vendor: update docker and fsutil

Brings in fixes for the pattern matcher.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
master
Tonis Tiigi 2022-02-11 22:17:22 -08:00
parent 2f996517bc
commit 76870ee06f
9 changed files with 156 additions and 24 deletions

4
go.mod
View File

@ -52,7 +52,7 @@ require (
github.com/serialx/hashring v0.0.0-20190422032157-8b2912629002
github.com/sirupsen/logrus v1.8.1
github.com/stretchr/testify v1.7.0
github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0
github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274
github.com/tonistiigi/go-actions-cache v0.0.0-20211202175116-9642704158ff
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea
github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f
@ -124,4 +124,4 @@ require (
gotest.tools/v3 v3.0.3 // indirect
)
replace github.com/docker/docker => github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible
replace github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible

8
go.sum
View File

@ -440,8 +440,8 @@ github.com/docker/distribution v2.6.0-rc.1.0.20180327202408-83389a148052+incompa
github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible h1:gUm2bOLaaAPkV1z4te7ahrXTWyA+PNNWroISSOttSgU=
github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible h1:IDzw9qR4h7PF3aEriDajLKrkvc3owPWHasPKUEliWUE=
github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
@ -1230,8 +1230,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1
github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig=
github.com/tommy-muehle/go-mnd v1.3.1-0.20200224220436-e6f9a994e8fa/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig=
github.com/tonistiigi/fsutil v0.0.0-20201103201449-0834f99b7b85/go.mod h1:a7cilN64dG941IOXfhJhlH0qB92hxJ9A1ewrdUmJ6xo=
github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0 h1:1s9pEdOzN6AuOsBXKpAoSVupUDsGx2v6Fee/hIto8Vg=
github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0/go.mod h1:oPAfvw32vlUJSjyDcQ3Bu0nb2ON2B+G0dtVN/SZNJiA=
github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274 h1:wbyZxD6IPFp0sl5uscMOJRsz5UKGFiNiD16e+MVfKZY=
github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274/go.mod h1:oPAfvw32vlUJSjyDcQ3Bu0nb2ON2B+G0dtVN/SZNJiA=
github.com/tonistiigi/go-actions-cache v0.0.0-20211202175116-9642704158ff h1:n8i1G5sBFmY8aDteg5Kf2rdU15KnFcS807QrYRM9/yQ=
github.com/tonistiigi/go-actions-cache v0.0.0-20211202175116-9642704158ff/go.mod h1:qqvyZqkfwkoJuPU/bw61bItaoO0SJ8YSW0vSVRRvsRg=
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea h1:SXhTLE6pb6eld/v/cCndK0AMpt1wiVFb/YYmqB3/QG0=

View File

@ -8782,12 +8782,20 @@ paths:
if `tty` was specified as part of creating and starting the exec instance.
operationId: "ExecResize"
responses:
201:
200:
description: "No error"
400:
description: "bad parameter"
schema:
$ref: "#/definitions/ErrorResponse"
404:
description: "No such exec instance"
schema:
$ref: "#/definitions/ErrorResponse"
500:
description: "Server error"
schema:
$ref: "#/definitions/ErrorResponse"
parameters:
- name: "id"
in: "path"

View File

@ -285,12 +285,23 @@ func (pm *PatternMatcher) Patterns() []*Pattern {
// Pattern defines a single regexp used to filter file paths.
type Pattern struct {
matchType matchType
cleanedPattern string
dirs []string
regexp *regexp.Regexp
exclusion bool
}
type matchType int
const (
unknownMatch matchType = iota
exactMatch
prefixMatch
suffixMatch
regexpMatch
)
func (p *Pattern) String() string {
return p.cleanedPattern
}
@ -301,18 +312,34 @@ func (p *Pattern) Exclusion() bool {
}
func (p *Pattern) match(path string) (bool, error) {
if p.regexp == nil {
if err := p.compile(); err != nil {
if p.matchType == unknownMatch {
if err := p.compile(string(os.PathSeparator)); err != nil {
return false, filepath.ErrBadPattern
}
}
b := p.regexp.MatchString(path)
switch p.matchType {
case exactMatch:
return path == p.cleanedPattern, nil
case prefixMatch:
// strip trailing **
return strings.HasPrefix(path, p.cleanedPattern[:len(p.cleanedPattern)-2]), nil
case suffixMatch:
// strip leading **
suffix := p.cleanedPattern[2:]
if strings.HasSuffix(path, suffix) {
return true, nil
}
// **/foo matches "foo"
return suffix[0] == os.PathSeparator && path == suffix[1:], nil
case regexpMatch:
return p.regexp.MatchString(path), nil
}
return b, nil
return false, nil
}
func (p *Pattern) compile() error {
func (p *Pattern) compile(sl string) error {
regStr := "^"
pattern := p.cleanedPattern
// Go through the pattern and convert it to a regexp.
@ -320,13 +347,13 @@ func (p *Pattern) compile() error {
var scan scanner.Scanner
scan.Init(strings.NewReader(pattern))
sl := string(os.PathSeparator)
escSL := sl
if sl == `\` {
escSL += `\`
}
for scan.Peek() != scanner.EOF {
p.matchType = exactMatch
for i := 0; scan.Peek() != scanner.EOF; i++ {
ch := scan.Next()
if ch == '*' {
@ -341,20 +368,32 @@ func (p *Pattern) compile() error {
if scan.Peek() == scanner.EOF {
// is "**EOF" - to align with .gitignore just accept all
if p.matchType == exactMatch {
p.matchType = prefixMatch
} else {
regStr += ".*"
p.matchType = regexpMatch
}
} else {
// is "**"
// Note that this allows for any # of /'s (even 0) because
// the .* will eat everything, even /'s
regStr += "(.*" + escSL + ")?"
p.matchType = regexpMatch
}
if i == 0 {
p.matchType = suffixMatch
}
} else {
// is "*" so map it to anything but "/"
regStr += "[^" + escSL + "]*"
p.matchType = regexpMatch
}
} else if ch == '?' {
// "?" is any char except "/"
regStr += "[^" + escSL + "]"
p.matchType = regexpMatch
} else if shouldEscape(ch) {
// Escape some regexp special chars that have no meaning
// in golang's filepath.Match
@ -371,14 +410,22 @@ func (p *Pattern) compile() error {
}
if scan.Peek() != scanner.EOF {
regStr += `\` + string(scan.Next())
p.matchType = regexpMatch
} else {
regStr += `\`
}
} else if ch == '[' || ch == ']' {
regStr += string(ch)
p.matchType = regexpMatch
} else {
regStr += string(ch)
}
}
if p.matchType != regexpMatch {
return nil
}
regStr += "$"
re, err := regexp.Compile(regStr)
@ -387,6 +434,7 @@ func (p *Pattern) compile() error {
}
p.regexp = re
p.matchType = regexpMatch
return nil
}

View File

@ -1,3 +1,6 @@
//go:build !freebsd && !windows
// +build !freebsd,!windows
package system // import "github.com/docker/docker/pkg/system"
import (

View File

@ -474,7 +474,8 @@
},
{
"names": [
"sync_file_range2"
"sync_file_range2",
"swapcontext"
],
"action": "SCMP_ACT_ALLOW",
"includes": {

View File

@ -474,6 +474,7 @@ func DefaultProfile() *Seccomp {
LinuxSyscall: specs.LinuxSyscall{
Names: []string{
"sync_file_range2",
"swapcontext",
},
Action: specs.ActAllow,
},

View File

@ -55,18 +55,41 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
includePatterns = dedupePaths(includePatterns)
}
}
patternChars := "*[]?^"
if os.PathSeparator != '\\' {
patternChars += `\`
}
onlyPrefixIncludes := true
if len(includePatterns) != 0 {
includeMatcher, err = fileutils.NewPatternMatcher(includePatterns)
if err != nil {
return errors.Wrapf(err, "invalid includepatterns: %s", opt.IncludePatterns)
}
for _, p := range includeMatcher.Patterns() {
if !p.Exclusion() && strings.ContainsAny(patternWithoutTrailingGlob(p), patternChars) {
onlyPrefixIncludes = false
break
}
}
}
onlyPrefixExcludeExceptions := true
if opt != nil && opt.ExcludePatterns != nil {
excludeMatcher, err = fileutils.NewPatternMatcher(opt.ExcludePatterns)
if err != nil {
return errors.Wrapf(err, "invalid excludepatterns: %s", opt.ExcludePatterns)
}
for _, p := range excludeMatcher.Patterns() {
if p.Exclusion() && strings.ContainsAny(patternWithoutTrailingGlob(p), patternChars) {
onlyPrefixExcludeExceptions = false
break
}
}
}
type visitedDir struct {
@ -83,15 +106,12 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
var parentDirs []visitedDir
seenFiles := make(map[uint64]string)
return filepath.Walk(root, func(path string, fi os.FileInfo, err error) (retErr error) {
return filepath.Walk(root, func(path string, fi os.FileInfo, walkErr error) (retErr error) {
defer func() {
if retErr != nil && isNotExist(retErr) {
retErr = filepath.SkipDir
}
}()
if err != nil {
return err
}
origpath := path
path, err = filepath.Rel(root, path)
@ -141,6 +161,22 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
}
if !m {
if fi.IsDir() && onlyPrefixIncludes {
// Optimization: we can skip walking this dir if no include
// patterns could match anything inside it.
dirSlash := path + string(filepath.Separator)
for _, pat := range includeMatcher.Patterns() {
if pat.Exclusion() {
continue
}
patStr := patternWithoutTrailingGlob(pat) + string(filepath.Separator)
if strings.HasPrefix(patStr, dirSlash) {
goto passedIncludeFilter
}
}
return filepath.SkipDir
}
passedIncludeFilter:
skip = true
}
}
@ -160,13 +196,38 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
}
if m {
if fi.IsDir() && !excludeMatcher.Exclusions() {
if fi.IsDir() && onlyPrefixExcludeExceptions {
// Optimization: we can skip walking this dir if no
// exceptions to exclude patterns could match anything
// inside it.
if !excludeMatcher.Exclusions() {
return filepath.SkipDir
}
dirSlash := path + string(filepath.Separator)
for _, pat := range excludeMatcher.Patterns() {
if !pat.Exclusion() {
continue
}
patStr := patternWithoutTrailingGlob(pat) + string(filepath.Separator)
if strings.HasPrefix(patStr, dirSlash) {
goto passedExcludeFilter
}
}
return filepath.SkipDir
}
passedExcludeFilter:
skip = true
}
}
if walkErr != nil {
if skip && errors.Is(walkErr, os.ErrPermission) {
return nil
}
return walkErr
}
if includeMatcher != nil || excludeMatcher != nil {
defer func() {
if fi.IsDir() {
@ -228,6 +289,16 @@ func Walk(ctx context.Context, p string, opt *WalkOpt, fn filepath.WalkFunc) err
})
}
func patternWithoutTrailingGlob(p *fileutils.Pattern) string {
patStr := p.String()
// We use filepath.Separator here because fileutils.Pattern patterns
// get transformed to use the native path separator:
// https://github.com/moby/moby/blob/79651b7a979b40e26af353ad283ca7ea5d67a855/pkg/fileutils/fileutils.go#L54
patStr = strings.TrimSuffix(patStr, string(filepath.Separator)+"**")
patStr = strings.TrimSuffix(patStr, string(filepath.Separator)+"*")
return patStr
}
type StatInfo struct {
*types.Stat
}

6
vendor/modules.txt vendored
View File

@ -219,7 +219,7 @@ github.com/docker/cli/cli/connhelper/commandconn
github.com/docker/distribution/digestset
github.com/docker/distribution/reference
github.com/docker/distribution/registry/api/errcode
# github.com/docker/docker v20.10.7+incompatible => github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible
# github.com/docker/docker v20.10.7+incompatible => github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible
## explicit
github.com/docker/docker/api
github.com/docker/docker/api/types
@ -466,7 +466,7 @@ github.com/sirupsen/logrus
## explicit; go 1.13
github.com/stretchr/testify/assert
github.com/stretchr/testify/require
# github.com/tonistiigi/fsutil v0.0.0-20211208180946-61a57076b9b0
# github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274
## explicit; go 1.13
github.com/tonistiigi/fsutil
github.com/tonistiigi/fsutil/copy
@ -716,4 +716,4 @@ gotest.tools/v3/internal/difflib
gotest.tools/v3/internal/format
gotest.tools/v3/internal/source
gotest.tools/v3/poll
# github.com/docker/docker => github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible
# github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220121014307-40bb9831756f+incompatible