vendor: update docker and fsutil
Brings in fixes for the pattern matcher. Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>master
parent
2f996517bc
commit
76870ee06f
4
go.mod
4
go.mod
|
@ -52,7 +52,7 @@ require (
|
|||
github.com/serialx/hashring v0.0.0-20190422032157-8b2912629002
|
||||
github.com/sirupsen/logrus v1.8.1
|
||||
github.com/stretchr/testify v1.7.0
|
||||
github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0
|
||||
github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274
|
||||
github.com/tonistiigi/go-actions-cache v0.0.0-20211202175116-9642704158ff
|
||||
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea
|
||||
github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f
|
||||
|
@ -124,4 +124,4 @@ require (
|
|||
gotest.tools/v3 v3.0.3 // indirect
|
||||
)
|
||||
|
||||
replace github.com/docker/docker => github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible
|
||||
replace github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible
|
||||
|
|
8
go.sum
8
go.sum
|
@ -440,8 +440,8 @@ github.com/docker/distribution v2.6.0-rc.1.0.20180327202408-83389a148052+incompa
|
|||
github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
|
||||
github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
|
||||
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
|
||||
github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible h1:gUm2bOLaaAPkV1z4te7ahrXTWyA+PNNWroISSOttSgU=
|
||||
github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible h1:IDzw9qR4h7PF3aEriDajLKrkvc3owPWHasPKUEliWUE=
|
||||
github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
|
||||
github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
|
||||
github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
|
||||
github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
|
||||
|
@ -1230,8 +1230,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1
|
|||
github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig=
|
||||
github.com/tommy-muehle/go-mnd v1.3.1-0.20200224220436-e6f9a994e8fa/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig=
|
||||
github.com/tonistiigi/fsutil v0.0.0-20201103201449-0834f99b7b85/go.mod h1:a7cilN64dG941IOXfhJhlH0qB92hxJ9A1ewrdUmJ6xo=
|
||||
github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0 h1:1s9pEdOzN6AuOsBXKpAoSVupUDsGx2v6Fee/hIto8Vg=
|
||||
github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0/go.mod h1:oPAfvw32vlUJSjyDcQ3Bu0nb2ON2B+G0dtVN/SZNJiA=
|
||||
github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274 h1:wbyZxD6IPFp0sl5uscMOJRsz5UKGFiNiD16e+MVfKZY=
|
||||
github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274/go.mod h1:oPAfvw32vlUJSjyDcQ3Bu0nb2ON2B+G0dtVN/SZNJiA=
|
||||
github.com/tonistiigi/go-actions-cache v0.0.0-20211202175116-9642704158ff h1:n8i1G5sBFmY8aDteg5Kf2rdU15KnFcS807QrYRM9/yQ=
|
||||
github.com/tonistiigi/go-actions-cache v0.0.0-20211202175116-9642704158ff/go.mod h1:qqvyZqkfwkoJuPU/bw61bItaoO0SJ8YSW0vSVRRvsRg=
|
||||
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea h1:SXhTLE6pb6eld/v/cCndK0AMpt1wiVFb/YYmqB3/QG0=
|
||||
|
|
|
@ -8782,12 +8782,20 @@ paths:
|
|||
if `tty` was specified as part of creating and starting the exec instance.
|
||||
operationId: "ExecResize"
|
||||
responses:
|
||||
201:
|
||||
200:
|
||||
description: "No error"
|
||||
400:
|
||||
description: "bad parameter"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
404:
|
||||
description: "No such exec instance"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
500:
|
||||
description: "Server error"
|
||||
schema:
|
||||
$ref: "#/definitions/ErrorResponse"
|
||||
parameters:
|
||||
- name: "id"
|
||||
in: "path"
|
||||
|
|
|
@ -285,12 +285,23 @@ func (pm *PatternMatcher) Patterns() []*Pattern {
|
|||
|
||||
// Pattern defines a single regexp used to filter file paths.
|
||||
type Pattern struct {
|
||||
matchType matchType
|
||||
cleanedPattern string
|
||||
dirs []string
|
||||
regexp *regexp.Regexp
|
||||
exclusion bool
|
||||
}
|
||||
|
||||
type matchType int
|
||||
|
||||
const (
|
||||
unknownMatch matchType = iota
|
||||
exactMatch
|
||||
prefixMatch
|
||||
suffixMatch
|
||||
regexpMatch
|
||||
)
|
||||
|
||||
func (p *Pattern) String() string {
|
||||
return p.cleanedPattern
|
||||
}
|
||||
|
@ -301,18 +312,34 @@ func (p *Pattern) Exclusion() bool {
|
|||
}
|
||||
|
||||
func (p *Pattern) match(path string) (bool, error) {
|
||||
if p.regexp == nil {
|
||||
if err := p.compile(); err != nil {
|
||||
if p.matchType == unknownMatch {
|
||||
if err := p.compile(string(os.PathSeparator)); err != nil {
|
||||
return false, filepath.ErrBadPattern
|
||||
}
|
||||
}
|
||||
|
||||
b := p.regexp.MatchString(path)
|
||||
switch p.matchType {
|
||||
case exactMatch:
|
||||
return path == p.cleanedPattern, nil
|
||||
case prefixMatch:
|
||||
// strip trailing **
|
||||
return strings.HasPrefix(path, p.cleanedPattern[:len(p.cleanedPattern)-2]), nil
|
||||
case suffixMatch:
|
||||
// strip leading **
|
||||
suffix := p.cleanedPattern[2:]
|
||||
if strings.HasSuffix(path, suffix) {
|
||||
return true, nil
|
||||
}
|
||||
// **/foo matches "foo"
|
||||
return suffix[0] == os.PathSeparator && path == suffix[1:], nil
|
||||
case regexpMatch:
|
||||
return p.regexp.MatchString(path), nil
|
||||
}
|
||||
|
||||
return b, nil
|
||||
return false, nil
|
||||
}
|
||||
|
||||
func (p *Pattern) compile() error {
|
||||
func (p *Pattern) compile(sl string) error {
|
||||
regStr := "^"
|
||||
pattern := p.cleanedPattern
|
||||
// Go through the pattern and convert it to a regexp.
|
||||
|
@ -320,13 +347,13 @@ func (p *Pattern) compile() error {
|
|||
var scan scanner.Scanner
|
||||
scan.Init(strings.NewReader(pattern))
|
||||
|
||||
sl := string(os.PathSeparator)
|
||||
escSL := sl
|
||||
if sl == `\` {
|
||||
escSL += `\`
|
||||
}
|
||||
|
||||
for scan.Peek() != scanner.EOF {
|
||||
p.matchType = exactMatch
|
||||
for i := 0; scan.Peek() != scanner.EOF; i++ {
|
||||
ch := scan.Next()
|
||||
|
||||
if ch == '*' {
|
||||
|
@ -341,20 +368,32 @@ func (p *Pattern) compile() error {
|
|||
|
||||
if scan.Peek() == scanner.EOF {
|
||||
// is "**EOF" - to align with .gitignore just accept all
|
||||
if p.matchType == exactMatch {
|
||||
p.matchType = prefixMatch
|
||||
} else {
|
||||
regStr += ".*"
|
||||
p.matchType = regexpMatch
|
||||
}
|
||||
} else {
|
||||
// is "**"
|
||||
// Note that this allows for any # of /'s (even 0) because
|
||||
// the .* will eat everything, even /'s
|
||||
regStr += "(.*" + escSL + ")?"
|
||||
p.matchType = regexpMatch
|
||||
}
|
||||
|
||||
if i == 0 {
|
||||
p.matchType = suffixMatch
|
||||
}
|
||||
} else {
|
||||
// is "*" so map it to anything but "/"
|
||||
regStr += "[^" + escSL + "]*"
|
||||
p.matchType = regexpMatch
|
||||
}
|
||||
} else if ch == '?' {
|
||||
// "?" is any char except "/"
|
||||
regStr += "[^" + escSL + "]"
|
||||
p.matchType = regexpMatch
|
||||
} else if shouldEscape(ch) {
|
||||
// Escape some regexp special chars that have no meaning
|
||||
// in golang's filepath.Match
|
||||
|
@ -371,14 +410,22 @@ func (p *Pattern) compile() error {
|
|||
}
|
||||
if scan.Peek() != scanner.EOF {
|
||||
regStr += `\` + string(scan.Next())
|
||||
p.matchType = regexpMatch
|
||||
} else {
|
||||
regStr += `\`
|
||||
}
|
||||
} else if ch == '[' || ch == ']' {
|
||||
regStr += string(ch)
|
||||
p.matchType = regexpMatch
|
||||
} else {
|
||||
regStr += string(ch)
|
||||
}
|
||||
}
|
||||
|
||||
if p.matchType != regexpMatch {
|
||||
return nil
|
||||
}
|
||||
|
||||
regStr += "$"
|
||||
|
||||
re, err := regexp.Compile(regStr)
|
||||
|
@ -387,6 +434,7 @@ func (p *Pattern) compile() error {
|
|||
}
|
||||
|
||||
p.regexp = re
|
||||
p.matchType = regexpMatch
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
//go:build !freebsd && !windows
|
||||
// +build !freebsd,!windows
|
||||
|
||||
package system // import "github.com/docker/docker/pkg/system"
|
||||
|
||||
import (
|
|
@ -474,7 +474,8 @@
|
|||
},
|
||||
{
|
||||
"names": [
|
||||
"sync_file_range2"
|
||||
"sync_file_range2",
|
||||
"swapcontext"
|
||||
],
|
||||
"action": "SCMP_ACT_ALLOW",
|
||||
"includes": {
|
||||
|
|
|
@ -474,6 +474,7 @@ func DefaultProfile() *Seccomp {
|
|||
LinuxSyscall: specs.LinuxSyscall{
|
||||
Names: []string{
|
||||
"sync_file_range2",
|
||||
"swapcontext",
|
||||
},
|
||||
Action: specs.ActAllow,
|
||||
},
|
||||
|
|
|
@ -55,18 +55,41 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
|
|||
includePatterns = dedupePaths(includePatterns)
|
||||
}
|
||||
}
|
||||
|
||||
patternChars := "*[]?^"
|
||||
if os.PathSeparator != '\\' {
|
||||
patternChars += `\`
|
||||
}
|
||||
|
||||
onlyPrefixIncludes := true
|
||||
if len(includePatterns) != 0 {
|
||||
includeMatcher, err = fileutils.NewPatternMatcher(includePatterns)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "invalid includepatterns: %s", opt.IncludePatterns)
|
||||
}
|
||||
|
||||
for _, p := range includeMatcher.Patterns() {
|
||||
if !p.Exclusion() && strings.ContainsAny(patternWithoutTrailingGlob(p), patternChars) {
|
||||
onlyPrefixIncludes = false
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
onlyPrefixExcludeExceptions := true
|
||||
if opt != nil && opt.ExcludePatterns != nil {
|
||||
excludeMatcher, err = fileutils.NewPatternMatcher(opt.ExcludePatterns)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "invalid excludepatterns: %s", opt.ExcludePatterns)
|
||||
}
|
||||
|
||||
for _, p := range excludeMatcher.Patterns() {
|
||||
if p.Exclusion() && strings.ContainsAny(patternWithoutTrailingGlob(p), patternChars) {
|
||||
onlyPrefixExcludeExceptions = false
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
type visitedDir struct {
|
||||
|
@ -83,15 +106,12 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
|
|||
var parentDirs []visitedDir
|
||||
|
||||
seenFiles := make(map[uint64]string)
|
||||
return filepath.Walk(root, func(path string, fi os.FileInfo, err error) (retErr error) {
|
||||
return filepath.Walk(root, func(path string, fi os.FileInfo, walkErr error) (retErr error) {
|
||||
defer func() {
|
||||
if retErr != nil && isNotExist(retErr) {
|
||||
retErr = filepath.SkipDir
|
||||
}
|
||||
}()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
origpath := path
|
||||
path, err = filepath.Rel(root, path)
|
||||
|
@ -141,6 +161,22 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
|
|||
}
|
||||
|
||||
if !m {
|
||||
if fi.IsDir() && onlyPrefixIncludes {
|
||||
// Optimization: we can skip walking this dir if no include
|
||||
// patterns could match anything inside it.
|
||||
dirSlash := path + string(filepath.Separator)
|
||||
for _, pat := range includeMatcher.Patterns() {
|
||||
if pat.Exclusion() {
|
||||
continue
|
||||
}
|
||||
patStr := patternWithoutTrailingGlob(pat) + string(filepath.Separator)
|
||||
if strings.HasPrefix(patStr, dirSlash) {
|
||||
goto passedIncludeFilter
|
||||
}
|
||||
}
|
||||
return filepath.SkipDir
|
||||
}
|
||||
passedIncludeFilter:
|
||||
skip = true
|
||||
}
|
||||
}
|
||||
|
@ -160,13 +196,38 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
|
|||
}
|
||||
|
||||
if m {
|
||||
if fi.IsDir() && !excludeMatcher.Exclusions() {
|
||||
if fi.IsDir() && onlyPrefixExcludeExceptions {
|
||||
// Optimization: we can skip walking this dir if no
|
||||
// exceptions to exclude patterns could match anything
|
||||
// inside it.
|
||||
if !excludeMatcher.Exclusions() {
|
||||
return filepath.SkipDir
|
||||
}
|
||||
|
||||
dirSlash := path + string(filepath.Separator)
|
||||
for _, pat := range excludeMatcher.Patterns() {
|
||||
if !pat.Exclusion() {
|
||||
continue
|
||||
}
|
||||
patStr := patternWithoutTrailingGlob(pat) + string(filepath.Separator)
|
||||
if strings.HasPrefix(patStr, dirSlash) {
|
||||
goto passedExcludeFilter
|
||||
}
|
||||
}
|
||||
return filepath.SkipDir
|
||||
}
|
||||
passedExcludeFilter:
|
||||
skip = true
|
||||
}
|
||||
}
|
||||
|
||||
if walkErr != nil {
|
||||
if skip && errors.Is(walkErr, os.ErrPermission) {
|
||||
return nil
|
||||
}
|
||||
return walkErr
|
||||
}
|
||||
|
||||
if includeMatcher != nil || excludeMatcher != nil {
|
||||
defer func() {
|
||||
if fi.IsDir() {
|
||||
|
@ -228,6 +289,16 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
|
|||
})
|
||||
}
|
||||
|
||||
func patternWithoutTrailingGlob(p *fileutils.Pattern) string {
|
||||
patStr := p.String()
|
||||
// We use filepath.Separator here because fileutils.Pattern patterns
|
||||
// get transformed to use the native path separator:
|
||||
// https://github.com/moby/moby/blob/79651b7a979b40e26af353ad283ca7ea5d67a855/pkg/fileutils/fileutils.go#L54
|
||||
patStr = strings.TrimSuffix(patStr, string(filepath.Separator)+"**")
|
||||
patStr = strings.TrimSuffix(patStr, string(filepath.Separator)+"*")
|
||||
return patStr
|
||||
}
|
||||
|
||||
type StatInfo struct {
|
||||
*types.Stat
|
||||
}
|
||||
|
|
|
@ -219,7 +219,7 @@ github.com/docker/cli/cli/connhelper/commandconn
|
|||
github.com/docker/distribution/digestset
|
||||
github.com/docker/distribution/reference
|
||||
github.com/docker/distribution/registry/api/errcode
|
||||
# github.com/docker/docker v20.10.7+incompatible => github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible
|
||||
# github.com/docker/docker v20.10.7+incompatible => github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible
|
||||
## explicit
|
||||
github.com/docker/docker/api
|
||||
github.com/docker/docker/api/types
|
||||
|
@ -466,7 +466,7 @@ github.com/sirupsen/logrus
|
|||
## explicit; go 1.13
|
||||
github.com/stretchr/testify/assert
|
||||
github.com/stretchr/testify/require
|
||||
# github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0
|
||||
# github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274
|
||||
## explicit; go 1.13
|
||||
github.com/tonistiigi/fsutil
|
||||
github.com/tonistiigi/fsutil/copy
|
||||
|
@ -716,4 +716,4 @@ gotest.tools/v3/internal/difflib
|
|||
gotest.tools/v3/internal/format
|
||||
gotest.tools/v3/internal/source
|
||||
gotest.tools/v3/poll
|
||||
# github.com/docker/docker => github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible
|
||||
# github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible
|
||||
|
|
Loading…
Reference in New Issue