Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2022-06-08 14:24:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new.1548 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker" Wed Jun 8 14:24:21 2022 rev:121 rq:981223 version:20.10.17_ce Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2022-05-01 18:53:34.267161987 +0200 +++ /work/SRC/openSUSE:Factory/.docker.new.1548/docker.changes 2022-06-08 14:24:40.332483867 +0200 @@ -1,0 +2,13 @@ +Tue Jun 7 07:18:41 UTC 2022 - Aleksa Sarai <asa...@suse.com> + +- Update to Docker 20.10.17-ce. See upstream changelog online at + <https://docs.docker.com/engine/release-notes/#201017>. bsc#1200145 +- Rebase patches: + * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch + * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch + * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch + +------------------------------------------------------------------- Old: ---- docker-20.10.14_ce_87a90dc786bd.tar.xz docker-cli-20.10.14_ce.tar.xz docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8.tar.xz New: ---- docker-20.10.17_ce_a89b84221c85.tar.xz docker-cli-20.10.17_ce.tar.xz docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker.spec ++++++ --- /var/tmp/diff_new_pack.5aJ2yd/_old 2022-06-08 14:24:41.104484824 +0200 +++ /var/tmp/diff_new_pack.5aJ2yd/_new 2022-06-08 14:24:41.108484829 +0200 @@ -42,24 +42,24 @@ # helpfully injects into our build environment from the changelog). If you want # to generate a new git_commit_epoch, use this: # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' -%define git_version 87a90dc786bd -%define git_commit_epoch 1649909084 +%define git_version a89b84221c85 +%define git_commit_epoch 1654554758 # We require a specific pin of libnetwork because it doesn't really do # versioning and minor version mismatches in libnetwork can break Docker # networking. All other key runtime dependencies (containerd, runc) are stable # enough that this isn't necessary. -%define libnetwork_version 64b7a4574d1426139437d20e81c0b6d391130ec8 +%define libnetwork_version f6ccccb1c082a432c2a5814aaedaca56af33d9ea %define dist_builddir %{_builddir}/dist-suse %define cli_builddir %{dist_builddir}/src/github.com/docker/cli %define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork Name: %{realname}%{name_suffix} -Version: 20.10.14_ce +Version: 20.10.17_ce # This "nice version" is so that docker --version gives a result that can be # parsed by other people. boo#1182476 -%define nice_version 20.10.14-ce +%define nice_version 20.10.17-ce Release: 0 Summary: The Moby-project Linux container runtime License: Apache-2.0 @@ -111,8 +111,10 @@ BuildRequires: zsh BuildRequires: fish BuildRequires: go-go-md2man -BuildRequires: go1.16 BuildRequires: pkgconfig(libsystemd) +# Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires +# for 'golang(API) >= 1.17' here, so just require 1.17 exactly. bsc#1172608 +BuildRequires: go1.17 Requires: apparmor-parser Requires: ca-certificates-mozilla # The docker-proxy binary used to be in a separate package. We obsolete it, @@ -121,8 +123,8 @@ Provides: docker-libnetwork%{name_suffix} = 0.7.0.2.%{version} # Required to actually run containers. We require the minimum version that is # pinned by Docker, but in order to avoid headaches we allow for updates. -Requires: runc >= 1.0.2 -Requires: containerd >= 1.5 +Requires: runc >= 1.1.2 +Requires: containerd >= 1.6.6 # Needed for --init support. We don't use "tini", we use our own implementation # which handles edge-cases better. Requires: catatonit ++++++ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch ++++++ --- /var/tmp/diff_new_pack.5aJ2yd/_old 2022-06-08 14:24:41.132484858 +0200 +++ /var/tmp/diff_new_pack.5aJ2yd/_new 2022-06-08 14:24:41.132484858 +0200 @@ -1,4 +1,4 @@ -From 63d19d6ef58457e8aba6346157c9601e38f60929 Mon Sep 17 00:00:00 2001 +From 37dfb97c0016300dd6453fc718805ccdf341bfd6 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Wed, 8 Mar 2017 12:41:54 +1100 Subject: [PATCH 1/6] SECRETS: daemon: allow directory creation in /run/secrets @@ -10,17 +10,14 @@ Signed-off-by: Antonio Murdaca <run...@redhat.com> Signed-off-by: Aleksa Sarai <asa...@suse.de> --- - daemon/container_operations_unix.go | 25 ++++++++++++++++++++++--- - 1 file changed, 22 insertions(+), 3 deletions(-) + daemon/container_operations_unix.go | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go -index 6a50b99bd29e..583db20aa459 100644 +index 75b4b09b8dc4..583db20aa459 100644 --- a/daemon/container_operations_unix.go +++ b/daemon/container_operations_unix.go -@@ -1,8 +1,10 @@ -+//go:build linux || freebsd - // +build linux freebsd - +@@ -4,6 +4,7 @@ package daemon // import "github.com/docker/docker/daemon" import ( @@ -28,7 +25,7 @@ "fmt" "io/ioutil" "os" -@@ -12,6 +14,7 @@ import ( +@@ -13,6 +14,7 @@ import ( "github.com/docker/docker/container" "github.com/docker/docker/daemon/links" "github.com/docker/docker/errdefs" @@ -36,7 +33,7 @@ "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/system" -@@ -205,9 +208,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { +@@ -206,9 +208,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { if err != nil { return errors.Wrap(err, "unable to get secret from secret store") } @@ -46,7 +43,7 @@ uid, err := strconv.Atoi(s.File.UID) if err != nil { -@@ -218,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { +@@ -219,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { return err } @@ -73,6 +70,6 @@ return errors.Wrap(err, "error setting ownership for secret") } -- -2.35.1 +2.36.1 ++++++ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch ++++++ --- /var/tmp/diff_new_pack.5aJ2yd/_old 2022-06-08 14:24:41.144484874 +0200 +++ /var/tmp/diff_new_pack.5aJ2yd/_new 2022-06-08 14:24:41.148484879 +0200 @@ -1,4 +1,4 @@ -From a472a5da8d0aeb21b4cb6fbd2dc348a753c0a883 Mon Sep 17 00:00:00 2001 +From 11ac23e5620ee53c9527334d2222b32ca5098876 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Wed, 8 Mar 2017 11:43:29 +1100 Subject: [PATCH 2/6] SECRETS: SUSE: implement SUSE container secrets @@ -451,6 +451,6 @@ + return nil +} -- -2.35.1 +2.36.1 ++++++ 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch ++++++ --- /var/tmp/diff_new_pack.5aJ2yd/_old 2022-06-08 14:24:41.160484893 +0200 +++ /var/tmp/diff_new_pack.5aJ2yd/_new 2022-06-08 14:24:41.164484899 +0200 @@ -1,4 +1,4 @@ -From 098dd769a226407da7a695ae44cf2e41a5d13a4a Mon Sep 17 00:00:00 2001 +From cf3c6ccefda39c60dc656404674628ac48b55de9 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg <vrothb...@suse.com> Date: Mon, 2 Jul 2018 13:37:34 +0200 Subject: [PATCH 3/6] PRIVATE-REGISTRY: add private-registry mirror support @@ -1142,6 +1142,6 @@ endpoints = []APIEndpoint{ -- -2.35.1 +2.36.1 ++++++ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch ++++++ --- /var/tmp/diff_new_pack.5aJ2yd/_old 2022-06-08 14:24:41.172484908 +0200 +++ /var/tmp/diff_new_pack.5aJ2yd/_new 2022-06-08 14:24:41.176484913 +0200 @@ -1,4 +1,4 @@ -From 5e84bae968f7beadd92452795cfe2ce4f8995cef Mon Sep 17 00:00:00 2001 +From 5d2f7a37a37547663aae1538b2d3fd48dd7277c8 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Fri, 29 Jun 2018 17:59:30 +1000 Subject: [PATCH 4/6] bsc1073877: apparmor: clobber docker-default profile on @@ -22,10 +22,10 @@ 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/daemon/apparmor_default.go b/daemon/apparmor_default.go -index a7cc3a5ef412..1a952953da8f 100644 +index 21813ec14f8f..0de75b32b7fa 100644 --- a/daemon/apparmor_default.go +++ b/daemon/apparmor_default.go -@@ -23,6 +23,15 @@ func DefaultApparmorProfile() string { +@@ -24,6 +24,15 @@ func DefaultApparmorProfile() string { return "" } @@ -41,7 +41,7 @@ func ensureDefaultAppArmorProfile() error { if apparmor.IsEnabled() { loaded, err := aaprofile.IsLoaded(defaultAppArmorProfile) -@@ -36,10 +45,7 @@ func ensureDefaultAppArmorProfile() error { +@@ -37,10 +46,7 @@ func ensureDefaultAppArmorProfile() error { } // Load the profile. @@ -54,10 +54,10 @@ return nil } diff --git a/daemon/apparmor_default_unsupported.go b/daemon/apparmor_default_unsupported.go -index dd581dc7dadb..5b14979cd4a3 100644 +index e3dc18b32b5e..9c7723056268 100644 --- a/daemon/apparmor_default_unsupported.go +++ b/daemon/apparmor_default_unsupported.go -@@ -2,6 +2,10 @@ +@@ -3,6 +3,10 @@ package daemon // import "github.com/docker/docker/daemon" @@ -85,6 +85,6 @@ } -- -2.35.1 +2.36.1 ++++++ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch ++++++ --- /var/tmp/diff_new_pack.5aJ2yd/_old 2022-06-08 14:24:41.188484928 +0200 +++ /var/tmp/diff_new_pack.5aJ2yd/_new 2022-06-08 14:24:41.188484928 +0200 @@ -1,4 +1,4 @@ -From 98822d2010c709e64d5e86d7ec8e054861080a53 Mon Sep 17 00:00:00 2001 +From b54c6c7addcb163ddcef5e37fc7ed1c0afd0dbfa Mon Sep 17 00:00:00 2001 From: Michal Rostecki <mroste...@opensuse.org> Date: Thu, 8 Apr 2021 14:42:02 +0100 Subject: [PATCH 5/6] bsc1183855: btrfs: Do not disable quota on cleanup @@ -24,10 +24,10 @@ 1 file changed, 8 insertions(+), 42 deletions(-) diff --git a/daemon/graphdriver/btrfs/btrfs.go b/daemon/graphdriver/btrfs/btrfs.go -index 8fd2854a2673..32c4f07c620d 100644 +index fa0cdf8666b1..02bbb5da1088 100644 --- a/daemon/graphdriver/btrfs/btrfs.go +++ b/daemon/graphdriver/btrfs/btrfs.go -@@ -103,7 +103,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap +@@ -104,7 +104,7 @@ func Init(home string, options []string, uidMaps, gidMaps []idtools.IDMap) (grap } if userDiskQuota { @@ -36,7 +36,7 @@ return nil, err } } -@@ -172,18 +172,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) { +@@ -173,18 +173,10 @@ func (d *Driver) GetMetadata(id string) (map[string]string, error) { // Cleanup unmounts the home directory. func (d *Driver) Cleanup() error { @@ -56,7 +56,7 @@ return nil } -@@ -341,7 +333,7 @@ func (d *Driver) updateQuotaStatus() { +@@ -342,7 +334,7 @@ func (d *Driver) updateQuotaStatus() { d.once.Do(func() { if !d.quotaEnabled { // In case quotaEnabled is not set, check qgroup and update quotaEnabled as needed @@ -65,7 +65,7 @@ // quota is still not enabled return } -@@ -350,7 +342,7 @@ func (d *Driver) updateQuotaStatus() { +@@ -351,7 +343,7 @@ func (d *Driver) updateQuotaStatus() { }) } @@ -74,7 +74,7 @@ d.updateQuotaStatus() if d.quotaEnabled { -@@ -376,32 +368,6 @@ func (d *Driver) subvolEnableQuota() error { +@@ -377,32 +369,6 @@ func (d *Driver) subvolEnableQuota() error { return nil } @@ -107,7 +107,7 @@ func (d *Driver) subvolRescanQuota() error { d.updateQuotaStatus() -@@ -444,11 +410,11 @@ func subvolLimitQgroup(path string, size uint64) error { +@@ -445,11 +411,11 @@ func subvolLimitQgroup(path string, size uint64) error { return nil } @@ -121,7 +121,7 @@ dir, err := openDir(path) if err != nil { return err -@@ -622,7 +588,7 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error { +@@ -623,7 +589,7 @@ func (d *Driver) setStorageSize(dir string, driver *Driver) error { if d.options.minSpace > 0 && driver.options.size < d.options.minSpace { return fmt.Errorf("btrfs: storage size cannot be less than %s", units.HumanSize(float64(d.options.minSpace))) } @@ -130,7 +130,7 @@ return err } return subvolLimitQgroup(dir, driver.options.size) -@@ -676,7 +642,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) { +@@ -677,7 +643,7 @@ func (d *Driver) Get(id, mountLabel string) (containerfs.ContainerFS, error) { if quota, err := ioutil.ReadFile(d.quotasDirID(id)); err == nil { if size, err := strconv.ParseUint(string(quota), 10, 64); err == nil && size >= d.options.minSpace { @@ -140,6 +140,6 @@ } if err := subvolLimitQgroup(dir, size); err != nil { -- -2.35.1 +2.36.1 ++++++ 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch ++++++ --- /var/tmp/diff_new_pack.5aJ2yd/_old 2022-06-08 14:24:41.204484948 +0200 +++ /var/tmp/diff_new_pack.5aJ2yd/_new 2022-06-08 14:24:41.208484953 +0200 @@ -1,4 +1,4 @@ -From b0122ef823aa4f05c9c552fb0eeff2fc11a0a64c Mon Sep 17 00:00:00 2001 +From bb67252dfccb18dacc9e0c3463e7c52f32fb2900 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Fri, 29 Apr 2022 12:44:21 +1000 Subject: [PATCH 6/6] bsc1193930: vendor: update golang.org/x/crypto @@ -354,7 +354,7 @@ create mode 100644 vendor/golang.org/x/crypto/xts/xts.go diff --git a/vendor.conf b/vendor.conf -index ac4640c76369..c21d903fa8a8 100644 +index 54e97e4562d8..9ff95d499ef8 100644 --- a/vendor.conf +++ b/vendor.conf @@ -150,7 +150,7 @@ github.com/golang/protobuf 84668698ea25b64748563aa20726 @@ -41068,6 +41068,6 @@ + } +} -- -2.35.1 +2.36.1 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.5aJ2yd/_old 2022-06-08 14:24:41.272485032 +0200 +++ /var/tmp/diff_new_pack.5aJ2yd/_new 2022-06-08 14:24:41.276485037 +0200 @@ -3,16 +3,16 @@ <param name="url">https://github.com/moby/moby.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">20.10.14_ce_%h</param> - <param name="revision">v20.10.14</param> + <param name="versionformat">20.10.17_ce_%h</param> + <param name="revision">v20.10.17</param> <param name="filename">docker</param> </service> <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/docker/cli.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">20.10.14_ce</param> - <param name="revision">v20.10.14</param> + <param name="versionformat">20.10.17_ce</param> + <param name="revision">v20.10.17</param> <param name="filename">docker-cli</param> </service> <service name="tar_scm" mode="disabled"> @@ -20,7 +20,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">%H</param> - <param name="revision">64b7a4574d1426139437d20e81c0b6d391130ec8</param> + <param name="revision">f6ccccb1c082a432c2a5814aaedaca56af33d9ea</param> <param name="filename">docker-libnetwork</param> </service> <service name="recompress" mode="disabled"> ++++++ docker-20.10.14_ce_87a90dc786bd.tar.xz -> docker-20.10.17_ce_a89b84221c85.tar.xz ++++++ /work/SRC/openSUSE:Factory/docker/docker-20.10.14_ce_87a90dc786bd.tar.xz /work/SRC/openSUSE:Factory/.docker.new.1548/docker-20.10.17_ce_a89b84221c85.tar.xz differ: char 15, line 1 ++++++ docker-cli-20.10.14_ce.tar.xz -> docker-cli-20.10.17_ce.tar.xz ++++++ ++++ 69872 lines of diff (skipped) ++++++ docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8.tar.xz -> docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/controller.go new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/controller.go --- old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/controller.go 2021-05-25 11:06:46.000000000 +0200 +++ new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/controller.go 2022-06-01 20:45:24.000000000 +0200 @@ -1175,6 +1175,14 @@ if sb.osSbox != nil { // Apply operating specific knobs on the load balancer sandbox + err := sb.osSbox.InvokeFunc(func() { + sb.osSbox.ApplyOSTweaks(sb.oslTypes) + }) + + if err != nil { + logrus.Errorf("Failed to apply performance tuning sysctls to the sandbox: %v", err) + } + // Keep this just so performance is not changed sb.osSbox.ApplyOSTweaks(sb.oslTypes) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/drivers/windows/windows.go new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/drivers/windows/windows.go --- old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/drivers/windows/windows.go 2021-05-25 11:06:46.000000000 +0200 +++ new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/drivers/windows/windows.go 2022-06-01 20:45:24.000000000 +0200 @@ -493,10 +493,11 @@ } encodedPolicy, err := json.Marshal(hcsshim.NatPolicy{ - Type: "NAT", - ExternalPort: elem.HostPort, - InternalPort: elem.Port, - Protocol: elem.Proto.String(), + Type: "NAT", + ExternalPort: elem.HostPort, + InternalPort: elem.Port, + Protocol: elem.Proto.String(), + ExternalPortReserved: true, }) if err != nil { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/netutils/utils_linux.go new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/netutils/utils_linux.go --- old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/netutils/utils_linux.go 2021-05-25 11:06:46.000000000 +0200 +++ new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/netutils/utils_linux.go 2022-06-01 20:45:24.000000000 +0200 @@ -31,7 +31,7 @@ return err } for _, network := range networks { - if network.Dst != nil && NetworkOverlaps(toCheck, network.Dst) { + if network.Dst != nil && network.Scope == netlink.SCOPE_LINK && NetworkOverlaps(toCheck, network.Dst) { return ErrNetworkOverlaps } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/netutils/utils_test.go new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/netutils/utils_test.go --- old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/netutils/utils_test.go 2021-05-25 11:06:46.000000000 +0200 +++ new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/netutils/utils_test.go 2022-06-01 20:45:24.000000000 +0200 @@ -46,8 +46,11 @@ routes := []netlink.Route{} for _, addr := range routesData { _, netX, _ := net.ParseCIDR(addr) - routes = append(routes, netlink.Route{Dst: netX}) + routes = append(routes, netlink.Route{Dst: netX, Scope: netlink.SCOPE_LINK}) } + // Add a route with a scope which should not overlap + _, netX, _ := net.ParseCIDR("10.0.5.0/24") + routes = append(routes, netlink.Route{Dst: netX, Scope: netlink.SCOPE_UNIVERSE}) return routes, nil } defer func() { networkGetRoutesFct = nil }() @@ -61,6 +64,11 @@ if err := CheckRouteOverlaps(netX); err == nil { t.Fatal("10.0.2.0/24 and 10.0.2.0 should overlap but it doesn't") } + + _, netX, _ = net.ParseCIDR("10.0.5.0/24") + if err := CheckRouteOverlaps(netX); err != nil { + t.Fatal("10.0.5.0/24 and 10.0.5.0 with scope UNIVERSE should not overlap but it does") + } } func TestCheckNameserverOverlaps(t *testing.T) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/osl/namespace_linux.go new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/osl/namespace_linux.go --- old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/osl/namespace_linux.go 2021-05-25 11:06:46.000000000 +0200 +++ new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/osl/namespace_linux.go 2022-06-01 20:45:24.000000000 +0200 @@ -30,24 +30,13 @@ } var ( - once sync.Once - garbagePathMap = make(map[string]bool) - gpmLock sync.Mutex - gpmWg sync.WaitGroup - gpmCleanupPeriod = 60 * time.Second - gpmChan = make(chan chan struct{}) - prefix = defaultPrefix - loadBalancerConfig = map[string]*kernel.OSValue{ - // disables any special handling on port reuse of existing IPVS connection table entries - // more info: https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvs-sysctl.txt#L25:1 - "net.ipv4.vs.conn_reuse_mode": {Value: "0", CheckFn: nil}, - // expires connection from the IPVS connection table when the backend is not available - // more info: https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvs-sysctl.txt#L126:1 - "net.ipv4.vs.expire_nodest_conn": {Value: "1", CheckFn: nil}, - // expires persistent connections to destination servers with weights set to 0 - // more info: https://github.com/torvalds/linux/blob/master/Documentation/networking/ipvs-sysctl.txt#L144:1 - "net.ipv4.vs.expire_quiescent_template": {Value: "1", CheckFn: nil}, - } + once sync.Once + garbagePathMap = make(map[string]bool) + gpmLock sync.Mutex + gpmWg sync.WaitGroup + gpmCleanupPeriod = 60 * time.Second + gpmChan = make(chan chan struct{}) + prefix = defaultPrefix ) // The networkNamespace type is the linux implementation of the Sandbox @@ -686,8 +675,18 @@ func (n *networkNamespace) ApplyOSTweaks(types []SandboxType) { for _, t := range types { switch t { - case SandboxTypeLoadBalancer: - kernel.ApplyOSTweaks(loadBalancerConfig) + case SandboxTypeLoadBalancer, SandboxTypeIngress: + kernel.ApplyOSTweaks(map[string]*kernel.OSValue{ + // disables any special handling on port reuse of existing IPVS connection table entries + // more info: https://github.com/torvalds/linux/blame/v5.15/Documentation/networking/ipvs-sysctl.rst#L32 + "net.ipv4.vs.conn_reuse_mode": {Value: "0", CheckFn: nil}, + // expires connection from the IPVS connection table when the backend is not available + // more info: https://github.com/torvalds/linux/blame/v5.15/Documentation/networking/ipvs-sysctl.rst#L133 + "net.ipv4.vs.expire_nodest_conn": {Value: "1", CheckFn: nil}, + // expires persistent connections to destination servers with weights set to 0 + // more info: https://github.com/torvalds/linux/blame/v5.15/Documentation/networking/ipvs-sysctl.rst#L151 + "net.ipv4.vs.expire_quiescent_template": {Value: "1", CheckFn: nil}, + }) } } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/service_linux.go new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/service_linux.go --- old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/service_linux.go 2021-05-25 11:06:46.000000000 +0200 +++ new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/service_linux.go 2022-06-01 20:45:24.000000000 +0200 @@ -169,6 +169,10 @@ if err := i.NewDestination(s, d); err != nil && err != syscall.EEXIST { logrus.Errorf("Failed to create real server %s for vip %s fwmark %d in sbox %.7s (%.7s): %v", ip, lb.vip, lb.fwMark, sb.ID(), sb.ContainerID(), err) } + + // Ensure that kernel tweaks are applied in case this is the first time + // we've initialized ip_vs + sb.osSbox.ApplyOSTweaks(sb.oslTypes) } // Remove loadbalancer backend the load balancing endpoint for this diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/vendor/github.com/Microsoft/hcsshim/errors.go new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor/github.com/Microsoft/hcsshim/errors.go --- old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/vendor/github.com/Microsoft/hcsshim/errors.go 2021-05-25 11:06:46.000000000 +0200 +++ new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor/github.com/Microsoft/hcsshim/errors.go 2022-06-01 20:45:24.000000000 +0200 @@ -59,7 +59,7 @@ // ErrVmcomputeOperationInvalidState is an error encountered when the compute system is not in a valid state for the requested operation ErrVmcomputeOperationInvalidState = hcs.ErrVmcomputeOperationInvalidState - // ErrProcNotFound is an error encountered when the the process cannot be found + // ErrProcNotFound is an error encountered when a procedure look up fails. ErrProcNotFound = hcs.ErrProcNotFound // ErrVmcomputeOperationAccessIsDenied is an error which can be encountered when enumerating compute systems in RS1/RS2 @@ -83,7 +83,6 @@ type ProcessError struct { Process *process Operation string - ExtraInfo string Err error Events []hcs.ErrorEvent } @@ -92,7 +91,6 @@ type ContainerError struct { Container *container Operation string - ExtraInfo string Err error Events []hcs.ErrorEvent } @@ -125,10 +123,6 @@ s += "\n" + ev.String() } - if e.ExtraInfo != "" { - s += " extra info: " + e.ExtraInfo - } - return s } @@ -137,7 +131,7 @@ if _, ok := err.(*ContainerError); ok { return err } - containerError := &ContainerError{Container: container, Operation: operation, ExtraInfo: extraInfo, Err: err} + containerError := &ContainerError{Container: container, Operation: operation, Err: err} return containerError } @@ -176,14 +170,14 @@ if _, ok := err.(*ProcessError); ok { return err } - processError := &ProcessError{Process: process, Operation: operation, ExtraInfo: extraInfo, Err: err} + processError := &ProcessError{Process: process, Operation: operation, Err: err} return processError } // IsNotExist checks if an error is caused by the Container or Process not existing. // Note: Currently, ErrElementNotFound can mean that a Process has either // already exited, or does not exist. Both IsAlreadyStopped and IsNotExist -// will currently return true when the error is ErrElementNotFound or ErrProcNotFound. +// will currently return true when the error is ErrElementNotFound. func IsNotExist(err error) bool { if _, ok := err.(EndpointNotFoundError); ok { return true @@ -216,7 +210,7 @@ // a Container or Process being already stopped. // Note: Currently, ErrElementNotFound can mean that a Process has either // already exited, or does not exist. Both IsAlreadyStopped and IsNotExist -// will currently return true when the error is ErrElementNotFound or ErrProcNotFound. +// will currently return true when the error is ErrElementNotFound. func IsAlreadyStopped(err error) bool { return hcs.IsAlreadyStopped(getInnerError(err)) } @@ -244,7 +238,7 @@ func convertSystemError(err error, c *container) error { if serr, ok := err.(*hcs.SystemError); ok { - return &ContainerError{Container: c, Operation: serr.Op, ExtraInfo: serr.Extra, Err: serr.Err, Events: serr.Events} + return &ContainerError{Container: c, Operation: serr.Op, Err: serr.Err, Events: serr.Events} } return err } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go --- old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go 2021-05-25 11:06:46.000000000 +0200 +++ new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go 2022-06-01 20:45:24.000000000 +0200 @@ -60,7 +60,7 @@ // ErrVmcomputeOperationInvalidState is an error encountered when the compute system is not in a valid state for the requested operation ErrVmcomputeOperationInvalidState = syscall.Errno(0xc0370105) - // ErrProcNotFound is an error encountered when the the process cannot be found + // ErrProcNotFound is an error encountered when a procedure look up fails. ErrProcNotFound = syscall.Errno(0x7f) // ErrVmcomputeOperationAccessIsDenied is an error which can be encountered when enumerating compute systems in RS1/RS2 @@ -171,7 +171,6 @@ ID string Op string Err error - Extra string Events []ErrorEvent } @@ -182,9 +181,6 @@ for _, ev := range e.Events { s += "\n" + ev.String() } - if e.Extra != "" { - s += "\n(extra info: " + e.Extra + ")" - } return s } @@ -198,7 +194,7 @@ return ok && err.Timeout() } -func makeSystemError(system *System, op string, extra string, err error, events []ErrorEvent) error { +func makeSystemError(system *System, op string, err error, events []ErrorEvent) error { // Don't double wrap errors if _, ok := err.(*SystemError); ok { return err @@ -206,7 +202,6 @@ return &SystemError{ ID: system.ID(), Op: op, - Extra: extra, Err: err, Events: events, } @@ -247,12 +242,11 @@ // IsNotExist checks if an error is caused by the Container or Process not existing. // Note: Currently, ErrElementNotFound can mean that a Process has either // already exited, or does not exist. Both IsAlreadyStopped and IsNotExist -// will currently return true when the error is ErrElementNotFound or ErrProcNotFound. +// will currently return true when the error is ErrElementNotFound. func IsNotExist(err error) bool { err = getInnerError(err) return err == ErrComputeSystemDoesNotExist || - err == ErrElementNotFound || - err == ErrProcNotFound + err == ErrElementNotFound } // IsAlreadyClosed checks if an error is caused by the Container or Process having been @@ -283,12 +277,11 @@ // a Container or Process being already stopped. // Note: Currently, ErrElementNotFound can mean that a Process has either // already exited, or does not exist. Both IsAlreadyStopped and IsNotExist -// will currently return true when the error is ErrElementNotFound or ErrProcNotFound. +// will currently return true when the error is ErrElementNotFound. func IsAlreadyStopped(err error) bool { err = getInnerError(err) return err == ErrVmcomputeAlreadyStopped || - err == ErrElementNotFound || - err == ErrProcNotFound + err == ErrElementNotFound } // IsNotSupported returns a boolean indicating whether the error is caused by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go --- old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go 2021-05-25 11:06:46.000000000 +0200 +++ new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go 2022-06-01 20:45:24.000000000 +0200 @@ -75,7 +75,7 @@ // Terminate the compute system if it still exists. We're okay to // ignore a failure here. computeSystem.Terminate(ctx) - return nil, makeSystemError(computeSystem, operation, "", err, nil) + return nil, makeSystemError(computeSystem, operation, err, nil) } } @@ -86,7 +86,7 @@ // ignore a failure here. computeSystem.Terminate(ctx) } - return nil, makeSystemError(computeSystem, operation, hcsDocument, err, events) + return nil, makeSystemError(computeSystem, operation, err, events) } go computeSystem.waitBackground() if err = computeSystem.getCachedProperties(ctx); err != nil { @@ -103,7 +103,7 @@ handle, resultJSON, err := vmcompute.HcsOpenComputeSystem(ctx, id) events := processHcsResult(ctx, resultJSON) if err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, events) + return nil, makeSystemError(computeSystem, operation, err, events) } computeSystem.handle = handle defer func() { @@ -112,7 +112,7 @@ } }() if err = computeSystem.registerCallback(ctx); err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, nil) + return nil, makeSystemError(computeSystem, operation, err, nil) } go computeSystem.waitBackground() if err = computeSystem.getCachedProperties(ctx); err != nil { @@ -188,13 +188,13 @@ defer computeSystem.handleLock.RUnlock() if computeSystem.handle == 0 { - return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil) + return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil) } resultJSON, err := vmcompute.HcsStartComputeSystem(ctx, computeSystem.handle, "") events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemStartCompleted, &timeout.SystemStart) if err != nil { - return makeSystemError(computeSystem, operation, "", err, events) + return makeSystemError(computeSystem, operation, err, events) } return nil @@ -221,7 +221,7 @@ switch err { case nil, ErrVmcomputeAlreadyStopped, ErrComputeSystemDoesNotExist, ErrVmcomputeOperationPending: default: - return makeSystemError(computeSystem, operation, "", err, events) + return makeSystemError(computeSystem, operation, err, events) } return nil } @@ -242,7 +242,7 @@ switch err { case nil, ErrVmcomputeAlreadyStopped, ErrComputeSystemDoesNotExist, ErrVmcomputeOperationPending: default: - return makeSystemError(computeSystem, operation, "", err, events) + return makeSystemError(computeSystem, operation, err, events) } return nil } @@ -264,10 +264,10 @@ log.G(ctx).Debug("system exited") case ErrVmcomputeUnexpectedExit: log.G(ctx).Debug("unexpected system exit") - computeSystem.exitError = makeSystemError(computeSystem, operation, "", err, nil) + computeSystem.exitError = makeSystemError(computeSystem, operation, err, nil) err = nil default: - err = makeSystemError(computeSystem, operation, "", err, nil) + err = makeSystemError(computeSystem, operation, err, nil) } computeSystem.closedWaitOnce.Do(func() { computeSystem.waitError = err @@ -305,13 +305,13 @@ queryBytes, err := json.Marshal(schema1.PropertyQuery{PropertyTypes: types}) if err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, nil) + return nil, makeSystemError(computeSystem, operation, err, nil) } propertiesJSON, resultJSON, err := vmcompute.HcsGetComputeSystemProperties(ctx, computeSystem.handle, string(queryBytes)) events := processHcsResult(ctx, resultJSON) if err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, events) + return nil, makeSystemError(computeSystem, operation, err, events) } if propertiesJSON == "" { @@ -319,7 +319,7 @@ } properties := &schema1.ContainerProperties{} if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, nil) + return nil, makeSystemError(computeSystem, operation, err, nil) } return properties, nil @@ -334,13 +334,13 @@ queryBytes, err := json.Marshal(hcsschema.PropertyQuery{PropertyTypes: types}) if err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, nil) + return nil, makeSystemError(computeSystem, operation, err, nil) } propertiesJSON, resultJSON, err := vmcompute.HcsGetComputeSystemProperties(ctx, computeSystem.handle, string(queryBytes)) events := processHcsResult(ctx, resultJSON) if err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, events) + return nil, makeSystemError(computeSystem, operation, err, events) } if propertiesJSON == "" { @@ -348,7 +348,7 @@ } properties := &hcsschema.Properties{} if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, nil) + return nil, makeSystemError(computeSystem, operation, err, nil) } return properties, nil @@ -369,13 +369,13 @@ defer computeSystem.handleLock.RUnlock() if computeSystem.handle == 0 { - return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil) + return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil) } resultJSON, err := vmcompute.HcsPauseComputeSystem(ctx, computeSystem.handle, "") events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemPauseCompleted, &timeout.SystemPause) if err != nil { - return makeSystemError(computeSystem, operation, "", err, events) + return makeSystemError(computeSystem, operation, err, events) } return nil @@ -396,13 +396,13 @@ defer computeSystem.handleLock.RUnlock() if computeSystem.handle == 0 { - return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil) + return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil) } resultJSON, err := vmcompute.HcsResumeComputeSystem(ctx, computeSystem.handle, "") events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemResumeCompleted, &timeout.SystemResume) if err != nil { - return makeSystemError(computeSystem, operation, "", err, events) + return makeSystemError(computeSystem, operation, err, events) } return nil @@ -413,19 +413,19 @@ defer computeSystem.handleLock.RUnlock() if computeSystem.handle == 0 { - return nil, nil, makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil) + return nil, nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil) } configurationb, err := json.Marshal(c) if err != nil { - return nil, nil, makeSystemError(computeSystem, operation, "", err, nil) + return nil, nil, makeSystemError(computeSystem, operation, err, nil) } configuration := string(configurationb) processInfo, processHandle, resultJSON, err := vmcompute.HcsCreateProcess(ctx, computeSystem.handle, configuration) events := processHcsResult(ctx, resultJSON) if err != nil { - return nil, nil, makeSystemError(computeSystem, operation, configuration, err, events) + return nil, nil, makeSystemError(computeSystem, operation, err, events) } log.G(ctx).WithField("pid", processInfo.ProcessId).Debug("created process pid") @@ -447,7 +447,7 @@ pipes, err := makeOpenFiles([]syscall.Handle{processInfo.StdInput, processInfo.StdOutput, processInfo.StdError}) if err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, nil) + return nil, makeSystemError(computeSystem, operation, err, nil) } process.stdin = pipes[0] process.stdout = pipes[1] @@ -455,7 +455,7 @@ process.hasCachedStdio = true if err = process.registerCallback(ctx); err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, nil) + return nil, makeSystemError(computeSystem, operation, err, nil) } go process.waitBackground() @@ -470,18 +470,18 @@ operation := "hcsshim::System::OpenProcess" if computeSystem.handle == 0 { - return nil, makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil) + return nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil) } processHandle, resultJSON, err := vmcompute.HcsOpenProcess(ctx, computeSystem.handle, uint32(pid)) events := processHcsResult(ctx, resultJSON) if err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, events) + return nil, makeSystemError(computeSystem, operation, err, events) } process := newProcess(processHandle, pid, computeSystem) if err = process.registerCallback(ctx); err != nil { - return nil, makeSystemError(computeSystem, operation, "", err, nil) + return nil, makeSystemError(computeSystem, operation, err, nil) } go process.waitBackground() @@ -505,12 +505,12 @@ } if err = computeSystem.unregisterCallback(ctx); err != nil { - return makeSystemError(computeSystem, operation, "", err, nil) + return makeSystemError(computeSystem, operation, err, nil) } err = vmcompute.HcsCloseComputeSystem(ctx, computeSystem.handle) if err != nil { - return makeSystemError(computeSystem, operation, "", err, nil) + return makeSystemError(computeSystem, operation, err, nil) } computeSystem.handle = 0 @@ -587,7 +587,7 @@ operation := "hcsshim::System::Modify" if computeSystem.handle == 0 { - return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil) + return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil) } requestBytes, err := json.Marshal(config) @@ -599,7 +599,7 @@ resultJSON, err := vmcompute.HcsModifyComputeSystem(ctx, computeSystem.handle, requestJSON) events := processHcsResult(ctx, resultJSON) if err != nil { - return makeSystemError(computeSystem, operation, requestJSON, err, events) + return makeSystemError(computeSystem, operation, err, events) } return nil diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go --- old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go 2021-05-25 11:06:46.000000000 +0200 +++ new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go 2022-06-01 20:45:24.000000000 +0200 @@ -21,10 +21,11 @@ ) type NatPolicy struct { - Type PolicyType `json:"Type"` - Protocol string - InternalPort uint16 - ExternalPort uint16 + Type PolicyType `json:"Type"` + Protocol string + InternalPort uint16 + ExternalPort uint16 + ExternalPortReserved bool `json:",omitempty"` } type QosPolicy struct { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/vendor.conf new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor.conf --- old/docker-libnetwork-64b7a4574d1426139437d20e81c0b6d391130ec8/vendor.conf 2021-05-25 11:06:46.000000000 +0200 +++ new/docker-libnetwork-f6ccccb1c082a432c2a5814aaedaca56af33d9ea/vendor.conf 2022-06-01 20:45:24.000000000 +0200 @@ -2,7 +2,7 @@ github.com/BurntSushi/toml 3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005 # v0.3.1 github.com/containerd/cgroups 318312a373405e5e91134d8063d04d59768a1bff github.com/Microsoft/go-winio 6c72808b55902eae4c5943626030429ff20f3b63 # v0.4.14 -github.com/Microsoft/hcsshim 9dcb42f100215f8d375b4a9265e5bba009217a85 # moby branch +github.com/Microsoft/hcsshim a11a2c44e8a4aa9d66314b1d759ef582df5ab5e8 # moby branch github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/coreos/etcd d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12
