diff --git a/Makefile.kube_git.var b/Makefile.kube_git.var index 63cb458e59..bddd5c16f5 100644 --- a/Makefile.kube_git.var +++ b/Makefile.kube_git.var @@ -1,5 +1,5 @@ KUBE_GIT_MAJOR=1 KUBE_GIT_MINOR=26 KUBE_GIT_VERSION=v1.26.0 -KUBE_GIT_COMMIT=0c79814882f4a4b842fbeab001c9f92f9de9a9b9 +KUBE_GIT_COMMIT=19816eefa6829861687df6dfe573708756c464cc KUBE_GIT_TREE_STATE=clean diff --git a/Makefile.version.aarch64.var b/Makefile.version.aarch64.var index c2642c097e..fc3d3df035 100644 --- a/Makefile.version.aarch64.var +++ b/Makefile.version.aarch64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-14-004314 +OCP_VERSION := 4.13.0-0.nightly-arm64-2023-04-15-102028 diff --git a/Makefile.version.x86_64.var b/Makefile.version.x86_64.var index 4b7108c00f..bb064cd20a 100644 --- a/Makefile.version.x86_64.var +++ b/Makefile.version.x86_64.var @@ -1 +1 @@ -OCP_VERSION := 4.13.0-0.nightly-2023-04-13-171034 +OCP_VERSION := 4.13.0-0.nightly-2023-04-15-102029 diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 3a2210835b..ae949a3574 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-arm64-2023-04-14-004314" + "base": "4.13.0-0.nightly-arm64-2023-04-15-102028" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd2e1c6dccbf1bfda3653b83eb0d34c84662c74565f7e070bbfcddf9e21f10c3", @@ -8,8 +8,8 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ff50d1404acb73df1971fe174067e00a77a4073daa2be37428e7573306bba0a6", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:45262e0f012c6164200943a0505748103c23ae1559cc79fb404a6804e4a416c9", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b24b0ec97126bbf992d4a751e5656a22d818b94627c4db1c7d277222b8747dc1", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d60020ba7b93e91fd6d120676db79bf19cd3eb7ba2bf304c533e38b525f194cf", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2d200033f00b93660ccd079602f350c987b42a97e3ab16bed775d4ab9c85fb93", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:58e9a75e28c4cf26f879bbb66c2273c3fc2a68b7bfc4d2dd1699a37674b78f51", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e035535d64ed631d7faa889f16dc3b2162d088ba48defe9cd0d44fda71863a91", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 7cdd5cfe46..331aef7525 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.13.0-0.nightly-2023-04-13-171034" + "base": "4.13.0-0.nightly-2023-04-15-102029" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:bd9969cec172266143b779e4fb7b4130ed89435bd95fb7682747aeae13065ee6", @@ -8,8 +8,8 @@ "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5965979168568e6f4b6a79d195c4002941be7e7a250f9510e8e05c1d1deb68eb", "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7b63259b7d82bf64968d77c9222ee87911105aa7a971e7b0740b551ab5b3527b", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:24da6891ed61d7172edc821275691303d48bb6d3287ecb27a43fed1f912e53d0", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d7e84209164964e4f72d957fa7813529ea00656e2cd680457a23a0b4ef951cca", + "ovn-kubernetes-microshift-rhel-9": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7c8266e902ee5402689563a9bf6d623d39ede6dca9263407612618440d39fbe2", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:75e1339deae12d08ae9343b5258abfecbec2f9ce6f00c7069308a2a5630c816c", "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9783ff266388df6423e07a28f90b8a98761624663dc73c3544b92be647570800", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel8@sha256:10bffded5317da9de6c45ba74f0bb10e0a08ddb2bfef23b11ac61287a37f10a1", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:a4319ff7c736ca9fe20500dc3e5862d6bb446f2428ea2eadfb5f042195f4f860", diff --git a/etcd/go.mod b/etcd/go.mod index d6f82ab83f..28848e890b 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -111,11 +111,11 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.19.0 // indirect golang.org/x/crypto v0.1.0 // indirect - golang.org/x/net v0.7.0 // indirect + golang.org/x/net v0.8.0 // indirect golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/sys v0.6.0 // indirect + golang.org/x/term v0.6.0 // indirect + golang.org/x/text v0.8.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect @@ -143,33 +143,33 @@ replace ( go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 // staging kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 // staging kubernetes ) diff --git a/etcd/go.sum b/etcd/go.sum index 725e704641..679bc75909 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -371,18 +371,18 @@ github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:Sjmgmr github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:wL8kkRGx1Hp8FmZUuHfL3K2/OaGIDaXGr1N7i2G07J0= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 h1:oY9dmUpbeBrOE/0QAN0gL6Lz80E9J9KrXY1iz6a3ae8= github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221/go.mod h1:6/Gfe8XTGXQJgLYQ65oGKMfPivb2EASLUSMSWN9Sroo= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 h1:dzCea/DHA2x6R9j+wTb7BY3LnqhorBSvVdmB/wF0b5o= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 h1:t45aNQ0O98VzJ9nA8mhvcXDl30FcmZpR/yfLudfnwPQ= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 h1:paEpt3um9AlkuelIGXcweXP4MNcbSZqUZXmKK/ys77M= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 h1:EpfLJVTood6aq/ElFbWN+sWqx1aJYhvv0XRRZZHZVC0= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 h1:oBP6cLuqYBCVpXsOIOhk++szFMFJ6Nwn+4Lgat1jkkQ= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 h1:gwn29Sp0NX3xKTFS7RrOBNM/pKAQqKUOduPQSrFB85o= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 h1:f+5Fcc/WQpus26/zjyl/XCYr4NSNpAtYuf6bV2UJf14= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 h1:w4uwFjypPaaff3++nri9Z6P+OdBnUf9lF8czEeiOCYM= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 h1:LfPzMcGu+ns6q2+JD8KX2o3lxeUq8smiNSXwjLn98Do= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 h1:4m/eWo2ebGxBMmYB9y6YoI4EWIKGDG8SRSciVCX1ilA= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 h1:qyJleza3TMgCwXZ+b88cdGZMUz7G29GPpFNs0mGyscc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 h1:1tYc5o7kN6Vx2Jr/HQLt8AQImp8TT2hBZWRIT0ZRfL8= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -612,8 +612,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -686,12 +686,12 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -700,8 +700,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/etcd/vendor/golang.org/x/sys/unix/ioctl.go b/etcd/vendor/golang.org/x/sys/unix/ioctl.go index 1c51b0ec2b..7ce8dd406f 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ioctl.go +++ b/etcd/vendor/golang.org/x/sys/unix/ioctl.go @@ -8,7 +8,6 @@ package unix import ( - "runtime" "unsafe" ) @@ -27,7 +26,7 @@ func IoctlSetInt(fd int, req uint, value int) error { // passing the integer value directly. func IoctlSetPointerInt(fd int, req uint, value int) error { v := int32(value) - return ioctl(fd, req, uintptr(unsafe.Pointer(&v))) + return ioctlPtr(fd, req, unsafe.Pointer(&v)) } // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument. @@ -36,9 +35,7 @@ func IoctlSetPointerInt(fd int, req uint, value int) error { func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // TODO: if we get the chance, remove the req parameter and // hardcode TIOCSWINSZ. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlSetTermios performs an ioctl on fd with a *Termios. @@ -46,9 +43,7 @@ func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // The req value will usually be TCSETA or TIOCSETA. func IoctlSetTermios(fd int, req uint, value *Termios) error { // TODO: if we get the chance, remove the req parameter. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlGetInt performs an ioctl operation which gets an integer value @@ -58,18 +53,18 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { // for those, IoctlRetInt should be used instead of this function. func IoctlGetInt(fd int, req uint) (int, error) { var value int - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return value, err } func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { var value Winsize - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } func IoctlGetTermios(fd int, req uint) (*Termios, error) { var value Termios - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } diff --git a/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go b/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go index 5384e7d91d..6532f09af2 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go +++ b/etcd/vendor/golang.org/x/sys/unix/ioctl_zos.go @@ -27,9 +27,7 @@ func IoctlSetInt(fd int, req uint, value int) error { func IoctlSetWinsize(fd int, req uint, value *Winsize) error { // TODO: if we get the chance, remove the req parameter and // hardcode TIOCSWINSZ. - err := ioctl(fd, req, uintptr(unsafe.Pointer(value))) - runtime.KeepAlive(value) - return err + return ioctlPtr(fd, req, unsafe.Pointer(value)) } // IoctlSetTermios performs an ioctl on fd with a *Termios. @@ -51,13 +49,13 @@ func IoctlSetTermios(fd int, req uint, value *Termios) error { // for those, IoctlRetInt should be used instead of this function. func IoctlGetInt(fd int, req uint) (int, error) { var value int - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return value, err } func IoctlGetWinsize(fd int, req uint) (*Winsize, error) { var value Winsize - err := ioctl(fd, req, uintptr(unsafe.Pointer(&value))) + err := ioctlPtr(fd, req, unsafe.Pointer(&value)) return &value, err } diff --git a/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go index 463c3eff7f..39dba6ca6a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go +++ b/etcd/vendor/golang.org/x/sys/unix/ptrace_darwin.go @@ -7,6 +7,12 @@ package unix +import "unsafe" + func ptrace(request int, pid int, addr uintptr, data uintptr) error { return ptrace1(request, pid, addr, data) } + +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) error { + return ptrace1Ptr(request, pid, addr, data) +} diff --git a/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go b/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go index ed0509a011..9ea66330a9 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go +++ b/etcd/vendor/golang.org/x/sys/unix/ptrace_ios.go @@ -7,6 +7,12 @@ package unix +import "unsafe" + func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { return ENOTSUP } + +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + return ENOTSUP +} diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go b/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go index 2db1b51e99..d9f5544ccf 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_aix.go @@ -292,9 +292,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { break } } - - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -411,6 +409,7 @@ func (w WaitStatus) CoreDump() bool { return w&0x80 == 0x80 } func (w WaitStatus) TrapCause() int { return -1 } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = ioctl // fcntl must never be called with cmd=F_DUP2FD because it doesn't work on AIX // There is no way to create a custom fcntl and to keep //sys fcntl easily, diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go index eda42671f1..7705c3270b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_bsd.go @@ -245,8 +245,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { break } } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go index 192b071b3d..7064d6ebab 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -14,7 +14,6 @@ package unix import ( "fmt" - "runtime" "syscall" "unsafe" ) @@ -376,11 +375,10 @@ func Flistxattr(fd int, dest []byte) (sz int, err error) { func Kill(pid int, signum syscall.Signal) (err error) { return kill(pid, int(signum), 1) } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL func IoctlCtlInfo(fd int, ctlInfo *CtlInfo) error { - err := ioctl(fd, CTLIOCGINFO, uintptr(unsafe.Pointer(ctlInfo))) - runtime.KeepAlive(ctlInfo) - return err + return ioctlPtr(fd, CTLIOCGINFO, unsafe.Pointer(ctlInfo)) } // IfreqMTU is struct ifreq used to get or set a network device's MTU. @@ -394,16 +392,14 @@ type IfreqMTU struct { func IoctlGetIfreqMTU(fd int, ifname string) (*IfreqMTU, error) { var ifreq IfreqMTU copy(ifreq.Name[:], ifname) - err := ioctl(fd, SIOCGIFMTU, uintptr(unsafe.Pointer(&ifreq))) + err := ioctlPtr(fd, SIOCGIFMTU, unsafe.Pointer(&ifreq)) return &ifreq, err } // IoctlSetIfreqMTU performs the SIOCSIFMTU ioctl operation on fd to set the MTU // of the network device specified by ifreq.Name. func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error { - err := ioctl(fd, SIOCSIFMTU, uintptr(unsafe.Pointer(ifreq))) - runtime.KeepAlive(ifreq) - return err + return ioctlPtr(fd, SIOCSIFMTU, unsafe.Pointer(ifreq)) } //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go index b37310ce9b..9fa879806b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go @@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT64 //sys Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64 //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace +//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace //sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64 //sys Statfs(path string, stat *Statfs_t) (err error) = SYS_STATFS64 diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go index d51ec99630..f17b8c526a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go @@ -47,5 +47,6 @@ func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, //sys getfsstat(buf unsafe.Pointer, size uintptr, flags int) (n int, err error) = SYS_GETFSSTAT //sys Lstat(path string, stat *Stat_t) (err error) //sys ptrace1(request int, pid int, addr uintptr, data uintptr) (err error) = SYS_ptrace +//sys ptrace1Ptr(request int, pid int, addr unsafe.Pointer, data uintptr) (err error) = SYS_ptrace //sys Stat(path string, stat *Stat_t) (err error) //sys Statfs(path string, stat *Statfs_t) (err error) diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go index a41111a794..221efc26bc 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_dragonfly.go @@ -172,6 +172,7 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { } //sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go index d50b9dc250..5bdde03e4a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -161,7 +161,8 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { return } -//sys ioctl(fd int, req uint, arg uintptr) (err error) +//sys ioctl(fd int, req uint, arg uintptr) (err error) = SYS_IOCTL +//sys ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) = SYS_IOCTL //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL @@ -253,6 +254,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } //sys ptrace(request int, pid int, addr uintptr, data int) (err error) +//sys ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) = SYS_PTRACE func PtraceAttach(pid int) (err error) { return ptrace(PT_ATTACH, pid, 0, 0) @@ -267,19 +269,36 @@ func PtraceDetach(pid int) (err error) { } func PtraceGetFpRegs(pid int, fpregsout *FpReg) (err error) { - return ptrace(PT_GETFPREGS, pid, uintptr(unsafe.Pointer(fpregsout)), 0) + return ptracePtr(PT_GETFPREGS, pid, unsafe.Pointer(fpregsout), 0) } func PtraceGetRegs(pid int, regsout *Reg) (err error) { - return ptrace(PT_GETREGS, pid, uintptr(unsafe.Pointer(regsout)), 0) + return ptracePtr(PT_GETREGS, pid, unsafe.Pointer(regsout), 0) +} + +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + } + if countin > 0 { + _ = out[:countin] // check bounds + ioDesc.Addr = &out[0] + } else if out != nil { + ioDesc.Addr = (*byte)(unsafe.Pointer(&_zero)) + } + ioDesc.SetLen(countin) + + err = ptracePtr(PT_IO, pid, unsafe.Pointer(&ioDesc), 0) + return int(ioDesc.Len), err } func PtraceLwpEvents(pid int, enable int) (err error) { return ptrace(PT_LWP_EVENTS, pid, 0, enable) } -func PtraceLwpInfo(pid int, info uintptr) (err error) { - return ptrace(PT_LWPINFO, pid, info, int(unsafe.Sizeof(PtraceLwpInfoStruct{}))) +func PtraceLwpInfo(pid int, info *PtraceLwpInfoStruct) (err error) { + return ptracePtr(PT_LWPINFO, pid, unsafe.Pointer(info), int(unsafe.Sizeof(*info))) } func PtracePeekData(pid int, addr uintptr, out []byte) (count int, err error) { @@ -299,13 +318,25 @@ func PtracePokeText(pid int, addr uintptr, data []byte) (count int, err error) { } func PtraceSetRegs(pid int, regs *Reg) (err error) { - return ptrace(PT_SETREGS, pid, uintptr(unsafe.Pointer(regs)), 0) + return ptracePtr(PT_SETREGS, pid, unsafe.Pointer(regs), 0) } func PtraceSingleStep(pid int) (err error) { return ptrace(PT_STEP, pid, 1, 0) } +func Dup3(oldfd, newfd, flags int) error { + if oldfd == newfd || flags&^O_CLOEXEC != 0 { + return EINVAL + } + how := F_DUP2FD + if flags&O_CLOEXEC != 0 { + how = F_DUP2FD_CLOEXEC + } + _, err := fcntl(oldfd, how, newfd) + return err +} + /* * Exposed directly */ diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go index 6a91d471d0..b8da510043 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint32(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0) @@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceGetFsBase(pid int, fsbase *int64) (err error) { - return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) -} - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint32(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err + return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0) } diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go index 48110a0abb..47155c4839 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -57,16 +61,5 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) func PtraceGetFsBase(pid int, fsbase *int64) (err error) { - return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) -} - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err + return ptracePtr(PT_GETFSBASE, pid, unsafe.Pointer(fsbase), 0) } diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go index 52f1d4b75a..08932093fa 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint32(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr((*offset)>>32), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint32(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go index 5537ee4f2e..d151a0d0e5 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go index 164abd5d21..d5cd64b378 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go @@ -42,6 +42,10 @@ func (cmsg *Cmsghdr) SetLen(length int) { cmsg.Len = uint32(length) } +func (d *PtraceIoDesc) SetLen(length int) { + d.Len = uint64(length) +} + func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) { var writtenOut uint64 = 0 _, _, e1 := Syscall9(SYS_SENDFILE, uintptr(infd), uintptr(outfd), uintptr(*offset), uintptr(count), 0, uintptr(unsafe.Pointer(&writtenOut)), 0, 0, 0) @@ -55,14 +59,3 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e } func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) - -func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{ - Op: int32(req), - Offs: offs, - Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. - Len: uint64(countin), - } - err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) - return int(ioDesc.Len), err -} diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go index 4ffb64808d..381fd4673b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_hurd.go @@ -20,3 +20,11 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { } return } + +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(uintptr(arg))) + if r0 == -1 && er != nil { + err = er + } + return +} diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go b/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go index 5443dddd48..9735331530 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1015,8 +1015,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) { for n < len(pp.Path) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: @@ -1365,6 +1364,10 @@ func SetsockoptTCPRepairOpt(fd, level, opt int, o []TCPRepairOpt) (err error) { return setsockopt(fd, level, opt, unsafe.Pointer(&o[0]), uintptr(SizeofTCPRepairOpt*len(o))) } +func SetsockoptTCPMD5Sig(fd, level, opt int, s *TCPMD5Sig) error { + return setsockopt(fd, level, opt, unsafe.Pointer(s), unsafe.Sizeof(*s)) +} + // Keyctl Commands (http://man7.org/linux/man-pages/man2/keyctl.2.html) // KeyctlInt calls keyctl commands in which each argument is an int. @@ -1579,6 +1582,7 @@ func BindToDevice(fd int, device string) (err error) { } //sys ptrace(request int, pid int, addr uintptr, data uintptr) (err error) +//sys ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) = SYS_PTRACE func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err error) { // The peek requests are machine-size oriented, so we wrap it @@ -1596,7 +1600,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro // boundary. n := 0 if addr%SizeofPtr != 0 { - err = ptrace(req, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(req, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0])) if err != nil { return 0, err } @@ -1608,7 +1612,7 @@ func ptracePeek(req int, pid int, addr uintptr, out []byte) (count int, err erro for len(out) > 0 { // We use an internal buffer to guarantee alignment. // It's not documented if this is necessary, but we're paranoid. - err = ptrace(req, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(req, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) if err != nil { return n, err } @@ -1640,7 +1644,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c n := 0 if addr%SizeofPtr != 0 { var buf [SizeofPtr]byte - err = ptrace(peekReq, pid, addr-addr%SizeofPtr, uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(peekReq, pid, addr-addr%SizeofPtr, unsafe.Pointer(&buf[0])) if err != nil { return 0, err } @@ -1667,7 +1671,7 @@ func ptracePoke(pokeReq int, peekReq int, pid int, addr uintptr, data []byte) (c // Trailing edge. if len(data) > 0 { var buf [SizeofPtr]byte - err = ptrace(peekReq, pid, addr+uintptr(n), uintptr(unsafe.Pointer(&buf[0]))) + err = ptracePtr(peekReq, pid, addr+uintptr(n), unsafe.Pointer(&buf[0])) if err != nil { return n, err } @@ -1696,11 +1700,11 @@ func PtracePokeUser(pid int, addr uintptr, data []byte) (count int, err error) { } func PtraceGetRegs(pid int, regsout *PtraceRegs) (err error) { - return ptrace(PTRACE_GETREGS, pid, 0, uintptr(unsafe.Pointer(regsout))) + return ptracePtr(PTRACE_GETREGS, pid, 0, unsafe.Pointer(regsout)) } func PtraceSetRegs(pid int, regs *PtraceRegs) (err error) { - return ptrace(PTRACE_SETREGS, pid, 0, uintptr(unsafe.Pointer(regs))) + return ptracePtr(PTRACE_SETREGS, pid, 0, unsafe.Pointer(regs)) } func PtraceSetOptions(pid int, options int) (err error) { @@ -1709,7 +1713,7 @@ func PtraceSetOptions(pid int, options int) (err error) { func PtraceGetEventMsg(pid int) (msg uint, err error) { var data _C_long - err = ptrace(PTRACE_GETEVENTMSG, pid, 0, uintptr(unsafe.Pointer(&data))) + err = ptracePtr(PTRACE_GETEVENTMSG, pid, 0, unsafe.Pointer(&data)) msg = uint(data) return } @@ -2154,6 +2158,14 @@ func isGroupMember(gid int) bool { return false } +func isCapDacOverrideSet() bool { + hdr := CapUserHeader{Version: LINUX_CAPABILITY_VERSION_3} + data := [2]CapUserData{} + err := Capget(&hdr, &data[0]) + + return err == nil && data[0].Effective&(1< 0 { diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go index 77479d4581..1129065624 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go index 2e966d4d7a..55f5abfe59 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go index d65a7c0fa6..d39651c2b5 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go index 6f0b97c6db..ddb7408680 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go index e1c23b5272..09a53a616c 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go @@ -388,6 +388,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { @@ -414,6 +424,16 @@ func ptrace(request int, pid int, addr uintptr, data int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr unsafe.Pointer, data int) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 36ea3a55b7..430cb24de7 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -379,6 +379,16 @@ func ptrace(request int, pid int, addr uintptr, data uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ptracePtr(request int, pid int, addr uintptr, data unsafe.Pointer) (err error) { + _, _, e1 := Syscall6(SYS_PTRACE, uintptr(request), uintptr(pid), uintptr(addr), uintptr(data), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func reboot(magic1 uint, magic2 uint, cmd int, arg string) (err error) { var _p0 *byte _p0, err = BytePtrFromString(arg) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 79f7389963..8e1d9c8f66 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index fb161f3a26..21c6950400 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index 4c8ac993a8..298168f90a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go index 76dd8ec4fd..68b8bd492f 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go @@ -405,6 +405,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) { var _p0 unsafe.Pointer if len(mib) > 0 { diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index caeb807bd4..0b0f910e1a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index a05e5f4fff..48ff5de75b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index b2da8e50cc..2452a641da 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go index 048b2655e6..5e35600a60 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go index 6f33e37e72..b04cef1a19 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go index 330cf7f7ac..47a07ee0c2 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go index 5f24de0d9d..573378fdb9 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go @@ -527,6 +527,14 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { return } +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(libc_ioctl_trampoline_addr, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + var libc_ioctl_trampoline_addr uintptr //go:cgo_import_dynamic libc_ioctl ioctl "libc.so" diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go index 78d4a4240e..4873a1e5d3 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go @@ -657,6 +657,17 @@ func ioctlRet(fd int, req uint, arg uintptr) (ret int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtrRet(fd int, req uint, arg unsafe.Pointer) (ret int, err error) { + r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procioctl)), 3, uintptr(fd), uintptr(req), uintptr(arg), 0, 0, 0) + ret = int(r0) + if e1 != 0 { + err = e1 + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func poll(fds *PollFd, nfds int, timeout int) (n int, err error) { r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procpoll)), 3, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout), 0, 0, 0) n = int(r0) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go index f2079457c6..07bfe2ef9a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go @@ -267,6 +267,16 @@ func ioctl(fd int, req uint, arg uintptr) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) { + _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Access(path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go index d9c78cdcbc..29dc483378 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go @@ -362,7 +362,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go index 26991b1655..0a89b28906 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go @@ -367,7 +367,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go index f8324e7e7f..c8666bb152 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go @@ -350,7 +350,7 @@ type FpExtendedPrecision struct { type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go index 4220411f34..88fb48a887 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go @@ -347,7 +347,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go index 0660fd45c7..698dc975e9 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go @@ -348,7 +348,7 @@ type FpExtendedPrecision struct{} type PtraceIoDesc struct { Op int32 Offs uintptr - Addr uintptr + Addr *byte Len uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go index 7d9fc8f1c9..ca84727cfe 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -456,36 +456,60 @@ type Ucred struct { } type TCPInfo struct { - State uint8 - Ca_state uint8 - Retransmits uint8 - Probes uint8 - Backoff uint8 - Options uint8 - Rto uint32 - Ato uint32 - Snd_mss uint32 - Rcv_mss uint32 - Unacked uint32 - Sacked uint32 - Lost uint32 - Retrans uint32 - Fackets uint32 - Last_data_sent uint32 - Last_ack_sent uint32 - Last_data_recv uint32 - Last_ack_recv uint32 - Pmtu uint32 - Rcv_ssthresh uint32 - Rtt uint32 - Rttvar uint32 - Snd_ssthresh uint32 - Snd_cwnd uint32 - Advmss uint32 - Reordering uint32 - Rcv_rtt uint32 - Rcv_space uint32 - Total_retrans uint32 + State uint8 + Ca_state uint8 + Retransmits uint8 + Probes uint8 + Backoff uint8 + Options uint8 + Rto uint32 + Ato uint32 + Snd_mss uint32 + Rcv_mss uint32 + Unacked uint32 + Sacked uint32 + Lost uint32 + Retrans uint32 + Fackets uint32 + Last_data_sent uint32 + Last_ack_sent uint32 + Last_data_recv uint32 + Last_ack_recv uint32 + Pmtu uint32 + Rcv_ssthresh uint32 + Rtt uint32 + Rttvar uint32 + Snd_ssthresh uint32 + Snd_cwnd uint32 + Advmss uint32 + Reordering uint32 + Rcv_rtt uint32 + Rcv_space uint32 + Total_retrans uint32 + Pacing_rate uint64 + Max_pacing_rate uint64 + Bytes_acked uint64 + Bytes_received uint64 + Segs_out uint32 + Segs_in uint32 + Notsent_bytes uint32 + Min_rtt uint32 + Data_segs_in uint32 + Data_segs_out uint32 + Delivery_rate uint64 + Busy_time uint64 + Rwnd_limited uint64 + Sndbuf_limited uint64 + Delivered uint32 + Delivered_ce uint32 + Bytes_sent uint64 + Bytes_retrans uint64 + Dsack_dups uint32 + Reord_seen uint32 + Rcv_ooopack uint32 + Snd_wnd uint32 + Rcv_wnd uint32 + Rehash uint32 } type CanFilter struct { @@ -528,7 +552,7 @@ const ( SizeofIPv6MTUInfo = 0x20 SizeofICMPv6Filter = 0x20 SizeofUcred = 0xc - SizeofTCPInfo = 0x68 + SizeofTCPInfo = 0xf0 SizeofCanFilter = 0x8 SizeofTCPRepairOpt = 0x8 ) @@ -1043,6 +1067,7 @@ const ( PerfBitCommExec = CBitFieldMaskBit24 PerfBitUseClockID = CBitFieldMaskBit25 PerfBitContextSwitch = CBitFieldMaskBit26 + PerfBitWriteBackward = CBitFieldMaskBit27 ) const ( @@ -1239,7 +1264,7 @@ type TCPMD5Sig struct { Flags uint8 Prefixlen uint8 Keylen uint16 - _ uint32 + Ifindex int32 Key [80]uint8 } @@ -1939,7 +1964,11 @@ const ( NFT_MSG_GETOBJ = 0x13 NFT_MSG_DELOBJ = 0x14 NFT_MSG_GETOBJ_RESET = 0x15 - NFT_MSG_MAX = 0x19 + NFT_MSG_NEWFLOWTABLE = 0x16 + NFT_MSG_GETFLOWTABLE = 0x17 + NFT_MSG_DELFLOWTABLE = 0x18 + NFT_MSG_GETRULE_RESET = 0x19 + NFT_MSG_MAX = 0x1a NFTA_LIST_UNSPEC = 0x0 NFTA_LIST_ELEM = 0x1 NFTA_HOOK_UNSPEC = 0x0 @@ -2443,9 +2472,11 @@ const ( SOF_TIMESTAMPING_OPT_STATS = 0x1000 SOF_TIMESTAMPING_OPT_PKTINFO = 0x2000 SOF_TIMESTAMPING_OPT_TX_SWHW = 0x4000 + SOF_TIMESTAMPING_BIND_PHC = 0x8000 + SOF_TIMESTAMPING_OPT_ID_TCP = 0x10000 - SOF_TIMESTAMPING_LAST = 0x8000 - SOF_TIMESTAMPING_MASK = 0xffff + SOF_TIMESTAMPING_LAST = 0x10000 + SOF_TIMESTAMPING_MASK = 0x1ffff SCM_TSTAMP_SND = 0x0 SCM_TSTAMP_SCHED = 0x1 @@ -3265,7 +3296,7 @@ const ( DEVLINK_ATTR_LINECARD_SUPPORTED_TYPES = 0xae DEVLINK_ATTR_NESTED_DEVLINK = 0xaf DEVLINK_ATTR_SELFTESTS = 0xb0 - DEVLINK_ATTR_MAX = 0xb0 + DEVLINK_ATTR_MAX = 0xb3 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1 DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0 @@ -3281,7 +3312,8 @@ const ( DEVLINK_PORT_FUNCTION_ATTR_HW_ADDR = 0x1 DEVLINK_PORT_FN_ATTR_STATE = 0x2 DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3 - DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x3 + DEVLINK_PORT_FN_ATTR_CAPS = 0x4 + DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x4 ) type FsverityDigest struct { @@ -3572,7 +3604,8 @@ const ( ETHTOOL_MSG_MODULE_SET = 0x23 ETHTOOL_MSG_PSE_GET = 0x24 ETHTOOL_MSG_PSE_SET = 0x25 - ETHTOOL_MSG_USER_MAX = 0x25 + ETHTOOL_MSG_RSS_GET = 0x26 + ETHTOOL_MSG_USER_MAX = 0x26 ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3611,7 +3644,8 @@ const ( ETHTOOL_MSG_MODULE_GET_REPLY = 0x23 ETHTOOL_MSG_MODULE_NTF = 0x24 ETHTOOL_MSG_PSE_GET_REPLY = 0x25 - ETHTOOL_MSG_KERNEL_MAX = 0x25 + ETHTOOL_MSG_RSS_GET_REPLY = 0x26 + ETHTOOL_MSG_KERNEL_MAX = 0x26 ETHTOOL_A_HEADER_UNSPEC = 0x0 ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 @@ -3679,7 +3713,8 @@ const ( ETHTOOL_A_LINKSTATE_SQI_MAX = 0x4 ETHTOOL_A_LINKSTATE_EXT_STATE = 0x5 ETHTOOL_A_LINKSTATE_EXT_SUBSTATE = 0x6 - ETHTOOL_A_LINKSTATE_MAX = 0x6 + ETHTOOL_A_LINKSTATE_EXT_DOWN_CNT = 0x7 + ETHTOOL_A_LINKSTATE_MAX = 0x7 ETHTOOL_A_DEBUG_UNSPEC = 0x0 ETHTOOL_A_DEBUG_HEADER = 0x1 ETHTOOL_A_DEBUG_MSGMASK = 0x2 @@ -4409,7 +4444,7 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x140 + NL80211_ATTR_MAX = 0x141 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 @@ -4552,6 +4587,7 @@ const ( NL80211_ATTR_SUPPORT_MESH_AUTH = 0x73 NL80211_ATTR_SURVEY_INFO = 0x54 NL80211_ATTR_SURVEY_RADIO_STATS = 0xda + NL80211_ATTR_TD_BITMAP = 0x141 NL80211_ATTR_TDLS_ACTION = 0x88 NL80211_ATTR_TDLS_DIALOG_TOKEN = 0x89 NL80211_ATTR_TDLS_EXTERNAL_SETUP = 0x8c @@ -5752,3 +5788,25 @@ const ( AUDIT_NLGRP_NONE = 0x0 AUDIT_NLGRP_READLOG = 0x1 ) + +const ( + TUN_F_CSUM = 0x1 + TUN_F_TSO4 = 0x2 + TUN_F_TSO6 = 0x4 + TUN_F_TSO_ECN = 0x8 + TUN_F_UFO = 0x10 +) + +const ( + VIRTIO_NET_HDR_F_NEEDS_CSUM = 0x1 + VIRTIO_NET_HDR_F_DATA_VALID = 0x2 + VIRTIO_NET_HDR_F_RSC_INFO = 0x4 +) + +const ( + VIRTIO_NET_HDR_GSO_NONE = 0x0 + VIRTIO_NET_HDR_GSO_TCPV4 = 0x1 + VIRTIO_NET_HDR_GSO_UDP = 0x3 + VIRTIO_NET_HDR_GSO_TCPV6 = 0x4 + VIRTIO_NET_HDR_GSO_ECN = 0x80 +) diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go index 89c516a29a..4ecc1495cd 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_386.go @@ -414,7 +414,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go index 62b4fb2699..34fddff964 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go @@ -427,7 +427,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go index e86b35893e..3b14a6031f 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go @@ -405,7 +405,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]uint8 + Data [122]byte _ uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go index 6c6be4c911..0517651ab3 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go @@ -406,7 +406,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go index 4982ea355a..3b0c518134 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go @@ -407,7 +407,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go index 173141a670..fccdf4dd0f 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go @@ -410,7 +410,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go index 93ae4c5167..500de8fc07 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go @@ -409,7 +409,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go index 4e4e510ca5..d0434cd2c6 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go @@ -409,7 +409,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go index 3f5ba013d9..84206ba534 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go @@ -410,7 +410,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]int8 + Data [122]byte _ uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go index 71dfe7cdb4..ab078cf1f5 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go @@ -417,7 +417,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [122]uint8 + Data [122]byte _ uint32 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go index 3a2b7f0a66..42eb2c4cef 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go @@ -416,7 +416,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go index a52d627563..31304a4e8b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go @@ -416,7 +416,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go index dfc007d8a6..c311f9612d 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go @@ -434,7 +434,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]uint8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go index b53cb9103d..bba3cefac1 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go @@ -429,7 +429,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go index fe0aa35472..ad8a013804 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go @@ -411,7 +411,7 @@ const ( type SockaddrStorage struct { Family uint16 - _ [118]int8 + Data [118]byte _ uint64 } diff --git a/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go b/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go index 41cb3c01fd..3723b2c224 100644 --- a/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -824,6 +824,9 @@ const socket_error = uintptr(^uint32(0)) //sys WSAStartup(verreq uint32, data *WSAData) (sockerr error) = ws2_32.WSAStartup //sys WSACleanup() (err error) [failretval==socket_error] = ws2_32.WSACleanup //sys WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbob uint32, cbbr *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) [failretval==socket_error] = ws2_32.WSAIoctl +//sys WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceBeginW +//sys WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceNextW +//sys WSALookupServiceEnd(handle Handle) (err error) [failretval==socket_error] = ws2_32.WSALookupServiceEnd //sys socket(af int32, typ int32, protocol int32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.socket //sys sendto(s Handle, buf []byte, flags int32, to unsafe.Pointer, tolen int32) (err error) [failretval==socket_error] = ws2_32.sendto //sys recvfrom(s Handle, buf []byte, flags int32, from *RawSockaddrAny, fromlen *int32) (n int32, err error) [failretval==-1] = ws2_32.recvfrom @@ -1019,8 +1022,7 @@ func (rsa *RawSockaddrAny) Sockaddr() (Sockaddr, error) { for n < len(pp.Path) && pp.Path[n] != 0 { n++ } - bytes := (*[len(pp.Path)]byte)(unsafe.Pointer(&pp.Path[0]))[0:n] - sa.Name = string(bytes) + sa.Name = string(unsafe.Slice((*byte)(unsafe.Pointer(&pp.Path[0])), n)) return sa, nil case AF_INET: diff --git a/etcd/vendor/golang.org/x/sys/windows/types_windows.go b/etcd/vendor/golang.org/x/sys/windows/types_windows.go index 0c4add9741..857acf1032 100644 --- a/etcd/vendor/golang.org/x/sys/windows/types_windows.go +++ b/etcd/vendor/golang.org/x/sys/windows/types_windows.go @@ -1243,6 +1243,51 @@ const ( DnsSectionAdditional = 0x0003 ) +const ( + // flags of WSALookupService + LUP_DEEP = 0x0001 + LUP_CONTAINERS = 0x0002 + LUP_NOCONTAINERS = 0x0004 + LUP_NEAREST = 0x0008 + LUP_RETURN_NAME = 0x0010 + LUP_RETURN_TYPE = 0x0020 + LUP_RETURN_VERSION = 0x0040 + LUP_RETURN_COMMENT = 0x0080 + LUP_RETURN_ADDR = 0x0100 + LUP_RETURN_BLOB = 0x0200 + LUP_RETURN_ALIASES = 0x0400 + LUP_RETURN_QUERY_STRING = 0x0800 + LUP_RETURN_ALL = 0x0FF0 + LUP_RES_SERVICE = 0x8000 + + LUP_FLUSHCACHE = 0x1000 + LUP_FLUSHPREVIOUS = 0x2000 + + LUP_NON_AUTHORITATIVE = 0x4000 + LUP_SECURE = 0x8000 + LUP_RETURN_PREFERRED_NAMES = 0x10000 + LUP_DNS_ONLY = 0x20000 + + LUP_ADDRCONFIG = 0x100000 + LUP_DUAL_ADDR = 0x200000 + LUP_FILESERVER = 0x400000 + LUP_DISABLE_IDN_ENCODING = 0x00800000 + LUP_API_ANSI = 0x01000000 + + LUP_RESOLUTION_HANDLE = 0x80000000 +) + +const ( + // values of WSAQUERYSET's namespace + NS_ALL = 0 + NS_DNS = 12 + NS_NLA = 15 + NS_BTH = 16 + NS_EMAIL = 37 + NS_PNRPNAME = 38 + NS_PNRPCLOUD = 39 +) + type DNSSRVData struct { Target *uint16 Priority uint16 @@ -3258,3 +3303,43 @@ const ( DWMWA_TEXT_COLOR = 36 DWMWA_VISIBLE_FRAME_BORDER_THICKNESS = 37 ) + +type WSAQUERYSET struct { + Size uint32 + ServiceInstanceName *uint16 + ServiceClassId *GUID + Version *WSAVersion + Comment *uint16 + NameSpace uint32 + NSProviderId *GUID + Context *uint16 + NumberOfProtocols uint32 + AfpProtocols *AFProtocols + QueryString *uint16 + NumberOfCsAddrs uint32 + SaBuffer *CSAddrInfo + OutputFlags uint32 + Blob *BLOB +} + +type WSAVersion struct { + Version uint32 + EnumerationOfComparison int32 +} + +type AFProtocols struct { + AddressFamily int32 + Protocol int32 +} + +type CSAddrInfo struct { + LocalAddr SocketAddress + RemoteAddr SocketAddress + SocketType int32 + Protocol int32 +} + +type BLOB struct { + Size uint32 + BlobData *byte +} diff --git a/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go index ac60052e44..6d2a268534 100644 --- a/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/etcd/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -474,6 +474,9 @@ var ( procWSAEnumProtocolsW = modws2_32.NewProc("WSAEnumProtocolsW") procWSAGetOverlappedResult = modws2_32.NewProc("WSAGetOverlappedResult") procWSAIoctl = modws2_32.NewProc("WSAIoctl") + procWSALookupServiceBeginW = modws2_32.NewProc("WSALookupServiceBeginW") + procWSALookupServiceEnd = modws2_32.NewProc("WSALookupServiceEnd") + procWSALookupServiceNextW = modws2_32.NewProc("WSALookupServiceNextW") procWSARecv = modws2_32.NewProc("WSARecv") procWSARecvFrom = modws2_32.NewProc("WSARecvFrom") procWSASend = modws2_32.NewProc("WSASend") @@ -4067,6 +4070,30 @@ func WSAIoctl(s Handle, iocc uint32, inbuf *byte, cbif uint32, outbuf *byte, cbo return } +func WSALookupServiceBegin(querySet *WSAQUERYSET, flags uint32, handle *Handle) (err error) { + r1, _, e1 := syscall.Syscall(procWSALookupServiceBeginW.Addr(), 3, uintptr(unsafe.Pointer(querySet)), uintptr(flags), uintptr(unsafe.Pointer(handle))) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + +func WSALookupServiceEnd(handle Handle) (err error) { + r1, _, e1 := syscall.Syscall(procWSALookupServiceEnd.Addr(), 1, uintptr(handle), 0, 0) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + +func WSALookupServiceNext(handle Handle, flags uint32, size *int32, querySet *WSAQUERYSET) (err error) { + r1, _, e1 := syscall.Syscall6(procWSALookupServiceNextW.Addr(), 4, uintptr(handle), uintptr(flags), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(querySet)), 0, 0) + if r1 == socket_error { + err = errnoErr(e1) + } + return +} + func WSARecv(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32, overlapped *Overlapped, croutine *byte) (err error) { r1, _, e1 := syscall.Syscall9(procWSARecv.Addr(), 7, uintptr(s), uintptr(unsafe.Pointer(bufs)), uintptr(bufcnt), uintptr(unsafe.Pointer(recvd)), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(croutine)), 0, 0) if r1 == socket_error { diff --git a/etcd/vendor/golang.org/x/text/encoding/internal/internal.go b/etcd/vendor/golang.org/x/text/encoding/internal/internal.go index 75a5fd1658..413e6fc6d7 100644 --- a/etcd/vendor/golang.org/x/text/encoding/internal/internal.go +++ b/etcd/vendor/golang.org/x/text/encoding/internal/internal.go @@ -64,7 +64,7 @@ func (e FuncEncoding) NewEncoder() *encoding.Encoder { // byte. type RepertoireError byte -// Error implements the error interrface. +// Error implements the error interface. func (r RepertoireError) Error() string { return "encoding: rune not supported by encoding." } diff --git a/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go b/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go index d69ccb4f97..487335d14d 100644 --- a/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go +++ b/etcd/vendor/golang.org/x/text/unicode/norm/forminfo.go @@ -13,7 +13,7 @@ import "encoding/binary" // a rune to a uint16. The values take two forms. For v >= 0x8000: // bits // 15: 1 (inverse of NFD_QC bit of qcInfo) -// 13..7: qcInfo (see below). isYesD is always true (no decompostion). +// 13..7: qcInfo (see below). isYesD is always true (no decomposition). // 6..0: ccc (compressed CCC value). // For v < 0x8000, the respective rune has a decomposition and v is an index // into a byte array of UTF-8 decomposition sequences and additional info and diff --git a/etcd/vendor/k8s.io/api/core/v1/generated.proto b/etcd/vendor/k8s.io/api/core/v1/generated.proto index 9264bfd98b..416811e291 100644 --- a/etcd/vendor/k8s.io/api/core/v1/generated.proto +++ b/etcd/vendor/k8s.io/api/core/v1/generated.proto @@ -4512,7 +4512,7 @@ message ResourceRequirements { // This is an alpha field and requires enabling the // DynamicResourceAllocation feature gate. // - // This field is immutable. + // This field is immutable. It can only be set for containers. // // +listType=map // +listMapKey=name diff --git a/etcd/vendor/k8s.io/api/core/v1/types.go b/etcd/vendor/k8s.io/api/core/v1/types.go index 4be1df0c1d..0101e95d91 100644 --- a/etcd/vendor/k8s.io/api/core/v1/types.go +++ b/etcd/vendor/k8s.io/api/core/v1/types.go @@ -2320,7 +2320,7 @@ type ResourceRequirements struct { // This is an alpha field and requires enabling the // DynamicResourceAllocation feature gate. // - // This field is immutable. + // This field is immutable. It can only be set for containers. // // +listType=map // +listMapKey=name diff --git a/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go index 6c6fe2e006..99391a423d 100644 --- a/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/etcd/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -2041,7 +2041,7 @@ var map_ResourceRequirements = map[string]string{ "": "ResourceRequirements describes the compute resource requirements.", "limits": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "requests": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "claims": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", + "claims": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", } func (ResourceRequirements) SwaggerDoc() map[string]string { diff --git a/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go b/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go index 033a4c8fc3..758b0a3ac8 100644 --- a/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go +++ b/etcd/vendor/k8s.io/client-go/discovery/aggregated_discovery.go @@ -24,19 +24,36 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" ) +// StaleGroupVersionError encasulates failed GroupVersion marked "stale" +// in the returned AggregatedDiscovery format. +type StaleGroupVersionError struct { + gv schema.GroupVersion +} + +func (s StaleGroupVersionError) Error() string { + return fmt.Sprintf("stale GroupVersion discovery: %v", s.gv) +} + // SplitGroupsAndResources transforms "aggregated" discovery top-level structure into // the previous "unaggregated" discovery groups and resources. -func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList) { +func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList) ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error) { // Aggregated group list will contain the entirety of discovery, including - // groups, versions, and resources. + // groups, versions, and resources. GroupVersions marked "stale" are failed. groups := []*metav1.APIGroup{} + failedGVs := map[schema.GroupVersion]error{} resourcesByGV := map[schema.GroupVersion]*metav1.APIResourceList{} for _, aggGroup := range aggregatedGroups.Items { - group, resources := convertAPIGroup(aggGroup) + group, resources, failed := convertAPIGroup(aggGroup) groups = append(groups, group) for gv, resourceList := range resources { resourcesByGV[gv] = resourceList } + for gv, err := range failed { + failedGVs[gv] = err + } } // Transform slice of groups to group list before returning. groupList := &metav1.APIGroupList{} @@ -44,23 +61,32 @@ func SplitGroupsAndResources(aggregatedGroups apidiscovery.APIGroupDiscoveryList for _, group := range groups { groupList.Groups = append(groupList.Groups, *group) } - return groupList, resourcesByGV + return groupList, resourcesByGV, failedGVs } // convertAPIGroup tranforms an "aggregated" APIGroupDiscovery to an "legacy" APIGroup, // also returning the map of APIResourceList for resources within GroupVersions. -func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (*metav1.APIGroup, map[schema.GroupVersion]*metav1.APIResourceList) { +func convertAPIGroup(g apidiscovery.APIGroupDiscovery) ( + *metav1.APIGroup, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error) { // Iterate through versions to convert to group and resources. group := &metav1.APIGroup{} gvResources := map[schema.GroupVersion]*metav1.APIResourceList{} + failedGVs := map[schema.GroupVersion]error{} group.Name = g.ObjectMeta.Name - for i, v := range g.Versions { - version := metav1.GroupVersionForDiscovery{} + for _, v := range g.Versions { gv := schema.GroupVersion{Group: g.Name, Version: v.Version} + if v.Freshness == apidiscovery.DiscoveryFreshnessStale { + failedGVs[gv] = StaleGroupVersionError{gv: gv} + continue + } + version := metav1.GroupVersionForDiscovery{} version.GroupVersion = gv.String() version.Version = v.Version group.Versions = append(group.Versions, version) - if i == 0 { + // PreferredVersion is first non-stale Version + if group.PreferredVersion == (metav1.GroupVersionForDiscovery{}) { group.PreferredVersion = version } resourceList := &metav1.APIResourceList{} @@ -76,7 +102,7 @@ func convertAPIGroup(g apidiscovery.APIGroupDiscovery) (*metav1.APIGroup, map[sc } gvResources[gv] = resourceList } - return group, gvResources + return group, gvResources, failedGVs } // convertAPIResource tranforms a APIResourceDiscovery to an APIResource. diff --git a/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go b/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go index 0a41018474..9143ce00ab 100644 --- a/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go +++ b/etcd/vendor/k8s.io/client-go/discovery/cached/memory/memcache.go @@ -33,6 +33,7 @@ import ( "k8s.io/client-go/openapi" cachedopenapi "k8s.io/client-go/openapi/cached" restclient "k8s.io/client-go/rest" + "k8s.io/klog/v2" ) type cacheEntry struct { @@ -61,6 +62,15 @@ var ( ErrCacheNotFound = errors.New("not found") ) +// Server returning empty ResourceList for Group/Version. +type emptyResponseError struct { + gv string +} + +func (e *emptyResponseError) Error() string { + return fmt.Sprintf("received empty response for: %s", e.gv) +} + var _ discovery.CachedDiscoveryInterface = &memCacheClient{} // isTransientConnectionError checks whether given error is "Connection refused" or @@ -103,7 +113,13 @@ func (d *memCacheClient) ServerResourcesForGroupVersion(groupVersion string) (*m if cachedVal.err != nil && isTransientError(cachedVal.err) { r, err := d.serverResourcesForGroupVersion(groupVersion) if err != nil { - utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", groupVersion, err)) + // Don't log "empty response" as an error; it is a common response for metrics. + if _, emptyErr := err.(*emptyResponseError); emptyErr { + // Log at same verbosity as disk cache. + klog.V(3).Infof("%v", err) + } else { + utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", groupVersion, err)) + } } cachedVal = &cacheEntry{r, err} d.groupToServerResources[groupVersion] = cachedVal @@ -120,32 +136,38 @@ func (d *memCacheClient) ServerGroupsAndResources() ([]*metav1.APIGroup, []*meta // GroupsAndMaybeResources returns the list of APIGroups, and possibly the map of group/version // to resources. The returned groups will never be nil, but the resources map can be nil // if there are no cached resources. -func (d *memCacheClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +func (d *memCacheClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, map[schema.GroupVersion]error, error) { d.lock.Lock() defer d.lock.Unlock() if !d.cacheValid { if err := d.refreshLocked(); err != nil { - return nil, nil, err + return nil, nil, nil, err } } // Build the resourceList from the cache? var resourcesMap map[schema.GroupVersion]*metav1.APIResourceList + var failedGVs map[schema.GroupVersion]error if d.receivedAggregatedDiscovery && len(d.groupToServerResources) > 0 { resourcesMap = map[schema.GroupVersion]*metav1.APIResourceList{} + failedGVs = map[schema.GroupVersion]error{} for gv, cacheEntry := range d.groupToServerResources { groupVersion, err := schema.ParseGroupVersion(gv) if err != nil { - return nil, nil, fmt.Errorf("failed to parse group version (%v): %v", gv, err) + return nil, nil, nil, fmt.Errorf("failed to parse group version (%v): %v", gv, err) + } + if cacheEntry.err != nil { + failedGVs[groupVersion] = cacheEntry.err + } else { + resourcesMap[groupVersion] = cacheEntry.resourceList } - resourcesMap[groupVersion] = cacheEntry.resourceList } } - return d.groupList, resourcesMap, nil + return d.groupList, resourcesMap, failedGVs, nil } func (d *memCacheClient) ServerGroups() (*metav1.APIGroupList, error) { - groups, _, err := d.GroupsAndMaybeResources() + groups, _, _, err := d.GroupsAndMaybeResources() if err != nil { return nil, err } @@ -219,7 +241,8 @@ func (d *memCacheClient) refreshLocked() error { if ad, ok := d.delegate.(discovery.AggregatedDiscoveryInterface); ok { var resources map[schema.GroupVersion]*metav1.APIResourceList - gl, resources, err = ad.GroupsAndMaybeResources() + var failedGVs map[schema.GroupVersion]error + gl, resources, failedGVs, err = ad.GroupsAndMaybeResources() if resources != nil && err == nil { // Cache the resources. d.groupToServerResources = map[string]*cacheEntry{} @@ -227,6 +250,10 @@ func (d *memCacheClient) refreshLocked() error { for gv, resources := range resources { d.groupToServerResources[gv.String()] = &cacheEntry{resources, nil} } + // Cache GroupVersion discovery errors + for gv, err := range failedGVs { + d.groupToServerResources[gv.String()] = &cacheEntry{nil, err} + } d.receivedAggregatedDiscovery = true d.cacheValid = true return nil @@ -252,7 +279,13 @@ func (d *memCacheClient) refreshLocked() error { r, err := d.serverResourcesForGroupVersion(gv) if err != nil { - utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", gv, err)) + // Don't log "empty response" as an error; it is a common response for metrics. + if _, emptyErr := err.(*emptyResponseError); emptyErr { + // Log at same verbosity as disk cache. + klog.V(3).Infof("%v", err) + } else { + utilruntime.HandleError(fmt.Errorf("couldn't get resource list for %v: %v", gv, err)) + } } resultLock.Lock() @@ -274,7 +307,7 @@ func (d *memCacheClient) serverResourcesForGroupVersion(groupVersion string) (*m return r, err } if len(r.APIResources) == 0 { - return r, fmt.Errorf("Got empty response for: %v", groupVersion) + return r, &emptyResponseError{gv: groupVersion} } return r, nil } diff --git a/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go b/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go index 43906190fb..641568008b 100644 --- a/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go +++ b/etcd/vendor/k8s.io/client-go/discovery/discovery_client.go @@ -86,7 +86,7 @@ type DiscoveryInterface interface { type AggregatedDiscoveryInterface interface { DiscoveryInterface - GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) + GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, map[schema.GroupVersion]error, error) } // CachedDiscoveryInterface is a DiscoveryInterface with cache invalidation and freshness. @@ -186,18 +186,23 @@ func apiVersionsToAPIGroup(apiVersions *metav1.APIVersions) (apiGroup metav1.API // and resources from /api and /apis (either aggregated or not). Legacy groups // must be ordered first. The server will either return both endpoints (/api, /apis) // as aggregated discovery format or legacy format. For safety, resources will only -// be returned if both endpoints returned resources. -func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// be returned if both endpoints returned resources. Returned "failedGVs" can be +// empty, but will only be nil in the case an error is returned. +func (d *DiscoveryClient) GroupsAndMaybeResources() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { // Legacy group ordered first (there is only one -- core/v1 group). Returned groups must // be non-nil, but it could be empty. Returned resources, apiResources map could be nil. - groups, resources, err := d.downloadLegacy() + groups, resources, failedGVs, err := d.downloadLegacy() if err != nil { - return nil, nil, err + return nil, nil, nil, err } // Discovery groups and (possibly) resources downloaded from /apis. - apiGroups, apiResources, aerr := d.downloadAPIs() + apiGroups, apiResources, failedApisGVs, aerr := d.downloadAPIs() if aerr != nil { - return nil, nil, aerr + return nil, nil, nil, aerr } // Merge apis groups into the legacy groups. for _, group := range apiGroups.Groups { @@ -211,14 +216,23 @@ func (d *DiscoveryClient) GroupsAndMaybeResources() (*metav1.APIGroupList, map[s } else if resources != nil { resources = nil } - return groups, resources, err + // Merge failed GroupVersions from /api and /apis + for gv, err := range failedApisGVs { + failedGVs[gv] = err + } + return groups, resources, failedGVs, err } // downloadLegacy returns the discovery groups and possibly resources // for the legacy v1 GVR at /api, or an error if one occurred. It is // possible for the resource map to be nil if the server returned -// the unaggregated discovery. -func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// the unaggregated discovery. Returned "failedGVs" can be empty, but +// will only be nil in the case of a returned error. +func (d *DiscoveryClient) downloadLegacy() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { accept := acceptDiscoveryFormats if d.UseLegacyDiscovery { accept = AcceptV1 @@ -230,16 +244,19 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro Do(context.TODO()). ContentType(&responseContentType). Raw() - // Special error handling for 403 or 404 to be compatible with older v1.0 servers. - // Return empty group list to be merged with /apis. - if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) { - return nil, nil, err - } - if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) { - return &metav1.APIGroupList{}, nil, nil + apiGroupList := &metav1.APIGroupList{} + failedGVs := map[schema.GroupVersion]error{} + if err != nil { + // Tolerate 404, since aggregated api servers can return it. + if errors.IsNotFound(err) { + // Return empty structures and no error. + emptyGVMap := map[schema.GroupVersion]*metav1.APIResourceList{} + return apiGroupList, emptyGVMap, failedGVs, nil + } else { + return nil, nil, nil, err + } } - apiGroupList := &metav1.APIGroupList{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. switch responseContentType { @@ -247,7 +264,7 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro var v metav1.APIVersions err = json.Unmarshal(body, &v) if err != nil { - return nil, nil, err + return nil, nil, nil, err } apiGroup := metav1.APIGroup{} if len(v.Versions) != 0 { @@ -258,20 +275,25 @@ func (d *DiscoveryClient) downloadLegacy() (*metav1.APIGroupList, map[schema.Gro var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { - return nil, nil, err + return nil, nil, nil, err } - apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery) + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } - return apiGroupList, resourcesByGV, nil + return apiGroupList, resourcesByGV, failedGVs, nil } // downloadAPIs returns the discovery groups and (if aggregated format) the // discovery resources. The returned groups will always exist, but the -// resources map may be nil. -func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.GroupVersion]*metav1.APIResourceList, error) { +// resources map may be nil. Returned "failedGVs" can be empty, but will +// only be nil in the case of a returned error. +func (d *DiscoveryClient) downloadAPIs() ( + *metav1.APIGroupList, + map[schema.GroupVersion]*metav1.APIResourceList, + map[schema.GroupVersion]error, + error) { accept := acceptDiscoveryFormats if d.UseLegacyDiscovery { accept = AcceptV1 @@ -283,42 +305,38 @@ func (d *DiscoveryClient) downloadAPIs() (*metav1.APIGroupList, map[schema.Group Do(context.TODO()). ContentType(&responseContentType). Raw() - // Special error handling for 403 or 404 to be compatible with older v1.0 servers. - // Return empty group list to be merged with /api. - if err != nil && !errors.IsNotFound(err) && !errors.IsForbidden(err) { - return nil, nil, err - } - if err != nil && (errors.IsNotFound(err) || errors.IsForbidden(err)) { - return &metav1.APIGroupList{}, nil, nil + if err != nil { + return nil, nil, nil, err } apiGroupList := &metav1.APIGroupList{} + failedGVs := map[schema.GroupVersion]error{} var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList // Switch on content-type server responded with: aggregated or unaggregated. switch responseContentType { case AcceptV1: err = json.Unmarshal(body, apiGroupList) if err != nil { - return nil, nil, err + return nil, nil, nil, err } case AcceptV2Beta1: var aggregatedDiscovery apidiscovery.APIGroupDiscoveryList err = json.Unmarshal(body, &aggregatedDiscovery) if err != nil { - return nil, nil, err + return nil, nil, nil, err } - apiGroupList, resourcesByGV = SplitGroupsAndResources(aggregatedDiscovery) + apiGroupList, resourcesByGV, failedGVs = SplitGroupsAndResources(aggregatedDiscovery) default: - return nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) + return nil, nil, nil, fmt.Errorf("Unknown discovery response content-type: %s", responseContentType) } - return apiGroupList, resourcesByGV, nil + return apiGroupList, resourcesByGV, failedGVs, nil } // ServerGroups returns the supported groups, with information like supported versions and the // preferred version. func (d *DiscoveryClient) ServerGroups() (*metav1.APIGroupList, error) { - groups, _, err := d.GroupsAndMaybeResources() + groups, _, _, err := d.GroupsAndMaybeResources() if err != nil { return nil, err } @@ -341,8 +359,10 @@ func (d *DiscoveryClient) ServerResourcesForGroupVersion(groupVersion string) (r } err = d.restClient.Get().AbsPath(url.String()).Do(context.TODO()).Into(resources) if err != nil { - // ignore 403 or 404 error to be compatible with an v1.0 server. - if groupVersion == "v1" && (errors.IsNotFound(err) || errors.IsForbidden(err)) { + // Tolerate core/v1 not found response by returning empty resource list; + // this probably should not happen. But we should verify all callers are + // not depending on this toleration before removal. + if groupVersion == "v1" && errors.IsNotFound(err) { return resources, nil } return nil, err @@ -383,13 +403,14 @@ func IsGroupDiscoveryFailedError(err error) bool { func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*metav1.APIResourceList, error) { var sgs *metav1.APIGroupList var resources []*metav1.APIResourceList + var failedGVs map[schema.GroupVersion]error var err error // If the passed discovery object implements the wider AggregatedDiscoveryInterface, // then attempt to retrieve aggregated discovery with both groups and the resources. if ad, ok := d.(AggregatedDiscoveryInterface); ok { var resourcesByGV map[schema.GroupVersion]*metav1.APIResourceList - sgs, resourcesByGV, err = ad.GroupsAndMaybeResources() + sgs, resourcesByGV, failedGVs, err = ad.GroupsAndMaybeResources() for _, resourceList := range resourcesByGV { resources = append(resources, resourceList) } @@ -404,8 +425,15 @@ func ServerGroupsAndResources(d DiscoveryInterface) ([]*metav1.APIGroup, []*meta for i := range sgs.Groups { resultGroups = append(resultGroups, &sgs.Groups[i]) } + // resources is non-nil if aggregated discovery succeeded. if resources != nil { - return resultGroups, resources, nil + // Any stale Group/Versions returned by aggregated discovery + // must be surfaced to the caller as failed Group/Versions. + var ferr error + if len(failedGVs) > 0 { + ferr = &ErrGroupDiscoveryFailed{Groups: failedGVs} + } + return resultGroups, resources, ferr } groupVersionResources, failedGroups := fetchGroupVersionResources(d, sgs) @@ -436,16 +464,18 @@ func ServerPreferredResources(d DiscoveryInterface) ([]*metav1.APIResourceList, var err error // If the passed discovery object implements the wider AggregatedDiscoveryInterface, - // then it is attempt to retrieve both the groups and the resources. + // then it is attempt to retrieve both the groups and the resources. "failedGroups" + // are Group/Versions returned as stale in AggregatedDiscovery format. ad, ok := d.(AggregatedDiscoveryInterface) if ok { - serverGroupList, groupVersionResources, err = ad.GroupsAndMaybeResources() + serverGroupList, groupVersionResources, failedGroups, err = ad.GroupsAndMaybeResources() } else { serverGroupList, err = d.ServerGroups() } if err != nil { return nil, err } + // Non-aggregated discovery must fetch resources from Groups. if groupVersionResources == nil { groupVersionResources, failedGroups = fetchGroupVersionResources(d, serverGroupList) } diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 62ccaa7daf..783d414ac3 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -425,7 +425,7 @@ go.uber.org/zap/zapgrpc ## explicit; go 1.17 golang.org/x/crypto/bcrypt golang.org/x/crypto/blowfish -# golang.org/x/net v0.7.0 +# golang.org/x/net v0.8.0 ## explicit; go 1.17 golang.org/x/net/context golang.org/x/net/context/ctxhttp @@ -441,17 +441,17 @@ golang.org/x/net/trace ## explicit; go 1.11 golang.org/x/oauth2 golang.org/x/oauth2/internal -# golang.org/x/sys v0.5.0 +# golang.org/x/sys v0.6.0 ## explicit; go 1.17 golang.org/x/sys/internal/unsafeheader golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry -# golang.org/x/term v0.5.0 +# golang.org/x/term v0.6.0 ## explicit; go 1.17 golang.org/x/term -# golang.org/x/text v0.7.0 +# golang.org/x/text v0.8.0 ## explicit; go 1.17 golang.org/x/text/encoding golang.org/x/text/encoding/internal @@ -584,7 +584,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 +# k8s.io/api v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -640,7 +640,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 +# k8s.io/apimachinery v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta @@ -687,12 +687,12 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 +# k8s.io/cli-runtime v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 +# k8s.io/client-go v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -835,7 +835,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 +# k8s.io/component-base v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -871,7 +871,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 +# k8s.io/kubectl v0.26.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 ## explicit; go 1.19 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -998,32 +998,32 @@ sigs.k8s.io/yaml # go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20230322155524-f70da9d78221 # go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20230322155524-f70da9d78221 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 diff --git a/go.mod b/go.mod index 6258895839..c86a833680 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/spf13/cobra v1.6.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.0 - golang.org/x/sys v0.5.0 + golang.org/x/sys v0.6.0 gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/api v0.26.1 k8s.io/apiextensions-apiserver v0.26.1 @@ -140,10 +140,10 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/runc v1.1.4 // indirect + github.com/opencontainers/runc v1.1.6 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect github.com/opencontainers/selinux v1.10.0 // indirect - github.com/openshift/apiserver-library-go v0.0.0-20230120221150-cefee9e0162b // indirect + github.com/openshift/apiserver-library-go v0.0.0-20230411124846-9fe2aa032a6f // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/profile v1.3.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -185,14 +185,14 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.19.0 // indirect golang.org/x/crypto v0.1.0 // indirect - golang.org/x/mod v0.6.0 // indirect - golang.org/x/net v0.7.0 // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/net v0.8.0 // indirect golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect - golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/sync v0.1.0 // indirect + golang.org/x/term v0.6.0 // indirect + golang.org/x/text v0.8.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.2.0 // indirect + golang.org/x/tools v0.6.0 // indirect google.golang.org/api v0.60.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect @@ -221,7 +221,7 @@ require ( k8s.io/mount-utils v0.0.0 // indirect k8s.io/pod-security-admission v0.25.0 // indirect k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/kube-storage-version-migrator v0.0.4 // indirect sigs.k8s.io/kustomize/api v0.12.1 // indirect @@ -231,34 +231,34 @@ require ( replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 // from kubernetes - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 // release kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230412020409-0c79814882f4 // from kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230412020409-0c79814882f4 // from kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 // release kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20230414060647-19816eefa682 // from kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20230414060647-19816eefa682 // from kubernetes ) diff --git a/go.sum b/go.sum index fc9ca6379f..1c00a8f9a6 100644 --- a/go.sum +++ b/go.sum @@ -589,8 +589,9 @@ github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3I github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= +github.com/opencontainers/runc v1.1.6 h1:XbhB8IfG/EsnhNvZtNdLB0GBw92GYEFvKlhaJk9jUgA= +github.com/opencontainers/runc v1.1.6/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 h1:3snG66yBm59tKhhSPQrQ/0bCrv1LQbKt40LnUPiUxdc= @@ -600,65 +601,65 @@ github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh github.com/openshift/api v0.0.0-20230120195050-6ba31fa438f2/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= github.com/openshift/api v0.0.0-20230208193339-068b2ae5534f h1:+GaTEfR8gYzh64fdlRKLYZLwt5p4wQd2mdnvkhFDa8k= github.com/openshift/api v0.0.0-20230208193339-068b2ae5534f/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= -github.com/openshift/apiserver-library-go v0.0.0-20230120221150-cefee9e0162b h1:1AeKPWFTSSSqSl0VYmwnaOuxw2kExQgJ6pjuC4XV33A= -github.com/openshift/apiserver-library-go v0.0.0-20230120221150-cefee9e0162b/go.mod h1:FmOGJTf5L1X9LiqnsNDwKJyt5ycUNxnNqpxs0rgylTc= +github.com/openshift/apiserver-library-go v0.0.0-20230411124846-9fe2aa032a6f h1:rcaCMJa6vCtX/4orBfonBz2Z2zjdlJzDOzxwhlcq10U= +github.com/openshift/apiserver-library-go v0.0.0-20230411124846-9fe2aa032a6f/go.mod h1:pI5W5+O/b0A7qOAXuLLCQqQjoCcQoEPsoBNoFfScvUQ= github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR4ah7FfaPR1WePizm0jlrsbmPu91xQZnAsVVreQV1k= github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20230120202327-72f107311084 h1:66uaqNwA+qYyQDwsMWUfjjau8ezmg1dzCqub13KZOcE= github.com/openshift/client-go v0.0.0-20230120202327-72f107311084/go.mod h1:M3h9m001PWac3eAudGG3isUud6yBjr5XpzLYLLTlHKo= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203 h1:rafkiE1rN2dQC0rq7q44mI4/69aEkcxmdpxVlwvTOPY= github.com/openshift/cluster-policy-controller v0.0.0-20230324020700-d02c85ab3203/go.mod h1:vlkRuwyRueLOQ/ZRRle+rCrh+YNoh+pzJm9WaN9e6mU= -github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4 h1:DxU8TWjU8Oena8Ghid/K+cmQLNJSJRhuUFdlHqrEYM0= -github.com/openshift/kubernetes v0.0.0-20230412020409-0c79814882f4/go.mod h1:FFmjFkZxW22qBBjGCdvUj9MzYgHeh1t+7fG3n7162tM= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4 h1:dzCea/DHA2x6R9j+wTb7BY3LnqhorBSvVdmB/wF0b5o= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230412020409-0c79814882f4/go.mod h1:RTbOBHv2jYAglrayTACr8ehH2HG1tEW8PXS62qjcXsM= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4 h1:agPz3HCip5q6vbfHqIrZHBO2cq27NR6xPzlIWtiNV14= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230412020409-0c79814882f4/go.mod h1:U0Mmzj5eyc8IBdGjsF2XR3dBQG0yqvhy468GKZvdfXU= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4 h1:t45aNQ0O98VzJ9nA8mhvcXDl30FcmZpR/yfLudfnwPQ= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230412020409-0c79814882f4/go.mod h1:IgGsaYCHg2HXxQq/DkcLV7Qqb5wXHuiOghXAWNRvTIo= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4 h1:pXWg407R5iaAYV2w/ElE7MtOmxcZ62WpCq6f4S2/Cvk= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230412020409-0c79814882f4/go.mod h1:xwqK7Ox7oH/b11ZMPYtqPV/OYt2ZlYZf7XsuukECSc4= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4 h1:paEpt3um9AlkuelIGXcweXP4MNcbSZqUZXmKK/ys77M= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230412020409-0c79814882f4/go.mod h1:9VL9PumwGZm4ySijjOkqi2A8Q8o/jH6NPv36Hcyff2c= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4 h1:EpfLJVTood6aq/ElFbWN+sWqx1aJYhvv0XRRZZHZVC0= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230412020409-0c79814882f4/go.mod h1:j2CuU4yppRfeP82jtQ9Og0EPAoA03neRboLDK7m4tQc= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4 h1:mtZeh53RDdQpMkIOn6Z0f3WOiWCcmw/Ua93PbDgW7Bk= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230412020409-0c79814882f4/go.mod h1:C8LxhCSrMIvk2892MFXHd6Ygyy/cCVK30VOZZVm4KSM= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4 h1:CJG+OQlmVbldHGEblR3d2HVcgm8KSQzlFaVzj8P8WxI= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230412020409-0c79814882f4/go.mod h1:sf8VADmgVR2MzucAzvUaYsYLUi8S4onGjDNXWp6+iOw= -github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230412020409-0c79814882f4/go.mod h1:HDEVJ4fMSa8PKXQ5cJgG2PEEYCM9NDxpj7EojkpHatA= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4 h1:oBP6cLuqYBCVpXsOIOhk++szFMFJ6Nwn+4Lgat1jkkQ= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230412020409-0c79814882f4/go.mod h1:Qixtkhh98MU5XSgj3qwsRRdXX650+J9CmYavg7UHfGc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4 h1:0aFCy3DFIJp9q7MjIdF+d7c9gRRldbzoADzeXJHD6Ps= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230412020409-0c79814882f4/go.mod h1:v9q5XN/HFJwSIQ9HiyzSh9Pgpkf0sdmLX2s4wWmub1c= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4 h1:gtLRfQXW02jMSNd3b+OYihuYGnf3kdpM1XcxVho24yI= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230412020409-0c79814882f4/go.mod h1:45yXoVo9Jbbpsz92uqBbG2oVBkVEWv+4ROfek4yo0NE= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4 h1:UH2CrxJMeQfqUXKAdBS4wMrTkRr5IlMLtC4K6QLUVa0= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230412020409-0c79814882f4/go.mod h1:X6BH8wZUzqCnAYka7oy7QYoBUcN3xSXV6rZIxdXoArE= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4 h1:hVdwgqxDk4bluPK25EPn8Pac41kd+Z5dEYx2rDlmlfA= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230412020409-0c79814882f4/go.mod h1:aNNfBLYfQbTrwqWHK9JMaodwbDNG1lELDChC0mhKLJQ= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4 h1:TFwYCrthXTV89eiKNewDLRHIxqzUVsOTDI6CRenseVs= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230412020409-0c79814882f4/go.mod h1:MovKp06tUSXe3MnKchEr1D8CdDZgIhYiw6D6sBjZy94= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4 h1:6x02hFqXOhHkpGrkQMnZxbze/W5ezpFJY24p+QBOSGc= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230412020409-0c79814882f4/go.mod h1:RBaXXXu0TgOgwWU+GKrNbBjVj6I6mZ3Kuwxphmx83hM= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4 h1:YE1eqfA+F0slkcQz/JUq/wLe6GOOWeyKYDXYjwTBMuw= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230412020409-0c79814882f4/go.mod h1:tZLl7PAQI9WT9QcUVeua4aK0EIZE1DZhQorO9WLoRGs= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4 h1:DhG+hjnNz9dWd99ZDYgTvGfa664Z1BeNdsitcr1S/E0= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230412020409-0c79814882f4/go.mod h1:FmdoDrAFpzYtGWgaPrurpkB+ITnnOV/V/+uoFPovBKA= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4 h1:at3OR4PQWIMjPX4Rj/gF0axWOCxJUaC/0nb0v5+aICg= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230412020409-0c79814882f4/go.mod h1:Zgt5E29gT4nxpbFBvx43u3fRNTfMAvqZxchXnjw+gOo= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4 h1:gwn29Sp0NX3xKTFS7RrOBNM/pKAQqKUOduPQSrFB85o= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230412020409-0c79814882f4/go.mod h1:PHFHN0OYvl1mOobtWnD5t83uJuHy4pDEeshl0a/t5Do= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4 h1:6okyPOQlNzes/eX6zLDfxuZ8vq9TCClcMK/z2CspUNc= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230412020409-0c79814882f4/go.mod h1:A6pOnDSKM3jdR7v/EOkKKuHWsR3GGm4T3Vr9jS1U6QA= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4 h1:XDfbRtXJkcJ+0DYpGDY5z+THMad2F645g4axdksFVyE= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230412020409-0c79814882f4/go.mod h1:K4ChxIQRGSv8E4Cz3XSuZ38G5UwpTb/4p32vGMDpa1k= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4 h1:0siZkDLsSH1EwQozlv4jSvXjv4J/YxShm5t+8D0R79U= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230412020409-0c79814882f4/go.mod h1:5qMnaoxtG8tgh9JRt99mH4aEw1Us6LFFigCQExPUeXQ= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4 h1:shy31jV3C6duCqPIbpBoayfvub0MD+ewWMsk4SNHlmo= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230412020409-0c79814882f4/go.mod h1:1PgQc8yQxp+tnTD2lzlyNGTngwImNyANUq74eRnHT5U= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4 h1:g3n+u+PZ/FEOf0lvfFcgDV+rMQdYsUa1uW8tLrr4yII= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230412020409-0c79814882f4/go.mod h1:KtKLalpm2l5WOPMqKs6VETKre5j3sPUz0D16MXQd1QI= +github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682 h1:aAZOgCVCBWMRRwi5W/NazlOCaCLlaMI704LTMwo/HUg= +github.com/openshift/kubernetes v0.0.0-20230414060647-19816eefa682/go.mod h1:T0+m4H3K5iWzDP65vb1st8Pd3siJoeSpbC0EzmymTVk= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682 h1:f+5Fcc/WQpus26/zjyl/XCYr4NSNpAtYuf6bV2UJf14= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20230414060647-19816eefa682/go.mod h1:uLYjAyw1JyCS9EUj6oUhl4eRy4XthcFpSodl6cOokQI= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682 h1:oh00NNthfcbhoHHG9RMaQ+Q9gaB+OjU6LsjIOgTZ6dA= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20230414060647-19816eefa682/go.mod h1:yViNAI+IfEaoAVoSOgZXDmN4bMipiqwvrXekieIkdbY= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682 h1:w4uwFjypPaaff3++nri9Z6P+OdBnUf9lF8czEeiOCYM= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20230414060647-19816eefa682/go.mod h1:ApuQzVQOyTrgHIGrmVljD8zZ+ZoHmXYbsFwLvSelf84= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682 h1:Ac/LHZaMAqUr9rE4Q1oLG6iuLwwi6L3GAuTPdsqO15Y= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20230414060647-19816eefa682/go.mod h1:VFDYdzpH+ZfUFicJweH6XtgDJJ+bBhIMgS/NgM6c9+c= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682 h1:LfPzMcGu+ns6q2+JD8KX2o3lxeUq8smiNSXwjLn98Do= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20230414060647-19816eefa682/go.mod h1:LumLfFU84tK2qax1WpUviAosYlqlUaSJTIEtYjYpfxw= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682 h1:4m/eWo2ebGxBMmYB9y6YoI4EWIKGDG8SRSciVCX1ilA= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20230414060647-19816eefa682/go.mod h1:0QH/+sNaHFjTGTSyuwBXuHHhyBRa2r6ndYXUxchMPKI= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682 h1:QVD1gei4qjU1ZzqLrrk9UUM4oL5xNU5WHQrOh+plP2o= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20230414060647-19816eefa682/go.mod h1:UDt2Nn2cJxGQWGuPZXA8zhtTccXCsbzIMD2QMvjAl/s= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682 h1:Le/7MKrlHyL0GzydqE9O2YuBPTEwnMG5cUJHPOqQSKE= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20230414060647-19816eefa682/go.mod h1:CHVYBTORnxNcEy4sP3o5mXQCtQ+xakaDn7H4irLH4hE= +github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20230414060647-19816eefa682/go.mod h1:RPAt1JMA66rIEi+T0Dm3inLGbyc8PsaIoRuh006OoKQ= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682 h1:qyJleza3TMgCwXZ+b88cdGZMUz7G29GPpFNs0mGyscc= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20230414060647-19816eefa682/go.mod h1:4bzeXuIaKw5yabxEcNwxVYHKi0wLgcjl5naBxe4N1cw= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682 h1:nvGIHfDumItIc0eHmw1XkyaHYqODBrw4LFt6qX2UAE0= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20230414060647-19816eefa682/go.mod h1:1kjV28ccOe1eJI0U3RSRTXDv8PSWILLyDrRHnlN0b5Q= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682 h1:ieDpK+9kwFiYrZLf8szWJs034wF7DPyZ6imE9lvPwmU= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20230414060647-19816eefa682/go.mod h1:MzAfXD5g03ADE/cQOanac914VXKVm+PE21CdbMnqHh8= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682 h1:LHuIB1W4NAG9ZnrRQdfctquaE4GLKgCSQjny5JZYr+4= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20230414060647-19816eefa682/go.mod h1:sjqtRwsq9OIu27wzHZyTUxhszi4BTrLOZUP3XxMT3ac= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682 h1:IJ5E8PY+2bWAGqpmqDtkU2W4t6XmLC76x921nr1JVmY= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20230414060647-19816eefa682/go.mod h1:3iftQXweshE6LzQ4a0nccCFroiXuvkd0Tv0yVhVZo3g= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682 h1:SImSqAAOj9J8LfLmHFnMRAHSedb14k0fejLGldaAi1k= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20230414060647-19816eefa682/go.mod h1:i5+I2dCeC47HR6g0aFW6nr1wNfWRlyFmiSDs2NqFs3I= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682 h1:3rSkUFhklB10N5Xp3Dm3Wn6g+xyRNXdoRQaGdzGEMvs= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20230414060647-19816eefa682/go.mod h1:uzei6+XRNkQICBV+e8BACOZwRpfWPvpZ6bVCWYsuxfQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682 h1:WJVg9acdlTWqKOiC7JbJa2Ev0kFki5tL4mcdxTAkUMQ= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20230414060647-19816eefa682/go.mod h1:HLz7lzU2qNPgSwDA8ZH4T6Ll6kWU6Y6BpIzPWYfLBkc= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682 h1:YJruCzvKX+sqPHNK87ZdNJ3bld9cDh86nMuI1V50yKM= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20230414060647-19816eefa682/go.mod h1:W/OyRa4Ahdv09yt5iHcxSrTCn2yg33rlMqo9yW1GFm0= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682 h1:cGUyvu78+r830+joBbEILP5vkmM0udzZWvwEFYKSc30= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20230414060647-19816eefa682/go.mod h1:gAOk6X5CwD031FqXVf7CD4yQdou7UUUmP0FmRqCGPUI= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682 h1:1tYc5o7kN6Vx2Jr/HQLt8AQImp8TT2hBZWRIT0ZRfL8= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20230414060647-19816eefa682/go.mod h1:plN+kBQozEYwSUD3aB9oFwrpkVeIN5xVpQ6sLRbSiNs= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682 h1:F6Iq7mYVCz+EkVxwtb56Rg6EWbQ/JTSVo0zbrwZ+RTE= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20230414060647-19816eefa682/go.mod h1:au5YzS8yhxLz767EWIVfabqOrCtMfjppQRDQ+BPnNCE= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682 h1:4I/f6SZBayfieqXt7Zk0cWkbfXDGBdLTXFpDCXeAuX0= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20230414060647-19816eefa682/go.mod h1:j7EjbuGsi5n1jhuQ1s2xbgsV4H5MOY6iTjtp+CaBsh0= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682 h1:UCHUJBT8ieT0lja74AgVhU54Td2iFFLurUKKwv+ibig= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20230414060647-19816eefa682/go.mod h1:0XHkNqJcpcb3wT61pTKmEWoX8uuV9Q5N2Z48NrDYdww= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682 h1:BT1oPp1IvgYzpmksSeyoSvl61E4NbAQKyFt7wKEO+nY= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20230414060647-19816eefa682/go.mod h1:Xv4esSdxyeauCQqd77P5rMAjH8eAhtUfZjgykqPkXIg= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682 h1:/LcItEq3+hoyU2Cw181TFbGTSegdYWIC3AFlFwGTre4= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20230414060647-19816eefa682/go.mod h1:t18RIruuLO3r+O64ycCBgy26pv4C82be62Gkaneigqo= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4 h1:B9e1Sga7Q6iSI1YgzLgfABo+LDET7HZngJ+tKlrwVSk= github.com/openshift/library-go v0.0.0-20230222090221-582055a1d5c4/go.mod h1:xO4nAf0qa56dgvEJWVD1WuwSJ8JWPU1TYLBQrlutWnE= github.com/openshift/onsi-ginkgo/v2 v2.4.1-0.20221214150008-e73634cb3870 h1:YH3Z3ZWCDWjkAGdZpK5rCm5pRZ4wt0uEx1GwvCiO3+I= @@ -935,8 +936,9 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -992,8 +994,9 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1026,8 +1029,9 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1115,15 +1119,17 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1136,8 +1142,9 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1208,8 +1215,9 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1430,8 +1438,9 @@ k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 h1:+xBL5uTc+BkPBwmMi3vYfUJjq+N3K+H6PXeETwf5cPI= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36 h1:PUuX1qIFv309AT8hF/CdPKDmsG/hn/L8zRX7VvISM3A= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.36/go.mod h1:WxjusMwXlKzfAs4p9km6XJRndVt2FROgMVCE4cdohFo= sigs.k8s.io/controller-tools v0.2.8/go.mod h1:9VKHPszmf2DHz/QmHkcfZoewO6BL7pPs9uAiBVsaJSE= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= diff --git a/packaging/crio.conf.d/microshift_amd64.conf b/packaging/crio.conf.d/microshift_amd64.conf index 5f9f8932d4..5e7a3d1490 100644 --- a/packaging/crio.conf.d/microshift_amd64.conf +++ b/packaging/crio.conf.d/microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d7e84209164964e4f72d957fa7813529ea00656e2cd680457a23a0b4ef951cca" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:75e1339deae12d08ae9343b5258abfecbec2f9ce6f00c7069308a2a5630c816c" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/microshift_arm64.conf b/packaging/crio.conf.d/microshift_arm64.conf index 12ff0ccb3a..7358d410e1 100644 --- a/packaging/crio.conf.d/microshift_arm64.conf +++ b/packaging/crio.conf.d/microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d60020ba7b93e91fd6d120676db79bf19cd3eb7ba2bf304c533e38b525f194cf" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:58e9a75e28c4cf26f879bbb66c2273c3fc2a68b7bfc4d2dd1699a37674b78f51" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index 65ec2fe921..50cc1956a7 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -1,16 +1,14 @@ -# cluster-kube-apiserver-operator embedded-component 5f038db7df7ade2f3da707394a14e391c693d25c to 02ea4a4120dd0f8eb49d070b1fe420ed6d1debba -083565cf97e4077cff36091aba5a276d469f8eed 2023-03-22T18:35:00+00:00 update apf configuration to use v1beta3 -# kubernetes embedded-component 22308ca177342eb6820b95e0cad1142e385ef4c9 to 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 -71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: : STOR-829: Add CSIInlineVolumeSecurity admission plugin -# machine-config-operator embedded-component 0318874b6243752bb0bd30f8e99bd03d19278b37 to 5d6b4e794bda70accd168867bba815e3b3e3b02a -f98d25046fa825cb91c2b6f97c928f44b53b1b0f 2023-03-28T08:02:56+00:00 OCPBUGS-8676: Fix kubelet.service node-ip for v6-primary dual-stack -# kubernetes image-amd64 22308ca177342eb6820b95e0cad1142e385ef4c9 to 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 -71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: : STOR-829: Add CSIInlineVolumeSecurity admission plugin -# kubernetes image-arm64 22308ca177342eb6820b95e0cad1142e385ef4c9 to 85375332a108abce2f23a61958ae7adcc449477c +# cluster-network-operator embedded-component b7b90a5bef21ebe3c91362bb1415469197e0290b to d9b70b9b587762e53863d61d0447f2f74580bd4b +498475d4f534072c1d49befb0d12b88059082f93 2023-04-13T05:50:19+00:00 OCPBUGS-11046: Fix allowlist ds template +# kubernetes embedded-component 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 to 19816eefa6829861687df6dfe573708756c464cc +2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: : bump: apiserver-lib-go for fixed SCC admission +7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6 +b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5 +5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: : disable load balancing on created cgroups when managed is enabled +c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: : SCC pod extractor: assume default SA if SA is empty 1721e67a44c1e57c0751240b0feb62fe610186be 2023-04-11T20:28:05+02:00 UPSTREAM: : hack/update-vendor.sh, make update and update image e61f3ad194851a5db1489aab125ead07612bb170 2023-04-11T20:25:49+02:00 UPSTREAM: : Force using the go tooling from the system 6aebbd28015e52d856ed6097f1918a8246316f35 2023-04-11T20:23:23+02:00 UPSTREAM: : manually resolve conflicts -71873f411a7949e19aca37d65494aba17cdbe2da 2023-03-16T19:57:24+00:00 UPSTREAM: : STOR-829: Add CSIInlineVolumeSecurity admission plugin 9e644106593f3f4aa98f8a84b23db5fa378900bd 2023-03-15T13:33:11+00:00 Release commit for Kubernetes v1.26.3 6138cccca8d2c9cbe81d62c20b573078cd846907 2023-03-09T16:10:53-05:00 Avoid metric lookup in Parallelizer.Util on every work piece 7cc066c1050a55201e391a1c354464c008d36c82 2023-03-09T15:47:02-05:00 One lock among PodNominator and SchedulingQueue @@ -48,3 +46,62 @@ d87b53b15dcc60f15a418dd23cf4912d92c41eaa 2023-02-03T00:01:07-05:00 Invoke gimme 25183b77325b58abdcd09d9c0e94791e7a6232c1 2023-02-03T00:01:06-05:00 Defer builds to test-cmd and test-integration targets a50ebe3c210c0744166d5e2d1510ff4aac732aef 2023-01-31T16:08:55-05:00 Set node_stage whenever available 6206ce9fbf49e09cbf950317db7cece29d2e023a 2023-01-30T15:37:02-05:00 Carefully compute request path for metrics +# machine-config-operator embedded-component 5d6b4e794bda70accd168867bba815e3b3e3b02a to 35b049f9d3eaac15fdf6632e2ecd8cf55bd539e3 +b1826289224b1e973b88f3d0903b63cc9118af83 2023-04-13T16:32:58+00:00 OCPBUGS-11280: Fixing forcedns dispatcher script permission issue for assisted sno rhel9 upgrade +1e962e3c33c905d86871fc740eaac69e3b6f12a8 2023-03-29T13:52:01+00:00 Splitting NetworkManager-onprem.conf.yaml to 2 files: 1. NetworkManager-onprem.conf.yaml will set unmanaged field as before and will do it only for onprem platforms as before 2. NetworkManager-ipv6.conf.yaml will set ipv6 flags for all platforms +# ovn-kubernetes image-amd64 c66883c01e06722319fdf18e9997231b6abda3aa to e3bef98aa599a90a7f24ab077e7b979d688eb537 +13db0f8dc40dea0a2a6d89810750f3dc9c3603d9 2023-03-28T10:56:40-04:00 Fixes Egress Firewall node selector for ipv6 +# kubernetes image-amd64 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 to 19816eefa6829861687df6dfe573708756c464cc +2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: : bump: apiserver-lib-go for fixed SCC admission +7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6 +b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5 +5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: : disable load balancing on created cgroups when managed is enabled +c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: : SCC pod extractor: assume default SA if SA is empty +1721e67a44c1e57c0751240b0feb62fe610186be 2023-04-11T20:28:05+02:00 UPSTREAM: : hack/update-vendor.sh, make update and update image +e61f3ad194851a5db1489aab125ead07612bb170 2023-04-11T20:25:49+02:00 UPSTREAM: : Force using the go tooling from the system +6aebbd28015e52d856ed6097f1918a8246316f35 2023-04-11T20:23:23+02:00 UPSTREAM: : manually resolve conflicts +9e644106593f3f4aa98f8a84b23db5fa378900bd 2023-03-15T13:33:11+00:00 Release commit for Kubernetes v1.26.3 +6138cccca8d2c9cbe81d62c20b573078cd846907 2023-03-09T16:10:53-05:00 Avoid metric lookup in Parallelizer.Util on every work piece +7cc066c1050a55201e391a1c354464c008d36c82 2023-03-09T15:47:02-05:00 One lock among PodNominator and SchedulingQueue +6968f56567c90ea4329448a9185445bb1f114295 2023-03-09T12:39:06-08:00 Removes old discovery hack ignoring 403 and 404 +363bcdd815c051e52954b1aab1cd503dfc19bff7 2023-03-09T12:38:02-08:00 Plumb stale GroupVersions through aggregated discovery +24f79b28edf2496aa63b7578b083362e009a987e 2023-03-09T10:08:08+01:00 releng/go: Update images, dependencies and version to Go 1.19.7 +6e8addd9a0a9e2983e3040e337b1b7ba6df83d87 2023-03-08T04:00:34+00:00 Tolerate empty discovery response in memcache client +5aefc0c454e0e4f7c431ddfdfe767859b36b55ac 2023-03-03T10:00:26+05:30 Fix for windows kube-proxy: 'externalTrafficPolicy: Local' results in no clusterIP entry in windows node. +4bab824def3417109b6dca8e16ad3b7fa80d74c8 2023-03-02T11:39:47-08:00 Deflake tests in staging/src/k8s.io/kube-aggregator/pkg/apiserver +20f36098d951df73b131e9408f1a37a74b84ba5d 2023-03-02T11:39:42-08:00 Fix a data race in TestDirty +d07478bd5a863273aec874c869bb8cd3de911bdc 2023-03-02T11:39:38-08:00 ut: fix TestLegacyFallbackNoCache versions order +b1f6dc0311402ffc8849ffab2998b38d839b9924 2023-03-02T11:36:43-08:00 Fix legacy fallback stale for aggregated discovery +3df1e8e32fdc4462bdfe1537d90ce4e6d83e6a9a 2023-03-02T02:29:31+00:00 add unit test +86a6f5d1b58ee63de1133b515001dd6d333b207a 2023-03-02T02:29:31+00:00 fix 116028 +e8627059b02a360f30a869abc7c1cbec00163651 2023-02-28T17:19:34-03:00 Re-enable label selector +1b063e1248ce9f38fda5456054fca77ecb320eec 2023-02-28T17:19:34-03:00 Add integration test for diff --prune --selector +215a91b4381ec2fded38e8d0253e0e3f3675f9cb 2023-02-28T17:19:32-03:00 Use label selector for filtering out resources when pruning. Matches same behavior as for kubectl apply +9ec50f523aa50219f2449b1acc119619d0642051 2023-02-27T10:58:28+01:00 svc: Support pods with same address +a4ea8e56c1558292233d6b4bb1d0712a21bf3518 2023-02-27T08:37:59+01:00 api: generated files +bb8e051b4b95e1eb0e2dc4e3e25b4373a8a6307d 2023-02-27T08:33:04+01:00 api: drop Resources.Claims from PVC and PVC template +5ea3848172c54a35b0e86a3709b983136e277293 2023-02-24T20:23:32+01:00 scheduler/framework/plugins/volumebinding: fix inaccurate log for when a volume is bound to a claim +f5261ae7362e90f20db2557bc83d590e83aeb7be 2023-02-24T07:25:58-08:00 Fix validation.go to validate without StatefulSetStartOrdinal feature gate check. Adds test case to validate regression fix of validation failing when spec.ordinals set and feature gate disabled +f945942cfa18acc3cb0d063a065fafa1e710dc88 2023-02-22T14:30:11+00:00 Update CHANGELOG/CHANGELOG-1.26.md for v1.26.2 +a87eb5d44f4d0008ef910d98d3b1983e3320bab7 2023-02-22T13:32:21+00:00 Release commit for Kubernetes v1.26.3-rc.0 +a05ec2e0147acb5955b21e4b971ae2e59a3ea019 2023-02-20T23:05:34+01:00 Remove global framework variable +072703c70b066c590686b9b75dcacab5a3f737dd 2023-02-15T10:25:09-08:00 fix race in aggregated discovery handler +bdecd47143ebfddfeacb36b9ff980446476eec9c 2023-02-14T17:46:31+00:00 Remove check for CSI driver running on node for CSI migration attach operations +00e1ab6b5dbf815eb6853a497b8ce1685a717536 2023-02-14T11:06:01-05:00 Disable multiple pv mount tests for vsphere intree driver +192f90ac9c5f0e04f0b9973952e0227cb37c5c4e 2023-02-13T21:26:58-05:00 Simplify construction of /metrics request +4e7930724f2afb60efc29b94ce1c5c75ceecb7cc 2023-02-08T16:54:52+05:30 Fix for issue with Loadbalancer policy creation for IPV6 endpoints in Dualstack mode. +83c3ca63a12eaadfa2fb20ea5d6b588904461193 2023-02-07T17:03:20-08:00 Bump konnectivity-client to v0.0.36 +29f810fc071157cfa55603e97c0065e50f45a131 2023-02-06T21:51:40+00:00 make GetSubnetPrefix IP family agnostic +d87b53b15dcc60f15a418dd23cf4912d92c41eaa 2023-02-03T00:01:07-05:00 Invoke gimme from kube::golang::verify_go_version +62386bb73950cbdec1f8938a3250937702222749 2023-02-03T00:01:07-05:00 Add gimme +25183b77325b58abdcd09d9c0e94791e7a6232c1 2023-02-03T00:01:06-05:00 Defer builds to test-cmd and test-integration targets +a50ebe3c210c0744166d5e2d1510ff4aac732aef 2023-01-31T16:08:55-05:00 Set node_stage whenever available +6206ce9fbf49e09cbf950317db7cece29d2e023a 2023-01-30T15:37:02-05:00 Carefully compute request path for metrics +# ovn-kubernetes image-arm64 c66883c01e06722319fdf18e9997231b6abda3aa to e3bef98aa599a90a7f24ab077e7b979d688eb537 +13db0f8dc40dea0a2a6d89810750f3dc9c3603d9 2023-03-28T10:56:40-04:00 Fixes Egress Firewall node selector for ipv6 +# kubernetes image-arm64 85375332a108abce2f23a61958ae7adcc449477c to 19816eefa6829861687df6dfe573708756c464cc +2e08e352eb705054f78f03a534a627ff8a038209 2023-04-12T20:02:20+02:00 UPSTREAM: : bump: apiserver-lib-go for fixed SCC admission +7101082be4e94ecdbad1da83df354131d90f5560 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: vendor: bump runc to 1.1.6 +b75565423e47cd3d2bb7fbcc56f0bff21562c2a7 2023-04-12T17:00:37+00:00 UPSTREAM: 117242: CVE-2023-27561: Bump runc go module v1.1.4 -> v1.1.5 +5a2bcff32a30b8d9f9f937c6cb5d5d3e6ca5069f 2023-04-12T17:00:37+00:00 UPSTREAM: : disable load balancing on created cgroups when managed is enabled +c376be027feb599a81f5f38e5b1922e9c05065b2 2023-04-12T17:53:58+02:00 UPSTREAM: : SCC pod extractor: assume default SA if SA is empty diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 95bd4bccd4..fdd44b74f8 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -3,12 +3,12 @@ https://github.com/openshift/cluster-ingress-operator embedded-component 6aa482c https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 02ea4a4120dd0f8eb49d070b1fe420ed6d1debba https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component cdde94837bec1810dbad71ca070a84f212de0cbb https://github.com/openshift/cluster-kube-scheduler-operator embedded-component dc5cba57ddcdb5a4b43240d1c2ab908fa953d887 -https://github.com/openshift/cluster-network-operator embedded-component b7b90a5bef21ebe3c91362bb1415469197e0290b +https://github.com/openshift/cluster-network-operator embedded-component d9b70b9b587762e53863d61d0447f2f74580bd4b https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component 9a8aba8cad6491a31e743a7e366d758351482d88 https://github.com/openshift/cluster-policy-controller embedded-component d02c85ab3203fe22eddcc4694e17504ef34935de https://github.com/openshift/etcd embedded-component f70da9d78221bc3e6bf8ac14c0c4ecc106f4f57d -https://github.com/openshift/kubernetes embedded-component 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 -https://github.com/openshift/machine-config-operator embedded-component 5d6b4e794bda70accd168867bba815e3b3e3b02a +https://github.com/openshift/kubernetes embedded-component 19816eefa6829861687df6dfe573708756c464cc +https://github.com/openshift/machine-config-operator embedded-component 35b049f9d3eaac15fdf6632e2ecd8cf55bd539e3 https://github.com/openshift/openshift-controller-manager embedded-component 87de83867ac51730f506138ee790a56ca21d9fc9 https://github.com/openshift/route-controller-manager embedded-component d7a8e22db412b6fabb7028ca0da8de8f3d9ac3c3 https://github.com/openshift/service-ca-operator embedded-component 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a @@ -16,13 +16,13 @@ https://github.com/openshift/oc image-amd64 92b1a3d0e5d092430b523f6541aa0c504b22 https://github.com/openshift/coredns image-amd64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-amd64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-amd64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 -https://github.com/openshift/ovn-kubernetes image-amd64 c66883c01e06722319fdf18e9997231b6abda3aa -https://github.com/openshift/kubernetes image-amd64 0c79814882f4a4b842fbeab001c9f92f9de9a9b9 +https://github.com/openshift/ovn-kubernetes image-amd64 e3bef98aa599a90a7f24ab077e7b979d688eb537 +https://github.com/openshift/kubernetes image-amd64 19816eefa6829861687df6dfe573708756c464cc https://github.com/openshift/service-ca-operator image-amd64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a https://github.com/openshift/oc image-arm64 92b1a3d0e5d092430b523f6541aa0c504b2222b3 https://github.com/openshift/coredns image-arm64 5560e4ad8c343c211f0b2f9d85ce7331b20b87cb https://github.com/openshift/router image-arm64 e28644631982fb4596e065d3ae85099f0886829d https://github.com/openshift/kube-rbac-proxy image-arm64 11b1439d48a47a408ae7e2dd851989f7b7b4f595 -https://github.com/openshift/ovn-kubernetes image-arm64 c66883c01e06722319fdf18e9997231b6abda3aa -https://github.com/openshift/kubernetes image-arm64 85375332a108abce2f23a61958ae7adcc449477c +https://github.com/openshift/ovn-kubernetes image-arm64 e3bef98aa599a90a7f24ab077e7b979d688eb537 +https://github.com/openshift/kubernetes image-arm64 19816eefa6829861687df6dfe573708756c464cc https://github.com/openshift/service-ca-operator image-arm64 1b89fdce3fcccecdc5fdb705fe674cd4bfc58a2a diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 044a6f5fd5..bdbc467c65 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-13-171034" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-14-004314" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2023-04-15-102029" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.13.0-0.nightly-arm64-2023-04-15-102028" "registry.access.redhat.com/lvms4/lvms-operator-bundle:v4.12" diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go index 104c74a890..35b00aaf05 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/ebpf/ebpf_linux.go @@ -93,7 +93,7 @@ var ( ) // Loosely based on the BPF_F_REPLACE support check in -// . +// https://github.com/cilium/ebpf/blob/v0.6.0/link/syscalls.go. // // TODO: move this logic to cilium/ebpf func haveBpfProgReplace() bool { diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go index fb4fcc7f75..9e2f0ec04c 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/fs/fs.go @@ -28,6 +28,7 @@ var subsystems = []subsystem{ &FreezerGroup{}, &RdmaGroup{}, &NameGroup{GroupName: "name=systemd", Join: true}, + &NameGroup{GroupName: "misc", Join: true}, } var errSubsystemDoesNotExist = errors.New("cgroup: subsystem does not exist") diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go index 45744c15c0..50746ae0c5 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/common.go @@ -293,8 +293,18 @@ func generateDeviceProperties(r *configs.Resources) ([]systemdDbus.Property, err // rules separately to systemd) we can safely skip entries that don't // have a corresponding path. if _, err := os.Stat(entry.Path); err != nil { - logrus.Debugf("skipping device %s for systemd: %s", entry.Path, err) - continue + // Also check /sys/dev so that we don't depend on /dev/{block,char} + // being populated. (/dev/{block,char} is populated by udev, which + // isn't strictly required for systemd). Ironically, this happens most + // easily when starting containerd within a runc created container + // itself. + + // We don't bother with securejoin here because we create entry.Path + // right above here, so we know it's safe. + if _, err := os.Stat("/sys" + entry.Path); err != nil { + logrus.Warnf("skipping device %s for systemd: %s", entry.Path, err) + continue + } } } deviceAllowList = append(deviceAllowList, entry) @@ -343,32 +353,52 @@ func isUnitExists(err error) bool { return isDbusError(err, "org.freedesktop.systemd1.UnitExists") } -func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property) error { +func startUnit(cm *dbusConnManager, unitName string, properties []systemdDbus.Property, ignoreExist bool) error { statusChan := make(chan string, 1) + retry := true + +retry: err := cm.retryOnDisconnect(func(c *systemdDbus.Conn) error { _, err := c.StartTransientUnitContext(context.TODO(), unitName, "replace", properties, statusChan) return err }) - if err == nil { - timeout := time.NewTimer(30 * time.Second) - defer timeout.Stop() - - select { - case s := <-statusChan: - close(statusChan) - // Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit - if s != "done" { - resetFailedUnit(cm, unitName) - return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s) - } - case <-timeout.C: + if err != nil { + if !isUnitExists(err) { + return err + } + if ignoreExist { + // TODO: remove this hack. + // This is kubelet making sure a slice exists (see + // https://github.com/opencontainers/runc/pull/1124). + return nil + } + if retry { + // In case a unit with the same name exists, this may + // be a leftover failed unit. Reset it, so systemd can + // remove it, and retry once. resetFailedUnit(cm, unitName) - return errors.New("Timeout waiting for systemd to create " + unitName) + retry = false + goto retry } - } else if !isUnitExists(err) { return err } + timeout := time.NewTimer(30 * time.Second) + defer timeout.Stop() + + select { + case s := <-statusChan: + close(statusChan) + // Please refer to https://pkg.go.dev/github.com/coreos/go-systemd/v22/dbus#Conn.StartUnit + if s != "done" { + resetFailedUnit(cm, unitName) + return fmt.Errorf("error creating systemd unit `%s`: got `%s`", unitName, s) + } + case <-timeout.C: + resetFailedUnit(cm, unitName) + return errors.New("Timeout waiting for systemd to create " + unitName) + } + return nil } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go index 83d10dd705..dd474cf1b1 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/cpuset.go @@ -51,5 +51,10 @@ func RangeToBits(str string) ([]byte, error) { // do not allow empty values return nil, errors.New("empty value") } + + // fit cpuset parsing order in systemd + for l, r := 0, len(ret)-1; l < r; l, r = l+1, r-1 { + ret[l], ret[r] = ret[r], ret[l] + } return ret, nil } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go index a74a05a5cd..046c3056fb 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v1.go @@ -71,6 +71,7 @@ var legacySubsystems = []subsystem{ &fs.NetClsGroup{}, &fs.NameGroup{GroupName: "name=systemd"}, &fs.RdmaGroup{}, + &fs.NameGroup{GroupName: "misc"}, } func genV1ResourcesProperties(r *configs.Resources, cm *dbusConnManager) ([]systemdDbus.Property, error) { @@ -206,7 +207,7 @@ func (m *legacyManager) Apply(pid int) error { properties = append(properties, c.SystemdProps...) - if err := startUnit(m.dbus, unitName, properties); err != nil { + if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil { return err } @@ -273,14 +274,7 @@ func getSubsystemPath(slice, unit, subsystem string) (string, error) { return "", err } - initPath, err := cgroups.GetInitCgroup(subsystem) - if err != nil { - return "", err - } - // if pid 1 is systemd 226 or later, it will be in init.scope, not the root - initPath = strings.TrimSuffix(filepath.Clean(initPath), "init.scope") - - return filepath.Join(mountpoint, initPath, slice, unit), nil + return filepath.Join(mountpoint, slice, unit), nil } func (m *legacyManager) Freeze(state configs.FreezerState) error { diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go index de0cb974d4..94d24ee450 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/systemd/v2.go @@ -284,7 +284,7 @@ func (m *unifiedManager) Apply(pid int) error { properties = append(properties, c.SystemdProps...) - if err := startUnit(m.dbus, unitName, properties); err != nil { + if err := startUnit(m.dbus, unitName, properties, pid == -1); err != nil { return fmt.Errorf("unable to start unit %q (properties %+v): %w", unitName, properties, err) } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go index b32af4ee53..fc4ae44a48 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/cgroups/utils.go @@ -162,8 +162,10 @@ func readProcsFile(dir string) ([]int, error) { // ParseCgroupFile parses the given cgroup file, typically /proc/self/cgroup // or /proc//cgroup, into a map of subsystems to cgroup paths, e.g. -// "cpu": "/user.slice/user-1000.slice" -// "pids": "/user.slice/user-1000.slice" +// +// "cpu": "/user.slice/user-1000.slice" +// "pids": "/user.slice/user-1000.slice" +// // etc. // // Note that for cgroup v2 unified hierarchy, there are no per-controller diff --git a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go index 627621a58d..4fbd308dad 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/configs/validate/validator.go @@ -131,9 +131,8 @@ func (v *ConfigValidator) cgroupnamespace(config *configs.Config) error { // convertSysctlVariableToDotsSeparator can return sysctl variables in dots separator format. // The '/' separator is also accepted in place of a '.'. // Convert the sysctl variables to dots separator format for validation. -// More info: -// https://man7.org/linux/man-pages/man8/sysctl.8.html -// https://man7.org/linux/man-pages/man5/sysctl.d.5.html +// More info: sysctl(8), sysctl.d(5). +// // For example: // Input sysctl variable "net/ipv4/conf/eno2.100.rp_filter" // will return the converted value "net.ipv4.conf.eno2/100.rp_filter" diff --git a/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go index 9df830d8cd..dd61dfd3c9 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/container_linux.go @@ -926,7 +926,7 @@ func (c *linuxContainer) criuSupportsExtNS(t configs.NamespaceType) bool { } func criuNsToKey(t configs.NamespaceType) string { - return "extRoot" + strings.Title(configs.NsName(t)) + "NS" + return "extRoot" + strings.Title(configs.NsName(t)) + "NS" //nolint:staticcheck // SA1019: strings.Title is deprecated } func (c *linuxContainer) handleCheckpointingExternalNamespaces(rpcOpts *criurpc.CriuOpts, t configs.NamespaceType) error { diff --git a/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go new file mode 100644 index 0000000000..cc1e2079a7 --- /dev/null +++ b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_go119.go @@ -0,0 +1,17 @@ +//go:build !go1.20 +// +build !go1.20 + +package libcontainer + +import "golang.org/x/sys/unix" + +func eaccess(path string) error { + // This check is similar to access(2) with X_OK except for + // setuid/setgid binaries where it checks against the effective + // (rather than real) uid and gid. It is not needed in go 1.20 + // and beyond and will be removed later. + + // Relies on code added in https://go-review.googlesource.com/c/sys/+/468877 + // and older CLs linked from there. + return unix.Faccessat(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS) +} diff --git a/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go new file mode 100644 index 0000000000..7c049fd7aa --- /dev/null +++ b/vendor/github.com/opencontainers/runc/libcontainer/eaccess_stub.go @@ -0,0 +1,10 @@ +//go:build go1.20 + +package libcontainer + +func eaccess(path string) error { + // Not needed in Go 1.20+ as the functionality is already in there + // (added by https://go.dev/cl/416115, https://go.dev/cl/414824, + // and fixed in Go 1.20.2 by https://go.dev/cl/469956). + return nil +} diff --git a/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go index e6c71ac34e..a1fa7de2d2 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/factory_linux.go @@ -179,6 +179,12 @@ func (l *LinuxFactory) Create(id string, config *configs.Config) (Container, err return nil, fmt.Errorf("unable to get cgroup PIDs: %w", err) } if len(pids) != 0 { + if config.Cgroups.Systemd { + // systemd cgroup driver can't add a pid to an + // existing systemd unit and will return an + // error anyway, so let's error out early. + return nil, fmt.Errorf("container's cgroup is not empty: %d process(es) found", len(pids)) + } // TODO: return an error. logrus.Warnf("container's cgroup is not empty: %d process(es) found", len(pids)) logrus.Warn("DEPRECATED: running container in a non-empty cgroup won't be supported in runc 1.2; https://github.com/opencontainers/runc/issues/3132") @@ -338,10 +344,9 @@ func (l *LinuxFactory) StartInitialization() (err error) { defer func() { if e := recover(); e != nil { - if e, ok := e.(error); ok { - err = fmt.Errorf("panic from initialization: %w, %s", e, debug.Stack()) + if ee, ok := e.(error); ok { + err = fmt.Errorf("panic from initialization: %w, %s", ee, debug.Stack()) } else { - //nolint:errorlint // here e is not of error type err = fmt.Errorf("panic from initialization: %v, %s", e, debug.Stack()) } } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go index 1e5c394c3e..2e4c59353c 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/init_linux.go @@ -411,8 +411,9 @@ func fixStdioPermissions(u *user.ExecUser) error { return &os.PathError{Op: "fstat", Path: file.Name(), Err: err} } - // Skip chown if uid is already the one we want. - if int(s.Uid) == u.Uid { + // Skip chown if uid is already the one we want or any of the STDIO descriptors + // were redirected to /dev/null. + if int(s.Uid) == u.Uid || s.Rdev == null.Rdev { continue } diff --git a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go index ec7638e4d5..c3f88fc703 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/rootfs_linux.go @@ -329,26 +329,41 @@ func mountCgroupV2(m *configs.Mount, c *mountConfig) error { if err := os.MkdirAll(dest, 0o755); err != nil { return err } - return utils.WithProcfd(c.root, m.Destination, func(procfd string) error { - if err := mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data); err != nil { - // when we are in UserNS but CgroupNS is not unshared, we cannot mount cgroup2 (#2158) - if errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY) { - src := fs2.UnifiedMountpoint - if c.cgroupns && c.cgroup2Path != "" { - // Emulate cgroupns by bind-mounting - // the container cgroup path rather than - // the whole /sys/fs/cgroup. - src = c.cgroup2Path - } - err = mount(src, m.Destination, procfd, "", uintptr(m.Flags)|unix.MS_BIND, "") - if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { - err = nil - } - } - return err - } - return nil + err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { + return mount(m.Source, m.Destination, procfd, "cgroup2", uintptr(m.Flags), m.Data) }) + if err == nil || !(errors.Is(err, unix.EPERM) || errors.Is(err, unix.EBUSY)) { + return err + } + + // When we are in UserNS but CgroupNS is not unshared, we cannot mount + // cgroup2 (#2158), so fall back to bind mount. + bindM := &configs.Mount{ + Device: "bind", + Source: fs2.UnifiedMountpoint, + Destination: m.Destination, + Flags: unix.MS_BIND | m.Flags, + PropagationFlags: m.PropagationFlags, + } + if c.cgroupns && c.cgroup2Path != "" { + // Emulate cgroupns by bind-mounting the container cgroup path + // rather than the whole /sys/fs/cgroup. + bindM.Source = c.cgroup2Path + } + // mountToRootfs() handles remounting for MS_RDONLY. + // No need to set c.fd here, because mountToRootfs() calls utils.WithProcfd() by itself in mountPropagate(). + err = mountToRootfs(bindM, c) + if c.rootlessCgroups && errors.Is(err, unix.ENOENT) { + // ENOENT (for `src = c.cgroup2Path`) happens when rootless runc is being executed + // outside the userns+mountns. + // + // Mask `/sys/fs/cgroup` to ensure it is read-only, even when `/sys` is mounted + // with `rbind,ro` (`runc spec --rootless` produces `rbind,ro` for `/sys`). + err = utils.WithProcfd(c.root, m.Destination, func(procfd string) error { + return maskPath(procfd, c.label) + }) + } + return err } func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { @@ -398,32 +413,43 @@ func doTmpfsCopyUp(m *configs.Mount, rootfs, mountLabel string) (Err error) { func mountToRootfs(m *configs.Mount, c *mountConfig) error { rootfs := c.root - mountLabel := c.label - mountFd := c.fd - dest, err := securejoin.SecureJoin(rootfs, m.Destination) - if err != nil { - return err - } + // procfs and sysfs are special because we need to ensure they are actually + // mounted on a specific path in a container without any funny business. switch m.Device { case "proc", "sysfs": // If the destination already exists and is not a directory, we bail - // out This is to avoid mounting through a symlink or similar -- which + // out. This is to avoid mounting through a symlink or similar -- which // has been a "fun" attack scenario in the past. // TODO: This won't be necessary once we switch to libpathrs and we can // stop all of these symlink-exchange attacks. + dest := filepath.Clean(m.Destination) + if !strings.HasPrefix(dest, rootfs) { + // Do not use securejoin as it resolves symlinks. + dest = filepath.Join(rootfs, dest) + } if fi, err := os.Lstat(dest); err != nil { if !os.IsNotExist(err) { return err } - } else if fi.Mode()&os.ModeDir == 0 { + } else if !fi.IsDir() { return fmt.Errorf("filesystem %q must be mounted on ordinary directory", m.Device) } if err := os.MkdirAll(dest, 0o755); err != nil { return err } - // Selinux kernels do not support labeling of /proc or /sys + // Selinux kernels do not support labeling of /proc or /sys. return mountPropagate(m, rootfs, "", nil) + } + + mountLabel := c.label + mountFd := c.fd + dest, err := securejoin.SecureJoin(rootfs, m.Destination) + if err != nil { + return err + } + + switch m.Device { case "mqueue": if err := os.MkdirAll(dest, 0o755); err != nil { return err diff --git a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go index 081d1503a3..c09a7bed30 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/standard_init_linux.go @@ -198,11 +198,12 @@ func (l *linuxStandardInit) Init() error { if err != nil { return err } - // exec.LookPath might return no error for an executable residing on a - // file system mounted with noexec flag, so perform this extra check - // now while we can still return a proper error. - if err := system.Eaccess(name); err != nil { - return &os.PathError{Op: "exec", Path: name, Err: err} + // exec.LookPath in Go < 1.20 might return no error for an executable + // residing on a file system mounted with noexec flag, so perform this + // extra check now while we can still return a proper error. + // TODO: remove this once go < 1.20 is not supported. + if err := eaccess(name); err != nil { + return &os.PathError{Op: "eaccess", Path: name, Err: err} } // Set seccomp as close to execve as possible, so as few syscalls take diff --git a/vendor/github.com/opencontainers/runc/libcontainer/sync.go b/vendor/github.com/opencontainers/runc/libcontainer/sync.go index c9a23ef3a7..25dc286307 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/sync.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/sync.go @@ -15,16 +15,16 @@ type syncType string // during container setup. They come in pairs (with procError being a generic // response which is followed by an &initError). // -// [ child ] <-> [ parent ] +// [ child ] <-> [ parent ] // -// procHooks --> [run hooks] -// <-- procResume +// procHooks --> [run hooks] +// <-- procResume // -// procReady --> [final setup] -// <-- procRun +// procReady --> [final setup] +// <-- procRun // -// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] -// <-- procSeccompDone +// procSeccomp --> [pick up seccomp fd with pidfd_getfd()] +// <-- procSeccompDone const ( procError syncType = "procError" procReady syncType = "procReady" diff --git a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go b/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go index 039059a444..e1d6eb1803 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/system/linux.go @@ -31,25 +31,6 @@ func (p ParentDeathSignal) Set() error { return SetParentDeathSignal(uintptr(p)) } -// Eaccess is similar to unix.Access except for setuid/setgid binaries -// it checks against the effective (rather than real) uid and gid. -func Eaccess(path string) error { - err := unix.Faccessat2(unix.AT_FDCWD, path, unix.X_OK, unix.AT_EACCESS) - if err != unix.ENOSYS && err != unix.EPERM { //nolint:errorlint // unix errors are bare - return err - } - - // Faccessat2() not available; check if we are a set[ug]id binary. - if os.Getuid() == os.Geteuid() && os.Getgid() == os.Getegid() { - // For a non-set[ug]id binary, use access(2). - return unix.Access(path, unix.X_OK) - } - - // For a setuid/setgid binary, there is no fallback way - // so assume we can execute the binary. - return nil -} - func Execv(cmd string, args []string, env []string) error { name, err := exec.LookPath(cmd) if err != nil { diff --git a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go index 2473c5eadd..a1e216683d 100644 --- a/vendor/github.com/opencontainers/runc/libcontainer/user/user.go +++ b/vendor/github.com/opencontainers/runc/libcontainer/user/user.go @@ -280,13 +280,13 @@ func GetExecUserPath(userSpec string, defaults *ExecUser, passwdPath, groupPath // found in any entry in passwd and group respectively. // // Examples of valid user specifications are: -// * "" -// * "user" -// * "uid" -// * "user:group" -// * "uid:gid -// * "user:gid" -// * "uid:group" +// - "" +// - "user" +// - "uid" +// - "user:group" +// - "uid:gid +// - "user:gid" +// - "uid:group" // // It should be noted that if you specify a numeric user or group id, they will // not be evaluated as usernames (only the metadata will be filled). So attempting diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/patched_sc_accessors.go b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/patched_sc_accessors.go new file mode 100644 index 0000000000..7b24270c93 --- /dev/null +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/patched_sc_accessors.go @@ -0,0 +1,471 @@ +/* + * This file is a copy of k8s.io/kubernetes/pkg/securitycontext/accessors.go that + * contains the patch from https://github.com/kubernetes/kubernetes/pull/115968 + * that only appears in kube 1.27. + * FIXME: Remove this file when OpenShift users kube 1.27 as its base. + */ + +package sccmatching + +import ( + "reflect" + + api "k8s.io/kubernetes/pkg/apis/core" + "k8s.io/kubernetes/pkg/securitycontext" +) + +type SecccompProfileAccessor interface { + SeccompProfile() *api.SeccompProfile +} + +type SeccompProfileMutator interface { + SetSeccompProfile(*api.SeccompProfile) +} + +type PatchedPodSecurityContextAccessor interface { + securitycontext.PodSecurityContextAccessor + SecccompProfileAccessor +} + +type PatchedPodSecurityContextMutator interface { + securitycontext.PodSecurityContextMutator + SecccompProfileAccessor + SeccompProfileMutator +} + +// NewPodSecurityContextAccessor returns an accessor for the given pod security context. +// May be initialized with a nil PodSecurityContext. +func NewPodSecurityContextAccessor(podSC *api.PodSecurityContext) PatchedPodSecurityContextAccessor { + return &podSecurityContextWrapper{podSC: podSC} +} + +// NewPodSecurityContextMutator returns a mutator for the given pod security context. +// May be initialized with a nil PodSecurityContext. +func NewPodSecurityContextMutator(podSC *api.PodSecurityContext) PatchedPodSecurityContextMutator { + return &podSecurityContextWrapper{podSC: podSC} +} + +type podSecurityContextWrapper struct { + podSC *api.PodSecurityContext +} + +func (w *podSecurityContextWrapper) PodSecurityContext() *api.PodSecurityContext { + return w.podSC +} + +func (w *podSecurityContextWrapper) ensurePodSC() { + if w.podSC == nil { + w.podSC = &api.PodSecurityContext{} + } +} + +func (w *podSecurityContextWrapper) HostNetwork() bool { + if w.podSC == nil { + return false + } + return w.podSC.HostNetwork +} +func (w *podSecurityContextWrapper) SetHostNetwork(v bool) { + if w.podSC == nil && v == false { + return + } + w.ensurePodSC() + w.podSC.HostNetwork = v +} +func (w *podSecurityContextWrapper) HostPID() bool { + if w.podSC == nil { + return false + } + return w.podSC.HostPID +} +func (w *podSecurityContextWrapper) SetHostPID(v bool) { + if w.podSC == nil && v == false { + return + } + w.ensurePodSC() + w.podSC.HostPID = v +} +func (w *podSecurityContextWrapper) HostIPC() bool { + if w.podSC == nil { + return false + } + return w.podSC.HostIPC +} +func (w *podSecurityContextWrapper) SetHostIPC(v bool) { + if w.podSC == nil && v == false { + return + } + w.ensurePodSC() + w.podSC.HostIPC = v +} +func (w *podSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions { + if w.podSC == nil { + return nil + } + return w.podSC.SELinuxOptions +} +func (w *podSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) { + if w.podSC == nil && v == nil { + return + } + w.ensurePodSC() + w.podSC.SELinuxOptions = v +} +func (w *podSecurityContextWrapper) RunAsUser() *int64 { + if w.podSC == nil { + return nil + } + return w.podSC.RunAsUser +} +func (w *podSecurityContextWrapper) SetRunAsUser(v *int64) { + if w.podSC == nil && v == nil { + return + } + w.ensurePodSC() + w.podSC.RunAsUser = v +} +func (w *podSecurityContextWrapper) RunAsGroup() *int64 { + if w.podSC == nil { + return nil + } + return w.podSC.RunAsGroup +} +func (w *podSecurityContextWrapper) SetRunAsGroup(v *int64) { + if w.podSC == nil && v == nil { + return + } + w.ensurePodSC() + w.podSC.RunAsGroup = v +} + +func (w *podSecurityContextWrapper) RunAsNonRoot() *bool { + if w.podSC == nil { + return nil + } + return w.podSC.RunAsNonRoot +} +func (w *podSecurityContextWrapper) SetRunAsNonRoot(v *bool) { + if w.podSC == nil && v == nil { + return + } + w.ensurePodSC() + w.podSC.RunAsNonRoot = v +} +func (w *podSecurityContextWrapper) SeccompProfile() *api.SeccompProfile { + if w.podSC == nil { + return nil + } + return w.podSC.SeccompProfile +} +func (w *podSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) { + if w.podSC == nil && p == nil { + return + } + w.ensurePodSC() + w.podSC.SeccompProfile = p +} +func (w *podSecurityContextWrapper) SupplementalGroups() []int64 { + if w.podSC == nil { + return nil + } + return w.podSC.SupplementalGroups +} +func (w *podSecurityContextWrapper) SetSupplementalGroups(v []int64) { + if w.podSC == nil && len(v) == 0 { + return + } + w.ensurePodSC() + if len(v) == 0 && len(w.podSC.SupplementalGroups) == 0 { + return + } + w.podSC.SupplementalGroups = v +} +func (w *podSecurityContextWrapper) FSGroup() *int64 { + if w.podSC == nil { + return nil + } + return w.podSC.FSGroup +} +func (w *podSecurityContextWrapper) SetFSGroup(v *int64) { + if w.podSC == nil && v == nil { + return + } + w.ensurePodSC() + w.podSC.FSGroup = v +} + +type PatchedContainerSecurityContextAccessor interface { + securitycontext.ContainerSecurityContextAccessor + SecccompProfileAccessor +} + +type PatchedContainerSecurityContextMutator interface { + securitycontext.ContainerSecurityContextMutator + SecccompProfileAccessor + SeccompProfileMutator +} + +// NewContainerSecurityContextAccessor returns an accessor for the provided container security context +// May be initialized with a nil SecurityContext +func NewContainerSecurityContextAccessor(containerSC *api.SecurityContext) PatchedContainerSecurityContextAccessor { + return &containerSecurityContextWrapper{containerSC: containerSC} +} + +// NewContainerSecurityContextMutator returns a mutator for the provided container security context +// May be initialized with a nil SecurityContext +func NewContainerSecurityContextMutator(containerSC *api.SecurityContext) PatchedContainerSecurityContextMutator { + return &containerSecurityContextWrapper{containerSC: containerSC} +} + +type containerSecurityContextWrapper struct { + containerSC *api.SecurityContext +} + +func (w *containerSecurityContextWrapper) ContainerSecurityContext() *api.SecurityContext { + return w.containerSC +} + +func (w *containerSecurityContextWrapper) ensureContainerSC() { + if w.containerSC == nil { + w.containerSC = &api.SecurityContext{} + } +} + +func (w *containerSecurityContextWrapper) Capabilities() *api.Capabilities { + if w.containerSC == nil { + return nil + } + return w.containerSC.Capabilities +} +func (w *containerSecurityContextWrapper) SetCapabilities(v *api.Capabilities) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.Capabilities = v +} +func (w *containerSecurityContextWrapper) Privileged() *bool { + if w.containerSC == nil { + return nil + } + return w.containerSC.Privileged +} +func (w *containerSecurityContextWrapper) SetPrivileged(v *bool) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.Privileged = v +} +func (w *containerSecurityContextWrapper) ProcMount() api.ProcMountType { + if w.containerSC == nil { + return api.DefaultProcMount + } + if w.containerSC.ProcMount == nil { + return api.DefaultProcMount + } + return *w.containerSC.ProcMount +} +func (w *containerSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions { + if w.containerSC == nil { + return nil + } + return w.containerSC.SELinuxOptions +} +func (w *containerSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.SELinuxOptions = v +} +func (w *containerSecurityContextWrapper) RunAsUser() *int64 { + if w.containerSC == nil { + return nil + } + return w.containerSC.RunAsUser +} +func (w *containerSecurityContextWrapper) SetRunAsUser(v *int64) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.RunAsUser = v +} +func (w *containerSecurityContextWrapper) RunAsGroup() *int64 { + if w.containerSC == nil { + return nil + } + return w.containerSC.RunAsGroup +} +func (w *containerSecurityContextWrapper) SetRunAsGroup(v *int64) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.RunAsGroup = v +} + +func (w *containerSecurityContextWrapper) RunAsNonRoot() *bool { + if w.containerSC == nil { + return nil + } + return w.containerSC.RunAsNonRoot +} +func (w *containerSecurityContextWrapper) SetRunAsNonRoot(v *bool) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.RunAsNonRoot = v +} +func (w *containerSecurityContextWrapper) ReadOnlyRootFilesystem() *bool { + if w.containerSC == nil { + return nil + } + return w.containerSC.ReadOnlyRootFilesystem +} +func (w *containerSecurityContextWrapper) SetReadOnlyRootFilesystem(v *bool) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.ReadOnlyRootFilesystem = v +} +func (w *containerSecurityContextWrapper) SeccompProfile() *api.SeccompProfile { + if w.containerSC == nil { + return nil + } + return w.containerSC.SeccompProfile +} +func (w *containerSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) { + if w.containerSC == nil && p == nil { + return + } + w.ensureContainerSC() + w.containerSC.SeccompProfile = p +} + +func (w *containerSecurityContextWrapper) AllowPrivilegeEscalation() *bool { + if w.containerSC == nil { + return nil + } + return w.containerSC.AllowPrivilegeEscalation +} +func (w *containerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) { + if w.containerSC == nil && v == nil { + return + } + w.ensureContainerSC() + w.containerSC.AllowPrivilegeEscalation = v +} + +// NewEffectiveContainerSecurityContextAccessor returns an accessor for reading effective values +// for the provided pod security context and container security context +func NewEffectiveContainerSecurityContextAccessor(podSC PatchedPodSecurityContextAccessor, containerSC PatchedContainerSecurityContextMutator) PatchedContainerSecurityContextAccessor { + return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC} +} + +// NewEffectiveContainerSecurityContextMutator returns a mutator for reading and writing effective values +// for the provided pod security context and container security context +func NewEffectiveContainerSecurityContextMutator(podSC PatchedPodSecurityContextAccessor, containerSC PatchedContainerSecurityContextMutator) PatchedContainerSecurityContextMutator { + return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC} +} + +type effectiveContainerSecurityContextWrapper struct { + podSC PatchedPodSecurityContextAccessor + containerSC PatchedContainerSecurityContextMutator +} + +func (w *effectiveContainerSecurityContextWrapper) ContainerSecurityContext() *api.SecurityContext { + return w.containerSC.ContainerSecurityContext() +} + +func (w *effectiveContainerSecurityContextWrapper) Capabilities() *api.Capabilities { + return w.containerSC.Capabilities() +} +func (w *effectiveContainerSecurityContextWrapper) SetCapabilities(v *api.Capabilities) { + if !reflect.DeepEqual(w.Capabilities(), v) { + w.containerSC.SetCapabilities(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) Privileged() *bool { + return w.containerSC.Privileged() +} +func (w *effectiveContainerSecurityContextWrapper) SetPrivileged(v *bool) { + if !reflect.DeepEqual(w.Privileged(), v) { + w.containerSC.SetPrivileged(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) ProcMount() api.ProcMountType { + return w.containerSC.ProcMount() +} +func (w *effectiveContainerSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions { + if v := w.containerSC.SELinuxOptions(); v != nil { + return v + } + return w.podSC.SELinuxOptions() +} +func (w *effectiveContainerSecurityContextWrapper) SetSELinuxOptions(v *api.SELinuxOptions) { + if !reflect.DeepEqual(w.SELinuxOptions(), v) { + w.containerSC.SetSELinuxOptions(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) RunAsUser() *int64 { + if v := w.containerSC.RunAsUser(); v != nil { + return v + } + return w.podSC.RunAsUser() +} +func (w *effectiveContainerSecurityContextWrapper) SetRunAsUser(v *int64) { + if !reflect.DeepEqual(w.RunAsUser(), v) { + w.containerSC.SetRunAsUser(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) RunAsGroup() *int64 { + if v := w.containerSC.RunAsGroup(); v != nil { + return v + } + return w.podSC.RunAsGroup() +} +func (w *effectiveContainerSecurityContextWrapper) SetRunAsGroup(v *int64) { + if !reflect.DeepEqual(w.RunAsGroup(), v) { + w.containerSC.SetRunAsGroup(v) + } +} + +func (w *effectiveContainerSecurityContextWrapper) RunAsNonRoot() *bool { + if v := w.containerSC.RunAsNonRoot(); v != nil { + return v + } + return w.podSC.RunAsNonRoot() +} +func (w *effectiveContainerSecurityContextWrapper) SetRunAsNonRoot(v *bool) { + if !reflect.DeepEqual(w.RunAsNonRoot(), v) { + w.containerSC.SetRunAsNonRoot(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) ReadOnlyRootFilesystem() *bool { + return w.containerSC.ReadOnlyRootFilesystem() +} +func (w *effectiveContainerSecurityContextWrapper) SetReadOnlyRootFilesystem(v *bool) { + if !reflect.DeepEqual(w.ReadOnlyRootFilesystem(), v) { + w.containerSC.SetReadOnlyRootFilesystem(v) + } +} +func (w *effectiveContainerSecurityContextWrapper) SeccompProfile() *api.SeccompProfile { + return w.containerSC.SeccompProfile() +} +func (w *effectiveContainerSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) { + if !reflect.DeepEqual(w.SeccompProfile(), p) { + w.containerSC.SetSeccompProfile(p) + } +} +func (w *effectiveContainerSecurityContextWrapper) AllowPrivilegeEscalation() *bool { + return w.containerSC.AllowPrivilegeEscalation() +} +func (w *effectiveContainerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) { + if !reflect.DeepEqual(w.AllowPrivilegeEscalation(), v) { + w.containerSC.SetAllowPrivilegeEscalation(v) + } +} diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go index 2535000f94..dea78e1e83 100644 --- a/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/securitycontextconstraints/sccmatching/provider.go @@ -2,6 +2,7 @@ package sccmatching import ( "fmt" + "strings" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/sets" @@ -99,7 +100,7 @@ func NewSimpleProvider(scc *securityv1.SecurityContextConstraints) (SecurityCont // on the PodSecurityContext it will not be changed. Validate should be used after the context // is created to ensure it complies with the required restrictions. func (s *simpleProvider) CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurityContext, map[string]string, error) { - sc := securitycontext.NewPodSecurityContextMutator(pod.Spec.SecurityContext) + sc := NewPodSecurityContextMutator(pod.Spec.SecurityContext) annotationsCopy := maps.CopySS(pod.Annotations) @@ -138,6 +139,7 @@ func (s *simpleProvider) CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurit annotationsCopy = map[string]string{} } annotationsCopy[api.SeccompPodAnnotationKey] = seccompProfile + sc.SetSeccompProfile(seccompFieldForAnnotation(seccompProfile)) } return sc.PodSecurityContext(), annotationsCopy, nil @@ -147,9 +149,9 @@ func (s *simpleProvider) CreatePodSecurityContext(pod *api.Pod) (*api.PodSecurit // container's security context then it will not be changed. Validation should be used after // the context is created to ensure it complies with the required restrictions. func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container *api.Container) (*api.SecurityContext, error) { - sc := securitycontext.NewEffectiveContainerSecurityContextMutator( - securitycontext.NewPodSecurityContextAccessor(pod.Spec.SecurityContext), - securitycontext.NewContainerSecurityContextMutator(container.SecurityContext), + sc := NewEffectiveContainerSecurityContextMutator( + NewPodSecurityContextAccessor(pod.Spec.SecurityContext), + NewContainerSecurityContextMutator(container.SecurityContext), ) if sc.RunAsUser() == nil { uid, err := s.runAsUserStrategy.Generate(pod, container) @@ -214,6 +216,11 @@ func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container } } + containerSeccomp, ok := pod.Annotations[api.SeccompContainerAnnotationKeyPrefix+container.Name] + if ok { + sc.SetSeccompProfile(seccompFieldForAnnotation(containerSeccomp)) + } + // if the SCC sets DefaultAllowPrivilegeEscalation and the container security context // allowPrivilegeEscalation is not set, then default to that set by the SCC. // @@ -497,3 +504,34 @@ func allowsVolumeType(allowedVolumes sets.String, fsType securityv1.FSType, volu fsType == securityv1.FSProjected && sccutil.IsOnlyServiceAccountTokenSources(volumeSource.Projected) } + +// seccompFieldForAnnotation takes a pod annotation and returns the converted +// seccomp profile field. +// SeccompAnnotations removal is planned for Kube 1.27, remove this logic afterwards +func seccompFieldForAnnotation(annotation string) *api.SeccompProfile { + // If only seccomp annotations are specified, copy the values into the + // corresponding fields. This ensures that existing applications continue + // to enforce seccomp, and prevents the kubelet from needing to resolve + // annotations & fields. + if annotation == corev1.SeccompProfileNameUnconfined { + return &api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined} + } + + if annotation == api.SeccompProfileRuntimeDefault || annotation == api.DeprecatedSeccompProfileDockerDefault { + return &api.SeccompProfile{Type: api.SeccompProfileTypeRuntimeDefault} + } + + if strings.HasPrefix(annotation, corev1.SeccompLocalhostProfileNamePrefix) { + localhostProfile := strings.TrimPrefix(annotation, corev1.SeccompLocalhostProfileNamePrefix) + if localhostProfile != "" { + return &api.SeccompProfile{ + Type: api.SeccompProfileTypeLocalhost, + LocalhostProfile: &localhostProfile, + } + } + } + + // we can only reach this code path if the localhostProfile name has a zero + // length or if the annotation has an unrecognized value + return nil +} diff --git a/vendor/golang.org/x/net/html/doc.go b/vendor/golang.org/x/net/html/doc.go index 822ed42a04..7a96eae331 100644 --- a/vendor/golang.org/x/net/html/doc.go +++ b/vendor/golang.org/x/net/html/doc.go @@ -92,6 +92,21 @@ example, to process each anchor node in depth-first order: The relevant specifications include: https://html.spec.whatwg.org/multipage/syntax.html and https://html.spec.whatwg.org/multipage/syntax.html#tokenization + +# Security Considerations + +Care should be taken when parsing and interpreting HTML, whether full documents +or fragments, within the framework of the HTML specification, especially with +regard to untrusted inputs. + +This package provides both a tokenizer and a parser. Only the parser constructs +a DOM according to the HTML specification, resolving malformed and misplaced +tags where appropriate. The tokenizer simply tokenizes the HTML presented to it, +and as such does not resolve issues that may exist in the processed HTML, +producing a literal interpretation of the input. + +If your use case requires semantically well-formed HTML, as defined by the +WHATWG specifiction, the parser should be used rather than the tokenizer. */ package html // import "golang.org/x/net/html" diff --git a/vendor/golang.org/x/net/html/escape.go b/vendor/golang.org/x/net/html/escape.go index d856139620..04c6bec210 100644 --- a/vendor/golang.org/x/net/html/escape.go +++ b/vendor/golang.org/x/net/html/escape.go @@ -193,6 +193,87 @@ func lower(b []byte) []byte { return b } +// escapeComment is like func escape but escapes its input bytes less often. +// Per https://github.com/golang/go/issues/58246 some HTML comments are (1) +// meaningful and (2) contain angle brackets that we'd like to avoid escaping +// unless we have to. +// +// "We have to" includes the '&' byte, since that introduces other escapes. +// +// It also includes those bytes (not including EOF) that would otherwise end +// the comment. Per the summary table at the bottom of comment_test.go, this is +// the '>' byte that, per above, we'd like to avoid escaping unless we have to. +// +// Studying the summary table (and T actions in its '>' column) closely, we +// only need to escape in states 43, 44, 49, 51 and 52. State 43 is at the +// start of the comment data. State 52 is after a '!'. The other three states +// are after a '-'. +// +// Our algorithm is thus to escape every '&' and to escape '>' if and only if: +// - The '>' is after a '!' or '-' (in the unescaped data) or +// - The '>' is at the start of the comment data (after the opening ""); err != nil { diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go index 50f7c6aac8..5c2a1f4efa 100644 --- a/vendor/golang.org/x/net/html/token.go +++ b/vendor/golang.org/x/net/html/token.go @@ -110,7 +110,7 @@ func (t Token) String() string { case SelfClosingTagToken: return "<" + t.tagString() + "/>" case CommentToken: - return "" + return "" case DoctypeToken: return "" } @@ -598,10 +598,10 @@ scriptDataDoubleEscapeEnd: // readComment reads the next comment token starting with "