Migrate to containerd v1.7.0 and update dependencies

* Updates containerd to v1.7.0 and new binary for 32-bit Arm OSes. * Updates Go dependencies - openfaas and external Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
2025-06-28 01:33:23 +00:00 · 2023-03-19 10:55:53 +00:00
parent 9efd019e86
commit c41c2cd9fc
1133 changed files with 104391 additions and 75499 deletions
--- a/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go
@ -1,5 +1,3 @@
-// +build windows
-
 // Package guid provides a GUID type. The backing structure for a GUID is
 // identical to that used by the golang.org/x/sys/windows GUID type.
 // There are two main binary encodings used for a GUID, the big-endian encoding,
@ -9,26 +7,26 @@ package guid

 import (
 	"crypto/rand"
-	"crypto/sha1"
+	"crypto/sha1" //nolint:gosec // not used for secure application
 	"encoding"
 	"encoding/binary"
 	"fmt"
 	"strconv"
-
-	"golang.org/x/sys/windows"
 )

+//go:generate go run golang.org/x/tools/cmd/stringer -type=Variant -trimprefix=Variant -linecomment
+
 // Variant specifies which GUID variant (or "type") of the GUID. It determines
 // how the entirety of the rest of the GUID is interpreted.
 type Variant uint8

-// The variants specified by RFC 4122.
+// The variants specified by RFC 4122 section 4.1.1.
 const (
 	// VariantUnknown specifies a GUID variant which does not conform to one of
 	// the variant encodings specified in RFC 4122.
 	VariantUnknown Variant = iota
 	VariantNCS
-	VariantRFC4122
+	VariantRFC4122 // RFC 4122
 	VariantMicrosoft
 	VariantFuture
 )
@ -38,16 +36,13 @@ const (
 // hash of an input string.
 type Version uint8

+func (v Version) String() string {
+	return strconv.FormatUint(uint64(v), 10)
+}
+
 var _ = (encoding.TextMarshaler)(GUID{})
 var _ = (encoding.TextUnmarshaler)(&GUID{})

-// GUID represents a GUID/UUID. It has the same structure as
-// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
-// that type. It is defined as its own type so that stringification and
-// marshaling can be supported. The representation matches that used by native
-// Windows code.
-type GUID windows.GUID
-
 // NewV4 returns a new version 4 (pseudorandom) GUID, as defined by RFC 4122.
 func NewV4() (GUID, error) {
 	var b [16]byte
@ -70,7 +65,7 @@ func NewV4() (GUID, error) {
 // big-endian UTF16 stream of bytes. If that is desired, the string can be
 // encoded as such before being passed to this function.
 func NewV5(namespace GUID, name []byte) (GUID, error) {
-	b := sha1.New()
+	b := sha1.New() //nolint:gosec // not used for secure application
 	namespaceBytes := namespace.ToArray()
 	b.Write(namespaceBytes[:])
 	b.Write(name)
--- a/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go
@ -0,0 +1,16 @@
+//go:build !windows
+// +build !windows
+
+package guid
+
+// GUID represents a GUID/UUID. It has the same structure as
+// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
+// that type. It is defined as its own type as that is only available to builds
+// targeted at `windows`. The representation matches that used by native Windows
+// code.
+type GUID struct {
+	Data1 uint32
+	Data2 uint16
+	Data3 uint16
+	Data4 [8]byte
+}
--- a/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go
@ -0,0 +1,13 @@
+//go:build windows
+// +build windows
+
+package guid
+
+import "golang.org/x/sys/windows"
+
+// GUID represents a GUID/UUID. It has the same structure as
+// golang.org/x/sys/windows.GUID so that it can be used with functions expecting
+// that type. It is defined as its own type so that stringification and
+// marshaling can be supported. The representation matches that used by native
+// Windows code.
+type GUID windows.GUID
--- a/vendor/github.com/Microsoft/go-winio/pkg/guid/variant_string.go
+++ b/vendor/github.com/Microsoft/go-winio/pkg/guid/variant_string.go
@ -0,0 +1,27 @@
+// Code generated by "stringer -type=Variant -trimprefix=Variant -linecomment"; DO NOT EDIT.
+
+package guid
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[VariantUnknown-0]
+	_ = x[VariantNCS-1]
+	_ = x[VariantRFC4122-2]
+	_ = x[VariantMicrosoft-3]
+	_ = x[VariantFuture-4]
+}
+
+const _Variant_name = "UnknownNCSRFC 4122MicrosoftFuture"
+
+var _Variant_index = [...]uint8{0, 7, 10, 18, 27, 33}
+
+func (i Variant) String() string {
+	if i >= Variant(len(_Variant_index)-1) {
+		return "Variant(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _Variant_name[_Variant_index[i]:_Variant_index[i+1]]
+}
--- a/vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go
+++ b/vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go
@ -1,161 +0,0 @@
-// +build windows
-
-package security
-
-import (
-	"os"
-	"syscall"
-	"unsafe"
-
-	"github.com/pkg/errors"
-)
-
-type (
-	accessMask          uint32
-	accessMode          uint32
-	desiredAccess       uint32
-	inheritMode         uint32
-	objectType          uint32
-	shareMode           uint32
-	securityInformation uint32
-	trusteeForm         uint32
-	trusteeType         uint32
-
-	explicitAccess struct {
-		accessPermissions accessMask
-		accessMode        accessMode
-		inheritance       inheritMode
-		trustee           trustee
-	}
-
-	trustee struct {
-		multipleTrustee          *trustee
-		multipleTrusteeOperation int32
-		trusteeForm              trusteeForm
-		trusteeType              trusteeType
-		name                     uintptr
-	}
-)
-
-const (
-	accessMaskDesiredPermission accessMask = 1 << 31 // GENERIC_READ
-
-	accessModeGrant accessMode = 1
-
-	desiredAccessReadControl desiredAccess = 0x20000
-	desiredAccessWriteDac    desiredAccess = 0x40000
-
-	gvmga = "GrantVmGroupAccess:"
-
-	inheritModeNoInheritance                  inheritMode = 0x0
-	inheritModeSubContainersAndObjectsInherit inheritMode = 0x3
-
-	objectTypeFileObject objectType = 0x1
-
-	securityInformationDACL securityInformation = 0x4
-
-	shareModeRead  shareMode = 0x1
-	shareModeWrite shareMode = 0x2
-
-	sidVmGroup = "S-1-5-83-0"
-
-	trusteeFormIsSid trusteeForm = 0
-
-	trusteeTypeWellKnownGroup trusteeType = 5
-)
-
-// GrantVMGroupAccess sets the DACL for a specified file or directory to
-// include Grant ACE entries for the VM Group SID. This is a golang re-
-// implementation of the same function in vmcompute, just not exported in
-// RS5. Which kind of sucks. Sucks a lot :/
-func GrantVmGroupAccess(name string) error {
-	// Stat (to determine if `name` is a directory).
-	s, err := os.Stat(name)
-	if err != nil {
-		return errors.Wrapf(err, "%s os.Stat %s", gvmga, name)
-	}
-
-	// Get a handle to the file/directory. Must defer Close on success.
-	fd, err := createFile(name, s.IsDir())
-	if err != nil {
-		return err // Already wrapped
-	}
-	defer syscall.CloseHandle(fd)
-
-	// Get the current DACL and Security Descriptor. Must defer LocalFree on success.
-	ot := objectTypeFileObject
-	si := securityInformationDACL
-	sd := uintptr(0)
-	origDACL := uintptr(0)
-	if err := getSecurityInfo(fd, uint32(ot), uint32(si), nil, nil, &origDACL, nil, &sd); err != nil {
-		return errors.Wrapf(err, "%s GetSecurityInfo %s", gvmga, name)
-	}
-	defer syscall.LocalFree((syscall.Handle)(unsafe.Pointer(sd)))
-
-	// Generate a new DACL which is the current DACL with the required ACEs added.
-	// Must defer LocalFree on success.
-	newDACL, err := generateDACLWithAcesAdded(name, s.IsDir(), origDACL)
-	if err != nil {
-		return err // Already wrapped
-	}
-	defer syscall.LocalFree((syscall.Handle)(unsafe.Pointer(newDACL)))
-
-	// And finally use SetSecurityInfo to apply the updated DACL.
-	if err := setSecurityInfo(fd, uint32(ot), uint32(si), uintptr(0), uintptr(0), newDACL, uintptr(0)); err != nil {
-		return errors.Wrapf(err, "%s SetSecurityInfo %s", gvmga, name)
-	}
-
-	return nil
-}
-
-// createFile is a helper function to call [Nt]CreateFile to get a handle to
-// the file or directory.
-func createFile(name string, isDir bool) (syscall.Handle, error) {
-	namep := syscall.StringToUTF16(name)
-	da := uint32(desiredAccessReadControl | desiredAccessWriteDac)
-	sm := uint32(shareModeRead | shareModeWrite)
-	fa := uint32(syscall.FILE_ATTRIBUTE_NORMAL)
-	if isDir {
-		fa = uint32(fa | syscall.FILE_FLAG_BACKUP_SEMANTICS)
-	}
-	fd, err := syscall.CreateFile(&namep[0], da, sm, nil, syscall.OPEN_EXISTING, fa, 0)
-	if err != nil {
-		return 0, errors.Wrapf(err, "%s syscall.CreateFile %s", gvmga, name)
-	}
-	return fd, nil
-}
-
-// generateDACLWithAcesAdded generates a new DACL with the two needed ACEs added.
-// The caller is responsible for LocalFree of the returned DACL on success.
-func generateDACLWithAcesAdded(name string, isDir bool, origDACL uintptr) (uintptr, error) {
-	// Generate pointers to the SIDs based on the string SIDs
-	sid, err := syscall.StringToSid(sidVmGroup)
-	if err != nil {
-		return 0, errors.Wrapf(err, "%s syscall.StringToSid %s %s", gvmga, name, sidVmGroup)
-	}
-
-	inheritance := inheritModeNoInheritance
-	if isDir {
-		inheritance = inheritModeSubContainersAndObjectsInherit
-	}
-
-	eaArray := []explicitAccess{
-		explicitAccess{
-			accessPermissions: accessMaskDesiredPermission,
-			accessMode:        accessModeGrant,
-			inheritance:       inheritance,
-			trustee: trustee{
-				trusteeForm: trusteeFormIsSid,
-				trusteeType: trusteeTypeWellKnownGroup,
-				name:        uintptr(unsafe.Pointer(sid)),
-			},
-		},
-	}
-
-	modifiedDACL := uintptr(0)
-	if err := setEntriesInAcl(uintptr(uint32(1)), uintptr(unsafe.Pointer(&eaArray[0])), origDACL, &modifiedDACL); err != nil {
-		return 0, errors.Wrapf(err, "%s SetEntriesInAcl %s", gvmga, name)
-	}
-
-	return modifiedDACL, nil
-}
--- a/vendor/github.com/Microsoft/go-winio/pkg/security/syscall_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/pkg/security/syscall_windows.go
@ -1,7 +0,0 @@
-package security
-
-//go:generate go run mksyscall_windows.go -output zsyscall_windows.go syscall_windows.go
-
-//sys getSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, ppsidOwner **uintptr, ppsidGroup **uintptr, ppDacl *uintptr, ppSacl *uintptr, ppSecurityDescriptor *uintptr) (win32err error) = advapi32.GetSecurityInfo
-//sys setSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, psidOwner uintptr, psidGroup uintptr, pDacl uintptr, pSacl uintptr) (win32err error) = advapi32.SetSecurityInfo
-//sys setEntriesInAcl(count uintptr, pListOfEEs uintptr, oldAcl uintptr, newAcl *uintptr) (win32err error) = advapi32.SetEntriesInAclW
--- a/vendor/github.com/Microsoft/go-winio/pkg/security/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/pkg/security/zsyscall_windows.go
@ -1,70 +0,0 @@
-// Code generated by 'go generate'; DO NOT EDIT.
-
-package security
-
-import (
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-var _ unsafe.Pointer
-
-// Do the interface allocations only once for common
-// Errno values.
-const (
-	errnoERROR_IO_PENDING = 997
-)
-
-var (
-	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
-	errERROR_EINVAL     error = syscall.EINVAL
-)
-
-// errnoErr returns common boxed Errno values, to prevent
-// allocations at runtime.
-func errnoErr(e syscall.Errno) error {
-	switch e {
-	case 0:
-		return errERROR_EINVAL
-	case errnoERROR_IO_PENDING:
-		return errERROR_IO_PENDING
-	}
-	// TODO: add more here, after collecting data on the common
-	// error values see on Windows. (perhaps when running
-	// all.bat?)
-	return e
-}
-
-var (
-	modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
-
-	procGetSecurityInfo  = modadvapi32.NewProc("GetSecurityInfo")
-	procSetEntriesInAclW = modadvapi32.NewProc("SetEntriesInAclW")
-	procSetSecurityInfo  = modadvapi32.NewProc("SetSecurityInfo")
-)
-
-func getSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, ppsidOwner **uintptr, ppsidGroup **uintptr, ppDacl *uintptr, ppSacl *uintptr, ppSecurityDescriptor *uintptr) (win32err error) {
-	r0, _, _ := syscall.Syscall9(procGetSecurityInfo.Addr(), 8, uintptr(handle), uintptr(objectType), uintptr(si), uintptr(unsafe.Pointer(ppsidOwner)), uintptr(unsafe.Pointer(ppsidGroup)), uintptr(unsafe.Pointer(ppDacl)), uintptr(unsafe.Pointer(ppSacl)), uintptr(unsafe.Pointer(ppSecurityDescriptor)), 0)
-	if r0 != 0 {
-		win32err = syscall.Errno(r0)
-	}
-	return
-}
-
-func setEntriesInAcl(count uintptr, pListOfEEs uintptr, oldAcl uintptr, newAcl *uintptr) (win32err error) {
-	r0, _, _ := syscall.Syscall6(procSetEntriesInAclW.Addr(), 4, uintptr(count), uintptr(pListOfEEs), uintptr(oldAcl), uintptr(unsafe.Pointer(newAcl)), 0, 0)
-	if r0 != 0 {
-		win32err = syscall.Errno(r0)
-	}
-	return
-}
-
-func setSecurityInfo(handle syscall.Handle, objectType uint32, si uint32, psidOwner uintptr, psidGroup uintptr, pDacl uintptr, pSacl uintptr) (win32err error) {
-	r0, _, _ := syscall.Syscall9(procSetSecurityInfo.Addr(), 7, uintptr(handle), uintptr(objectType), uintptr(si), uintptr(psidOwner), uintptr(psidGroup), uintptr(pDacl), uintptr(pSacl), 0, 0)
-	if r0 != 0 {
-		win32err = syscall.Errno(r0)
-	}
-	return
-}