemon/suse_secrets.go diff --git a/daemon/start.go b/daemon/start.go -index b967947af2ce..e1a1218eb016 100644 +index 027f08a6dc07..d8545f8cb46a 100644 --- a/daemon/start.go +++ b/daemon/start.go -@@ -118,6 +118,11 @@ func (daemon *Daemon) containerStart(ctx context.Context, daemonCfg *configStore +@@ -128,6 +128,11 @@ func (daemon *Daemon) containerStart(ctx context.Context, daemonCfg *configStore return err } diff --git a/0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch b/0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch index e42a6ca..90148a2 100644 --- a/0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch +++ b/0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch @@ -1,7 +1,7 @@ -From 983a57fd37dc8e42e9c4e4dfc72eb346a4385948 Mon Sep 17 00:00:00 2001 +From cc60ef01f9bf1bb5b2a93b1fa26a8159df6501e3 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 22 May 2023 15:44:54 +1000 -Subject: [PATCH 3/7] BUILD: SLE12: revert "graphdriver/btrfs: use kernel UAPI +Subject: [PATCH 3/5] BUILD: SLE12: revert "graphdriver/btrfs: use kernel UAPI headers" This reverts commit 3208dcabdc8997340b255f5b880fef4e3f54580d. @@ -16,7 +16,7 @@ Signed-off-by: Aleksa Sarai 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go -index 6aaa33cf7622..7264d4036427 100644 +index 61f22ed2dd49..330571e3c047 100644 --- a/daemon/graphdriver/btrfs/btrfs.go +++ b/daemon/graphdriver/btrfs/btrfs.go @@ -4,17 +4,12 @@ package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs" @@ -42,5 +42,5 @@ index 6aaa33cf7622..7264d4036427 100644 static void set_name_btrfs_ioctl_vol_args_v2(struct btrfs_ioctl_vol_args_v2* btrfs_struct, const char* value) { snprintf(btrfs_struct->name, BTRFS_SUBVOL_NAME_MAX, "%s", value); -- -2.45.2 +2.47.1 diff --git a/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch b/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch index 8be8fd2..ec030a4 100644 --- a/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch +++ b/0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch @@ -1,7 +1,7 @@ -From 8829bb8ec53399fd41dd6f46e2bad64e773e8eaa Mon Sep 17 00:00:00 2001 +From 57c5ded48d5f3d8ac3653061f47aca8a23814e11 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Fri, 29 Jun 2018 17:59:30 +1000 -Subject: [PATCH 4/7] bsc1073877: apparmor: clobber docker-default profile on +Subject: [PATCH 4/5] bsc1073877: apparmor: clobber docker-default profile on start In the process of making docker-default reloading far less expensive, @@ -69,10 +69,10 @@ index be4938f5b61a..2b326fea5829 100644 return nil } diff --git a/daemon/daemon.go b/daemon/daemon.go -index e7ca77d8cbfc..13b39538fb00 100644 +index f152685e6026..dee4c33471d5 100644 --- a/daemon/daemon.go +++ b/daemon/daemon.go -@@ -916,8 +916,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S +@@ -941,8 +941,9 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S log.G(ctx).Warnf("Failed to configure golang's threads limit: %v", err) } @@ -81,9 +81,9 @@ index e7ca77d8cbfc..13b39538fb00 100644 + // Make sure we clobber any pre-existing docker-default profile to ensure + // that upgrades to the profile actually work smoothly. + if err := clobberDefaultAppArmorProfile(); err != nil { - log.G(ctx).Errorf(err.Error()) + log.G(ctx).WithError(err).Error("Failed to ensure default apparmor profile is loaded") } -- -2.45.2 +2.47.1 diff --git a/0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch b/0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch index 0256155..9824777 100644 --- a/0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch +++ b/0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch @@ -1,7 +1,7 @@ -From 24173cd6a2643e5e680e84920864f42ed43b6f28 Mon Sep 17 00:00:00 2001 +From 168707113fddad00f06381f56dcdcc2c0d0448d6 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Wed, 11 Oct 2023 21:19:12 +1100 -Subject: [PATCH 5/7] SLE12: revert "apparmor: remove version-conditionals from +Subject: [PATCH 5/5] SLE12: revert "apparmor: remove version-conditionals from template" This reverts the following commits: @@ -322,5 +322,5 @@ index 8dbc1b610288..2062aab1ac99 100644 } ` -- -2.45.2 +2.47.1 diff --git a/0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch b/0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch deleted file mode 100644 index 0c86198..0000000 --- a/0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch +++ /dev/null @@ -1,890 +0,0 @@ -From dd16d113b9215bf5b0b56c409e7272ce07525836 Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai -Date: Tue, 7 May 2024 01:51:25 +1000 -Subject: [PATCH 6/7] bsc1221916: update to patched buildkit version to fix - symlink resolution - -SUSE-Bugs: https://bugzilla.suse.com/show_bug.cgi?id=1221916 -Signed-off-by: Aleksa Sarai ---- - vendor.mod | 2 + - vendor.sum | 4 +- - .../buildkit/cache/contenthash/checksum.go | 393 ++++++++++-------- - .../moby/buildkit/cache/contenthash/path.go | 161 +++---- - vendor/modules.txt | 3 +- - 5 files changed, 314 insertions(+), 249 deletions(-) - -diff --git a/vendor.mod b/vendor.mod -index d69d2aa9f87f..5c42a653b91b 100644 ---- a/vendor.mod -+++ b/vendor.mod -@@ -114,6 +114,8 @@ require ( - tags.cncf.io/container-device-interface v0.7.2 - ) - -+replace github.com/moby/buildkit => github.com/cyphar/buildkit v0.0.0-20240624075140-0db2d2345b94 -+ - require ( - cloud.google.com/go v0.110.8 // indirect - cloud.google.com/go/compute v1.23.1 // indirect -diff --git a/vendor.sum b/vendor.sum -index 7a5bd6b4077b..f2aba7f8d3eb 100644 ---- a/vendor.sum -+++ b/vendor.sum -@@ -199,6 +199,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 - github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= - github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= - github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -+github.com/cyphar/buildkit v0.0.0-20240624075140-0db2d2345b94 h1:xBwPT+ap0LDYsQJh1VKm9NNEKF5A7e/P3TRjnbTqZUE= -+github.com/cyphar/buildkit v0.0.0-20240624075140-0db2d2345b94/go.mod h1:2cyVOv9NoHM7arphK9ZfHIWKn9YVZRFd1wXB8kKmEzY= - github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= - github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= - github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -@@ -480,8 +482,6 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh - github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= - github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= - github.com/mndrix/tap-go v0.0.0-20171203230836-629fa407e90b/go.mod h1:pzzDgJWZ34fGzaAZGFW22KVZDfyrYW+QABMrWnJBnSs= --github.com/moby/buildkit v0.13.2 h1:nXNszM4qD9E7QtG7bFWPnDI1teUQFQglBzon/IU3SzI= --github.com/moby/buildkit v0.13.2/go.mod h1:2cyVOv9NoHM7arphK9ZfHIWKn9YVZRFd1wXB8kKmEzY= - github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= - github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= - github.com/moby/ipvs v1.1.0 h1:ONN4pGaZQgAx+1Scz5RvWV4Q7Gb+mvfRh3NsPS+1XQQ= -diff --git a/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go b/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go -index e0f58d57b3db..ec649f69b5e0 100644 ---- a/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go -+++ b/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go -@@ -10,6 +10,7 @@ import ( - "path/filepath" - "strings" - "sync" -+ "sync/atomic" - - iradix "github.com/hashicorp/go-immutable-radix" - "github.com/hashicorp/golang-lru/simplelru" -@@ -290,7 +291,7 @@ func keyPath(p string) string { - // HandleChange notifies the source about a modification operation - func (cc *cacheContext) HandleChange(kind fsutil.ChangeKind, p string, fi os.FileInfo, err error) (retErr error) { - p = keyPath(p) -- k := convertPathToKey([]byte(p)) -+ k := convertPathToKey(p) - - deleteDir := func(cr *CacheRecord) { - if cr.Type == CacheRecordTypeDir { -@@ -369,7 +370,7 @@ func (cc *cacheContext) HandleChange(kind fsutil.ChangeKind, p string, fi os.Fil - // note that the source may be called later because data writing is async - if fi.Mode()&os.ModeSymlink == 0 && stat.Linkname != "" { - ln := path.Join("/", filepath.ToSlash(stat.Linkname)) -- v, ok := cc.txn.Get(convertPathToKey([]byte(ln))) -+ v, ok := cc.txn.Get(convertPathToKey(ln)) - if ok { - cp := *v.(*CacheRecord) - cr = &cp -@@ -407,7 +408,7 @@ func (cc *cacheContext) Checksum(ctx context.Context, mountable cache.Mountable, - defer m.clean() - - if !opts.Wildcard && len(opts.IncludePatterns) == 0 && len(opts.ExcludePatterns) == 0 { -- return cc.checksumFollow(ctx, m, p, opts.FollowLinks) -+ return cc.lazyChecksum(ctx, m, p, opts.FollowLinks) - } - - includedPaths, err := cc.includedPaths(ctx, m, p, opts) -@@ -418,7 +419,7 @@ func (cc *cacheContext) Checksum(ctx context.Context, mountable cache.Mountable, - if opts.FollowLinks { - for i, w := range includedPaths { - if w.record.Type == CacheRecordTypeSymlink { -- dgst, err := cc.checksumFollow(ctx, m, w.path, opts.FollowLinks) -+ dgst, err := cc.lazyChecksum(ctx, m, w.path, opts.FollowLinks) - if err != nil { - return "", err - } -@@ -445,30 +446,6 @@ func (cc *cacheContext) Checksum(ctx context.Context, mountable cache.Mountable, - return digester.Digest(), nil - } - --func (cc *cacheContext) checksumFollow(ctx context.Context, m *mount, p string, follow bool) (digest.Digest, error) { -- const maxSymlinkLimit = 255 -- i := 0 -- for { -- if i > maxSymlinkLimit { -- return "", errors.Errorf("too many symlinks: %s", p) -- } -- cr, err := cc.checksumNoFollow(ctx, m, p) -- if err != nil { -- return "", err -- } -- if cr.Type == CacheRecordTypeSymlink && follow { -- link := cr.Linkname -- if !path.IsAbs(cr.Linkname) { -- link = path.Join(path.Dir(p), link) -- } -- i++ -- p = link -- } else { -- return cr.Digest, nil -- } -- } --} -- - func (cc *cacheContext) includedPaths(ctx context.Context, m *mount, p string, opts ChecksumOpts) ([]*includedPath, error) { - cc.mu.Lock() - defer cc.mu.Unlock() -@@ -478,12 +455,12 @@ func (cc *cacheContext) includedPaths(ctx context.Context, m *mount, p string, o - } - - root := cc.tree.Root() -- scan, err := cc.needsScan(root, "") -+ scan, err := cc.needsScan(root, "", false) - if err != nil { - return nil, err - } - if scan { -- if err := cc.scanPath(ctx, m, ""); err != nil { -+ if err := cc.scanPath(ctx, m, "", false); err != nil { - return nil, err - } - } -@@ -536,13 +513,13 @@ func (cc *cacheContext) includedPaths(ctx context.Context, m *mount, p string, o - } - } else { - origPrefix = p -- k = convertPathToKey([]byte(origPrefix)) -+ k = convertPathToKey(origPrefix) - - // We need to resolve symlinks here, in case the base path - // involves a symlink. That will match fsutil behavior of - // calling functions such as stat and walk. - var cr *CacheRecord -- k, cr, err = getFollowLinks(root, k, true) -+ k, cr, err = getFollowLinks(root, k, false) - if err != nil { - return nil, err - } -@@ -554,7 +531,7 @@ func (cc *cacheContext) includedPaths(ctx context.Context, m *mount, p string, o - iter.SeekLowerBound(append(append([]byte{}, k...), 0)) - } - -- resolvedPrefix = string(convertKeyToPath(k)) -+ resolvedPrefix = convertKeyToPath(k) - } else { - k, _, keyOk = iter.Next() - } -@@ -565,7 +542,7 @@ func (cc *cacheContext) includedPaths(ctx context.Context, m *mount, p string, o - ) - - for keyOk { -- fn := string(convertKeyToPath(k)) -+ fn := convertKeyToPath(k) - - // Convert the path prefix from what we found in the prefix - // tree to what the argument specified. -@@ -751,36 +728,12 @@ func wildcardPrefix(root *iradix.Node, p string) (string, []byte, bool, error) { - return "", nil, false, nil - } - -- linksWalked := 0 -- k, cr, err := getFollowLinksWalk(root, convertPathToKey([]byte(d1)), true, &linksWalked) -+ // Only resolve the final symlink component if there are components in the -+ // wildcard segment. -+ k, cr, err := getFollowLinks(root, convertPathToKey(d1), d2 != "") - if err != nil { - return "", k, false, err - } -- -- if d2 != "" && cr != nil && cr.Type == CacheRecordTypeSymlink { -- // getFollowLinks only handles symlinks in path -- // components before the last component, so -- // handle last component in d1 specially. -- resolved := string(convertKeyToPath(k)) -- for { -- v, ok := root.Get(k) -- -- if !ok { -- return d1, k, false, nil -- } -- if v.(*CacheRecord).Type != CacheRecordTypeSymlink { -- break -- } -- -- linksWalked++ -- if linksWalked > 255 { -- return "", k, false, errors.Errorf("too many links") -- } -- -- resolved := cleanLink(resolved, v.(*CacheRecord).Linkname) -- k = convertPathToKey([]byte(resolved)) -- } -- } - return d1, k, cr != nil, nil - } - -@@ -816,19 +769,22 @@ func containsWildcards(name string) bool { - return false - } - --func (cc *cacheContext) checksumNoFollow(ctx context.Context, m *mount, p string) (*CacheRecord, error) { -+func (cc *cacheContext) lazyChecksum(ctx context.Context, m *mount, p string, followTrailing bool) (digest.Digest, error) { - p = keyPath(p) -+ k := convertPathToKey(p) - -+ // Try to look up the path directly without doing a scan. - cc.mu.RLock() - if cc.txn == nil { - root := cc.tree.Root() - cc.mu.RUnlock() -- v, ok := root.Get(convertPathToKey([]byte(p))) -- if ok { -- cr := v.(*CacheRecord) -- if cr.Digest != "" { -- return cr, nil -- } -+ -+ _, cr, err := getFollowLinks(root, k, followTrailing) -+ if err != nil { -+ return "", err -+ } -+ if cr != nil && cr.Digest != "" { -+ return cr.Digest, nil - } - } else { - cc.mu.RUnlock() -@@ -848,7 +804,11 @@ func (cc *cacheContext) checksumNoFollow(ctx context.Context, m *mount, p string - } - }() - -- return cc.lazyChecksum(ctx, m, p) -+ cr, err := cc.scanChecksum(ctx, m, p, followTrailing) -+ if err != nil { -+ return "", err -+ } -+ return cr.Digest, nil - } - - func (cc *cacheContext) commitActiveTransaction() { -@@ -856,7 +816,7 @@ func (cc *cacheContext) commitActiveTransaction() { - addParentToMap(d, cc.dirtyMap) - } - for d := range cc.dirtyMap { -- k := convertPathToKey([]byte(d)) -+ k := convertPathToKey(d) - if _, ok := cc.txn.Get(k); ok { - cc.txn.Insert(k, &CacheRecord{Type: CacheRecordTypeDir}) - } -@@ -867,21 +827,21 @@ func (cc *cacheContext) commitActiveTransaction() { - cc.txn = nil - } - --func (cc *cacheContext) lazyChecksum(ctx context.Context, m *mount, p string) (*CacheRecord, error) { -+func (cc *cacheContext) scanChecksum(ctx context.Context, m *mount, p string, followTrailing bool) (*CacheRecord, error) { - root := cc.tree.Root() -- scan, err := cc.needsScan(root, p) -+ scan, err := cc.needsScan(root, p, followTrailing) - if err != nil { - return nil, err - } - if scan { -- if err := cc.scanPath(ctx, m, p); err != nil { -+ if err := cc.scanPath(ctx, m, p, followTrailing); err != nil { - return nil, err - } - } -- k := convertPathToKey([]byte(p)) -+ k := convertPathToKey(p) - txn := cc.tree.Txn() - root = txn.Root() -- cr, updated, err := cc.checksum(ctx, root, txn, m, k, true) -+ cr, updated, err := cc.checksum(ctx, root, txn, m, k, followTrailing) - if err != nil { - return nil, err - } -@@ -890,9 +850,9 @@ func (cc *cacheContext) lazyChecksum(ctx context.Context, m *mount, p string) (* - return cr, err - } - --func (cc *cacheContext) checksum(ctx context.Context, root *iradix.Node, txn *iradix.Txn, m *mount, k []byte, follow bool) (*CacheRecord, bool, error) { -+func (cc *cacheContext) checksum(ctx context.Context, root *iradix.Node, txn *iradix.Txn, m *mount, k []byte, followTrailing bool) (*CacheRecord, bool, error) { - origk := k -- k, cr, err := getFollowLinks(root, k, follow) -+ k, cr, err := getFollowLinks(root, k, followTrailing) - if err != nil { - return nil, false, err - } -@@ -918,7 +878,9 @@ func (cc *cacheContext) checksum(ctx context.Context, root *iradix.Node, txn *ir - } - h.Write(bytes.TrimPrefix(subk, k)) - -- subcr, _, err := cc.checksum(ctx, root, txn, m, subk, true) -+ // We do not follow trailing links when checksumming a directory's -+ // contents. -+ subcr, _, err := cc.checksum(ctx, root, txn, m, subk, false) - if err != nil { - return nil, false, err - } -@@ -935,7 +897,7 @@ func (cc *cacheContext) checksum(ctx context.Context, root *iradix.Node, txn *ir - dgst = digest.NewDigest(digest.SHA256, h) - - default: -- p := string(convertKeyToPath(bytes.TrimSuffix(k, []byte{0}))) -+ p := convertKeyToPath(bytes.TrimSuffix(k, []byte{0})) - - target, err := m.mount(ctx) - if err != nil { -@@ -967,42 +929,82 @@ func (cc *cacheContext) checksum(ctx context.Context, root *iradix.Node, txn *ir - return cr2, true, nil - } - --// needsScan returns false if path is in the tree or a parent path is in tree --// and subpath is missing --func (cc *cacheContext) needsScan(root *iradix.Node, p string) (bool, error) { -- var linksWalked int -- return cc.needsScanFollow(root, p, &linksWalked) -+// pathSet is a set of path prefixes that can be used to see if a given path is -+// lexically a child of any path in the set. All paths provided to this set -+// MUST be absolute and use / as the separator. -+type pathSet struct { -+ // prefixes contains paths of the form "/a/b/", so that we correctly detect -+ // /a/b as being a parent of /a/b/c but not /a/bc. -+ prefixes []string - } - --func (cc *cacheContext) needsScanFollow(root *iradix.Node, p string, linksWalked *int) (bool, error) { -- if p == "/" { -- p = "" -- } -- v, ok := root.Get(convertPathToKey([]byte(p))) -- if !ok { -- if p == "" { -- return true, nil -+// add a path to the set. This is a no-op if includes(path) == true. -+func (s *pathSet) add(p string) { -+ // Ensure the path is absolute and clean. -+ p = path.Join("/", p) -+ if !s.includes(p) { -+ if p != "/" { -+ p += "/" - } -- return cc.needsScanFollow(root, path.Clean(path.Dir(p)), linksWalked) -+ s.prefixes = append(s.prefixes, p) -+ } -+} -+ -+// includes returns true iff there is a path in the pathSet which is a lexical -+// parent of the given path. The provided path MUST be an absolute path and -+// MUST NOT contain any ".." components, as they will be path.Clean'd. -+func (s pathSet) includes(p string) bool { -+ // Ensure the path is absolute and clean. -+ p = path.Join("/", p) -+ if p != "/" { -+ p += "/" - } -- cr := v.(*CacheRecord) -- if cr.Type == CacheRecordTypeSymlink { -- if *linksWalked > 255 { -- return false, errTooManyLinks -+ for _, prefix := range s.prefixes { -+ if strings.HasPrefix(p, prefix) { -+ return true - } -- *linksWalked++ -- link := path.Clean(cr.Linkname) -- if !path.IsAbs(cr.Linkname) { -- link = path.Join("/", path.Dir(p), link) -+ } -+ return false -+} -+ -+// needsScan returns false if path is in the tree or a parent path is in tree -+// and subpath is missing. -+func (cc *cacheContext) needsScan(root *iradix.Node, path string, followTrailing bool) (bool, error) { -+ var ( -+ goodPaths pathSet -+ hasParentInTree bool -+ ) -+ k := convertPathToKey(path) -+ _, cr, err := getFollowLinksCallback(root, k, followTrailing, func(subpath string, cr *CacheRecord) error { -+ // If we found a path that exists in the cache, add it to the set of -+ // known-scanned paths. Otherwise, verify whether the not-found subpath -+ // is inside a known-scanned path (we might have hit a "..", taking us -+ // out of the scanned paths, or we might hit a non-existent path inside -+ // a scanned path). getFollowLinksCallback iterates left-to-right, so -+ // we will always hit ancestors first. -+ if cr != nil { -+ hasParentInTree = cr.Type != CacheRecordTypeSymlink -+ goodPaths.add(subpath) -+ } else { -+ hasParentInTree = goodPaths.includes(subpath) - } -- return cc.needsScanFollow(root, link, linksWalked) -+ return nil -+ }) -+ if err != nil { -+ return false, err - } -- return false, nil -+ return cr == nil && !hasParentInTree, nil - } - --func (cc *cacheContext) scanPath(ctx context.Context, m *mount, p string) (retErr error) { -+// Only used by TestNeedScanChecksumRegression to make sure scanPath is not -+// called for paths we have already scanned. -+var ( -+ scanCounterEnable bool -+ scanCounter atomic.Uint64 -+) -+ -+func (cc *cacheContext) scanPath(ctx context.Context, m *mount, p string, followTrailing bool) (retErr error) { - p = path.Join("/", p) -- d, _ := path.Split(p) - - mp, err := m.mount(ctx) - if err != nil { -@@ -1012,33 +1014,42 @@ func (cc *cacheContext) scanPath(ctx context.Context, m *mount, p string) (retEr - n := cc.tree.Root() - txn := cc.tree.Txn() - -- parentPath, err := rootPath(mp, filepath.FromSlash(d), func(p, link string) error { -+ resolvedPath, err := rootPath(mp, filepath.FromSlash(p), followTrailing, func(p, link string) error { - cr := &CacheRecord{ - Type: CacheRecordTypeSymlink, - Linkname: filepath.ToSlash(link), - } -- k := []byte(path.Join("/", filepath.ToSlash(p))) -- k = convertPathToKey(k) -- txn.Insert(k, cr) -+ p = path.Join("/", filepath.ToSlash(p)) -+ txn.Insert(convertPathToKey(p), cr) - return nil - }) - if err != nil { - return err - } - -- err = filepath.Walk(parentPath, func(itemPath string, fi os.FileInfo, err error) error { -+ // Scan the parent directory of the path we resolved, unless we're at the -+ // root (in which case we scan the root). -+ scanPath := filepath.Dir(resolvedPath) -+ if !strings.HasPrefix(filepath.ToSlash(scanPath)+"/", filepath.ToSlash(mp)+"/") { -+ scanPath = resolvedPath -+ } -+ -+ err = filepath.Walk(scanPath, func(itemPath string, fi os.FileInfo, err error) error { -+ if scanCounterEnable { -+ scanCounter.Add(1) -+ } - if err != nil { -+ // If the root doesn't exist, ignore the error. -+ if itemPath == scanPath && errors.Is(err, os.ErrNotExist) { -+ return nil -+ } - return errors.Wrapf(err, "failed to walk %s", itemPath) - } - rel, err := filepath.Rel(mp, itemPath) - if err != nil { - return err - } -- k := []byte(path.Join("/", filepath.ToSlash(rel))) -- if string(k) == "/" { -- k = []byte{} -- } -- k = convertPathToKey(k) -+ k := convertPathToKey(keyPath(rel)) - if _, ok := n.Get(k); !ok { - cr := &CacheRecord{ - Type: CacheRecordTypeFile, -@@ -1071,55 +1082,118 @@ func (cc *cacheContext) scanPath(ctx context.Context, m *mount, p string) (retEr - return nil - } - --func getFollowLinks(root *iradix.Node, k []byte, follow bool) ([]byte, *CacheRecord, error) { -- var linksWalked int -- return getFollowLinksWalk(root, k, follow, &linksWalked) -+// followLinksCallback is called after we try to resolve each element. If the -+// path was not found, cr is nil. -+type followLinksCallback func(path string, cr *CacheRecord) error -+ -+// getFollowLinks is shorthand for getFollowLinksCallback(..., nil). -+func getFollowLinks(root *iradix.Node, k []byte, followTrailing bool) ([]byte, *CacheRecord, error) { -+ return getFollowLinksCallback(root, k, followTrailing, nil) - } - --func getFollowLinksWalk(root *iradix.Node, k []byte, follow bool, linksWalked *int) ([]byte, *CacheRecord, error) { -+// getFollowLinksCallback looks up the requested key, fully resolving any -+// symlink components encountered. The implementation is heavily based on -+// . -+// -+// followTrailing indicates whether the *final component* of the path should be -+// resolved (effectively O_PATH|O_NOFOLLOW). Note that (in contrast to some -+// Linux APIs), followTrailing is obeyed even if the key has a trailing slash -+// (though paths like "foo/link/." will cause the link to be resolved). -+// -+// cb is a callback that is called for each path component encountered during -+// path resolution (after the path component is looked up in the cache). This -+// means for a path like /a/b/c, the callback will be called for at least -+// -+// {/, /a, /a/b, /a/b/c} -+// -+// Note that if any of the components are symlinks, the paths will depend on -+// the symlink contents and there will be more callbacks. If the requested key -+// has a trailing slash, the callback will also be called for the final -+// trailing-slash lookup (/a/b/c/ in the above example). Note that -+// getFollowLinksCallback will try to look up the original key directly first -+// and the callback is not called for this first lookup. -+func getFollowLinksCallback(root *iradix.Node, k []byte, followTrailing bool, cb followLinksCallback) ([]byte, *CacheRecord, error) { - v, ok := root.Get(k) -- if ok { -+ if ok && (!followTrailing || v.(*CacheRecord).Type != CacheRecordTypeSymlink) { - return k, v.(*CacheRecord), nil - } -- if !follow || len(k) == 0 { -+ if len(k) == 0 { - return k, nil, nil - } - -- dir, file := splitKey(k) -+ var ( -+ currentPath = "/" -+ remainingPath = convertKeyToPath(k) -+ linksWalked int -+ cr *CacheRecord -+ ) -+ // Trailing slashes are significant for the cache, but path.Clean strips -+ // them. We only care about the slash for the final lookup. -+ remainingPath, hadTrailingSlash := strings.CutSuffix(remainingPath, "/") -+ for remainingPath != "" { -+ // Get next component. -+ var part string -+ if i := strings.IndexRune(remainingPath, '/'); i == -1 { -+ part, remainingPath = remainingPath, "" -+ } else { -+ part, remainingPath = remainingPath[:i], remainingPath[i+1:] -+ } - -- k, parent, err := getFollowLinksWalk(root, dir, follow, linksWalked) -- if err != nil { -- return nil, nil, err -- } -- if parent != nil { -- if parent.Type == CacheRecordTypeSymlink { -- *linksWalked++ -- if *linksWalked > 255 { -- return nil, nil, errors.Errorf("too many links") -+ // Apply the component to the path. Since it is a single component, and -+ // our current path contains no symlinks, we can just apply it -+ // leixically. -+ nextPath := keyPath(path.Join("/", currentPath, part)) -+ // In contrast to rootPath, we don't skip lookups for no-op components -+ // or / because we need to call the callback for every path component -+ // we hit (including /) and we need to make sure that the CacheRecord -+ // we return is correct after every iteration. -+ -+ cr = nil -+ v, ok := root.Get(convertPathToKey(nextPath)) -+ if ok { -+ cr = v.(*CacheRecord) -+ } -+ if cb != nil { -+ if err := cb(nextPath, cr); err != nil { -+ return nil, nil, err - } -+ } -+ if !ok || cr.Type != CacheRecordTypeSymlink { -+ currentPath = nextPath -+ continue -+ } -+ if !followTrailing && remainingPath == "" { -+ currentPath = nextPath -+ break -+ } - -- link := cleanLink(string(convertKeyToPath(dir)), parent.Linkname) -- return getFollowLinksWalk(root, append(convertPathToKey([]byte(link)), file...), follow, linksWalked) -+ linksWalked++ -+ if linksWalked > maxSymlinkLimit { -+ return nil, nil, errTooManyLinks - } -- } -- k = append(k, file...) -- v, ok = root.Get(k) -- if ok { -- return k, v.(*CacheRecord), nil -- } -- return k, nil, nil --} - --func cleanLink(dir, linkname string) string { -- dirPath := path.Clean(dir) -- if dirPath == "." || dirPath == "/" { -- dirPath = "" -+ remainingPath = cr.Linkname + "/" + remainingPath -+ if path.IsAbs(cr.Linkname) { -+ currentPath = "/" -+ } - } -- link := path.Clean(linkname) -- if !path.IsAbs(link) { -- return path.Join("/", path.Join(path.Dir(dirPath), link)) -+ // We've already looked up the final component. However, if there was a -+ // trailing slash in the original path, we need to do the lookup again with -+ // the slash applied. -+ if hadTrailingSlash { -+ cr = nil -+ currentPath += "/" -+ v, ok := root.Get(convertPathToKey(currentPath)) -+ if ok { -+ cr = v.(*CacheRecord) -+ } -+ if cb != nil { -+ if err := cb(currentPath, cr); err != nil { -+ return nil, nil, err -+ } -+ } - } -- return link -+ return convertPathToKey(currentPath), cr, nil - } - - func prepareDigest(fp, p string, fi os.FileInfo) (digest.Digest, error) { -@@ -1176,25 +1250,10 @@ func poolsCopy(dst io.Writer, src io.Reader) (written int64, err error) { - return - } - --func convertPathToKey(p []byte) []byte { -+func convertPathToKey(p string) []byte { - return bytes.Replace([]byte(p), []byte("/"), []byte{0}, -1) - } - --func convertKeyToPath(p []byte) []byte { -- return bytes.Replace([]byte(p), []byte{0}, []byte("/"), -1) --} -- --func splitKey(k []byte) ([]byte, []byte) { -- foundBytes := false -- i := len(k) - 1 -- for { -- if i <= 0 || foundBytes && k[i] == 0 { -- break -- } -- if k[i] != 0 { -- foundBytes = true -- } -- i-- -- } -- return append([]byte{}, k[:i]...), k[i:] -+func convertKeyToPath(p []byte) string { -+ return string(bytes.Replace(p, []byte{0}, []byte("/"), -1)) - } -diff --git a/vendor/github.com/moby/buildkit/cache/contenthash/path.go b/vendor/github.com/moby/buildkit/cache/contenthash/path.go -index 42b7fd8349c7..ae950f713241 100644 ---- a/vendor/github.com/moby/buildkit/cache/contenthash/path.go -+++ b/vendor/github.com/moby/buildkit/cache/contenthash/path.go -@@ -1,108 +1,111 @@ -+// This code mostly comes from . -+ -+// Copyright (C) 2014-2015 Docker Inc & Go Authors. All rights reserved. -+// Copyright (C) 2017-2024 SUSE LLC. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ - package contenthash - - import ( - "os" - "path/filepath" -+ "strings" - - "github.com/pkg/errors" - ) - --var ( -- errTooManyLinks = errors.New("too many links") --) -+var errTooManyLinks = errors.New("too many links") -+ -+const maxSymlinkLimit = 255 - - type onSymlinkFunc func(string, string) error - --// rootPath joins a path with a root, evaluating and bounding any --// symlink to the root directory. --// This is containerd/continuity/fs RootPath implementation with a callback on --// resolving the symlink. --func rootPath(root, path string, cb onSymlinkFunc) (string, error) { -- if path == "" { -+// rootPath joins a path with a root, evaluating and bounding any symlink to -+// the root directory. This is a slightly modified version of SecureJoin from -+// github.com/cyphar/filepath-securejoin, with a callback which we call after -+// each symlink resolution. -+func rootPath(root, unsafePath string, followTrailing bool, cb onSymlinkFunc) (string, error) { -+ if unsafePath == "" { - return root, nil - } -- var linksWalked int // to protect against cycles -- for { -- i := linksWalked -- newpath, err := walkLinks(root, path, &linksWalked, cb) -- if err != nil { -- return "", err -- } -- path = newpath -- if i == linksWalked { -- newpath = filepath.Join("/", newpath) -- if path == newpath { -- return filepath.Join(root, newpath), nil -- } -- path = newpath -- } -- } --} - --func walkLink(root, path string, linksWalked *int, cb onSymlinkFunc) (newpath string, islink bool, err error) { -- if *linksWalked > 255 { -- return "", false, errTooManyLinks -- } -+ unsafePath = filepath.FromSlash(unsafePath) -+ var ( -+ currentPath string -+ linksWalked int -+ ) -+ for unsafePath != "" { -+ // Windows-specific: remove any drive letters from the path. -+ if v := filepath.VolumeName(unsafePath); v != "" { -+ unsafePath = unsafePath[len(v):] -+ } - -- path = filepath.Join("/", path) -- if path == "/" { -- return path, false, nil -- } -- realPath := filepath.Join(root, path) -+ // Remove any unnecessary trailing slashes. -+ unsafePath = strings.TrimSuffix(unsafePath, string(filepath.Separator)) - -- fi, err := os.Lstat(realPath) -- if err != nil { -- // If path does not yet exist, treat as non-symlink -- if errors.Is(err, os.ErrNotExist) { -- return path, false, nil -+ // Get the next path component. -+ var part string -+ if i := strings.IndexRune(unsafePath, filepath.Separator); i == -1 { -+ part, unsafePath = unsafePath, "" -+ } else { -+ part, unsafePath = unsafePath[:i], unsafePath[i+1:] - } -- return "", false, err -- } -- if fi.Mode()&os.ModeSymlink == 0 { -- return path, false, nil -- } -- newpath, err = os.Readlink(realPath) -- if err != nil { -- return "", false, err -- } -- if cb != nil { -- if err := cb(path, newpath); err != nil { -- return "", false, err -- } -- } -- *linksWalked++ -- return newpath, true, nil --} - --func walkLinks(root, path string, linksWalked *int, cb onSymlinkFunc) (string, error) { -- switch dir, file := filepath.Split(path); { -- case dir == "": -- newpath, _, err := walkLink(root, file, linksWalked, cb) -- return newpath, err -- case file == "": -- if os.IsPathSeparator(dir[len(dir)-1]) { -- if dir == "/" { -- return dir, nil -- } -- return walkLinks(root, dir[:len(dir)-1], linksWalked, cb) -+ // Apply the component lexically to the path we are building. path does -+ // not contain any symlinks, and we are lexically dealing with a single -+ // component, so it's okay to do filepath.Clean here. -+ nextPath := filepath.Join(string(filepath.Separator), currentPath, part) -+ if nextPath == string(filepath.Separator) { -+ // If we end up back at the root, we don't need to re-evaluate /. -+ currentPath = "" -+ continue - } -- newpath, _, err := walkLink(root, dir, linksWalked, cb) -- return newpath, err -- default: -- newdir, err := walkLinks(root, dir, linksWalked, cb) -- if err != nil { -+ fullPath := root + string(filepath.Separator) + nextPath -+ -+ // Figure out whether the path is a symlink. -+ fi, err := os.Lstat(fullPath) -+ if err != nil && !errors.Is(err, os.ErrNotExist) { - return "", err - } -- newpath, islink, err := walkLink(root, filepath.Join(newdir, file), linksWalked, cb) -+ // Treat non-existent path components the same as non-symlinks (we -+ // can't do any better here). -+ if errors.Is(err, os.ErrNotExist) || fi.Mode()&os.ModeSymlink == 0 { -+ currentPath = nextPath -+ continue -+ } -+ // Don't resolve the final component with !followTrailing. -+ if !followTrailing && unsafePath == "" { -+ currentPath = nextPath -+ break -+ } -+ -+ // It's a symlink, so get its contents and expand it by prepending it -+ // to the yet-unparsed path. -+ linksWalked++ -+ if linksWalked > maxSymlinkLimit { -+ return "", errTooManyLinks -+ } -+ -+ dest, err := os.Readlink(fullPath) - if err != nil { - return "", err - } -- if !islink { -- return newpath, nil -+ if cb != nil { -+ if err := cb(nextPath, dest); err != nil { -+ return "", err -+ } - } -- if filepath.IsAbs(newpath) { -- return newpath, nil -+ -+ unsafePath = dest + string(filepath.Separator) + unsafePath -+ // Absolute symlinks reset any work we've already done. -+ if filepath.IsAbs(dest) { -+ currentPath = "" - } -- return filepath.Join(newdir, newpath), nil - } -+ -+ // There should be no lexical components left in path here, but just for -+ // safety do a filepath.Clean before the join. -+ finalPath := filepath.Join(string(filepath.Separator), currentPath) -+ return filepath.Join(root, finalPath), nil - } -diff --git a/vendor/modules.txt b/vendor/modules.txt -index 7f3e6497785d..247f49f3518e 100644 ---- a/vendor/modules.txt -+++ b/vendor/modules.txt -@@ -711,7 +711,7 @@ github.com/mitchellh/hashstructure/v2 - # github.com/mitchellh/reflectwalk v1.0.2 - ## explicit - github.com/mitchellh/reflectwalk --# github.com/moby/buildkit v0.13.2 -+# github.com/moby/buildkit v0.13.2 => github.com/cyphar/buildkit v0.0.0-20240624075140-0db2d2345b94 - ## explicit; go 1.21 - github.com/moby/buildkit/api/services/control - github.com/moby/buildkit/api/types -@@ -1610,3 +1610,4 @@ tags.cncf.io/container-device-interface/pkg/parser - # tags.cncf.io/container-device-interface/specs-go v0.7.0 - ## explicit; go 1.19 - tags.cncf.io/container-device-interface/specs-go -+# github.com/moby/buildkit => github.com/cyphar/buildkit v0.0.0-20240624075140-0db2d2345b94 --- -2.45.2 - diff --git a/0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch b/0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch deleted file mode 100644 index e996b3c..0000000 --- a/0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 62035ba22a45bde6bed2da321e7ad954f5b461b4 Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai -Date: Wed, 19 Jun 2024 16:30:49 +1000 -Subject: [PATCH 7/7] bsc1214855: volume: use AtomicWriteFile to save volume - options - -If the system (or Docker) crashes while saivng the volume options, on -restart the daemon will error out when trying to read the options file -because it doesn't contain valid JSON. - -In such a crash scenario, the new volume will be treated as though it -has the default options configuration. This is not ideal, but volumes -created on very old Docker versions (pre-1.11[1], circa 2016) do not -have opts.json and so doing some kind of cleanup when loading the volume -store (even if we take care to only delete empty volumes) could delete -existing volumes carried over from very old Docker versions that users -would not expect to disappear. - -Ultimately, if a user creates a volume and the system crashes, a volume -that has the wrong config is better than Docker not being able to start. - -[1]: commit b05b2370757d ("Support mount opts for `local` volume driver") - -SUSE-Bugs: https://bugzilla.suse.com/show_bug.cgi?id=1214855 -Signed-off-by: Aleksa Sarai ---- - volume/local/local.go | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/volume/local/local.go b/volume/local/local.go -index 6e96aeea4189..4412f34a3da9 100644 ---- a/volume/local/local.go -+++ b/volume/local/local.go -@@ -17,6 +17,7 @@ import ( - "github.com/docker/docker/daemon/names" - "github.com/docker/docker/errdefs" - "github.com/docker/docker/pkg/idtools" -+ "github.com/docker/docker/pkg/ioutils" - "github.com/docker/docker/quota" - "github.com/docker/docker/volume" - "github.com/pkg/errors" -@@ -388,7 +389,7 @@ func (v *localVolume) saveOpts() error { - if err != nil { - return err - } -- err = os.WriteFile(filepath.Join(v.rootPath, "opts.json"), b, 0o600) -+ err = ioutils.AtomicWriteFile(filepath.Join(v.rootPath, "opts.json"), b, 0o600) - if err != nil { - return errdefs.System(errors.Wrap(err, "error while persisting volume options")) - } --- -2.45.2 - diff --git a/_service b/_service index efe5b54..ceac1ca 100644 --- a/_service +++ b/_service @@ -3,16 +3,16 @@ https://github.com/moby/moby.git git .git - 26.1.5_ce_%h - v26.1.5 + 27.4.0_ce_%h + v27.4.0 docker https://github.com/docker/cli.git git .git - 26.1.5_ce - v26.1.5 + 27.4.0_ce + v27.4.0 docker-cli diff --git a/cli-0001-docs-include-required-tools-in-source-tree.patch b/cli-0001-docs-include-required-tools-in-source-tree.patch index 2facc4f..e049c8b 100644 --- a/cli-0001-docs-include-required-tools-in-source-tree.patch +++ b/cli-0001-docs-include-required-tools-in-source-tree.patch @@ -1,6 +1,6 @@ -From 3701285f1cf678dda730e3f9a4860d74ca54057d Mon Sep 17 00:00:00 2001 -From: danishprakash -Date: Mon, 12 Feb 2024 18:07:06 +0530 +From 5e7c87f386a6cf973270ce94f7935a9ccd59eb93 Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai +Date: Mon, 16 Dec 2024 17:21:02 +1100 Subject: [PATCH] docs: include required tools in source tree In order to be able to build the documentation without internet access @@ -14,41 +14,40 @@ the tools (by modifying go.mod as part of the docs build script). This pattern also maked documentation builds less reproducible since the tool version used was not based on the source code version. -Fixes: commit 7dc35c03fca5 ("validate manpages target") -Fixes: commit a650f4ddd008 ("switch to cli-docs-tool for yaml docs generation") -Signed-off-by: Aleksa Sarai +Fixes: 7dc35c03fca5 ("validate manpages target") +Fixes: a650f4ddd008 ("switch to cli-docs-tool for yaml docs generation") +Signed-off-by: Aleksa Sarai --- docs/generate/go.mod | 13 - docs/generate/tools.go | 8 - - import.go | 17 + - man/tools.go | 11 - - scripts/docs/generate-man.sh | 33 +- - scripts/docs/generate-md.sh | 36 +- - scripts/docs/generate-yaml.sh | 29 +- - vendor.mod | 5 + - vendor.sum | 4 + + man/go.mod | 15 - + man/tools.go | 3 - + scripts/docs/generate-man.sh | 30 +- + scripts/docs/generate-md.sh | 26 +- + scripts/docs/generate-yaml.sh | 26 +- + vendor.mod | 3 + + vendor.sum | 2 + .../cpuguy83/go-md2man/v2/.gitignore | 2 + .../cpuguy83/go-md2man/v2/.golangci.yml | 6 + - .../cpuguy83/go-md2man/v2/Dockerfile | 20 + + .../cpuguy83/go-md2man/v2/Dockerfile | 14 + .../cpuguy83/go-md2man/v2/LICENSE.md | 21 + - .../github.com/cpuguy83/go-md2man/v2/Makefile | 35 + + .../github.com/cpuguy83/go-md2man/v2/Makefile | 49 + .../cpuguy83/go-md2man/v2/README.md | 15 + .../cpuguy83/go-md2man/v2/go-md2man.1.md | 28 + .../cpuguy83/go-md2man/v2/md2man.go | 53 + .../cpuguy83/go-md2man/v2/md2man/md2man.go | 16 + - .../cpuguy83/go-md2man/v2/md2man/roff.go | 348 ++ + .../cpuguy83/go-md2man/v2/md2man/roff.go | 382 +++ .../docker/cli-docs-tool/.dockerignore | 2 + .../docker/cli-docs-tool/.gitignore | 2 + .../docker/cli-docs-tool/.golangci.yml | 37 + .../docker/cli-docs-tool/Dockerfile | 86 + - .../github.com/docker/cli-docs-tool/LICENSE | 202 ++ .../github.com/docker/cli-docs-tool/README.md | 67 + - .../cli-docs-tool/annotation/annotation.go | 25 + - .../docker/cli-docs-tool/clidocstool.go | 123 + - .../docker/cli-docs-tool/clidocstool_md.go | 280 ++ - .../docker/cli-docs-tool/clidocstool_yaml.go | 435 +++ + .../docker/cli-docs-tool/clidocstool.go | 191 ++ + .../docker/cli-docs-tool/clidocstool_man.go | 74 + + .../docker/cli-docs-tool/clidocstool_md.go | 277 ++ + .../docker/cli-docs-tool/clidocstool_yaml.go | 378 ++ .../docker/cli-docs-tool/docker-bake.hcl | 51 + - .../docker/cli-docs-tool/markdown.go | 87 + + .../docker/cli-docs-tool/markdown.go | 100 + .../russross/blackfriday/v2/.gitignore | 8 + .../russross/blackfriday/v2/.travis.yml | 17 + .../russross/blackfriday/v2/LICENSE.txt | 29 + @@ -83,12 +82,11 @@ Signed-off-by: Aleksa Sarai vendor/gopkg.in/yaml.v3/yaml.go | 698 ++++ vendor/gopkg.in/yaml.v3/yamlh.go | 807 +++++ vendor/gopkg.in/yaml.v3/yamlprivateh.go | 198 ++ - vendor/modules.txt | 15 + - 66 files changed, 22631 insertions(+), 96 deletions(-) + vendor/modules.txt | 12 + + 65 files changed, 22503 insertions(+), 101 deletions(-) delete mode 100644 docs/generate/go.mod delete mode 100644 docs/generate/tools.go - create mode 100644 import.go - delete mode 100644 man/tools.go + delete mode 100644 man/go.mod create mode 100644 vendor/github.com/cpuguy83/go-md2man/v2/.gitignore create mode 100644 vendor/github.com/cpuguy83/go-md2man/v2/.golangci.yml create mode 100644 vendor/github.com/cpuguy83/go-md2man/v2/Dockerfile @@ -103,10 +101,9 @@ Signed-off-by: Aleksa Sarai create mode 100644 vendor/github.com/docker/cli-docs-tool/.gitignore create mode 100644 vendor/github.com/docker/cli-docs-tool/.golangci.yml create mode 100644 vendor/github.com/docker/cli-docs-tool/Dockerfile - create mode 100644 vendor/github.com/docker/cli-docs-tool/LICENSE create mode 100644 vendor/github.com/docker/cli-docs-tool/README.md - create mode 100644 vendor/github.com/docker/cli-docs-tool/annotation/annotation.go create mode 100644 vendor/github.com/docker/cli-docs-tool/clidocstool.go + create mode 100644 vendor/github.com/docker/cli-docs-tool/clidocstool_man.go create mode 100644 vendor/github.com/docker/cli-docs-tool/clidocstool_md.go create mode 100644 vendor/github.com/docker/cli-docs-tool/clidocstool_yaml.go create mode 100644 vendor/github.com/docker/cli-docs-tool/docker-bake.hcl @@ -148,7 +145,7 @@ Signed-off-by: Aleksa Sarai diff --git a/docs/generate/go.mod b/docs/generate/go.mod deleted file mode 100644 -index d62ff455713a..000000000000 +index 451d2965338c..000000000000 --- a/docs/generate/go.mod +++ /dev/null @@ -1,13 +0,0 @@ @@ -157,11 +154,11 @@ index d62ff455713a..000000000000 -// dummy go.mod to avoid dealing with dependencies specific -// to docs generation and not really part of the project. - --go 1.16 +-go 1.22.0 - -//require ( -// github.com/docker/cli v0.0.0+incompatible --// github.com/docker/cli-docs-tool v0.5.0 +-// github.com/docker/cli-docs-tool v0.8.0 -//) -// -//replace github.com/docker/cli v0.0.0+incompatible => ../../ @@ -179,70 +176,57 @@ index 47510bc49a89..000000000000 -import ( - _ "github.com/docker/cli-docs-tool" -) -diff --git a/import.go b/import.go -new file mode 100644 -index 000000000000..662a6055146c ---- /dev/null -+++ b/import.go -@@ -0,0 +1,17 @@ -+// This is only used to define imports we need for doc generation. -+ -+//go:build never -+// +build never -+ -+package cli -+ -+import ( -+ // Used for md and yaml doc generation. -+ _ "github.com/docker/cli-docs-tool" -+ -+ // Used for man page generation. -+ _ "github.com/cpuguy83/go-md2man/v2" -+ _ "github.com/spf13/cobra" -+ _ "github.com/spf13/cobra/doc" -+ _ "github.com/spf13/pflag" -+) -diff --git a/man/tools.go b/man/tools.go +diff --git a/man/go.mod b/man/go.mod deleted file mode 100644 -index 3cafe6533aff..000000000000 ---- a/man/tools.go +index 238ac1ef4116..000000000000 +--- a/man/go.mod +++ /dev/null -@@ -1,11 +0,0 @@ --//go:build tools --// +build tools +@@ -1,15 +0,0 @@ +-module github.com/docker/cli/man - --package main +-// dummy go.mod to avoid dealing with dependencies specific +-// to manpages generation and not really part of the project. - --import ( -- _ "github.com/cpuguy83/go-md2man/v2" +-go 1.22.0 +- +-//require ( +-// github.com/docker/cli v0.0.0+incompatible +-// github.com/cpuguy83/go-md2man/v2 v2.0.4 +-// github.com/spf13/cobra v1.2.1 +-// github.com/spf13/pflag v1.0.5 +-//) +-// +-//replace github.com/docker/cli v0.0.0+incompatible => ../ +diff --git a/man/tools.go b/man/tools.go +index 3cafe6533aff..3998dc709072 100644 +--- a/man/tools.go ++++ b/man/tools.go +@@ -5,7 +5,4 @@ package main + + import ( + _ "github.com/cpuguy83/go-md2man/v2" - _ "github.com/spf13/cobra" - _ "github.com/spf13/cobra/doc" - _ "github.com/spf13/pflag" --) + ) diff --git a/scripts/docs/generate-man.sh b/scripts/docs/generate-man.sh -index 12a4b81199db..1e12a95e9c9a 100755 +index 47ebcedb8552..4b1e4b9dfe86 100755 --- a/scripts/docs/generate-man.sh +++ b/scripts/docs/generate-man.sh -@@ -1,35 +1,22 @@ - #!/usr/bin/env bash +@@ -4,32 +4,18 @@ set -eu --set -eu + : "${MD2MAN_VERSION=v2.0.4}" + +-export GO111MODULE=auto - --: "${MD2MAN_VERSION=v2.0.3}" -+set -Eeuo pipefail - - export GO111MODULE=auto - -function clean { - rm -rf "$buildir" -+# temporary "go.mod" to make -modfile= work -+touch go.mod -+ +function clean() { -+ rm -f "$(pwd)/go.mod" ++ rm -f go.mod } -buildir=$(mktemp -d -t docker-cli-docsgen.XXXXXXXXXX) ++export GO111MODULE=auto trap clean EXIT -( @@ -262,6 +246,7 @@ index 12a4b81199db..1e12a95e9c9a 100755 - # build go-md2man - go build -mod=vendor -modfile=vendor.mod -o /tmp/go-md2man ./vendor/github.com/cpuguy83/go-md2man/v2 -) ++./scripts/vendor init +# build gen-manpages +go build -mod=vendor -modfile=vendor.mod -tags manpages -o /tmp/gen-manpages ./man/generate.go +# build go-md2man @@ -270,31 +255,23 @@ index 12a4b81199db..1e12a95e9c9a 100755 mkdir -p man/man1 (set -x ; /tmp/gen-manpages --root "." --target "$(pwd)/man/man1") diff --git a/scripts/docs/generate-md.sh b/scripts/docs/generate-md.sh -index 4caa01eaed23..0af86843bbe4 100755 +index 3fe1ca917646..b9eaed3aed9f 100755 --- a/scripts/docs/generate-md.sh +++ b/scripts/docs/generate-md.sh -@@ -1,33 +1,29 @@ - #!/usr/bin/env bash +@@ -4,30 +4,16 @@ set -eu --set -eu + : "${CLI_DOCS_TOOL_VERSION=v0.8.0}" + +-export GO111MODULE=auto - --: "${CLI_DOCS_TOOL_VERSION=v0.7.0}" -+set -Eeuo pipefail - - export GO111MODULE=auto - -+# temporary "go.mod" to make -modfile= work -+touch go.mod -+ - function clean { +-function clean { - rm -rf "$buildir" -+ rm -f "$(pwd)/go.mod" -+ if [ -f "$(pwd)/docs/reference/commandline/docker.md" ]; then -+ mv "$(pwd)/docs/reference/commandline/docker.md" "$(pwd)/docs/reference/commandline/cli.md" -+ fi ++function clean() { ++ rm -f go.mod } -buildir=$(mktemp -d -t docker-cli-docsgen.XXXXXXXXXX) ++export GO111MODULE=auto trap clean EXIT -( @@ -304,7 +281,7 @@ index 4caa01eaed23..0af86843bbe4 100755 - # init dummy go.mod - ./scripts/vendor init - # install cli-docs-tool and copy docs/tools.go in root folder -- # to be able to fetch the required depedencies +- # to be able to fetch the required dependencies - go mod edit -modfile=vendor.mod -require=github.com/docker/cli-docs-tool@${CLI_DOCS_TOOL_VERSION} - cp docs/generate/tools.go . - # update vendor @@ -312,41 +289,30 @@ index 4caa01eaed23..0af86843bbe4 100755 - # build docsgen - go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go -) ++./scripts/vendor init +# build docsgen +go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go -+ -+# yaml generation on docs repo needs the cli.md file: https://github.com/docker/cli/pull/3924#discussion_r1059986605 -+# but markdown generation docker.md atm. While waiting for a fix in cli-docs-tool -+# we need to first move the cli.md file to docker.md, do the generation and -+# then move it back in trap handler. -+mv "$(pwd)/docs/reference/commandline/cli.md" "$(pwd)/docs/reference/commandline/docker.md" ( set -x diff --git a/scripts/docs/generate-yaml.sh b/scripts/docs/generate-yaml.sh -index 0d67c5e5bb09..7d98e161df5d 100755 +index c4ed0d567de3..7da8d1a2fa95 100755 --- a/scripts/docs/generate-yaml.sh +++ b/scripts/docs/generate-yaml.sh -@@ -1,33 +1,20 @@ - #!/usr/bin/env bash +@@ -4,30 +4,16 @@ set -eu --set -eu + : "${CLI_DOCS_TOOL_VERSION=v0.8.0}" + +-export GO111MODULE=auto - --: "${CLI_DOCS_TOOL_VERSION=v0.7.0}" -+set -Eeuo pipefail - - export GO111MODULE=auto - -function clean { - rm -rf "$buildir" -+# temporary "go.mod" to make -modfile= work -+touch go.mod -+ +function clean() { -+ rm -f "$(pwd)/go.mod" ++ rm -f go.mod } -buildir=$(mktemp -d -t docker-cli-docsgen.XXXXXXXXXX) ++export GO111MODULE=auto trap clean EXIT -( @@ -356,7 +322,7 @@ index 0d67c5e5bb09..7d98e161df5d 100755 - # init dummy go.mod - ./scripts/vendor init - # install cli-docs-tool and copy docs/tools.go in root folder -- # to be able to fetch the required depedencies +- # to be able to fetch the required dependencies - go mod edit -modfile=vendor.mod -require=github.com/docker/cli-docs-tool@${CLI_DOCS_TOOL_VERSION} - cp docs/generate/tools.go . - # update vendor @@ -364,68 +330,51 @@ index 0d67c5e5bb09..7d98e161df5d 100755 - # build docsgen - go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go -) ++./scripts/vendor init +# build docsgen +go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go mkdir -p docs/yaml set -x diff --git a/vendor.mod b/vendor.mod -index 3bc5ce327f0f..a654f78703d6 100644 +index 232eadeda214..51fd342183bd 100644 --- a/vendor.mod +++ b/vendor.mod -@@ -11,6 +11,7 @@ require ( - github.com/containerd/platforms v0.2.0 - github.com/creack/pty v1.1.21 - github.com/distribution/reference v0.5.0 -+ github.com/docker/cli-docs-tool v0.6.0 - github.com/docker/distribution v2.8.3+incompatible - github.com/docker/docker v26.1.4-0.20240605103321-de5c9cf0b96e+incompatible // 26.1 branch (v26.1.4-dev) - github.com/docker/docker-credential-helpers v0.8.1 -@@ -53,6 +54,8 @@ require ( - tags.cncf.io/container-device-interface v0.7.2 - ) - -+require github.com/cpuguy83/go-md2man/v2 v2.0.3 -+ +@@ -9,6 +9,7 @@ go 1.22.0 require ( - github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect - github.com/Microsoft/go-winio v0.6.2 // indirect -@@ -83,6 +86,7 @@ require ( + dario.cat/mergo v1.0.1 + github.com/containerd/platforms v0.2.1 ++ github.com/cpuguy83/go-md2man/v2 v2.0.4 + github.com/creack/pty v1.1.21 + github.com/distribution/reference v0.6.0 + github.com/docker/cli-docs-tool v0.8.0 +@@ -87,6 +88,7 @@ require ( github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect github.com/rivo/uniseg v0.2.0 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/stretchr/testify v1.9.0 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - go.etcd.io/etcd/raft/v3 v3.5.6 // indirect -@@ -96,4 +100,5 @@ require ( - google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect - google.golang.org/grpc v1.60.1 // indirect - google.golang.org/protobuf v1.33.0 // indirect +@@ -102,4 +104,5 @@ require ( + google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect + google.golang.org/grpc v1.66.3 // indirect + google.golang.org/protobuf v1.35.1 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/vendor.sum b/vendor.sum -index 6a31c9b2cf62..a0905e657c37 100644 +index 50228dae0dd5..99025180244f 100644 --- a/vendor.sum +++ b/vendor.sum -@@ -46,6 +46,7 @@ github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3 - github.com/containerd/platforms v0.2.0 h1:clGNvVIcY3k39VJSYdFGohI1b3bP/eeBUVR5+XA28oo= - github.com/containerd/platforms v0.2.0/go.mod h1:XOM2BS6kN6gXafPLg80V6y/QUib+xoLyC3qVmHzibko= +@@ -42,6 +42,7 @@ github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3 + github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= + github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -+github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= - github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= ++github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= + github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0= -@@ -56,6 +57,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs - github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= - github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= - github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -+github.com/docker/cli-docs-tool v0.6.0 h1:Z9x10SaZgFaB6jHgz3OWooynhSa40CsWkpe5hEnG/qA= -+github.com/docker/cli-docs-tool v0.6.0/go.mod h1:zMjqTFCU361PRh8apiXzeAZ1Q/xupbIwTusYpzCXS/o= - github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= - github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= - github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -@@ -241,6 +244,7 @@ github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= +@@ -249,6 +250,7 @@ github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= @@ -455,29 +404,23 @@ index 000000000000..71f073f3c6b9 + diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/Dockerfile b/vendor/github.com/cpuguy83/go-md2man/v2/Dockerfile new file mode 100644 -index 000000000000..7181c5306f41 +index 000000000000..b9fc4dfdb52a --- /dev/null +++ b/vendor/github.com/cpuguy83/go-md2man/v2/Dockerfile -@@ -0,0 +1,20 @@ -+ARG GO_VERSION=1.18 -+ARG GO_IMAGE=golang:${GO_VERSION} +@@ -0,0 +1,14 @@ ++ARG GO_VERSION=1.21 + -+FROM --platform=$BUILDPLATFORM $GO_IMAGE AS build ++FROM --platform=${BUILDPLATFORM} golang:${GO_VERSION} AS build +COPY . /go/src/github.com/cpuguy83/go-md2man +WORKDIR /go/src/github.com/cpuguy83/go-md2man -+ARG TARGETOS -+ARG TARGETARCH -+ARG TARGETVARIANT ++ARG TARGETOS TARGETARCH TARGETVARIANT +RUN \ -+ export GOOS="${TARGETOS}"; \ -+ export GOARCH="${TARGETARCH}"; \ -+ if [ "${TARGETARCH}" = "arm" ] && [ "${TARGETVARIANT}" ]; then \ -+ export GOARM="${TARGETVARIANT#v}"; \ -+ fi; \ -+ CGO_ENABLED=0 go build ++ --mount=type=cache,target=/go/pkg/mod \ ++ --mount=type=cache,target=/root/.cache/go-build \ ++ make build + +FROM scratch -+COPY --from=build /go/src/github.com/cpuguy83/go-md2man/go-md2man /go-md2man ++COPY --from=build /go/src/github.com/cpuguy83/go-md2man/bin/go-md2man /go-md2man +ENTRYPOINT ["/go-md2man"] diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/LICENSE.md b/vendor/github.com/cpuguy83/go-md2man/v2/LICENSE.md new file mode 100644 @@ -508,15 +451,41 @@ index 000000000000..1cade6cef6a1 +SOFTWARE. diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/Makefile b/vendor/github.com/cpuguy83/go-md2man/v2/Makefile new file mode 100644 -index 000000000000..437fc9997926 +index 000000000000..5f4a423d6f25 --- /dev/null +++ b/vendor/github.com/cpuguy83/go-md2man/v2/Makefile -@@ -0,0 +1,35 @@ +@@ -0,0 +1,49 @@ +GO111MODULE ?= on -+LINTER_BIN ?= golangci-lint + +export GO111MODULE + ++GOOS ?= $(if $(TARGETOS),$(TARGETOS),) ++GOARCH ?= $(if $(TARGETARCH),$(TARGETARCH),) ++ ++ifeq ($(TARGETARCH),amd64) ++GOAMD64 ?= $(TARGETVARIANT) ++endif ++ ++ifeq ($(TARGETARCH),arm) ++GOARM ?= $(TARGETVARIANT:v%=%) ++endif ++ ++ifneq ($(GOOS),) ++export GOOS ++endif ++ ++ifneq ($(GOARCH),) ++export GOARCH ++endif ++ ++ifneq ($(GOAMD64),) ++export GOAMD64 ++endif ++ ++ifneq ($(GOARM),) ++export GOARM ++endif ++ +.PHONY: +build: bin/go-md2man + @@ -528,25 +497,13 @@ index 000000000000..437fc9997926 +test: + @go test $(TEST_FLAGS) ./... + -+bin/go-md2man: actual_build_flags := $(BUILD_FLAGS) -o bin/go-md2man -+bin/go-md2man: bin -+ @CGO_ENABLED=0 go build $(actual_build_flags) -+ -+bin: -+ @mkdir ./bin ++bin/go-md2man: go.mod go.sum md2man/* *.go ++ @mkdir -p bin ++ CGO_ENABLED=0 go build $(BUILD_FLAGS) -o $@ + +.PHONY: mod +mod: + @go mod tidy -+ -+.PHONY: check-mod -+check-mod: # verifies that module changes for go.mod and go.sum are checked in -+ @hack/ci/check_mods.sh -+ -+.PHONY: vendor -+vendor: mod -+ @go mod vendor -v -+ diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/README.md b/vendor/github.com/cpuguy83/go-md2man/v2/README.md new file mode 100644 index 000000000000..0e30d341483c @@ -685,13 +642,14 @@ index 000000000000..42bf32aab003 +} diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go new file mode 100644 -index 000000000000..4b19188d90fd +index 000000000000..8a290f1972a2 --- /dev/null +++ b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go -@@ -0,0 +1,348 @@ +@@ -0,0 +1,382 @@ +package md2man + +import ( ++ "bufio" + "bytes" + "fmt" + "io" @@ -712,34 +670,35 @@ index 000000000000..4b19188d90fd +} + +const ( -+ titleHeader = ".TH " -+ topLevelHeader = "\n\n.SH " -+ secondLevelHdr = "\n.SH " -+ otherHeader = "\n.SS " -+ crTag = "\n" -+ emphTag = "\\fI" -+ emphCloseTag = "\\fP" -+ strongTag = "\\fB" -+ strongCloseTag = "\\fP" -+ breakTag = "\n.br\n" -+ paraTag = "\n.PP\n" -+ hruleTag = "\n.ti 0\n\\l'\\n(.lu'\n" -+ linkTag = "\n\\[la]" -+ linkCloseTag = "\\[ra]" -+ codespanTag = "\\fB" -+ codespanCloseTag = "\\fR" -+ codeTag = "\n.EX\n" -+ codeCloseTag = "\n.EE\n" -+ quoteTag = "\n.PP\n.RS\n" -+ quoteCloseTag = "\n.RE\n" -+ listTag = "\n.RS\n" -+ listCloseTag = "\n.RE\n" -+ dtTag = "\n.TP\n" -+ dd2Tag = "\n" -+ tableStart = "\n.TS\nallbox;\n" -+ tableEnd = ".TE\n" -+ tableCellStart = "T{\n" -+ tableCellEnd = "\nT}\n" ++ titleHeader = ".TH " ++ topLevelHeader = "\n\n.SH " ++ secondLevelHdr = "\n.SH " ++ otherHeader = "\n.SS " ++ crTag = "\n" ++ emphTag = "\\fI" ++ emphCloseTag = "\\fP" ++ strongTag = "\\fB" ++ strongCloseTag = "\\fP" ++ breakTag = "\n.br\n" ++ paraTag = "\n.PP\n" ++ hruleTag = "\n.ti 0\n\\l'\\n(.lu'\n" ++ linkTag = "\n\\[la]" ++ linkCloseTag = "\\[ra]" ++ codespanTag = "\\fB" ++ codespanCloseTag = "\\fR" ++ codeTag = "\n.EX\n" ++ codeCloseTag = ".EE\n" // Do not prepend a newline character since code blocks, by definition, include a newline already (or at least as how blackfriday gives us on). ++ quoteTag = "\n.PP\n.RS\n" ++ quoteCloseTag = "\n.RE\n" ++ listTag = "\n.RS\n" ++ listCloseTag = "\n.RE\n" ++ dtTag = "\n.TP\n" ++ dd2Tag = "\n" ++ tableStart = "\n.TS\nallbox;\n" ++ tableEnd = ".TE\n" ++ tableCellStart = "T{\n" ++ tableCellEnd = "\nT}\n" ++ tablePreprocessor = `'\" t` +) + +// NewRoffRenderer creates a new blackfriday Renderer for generating roff documents @@ -766,6 +725,16 @@ index 000000000000..4b19188d90fd + +// RenderHeader handles outputting the header at document start +func (r *roffRenderer) RenderHeader(w io.Writer, ast *blackfriday.Node) { ++ // We need to walk the tree to check if there are any tables. ++ // If there are, we need to enable the roff table preprocessor. ++ ast.Walk(func(node *blackfriday.Node, entering bool) blackfriday.WalkStatus { ++ if node.Type == blackfriday.Table { ++ out(w, tablePreprocessor+"\n") ++ return blackfriday.Terminate ++ } ++ return blackfriday.GoToNext ++ }) ++ + // disable hyphenation + out(w, ".nh\n") +} @@ -1013,6 +982,28 @@ index 000000000000..4b19188d90fd +} + +func escapeSpecialChars(w io.Writer, text []byte) { ++ scanner := bufio.NewScanner(bytes.NewReader(text)) ++ ++ // count the number of lines in the text ++ // we need to know this to avoid adding a newline after the last line ++ n := bytes.Count(text, []byte{'\n'}) ++ idx := 0 ++ ++ for scanner.Scan() { ++ dt := scanner.Bytes() ++ if idx < n { ++ idx++ ++ dt = append(dt, '\n') ++ } ++ escapeSpecialCharsLine(w, dt) ++ } ++ ++ if err := scanner.Err(); err != nil { ++ panic(err) ++ } ++} ++ ++func escapeSpecialCharsLine(w io.Writer, text []byte) { + for i := 0; i < len(text); i++ { + // escape initial apostrophe or period + if len(text) >= 1 && (text[0] == '\'' || text[0] == '.') { @@ -1188,214 +1179,6 @@ index 000000000000..f0e2739faa7c + +FROM scratch AS test-coverage +COPY --from=test /tmp/coverage.txt /coverage.txt -diff --git a/vendor/github.com/docker/cli-docs-tool/LICENSE b/vendor/github.com/docker/cli-docs-tool/LICENSE -new file mode 100644 -index 000000000000..d64569567334 ---- /dev/null -+++ b/vendor/github.com/docker/cli-docs-tool/LICENSE -@@ -0,0 +1,202 @@ -+ -+ Apache License -+ Version 2.0, January 2004 -+ http://www.apache.org/licenses/ -+ -+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION -+ -+ 1. Definitions. -+ -+ "License" shall mean the terms and conditions for use, reproduction, -+ and distribution as defined by Sections 1 through 9 of this document. -+ -+ "Licensor" shall mean the copyright owner or entity authorized by -+ the copyright owner that is granting the License. -+ -+ "Legal Entity" shall mean the union of the acting entity and all -+ other entities that control, are controlled by, or are under common -+ control with that entity. For the purposes of this definition, -+ "control" means (i) the power, direct or indirect, to cause the -+ direction or management of such entity, whether by contract or -+ otherwise, or (ii) ownership of fifty percent (50%) or more of the -+ outstanding shares, or (iii) beneficial ownership of such entity. -+ -+ "You" (or "Your") shall mean an individual or Legal Entity -+ exercising permissions granted by this License. -+ -+ "Source" form shall mean the preferred form for making modifications, -+ including but not limited to software source code, documentation -+ source, and configuration files. -+ -+ "Object" form shall mean any form resulting from mechanical -+ transformation or translation of a Source form, including but -+ not limited to compiled object code, generated documentation, -+ and conversions to other media types. -+ -+ "Work" shall mean the work of authorship, whether in Source or -+ Object form, made available under the License, as indicated by a -+ copyright notice that is included in or attached to the work -+ (an example is provided in the Appendix below). -+ -+ "Derivative Works" shall mean any work, whether in Source or Object -+ form, that is based on (or derived from) the Work and for which the -+ editorial revisions, annotations, elaborations, or other modifications -+ represent, as a whole, an original work of authorship. For the purposes -+ of this License, Derivative Works shall not include works that remain -+ separable from, or merely link (or bind by name) to the interfaces of, -+ the Work and Derivative Works thereof. -+ -+ "Contribution" shall mean any work of authorship, including -+ the original version of the Work and any modifications or additions -+ to that Work or Derivative Works thereof, that is intentionally -+ submitted to Licensor for inclusion in the Work by the copyright owner -+ or by an individual or Legal Entity authorized to submit on behalf of -+ the copyright owner. For the purposes of this definition, "submitted" -+ means any form of electronic, verbal, or written communication sent -+ to the Licensor or its representatives, including but not limited to -+ communication on electronic mailing lists, source code control systems, -+ and issue tracking systems that are managed by, or on behalf of, the -+ Licensor for the purpose of discussing and improving the Work, but -+ excluding communication that is conspicuously marked or otherwise -+ designated in writing by the copyright owner as "Not a Contribution." -+ -+ "Contributor" shall mean Licensor and any individual or Legal Entity -+ on behalf of whom a Contribution has been received by Licensor and -+ subsequently incorporated within the Work. -+ -+ 2. Grant of Copyright License. Subject to the terms and conditions of -+ this License, each Contributor hereby grants to You a perpetual, -+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable -+ copyright license to reproduce, prepare Derivative Works of, -+ publicly display, publicly perform, sublicense, and distribute the -+ Work and such Derivative Works in Source or Object form. -+ -+ 3. Grant of Patent License. Subject to the terms and conditions of -+ this License, each Contributor hereby grants to You a perpetual, -+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable -+ (except as stated in this section) patent license to make, have made, -+ use, offer to sell, sell, import, and otherwise transfer the Work, -+ where such license applies only to those patent claims licensable -+ by such Contributor that are necessarily infringed by their -+ Contribution(s) alone or by combination of their Contribution(s) -+ with the Work to which such Contribution(s) was submitted. If You -+ institute patent litigation against any entity (including a -+ cross-claim or counterclaim in a lawsuit) alleging that the Work -+ or a Contribution incorporated within the Work constitutes direct -+ or contributory patent infringement, then any patent licenses -+ granted to You under this License for that Work shall terminate -+ as of the date such litigation is filed. -+ -+ 4. Redistribution. You may reproduce and distribute copies of the -+ Work or Derivative Works thereof in any medium, with or without -+ modifications, and in Source or Object form, provided that You -+ meet the following conditions: -+ -+ (a) You must give any other recipients of the Work or -+ Derivative Works a copy of this License; and -+ -+ (b) You must cause any modified files to carry prominent notices -+ stating that You changed the files; and -+ -+ (c) You must retain, in the Source form of any Derivative Works -+ that You distribute, all copyright, patent, trademark, and -+ attribution notices from the Source form of the Work, -+ excluding those notices that do not pertain to any part of -+ the Derivative Works; and -+ -+ (d) If the Work includes a "NOTICE" text file as part of its -+ distribution, then any Derivative Works that You distribute must -+ include a readable copy of the attribution notices contained -+ within such NOTICE file, excluding those notices that do not -+ pertain to any part of the Derivative Works, in at least one -+ of the following places: within a NOTICE text file distributed -+ as part of the Derivative Works; within the Source form or -+ documentation, if provided along with the Derivative Works; or, -+ within a display generated by the Derivative Works, if and -+ wherever such third-party notices normally appear. The contents -+ of the NOTICE file are for informational purposes only and -+ do not modify the License. You may add Your own attribution -+ notices within Derivative Works that You distribute, alongside -+ or as an addendum to the NOTICE text from the Work, provided -+ that such additional attribution notices cannot be construed -+ as modifying the License. -+ -+ You may add Your own copyright statement to Your modifications and -+ may provide additional or different license terms and conditions -+ for use, reproduction, or distribution of Your modifications, or -+ for any such Derivative Works as a whole, provided Your use, -+ reproduction, and distribution of the Work otherwise complies with -+ the conditions stated in this License. -+ -+ 5. Submission of Contributions. Unless You explicitly state otherwise, -+ any Contribution intentionally submitted for inclusion in the Work -+ by You to the Licensor shall be under the terms and conditions of -+ this License, without any additional terms or conditions. -+ Notwithstanding the above, nothing herein shall supersede or modify -+ the terms of any separate license agreement you may have executed -+ with Licensor regarding such Contributions. -+ -+ 6. Trademarks. This License does not grant permission to use the trade -+ names, trademarks, service marks, or product names of the Licensor, -+ except as required for reasonable and customary use in describing the -+ origin of the Work and reproducing the content of the NOTICE file. -+ -+ 7. Disclaimer of Warranty. Unless required by applicable law or -+ agreed to in writing, Licensor provides the Work (and each -+ Contributor provides its Contributions) on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -+ implied, including, without limitation, any warranties or conditions -+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A -+ PARTICULAR PURPOSE. You are solely responsible for determining the -+ appropriateness of using or redistributing the Work and assume any -+ risks associated with Your exercise of permissions under this License. -+ -+ 8. Limitation of Liability. In no event and under no legal theory, -+ whether in tort (including negligence), contract, or otherwise, -+ unless required by applicable law (such as deliberate and grossly -+ negligent acts) or agreed to in writing, shall any Contributor be -+ liable to You for damages, including any direct, indirect, special, -+ incidental, or consequential damages of any character arising as a -+ result of this License or out of the use or inability to use the -+ Work (including but not limited to damages for loss of goodwill, -+ work stoppage, computer failure or malfunction, or any and all -+ other commercial damages or losses), even if such Contributor -+ has been advised of the possibility of such damages. -+ -+ 9. Accepting Warranty or Additional Liability. While redistributing -+ the Work or Derivative Works thereof, You may choose to offer, -+ and charge a fee for, acceptance of support, warranty, indemnity, -+ or other liability obligations and/or rights consistent with this -+ License. However, in accepting such obligations, You may act only -+ on Your own behalf and on Your sole responsibility, not on behalf -+ of any other Contributor, and only if You agree to indemnify, -+ defend, and hold each Contributor harmless for any liability -+ incurred by, or claims asserted against, such Contributor by reason -+ of your accepting any such warranty or additional liability. -+ -+ END OF TERMS AND CONDITIONS -+ -+ APPENDIX: How to apply the Apache License to your work. -+ -+ To apply the Apache License to your work, attach the following -+ boilerplate notice, with the fields enclosed by brackets "[]" -+ replaced with your own identifying information. (Don't include -+ the brackets!) The text should be enclosed in the appropriate -+ comment syntax for the file format. We also recommend that a -+ file or class name and description of purpose be included on the -+ same "printed page" as the copyright notice for easier -+ identification within third-party archives. -+ -+ Copyright [yyyy] [name of copyright owner] -+ -+ Licensed under the Apache License, Version 2.0 (the "License"); -+ you may not use this file except in compliance with the License. -+ You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+ Unless required by applicable law or agreed to in writing, software -+ distributed under the License is distributed on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ See the License for the specific language governing permissions and -+ limitations under the License. diff --git a/vendor/github.com/docker/cli-docs-tool/README.md b/vendor/github.com/docker/cli-docs-tool/README.md new file mode 100644 index 000000000000..4d5ee6474f8f @@ -1469,43 +1252,12 @@ index 000000000000..4d5ee6474f8f + +Want to contribute? Awesome! You can find information about contributing to +this project in the [CONTRIBUTING.md](/.github/CONTRIBUTING.md) -diff --git a/vendor/github.com/docker/cli-docs-tool/annotation/annotation.go b/vendor/github.com/docker/cli-docs-tool/annotation/annotation.go -new file mode 100644 -index 000000000000..021846af6e07 ---- /dev/null -+++ b/vendor/github.com/docker/cli-docs-tool/annotation/annotation.go -@@ -0,0 +1,25 @@ -+// Copyright 2021 cli-docs-tool authors -+// -+// Licensed under the Apache License, Version 2.0 (the "License"); -+// you may not use this file except in compliance with the License. -+// You may obtain a copy of the License at -+// -+// http://www.apache.org/licenses/LICENSE-2.0 -+// -+// Unless required by applicable law or agreed to in writing, software -+// distributed under the License is distributed on an "AS IS" BASIS, -+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+// See the License for the specific language governing permissions and -+// limitations under the License. -+ -+package annotation -+ -+const ( -+ // ExternalURL specifies an external link annotation -+ ExternalURL = "docs.external.url" -+ // CodeDelimiter specifies the char that will be converted as code backtick. -+ // Can be used on cmd for inheritance or a specific flag. -+ CodeDelimiter = "docs.code-delimiter" -+ // DefaultValue specifies the default value for a flag. -+ DefaultValue = "docs.default-value" -+) diff --git a/vendor/github.com/docker/cli-docs-tool/clidocstool.go b/vendor/github.com/docker/cli-docs-tool/clidocstool.go new file mode 100644 -index 000000000000..d4aeaba3f126 +index 000000000000..a9d2f649953d --- /dev/null +++ b/vendor/github.com/docker/cli-docs-tool/clidocstool.go -@@ -0,0 +1,123 @@ +@@ -0,0 +1,191 @@ +// Copyright 2017 cli-docs-tool authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); @@ -1525,10 +1277,13 @@ index 000000000000..d4aeaba3f126 +import ( + "errors" + "io" ++ "log" + "os" ++ "path/filepath" + "strings" + + "github.com/spf13/cobra" ++ "github.com/spf13/cobra/doc" +) + +// Options defines options for cli-docs-tool @@ -1537,6 +1292,8 @@ index 000000000000..d4aeaba3f126 + SourceDir string + TargetDir string + Plugin bool ++ ++ ManHeader *doc.GenManHeader +} + +// Client represents an active cli-docs-tool object @@ -1545,6 +1302,8 @@ index 000000000000..d4aeaba3f126 + source string + target string + plugin bool ++ ++ manHeader *doc.GenManHeader +} + +// New initializes a new cli-docs-tool client @@ -1556,9 +1315,10 @@ index 000000000000..d4aeaba3f126 + return nil, errors.New("source dir required") + } + c := &Client{ -+ root: opts.Root, -+ source: opts.SourceDir, -+ plugin: opts.Plugin, ++ root: opts.Root, ++ source: opts.SourceDir, ++ plugin: opts.Plugin, ++ manHeader: opts.ManHeader, + } + if len(opts.TargetDir) == 0 { + c.target = c.source @@ -1581,9 +1341,69 @@ index 000000000000..d4aeaba3f126 + if err = c.GenYamlTree(c.root); err != nil { + return err + } ++ if err = c.GenManTree(c.root); err != nil { ++ return err ++ } + return nil +} + ++// loadLongDescription gets long descriptions and examples from markdown. ++func (c *Client) loadLongDescription(cmd *cobra.Command, generator string) error { ++ if cmd.HasSubCommands() { ++ for _, sub := range cmd.Commands() { ++ if err := c.loadLongDescription(sub, generator); err != nil { ++ return err ++ } ++ } ++ } ++ name := cmd.CommandPath() ++ if i := strings.Index(name, " "); i >= 0 { ++ // remove root command / binary name ++ name = name[i+1:] ++ } ++ if name == "" { ++ return nil ++ } ++ mdFile := strings.ReplaceAll(name, " ", "_") + ".md" ++ sourcePath := filepath.Join(c.source, mdFile) ++ content, err := os.ReadFile(sourcePath) ++ if os.IsNotExist(err) { ++ log.Printf("WARN: %s does not exist, skipping Markdown examples for %s docs\n", mdFile, generator) ++ return nil ++ } ++ if err != nil { ++ return err ++ } ++ applyDescriptionAndExamples(cmd, string(content)) ++ return nil ++} ++ ++// applyDescriptionAndExamples fills in cmd.Long and cmd.Example with the ++// "Description" and "Examples" H2 sections in mdString (if present). ++func applyDescriptionAndExamples(cmd *cobra.Command, mdString string) { ++ sections := getSections(mdString) ++ var ( ++ anchors []string ++ md string ++ ) ++ if sections["description"] != "" { ++ md, anchors = cleanupMarkDown(sections["description"]) ++ cmd.Long = md ++ anchors = append(anchors, md) ++ } ++ if sections["examples"] != "" { ++ md, anchors = cleanupMarkDown(sections["examples"]) ++ cmd.Example = md ++ anchors = append(anchors, md) ++ } ++ if len(anchors) > 0 { ++ if cmd.Annotations == nil { ++ cmd.Annotations = make(map[string]string) ++ } ++ cmd.Annotations["anchors"] = strings.Join(anchors, ",") ++ } ++} ++ +func fileExists(f string) bool { + info, err := os.Stat(f) + if os.IsNotExist(err) { @@ -1629,12 +1449,92 @@ index 000000000000..d4aeaba3f126 + } + return aliases +} +diff --git a/vendor/github.com/docker/cli-docs-tool/clidocstool_man.go b/vendor/github.com/docker/cli-docs-tool/clidocstool_man.go +new file mode 100644 +index 000000000000..e043f9934e42 +--- /dev/null ++++ b/vendor/github.com/docker/cli-docs-tool/clidocstool_man.go +@@ -0,0 +1,74 @@ ++// Copyright 2016 cli-docs-tool authors ++// ++// Licensed under the Apache License, Version 2.0 (the "License"); ++// you may not use this file except in compliance with the License. ++// You may obtain a copy of the License at ++// ++// http://www.apache.org/licenses/LICENSE-2.0 ++// ++// Unless required by applicable law or agreed to in writing, software ++// distributed under the License is distributed on an "AS IS" BASIS, ++// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++// See the License for the specific language governing permissions and ++// limitations under the License. ++ ++package clidocstool ++ ++import ( ++ "fmt" ++ "log" ++ "os" ++ "strconv" ++ "time" ++ ++ "github.com/spf13/cobra" ++ "github.com/spf13/cobra/doc" ++) ++ ++// GenManTree generates a man page for the command and all descendants. ++// If SOURCE_DATE_EPOCH is set, in order to allow reproducible package ++// builds, we explicitly set the build time to SOURCE_DATE_EPOCH. ++func (c *Client) GenManTree(cmd *cobra.Command) error { ++ if err := c.loadLongDescription(cmd, "man"); err != nil { ++ return err ++ } ++ ++ if epoch := os.Getenv("SOURCE_DATE_EPOCH"); c.manHeader != nil && epoch != "" { ++ unixEpoch, err := strconv.ParseInt(epoch, 10, 64) ++ if err != nil { ++ return fmt.Errorf("invalid SOURCE_DATE_EPOCH: %v", err) ++ } ++ now := time.Unix(unixEpoch, 0) ++ c.manHeader.Date = &now ++ } ++ ++ return c.genManTreeCustom(cmd) ++} ++ ++func (c *Client) genManTreeCustom(cmd *cobra.Command) error { ++ for _, sc := range cmd.Commands() { ++ if err := c.genManTreeCustom(sc); err != nil { ++ return err ++ } ++ } ++ ++ // always disable the addition of [flags] to the usage ++ cmd.DisableFlagsInUseLine = true ++ ++ // always disable "spf13/cobra" auto gen tag ++ cmd.DisableAutoGenTag = true ++ ++ // Skip the root command altogether, to prevent generating a useless ++ // md file for plugins. ++ if c.plugin && !cmd.HasParent() { ++ return nil ++ } ++ ++ log.Printf("INFO: Generating Man for %q", cmd.CommandPath()) ++ ++ return doc.GenManTreeFromOpts(cmd, doc.GenManTreeOptions{ ++ Header: c.manHeader, ++ Path: c.target, ++ CommandSeparator: "-", ++ }) ++} diff --git a/vendor/github.com/docker/cli-docs-tool/clidocstool_md.go b/vendor/github.com/docker/cli-docs-tool/clidocstool_md.go new file mode 100644 -index 000000000000..1dee58c06ca1 +index 000000000000..a35b62d76082 --- /dev/null +++ b/vendor/github.com/docker/cli-docs-tool/clidocstool_md.go -@@ -0,0 +1,280 @@ +@@ -0,0 +1,277 @@ +// Copyright 2021 cli-docs-tool authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); @@ -1877,10 +1777,7 @@ index 000000000000..1dee58c06ca1 + } + name += mdMakeLink("`--"+f.Name+"`", f.Name, f, isLink) + -+ var ftype string -+ if f.Value.Type() != "bool" { -+ ftype = "`" + f.Value.Type() + "`" -+ } ++ ftype := "`" + f.Value.Type() + "`" + + var defval string + if v, ok := f.Annotations[annotation.DefaultValue]; ok && len(v) > 0 { @@ -1890,7 +1787,7 @@ index 000000000000..1dee58c06ca1 + } else if cd, ok := cmd.Annotations[annotation.CodeDelimiter]; ok { + defval = strings.ReplaceAll(defval, cd, "`") + } -+ } else if f.DefValue != "" && (f.Value.Type() != "bool" && f.DefValue != "true") && f.DefValue != "[]" { ++ } else if f.DefValue != "" && ((f.Value.Type() != "bool" && f.DefValue != "true") || (f.Value.Type() == "bool" && f.DefValue == "true")) && f.DefValue != "[]" { + defval = "`" + f.DefValue + "`" + } + @@ -1917,10 +1814,10 @@ index 000000000000..1dee58c06ca1 +} diff --git a/vendor/github.com/docker/cli-docs-tool/clidocstool_yaml.go b/vendor/github.com/docker/cli-docs-tool/clidocstool_yaml.go new file mode 100644 -index 000000000000..523524297af4 +index 000000000000..acf5f2ba6b90 --- /dev/null +++ b/vendor/github.com/docker/cli-docs-tool/clidocstool_yaml.go -@@ -0,0 +1,435 @@ +@@ -0,0 +1,378 @@ +// Copyright 2017 cli-docs-tool authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); @@ -2001,7 +1898,7 @@ index 000000000000..523524297af4 +// it is undefined which help output will be in the file `cmd-sub-third.1`. +func (c *Client) GenYamlTree(cmd *cobra.Command) error { + emptyStr := func(s string) string { return "" } -+ if err := c.loadLongDescription(cmd); err != nil { ++ if err := c.loadLongDescription(cmd, "yaml"); err != nil { + return err + } + return c.genYamlTreeCustom(cmd, emptyStr) @@ -2294,63 +2191,6 @@ index 000000000000..523524297af4 + return false +} + -+// loadLongDescription gets long descriptions and examples from markdown. -+func (c *Client) loadLongDescription(parentCmd *cobra.Command) error { -+ for _, cmd := range parentCmd.Commands() { -+ if cmd.HasSubCommands() { -+ if err := c.loadLongDescription(cmd); err != nil { -+ return err -+ } -+ } -+ name := cmd.CommandPath() -+ if i := strings.Index(name, " "); i >= 0 { -+ // remove root command / binary name -+ name = name[i+1:] -+ } -+ if name == "" { -+ continue -+ } -+ mdFile := strings.ReplaceAll(name, " ", "_") + ".md" -+ sourcePath := filepath.Join(c.source, mdFile) -+ content, err := os.ReadFile(sourcePath) -+ if os.IsNotExist(err) { -+ log.Printf("WARN: %s does not exist, skipping Markdown examples for YAML doc\n", mdFile) -+ continue -+ } -+ if err != nil { -+ return err -+ } -+ applyDescriptionAndExamples(cmd, string(content)) -+ } -+ return nil -+} -+ -+// applyDescriptionAndExamples fills in cmd.Long and cmd.Example with the -+// "Description" and "Examples" H2 sections in mdString (if present). -+func applyDescriptionAndExamples(cmd *cobra.Command, mdString string) { -+ sections := getSections(mdString) -+ var ( -+ anchors []string -+ md string -+ ) -+ if sections["description"] != "" { -+ md, anchors = cleanupMarkDown(sections["description"]) -+ cmd.Long = md -+ anchors = append(anchors, md) -+ } -+ if sections["examples"] != "" { -+ md, anchors = cleanupMarkDown(sections["examples"]) -+ cmd.Example = md -+ anchors = append(anchors, md) -+ } -+ if len(anchors) > 0 { -+ if cmd.Annotations == nil { -+ cmd.Annotations = make(map[string]string) -+ } -+ cmd.Annotations["anchors"] = strings.Join(anchors, ",") -+ } -+} -+ +type byName []*cobra.Command + +func (s byName) Len() int { return len(s) } @@ -2415,10 +2255,10 @@ index 000000000000..4a5f44f83018 +} diff --git a/vendor/github.com/docker/cli-docs-tool/markdown.go b/vendor/github.com/docker/cli-docs-tool/markdown.go new file mode 100644 -index 000000000000..32849236ed9c +index 000000000000..bd8548707408 --- /dev/null +++ b/vendor/github.com/docker/cli-docs-tool/markdown.go -@@ -0,0 +1,87 @@ +@@ -0,0 +1,100 @@ +// Copyright 2017 cli-docs-tool authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); @@ -2450,6 +2290,9 @@ index 000000000000..32849236ed9c + // for our use-case; DO NOT consider using this as a generic regex, or at least + // not before reading https://stackoverflow.com/a/1732454/1811501. + htmlAnchor = regexp.MustCompile(`\s*`) ++ // relativeLink matches parts of internal links between .md documents ++ // e.g. "](buildx_build.md)" ++ relativeLink = regexp.MustCompile(`\]\((\.\/)?[a-z-_]+\.md(#.*)?\)`) +) + +// getSections returns all H2 sections by title (lowercase) @@ -2479,6 +2322,16 @@ index 000000000000..32849236ed9c + mdString = strings.ReplaceAll(mdString, "\t", " ") + mdString = strings.ReplaceAll(mdString, "https://docs.docker.com", "") + ++ // Rewrite internal links, replacing relative paths with absolute path ++ // e.g. from [docker buildx build](buildx_build.md#build-arg) ++ // to [docker buildx build](/reference/cli/docker/buildx/build/#build-arg) ++ mdString = relativeLink.ReplaceAllStringFunc(mdString, func(link string) string { ++ link = strings.TrimLeft(link, "](./") ++ link = strings.ReplaceAll(link, "_", "/") ++ link = strings.ReplaceAll(link, ".md", "/") ++ return "](/reference/cli/docker/" + link ++ }) ++ + var id string + // replace trailing whitespace per line, and handle custom anchors + lines := strings.Split(mdString, "\n") @@ -10886,7 +10739,7 @@ index 000000000000..3a220e94247d +} diff --git a/vendor/github.com/spf13/cobra/doc/man_docs.go b/vendor/github.com/spf13/cobra/doc/man_docs.go new file mode 100644 -index 000000000000..b8c15ce88543 +index 000000000000..2138f24882b3 --- /dev/null +++ b/vendor/github.com/spf13/cobra/doc/man_docs.go @@ -0,0 +1,246 @@ @@ -11025,7 +10878,7 @@ index 000000000000..b8c15ce88543 + } + header.Date = &now + } -+ header.date = (*header.Date).Format("Jan 2006") ++ header.date = header.Date.Format("Jan 2006") + if header.Source == "" && !disableAutoGen { + header.Source = "Auto generated by spf13/cobra" + } @@ -11138,7 +10991,7 @@ index 000000000000..b8c15ce88543 +} diff --git a/vendor/github.com/spf13/cobra/doc/md_docs.go b/vendor/github.com/spf13/cobra/doc/md_docs.go new file mode 100644 -index 000000000000..f98fe2a3b8f3 +index 000000000000..12592223ba47 --- /dev/null +++ b/vendor/github.com/spf13/cobra/doc/md_docs.go @@ -0,0 +1,158 @@ @@ -11272,7 +11125,7 @@ index 000000000000..f98fe2a3b8f3 + return GenMarkdownTreeCustom(cmd, dir, emptyStr, identity) +} + -+// GenMarkdownTreeCustom is the the same as GenMarkdownTree, but ++// GenMarkdownTreeCustom is the same as GenMarkdownTree, but +// with custom filePrepender and linkHandler. +func GenMarkdownTreeCustom(cmd *cobra.Command, dir string, filePrepender, linkHandler func(string) string) error { + for _, c := range cmd.Commands() { @@ -11302,7 +11155,7 @@ index 000000000000..f98fe2a3b8f3 +} diff --git a/vendor/github.com/spf13/cobra/doc/rest_docs.go b/vendor/github.com/spf13/cobra/doc/rest_docs.go new file mode 100644 -index 000000000000..2cca6fd778de +index 000000000000..c33acc2baa91 --- /dev/null +++ b/vendor/github.com/spf13/cobra/doc/rest_docs.go @@ -0,0 +1,186 @@ @@ -11448,7 +11301,7 @@ index 000000000000..2cca6fd778de + return GenReSTTreeCustom(cmd, dir, emptyStr, defaultLinkHandler) +} + -+// GenReSTTreeCustom is the the same as GenReSTTree, but ++// GenReSTTreeCustom is the same as GenReSTTree, but +// with custom filePrepender and linkHandler. +func GenReSTTreeCustom(cmd *cobra.Command, dir string, filePrepender func(string) string, linkHandler func(string, string) string) error { + for _, c := range cmd.Commands() { @@ -11494,7 +11347,7 @@ index 000000000000..2cca6fd778de +} diff --git a/vendor/github.com/spf13/cobra/doc/util.go b/vendor/github.com/spf13/cobra/doc/util.go new file mode 100644 -index 000000000000..0aaa07a166d8 +index 000000000000..4de4ceee87a3 --- /dev/null +++ b/vendor/github.com/spf13/cobra/doc/util.go @@ -0,0 +1,52 @@ @@ -11540,7 +11393,7 @@ index 000000000000..0aaa07a166d8 +// that do not contain \n. +func forceMultiLine(s string) string { + if len(s) > 60 && !strings.Contains(s, "\n") { -+ s = s + "\n" ++ s += "\n" + } + return s +} @@ -23326,31 +23179,29 @@ index 000000000000..e88f9c54aecb + +} diff --git a/vendor/modules.txt b/vendor/modules.txt -index 4e0448570ce9..577e9de880c6 100644 +index 3e9061a71fd8..5e3df76cc13a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt -@@ -33,12 +33,20 @@ github.com/containerd/log - # github.com/containerd/platforms v0.2.0 +@@ -29,6 +29,10 @@ github.com/containerd/log + # github.com/containerd/platforms v0.2.1 ## explicit; go 1.20 github.com/containerd/platforms -+# github.com/cpuguy83/go-md2man/v2 v2.0.3 ++# github.com/cpuguy83/go-md2man/v2 v2.0.4 +## explicit; go 1.11 +github.com/cpuguy83/go-md2man/v2 +github.com/cpuguy83/go-md2man/v2/md2man # github.com/creack/pty v1.1.21 ## explicit; go 1.13 github.com/creack/pty - # github.com/distribution/reference v0.5.0 - ## explicit; go 1.20 +@@ -37,6 +41,7 @@ github.com/creack/pty github.com/distribution/reference -+# github.com/docker/cli-docs-tool v0.6.0 -+## explicit; go 1.18 + # github.com/docker/cli-docs-tool v0.8.0 + ## explicit; go 1.18 +github.com/docker/cli-docs-tool -+github.com/docker/cli-docs-tool/annotation + github.com/docker/cli-docs-tool/annotation # github.com/docker/distribution v2.8.3+incompatible ## explicit - github.com/docker/distribution -@@ -252,12 +260,16 @@ github.com/prometheus/procfs/internal/util +@@ -263,12 +268,16 @@ github.com/prometheus/procfs/internal/util # github.com/rivo/uniseg v0.2.0 ## explicit; go 1.12 github.com/rivo/uniseg @@ -23360,14 +23211,14 @@ index 4e0448570ce9..577e9de880c6 100644 # github.com/sirupsen/logrus v1.9.3 ## explicit; go 1.13 github.com/sirupsen/logrus - # github.com/spf13/cobra v1.8.0 + # github.com/spf13/cobra v1.8.1 ## explicit; go 1.15 github.com/spf13/cobra +github.com/spf13/cobra/doc # github.com/spf13/pflag v1.0.5 ## explicit; go 1.12 github.com/spf13/pflag -@@ -498,6 +510,9 @@ google.golang.org/protobuf/types/known/wrapperspb +@@ -519,6 +528,9 @@ google.golang.org/protobuf/types/known/wrapperspb # gopkg.in/yaml.v2 v2.4.0 ## explicit; go 1.15 gopkg.in/yaml.v2 @@ -23378,5 +23229,5 @@ index 4e0448570ce9..577e9de880c6 100644 ## explicit; go 1.17 gotest.tools/v3/assert -- -2.45.2 +2.47.1 diff --git a/docker-26.1.5_ce_411e817ddf71.tar.xz b/docker-26.1.5_ce_411e817ddf71.tar.xz deleted file mode 100644 index c522cf5..0000000 --- a/docker-26.1.5_ce_411e817ddf71.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e2d3862e95b45b04830bbce47827e07eceaa41761fa5182bd9b492621cbe8469 -size 9910176 diff --git a/docker-27.4.0_ce_92a83937d028.tar.xz b/docker-27.4.0_ce_92a83937d028.tar.xz new file mode 100644 index 0000000..16361d2 --- /dev/null +++ b/docker-27.4.0_ce_92a83937d028.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5f4650a3e85c7fd3146a98b7ead6c65400734b91fbfe23feb1a33b29a4bee7ff +size 10076776 diff --git a/docker-cli-26.1.5_ce.tar.xz b/docker-cli-26.1.5_ce.tar.xz deleted file mode 100644 index 5fc0e11..0000000 --- a/docker-cli-26.1.5_ce.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3723a617ed00e85117c3de2691e1aec6267020ee49fdb0db72c12981d0d26f9e -size 3972080 diff --git a/docker-cli-27.4.0_ce.tar.xz b/docker-cli-27.4.0_ce.tar.xz new file mode 100644 index 0000000..287e774 --- /dev/null +++ b/docker-cli-27.4.0_ce.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e437ebd8b1ec519cedacb5ad1be8c2419dc56e31d58c13d84850a0699e6609e2 +size 4080352 diff --git a/docker.changes b/docker.changes index ed54c5f..5b1844a 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Fri Dec 13 06:12:25 UTC 2024 - Aleksa Sarai + +- Update to Docker 27.4.0-ce. See upstream changelog online at + +- Rebase patches: + * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch + * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch + * cli-0001-docs-include-required-tools-in-source-tree.patch +- Remove upstreamed patches: + - 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch + - 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch + ------------------------------------------------------------------- Wed Dec 11 10:14:56 UTC 2024 - Aleksa Sarai @@ -6,7 +22,7 @@ Wed Dec 11 10:14:56 UTC 2024 - Aleksa Sarai Some notable changelogs from the last update: * - * + * - Update to Go 1.22. ------------------------------------------------------------------- diff --git a/docker.spec b/docker.spec index 4f69c01..27c06f7 100644 --- a/docker.spec +++ b/docker.spec @@ -51,8 +51,8 @@ %endif # MANUAL: This needs to be updated with every docker update. -%define docker_real_version 26.1.5 -%define docker_git_version 411e817ddf71 +%define docker_real_version 27.4.0 +%define docker_git_version 92a83937d028 %define docker_version %{docker_real_version}_ce # This "nice version" is so that docker --version gives a result that can be # parsed by other people. boo#1182476 @@ -104,11 +104,6 @@ Patch200: 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch Patch201: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch # UPSTREAM: Revert of upstream patches to make apparmor work on SLE 12. Patch202: 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch -# UPSTREAM: Backport of and -# . -Patch203: 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch -# UPSTREAM: Backport of . -Patch204: 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch # UPSTREAM: Backport of . Patch900: cli-0001-docs-include-required-tools-in-source-tree.patch BuildRequires: audit @@ -367,10 +362,6 @@ cp %{SOURCE130} . %patch -P201 -p1 # Solves apparmor issues on SLE-12, but okay for newer SLE versions too. %patch -P202 -p1 -# bsc#1221916 -%patch -P203 -p1 -# bsc#1214855 -%patch -P204 -p1 %build %sysusers_generate_pre %{SOURCE160} %{name} docker.conf @@ -402,8 +393,8 @@ export BUILDTIME="$(date -u -d "@$SOURCE_DATE_EPOCH" --rfc-3339 ns 2>/dev/null | pushd "%{docker_builddir}" # use go module for build -ln -s {vendor,go}.mod -ln -s {vendor,go}.sum +cp {vendor,go}.mod +cp {vendor,go}.sum ./hack/make.sh dynbinary %if %{with integration_tests} @@ -428,8 +419,8 @@ popd pushd "%{cli_builddir}" # use go module for build -ln -s {vendor,go}.mod -ln -s {vendor,go}.sum +cp {vendor,go}.mod +cp {vendor,go}.sum make DISABLE_WARN_OUTSIDE_CONTAINER=1 dynbinary manpages popd