Browse code
Update to use github.com/moby/go-archive
Update use of idtools to moby/user for archive and other deprecated uses
Signed-off-by: Derek McGowan <derek@mcg.dev>
Derek McGowan authored on 2025/04/04 15:31:17Showing 77 changed files
- api/server/router/container/backend.go
- builder/builder-next/adapters/snapshot/snapshot.go
- builder/builder-next/builder.go
- builder/builder-next/executor_linux.go
- builder/builder-next/executor_nolinux.go
- builder/dockerfile/builder.go
- builder/dockerfile/copy.go
- builder/dockerfile/copy_unix.go
- builder/dockerfile/copy_windows.go
- builder/dockerfile/evaluator_test.go
- builder/dockerfile/internals.go
- builder/dockerfile/internals_linux.go
- builder/dockerfile/internals_linux_test.go
- builder/dockerfile/internals_test.go
- builder/dockerfile/internals_windows.go
- builder/remotecontext/archive.go
- builder/remotecontext/filehash.go
- builder/remotecontext/git.go
- builder/remotecontext/tarsum_test.go
- container/archive_windows.go
- daemon/archive_tarcopyoptions.go
- daemon/archive_tarcopyoptions_unix.go
- daemon/archive_unix.go
- daemon/archive_windows.go
- daemon/changes.go
- daemon/container_operations_unix.go
- daemon/containerd/image_builder.go
- daemon/containerd/image_changes.go
- daemon/containerd/image_commit.go
- daemon/containerd/image_exporter.go
- daemon/containerd/image_import.go
- daemon/containerd/image_load_test.go
- daemon/containerd/image_snapshot_unix.go
- daemon/containerd/service.go
- daemon/create.go
- daemon/daemon.go
- daemon/export.go
- daemon/graphdriver/btrfs/btrfs.go
- daemon/graphdriver/driver.go
- daemon/graphdriver/fsdiff.go
- daemon/graphdriver/fuse-overlayfs/fuseoverlayfs.go
- daemon/graphdriver/fuse-overlayfs/fuseoverlayfs_test.go
- daemon/graphdriver/graphtest/testutil.go
- daemon/graphdriver/overlay2/overlay.go
- daemon/graphdriver/overlay2/overlay_test.go
- daemon/graphdriver/vfs/copy_unsupported.go
- daemon/graphdriver/vfs/driver.go
- daemon/graphdriver/windows/windows.go
- daemon/graphdriver/zfs/zfs.go
- daemon/image_service.go
- daemon/images/image_changes.go
- daemon/images/image_import.go
- daemon/snapshotter/mount.go
- distribution/xfer/download.go
- image/tarexport/load.go
- image/tarexport/save.go
- integration-cli/docker_cli_build_test.go
- integration-cli/docker_cli_cp_utils_test.go
- integration-cli/docker_utils_test.go
- integration/container/copy_test.go
- integration/container/overlayfs_linux_test.go
- integration/image/save_test.go
- integration/plugin/authz/authz_plugin_test.go
- internal/testutils/archive.go
- internal/testutils/specialimage/load.go
- internal/testutils/specialimage/multilayer.go
- layer/layer.go
- layer/layer_store.go
- layer/layer_test.go
- layer/mount_test.go
- layer/mounted_layer.go
- libnetwork/drivers/windows/overlay/overlay.pb.go
- plugin/backend_linux.go
- plugin/fetch_linux.go
- testutil/fakecontext/context.go
- testutil/fakestorage/fixtures.go
- testutil/fixtures/plugin/plugin.go
| ... | ... |
@@ -8,7 +8,7 @@ import ( |
| 8 | 8 |
"github.com/docker/docker/api/types/container" |
| 9 | 9 |
"github.com/docker/docker/api/types/filters" |
| 10 | 10 |
containerpkg "github.com/docker/docker/container" |
| 11 |
- "github.com/docker/docker/pkg/archive" |
|
| 11 |
+ "github.com/moby/go-archive" |
|
| 12 | 12 |
) |
| 13 | 13 |
|
| 14 | 14 |
// execBackend includes functions to implement to provide exec functionality. |
| ... | ... |
@@ -18,6 +18,7 @@ import ( |
| 18 | 18 |
"github.com/moby/buildkit/snapshot" |
| 19 | 19 |
"github.com/moby/buildkit/util/leaseutil" |
| 20 | 20 |
"github.com/moby/locker" |
| 21 |
+ "github.com/moby/sys/user" |
|
| 21 | 22 |
"github.com/opencontainers/go-digest" |
| 22 | 23 |
"github.com/pkg/errors" |
| 23 | 24 |
bolt "go.etcd.io/bbolt" |
| ... | ... |
@@ -36,7 +37,7 @@ type Opt struct {
|
| 36 | 36 |
GraphDriver graphdriver.Driver |
| 37 | 37 |
LayerStore layer.Store |
| 38 | 38 |
Root string |
| 39 |
- IdentityMapping idtools.IdentityMapping |
|
| 39 |
+ IdentityMapping user.IdentityMapping |
|
| 40 | 40 |
} |
| 41 | 41 |
|
| 42 | 42 |
type graphIDRegistrar interface {
|
| ... | ... |
@@ -112,7 +113,9 @@ func (s *snapshotter) IdentityMapping() *idtools.IdentityMapping {
|
| 112 | 112 |
if s.opt.IdentityMapping.Empty() {
|
| 113 | 113 |
return nil |
| 114 | 114 |
} |
| 115 |
- return &s.opt.IdentityMapping |
|
| 115 |
+ // TODO: Update this once BuildKit switches from idtools |
|
| 116 |
+ idMap := idtools.FromUserIdentityMapping(s.opt.IdentityMapping) |
|
| 117 |
+ return &idMap |
|
| 116 | 118 |
} |
| 117 | 119 |
|
| 118 | 120 |
func (s *snapshotter) Prepare(ctx context.Context, key, parent string, opts ...snapshots.Opt) error {
|
| ... | ... |
@@ -494,7 +497,7 @@ type mountable struct {
|
| 494 | 494 |
acquire func() ([]mount.Mount, func() error, error) |
| 495 | 495 |
release func() error |
| 496 | 496 |
refCount int |
| 497 |
- idmap idtools.IdentityMapping |
|
| 497 |
+ idmap user.IdentityMapping |
|
| 498 | 498 |
} |
| 499 | 499 |
|
| 500 | 500 |
func (m *mountable) Mount() ([]mount.Mount, func() error, error) {
|
| ... | ... |
@@ -544,5 +547,7 @@ func (m *mountable) IdentityMapping() *idtools.IdentityMapping {
|
| 544 | 544 |
if m.idmap.Empty() {
|
| 545 | 545 |
return nil |
| 546 | 546 |
} |
| 547 |
- return &m.idmap |
|
| 547 |
+ // TODO: Update this once BuildKit switches from idtools |
|
| 548 |
+ idtoolsMap := idtools.FromUserIdentityMapping(m.idmap) |
|
| 549 |
+ return &idtoolsMap |
|
| 548 | 550 |
} |
| ... | ... |
@@ -26,7 +26,6 @@ import ( |
| 26 | 26 |
"github.com/docker/docker/errdefs" |
| 27 | 27 |
"github.com/docker/docker/libnetwork" |
| 28 | 28 |
"github.com/docker/docker/opts" |
| 29 |
- "github.com/docker/docker/pkg/idtools" |
|
| 30 | 29 |
"github.com/docker/docker/pkg/streamformatter" |
| 31 | 30 |
controlapi "github.com/moby/buildkit/api/services/control" |
| 32 | 31 |
"github.com/moby/buildkit/client" |
| ... | ... |
@@ -35,6 +34,7 @@ import ( |
| 35 | 35 |
"github.com/moby/buildkit/session" |
| 36 | 36 |
"github.com/moby/buildkit/util/entitlements" |
| 37 | 37 |
"github.com/moby/buildkit/util/tracing" |
| 38 |
+ "github.com/moby/sys/user" |
|
| 38 | 39 |
"github.com/pkg/errors" |
| 39 | 40 |
"golang.org/x/sync/errgroup" |
| 40 | 41 |
"google.golang.org/grpc" |
| ... | ... |
@@ -89,7 +89,7 @@ type Opt struct {
|
| 89 | 89 |
RegistryHosts docker.RegistryHosts |
| 90 | 90 |
BuilderConfig config.BuilderConfig |
| 91 | 91 |
Rootless bool |
| 92 |
- IdentityMapping idtools.IdentityMapping |
|
| 92 |
+ IdentityMapping user.IdentityMapping |
|
| 93 | 93 |
DNSConfig config.DNSConfig |
| 94 | 94 |
ApparmorProfile string |
| 95 | 95 |
UseSnapshotter bool |
| ... | ... |
@@ -22,12 +22,13 @@ import ( |
| 22 | 22 |
"github.com/moby/buildkit/solver/llbsolver/cdidevices" |
| 23 | 23 |
"github.com/moby/buildkit/solver/pb" |
| 24 | 24 |
"github.com/moby/buildkit/util/network" |
| 25 |
+ "github.com/moby/sys/user" |
|
| 25 | 26 |
"github.com/opencontainers/runtime-spec/specs-go" |
| 26 | 27 |
) |
| 27 | 28 |
|
| 28 | 29 |
const networkName = "bridge" |
| 29 | 30 |
|
| 30 |
-func newExecutor(root, cgroupParent string, net *libnetwork.Controller, dnsConfig *oci.DNSConfig, rootless bool, idmap idtools.IdentityMapping, apparmorProfile string, cdiManager *cdidevices.Manager) (executor.Executor, error) {
|
|
| 31 |
+func newExecutor(root, cgroupParent string, net *libnetwork.Controller, dnsConfig *oci.DNSConfig, rootless bool, idmap user.IdentityMapping, apparmorProfile string, cdiManager *cdidevices.Manager) (executor.Executor, error) {
|
|
| 31 | 32 |
netRoot := filepath.Join(root, "net") |
| 32 | 33 |
networkProviders := map[pb.NetMode]network.Provider{
|
| 33 | 34 |
pb.NetMode_UNSET: &bridgeProvider{Controller: net, Root: netRoot},
|
| ... | ... |
@@ -48,7 +49,9 @@ func newExecutor(root, cgroupParent string, net *libnetwork.Controller, dnsConfi |
| 48 | 48 |
|
| 49 | 49 |
// Returning a non-nil but empty *IdentityMapping breaks BuildKit: |
| 50 | 50 |
// https://github.com/moby/moby/pull/39444 |
| 51 |
- pidmap := &idmap |
|
| 51 |
+ // TODO: Remove conversion once buildkit updates |
|
| 52 |
+ idtoolsMap := idtools.FromUserIdentityMapping(idmap) |
|
| 53 |
+ pidmap := &idtoolsMap |
|
| 52 | 54 |
if idmap.Empty() {
|
| 53 | 55 |
pidmap = nil |
| 54 | 56 |
} |
| ... | ... |
@@ -9,14 +9,14 @@ import ( |
| 9 | 9 |
|
| 10 | 10 |
"github.com/docker/docker/daemon/config" |
| 11 | 11 |
"github.com/docker/docker/libnetwork" |
| 12 |
- "github.com/docker/docker/pkg/idtools" |
|
| 13 | 12 |
"github.com/moby/buildkit/executor" |
| 14 | 13 |
"github.com/moby/buildkit/executor/oci" |
| 15 | 14 |
resourcetypes "github.com/moby/buildkit/executor/resources/types" |
| 16 | 15 |
"github.com/moby/buildkit/solver/llbsolver/cdidevices" |
| 16 |
+ "github.com/moby/sys/user" |
|
| 17 | 17 |
) |
| 18 | 18 |
|
| 19 |
-func newExecutor(_, _ string, _ *libnetwork.Controller, _ *oci.DNSConfig, _ bool, _ idtools.IdentityMapping, _ string, _ *cdidevices.Manager) (executor.Executor, error) {
|
|
| 19 |
+func newExecutor(_, _ string, _ *libnetwork.Controller, _ *oci.DNSConfig, _ bool, _ user.IdentityMapping, _ string, _ *cdidevices.Manager) (executor.Executor, error) {
|
|
| 20 | 20 |
return &stubExecutor{}, nil
|
| 21 | 21 |
} |
| 22 | 22 |
|
| ... | ... |
@@ -16,12 +16,12 @@ import ( |
| 16 | 16 |
"github.com/docker/docker/builder" |
| 17 | 17 |
"github.com/docker/docker/builder/remotecontext" |
| 18 | 18 |
"github.com/docker/docker/errdefs" |
| 19 |
- "github.com/docker/docker/pkg/idtools" |
|
| 20 | 19 |
"github.com/docker/docker/pkg/streamformatter" |
| 21 | 20 |
"github.com/docker/docker/pkg/stringid" |
| 22 | 21 |
"github.com/moby/buildkit/frontend/dockerfile/instructions" |
| 23 | 22 |
"github.com/moby/buildkit/frontend/dockerfile/parser" |
| 24 | 23 |
"github.com/moby/buildkit/frontend/dockerfile/shell" |
| 24 |
+ "github.com/moby/sys/user" |
|
| 25 | 25 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 26 | 26 |
"github.com/pkg/errors" |
| 27 | 27 |
"golang.org/x/sync/syncmap" |
| ... | ... |
@@ -47,13 +47,13 @@ const ( |
| 47 | 47 |
|
| 48 | 48 |
// BuildManager is shared across all Builder objects |
| 49 | 49 |
type BuildManager struct {
|
| 50 |
- idMapping idtools.IdentityMapping |
|
| 50 |
+ idMapping user.IdentityMapping |
|
| 51 | 51 |
backend builder.Backend |
| 52 | 52 |
pathCache pathCache // TODO: make this persistent |
| 53 | 53 |
} |
| 54 | 54 |
|
| 55 | 55 |
// NewBuildManager creates a BuildManager |
| 56 |
-func NewBuildManager(b builder.Backend, identityMapping idtools.IdentityMapping) (*BuildManager, error) {
|
|
| 56 |
+func NewBuildManager(b builder.Backend, identityMapping user.IdentityMapping) (*BuildManager, error) {
|
|
| 57 | 57 |
bm := &BuildManager{
|
| 58 | 58 |
backend: b, |
| 59 | 59 |
pathCache: &syncmap.Map{},
|
| ... | ... |
@@ -103,7 +103,7 @@ type builderOptions struct {
|
| 103 | 103 |
Backend builder.Backend |
| 104 | 104 |
ProgressWriter backend.ProgressWriter |
| 105 | 105 |
PathCache pathCache |
| 106 |
- IDMapping idtools.IdentityMapping |
|
| 106 |
+ IDMapping user.IdentityMapping |
|
| 107 | 107 |
} |
| 108 | 108 |
|
| 109 | 109 |
// Builder is a Dockerfile builder |
| ... | ... |
@@ -118,7 +118,7 @@ type Builder struct {
|
| 118 | 118 |
|
| 119 | 119 |
docker builder.Backend |
| 120 | 120 |
|
| 121 |
- idMapping idtools.IdentityMapping |
|
| 121 |
+ idMapping user.IdentityMapping |
|
| 122 | 122 |
disableCommit bool |
| 123 | 123 |
imageSources *imageSources |
| 124 | 124 |
pathCache pathCache |
| ... | ... |
@@ -17,14 +17,14 @@ import ( |
| 17 | 17 |
"github.com/docker/docker/builder" |
| 18 | 18 |
"github.com/docker/docker/builder/remotecontext" |
| 19 | 19 |
"github.com/docker/docker/builder/remotecontext/urlutil" |
| 20 |
- "github.com/docker/docker/pkg/archive" |
|
| 21 |
- "github.com/docker/docker/pkg/idtools" |
|
| 22 | 20 |
"github.com/docker/docker/pkg/longpath" |
| 23 | 21 |
"github.com/docker/docker/pkg/progress" |
| 24 | 22 |
"github.com/docker/docker/pkg/streamformatter" |
| 25 | 23 |
"github.com/docker/docker/pkg/system" |
| 26 | 24 |
"github.com/moby/buildkit/frontend/dockerfile/instructions" |
| 25 |
+ "github.com/moby/go-archive" |
|
| 27 | 26 |
"github.com/moby/sys/symlink" |
| 27 |
+ "github.com/moby/sys/user" |
|
| 28 | 28 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 29 | 29 |
"github.com/pkg/errors" |
| 30 | 30 |
) |
| ... | ... |
@@ -446,9 +446,15 @@ func downloadSource(output io.Writer, stdout io.Writer, srcURL string) (remote b |
| 446 | 446 |
return lc, filename, err |
| 447 | 447 |
} |
| 448 | 448 |
|
| 449 |
+type identity struct {
|
|
| 450 |
+ UID int |
|
| 451 |
+ GID int |
|
| 452 |
+ SID string |
|
| 453 |
+} |
|
| 454 |
+ |
|
| 449 | 455 |
type copyFileOptions struct {
|
| 450 | 456 |
decompress bool |
| 451 |
- identity *idtools.Identity |
|
| 457 |
+ identity *identity |
|
| 452 | 458 |
archiver *archive.Archiver |
| 453 | 459 |
} |
| 454 | 460 |
|
| ... | ... |
@@ -498,7 +504,7 @@ func performCopyForInfo(dest copyInfo, source copyInfo, options copyFileOptions) |
| 498 | 498 |
return copyFile(archiver, srcPath, destPath, options.identity) |
| 499 | 499 |
} |
| 500 | 500 |
|
| 501 |
-func copyDirectory(archiver *archive.Archiver, source, dest string, identity *idtools.Identity) error {
|
|
| 501 |
+func copyDirectory(archiver *archive.Archiver, source, dest string, identity *identity) error {
|
|
| 502 | 502 |
destExists, err := isExistingDirectory(dest) |
| 503 | 503 |
if err != nil {
|
| 504 | 504 |
return errors.Wrapf(err, "failed to query destination path") |
| ... | ... |
@@ -513,13 +519,13 @@ func copyDirectory(archiver *archive.Archiver, source, dest string, identity *id |
| 513 | 513 |
return nil |
| 514 | 514 |
} |
| 515 | 515 |
|
| 516 |
-func copyFile(archiver *archive.Archiver, source, dest string, identity *idtools.Identity) error {
|
|
| 516 |
+func copyFile(archiver *archive.Archiver, source, dest string, identity *identity) error {
|
|
| 517 | 517 |
if identity == nil {
|
| 518 | 518 |
if err := os.MkdirAll(filepath.Dir(dest), 0o755); err != nil {
|
| 519 | 519 |
return err |
| 520 | 520 |
} |
| 521 | 521 |
} else {
|
| 522 |
- if err := idtools.MkdirAllAndChownNew(filepath.Dir(dest), 0o755, *identity); err != nil {
|
|
| 522 |
+ if err := user.MkdirAllAndChown(filepath.Dir(dest), 0o755, identity.UID, identity.GID, user.WithOnlyNew); err != nil {
|
|
| 523 | 523 |
return errors.Wrapf(err, "failed to create new directory") |
| 524 | 524 |
} |
| 525 | 525 |
} |
| ... | ... |
@@ -7,11 +7,9 @@ import ( |
| 7 | 7 |
"path" |
| 8 | 8 |
"path/filepath" |
| 9 | 9 |
"strings" |
| 10 |
- |
|
| 11 |
- "github.com/docker/docker/pkg/idtools" |
|
| 12 | 10 |
) |
| 13 | 11 |
|
| 14 |
-func fixPermissions(source, destination string, identity idtools.Identity, overrideSkip bool) error {
|
|
| 12 |
+func fixPermissions(source, destination string, id identity, overrideSkip bool) error {
|
|
| 15 | 13 |
var ( |
| 16 | 14 |
skipChownRoot bool |
| 17 | 15 |
err error |
| ... | ... |
@@ -39,7 +37,7 @@ func fixPermissions(source, destination string, identity idtools.Identity, overr |
| 39 | 39 |
} |
| 40 | 40 |
|
| 41 | 41 |
fullpath = filepath.Join(destination, cleaned) |
| 42 |
- return os.Lchown(fullpath, identity.UID, identity.GID) |
|
| 42 |
+ return os.Lchown(fullpath, id.UID, id.GID) |
|
| 43 | 43 |
}) |
| 44 | 44 |
} |
| 45 | 45 |
|
| ... | ... |
@@ -8,7 +8,6 @@ import ( |
| 8 | 8 |
|
| 9 | 9 |
winio "github.com/Microsoft/go-winio" |
| 10 | 10 |
"github.com/docker/docker/internal/usergroup" |
| 11 |
- "github.com/docker/docker/pkg/idtools" |
|
| 12 | 11 |
"github.com/docker/docker/pkg/system" |
| 13 | 12 |
"github.com/moby/sys/reexec" |
| 14 | 13 |
"github.com/pkg/errors" |
| ... | ... |
@@ -24,12 +23,12 @@ func init() {
|
| 24 | 24 |
reexec.Register("windows-fix-permissions", fixPermissionsReexec)
|
| 25 | 25 |
} |
| 26 | 26 |
|
| 27 |
-func fixPermissions(source, destination string, identity idtools.Identity, _ bool) error {
|
|
| 28 |
- if identity.SID == "" {
|
|
| 27 |
+func fixPermissions(source, destination string, id identity, _ bool) error {
|
|
| 28 |
+ if id.SID == "" {
|
|
| 29 | 29 |
return nil |
| 30 | 30 |
} |
| 31 | 31 |
|
| 32 |
- cmd := reexec.Command("windows-fix-permissions", source, destination, identity.SID)
|
|
| 32 |
+ cmd := reexec.Command("windows-fix-permissions", source, destination, id.SID)
|
|
| 33 | 33 |
output, err := cmd.CombinedOutput() |
| 34 | 34 |
|
| 35 | 35 |
return errors.Wrapf(err, "failed to exec windows-fix-permissions: %s", output) |
| ... | ... |
@@ -7,8 +7,8 @@ import ( |
| 7 | 7 |
"testing" |
| 8 | 8 |
|
| 9 | 9 |
"github.com/docker/docker/builder/remotecontext" |
| 10 |
- "github.com/docker/docker/pkg/archive" |
|
| 11 | 10 |
"github.com/moby/buildkit/frontend/dockerfile/instructions" |
| 11 |
+ "github.com/moby/go-archive" |
|
| 12 | 12 |
"github.com/moby/sys/reexec" |
| 13 | 13 |
"gotest.tools/v3/assert" |
| 14 | 14 |
is "gotest.tools/v3/assert/cmp" |
| ... | ... |
@@ -19,10 +19,10 @@ import ( |
| 19 | 19 |
"github.com/docker/docker/builder" |
| 20 | 20 |
networkSettings "github.com/docker/docker/daemon/network" |
| 21 | 21 |
"github.com/docker/docker/image" |
| 22 |
- "github.com/docker/docker/pkg/archive" |
|
| 23 |
- "github.com/docker/docker/pkg/chrootarchive" |
|
| 24 | 22 |
"github.com/docker/docker/pkg/stringid" |
| 25 | 23 |
"github.com/docker/go-connections/nat" |
| 24 |
+ "github.com/moby/go-archive" |
|
| 25 |
+ "github.com/moby/go-archive/chrootarchive" |
|
| 26 | 26 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 27 | 27 |
"github.com/pkg/errors" |
| 28 | 28 |
) |
| ... | ... |
@@ -152,12 +152,13 @@ func (b *Builder) performCopy(ctx context.Context, req dispatchRequest, inst cop |
| 152 | 152 |
return err |
| 153 | 153 |
} |
| 154 | 154 |
|
| 155 |
- identity := b.idMapping.RootPair() |
|
| 155 |
+ uid, gid := b.idMapping.RootPair() |
|
| 156 |
+ id := identity{UID: uid, GID: gid}
|
|
| 156 | 157 |
// if a chown was requested, perform the steps to get the uid, gid |
| 157 | 158 |
// translated (if necessary because of user namespaces), and replace |
| 158 | 159 |
// the root pair with the chown pair for copy operations |
| 159 | 160 |
if inst.chownStr != "" {
|
| 160 |
- identity, err = parseChownFlag(ctx, b, state, inst.chownStr, destInfo.root, b.idMapping) |
|
| 161 |
+ id, err = parseChownFlag(ctx, b, state, inst.chownStr, destInfo.root, b.idMapping) |
|
| 161 | 162 |
if err != nil {
|
| 162 | 163 |
if b.options.Platform != "windows" {
|
| 163 | 164 |
return errors.Wrapf(err, "unable to convert uid/gid chown string to host mapping") |
| ... | ... |
@@ -173,7 +174,7 @@ func (b *Builder) performCopy(ctx context.Context, req dispatchRequest, inst cop |
| 173 | 173 |
archiver: b.getArchiver(), |
| 174 | 174 |
} |
| 175 | 175 |
if !inst.preserveOwnership {
|
| 176 |
- opts.identity = &identity |
|
| 176 |
+ opts.identity = &id |
|
| 177 | 177 |
} |
| 178 | 178 |
if err := performCopyForInfo(destInfo, info, opts); err != nil {
|
| 179 | 179 |
return errors.Wrapf(err, "failed to copy files") |
| ... | ... |
@@ -6,17 +6,16 @@ import ( |
| 6 | 6 |
"strconv" |
| 7 | 7 |
"strings" |
| 8 | 8 |
|
| 9 |
- "github.com/docker/docker/pkg/idtools" |
|
| 10 | 9 |
"github.com/moby/sys/symlink" |
| 11 | 10 |
"github.com/moby/sys/user" |
| 12 | 11 |
"github.com/pkg/errors" |
| 13 | 12 |
) |
| 14 | 13 |
|
| 15 |
-func parseChownFlag(ctx context.Context, builder *Builder, state *dispatchState, chown, ctrRootPath string, identityMapping idtools.IdentityMapping) (idtools.Identity, error) {
|
|
| 14 |
+func parseChownFlag(ctx context.Context, builder *Builder, state *dispatchState, chown, ctrRootPath string, identityMapping user.IdentityMapping) (identity, error) {
|
|
| 16 | 15 |
var userStr, grpStr string |
| 17 | 16 |
parts := strings.Split(chown, ":") |
| 18 | 17 |
if len(parts) > 2 {
|
| 19 |
- return idtools.Identity{}, errors.New("invalid chown string format: " + chown)
|
|
| 18 |
+ return identity{}, errors.New("invalid chown string format: " + chown)
|
|
| 20 | 19 |
} |
| 21 | 20 |
if len(parts) == 1 {
|
| 22 | 21 |
// if no group specified, use the user spec as group as well |
| ... | ... |
@@ -27,27 +26,27 @@ func parseChownFlag(ctx context.Context, builder *Builder, state *dispatchState, |
| 27 | 27 |
|
| 28 | 28 |
passwdPath, err := symlink.FollowSymlinkInScope(filepath.Join(ctrRootPath, "etc", "passwd"), ctrRootPath) |
| 29 | 29 |
if err != nil {
|
| 30 |
- return idtools.Identity{}, errors.Wrap(err, "can't resolve /etc/passwd path in container rootfs")
|
|
| 30 |
+ return identity{}, errors.Wrap(err, "can't resolve /etc/passwd path in container rootfs")
|
|
| 31 | 31 |
} |
| 32 | 32 |
groupPath, err := symlink.FollowSymlinkInScope(filepath.Join(ctrRootPath, "etc", "group"), ctrRootPath) |
| 33 | 33 |
if err != nil {
|
| 34 |
- return idtools.Identity{}, errors.Wrap(err, "can't resolve /etc/group path in container rootfs")
|
|
| 34 |
+ return identity{}, errors.Wrap(err, "can't resolve /etc/group path in container rootfs")
|
|
| 35 | 35 |
} |
| 36 | 36 |
uid, err := lookupUser(userStr, passwdPath) |
| 37 | 37 |
if err != nil {
|
| 38 |
- return idtools.Identity{}, errors.Wrap(err, "can't find uid for user "+userStr)
|
|
| 38 |
+ return identity{}, errors.Wrap(err, "can't find uid for user "+userStr)
|
|
| 39 | 39 |
} |
| 40 | 40 |
gid, err := lookupGroup(grpStr, groupPath) |
| 41 | 41 |
if err != nil {
|
| 42 |
- return idtools.Identity{}, errors.Wrap(err, "can't find gid for group "+grpStr)
|
|
| 42 |
+ return identity{}, errors.Wrap(err, "can't find gid for group "+grpStr)
|
|
| 43 | 43 |
} |
| 44 | 44 |
|
| 45 | 45 |
// convert as necessary because of user namespaces |
| 46 |
- chownPair, err := identityMapping.ToHost(idtools.Identity{UID: uid, GID: gid})
|
|
| 46 |
+ uid, gid, err = identityMapping.ToHost(uid, gid) |
|
| 47 | 47 |
if err != nil {
|
| 48 |
- return idtools.Identity{}, errors.Wrap(err, "unable to convert uid/gid to host mapping")
|
|
| 48 |
+ return identity{}, errors.Wrap(err, "unable to convert uid/gid to host mapping")
|
|
| 49 | 49 |
} |
| 50 |
- return chownPair, nil |
|
| 50 |
+ return identity{UID: uid, GID: gid}, nil
|
|
| 51 | 51 |
} |
| 52 | 52 |
|
| 53 | 53 |
func lookupUser(userStr, filepath string) (int, error) {
|
| ... | ... |
@@ -7,7 +7,7 @@ import ( |
| 7 | 7 |
"testing" |
| 8 | 8 |
|
| 9 | 9 |
"github.com/docker/docker/api/types" |
| 10 |
- "github.com/docker/docker/pkg/idtools" |
|
| 10 |
+ "github.com/moby/sys/user" |
|
| 11 | 11 |
"gotest.tools/v3/assert" |
| 12 | 12 |
is "gotest.tools/v3/assert/cmp" |
| 13 | 13 |
) |
| ... | ... |
@@ -28,15 +28,15 @@ othergrp:x:6666: |
| 28 | 28 |
`, |
| 29 | 29 |
} |
| 30 | 30 |
// test mappings for validating use of maps |
| 31 |
- idMaps := []idtools.IDMap{
|
|
| 31 |
+ idMaps := []user.IDMap{
|
|
| 32 | 32 |
{
|
| 33 |
- ContainerID: 0, |
|
| 34 |
- HostID: 100000, |
|
| 35 |
- Size: 65536, |
|
| 33 |
+ ID: 0, |
|
| 34 |
+ ParentID: 100000, |
|
| 35 |
+ Count: 65536, |
|
| 36 | 36 |
}, |
| 37 | 37 |
} |
| 38 |
- remapped := idtools.IdentityMapping{UIDMaps: idMaps, GIDMaps: idMaps}
|
|
| 39 |
- unmapped := idtools.IdentityMapping{}
|
|
| 38 |
+ remapped := user.IdentityMapping{UIDMaps: idMaps, GIDMaps: idMaps}
|
|
| 39 |
+ unmapped := user.IdentityMapping{}
|
|
| 40 | 40 |
|
| 41 | 41 |
contextDir, cleanup := createTestTempDir(t, "", "builder-chown-parse-test") |
| 42 | 42 |
defer cleanup() |
| ... | ... |
@@ -54,9 +54,9 @@ othergrp:x:6666: |
| 54 | 54 |
builder *Builder |
| 55 | 55 |
name string |
| 56 | 56 |
chownStr string |
| 57 |
- idMapping idtools.IdentityMapping |
|
| 57 |
+ idMapping user.IdentityMapping |
|
| 58 | 58 |
state *dispatchState |
| 59 |
- expected idtools.Identity |
|
| 59 |
+ expected identity |
|
| 60 | 60 |
}{
|
| 61 | 61 |
{
|
| 62 | 62 |
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
|
| ... | ... |
@@ -64,7 +64,7 @@ othergrp:x:6666: |
| 64 | 64 |
chownStr: "1", |
| 65 | 65 |
idMapping: unmapped, |
| 66 | 66 |
state: &dispatchState{},
|
| 67 |
- expected: idtools.Identity{UID: 1, GID: 1},
|
|
| 67 |
+ expected: identity{UID: 1, GID: 1},
|
|
| 68 | 68 |
}, |
| 69 | 69 |
{
|
| 70 | 70 |
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
|
| ... | ... |
@@ -72,7 +72,7 @@ othergrp:x:6666: |
| 72 | 72 |
chownStr: "0:1", |
| 73 | 73 |
idMapping: unmapped, |
| 74 | 74 |
state: &dispatchState{},
|
| 75 |
- expected: idtools.Identity{UID: 0, GID: 1},
|
|
| 75 |
+ expected: identity{UID: 0, GID: 1},
|
|
| 76 | 76 |
}, |
| 77 | 77 |
{
|
| 78 | 78 |
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
|
| ... | ... |
@@ -80,7 +80,7 @@ othergrp:x:6666: |
| 80 | 80 |
chownStr: "0", |
| 81 | 81 |
idMapping: remapped, |
| 82 | 82 |
state: &dispatchState{},
|
| 83 |
- expected: idtools.Identity{UID: 100000, GID: 100000},
|
|
| 83 |
+ expected: identity{UID: 100000, GID: 100000},
|
|
| 84 | 84 |
}, |
| 85 | 85 |
{
|
| 86 | 86 |
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
|
| ... | ... |
@@ -88,7 +88,7 @@ othergrp:x:6666: |
| 88 | 88 |
chownStr: "1:33", |
| 89 | 89 |
idMapping: remapped, |
| 90 | 90 |
state: &dispatchState{},
|
| 91 |
- expected: idtools.Identity{UID: 100001, GID: 100033},
|
|
| 91 |
+ expected: identity{UID: 100001, GID: 100033},
|
|
| 92 | 92 |
}, |
| 93 | 93 |
{
|
| 94 | 94 |
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
|
| ... | ... |
@@ -96,7 +96,7 @@ othergrp:x:6666: |
| 96 | 96 |
chownStr: "bin:5555", |
| 97 | 97 |
idMapping: unmapped, |
| 98 | 98 |
state: &dispatchState{},
|
| 99 |
- expected: idtools.Identity{UID: 1, GID: 5555},
|
|
| 99 |
+ expected: identity{UID: 1, GID: 5555},
|
|
| 100 | 100 |
}, |
| 101 | 101 |
{
|
| 102 | 102 |
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
|
| ... | ... |
@@ -104,7 +104,7 @@ othergrp:x:6666: |
| 104 | 104 |
chownStr: "0:unicorn", |
| 105 | 105 |
idMapping: remapped, |
| 106 | 106 |
state: &dispatchState{},
|
| 107 |
- expected: idtools.Identity{UID: 100000, GID: 101002},
|
|
| 107 |
+ expected: identity{UID: 100000, GID: 101002},
|
|
| 108 | 108 |
}, |
| 109 | 109 |
{
|
| 110 | 110 |
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
|
| ... | ... |
@@ -112,7 +112,7 @@ othergrp:x:6666: |
| 112 | 112 |
chownStr: "unicorn", |
| 113 | 113 |
idMapping: remapped, |
| 114 | 114 |
state: &dispatchState{},
|
| 115 |
- expected: idtools.Identity{UID: 101001, GID: 101002},
|
|
| 115 |
+ expected: identity{UID: 101001, GID: 101002},
|
|
| 116 | 116 |
}, |
| 117 | 117 |
} {
|
| 118 | 118 |
t.Run(testcase.name, func(t *testing.T) {
|
| ... | ... |
@@ -127,7 +127,7 @@ othergrp:x:6666: |
| 127 | 127 |
builder *Builder |
| 128 | 128 |
name string |
| 129 | 129 |
chownStr string |
| 130 |
- idMapping idtools.IdentityMapping |
|
| 130 |
+ idMapping user.IdentityMapping |
|
| 131 | 131 |
state *dispatchState |
| 132 | 132 |
descr string |
| 133 | 133 |
}{
|
| ... | ... |
@@ -14,8 +14,8 @@ import ( |
| 14 | 14 |
"github.com/docker/docker/builder/remotecontext" |
| 15 | 15 |
"github.com/docker/docker/image" |
| 16 | 16 |
"github.com/docker/docker/layer" |
| 17 |
- "github.com/docker/docker/pkg/archive" |
|
| 18 | 17 |
"github.com/docker/go-connections/nat" |
| 18 |
+ "github.com/moby/go-archive" |
|
| 19 | 19 |
"github.com/opencontainers/go-digest" |
| 20 | 20 |
"gotest.tools/v3/assert" |
| 21 | 21 |
is "gotest.tools/v3/assert/cmp" |
| ... | ... |
@@ -12,27 +12,28 @@ import ( |
| 12 | 12 |
"github.com/docker/docker/api/types/mount" |
| 13 | 13 |
"github.com/docker/docker/errdefs" |
| 14 | 14 |
"github.com/docker/docker/internal/usergroup" |
| 15 |
- "github.com/docker/docker/pkg/idtools" |
|
| 16 | 15 |
"github.com/docker/docker/pkg/jsonmessage" |
| 16 |
+ "github.com/moby/sys/user" |
|
| 17 | 17 |
"golang.org/x/sys/windows" |
| 18 | 18 |
) |
| 19 | 19 |
|
| 20 |
-func parseChownFlag(ctx context.Context, builder *Builder, state *dispatchState, chown, ctrRootPath string, identityMapping idtools.IdentityMapping) (idtools.Identity, error) {
|
|
| 20 |
+func parseChownFlag(ctx context.Context, builder *Builder, state *dispatchState, chown, ctrRootPath string, identityMapping user.IdentityMapping) (identity, error) {
|
|
| 21 | 21 |
if builder.options.Platform == "windows" {
|
| 22 | 22 |
return getAccountIdentity(ctx, builder, chown, ctrRootPath, state) |
| 23 | 23 |
} |
| 24 | 24 |
|
| 25 |
- return identityMapping.RootPair(), nil |
|
| 25 |
+ uid, gid := identityMapping.RootPair() |
|
| 26 |
+ return identity{UID: uid, GID: gid}, nil
|
|
| 26 | 27 |
} |
| 27 | 28 |
|
| 28 |
-func getAccountIdentity(ctx context.Context, builder *Builder, accountName string, ctrRootPath string, state *dispatchState) (idtools.Identity, error) {
|
|
| 29 |
+func getAccountIdentity(ctx context.Context, builder *Builder, accountName string, ctrRootPath string, state *dispatchState) (identity, error) {
|
|
| 29 | 30 |
// If this is potentially a string SID then attempt to convert it to verify |
| 30 | 31 |
// this, otherwise continue looking for the account. |
| 31 | 32 |
if strings.HasPrefix(accountName, "S-") || strings.HasPrefix(accountName, "s-") {
|
| 32 | 33 |
sid, err := windows.StringToSid(accountName) |
| 33 | 34 |
|
| 34 | 35 |
if err == nil {
|
| 35 |
- return idtools.Identity{SID: sid.String()}, nil
|
|
| 36 |
+ return identity{SID: sid.String()}, nil
|
|
| 36 | 37 |
} |
| 37 | 38 |
} |
| 38 | 39 |
|
| ... | ... |
@@ -41,14 +42,14 @@ func getAccountIdentity(ctx context.Context, builder *Builder, accountName strin |
| 41 | 41 |
|
| 42 | 42 |
// If this is a SID that is built-in and hence the same across all systems then use that. |
| 43 | 43 |
if err == nil && (accType == windows.SidTypeAlias || accType == windows.SidTypeWellKnownGroup) {
|
| 44 |
- return idtools.Identity{SID: sid.String()}, nil
|
|
| 44 |
+ return identity{SID: sid.String()}, nil
|
|
| 45 | 45 |
} |
| 46 | 46 |
|
| 47 | 47 |
// Check if the account name is one unique to containers. |
| 48 | 48 |
if strings.EqualFold(accountName, "ContainerAdministrator") {
|
| 49 |
- return idtools.Identity{SID: usergroup.ContainerAdministratorSidString}, nil
|
|
| 49 |
+ return identity{SID: usergroup.ContainerAdministratorSidString}, nil
|
|
| 50 | 50 |
} else if strings.EqualFold(accountName, "ContainerUser") {
|
| 51 |
- return idtools.Identity{SID: usergroup.ContainerUserSidString}, nil
|
|
| 51 |
+ return identity{SID: usergroup.ContainerUserSidString}, nil
|
|
| 52 | 52 |
} |
| 53 | 53 |
|
| 54 | 54 |
// All other lookups failed, so therefore determine if the account in |
| ... | ... |
@@ -56,7 +57,7 @@ func getAccountIdentity(ctx context.Context, builder *Builder, accountName strin |
| 56 | 56 |
return lookupNTAccount(ctx, builder, accountName, state) |
| 57 | 57 |
} |
| 58 | 58 |
|
| 59 |
-func lookupNTAccount(ctx context.Context, builder *Builder, accountName string, state *dispatchState) (idtools.Identity, error) {
|
|
| 59 |
+func lookupNTAccount(ctx context.Context, builder *Builder, accountName string, state *dispatchState) (identity, error) {
|
|
| 60 | 60 |
source, _ := filepath.Split(os.Args[0]) |
| 61 | 61 |
|
| 62 | 62 |
target := "C:\\Docker" |
| ... | ... |
@@ -64,7 +65,7 @@ func lookupNTAccount(ctx context.Context, builder *Builder, accountName string, |
| 64 | 64 |
|
| 65 | 65 |
optionsPlatform, err := platforms.Parse(builder.options.Platform) |
| 66 | 66 |
if err != nil {
|
| 67 |
- return idtools.Identity{}, errdefs.InvalidParameter(err)
|
|
| 67 |
+ return identity{}, errdefs.InvalidParameter(err)
|
|
| 68 | 68 |
} |
| 69 | 69 |
|
| 70 | 70 |
runConfig := copyRunConfig(state.runConfig, |
| ... | ... |
@@ -85,7 +86,7 @@ func lookupNTAccount(ctx context.Context, builder *Builder, accountName string, |
| 85 | 85 |
|
| 86 | 86 |
container, err := builder.containerManager.Create(ctx, runConfig, hostConfig) |
| 87 | 87 |
if err != nil {
|
| 88 |
- return idtools.Identity{}, err
|
|
| 88 |
+ return identity{}, err
|
|
| 89 | 89 |
} |
| 90 | 90 |
|
| 91 | 91 |
stdout := new(bytes.Buffer) |
| ... | ... |
@@ -93,15 +94,15 @@ func lookupNTAccount(ctx context.Context, builder *Builder, accountName string, |
| 93 | 93 |
|
| 94 | 94 |
if err := builder.containerManager.Run(ctx, container.ID, stdout, stderr); err != nil {
|
| 95 | 95 |
if err, ok := err.(*statusCodeError); ok {
|
| 96 |
- return idtools.Identity{}, &jsonmessage.JSONError{
|
|
| 96 |
+ return identity{}, &jsonmessage.JSONError{
|
|
| 97 | 97 |
Message: stderr.String(), |
| 98 | 98 |
Code: err.StatusCode(), |
| 99 | 99 |
} |
| 100 | 100 |
} |
| 101 |
- return idtools.Identity{}, err
|
|
| 101 |
+ return identity{}, err
|
|
| 102 | 102 |
} |
| 103 | 103 |
|
| 104 | 104 |
accountSid := stdout.String() |
| 105 | 105 |
|
| 106 |
- return idtools.Identity{SID: accountSid}, nil
|
|
| 106 |
+ return identity{SID: accountSid}, nil
|
|
| 107 | 107 |
} |
| ... | ... |
@@ -6,11 +6,11 @@ import ( |
| 6 | 6 |
"path/filepath" |
| 7 | 7 |
|
| 8 | 8 |
"github.com/docker/docker/builder" |
| 9 |
- "github.com/docker/docker/pkg/archive" |
|
| 10 |
- "github.com/docker/docker/pkg/chrootarchive" |
|
| 11 | 9 |
"github.com/docker/docker/pkg/longpath" |
| 12 | 10 |
"github.com/docker/docker/pkg/system" |
| 13 | 11 |
"github.com/docker/docker/pkg/tarsum" |
| 12 |
+ "github.com/moby/go-archive" |
|
| 13 |
+ "github.com/moby/go-archive/chrootarchive" |
|
| 14 | 14 |
"github.com/moby/sys/symlink" |
| 15 | 15 |
"github.com/pkg/errors" |
| 16 | 16 |
) |
| ... | ... |
@@ -7,7 +7,7 @@ import ( |
| 7 | 7 |
"github.com/containerd/log" |
| 8 | 8 |
"github.com/docker/docker/builder" |
| 9 | 9 |
"github.com/docker/docker/builder/remotecontext/git" |
| 10 |
- "github.com/docker/docker/pkg/archive" |
|
| 10 |
+ "github.com/moby/go-archive" |
|
| 11 | 11 |
) |
| 12 | 12 |
|
| 13 | 13 |
// MakeGitContext returns a Context from gitURL that is cloned in a temporary directory. |
| ... | ... |
@@ -1,8 +1,7 @@ |
| 1 | 1 |
package daemon // import "github.com/docker/docker/daemon" |
| 2 | 2 |
|
| 3 | 3 |
import ( |
| 4 |
- "github.com/docker/docker/pkg/archive" |
|
| 5 |
- "github.com/docker/docker/pkg/idtools" |
|
| 4 |
+ "github.com/moby/go-archive" |
|
| 6 | 5 |
) |
| 7 | 6 |
|
| 8 | 7 |
// defaultTarCopyOptions is the setting that is used when unpacking an archive |
| ... | ... |
@@ -10,6 +9,6 @@ import ( |
| 10 | 10 |
func (daemon *Daemon) defaultTarCopyOptions(noOverwriteDirNonDir bool) *archive.TarOptions {
|
| 11 | 11 |
return &archive.TarOptions{
|
| 12 | 12 |
NoOverwriteDirNonDir: noOverwriteDirNonDir, |
| 13 |
- IDMap: idtools.FromUserIdentityMapping(daemon.idMapping), |
|
| 13 |
+ IDMap: daemon.idMapping, |
|
| 14 | 14 |
} |
| 15 | 15 |
} |
| ... | ... |
@@ -10,8 +10,7 @@ import ( |
| 10 | 10 |
|
| 11 | 11 |
"github.com/docker/docker/container" |
| 12 | 12 |
"github.com/docker/docker/errdefs" |
| 13 |
- "github.com/docker/docker/pkg/archive" |
|
| 14 |
- "github.com/docker/docker/pkg/idtools" |
|
| 13 |
+ "github.com/moby/go-archive" |
|
| 15 | 14 |
"github.com/moby/sys/user" |
| 16 | 15 |
) |
| 17 | 16 |
|
| ... | ... |
@@ -27,7 +26,7 @@ func (daemon *Daemon) tarCopyOptions(ctr *container.Container, noOverwriteDirNon |
| 27 | 27 |
|
| 28 | 28 |
return &archive.TarOptions{
|
| 29 | 29 |
NoOverwriteDirNonDir: noOverwriteDirNonDir, |
| 30 |
- ChownOpts: &idtools.Identity{UID: uid, GID: gid},
|
|
| 30 |
+ ChownOpts: &archive.ChownOpts{UID: uid, GID: gid},
|
|
| 31 | 31 |
}, nil |
| 32 | 32 |
} |
| 33 | 33 |
|
| ... | ... |
@@ -12,9 +12,9 @@ import ( |
| 12 | 12 |
"github.com/docker/docker/api/types/events" |
| 13 | 13 |
"github.com/docker/docker/container" |
| 14 | 14 |
"github.com/docker/docker/errdefs" |
| 15 |
- "github.com/docker/docker/pkg/archive" |
|
| 16 | 15 |
"github.com/docker/docker/pkg/ioutils" |
| 17 | 16 |
volumemounts "github.com/docker/docker/volume/mounts" |
| 17 |
+ "github.com/moby/go-archive" |
|
| 18 | 18 |
"github.com/pkg/errors" |
| 19 | 19 |
) |
| 20 | 20 |
|
| ... | ... |
@@ -10,9 +10,9 @@ import ( |
| 10 | 10 |
"github.com/docker/docker/api/types/events" |
| 11 | 11 |
"github.com/docker/docker/container" |
| 12 | 12 |
"github.com/docker/docker/errdefs" |
| 13 |
- "github.com/docker/docker/pkg/archive" |
|
| 14 |
- "github.com/docker/docker/pkg/chrootarchive" |
|
| 15 | 13 |
"github.com/docker/docker/pkg/ioutils" |
| 14 |
+ "github.com/moby/go-archive" |
|
| 15 |
+ "github.com/moby/go-archive/chrootarchive" |
|
| 16 | 16 |
) |
| 17 | 17 |
|
| 18 | 18 |
// containerStatPath stats the filesystem resource at the specified path in this |
| ... | ... |
@@ -19,7 +19,6 @@ import ( |
| 19 | 19 |
"github.com/docker/docker/errdefs" |
| 20 | 20 |
"github.com/docker/docker/libnetwork" |
| 21 | 21 |
"github.com/docker/docker/libnetwork/drivers/bridge" |
| 22 |
- "github.com/docker/docker/pkg/idtools" |
|
| 23 | 22 |
"github.com/docker/docker/pkg/process" |
| 24 | 23 |
"github.com/docker/docker/pkg/stringid" |
| 25 | 24 |
"github.com/moby/sys/mount" |
| ... | ... |
@@ -578,5 +577,6 @@ func (daemon *Daemon) setupContainerMountsRoot(ctr *container.Container) error {
|
| 578 | 578 |
if err != nil {
|
| 579 | 579 |
return err |
| 580 | 580 |
} |
| 581 |
- return idtools.MkdirAllAndChown(p, 0o710, idtools.Identity{UID: idtools.CurrentIdentity().UID, GID: daemon.IdentityMapping().RootPair().GID})
|
|
| 581 |
+ _, gid := daemon.IdentityMapping().RootPair() |
|
| 582 |
+ return user.MkdirAllAndChown(p, 0o710, os.Getuid(), gid) |
|
| 582 | 583 |
} |
| ... | ... |
@@ -30,11 +30,11 @@ import ( |
| 30 | 30 |
"github.com/docker/docker/image" |
| 31 | 31 |
dimage "github.com/docker/docker/image" |
| 32 | 32 |
"github.com/docker/docker/layer" |
| 33 |
- "github.com/docker/docker/pkg/archive" |
|
| 34 | 33 |
"github.com/docker/docker/pkg/progress" |
| 35 | 34 |
"github.com/docker/docker/pkg/streamformatter" |
| 36 | 35 |
"github.com/docker/docker/pkg/stringid" |
| 37 | 36 |
imagespec "github.com/moby/docker-image-spec/specs-go/v1" |
| 37 |
+ "github.com/moby/go-archive" |
|
| 38 | 38 |
"github.com/opencontainers/go-digest" |
| 39 | 39 |
"github.com/opencontainers/image-spec/identity" |
| 40 | 40 |
"github.com/opencontainers/image-spec/specs-go" |
| ... | ... |
@@ -7,8 +7,8 @@ import ( |
| 7 | 7 |
"github.com/containerd/containerd/v2/core/mount" |
| 8 | 8 |
"github.com/containerd/log" |
| 9 | 9 |
"github.com/docker/docker/container" |
| 10 |
- "github.com/docker/docker/pkg/archive" |
|
| 11 | 10 |
"github.com/docker/docker/pkg/stringid" |
| 11 |
+ "github.com/moby/go-archive" |
|
| 12 | 12 |
) |
| 13 | 13 |
|
| 14 | 14 |
func (i *ImageService) Changes(ctx context.Context, ctr *container.Container) ([]archive.Change, error) {
|
| ... | ... |
@@ -18,8 +18,8 @@ import ( |
| 18 | 18 |
"github.com/containerd/log" |
| 19 | 19 |
"github.com/docker/docker/api/types/backend" |
| 20 | 20 |
"github.com/docker/docker/image" |
| 21 |
- "github.com/docker/docker/pkg/archive" |
|
| 22 | 21 |
imagespec "github.com/moby/docker-image-spec/specs-go/v1" |
| 22 |
+ "github.com/moby/go-archive" |
|
| 23 | 23 |
"github.com/opencontainers/go-digest" |
| 24 | 24 |
"github.com/opencontainers/image-spec/identity" |
| 25 | 25 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| ... | ... |
@@ -152,8 +152,8 @@ func (i *ImageService) createDiff(ctx context.Context, name string, sn snapshots |
| 152 | 152 |
if !i.idMapping.Empty() {
|
| 153 | 153 |
// The rootfs of the container is remapped if an id mapping exists, we |
| 154 | 154 |
// need to "unremap" it before committing the snapshot |
| 155 |
- rootPair := i.idMapping.RootPair() |
|
| 156 |
- usernsID := fmt.Sprintf("%s-%d-%d-%s", name, rootPair.UID, rootPair.GID, uniquePart())
|
|
| 155 |
+ uid, gid := i.idMapping.RootPair() |
|
| 156 |
+ usernsID := fmt.Sprintf("%s-%d-%d-%s", name, uid, gid, uniquePart())
|
|
| 157 | 157 |
remappedID := usernsID + remapSuffix |
| 158 | 158 |
baseName := name |
| 159 | 159 |
|
| ... | ... |
@@ -18,8 +18,8 @@ import ( |
| 18 | 18 |
"github.com/docker/docker/api/types/events" |
| 19 | 19 |
"github.com/docker/docker/daemon/images" |
| 20 | 20 |
"github.com/docker/docker/errdefs" |
| 21 |
- dockerarchive "github.com/docker/docker/pkg/archive" |
|
| 22 | 21 |
"github.com/docker/docker/pkg/streamformatter" |
| 22 |
+ dockerarchive "github.com/moby/go-archive" |
|
| 23 | 23 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 24 | 24 |
"github.com/pkg/errors" |
| 25 | 25 |
) |
| ... | ... |
@@ -20,10 +20,10 @@ import ( |
| 20 | 20 |
"github.com/docker/docker/builder/dockerfile" |
| 21 | 21 |
"github.com/docker/docker/errdefs" |
| 22 | 22 |
"github.com/docker/docker/image" |
| 23 |
- "github.com/docker/docker/pkg/archive" |
|
| 24 | 23 |
"github.com/docker/docker/pkg/pools" |
| 25 | 24 |
"github.com/google/uuid" |
| 26 | 25 |
imagespec "github.com/moby/docker-image-spec/specs-go/v1" |
| 26 |
+ "github.com/moby/go-archive" |
|
| 27 | 27 |
"github.com/opencontainers/go-digest" |
| 28 | 28 |
"github.com/opencontainers/image-spec/specs-go" |
| 29 | 29 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| ... | ... |
@@ -14,7 +14,7 @@ import ( |
| 14 | 14 |
"github.com/containerd/platforms" |
| 15 | 15 |
"github.com/docker/docker/errdefs" |
| 16 | 16 |
"github.com/docker/docker/internal/testutils/specialimage" |
| 17 |
- "github.com/docker/docker/pkg/archive" |
|
| 17 |
+ "github.com/moby/go-archive" |
|
| 18 | 18 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 19 | 19 |
"gotest.tools/v3/assert" |
| 20 | 20 |
is "gotest.tools/v3/assert/cmp" |
| ... | ... |
@@ -13,7 +13,6 @@ import ( |
| 13 | 13 |
"github.com/containerd/containerd/v2/core/snapshots" |
| 14 | 14 |
"github.com/containerd/continuity/fs" |
| 15 | 15 |
"github.com/containerd/continuity/sysx" |
| 16 |
- "github.com/docker/docker/pkg/idtools" |
|
| 17 | 16 |
) |
| 18 | 17 |
|
| 19 | 18 |
const ( |
| ... | ... |
@@ -54,12 +53,12 @@ func (i *ImageService) remapRootFS(ctx context.Context, mounts []mount.Mount) er |
| 54 | 54 |
return fmt.Errorf("cannot get underlying data for %s", path)
|
| 55 | 55 |
} |
| 56 | 56 |
|
| 57 |
- ids, err := i.idMapping.ToHost(idtools.Identity{UID: int(stat.Uid), GID: int(stat.Gid)})
|
|
| 57 |
+ uid, gid, err := i.idMapping.ToHost(int(stat.Uid), int(stat.Gid)) |
|
| 58 | 58 |
if err != nil {
|
| 59 | 59 |
return err |
| 60 | 60 |
} |
| 61 | 61 |
|
| 62 |
- return chownWithCaps(path, ids.UID, ids.GID) |
|
| 62 |
+ return chownWithCaps(path, uid, gid) |
|
| 63 | 63 |
}) |
| 64 | 64 |
}) |
| 65 | 65 |
} |
| ... | ... |
@@ -82,7 +81,7 @@ func (i *ImageService) copyAndUnremapRootFS(ctx context.Context, dst, src []moun |
| 82 | 82 |
return fmt.Errorf("cannot get underlying data for %s", path)
|
| 83 | 83 |
} |
| 84 | 84 |
|
| 85 |
- uid, gid, err := i.idMapping.ToContainer(idtools.Identity{UID: int(stat.Uid), GID: int(stat.Gid)})
|
|
| 85 |
+ uid, gid, err := i.idMapping.ToContainer(int(stat.Uid), int(stat.Gid)) |
|
| 86 | 86 |
if err != nil {
|
| 87 | 87 |
return err |
| 88 | 88 |
} |
| ... | ... |
@@ -105,7 +104,7 @@ func (i *ImageService) unremapRootFS(ctx context.Context, mounts []mount.Mount) |
| 105 | 105 |
return fmt.Errorf("cannot get underlying data for %s", path)
|
| 106 | 106 |
} |
| 107 | 107 |
|
| 108 |
- uid, gid, err := i.idMapping.ToContainer(idtools.Identity{UID: int(stat.Uid), GID: int(stat.Gid)})
|
|
| 108 |
+ uid, gid, err := i.idMapping.ToContainer(int(stat.Uid), int(stat.Gid)) |
|
| 109 | 109 |
if err != nil {
|
| 110 | 110 |
return err |
| 111 | 111 |
} |
| ... | ... |
@@ -20,7 +20,7 @@ import ( |
| 20 | 20 |
"github.com/docker/docker/daemon/snapshotter" |
| 21 | 21 |
"github.com/docker/docker/distribution" |
| 22 | 22 |
"github.com/docker/docker/errdefs" |
| 23 |
- "github.com/docker/docker/pkg/idtools" |
|
| 23 |
+ "github.com/moby/sys/user" |
|
| 24 | 24 |
"github.com/pkg/errors" |
| 25 | 25 |
) |
| 26 | 26 |
|
| ... | ... |
@@ -37,7 +37,7 @@ type ImageService struct {
|
| 37 | 37 |
eventsService *daemonevents.Events |
| 38 | 38 |
pruneRunning atomic.Bool |
| 39 | 39 |
refCountMounter snapshotter.Mounter |
| 40 |
- idMapping idtools.IdentityMapping |
|
| 40 |
+ idMapping user.IdentityMapping |
|
| 41 | 41 |
|
| 42 | 42 |
// defaultPlatformOverride is used in tests to override the host platform. |
| 43 | 43 |
defaultPlatformOverride platforms.MatchComparer |
| ... | ... |
@@ -51,7 +51,7 @@ type ImageServiceConfig struct {
|
| 51 | 51 |
Registry distribution.RegistryResolver |
| 52 | 52 |
EventsService *daemonevents.Events |
| 53 | 53 |
RefCountMounter snapshotter.Mounter |
| 54 |
- IDMapping idtools.IdentityMapping |
|
| 54 |
+ IDMapping user.IdentityMapping |
|
| 55 | 55 |
} |
| 56 | 56 |
|
| 57 | 57 |
// NewService creates a new ImageService. |
| ... | ... |
@@ -3,6 +3,7 @@ package daemon // import "github.com/docker/docker/daemon" |
| 3 | 3 |
import ( |
| 4 | 4 |
"context" |
| 5 | 5 |
"fmt" |
| 6 |
+ "os" |
|
| 6 | 7 |
"strings" |
| 7 | 8 |
"time" |
| 8 | 9 |
|
| ... | ... |
@@ -19,8 +20,8 @@ import ( |
| 19 | 19 |
"github.com/docker/docker/image" |
| 20 | 20 |
"github.com/docker/docker/internal/metrics" |
| 21 | 21 |
"github.com/docker/docker/internal/multierror" |
| 22 |
- "github.com/docker/docker/pkg/idtools" |
|
| 23 | 22 |
"github.com/docker/docker/runconfig" |
| 23 |
+ "github.com/moby/sys/user" |
|
| 24 | 24 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 25 | 25 |
"github.com/opencontainers/selinux/go-selinux" |
| 26 | 26 |
"github.com/tonistiigi/go-archvariant" |
| ... | ... |
@@ -192,11 +193,12 @@ func (daemon *Daemon) create(ctx context.Context, daemonCfg *config.Config, opts |
| 192 | 192 |
} |
| 193 | 193 |
ctr.RWLayer = rwLayer |
| 194 | 194 |
|
| 195 |
- current := idtools.CurrentIdentity() |
|
| 196 |
- if err := idtools.MkdirAndChown(ctr.Root, 0o710, idtools.Identity{UID: current.UID, GID: daemon.IdentityMapping().RootPair().GID}); err != nil {
|
|
| 195 |
+ cuid := os.Getuid() |
|
| 196 |
+ _, gid := daemon.IdentityMapping().RootPair() |
|
| 197 |
+ if err := user.MkdirAndChown(ctr.Root, 0o710, cuid, gid); err != nil {
|
|
| 197 | 198 |
return nil, err |
| 198 | 199 |
} |
| 199 |
- if err := idtools.MkdirAndChown(ctr.CheckpointDir(), 0o700, current); err != nil {
|
|
| 200 |
+ if err := user.MkdirAndChown(ctr.CheckpointDir(), 0o700, cuid, os.Getegid()); err != nil {
|
|
| 200 | 201 |
return nil, err |
| 201 | 202 |
} |
| 202 | 203 |
|
| ... | ... |
@@ -1072,15 +1072,15 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S |
| 1072 | 1072 |
RegistryHosts: d.RegistryHosts, |
| 1073 | 1073 |
Registry: d.registryService, |
| 1074 | 1074 |
EventsService: d.EventsService, |
| 1075 |
- IDMapping: idtools.FromUserIdentityMapping(idMapping), |
|
| 1076 |
- RefCountMounter: snapshotter.NewMounter(config.Root, driverName, idtools.FromUserIdentityMapping(idMapping)), |
|
| 1075 |
+ IDMapping: idMapping, |
|
| 1076 |
+ RefCountMounter: snapshotter.NewMounter(config.Root, driverName, idMapping), |
|
| 1077 | 1077 |
}) |
| 1078 | 1078 |
} else {
|
| 1079 | 1079 |
layerStore, err := layer.NewStoreFromOptions(layer.StoreOptions{
|
| 1080 | 1080 |
Root: cfgStore.Root, |
| 1081 | 1081 |
GraphDriver: driverName, |
| 1082 | 1082 |
GraphDriverOptions: cfgStore.GraphOptions, |
| 1083 |
- IDMapping: idtools.FromUserIdentityMapping(idMapping), |
|
| 1083 |
+ IDMapping: idMapping, |
|
| 1084 | 1084 |
}) |
| 1085 | 1085 |
if err != nil {
|
| 1086 | 1086 |
return nil, err |
| ... | ... |
@@ -1599,8 +1599,8 @@ func (daemon *Daemon) GetAttachmentStore() *network.AttachmentStore {
|
| 1599 | 1599 |
} |
| 1600 | 1600 |
|
| 1601 | 1601 |
// IdentityMapping returns uid/gid mapping or a SID (in the case of Windows) for the builder |
| 1602 |
-func (daemon *Daemon) IdentityMapping() idtools.IdentityMapping {
|
|
| 1603 |
- return idtools.FromUserIdentityMapping(daemon.idMapping) |
|
| 1602 |
+func (daemon *Daemon) IdentityMapping() user.IdentityMapping {
|
|
| 1603 |
+ return daemon.idMapping |
|
| 1604 | 1604 |
} |
| 1605 | 1605 |
|
| 1606 | 1606 |
// ImageService returns the Daemon's ImageService |
| ... | ... |
@@ -9,9 +9,8 @@ import ( |
| 9 | 9 |
"github.com/docker/docker/api/types/events" |
| 10 | 10 |
"github.com/docker/docker/container" |
| 11 | 11 |
"github.com/docker/docker/errdefs" |
| 12 |
- "github.com/docker/docker/pkg/archive" |
|
| 13 |
- "github.com/docker/docker/pkg/chrootarchive" |
|
| 14 |
- "github.com/docker/docker/pkg/idtools" |
|
| 12 |
+ "github.com/moby/go-archive" |
|
| 13 |
+ "github.com/moby/go-archive/chrootarchive" |
|
| 15 | 14 |
) |
| 16 | 15 |
|
| 17 | 16 |
// ContainerExport writes the contents of the container to the given |
| ... | ... |
@@ -66,7 +65,7 @@ func (daemon *Daemon) containerExport(ctx context.Context, ctr *container.Contai |
| 66 | 66 |
|
| 67 | 67 |
archv, err := chrootarchive.Tar(basefs, &archive.TarOptions{
|
| 68 | 68 |
Compression: archive.Uncompressed, |
| 69 |
- IDMap: idtools.FromUserIdentityMapping(daemon.idMapping), |
|
| 69 |
+ IDMap: daemon.idMapping, |
|
| 70 | 70 |
}, basefs) |
| 71 | 71 |
if err != nil {
|
| 72 | 72 |
return err |
| ... | ... |
@@ -38,9 +38,9 @@ import ( |
| 38 | 38 |
"github.com/docker/docker/daemon/graphdriver" |
| 39 | 39 |
"github.com/docker/docker/daemon/internal/fstype" |
| 40 | 40 |
"github.com/docker/docker/internal/containerfs" |
| 41 |
- "github.com/docker/docker/pkg/idtools" |
|
| 42 | 41 |
"github.com/docker/go-units" |
| 43 | 42 |
"github.com/moby/sys/mount" |
| 43 |
+ "github.com/moby/sys/user" |
|
| 44 | 44 |
"github.com/moby/sys/userns" |
| 45 | 45 |
"github.com/opencontainers/selinux/go-selinux/label" |
| 46 | 46 |
"github.com/pkg/errors" |
| ... | ... |
@@ -58,7 +58,7 @@ type btrfsOptions struct {
|
| 58 | 58 |
|
| 59 | 59 |
// Init returns a new BTRFS driver. |
| 60 | 60 |
// An error is returned if BTRFS is not supported. |
| 61 |
-func Init(home string, options []string, idMap idtools.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 61 |
+func Init(home string, options []string, idMap user.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 62 | 62 |
// Perform feature detection on /var/lib/docker/btrfs if it's an existing directory. |
| 63 | 63 |
// This covers situations where /var/lib/docker/btrfs is a mount, and on a different |
| 64 | 64 |
// filesystem than /var/lib/docker. |
| ... | ... |
@@ -77,13 +77,8 @@ func Init(home string, options []string, idMap idtools.IdentityMapping) (graphdr |
| 77 | 77 |
return nil, graphdriver.ErrPrerequisites |
| 78 | 78 |
} |
| 79 | 79 |
|
| 80 |
- currentID := idtools.CurrentIdentity() |
|
| 81 |
- dirID := idtools.Identity{
|
|
| 82 |
- UID: currentID.UID, |
|
| 83 |
- GID: idMap.RootPair().GID, |
|
| 84 |
- } |
|
| 85 |
- |
|
| 86 |
- if err := idtools.MkdirAllAndChown(home, 0o710, dirID); err != nil {
|
|
| 80 |
+ _, gid := idMap.RootPair() |
|
| 81 |
+ if err := user.MkdirAllAndChown(home, 0o710, os.Getuid(), gid); err != nil {
|
|
| 87 | 82 |
return nil, err |
| 88 | 83 |
} |
| 89 | 84 |
|
| ... | ... |
@@ -144,7 +139,7 @@ func parseOptions(opt []string) (btrfsOptions, bool, error) {
|
| 144 | 144 |
type Driver struct {
|
| 145 | 145 |
// root of the file system |
| 146 | 146 |
home string |
| 147 |
- idMap idtools.IdentityMapping |
|
| 147 |
+ idMap user.IdentityMapping |
|
| 148 | 148 |
options btrfsOptions |
| 149 | 149 |
quotaEnabled bool |
| 150 | 150 |
once sync.Once |
| ... | ... |
@@ -487,15 +482,9 @@ func (d *Driver) CreateReadWrite(id, parent string, opts *graphdriver.CreateOpts |
| 487 | 487 |
func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
|
| 488 | 488 |
quotas := path.Join(d.home, "quotas") |
| 489 | 489 |
subvolumes := path.Join(d.home, "subvolumes") |
| 490 |
- root := d.idMap.RootPair() |
|
| 491 |
- |
|
| 492 |
- currentID := idtools.CurrentIdentity() |
|
| 493 |
- dirID := idtools.Identity{
|
|
| 494 |
- UID: currentID.UID, |
|
| 495 |
- GID: root.GID, |
|
| 496 |
- } |
|
| 497 | 490 |
|
| 498 |
- if err := idtools.MkdirAllAndChown(subvolumes, 0o710, dirID); err != nil {
|
|
| 491 |
+ uid, gid := d.idMap.RootPair() |
|
| 492 |
+ if err := user.MkdirAllAndChown(subvolumes, 0o710, os.Getuid(), gid); err != nil {
|
|
| 499 | 493 |
return err |
| 500 | 494 |
} |
| 501 | 495 |
if parent == "" {
|
| ... | ... |
@@ -530,7 +519,7 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
|
| 530 | 530 |
if err := d.setStorageSize(path.Join(subvolumes, id), driver); err != nil {
|
| 531 | 531 |
return err |
| 532 | 532 |
} |
| 533 |
- if err := idtools.MkdirAllAndChown(quotas, 0o700, idtools.CurrentIdentity()); err != nil {
|
|
| 533 |
+ if err := user.MkdirAllAndChown(quotas, 0o700, os.Getuid(), os.Getegid()); err != nil {
|
|
| 534 | 534 |
return err |
| 535 | 535 |
} |
| 536 | 536 |
if err := os.WriteFile(path.Join(quotas, id), []byte(fmt.Sprint(driver.options.size)), 0o644); err != nil {
|
| ... | ... |
@@ -540,8 +529,8 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
|
| 540 | 540 |
|
| 541 | 541 |
// if we have a remapped root (user namespaces enabled), change the created snapshot |
| 542 | 542 |
// dir ownership to match |
| 543 |
- if root.UID != 0 || root.GID != 0 {
|
|
| 544 |
- if err := root.Chown(path.Join(subvolumes, id)); err != nil {
|
|
| 543 |
+ if uid != 0 || gid != 0 {
|
|
| 544 |
+ if err := os.Chown(path.Join(subvolumes, id), uid, gid); err != nil {
|
|
| 545 | 545 |
return err |
| 546 | 546 |
} |
| 547 | 547 |
} |
| ... | ... |
@@ -9,8 +9,8 @@ import ( |
| 9 | 9 |
"strings" |
| 10 | 10 |
|
| 11 | 11 |
"github.com/containerd/log" |
| 12 |
- "github.com/docker/docker/pkg/archive" |
|
| 13 |
- "github.com/docker/docker/pkg/idtools" |
|
| 12 |
+ "github.com/moby/go-archive" |
|
| 13 |
+ "github.com/moby/sys/user" |
|
| 14 | 14 |
"github.com/pkg/errors" |
| 15 | 15 |
"github.com/vbatts/tar-split/tar/storage" |
| 16 | 16 |
) |
| ... | ... |
@@ -26,7 +26,7 @@ type CreateOpts struct {
|
| 26 | 26 |
} |
| 27 | 27 |
|
| 28 | 28 |
// InitFunc initializes the storage driver. |
| 29 |
-type InitFunc func(root string, options []string, idMap idtools.IdentityMapping) (Driver, error) |
|
| 29 |
+type InitFunc func(root string, options []string, idMap user.IdentityMapping) (Driver, error) |
|
| 30 | 30 |
|
| 31 | 31 |
// ProtoDriver defines the basic capabilities of a driver. |
| 32 | 32 |
// This interface exists solely to be a minimum set of methods |
| ... | ... |
@@ -151,7 +151,7 @@ func getDriver(name string, config Options) (Driver, error) {
|
| 151 | 151 |
type Options struct {
|
| 152 | 152 |
Root string |
| 153 | 153 |
DriverOptions []string |
| 154 |
- IDMap idtools.IdentityMapping |
|
| 154 |
+ IDMap user.IdentityMapping |
|
| 155 | 155 |
ExperimentalEnabled bool |
| 156 | 156 |
} |
| 157 | 157 |
|
| ... | ... |
@@ -6,10 +6,10 @@ import ( |
| 6 | 6 |
"time" |
| 7 | 7 |
|
| 8 | 8 |
"github.com/containerd/log" |
| 9 |
- "github.com/docker/docker/pkg/archive" |
|
| 10 |
- "github.com/docker/docker/pkg/chrootarchive" |
|
| 11 |
- "github.com/docker/docker/pkg/idtools" |
|
| 12 | 9 |
"github.com/docker/docker/pkg/ioutils" |
| 10 |
+ "github.com/moby/go-archive" |
|
| 11 |
+ "github.com/moby/go-archive/chrootarchive" |
|
| 12 |
+ "github.com/moby/sys/user" |
|
| 13 | 13 |
) |
| 14 | 14 |
|
| 15 | 15 |
// ApplyUncompressedLayer defines the unpack method used by the graph |
| ... | ... |
@@ -22,7 +22,7 @@ var ApplyUncompressedLayer = chrootarchive.ApplyUncompressedLayer |
| 22 | 22 |
// on the exported NewNaiveDiffDriver function below. |
| 23 | 23 |
type NaiveDiffDriver struct {
|
| 24 | 24 |
ProtoDriver |
| 25 |
- IDMap idtools.IdentityMapping |
|
| 25 |
+ IDMap user.IdentityMapping |
|
| 26 | 26 |
// If true, allow ApplyDiff to succeed in spite of failures to set |
| 27 | 27 |
// extended attributes on the unpacked files due to the destination |
| 28 | 28 |
// filesystem not supporting them or a lack of permissions. The |
| ... | ... |
@@ -38,7 +38,7 @@ type NaiveDiffDriver struct {
|
| 38 | 38 |
// Changes(id, parent string) ([]archive.Change, error) |
| 39 | 39 |
// ApplyDiff(id, parent string, diff archive.Reader) (size int64, err error) |
| 40 | 40 |
// DiffSize(id, parent string) (size int64, err error) |
| 41 |
-func NewNaiveDiffDriver(driver ProtoDriver, idMap idtools.IdentityMapping) Driver {
|
|
| 41 |
+func NewNaiveDiffDriver(driver ProtoDriver, idMap user.IdentityMapping) Driver {
|
|
| 42 | 42 |
return &NaiveDiffDriver{
|
| 43 | 43 |
ProtoDriver: driver, |
| 44 | 44 |
IDMap: idMap, |
| ... | ... |
@@ -20,12 +20,12 @@ import ( |
| 20 | 20 |
"github.com/docker/docker/daemon/internal/mountref" |
| 21 | 21 |
"github.com/docker/docker/internal/containerfs" |
| 22 | 22 |
"github.com/docker/docker/internal/directory" |
| 23 |
- "github.com/docker/docker/pkg/archive" |
|
| 24 |
- "github.com/docker/docker/pkg/chrootarchive" |
|
| 25 |
- "github.com/docker/docker/pkg/idtools" |
|
| 26 | 23 |
"github.com/docker/docker/pkg/parsers/kernel" |
| 24 |
+ "github.com/moby/go-archive" |
|
| 25 |
+ "github.com/moby/go-archive/chrootarchive" |
|
| 27 | 26 |
"github.com/moby/locker" |
| 28 | 27 |
"github.com/moby/sys/mount" |
| 28 |
+ "github.com/moby/sys/user" |
|
| 29 | 29 |
"github.com/moby/sys/userns" |
| 30 | 30 |
"github.com/opencontainers/selinux/go-selinux/label" |
| 31 | 31 |
"github.com/pkg/errors" |
| ... | ... |
@@ -59,7 +59,7 @@ const ( |
| 59 | 59 |
// mounts that are created using this driver. |
| 60 | 60 |
type Driver struct {
|
| 61 | 61 |
home string |
| 62 |
- idMap idtools.IdentityMapping |
|
| 62 |
+ idMap user.IdentityMapping |
|
| 63 | 63 |
ctr *mountref.Counter |
| 64 | 64 |
naiveDiff graphdriver.DiffDriver |
| 65 | 65 |
locker *locker.Locker |
| ... | ... |
@@ -74,7 +74,7 @@ func init() {
|
| 74 | 74 |
// Init returns the naive diff driver for fuse-overlayfs. |
| 75 | 75 |
// If fuse-overlayfs is not supported on the host, the error |
| 76 | 76 |
// graphdriver.ErrNotSupported is returned. |
| 77 |
-func Init(home string, options []string, idMap idtools.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 77 |
+func Init(home string, options []string, idMap user.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 78 | 78 |
if _, err := exec.LookPath(binary); err != nil {
|
| 79 | 79 |
logger.Error(err) |
| 80 | 80 |
return nil, graphdriver.ErrNotSupported |
| ... | ... |
@@ -83,16 +83,12 @@ func Init(home string, options []string, idMap idtools.IdentityMapping) (graphdr |
| 83 | 83 |
return nil, graphdriver.ErrNotSupported |
| 84 | 84 |
} |
| 85 | 85 |
|
| 86 |
- currentID := idtools.CurrentIdentity() |
|
| 87 |
- dirID := idtools.Identity{
|
|
| 88 |
- UID: currentID.UID, |
|
| 89 |
- GID: idMap.RootPair().GID, |
|
| 90 |
- } |
|
| 91 |
- |
|
| 92 |
- if err := idtools.MkdirAllAndChown(home, 0o710, dirID); err != nil {
|
|
| 86 |
+ cuid := os.Getuid() |
|
| 87 |
+ _, gid := idMap.RootPair() |
|
| 88 |
+ if err := user.MkdirAllAndChown(home, 0o710, cuid, gid); err != nil {
|
|
| 93 | 89 |
return nil, err |
| 94 | 90 |
} |
| 95 |
- if err := idtools.MkdirAllAndChown(path.Join(home, linkDir), 0o700, currentID); err != nil {
|
|
| 91 |
+ if err := user.MkdirAllAndChown(path.Join(home, linkDir), 0o700, cuid, os.Getegid()); err != nil {
|
|
| 96 | 92 |
return nil, err |
| 97 | 93 |
} |
| 98 | 94 |
|
| ... | ... |
@@ -175,12 +171,12 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr |
| 175 | 175 |
|
| 176 | 176 |
func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) {
|
| 177 | 177 |
dir := d.dir(id) |
| 178 |
- root := d.idMap.RootPair() |
|
| 178 |
+ uid, gid := d.idMap.RootPair() |
|
| 179 | 179 |
|
| 180 |
- if err := idtools.MkdirAllAndChown(path.Dir(dir), 0o710, root); err != nil {
|
|
| 180 |
+ if err := user.MkdirAllAndChown(path.Dir(dir), 0o710, uid, gid); err != nil {
|
|
| 181 | 181 |
return err |
| 182 | 182 |
} |
| 183 |
- if err := idtools.MkdirAndChown(dir, 0o710, root); err != nil {
|
|
| 183 |
+ if err := user.MkdirAndChown(dir, 0o710, uid, gid); err != nil {
|
|
| 184 | 184 |
return err |
| 185 | 185 |
} |
| 186 | 186 |
|
| ... | ... |
@@ -195,7 +191,7 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr |
| 195 | 195 |
return fmt.Errorf("--storage-opt is not supported")
|
| 196 | 196 |
} |
| 197 | 197 |
|
| 198 |
- if err := idtools.MkdirAndChown(path.Join(dir, diffDirName), 0o755, root); err != nil {
|
|
| 198 |
+ if err := user.MkdirAndChown(path.Join(dir, diffDirName), 0o755, uid, gid); err != nil {
|
|
| 199 | 199 |
return err |
| 200 | 200 |
} |
| 201 | 201 |
|
| ... | ... |
@@ -214,7 +210,7 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr |
| 214 | 214 |
return nil |
| 215 | 215 |
} |
| 216 | 216 |
|
| 217 |
- if err := idtools.MkdirAndChown(path.Join(dir, workDirName), 0o710, root); err != nil {
|
|
| 217 |
+ if err := user.MkdirAndChown(path.Join(dir, workDirName), 0o710, uid, gid); err != nil {
|
|
| 218 | 218 |
return err |
| 219 | 219 |
} |
| 220 | 220 |
|
| ... | ... |
@@ -367,7 +363,8 @@ func (d *Driver) Get(id, mountLabel string) (_ string, retErr error) {
|
| 367 | 367 |
mountData := label.FormatMountLabel(opts, mountLabel) |
| 368 | 368 |
mountTarget := mergedDir |
| 369 | 369 |
|
| 370 |
- if err := idtools.MkdirAndChown(mergedDir, 0o700, d.idMap.RootPair()); err != nil {
|
|
| 370 |
+ uid, gid := d.idMap.RootPair() |
|
| 371 |
+ if err := user.MkdirAndChown(mergedDir, 0o700, uid, gid); err != nil {
|
|
| 371 | 372 |
return "", err |
| 372 | 373 |
} |
| 373 | 374 |
|
| ... | ... |
@@ -22,14 +22,14 @@ import ( |
| 22 | 22 |
"github.com/docker/docker/daemon/internal/mountref" |
| 23 | 23 |
"github.com/docker/docker/internal/containerfs" |
| 24 | 24 |
"github.com/docker/docker/internal/directory" |
| 25 |
- "github.com/docker/docker/pkg/archive" |
|
| 26 |
- "github.com/docker/docker/pkg/chrootarchive" |
|
| 27 |
- "github.com/docker/docker/pkg/idtools" |
|
| 28 | 25 |
"github.com/docker/docker/quota" |
| 29 | 26 |
"github.com/docker/go-units" |
| 27 |
+ "github.com/moby/go-archive" |
|
| 28 |
+ "github.com/moby/go-archive/chrootarchive" |
|
| 30 | 29 |
"github.com/moby/locker" |
| 31 | 30 |
"github.com/moby/sys/atomicwriter" |
| 32 | 31 |
"github.com/moby/sys/mount" |
| 32 |
+ "github.com/moby/sys/user" |
|
| 33 | 33 |
"github.com/moby/sys/userns" |
| 34 | 34 |
"github.com/opencontainers/selinux/go-selinux/label" |
| 35 | 35 |
"golang.org/x/sys/unix" |
| ... | ... |
@@ -92,7 +92,7 @@ type overlayOptions struct {
|
| 92 | 92 |
// mounts that are created using this driver. |
| 93 | 93 |
type Driver struct {
|
| 94 | 94 |
home string |
| 95 |
- idMap idtools.IdentityMapping |
|
| 95 |
+ idMap user.IdentityMapping |
|
| 96 | 96 |
ctr *mountref.Counter |
| 97 | 97 |
quotaCtl *quota.Control |
| 98 | 98 |
options overlayOptions |
| ... | ... |
@@ -123,7 +123,7 @@ func init() {
|
| 123 | 123 |
// graphdriver.ErrNotSupported is returned. |
| 124 | 124 |
// If an overlay filesystem is not supported over an existing filesystem then |
| 125 | 125 |
// the error graphdriver.ErrIncompatibleFS is returned. |
| 126 |
-func Init(home string, options []string, idMap idtools.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 126 |
+func Init(home string, options []string, idMap user.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 127 | 127 |
opts, err := parseOptions(options) |
| 128 | 128 |
if err != nil {
|
| 129 | 129 |
return nil, err |
| ... | ... |
@@ -164,15 +164,12 @@ func Init(home string, options []string, idMap idtools.IdentityMapping) (graphdr |
| 164 | 164 |
return nil, err |
| 165 | 165 |
} |
| 166 | 166 |
|
| 167 |
- cur := idtools.CurrentIdentity() |
|
| 168 |
- dirID := idtools.Identity{
|
|
| 169 |
- UID: cur.UID, |
|
| 170 |
- GID: idMap.RootPair().GID, |
|
| 171 |
- } |
|
| 172 |
- if err := idtools.MkdirAllAndChown(home, 0o710, dirID); err != nil {
|
|
| 167 |
+ cuid := os.Getuid() |
|
| 168 |
+ _, gid := idMap.RootPair() |
|
| 169 |
+ if err := user.MkdirAllAndChown(home, 0o710, cuid, gid); err != nil {
|
|
| 173 | 170 |
return nil, err |
| 174 | 171 |
} |
| 175 |
- if err := idtools.MkdirAllAndChown(path.Join(home, linkDir), 0o700, cur); err != nil {
|
|
| 172 |
+ if err := user.MkdirAllAndChown(path.Join(home, linkDir), 0o700, cuid, os.Getegid()); err != nil {
|
|
| 176 | 173 |
return nil, err |
| 177 | 174 |
} |
| 178 | 175 |
|
| ... | ... |
@@ -348,16 +345,12 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) (retErr |
| 348 | 348 |
func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr error) {
|
| 349 | 349 |
dir := d.dir(id) |
| 350 | 350 |
|
| 351 |
- root := d.idMap.RootPair() |
|
| 352 |
- dirID := idtools.Identity{
|
|
| 353 |
- UID: idtools.CurrentIdentity().UID, |
|
| 354 |
- GID: root.GID, |
|
| 355 |
- } |
|
| 356 |
- |
|
| 357 |
- if err := idtools.MkdirAllAndChown(path.Dir(dir), 0o710, dirID); err != nil {
|
|
| 351 |
+ cuid := os.Getuid() |
|
| 352 |
+ uid, gid := d.idMap.RootPair() |
|
| 353 |
+ if err := user.MkdirAllAndChown(path.Dir(dir), 0o710, cuid, gid); err != nil {
|
|
| 358 | 354 |
return err |
| 359 | 355 |
} |
| 360 |
- if err := idtools.MkdirAndChown(dir, 0o710, dirID); err != nil {
|
|
| 356 |
+ if err := user.MkdirAndChown(dir, 0o710, cuid, gid); err != nil {
|
|
| 361 | 357 |
return err |
| 362 | 358 |
} |
| 363 | 359 |
|
| ... | ... |
@@ -382,7 +375,7 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr |
| 382 | 382 |
} |
| 383 | 383 |
} |
| 384 | 384 |
|
| 385 |
- if err := idtools.MkdirAndChown(path.Join(dir, diffDirName), 0o755, root); err != nil {
|
|
| 385 |
+ if err := user.MkdirAndChown(path.Join(dir, diffDirName), 0o755, uid, gid); err != nil {
|
|
| 386 | 386 |
return err |
| 387 | 387 |
} |
| 388 | 388 |
|
| ... | ... |
@@ -401,7 +394,7 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts) (retErr |
| 401 | 401 |
return nil |
| 402 | 402 |
} |
| 403 | 403 |
|
| 404 |
- if err := idtools.MkdirAndChown(path.Join(dir, workDirName), 0o700, root); err != nil {
|
|
| 404 |
+ if err := user.MkdirAndChown(path.Join(dir, workDirName), 0o700, uid, gid); err != nil {
|
|
| 405 | 405 |
return err |
| 406 | 406 |
} |
| 407 | 407 |
|
| ... | ... |
@@ -573,8 +566,8 @@ func (d *Driver) Get(id, mountLabel string) (_ string, retErr error) {
|
| 573 | 573 |
mount := unix.Mount |
| 574 | 574 |
mountTarget := mergedDir |
| 575 | 575 |
|
| 576 |
- root := d.idMap.RootPair() |
|
| 577 |
- if err := idtools.MkdirAndChown(mergedDir, 0o700, root); err != nil {
|
|
| 576 |
+ uid, gid := d.idMap.RootPair() |
|
| 577 |
+ if err := user.MkdirAndChown(mergedDir, 0o700, uid, gid); err != nil {
|
|
| 578 | 578 |
return "", err |
| 579 | 579 |
} |
| 580 | 580 |
|
| ... | ... |
@@ -608,7 +601,7 @@ func (d *Driver) Get(id, mountLabel string) (_ string, retErr error) {
|
| 608 | 608 |
if !readonly {
|
| 609 | 609 |
// chown "workdir/work" to the remapped root UID/GID. Overlay fs inside a |
| 610 | 610 |
// user namespace requires this to move a directory from lower to upper. |
| 611 |
- if err := root.Chown(path.Join(workDir, workDirName)); err != nil {
|
|
| 611 |
+ if err := os.Chown(path.Join(workDir, workDirName), uid, gid); err != nil {
|
|
| 612 | 612 |
return "", err |
| 613 | 613 |
} |
| 614 | 614 |
} |
| ... | ... |
@@ -3,10 +3,10 @@ |
| 3 | 3 |
package vfs // import "github.com/docker/docker/daemon/graphdriver/vfs" |
| 4 | 4 |
|
| 5 | 5 |
import ( |
| 6 |
- "github.com/docker/docker/pkg/chrootarchive" |
|
| 7 |
- "github.com/docker/docker/pkg/idtools" |
|
| 6 |
+ "github.com/moby/go-archive/chrootarchive" |
|
| 7 |
+ "github.com/moby/sys/user" |
|
| 8 | 8 |
) |
| 9 | 9 |
|
| 10 | 10 |
func dirCopy(srcDir, dstDir string) error {
|
| 11 |
- return chrootarchive.NewArchiver(idtools.IdentityMapping{}).CopyWithTar(srcDir, dstDir)
|
|
| 11 |
+ return chrootarchive.NewArchiver(user.IdentityMapping{}).CopyWithTar(srcDir, dstDir)
|
|
| 12 | 12 |
} |
| ... | ... |
@@ -8,9 +8,9 @@ import ( |
| 8 | 8 |
"github.com/docker/docker/daemon/graphdriver" |
| 9 | 9 |
"github.com/docker/docker/errdefs" |
| 10 | 10 |
"github.com/docker/docker/internal/containerfs" |
| 11 |
- "github.com/docker/docker/pkg/idtools" |
|
| 12 | 11 |
"github.com/docker/docker/quota" |
| 13 | 12 |
"github.com/docker/go-units" |
| 13 |
+ "github.com/moby/sys/user" |
|
| 14 | 14 |
"github.com/opencontainers/selinux/go-selinux/label" |
| 15 | 15 |
"github.com/pkg/errors" |
| 16 | 16 |
) |
| ... | ... |
@@ -29,7 +29,7 @@ func init() {
|
| 29 | 29 |
|
| 30 | 30 |
// Init returns a new VFS driver. |
| 31 | 31 |
// This sets the home directory for the driver and returns NaiveDiffDriver. |
| 32 |
-func Init(home string, options []string, idMap idtools.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 32 |
+func Init(home string, options []string, idMap user.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 33 | 33 |
d := &Driver{
|
| 34 | 34 |
home: home, |
| 35 | 35 |
idMapping: idMap, |
| ... | ... |
@@ -39,11 +39,8 @@ func Init(home string, options []string, idMap idtools.IdentityMapping) (graphdr |
| 39 | 39 |
return nil, err |
| 40 | 40 |
} |
| 41 | 41 |
|
| 42 |
- dirID := idtools.Identity{
|
|
| 43 |
- UID: idtools.CurrentIdentity().UID, |
|
| 44 |
- GID: d.idMapping.RootPair().GID, |
|
| 45 |
- } |
|
| 46 |
- if err := idtools.MkdirAllAndChown(home, 0o710, dirID); err != nil {
|
|
| 42 |
+ _, gid := d.idMapping.RootPair() |
|
| 43 |
+ if err := user.MkdirAllAndChown(home, 0o710, os.Getuid(), gid); err != nil {
|
|
| 47 | 44 |
return nil, err |
| 48 | 45 |
} |
| 49 | 46 |
|
| ... | ... |
@@ -67,7 +64,7 @@ func Init(home string, options []string, idMap idtools.IdentityMapping) (graphdr |
| 67 | 67 |
type Driver struct {
|
| 68 | 68 |
driverQuota |
| 69 | 69 |
home string |
| 70 |
- idMapping idtools.IdentityMapping |
|
| 70 |
+ idMapping user.IdentityMapping |
|
| 71 | 71 |
bestEffortXattrs bool |
| 72 | 72 |
} |
| 73 | 73 |
|
| ... | ... |
@@ -161,16 +158,12 @@ func (d *Driver) Create(id, parent string, opts *graphdriver.CreateOpts) error {
|
| 161 | 161 |
|
| 162 | 162 |
func (d *Driver) create(id, parent string, size uint64) error {
|
| 163 | 163 |
dir := d.dir(id) |
| 164 |
- rootIDs := d.idMapping.RootPair() |
|
| 164 |
+ uid, gid := d.idMapping.RootPair() |
|
| 165 | 165 |
|
| 166 |
- dirID := idtools.Identity{
|
|
| 167 |
- UID: idtools.CurrentIdentity().UID, |
|
| 168 |
- GID: rootIDs.GID, |
|
| 169 |
- } |
|
| 170 |
- if err := idtools.MkdirAllAndChown(filepath.Dir(dir), 0o710, dirID); err != nil {
|
|
| 166 |
+ if err := user.MkdirAllAndChown(filepath.Dir(dir), 0o710, os.Getuid(), gid); err != nil {
|
|
| 171 | 167 |
return err |
| 172 | 168 |
} |
| 173 |
- if err := idtools.MkdirAndChown(dir, 0o755, rootIDs); err != nil {
|
|
| 169 |
+ if err := user.MkdirAndChown(dir, 0o755, uid, gid); err != nil {
|
|
| 174 | 170 |
return err |
| 175 | 171 |
} |
| 176 | 172 |
|
| ... | ... |
@@ -27,12 +27,12 @@ import ( |
| 27 | 27 |
"github.com/containerd/log" |
| 28 | 28 |
"github.com/docker/docker/daemon/graphdriver" |
| 29 | 29 |
"github.com/docker/docker/daemon/internal/mountref" |
| 30 |
- "github.com/docker/docker/pkg/archive" |
|
| 31 |
- "github.com/docker/docker/pkg/idtools" |
|
| 32 | 30 |
"github.com/docker/docker/pkg/ioutils" |
| 33 | 31 |
"github.com/docker/docker/pkg/longpath" |
| 34 | 32 |
"github.com/docker/go-units" |
| 33 |
+ "github.com/moby/go-archive" |
|
| 35 | 34 |
"github.com/moby/sys/reexec" |
| 35 |
+ "github.com/moby/sys/user" |
|
| 36 | 36 |
"github.com/pkg/errors" |
| 37 | 37 |
"golang.org/x/sys/windows" |
| 38 | 38 |
) |
| ... | ... |
@@ -89,7 +89,7 @@ type Driver struct {
|
| 89 | 89 |
} |
| 90 | 90 |
|
| 91 | 91 |
// InitFilter returns a new Windows storage filter driver. |
| 92 |
-func InitFilter(home string, options []string, _ idtools.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 92 |
+func InitFilter(home string, options []string, _ user.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 93 | 93 |
log.G(context.TODO()).Debugf("WindowsGraphDriver InitFilter at %s", home)
|
| 94 | 94 |
|
| 95 | 95 |
fsType, err := winiofs.GetFileSystemType(home) |
| ... | ... |
@@ -16,11 +16,11 @@ import ( |
| 16 | 16 |
"github.com/containerd/log" |
| 17 | 17 |
"github.com/docker/docker/daemon/graphdriver" |
| 18 | 18 |
"github.com/docker/docker/daemon/internal/mountref" |
| 19 |
- "github.com/docker/docker/pkg/idtools" |
|
| 20 | 19 |
zfs "github.com/mistifyio/go-zfs/v3" |
| 21 | 20 |
"github.com/moby/locker" |
| 22 | 21 |
"github.com/moby/sys/mount" |
| 23 | 22 |
"github.com/moby/sys/mountinfo" |
| 23 |
+ "github.com/moby/sys/user" |
|
| 24 | 24 |
"github.com/opencontainers/selinux/go-selinux/label" |
| 25 | 25 |
"github.com/pkg/errors" |
| 26 | 26 |
"golang.org/x/sys/unix" |
| ... | ... |
@@ -46,7 +46,7 @@ func (*Logger) Log(cmd []string) {
|
| 46 | 46 |
// Init returns a new ZFS driver. |
| 47 | 47 |
// It takes base mount path and an array of options which are represented as key value pairs. |
| 48 | 48 |
// Each option is in the for key=value. 'zfs.fsname' is expected to be a valid key in the options. |
| 49 |
-func Init(base string, opt []string, idMap idtools.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 49 |
+func Init(base string, opt []string, idMap user.IdentityMapping) (graphdriver.Driver, error) {
|
|
| 50 | 50 |
var err error |
| 51 | 51 |
|
| 52 | 52 |
logger := log.G(context.TODO()).WithField("storage-driver", "zfs")
|
| ... | ... |
@@ -105,11 +105,8 @@ func Init(base string, opt []string, idMap idtools.IdentityMapping) (graphdriver |
| 105 | 105 |
return nil, fmt.Errorf("BUG: zfs get all -t filesystem -rHp '%s' should contain '%s'", options.fsName, options.fsName)
|
| 106 | 106 |
} |
| 107 | 107 |
|
| 108 |
- dirID := idtools.Identity{
|
|
| 109 |
- UID: idtools.CurrentIdentity().UID, |
|
| 110 |
- GID: idMap.RootPair().GID, |
|
| 111 |
- } |
|
| 112 |
- if err := idtools.MkdirAllAndChown(base, 0o710, dirID); err != nil {
|
|
| 108 |
+ _, gid := idMap.RootPair() |
|
| 109 |
+ if err := user.MkdirAllAndChown(base, 0o710, os.Getuid(), gid); err != nil {
|
|
| 113 | 110 |
return nil, fmt.Errorf("Failed to create '%s': %v", base, err)
|
| 114 | 111 |
} |
| 115 | 112 |
|
| ... | ... |
@@ -181,7 +178,7 @@ type Driver struct {
|
| 181 | 181 |
options zfsOptions |
| 182 | 182 |
sync.Mutex // protects filesystem cache against concurrent access |
| 183 | 183 |
filesystemsCache map[string]bool |
| 184 |
- idMap idtools.IdentityMapping |
|
| 184 |
+ idMap user.IdentityMapping |
|
| 185 | 185 |
ctr *mountref.Counter |
| 186 | 186 |
locker *locker.Locker |
| 187 | 187 |
} |
| ... | ... |
@@ -404,9 +401,9 @@ func (d *Driver) Get(id, mountLabel string) (_ string, retErr error) {
|
| 404 | 404 |
options := label.FormatMountLabel("", mountLabel)
|
| 405 | 405 |
log.G(context.TODO()).WithField("storage-driver", "zfs").Debugf(`mount("%s", "%s", "%s")`, filesystem, mountpoint, options)
|
| 406 | 406 |
|
| 407 |
- root := d.idMap.RootPair() |
|
| 407 |
+ uid, gid := d.idMap.RootPair() |
|
| 408 | 408 |
// Create the target directories if they don't exist |
| 409 |
- if err := idtools.MkdirAllAndChown(mountpoint, 0o755, root); err != nil {
|
|
| 409 |
+ if err := user.MkdirAllAndChown(mountpoint, 0o755, uid, gid); err != nil {
|
|
| 410 | 410 |
return "", err |
| 411 | 411 |
} |
| 412 | 412 |
|
| ... | ... |
@@ -416,7 +413,7 @@ func (d *Driver) Get(id, mountLabel string) (_ string, retErr error) {
|
| 416 | 416 |
|
| 417 | 417 |
// this could be our first mount after creation of the filesystem, and the root dir may still have root |
| 418 | 418 |
// permissions instead of the remapped root uid:gid (if user namespaces are enabled): |
| 419 |
- if err := root.Chown(mountpoint); err != nil {
|
|
| 419 |
+ if err := os.Chown(mountpoint, uid, gid); err != nil {
|
|
| 420 | 420 |
return "", fmt.Errorf("error modifying zfs mountpoint (%s) directory ownership: %v", mountpoint, err)
|
| 421 | 421 |
} |
| 422 | 422 |
|
| ... | ... |
@@ -15,7 +15,7 @@ import ( |
| 15 | 15 |
"github.com/docker/docker/daemon/images" |
| 16 | 16 |
"github.com/docker/docker/image" |
| 17 | 17 |
"github.com/docker/docker/layer" |
| 18 |
- "github.com/docker/docker/pkg/archive" |
|
| 18 |
+ "github.com/moby/go-archive" |
|
| 19 | 19 |
"github.com/opencontainers/go-digest" |
| 20 | 20 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 21 | 21 |
) |
| ... | ... |
@@ -7,7 +7,7 @@ import ( |
| 7 | 7 |
|
| 8 | 8 |
"github.com/docker/docker/container" |
| 9 | 9 |
"github.com/docker/docker/layer" |
| 10 |
- "github.com/docker/docker/pkg/archive" |
|
| 10 |
+ "github.com/moby/go-archive" |
|
| 11 | 11 |
) |
| 12 | 12 |
|
| 13 | 13 |
func (i *ImageService) Changes(ctx context.Context, container *container.Container) ([]archive.Change, error) {
|
| ... | ... |
@@ -15,7 +15,7 @@ import ( |
| 15 | 15 |
"github.com/docker/docker/errdefs" |
| 16 | 16 |
"github.com/docker/docker/image" |
| 17 | 17 |
"github.com/docker/docker/layer" |
| 18 |
- "github.com/docker/docker/pkg/archive" |
|
| 18 |
+ "github.com/moby/go-archive" |
|
| 19 | 19 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 20 | 20 |
) |
| 21 | 21 |
|
| ... | ... |
@@ -8,9 +8,9 @@ import ( |
| 8 | 8 |
"github.com/containerd/containerd/v2/core/mount" |
| 9 | 9 |
"github.com/containerd/log" |
| 10 | 10 |
"github.com/docker/docker/daemon/internal/mountref" |
| 11 |
- "github.com/docker/docker/pkg/idtools" |
|
| 12 | 11 |
"github.com/moby/locker" |
| 13 | 12 |
"github.com/moby/sys/mountinfo" |
| 13 |
+ "github.com/moby/sys/user" |
|
| 14 | 14 |
) |
| 15 | 15 |
|
| 16 | 16 |
// Mounter handles mounting/unmounting things coming in from a snapshotter |
| ... | ... |
@@ -25,7 +25,7 @@ type Mounter interface {
|
| 25 | 25 |
} |
| 26 | 26 |
|
| 27 | 27 |
// NewMounter creates a new mounter for the provided snapshotter |
| 28 |
-func NewMounter(home string, snapshotter string, idMap idtools.IdentityMapping) *refCountMounter {
|
|
| 28 |
+func NewMounter(home string, snapshotter string, idMap user.IdentityMapping) *refCountMounter {
|
|
| 29 | 29 |
return &refCountMounter{
|
| 30 | 30 |
base: mounter{
|
| 31 | 31 |
home: home, |
| ... | ... |
@@ -113,20 +113,17 @@ func (m *refCountMounter) Mounted(containerID string) (string, error) {
|
| 113 | 113 |
type mounter struct {
|
| 114 | 114 |
home string |
| 115 | 115 |
snapshotter string |
| 116 |
- idMap idtools.IdentityMapping |
|
| 116 |
+ idMap user.IdentityMapping |
|
| 117 | 117 |
} |
| 118 | 118 |
|
| 119 | 119 |
func (m mounter) Mount(mounts []mount.Mount, containerID string) (string, error) {
|
| 120 | 120 |
target := m.target(containerID) |
| 121 | 121 |
|
| 122 |
- root := m.idMap.RootPair() |
|
| 123 |
- if err := idtools.MkdirAllAndChown(filepath.Dir(target), 0o710, idtools.Identity{
|
|
| 124 |
- UID: idtools.CurrentIdentity().UID, |
|
| 125 |
- GID: root.GID, |
|
| 126 |
- }); err != nil {
|
|
| 122 |
+ uid, gid := m.idMap.RootPair() |
|
| 123 |
+ if err := user.MkdirAllAndChown(filepath.Dir(target), 0o710, os.Getuid(), gid); err != nil {
|
|
| 127 | 124 |
return "", err |
| 128 | 125 |
} |
| 129 |
- if err := idtools.MkdirAllAndChown(target, 0o710, root); err != nil {
|
|
| 126 |
+ if err := user.MkdirAllAndChown(target, 0o710, uid, gid); err != nil {
|
|
| 130 | 127 |
return "", err |
| 131 | 128 |
} |
| 132 | 129 |
|
| ... | ... |
@@ -11,9 +11,9 @@ import ( |
| 11 | 11 |
"github.com/docker/distribution" |
| 12 | 12 |
"github.com/docker/docker/image" |
| 13 | 13 |
"github.com/docker/docker/layer" |
| 14 |
- "github.com/docker/docker/pkg/archive" |
|
| 15 | 14 |
"github.com/docker/docker/pkg/ioutils" |
| 16 | 15 |
"github.com/docker/docker/pkg/progress" |
| 16 |
+ "github.com/moby/go-archive" |
|
| 17 | 17 |
) |
| 18 | 18 |
|
| 19 | 19 |
const maxDownloadAttempts = 5 |
| ... | ... |
@@ -20,11 +20,11 @@ import ( |
| 20 | 20 |
v1 "github.com/docker/docker/image/v1" |
| 21 | 21 |
"github.com/docker/docker/internal/ioutils" |
| 22 | 22 |
"github.com/docker/docker/layer" |
| 23 |
- "github.com/docker/docker/pkg/archive" |
|
| 24 |
- "github.com/docker/docker/pkg/chrootarchive" |
|
| 25 | 23 |
"github.com/docker/docker/pkg/progress" |
| 26 | 24 |
"github.com/docker/docker/pkg/streamformatter" |
| 27 | 25 |
"github.com/docker/docker/pkg/stringid" |
| 26 |
+ "github.com/moby/go-archive" |
|
| 27 |
+ "github.com/moby/go-archive/chrootarchive" |
|
| 28 | 28 |
"github.com/moby/sys/sequential" |
| 29 | 29 |
"github.com/moby/sys/symlink" |
| 30 | 30 |
"github.com/opencontainers/go-digest" |
| ... | ... |
@@ -21,8 +21,8 @@ import ( |
| 21 | 21 |
v1 "github.com/docker/docker/image/v1" |
| 22 | 22 |
"github.com/docker/docker/internal/ioutils" |
| 23 | 23 |
"github.com/docker/docker/layer" |
| 24 |
- "github.com/docker/docker/pkg/archive" |
|
| 25 | 24 |
"github.com/docker/docker/pkg/system" |
| 25 |
+ "github.com/moby/go-archive" |
|
| 26 | 26 |
"github.com/moby/sys/sequential" |
| 27 | 27 |
"github.com/opencontainers/go-digest" |
| 28 | 28 |
"github.com/opencontainers/image-spec/specs-go" |
| ... | ... |
@@ -20,12 +20,12 @@ import ( |
| 20 | 20 |
"github.com/docker/docker/api/types/versions" |
| 21 | 21 |
"github.com/docker/docker/integration-cli/cli" |
| 22 | 22 |
"github.com/docker/docker/integration-cli/cli/build" |
| 23 |
- "github.com/docker/docker/pkg/archive" |
|
| 24 | 23 |
"github.com/docker/docker/testutil" |
| 25 | 24 |
"github.com/docker/docker/testutil/fakecontext" |
| 26 | 25 |
"github.com/docker/docker/testutil/fakegit" |
| 27 | 26 |
"github.com/docker/docker/testutil/fakestorage" |
| 28 | 27 |
"github.com/moby/buildkit/frontend/dockerfile/command" |
| 28 |
+ "github.com/moby/go-archive" |
|
| 29 | 29 |
"github.com/opencontainers/go-digest" |
| 30 | 30 |
"gotest.tools/v3/assert" |
| 31 | 31 |
is "gotest.tools/v3/assert/cmp" |
| ... | ... |
@@ -20,8 +20,8 @@ import ( |
| 20 | 20 |
"github.com/docker/docker/integration-cli/cli" |
| 21 | 21 |
"github.com/docker/docker/integration-cli/daemon" |
| 22 | 22 |
"github.com/docker/docker/internal/testutils/specialimage" |
| 23 |
- "github.com/docker/docker/pkg/archive" |
|
| 24 | 23 |
"github.com/docker/docker/testutil" |
| 24 |
+ "github.com/moby/go-archive" |
|
| 25 | 25 |
"gotest.tools/v3/assert" |
| 26 | 26 |
is "gotest.tools/v3/assert/cmp" |
| 27 | 27 |
"gotest.tools/v3/icmd" |
| ... | ... |
@@ -15,9 +15,9 @@ import ( |
| 15 | 15 |
containertypes "github.com/docker/docker/api/types/container" |
| 16 | 16 |
"github.com/docker/docker/errdefs" |
| 17 | 17 |
"github.com/docker/docker/integration/internal/container" |
| 18 |
- "github.com/docker/docker/pkg/archive" |
|
| 19 | 18 |
"github.com/docker/docker/pkg/jsonmessage" |
| 20 | 19 |
"github.com/docker/docker/testutil/fakecontext" |
| 20 |
+ "github.com/moby/go-archive" |
|
| 21 | 21 |
"gotest.tools/v3/assert" |
| 22 | 22 |
is "gotest.tools/v3/assert/cmp" |
| 23 | 23 |
"gotest.tools/v3/skip" |
| ... | ... |
@@ -7,7 +7,7 @@ import ( |
| 7 | 7 |
|
| 8 | 8 |
containertypes "github.com/docker/docker/api/types/container" |
| 9 | 9 |
"github.com/docker/docker/integration/internal/container" |
| 10 |
- "github.com/docker/docker/pkg/archive" |
|
| 10 |
+ "github.com/moby/go-archive" |
|
| 11 | 11 |
"golang.org/x/sys/unix" |
| 12 | 12 |
"gotest.tools/v3/assert" |
| 13 | 13 |
"gotest.tools/v3/skip" |
| ... | ... |
@@ -22,8 +22,8 @@ import ( |
| 22 | 22 |
"github.com/docker/docker/integration/internal/container" |
| 23 | 23 |
"github.com/docker/docker/internal/testutils" |
| 24 | 24 |
"github.com/docker/docker/internal/testutils/specialimage" |
| 25 |
- "github.com/docker/docker/pkg/archive" |
|
| 26 | 25 |
"github.com/docker/docker/testutil/fakecontext" |
| 26 |
+ "github.com/moby/go-archive" |
|
| 27 | 27 |
"github.com/opencontainers/go-digest" |
| 28 | 28 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 29 | 29 |
"gotest.tools/v3/assert" |
| ... | ... |
@@ -21,10 +21,10 @@ import ( |
| 21 | 21 |
"github.com/docker/docker/api/types/image" |
| 22 | 22 |
"github.com/docker/docker/client" |
| 23 | 23 |
"github.com/docker/docker/integration/internal/container" |
| 24 |
- "github.com/docker/docker/pkg/archive" |
|
| 25 | 24 |
"github.com/docker/docker/pkg/authorization" |
| 26 | 25 |
"github.com/docker/docker/testutil/environment" |
| 27 | 26 |
"github.com/docker/go-connections/sockets" |
| 27 |
+ "github.com/moby/go-archive" |
|
| 28 | 28 |
"gotest.tools/v3/assert" |
| 29 | 29 |
"gotest.tools/v3/skip" |
| 30 | 30 |
) |
| ... | ... |
@@ -10,8 +10,8 @@ import ( |
| 10 | 10 |
"testing" |
| 11 | 11 |
|
| 12 | 12 |
"github.com/docker/docker/client" |
| 13 |
- "github.com/docker/docker/pkg/archive" |
|
| 14 | 13 |
"github.com/docker/docker/pkg/jsonmessage" |
| 14 |
+ "github.com/moby/go-archive" |
|
| 15 | 15 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 16 | 16 |
"gotest.tools/v3/assert" |
| 17 | 17 |
) |
| ... | ... |
@@ -9,8 +9,8 @@ import ( |
| 9 | 9 |
|
| 10 | 10 |
"github.com/containerd/platforms" |
| 11 | 11 |
"github.com/distribution/reference" |
| 12 |
- "github.com/docker/docker/pkg/archive" |
|
| 13 | 12 |
"github.com/google/uuid" |
| 13 |
+ "github.com/moby/go-archive" |
|
| 14 | 14 |
"github.com/opencontainers/go-digest" |
| 15 | 15 |
"github.com/opencontainers/image-spec/specs-go" |
| 16 | 16 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| ... | ... |
@@ -12,9 +12,9 @@ import ( |
| 12 | 12 |
"github.com/containerd/log" |
| 13 | 13 |
"github.com/docker/distribution" |
| 14 | 14 |
"github.com/docker/docker/daemon/graphdriver" |
| 15 |
- "github.com/docker/docker/pkg/idtools" |
|
| 16 | 15 |
"github.com/docker/docker/pkg/stringid" |
| 17 | 16 |
"github.com/moby/locker" |
| 17 |
+ "github.com/moby/sys/user" |
|
| 18 | 18 |
"github.com/opencontainers/go-digest" |
| 19 | 19 |
"github.com/vbatts/tar-split/tar/asm" |
| 20 | 20 |
"github.com/vbatts/tar-split/tar/storage" |
| ... | ... |
@@ -46,7 +46,7 @@ type StoreOptions struct {
|
| 46 | 46 |
Root string |
| 47 | 47 |
GraphDriver string |
| 48 | 48 |
GraphDriverOptions []string |
| 49 |
- IDMapping idtools.IdentityMapping |
|
| 49 |
+ IDMapping user.IdentityMapping |
|
| 50 | 50 |
} |
| 51 | 51 |
|
| 52 | 52 |
// NewStoreFromOptions creates a new Store instance |
| ... | ... |
@@ -13,9 +13,9 @@ import ( |
| 13 | 13 |
"github.com/containerd/continuity/driver" |
| 14 | 14 |
"github.com/docker/docker/daemon/graphdriver" |
| 15 | 15 |
"github.com/docker/docker/daemon/graphdriver/vfs" |
| 16 |
- "github.com/docker/docker/pkg/archive" |
|
| 17 |
- "github.com/docker/docker/pkg/idtools" |
|
| 18 | 16 |
"github.com/docker/docker/pkg/stringid" |
| 17 |
+ "github.com/moby/go-archive" |
|
| 18 |
+ "github.com/moby/sys/user" |
|
| 19 | 19 |
"github.com/opencontainers/go-digest" |
| 20 | 20 |
) |
| 21 | 21 |
|
| ... | ... |
@@ -28,16 +28,16 @@ func init() {
|
| 28 | 28 |
func newVFSGraphDriver(td string) (graphdriver.Driver, error) {
|
| 29 | 29 |
return graphdriver.New("vfs", graphdriver.Options{
|
| 30 | 30 |
Root: td, |
| 31 |
- IDMap: idtools.IdentityMapping{
|
|
| 32 |
- UIDMaps: []idtools.IDMap{{
|
|
| 33 |
- ContainerID: 0, |
|
| 34 |
- HostID: os.Getuid(), |
|
| 35 |
- Size: 1, |
|
| 31 |
+ IDMap: user.IdentityMapping{
|
|
| 32 |
+ UIDMaps: []user.IDMap{{
|
|
| 33 |
+ ID: 0, |
|
| 34 |
+ ParentID: int64(os.Getuid()), |
|
| 35 |
+ Count: 1, |
|
| 36 | 36 |
}}, |
| 37 |
- GIDMaps: []idtools.IDMap{{
|
|
| 38 |
- ContainerID: 0, |
|
| 39 |
- HostID: os.Getgid(), |
|
| 40 |
- Size: 1, |
|
| 37 |
+ GIDMaps: []user.IDMap{{
|
|
| 38 |
+ ID: 0, |
|
| 39 |
+ ParentID: int64(os.Getgid()), |
|
| 40 |
+ Count: 1, |
|
| 41 | 41 |
}}, |
| 42 | 42 |
}, |
| 43 | 43 |
}) |
| ... | ... |
@@ -2,13 +2,15 @@ |
| 2 | 2 |
// source: drivers/windows/overlay/overlay.proto |
| 3 | 3 |
|
| 4 | 4 |
/* |
| 5 |
- Package overlay is a generated protocol buffer package. |
|
| 5 |
+Package overlay is a generated protocol buffer package. |
|
| 6 | 6 |
|
| 7 |
- It is generated from these files: |
|
| 8 |
- drivers/windows/overlay/overlay.proto |
|
| 7 |
+It is generated from these files: |
|
| 9 | 8 |
|
| 10 |
- It has these top-level messages: |
|
| 11 |
- PeerRecord |
|
| 9 |
+ drivers/windows/overlay/overlay.proto |
|
| 10 |
+ |
|
| 11 |
+It has these top-level messages: |
|
| 12 |
+ |
|
| 13 |
+ PeerRecord |
|
| 12 | 14 |
*/ |
| 13 | 15 |
package overlay |
| 14 | 16 |
|
| ... | ... |
@@ -31,11 +31,11 @@ import ( |
| 31 | 31 |
"github.com/docker/docker/errdefs" |
| 32 | 32 |
"github.com/docker/docker/internal/containerfs" |
| 33 | 33 |
"github.com/docker/docker/pkg/authorization" |
| 34 |
- "github.com/docker/docker/pkg/chrootarchive" |
|
| 35 | 34 |
"github.com/docker/docker/pkg/pools" |
| 36 | 35 |
"github.com/docker/docker/pkg/progress" |
| 37 | 36 |
"github.com/docker/docker/pkg/stringid" |
| 38 | 37 |
v2 "github.com/docker/docker/plugin/v2" |
| 38 |
+ "github.com/moby/go-archive/chrootarchive" |
|
| 39 | 39 |
"github.com/moby/sys/mount" |
| 40 | 40 |
"github.com/opencontainers/go-digest" |
| 41 | 41 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| ... | ... |
@@ -15,10 +15,10 @@ import ( |
| 15 | 15 |
"github.com/distribution/reference" |
| 16 | 16 |
"github.com/docker/docker/api/types/registry" |
| 17 | 17 |
progressutils "github.com/docker/docker/distribution/utils" |
| 18 |
- "github.com/docker/docker/pkg/chrootarchive" |
|
| 19 | 18 |
"github.com/docker/docker/pkg/ioutils" |
| 20 | 19 |
"github.com/docker/docker/pkg/progress" |
| 21 | 20 |
"github.com/docker/docker/pkg/stringid" |
| 21 |
+ "github.com/moby/go-archive/chrootarchive" |
|
| 22 | 22 |
"github.com/opencontainers/go-digest" |
| 23 | 23 |
ocispec "github.com/opencontainers/image-spec/specs-go/v1" |
| 24 | 24 |
"github.com/pkg/errors" |
| ... | ... |
@@ -12,9 +12,9 @@ import ( |
| 12 | 12 |
"github.com/docker/docker/api/types" |
| 13 | 13 |
"github.com/docker/docker/api/types/events" |
| 14 | 14 |
"github.com/docker/docker/api/types/registry" |
| 15 |
- "github.com/docker/docker/pkg/archive" |
|
| 16 | 15 |
"github.com/docker/docker/plugin" |
| 17 | 16 |
registrypkg "github.com/docker/docker/registry" |
| 17 |
+ "github.com/moby/go-archive" |
|
| 18 | 18 |
"github.com/pkg/errors" |
| 19 | 19 |
) |
| 20 | 20 |
|