Move the exported `Command` to a platform-agnostic file, and un-export
the platform-specific implementations. This allows us to maintain the
GoDoc in a single place, describing platform-specific differences where
needed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The reexec package originally was platform-agnostic, but gained some
Linux-specific handling in 1cb17f03d0.
When Windows support was implemented in Docker, the pkg/reexec package
was adjusted accordingly in 64715c4f33,
which now made the package with with either Linux or Windows, with various
other platforms (freebsd, solaris, darwin) being added back in separate
changes.
Based on the history above, this package should be platform-agnostic, except
for Linux-specific changes introduced in 1cb17f03d0
and 5aee8807a6.
This patch:
- removes the stub-implementation to make it functional on other platforms.
- renames the files for consistency
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Also use a slightly different name, because "reexec" is used so
widely as term in this package, making it somewhat confusing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The netfilter module is now loaded on-demand, and no longer during daemon
startup, making these fields obsolete. These fields are now always `false`
and will be removed in the next relase.
This patch deprecates:
- the `BridgeNfIptables` field in `api/types/system.Info`
- the `BridgeNfIp6tables` field in `api/types/system.Info`
- the `BridgeNFCallIPTablesDisabled` field in `pkg/sysinfo.SysInfo`
- the `BridgeNFCallIP6TablesDisabled` field in `pkg/sysinfo.SysInfo`
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These types and functions are only used internally (through pkg/archive).
Deprecate them, and mark them for removal.
This deprecates the `Lstat()`, `Mkdev()`, `Mknod()`, `FromStatT()`
and `Stat()` functions, and related `StatT` type.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
There were a handful of direct checks against errors.Is that can be
translated to assert.ErrorIs without too much thought. Unfortunately
there are a load of other examples where ErrorIs probably makes sense
but would require testing whether this subtly breaks the test.
These transformations were done by hand.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
If we have an error type that we're checking a substring against, we
should really be checking using ErrorContains to indicate the right
semantics to assert.
Mostly done using these transforms:
find . -type f -name "*_test.go" | \
xargs gofmt -w -r 'assert.Assert(t, is.ErrorContains(e, s)) -> assert.ErrorContains(t, e, s)'
find . -type f -name "*_test.go" | \
xargs gofmt -w -r 'assert.Assert(t, is.Contains(err.Error(), s)) -> assert.ErrorContains(t, err, s)'
find . -type f -name "*_test.go" | \
xargs gofmt -w -r 'assert.Check(t, is.Contains(err.Error(), s)) -> assert.Check(t, is.ErrorContains(err, s))'
As well as some small fixups to helpers that were doing
strings.Contains explicitly.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Functions in this package are only used internally in the daemon for
the `/info` endpoint (Architecture), and as part of `stats` (NumProcs).
I was not able to find external consumers, but deprecating the package
first, so that we can remove / dismantle the package in a follow-up.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
pkg/idtools/idtools_unix_test.go:188:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
pkg/archive/archive_test.go:820:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
pkg/plugins/client_test.go:108:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
pkg/plugins/client_test.go:132:3: The copy of the 'for' variable "tc" can be deleted (Go 1.22+) (copyloopvar)
tc := tc
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The alias is not needed as the package is already named `units`.
It was also not aliases consistently across the project.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
govet produces this linting warning because the Plugin types that are
compared contain a activateErr field. This should be fine to ignore here.
pkg/plugins/discovery_unix_test.go:48:7: deepequalerrors: avoid using reflect.DeepEqual with errors (govet)
if !reflect.DeepEqual(p, pp) {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
pkg/plugins/plugins.go:231:6: shadow: declaration of "pl" shadows declaration at line 214 (govet)
if pl, exists := storage.plugins[name]; exists {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Not a real issue for tests, but easy to fix;
pkg/authorization/authz_unix_test.go:387:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This package was deprecated in 3a3bb1cb50,
and moved internally. The deprecation was backported to v27.1.0 through
d1ea2b1fec, so this package can be removed
for v28.0.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
GenerateRandomID has a check to verify if the generated ID was numeric. This
check was added because a container's short-ID is used as default hostname for
containers, which isn't allowed to be consisting of only numbers (see [moby#3869]
and https://bugzilla.redhat.com/show_bug.cgi?id=1059122.
Producing an random ID with only numbers is a rare corner-case, but the check
would always be executed and wasn't optimized.
This patch applies some optimizations:
- The code was using `strconv.ParseUInt`, which has additional checks for
signs ("+" or "-"); `hex.EncodeToString` would never produce these, so
we can use `strconv.ParseInt` instead (which doesn't have these checks).
- The code was using `TruncateID(id)` to get the short-ID. The `TruncateID`
function is designed to also handle digests, and for that checks for
the given ID to contain colons (`:`), which it would split to remove
the algorithm (`sha256:`) before truncating to the short-ID length.
That check wasn't needed either, because those would not be produced
by `hex.EncodeToString`, so instead, we can just truncate the ID.
- Finally, all we _really_ need to check for is if the ID consists of only
numeric characters (`0-9`) so, let's do just that; if any non-numeric
value is found, the ID is valid, and we can terminate the loop.
I did some basic benchmark to compare all of the above in isolation;
- BenchmarkParseInt: `strconv.ParseInt(TruncateID(id), 10, 64)`
- BenchmarkParseUInt: `strconv.ParseUint(TruncateID(id), 10, 64)`
- BenchmarkParseUIntNoTrunc: `strconv.ParseUint(id[:shortLen], 10, 64)`
- BenchmarkAllNum: `allNum(id[:shortLen])`
Results of the above:
BenchmarkParseInt-10 1713937 691.0 ns/op 480 B/op 18 allocs/op
BenchmarkParseIntNoTrunc-10 3385483 356.1 ns/op 480 B/op 18 allocs/op
BenchmarkParseUInt-10 2112538 567.7 ns/op 384 B/op 12 allocs/op
BenchmarkParseUIntNoTrunc-10 4325847 266.7 ns/op 384 B/op 12 allocs/op
BenchmarkAllNum-10 77277264 15.29 ns/op 0 B/op 0 allocs/op
Difference for `GenerateRandomID` as a whole is less dramatic, as in most
cases `ParseInt` would bail out early, but still saves some allocations, and
performance is ~14% better:
BenchmarkGenerateRandomID-10 2807764 424.5 ns/op 240 B/op 6 allocs/op
BenchmarkGenerateRandomIDNew-10 3288866 366.6 ns/op 160 B/op 3 allocs/op
[moby#3869]: https://github.com/moby/moby/issues/3869
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were deprecated in 7ce1edd7c6, which
is part of v27.0.0. Move them to a test-file as they were only used for
tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These tests were named confusingly as they're testing `TruncateID`.
While renaming, let's also combine them into a single test using
a test-table, so that the test-cases can carry some description
what they're testing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- `IsShortID` was deprecated in 2100a70741
- `ValidateID` was deprecated in e19e6cf7f4
Both are part of 27.0, so we can remove these.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- increase mock handler processing time to 50ms to try to prevent it from finishing before the 10ms client timeout occurs
- replace deprecated error type assertion
Signed-off-by: Adam Simon <adamsimon85100@gmail.com>
