From 50b40e2acaf8229c44b5b4a6ce344d05741f1edc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 16:54:44 +0200 Subject: [PATCH 01/17] Run (go fix) and clean up other related instances MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- common/pkg/cgroups/cgroups_linux.go | 2 +- common/pkg/json-proxy/proxy_test.go | 14 +++++--------- common/pkg/netns/netns_linux.go | 6 ++---- image/docker/registries_d_test.go | 3 +-- image/pkg/blobcache/blobcache.go | 2 +- storage/drivers/overlay/overlay.go | 2 +- storage/layers.go | 4 ++-- 7 files changed, 13 insertions(+), 20 deletions(-) diff --git a/common/pkg/cgroups/cgroups_linux.go b/common/pkg/cgroups/cgroups_linux.go index 67591beead..27c1ac989a 100644 --- a/common/pkg/cgroups/cgroups_linux.go +++ b/common/pkg/cgroups/cgroups_linux.go @@ -405,7 +405,7 @@ func createCgroupv2Path(path string) (deferredError error) { newCtrs := [][]byte{} for _, ctr := range ctrs { // Try to enable each controller individually, at least we can give a better error message if any fails. - if err := os.WriteFile(subtreeControl, []byte(fmt.Sprintf("+%s\n", ctr)), 0o755); err != nil { + if err := os.WriteFile(subtreeControl, fmt.Appendf(nil, "+%s\n", ctr), 0o755); err != nil { // The kernel can return EBUSY when a process was moved to a sub-cgroup // and the controllers are enabled in its parent cgroup. Retry a few times when // it happens. diff --git a/common/pkg/json-proxy/proxy_test.go b/common/pkg/json-proxy/proxy_test.go index 8c6932f961..dfe44d5ba6 100644 --- a/common/pkg/json-proxy/proxy_test.go +++ b/common/pkg/json-proxy/proxy_test.go @@ -216,9 +216,7 @@ func (p *proxy) callGetRawBlob(args []any) (buf []byte, err error) { var wg sync.WaitGroup fetchchan := make(chan byteFetch, 1) errchan := make(chan proxyError, 1) - wg.Add(1) - go func() { - defer wg.Done() + wg.Go(func() { defer close(fetchchan) defer fd.datafd.Close() buf, err := io.ReadAll(fd.datafd) @@ -226,10 +224,8 @@ func (p *proxy) callGetRawBlob(args []any) (buf []byte, err error) { content: buf, err: err, } - }() - wg.Add(1) - go func() { - defer wg.Done() + }) + wg.Go(func() { defer fd.errfd.Close() defer close(errchan) buf, err := io.ReadAll(fd.errfd) @@ -250,7 +246,7 @@ func (p *proxy) callGetRawBlob(args []any) (buf []byte, err error) { panic(unmarshalErr) } errchan <- proxyErr - }() + }) wg.Wait() errMsg := <-errchan @@ -389,7 +385,7 @@ func runTestMetadataAPIs(p *proxy, img string) error { if err != nil { return err } - var layerInfoBytesData []interface{} + var layerInfoBytesData []any err = json.Unmarshal(layerInfoBytes, &layerInfoBytesData) if err != nil { return err diff --git a/common/pkg/netns/netns_linux.go b/common/pkg/netns/netns_linux.go index 5e36ec7213..cfa9dff44d 100644 --- a/common/pkg/netns/netns_linux.go +++ b/common/pkg/netns/netns_linux.go @@ -229,18 +229,16 @@ func (ns *netNS) Do(toRun func(NetNS) error) error { defer hostNS.Close() var wg sync.WaitGroup - wg.Add(1) // Start the callback in a new green thread so that if we later fail // to switch the namespace back to the original one, we can safely // leave the thread locked to die without a risk of the current thread // left lingering with incorrect namespace. var innerError error - go func() { - defer wg.Done() + wg.Go(func() { runtime.LockOSThread() innerError = containedCall(hostNS) - }() + }) wg.Wait() return innerError diff --git a/image/docker/registries_d_test.go b/image/docker/registries_d_test.go index e91bf5b0f3..20dc9af69a 100644 --- a/image/docker/registries_d_test.go +++ b/image/docker/registries_d_test.go @@ -24,7 +24,7 @@ func dockerRefFromString(t *testing.T, s string) dockerReference { func writeDockerLookaside(t *testing.T, dir, filename, registry, lookaside string) { t.Helper() require.NoError(t, os.MkdirAll(dir, 0o755)) - require.NoError(t, os.WriteFile(filepath.Join(dir, filename), []byte(fmt.Sprintf("docker:\n %s:\n lookaside: %s\n", registry, lookaside)), 0o644)) + require.NoError(t, os.WriteFile(filepath.Join(dir, filename), fmt.Appendf(nil, "docker:\n %s:\n lookaside: %s\n", registry, lookaside), 0o644)) } func TestSignatureStorageBaseURL(t *testing.T) { @@ -214,7 +214,6 @@ func TestLoadRegistryConfiguration(t *testing.T) { } for _, tt := range tests { - tt := tt t.Run("", func(t *testing.T) { sys := tt.setup(t) cfg, err := loadRegistryConfiguration(sys) diff --git a/image/pkg/blobcache/blobcache.go b/image/pkg/blobcache/blobcache.go index f3bb6c836e..bed5c13db6 100644 --- a/image/pkg/blobcache/blobcache.go +++ b/image/pkg/blobcache/blobcache.go @@ -50,7 +50,7 @@ func parseCompressedNote(filePath string) (compressionNoteContent, error) { } return nil, err } - for _, line := range strings.Split(string(content), "\n") { + for line := range strings.SplitSeq(string(content), "\n") { line = strings.TrimSpace(line) if line == "" { continue diff --git a/storage/drivers/overlay/overlay.go b/storage/drivers/overlay/overlay.go index b50319707b..3ade1e7850 100644 --- a/storage/drivers/overlay/overlay.go +++ b/storage/drivers/overlay/overlay.go @@ -698,7 +698,7 @@ func SupportsNativeOverlay(home, runhome string) (bool, error) { if err != nil && !errors.Is(err, fs.ErrNotExist) { return false, err } - if err := os.WriteFile(getMountProgramFlagFile(home), []byte(fmt.Sprintf("%t", needsMountProgram)), 0o600); err != nil && !errors.Is(err, fs.ErrNotExist) { + if err := os.WriteFile(getMountProgramFlagFile(home), fmt.Appendf(nil, "%t", needsMountProgram), 0o600); err != nil && !errors.Is(err, fs.ErrNotExist) { return false, err } if needsMountProgram { diff --git a/storage/layers.go b/storage/layers.go index 973b462209..016628d392 100644 --- a/storage/layers.go +++ b/storage/layers.go @@ -847,8 +847,8 @@ func (r *layerStore) GarbageCollect() error { name := entry.Name() var id string var isDataDir bool - if strings.HasSuffix(name, tarSplitSuffix) { - id = strings.TrimSuffix(name, tarSplitSuffix) + if idPart, ok := strings.CutSuffix(name, tarSplitSuffix); ok { + id = idPart } else if stringid.ValidateID(name) == nil { id = name isDataDir = true From bd3e2bf18641ae4e986f19feea3f2bf03d7a0131 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 16:59:03 +0200 Subject: [PATCH 02/17] Fix an inefficient use of WriteString MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- image/docker/docker_client_test.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/image/docker/docker_client_test.go b/image/docker/docker_client_test.go index 528008f7c1..22388d2cea 100644 --- a/image/docker/docker_client_test.go +++ b/image/docker/docker_client_test.go @@ -395,7 +395,9 @@ func TestGetBlobSize(t *testing.T) { var buf bytes.Buffer buf.WriteString("HTTP/1.1 200 OK\r\n") for _, v := range c.headers { - buf.WriteString("Content-Length: " + v + "\r\n") + buf.WriteString("Content-Length: ") + buf.WriteString(v) + buf.WriteString("\r\n") } buf.WriteString("\r\n") resp, err := http.ReadResponse(bufio.NewReader(&buf), nil) From e2762823cdb1190fe9d75866d73a3c92a43f6775 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 17:43:25 +0200 Subject: [PATCH 03/17] RISKY: Add/correct error reporting to uses of Scanner MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- common/pkg/auth/auth.go | 3 +++ common/pkg/cgroups/utils_linux.go | 6 ++++++ common/pkg/subscriptions/subscriptions.go | 3 +++ storage/pkg/idtools/idtools.go | 3 +++ .../pkg/parsers/operatingsystem/operatingsystem_linux.go | 3 +++ storage/pkg/unshare/unshare_linux.go | 3 +++ 6 files changed, 21 insertions(+) diff --git a/common/pkg/auth/auth.go b/common/pkg/auth/auth.go index 1a04716150..3042396b25 100644 --- a/common/pkg/auth/auth.go +++ b/common/pkg/auth/auth.go @@ -182,6 +182,9 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO for scanner.Scan() { fmt.Fprint(&stdinPasswordStrBuilder, scanner.Text()) } + if err := scanner.Err(); err != nil { + return fmt.Errorf("reading password from stdin: %w", err) + } password = stdinPasswordStrBuilder.String() } diff --git a/common/pkg/cgroups/utils_linux.go b/common/pkg/cgroups/utils_linux.go index b1ee60a294..329969048c 100644 --- a/common/pkg/cgroups/utils_linux.go +++ b/common/pkg/cgroups/utils_linux.go @@ -170,6 +170,9 @@ func getCgroupProcess(procFile string, allowRoot bool) (string, error) { cgroup = parts[2] } } + if err := scanner.Err(); err != nil { + return "", err + } if len(cgroup) == 0 || (!allowRoot && cgroup == "/") { return "", fmt.Errorf("could not find cgroup mount in %q", procFile) } @@ -267,6 +270,9 @@ func MoveUnderCgroup(cgroup, subtree string, processes []uint32) error { } } } + if err := scanner.Err(); err != nil { + return err + } return nil } diff --git a/common/pkg/subscriptions/subscriptions.go b/common/pkg/subscriptions/subscriptions.go index 21c1afe310..a7f1b3f641 100644 --- a/common/pkg/subscriptions/subscriptions.go +++ b/common/pkg/subscriptions/subscriptions.go @@ -139,6 +139,9 @@ func getMounts(filePath string) []string { filePath, scanner.Text()) } } + if err := scanner.Err(); err != nil { + logrus.Errorf("Reading file %q: %v", filePath, err) + } return mounts } diff --git a/storage/pkg/idtools/idtools.go b/storage/pkg/idtools/idtools.go index 81b7f66bf1..de9356517f 100644 --- a/storage/pkg/idtools/idtools.go +++ b/storage/pkg/idtools/idtools.go @@ -358,6 +358,9 @@ func parseSubidFile(path, username string) ([]subIDRange, error) { rangeList = append(rangeList, subIDRange{startid, length}) } } + if err := s.Err(); err != nil { + return rangeList, err + } return rangeList, nil } diff --git a/storage/pkg/parsers/operatingsystem/operatingsystem_linux.go b/storage/pkg/parsers/operatingsystem/operatingsystem_linux.go index 7fc7750913..c9ebe20444 100644 --- a/storage/pkg/parsers/operatingsystem/operatingsystem_linux.go +++ b/storage/pkg/parsers/operatingsystem/operatingsystem_linux.go @@ -52,6 +52,9 @@ func GetOperatingSystem() (string, error) { prettyName = prettyNames[0] } } + if err := scanner.Err(); err != nil { + return "", err + } if prettyName != "" { return prettyName, nil } diff --git a/storage/pkg/unshare/unshare_linux.go b/storage/pkg/unshare/unshare_linux.go index 7cb069c78c..0022b48bff 100644 --- a/storage/pkg/unshare/unshare_linux.go +++ b/storage/pkg/unshare/unshare_linux.go @@ -680,6 +680,9 @@ func getHostIDMappings(path string) ([]specs.LinuxIDMapping, error) { } mappings = append(mappings, specs.LinuxIDMapping{ContainerID: uint32(cid), HostID: uint32(hid), Size: uint32(size)}) } + if err := scanner.Err(); err != nil { + return nil, fmt.Errorf("reading ID mappings from %q: %w", path, err) + } return mappings, nil } From 523413687bfb8a9c912d9db1d2ac5451ac2c50b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 17:45:44 +0200 Subject: [PATCH 04/17] Use a more moden error wrapping MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- image/signature/mechanism_openpgp.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/signature/mechanism_openpgp.go b/image/signature/mechanism_openpgp.go index 2f1b99d18c..92a3bb370a 100644 --- a/image/signature/mechanism_openpgp.go +++ b/image/signature/mechanism_openpgp.go @@ -150,7 +150,7 @@ func (m *openpgpSigningMechanism) Verify(unverifiedSignature []byte) (contents [ return nil, "", err } if md.SignatureError != nil { - return nil, "", fmt.Errorf("signature error: %v", md.SignatureError) + return nil, "", fmt.Errorf("signature error: %w", md.SignatureError) } if md.SignedBy == nil { return nil, "", internal.NewInvalidSignatureError(fmt.Sprintf("Key not found for key ID %x in signature", md.SignedByKeyId)) From 62cebca8aee20d4cadc6cdd03e977a425cfa9ada Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 17:47:15 +0200 Subject: [PATCH 05/17] Remove an unused constant MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- common/pkg/config/config_windows.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/common/pkg/config/config_windows.go b/common/pkg/config/config_windows.go index 8855b7049c..adf7f288b9 100644 --- a/common/pkg/config/config_windows.go +++ b/common/pkg/config/config_windows.go @@ -6,11 +6,6 @@ import ( "path/filepath" ) -const ( - // Mount type for mounting host dir - _typeBind = "bind" -) - var defaultHelperBinariesDir = []string{ // FindHelperBinaries(), as a convention, interprets $BINDIR as the // directory where the current process binary (i.e. podman) is located. From 5a9212bda8ad32561af779b7e101f26658c89103 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 17:56:27 +0200 Subject: [PATCH 06/17] Restrict tests similarly to the primary implementations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid noise about build failures on Windows. Signed-off-by: Miloslav Trmač --- .../libnetwork/etchosts/{hosts_test.go => hosts_unix_test.go} | 2 ++ common/pkg/chown/chown_test.go | 2 ++ common/pkg/parse/{parse_test.go => parse_unix_test.go} | 2 ++ common/pkg/umask/{umask_test.go => umask_unix_test.go} | 2 ++ 4 files changed, 8 insertions(+) rename common/libnetwork/etchosts/{hosts_test.go => hosts_unix_test.go} (99%) rename common/pkg/parse/{parse_test.go => parse_unix_test.go} (98%) rename common/pkg/umask/{umask_test.go => umask_unix_test.go} (98%) diff --git a/common/libnetwork/etchosts/hosts_test.go b/common/libnetwork/etchosts/hosts_unix_test.go similarity index 99% rename from common/libnetwork/etchosts/hosts_test.go rename to common/libnetwork/etchosts/hosts_unix_test.go index 02e01104f0..a91bab4c46 100644 --- a/common/libnetwork/etchosts/hosts_test.go +++ b/common/libnetwork/etchosts/hosts_unix_test.go @@ -1,3 +1,5 @@ +//go:build unix + package etchosts import ( diff --git a/common/pkg/chown/chown_test.go b/common/pkg/chown/chown_test.go index a4410f3db6..dac08e87ce 100644 --- a/common/pkg/chown/chown_test.go +++ b/common/pkg/chown/chown_test.go @@ -1,3 +1,5 @@ +//go:build unix + package chown import ( diff --git a/common/pkg/parse/parse_test.go b/common/pkg/parse/parse_unix_test.go similarity index 98% rename from common/pkg/parse/parse_test.go rename to common/pkg/parse/parse_unix_test.go index e071184094..0a91b8adbb 100644 --- a/common/pkg/parse/parse_test.go +++ b/common/pkg/parse/parse_unix_test.go @@ -1,3 +1,5 @@ +//go:build linux || darwin || freebsd + package parse import ( diff --git a/common/pkg/umask/umask_test.go b/common/pkg/umask/umask_unix_test.go similarity index 98% rename from common/pkg/umask/umask_test.go rename to common/pkg/umask/umask_unix_test.go index 6ba81b2e39..65eab77553 100644 --- a/common/pkg/umask/umask_test.go +++ b/common/pkg/umask/umask_unix_test.go @@ -1,3 +1,5 @@ +//go:build linux || darwin + package umask_test import ( From e1b17f099c9fe9aad578098d4fe29915a877cc1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 19:21:01 +0200 Subject: [PATCH 07/17] Stop using gotest.tools MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit One less external dependency to worry about. Signed-off-by: Miloslav Trmač --- storage/drivers/copy/copy_test.go | 62 +-- storage/go.mod | 2 - storage/go.sum | 4 - .../pkg/chrootarchive/archive_unix_test.go | 44 +- storage/types/options_test.go | 11 +- vendor/gotest.tools/v3/LICENSE | 13 - vendor/gotest.tools/v3/assert/assert.go | 311 ------------- vendor/gotest.tools/v3/assert/cmp/compare.go | 403 ----------------- vendor/gotest.tools/v3/assert/cmp/result.go | 110 ----- .../gotest.tools/v3/internal/assert/assert.go | 160 ------- .../gotest.tools/v3/internal/assert/result.go | 146 ------ .../gotest.tools/v3/internal/difflib/LICENSE | 27 -- .../v3/internal/difflib/difflib.go | 427 ------------------ .../gotest.tools/v3/internal/format/diff.go | 162 ------- .../gotest.tools/v3/internal/format/format.go | 27 -- .../gotest.tools/v3/internal/source/bazel.go | 51 --- .../gotest.tools/v3/internal/source/defers.go | 52 --- .../gotest.tools/v3/internal/source/source.go | 159 ------- .../gotest.tools/v3/internal/source/update.go | 171 ------- .../v3/internal/source/version.go | 35 -- vendor/modules.txt | 8 - 21 files changed, 58 insertions(+), 2327 deletions(-) delete mode 100644 vendor/gotest.tools/v3/LICENSE delete mode 100644 vendor/gotest.tools/v3/assert/assert.go delete mode 100644 vendor/gotest.tools/v3/assert/cmp/compare.go delete mode 100644 vendor/gotest.tools/v3/assert/cmp/result.go delete mode 100644 vendor/gotest.tools/v3/internal/assert/assert.go delete mode 100644 vendor/gotest.tools/v3/internal/assert/result.go delete mode 100644 vendor/gotest.tools/v3/internal/difflib/LICENSE delete mode 100644 vendor/gotest.tools/v3/internal/difflib/difflib.go delete mode 100644 vendor/gotest.tools/v3/internal/format/diff.go delete mode 100644 vendor/gotest.tools/v3/internal/format/format.go delete mode 100644 vendor/gotest.tools/v3/internal/source/bazel.go delete mode 100644 vendor/gotest.tools/v3/internal/source/defers.go delete mode 100644 vendor/gotest.tools/v3/internal/source/source.go delete mode 100644 vendor/gotest.tools/v3/internal/source/update.go delete mode 100644 vendor/gotest.tools/v3/internal/source/version.go diff --git a/storage/drivers/copy/copy_test.go b/storage/drivers/copy/copy_test.go index 988407b218..395803a004 100644 --- a/storage/drivers/copy/copy_test.go +++ b/storage/drivers/copy/copy_test.go @@ -12,10 +12,10 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "go.podman.io/storage/pkg/system" "golang.org/x/sys/unix" - "gotest.tools/v3/assert" - is "gotest.tools/v3/assert/cmp" ) func TestCopy(t *testing.T) { @@ -36,40 +36,40 @@ func TestCopyDir(t *testing.T) { dstDir := t.TempDir() - assert.Check(t, DirCopy(srcDir, dstDir, Content, false)) - assert.NilError(t, filepath.Walk(srcDir, func(srcPath string, f os.FileInfo, err error) error { + require.NoError(t, DirCopy(srcDir, dstDir, Content, false)) + require.NoError(t, filepath.Walk(srcDir, func(srcPath string, f os.FileInfo, err error) error { if err != nil { return err } // Rebase path relPath, err := filepath.Rel(srcDir, srcPath) - assert.NilError(t, err) + require.NoError(t, err) if relPath == "." { return nil } dstPath := filepath.Join(dstDir, relPath) - assert.NilError(t, err) + require.NoError(t, err) // If we add non-regular dirs and files to the test // then we need to add more checks here. dstFileInfo, err := os.Lstat(dstPath) - assert.NilError(t, err) + require.NoError(t, err) srcFileSys := f.Sys().(*syscall.Stat_t) dstFileSys := dstFileInfo.Sys().(*syscall.Stat_t) t.Log(relPath) if srcFileSys.Dev == dstFileSys.Dev { - assert.Check(t, srcFileSys.Ino != dstFileSys.Ino) + assert.NotEqual(t, srcFileSys.Ino, dstFileSys.Ino) } // Todo: check size, and ctim is not equal /// on filesystems that have granular ctimes - assert.Check(t, is.DeepEqual(srcFileSys.Mode, dstFileSys.Mode)) - assert.Check(t, is.DeepEqual(srcFileSys.Uid, dstFileSys.Uid)) - assert.Check(t, is.DeepEqual(srcFileSys.Gid, dstFileSys.Gid)) - assert.Check(t, is.DeepEqual(srcFileSys.Mtim, dstFileSys.Mtim)) + assert.Equal(t, srcFileSys.Mode, dstFileSys.Mode) + assert.Equal(t, srcFileSys.Uid, dstFileSys.Uid) + assert.Equal(t, srcFileSys.Gid, dstFileSys.Gid) + assert.Equal(t, srcFileSys.Mtim, dstFileSys.Mtim) return nil })) @@ -86,7 +86,7 @@ func populateSrcDir(t *testing.T, srcDir string, remainingDepth int) { if remainingDepth == 0 { socketPath := filepath.Join(srcDir, "srcsocket") s, err := net.ListenUnix("unix", &net.UnixAddr{Name: socketPath, Net: "unix"}) - assert.NilError(t, err) + require.NoError(t, err) s.SetUnlinkOnClose(false) s.Close() return @@ -97,16 +97,16 @@ func populateSrcDir(t *testing.T, srcDir string, remainingDepth int) { for i := range 10 { dirName := filepath.Join(srcDir, fmt.Sprintf("srcdir-%d", i)) // Owner all bits set - assert.NilError(t, os.Mkdir(dirName, randomMode(0o700))) + require.NoError(t, os.Mkdir(dirName, randomMode(0o700))) populateSrcDir(t, dirName, remainingDepth-1) - assert.NilError(t, system.Chtimes(dirName, aTime, mTime)) + require.NoError(t, system.Chtimes(dirName, aTime, mTime)) } for i := range 10 { fileName := filepath.Join(srcDir, fmt.Sprintf("srcfile-%d", i)) // Owner read bit set - assert.NilError(t, os.WriteFile(fileName, []byte{}, randomMode(0o400))) - assert.NilError(t, system.Chtimes(fileName, aTime, mTime)) + require.NoError(t, os.WriteFile(fileName, []byte{}, randomMode(0o400))) + require.NoError(t, system.Chtimes(fileName, aTime, mTime)) } } @@ -118,15 +118,15 @@ func doCopyTest(t *testing.T, copyWithFileRange, copyWithFileClone *bool) { r := rand.New(rand.NewSource(0)) buf := make([]byte, 1024) _, err := r.Read(buf) - assert.NilError(t, err) - assert.NilError(t, os.WriteFile(srcFilename, buf, 0o777)) + require.NoError(t, err) + require.NoError(t, os.WriteFile(srcFilename, buf, 0o777)) fileinfo, err := os.Stat(srcFilename) - assert.NilError(t, err) + require.NoError(t, err) - assert.NilError(t, CopyRegular(srcFilename, dstFilename, fileinfo, copyWithFileRange, copyWithFileClone)) + require.NoError(t, CopyRegular(srcFilename, dstFilename, fileinfo, copyWithFileRange, copyWithFileClone)) readBuf, err := os.ReadFile(dstFilename) - assert.NilError(t, err) - assert.Check(t, is.DeepEqual(buf, readBuf)) + require.NoError(t, err) + assert.Equal(t, buf, readBuf) } func TestCopyHardlink(t *testing.T) { @@ -139,16 +139,16 @@ func TestCopyHardlink(t *testing.T) { srcFile2 := filepath.Join(srcDir, "file2") dstFile1 := filepath.Join(dstDir, "file1") dstFile2 := filepath.Join(dstDir, "file2") - assert.NilError(t, os.WriteFile(srcFile1, []byte{}, 0o777)) - assert.NilError(t, os.Link(srcFile1, srcFile2)) + require.NoError(t, os.WriteFile(srcFile1, []byte{}, 0o777)) + require.NoError(t, os.Link(srcFile1, srcFile2)) - assert.Check(t, DirCopy(srcDir, dstDir, Content, false)) + require.NoError(t, DirCopy(srcDir, dstDir, Content, false)) - assert.NilError(t, unix.Stat(srcFile1, &srcFile1FileInfo)) - assert.NilError(t, unix.Stat(srcFile2, &srcFile2FileInfo)) + require.NoError(t, unix.Stat(srcFile1, &srcFile1FileInfo)) + require.NoError(t, unix.Stat(srcFile2, &srcFile2FileInfo)) assert.Equal(t, srcFile1FileInfo.Ino, srcFile2FileInfo.Ino) - assert.NilError(t, unix.Stat(dstFile1, &dstFile1FileInfo)) - assert.NilError(t, unix.Stat(dstFile2, &dstFile2FileInfo)) - assert.Check(t, is.Equal(dstFile1FileInfo.Ino, dstFile2FileInfo.Ino)) + require.NoError(t, unix.Stat(dstFile1, &dstFile1FileInfo)) + require.NoError(t, unix.Stat(dstFile2, &dstFile2FileInfo)) + assert.Equal(t, dstFile1FileInfo.Ino, dstFile2FileInfo.Ino) } diff --git a/storage/go.mod b/storage/go.mod index f64570f8b5..7da598b960 100644 --- a/storage/go.mod +++ b/storage/go.mod @@ -28,13 +28,11 @@ require ( github.com/vbatts/tar-split v0.12.3 golang.org/x/sync v0.20.0 golang.org/x/sys v0.44.0 - gotest.tools/v3 v3.5.2 ) require ( cyphar.com/go-pathrs v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/google/go-cmp v0.7.0 // indirect github.com/google/uuid v1.6.0 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect diff --git a/storage/go.sum b/storage/go.sum index a84a32943d..759ede6bb1 100644 --- a/storage/go.sum +++ b/storage/go.sum @@ -13,8 +13,6 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= -github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM= github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -84,5 +82,3 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= -gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= diff --git a/storage/pkg/chrootarchive/archive_unix_test.go b/storage/pkg/chrootarchive/archive_unix_test.go index 5d55be3aea..cdb90ba75f 100644 --- a/storage/pkg/chrootarchive/archive_unix_test.go +++ b/storage/pkg/chrootarchive/archive_unix_test.go @@ -12,9 +12,10 @@ import ( "strings" "testing" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "go.podman.io/storage/pkg/archive" "golang.org/x/sys/unix" - "gotest.tools/v3/assert" ) // Test for CVE-2018-15664 @@ -26,12 +27,12 @@ func TestUntarWithMaliciousSymlinks(t *testing.T) { root := filepath.Join(dir, "root") err := os.MkdirAll(root, 0o755) - assert.NilError(t, err) + require.NoError(t, err) // Add a file into a directory above root // Ensure that we can't access this file while tarring. err = os.WriteFile(filepath.Join(dir, "host-file"), []byte("I am a host file"), 0o644) - assert.NilError(t, err) + require.NoError(t, err) // Create some data which will be copied into the "container" root into // the symlinked path. @@ -39,40 +40,39 @@ func TestUntarWithMaliciousSymlinks(t *testing.T) { // With this change it should not. data := filepath.Join(dir, "data") err = os.MkdirAll(data, 0o755) - assert.NilError(t, err) + require.NoError(t, err) err = os.WriteFile(filepath.Join(data, "local-file"), []byte("pwn3d"), 0o644) - assert.NilError(t, err) + require.NoError(t, err) safe := filepath.Join(root, "safe") err = unix.Symlink(dir, safe) - assert.NilError(t, err) + require.NoError(t, err) rdr, err := archive.TarWithOptions(data, &archive.TarOptions{IncludeFiles: []string{"local-file"}, RebaseNames: map[string]string{"local-file": "host-file"}}) - assert.NilError(t, err) + require.NoError(t, err) // Use tee to test both the good case and the bad case w/o recreating the archive bufRdr := bytes.NewBuffer(nil) tee := io.TeeReader(rdr, bufRdr) err = UntarWithRoot(tee, safe, nil, root) - assert.Assert(t, err != nil) assert.ErrorContains(t, err, "open /safe/host-file: no such file or directory") // Make sure the "host" file is still in tact // Before the fix the host file would be overwritten hostData, err := os.ReadFile(filepath.Join(dir, "host-file")) - assert.NilError(t, err) - assert.Equal(t, string(hostData), "I am a host file") + require.NoError(t, err) + assert.Equal(t, "I am a host file", string(hostData)) // Now test by chrooting to an attacker controlled path // This should succeed as is and overwrite a "host" file // Note that this would be a mis-use of this function. err = UntarWithRoot(bufRdr, safe, nil, safe) - assert.NilError(t, err) + require.NoError(t, err) hostData, err = os.ReadFile(filepath.Join(dir, "host-file")) - assert.NilError(t, err) - assert.Equal(t, string(hostData), "pwn3d") + require.NoError(t, err) + assert.Equal(t, "pwn3d", string(hostData)) } // Test for CVE-2018-15664 @@ -86,22 +86,22 @@ func TestTarWithMaliciousSymlinks(t *testing.T) { root := filepath.Join(dir, "root") err := os.MkdirAll(root, 0o755) - assert.NilError(t, err) + require.NoError(t, err) hostFileData := []byte("I am a host file") // Add a file into a directory above root // Ensure that we can't access this file while tarring. err = os.WriteFile(filepath.Join(dir, "host-file"), hostFileData, 0o644) - assert.NilError(t, err) + require.NoError(t, err) safe := filepath.Join(root, "safe") err = unix.Symlink(dir, safe) - assert.NilError(t, err) + require.NoError(t, err) data := filepath.Join(dir, "data") err = os.MkdirAll(data, 0o755) - assert.NilError(t, err) + require.NoError(t, err) type testCase struct { p string @@ -131,11 +131,11 @@ func TestTarWithMaliciousSymlinks(t *testing.T) { } } rdr, err := Tar(tc.p, opts, root) - assert.NilError(t, err) + require.NoError(t, err) defer rdr.Close() tr := gotar.NewReader(rdr) - assert.Assert(t, !isDataInTar(t, tr, hostFileData, int64(maxBytes)), "host data leaked to archive") + assert.False(t, isDataInTar(t, tr, hostFileData, int64(maxBytes)), "host data leaked to archive") }) } } @@ -147,16 +147,16 @@ func isDataInTar(t *testing.T, tr *gotar.Reader, compare []byte, maxBytes int64) if err == io.EOF { break } - assert.NilError(t, err) + require.NoError(t, err) if h.Size == 0 { continue } - assert.Assert(t, h.Size <= maxBytes, "%s: file size exceeds max expected size %d: %d", h.Name, maxBytes, h.Size) + assert.LessOrEqual(t, h.Size, maxBytes, "%s: file size exceeds max expected size %d: %d", h.Name, maxBytes, h.Size) data := make([]byte, int(h.Size)) _, err = io.ReadFull(tr, data) - assert.NilError(t, err) + require.NoError(t, err) if bytes.Contains(data, compare) { return true } diff --git a/storage/types/options_test.go b/storage/types/options_test.go index cdf6e6131d..6c4ca7484d 100644 --- a/storage/types/options_test.go +++ b/storage/types/options_test.go @@ -4,13 +4,12 @@ import ( "bytes" "os" "strconv" - "strings" "testing" "github.com/sirupsen/logrus" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.podman.io/storage/pkg/unshare" - "gotest.tools/v3/assert" ) func TestInvalidKeyFile(t *testing.T) { @@ -23,9 +22,9 @@ func TestInvalidKeyFile(t *testing.T) { var storageOpts StoreOptions storageOpts, err := LoadStoreOptions(LoadOptions{}) require.NoError(t, err) - assert.Equal(t, storageOpts.RunRoot, "/run/containers/test") + assert.Equal(t, "/run/containers/test", storageOpts.RunRoot) - assert.Equal(t, strings.Contains(content.String(), "Failed to decode the keys [\\\"foo\\\" \\\"storage.options.graphroot\\\"] from \\\"./storage_broken.conf\\\"\""), true) + assert.Contains(t, content.String(), "Failed to decode the keys [\\\"foo\\\" \\\"storage.options.graphroot\\\"] from \\\"./storage_broken.conf\\\"\"") } func TestLoadStoreOptions(t *testing.T) { @@ -34,6 +33,6 @@ func TestLoadStoreOptions(t *testing.T) { storageOpts, err := LoadStoreOptions(LoadOptions{}) require.NoError(t, err) - assert.Equal(t, storageOpts.RunRoot, "/run/"+strconv.Itoa(unshare.GetRootlessUID())+"/containers/storage") - assert.Equal(t, storageOpts.GraphRoot, os.Getenv("HOME")+"/"+strconv.Itoa(unshare.GetRootlessUID())+"/containers/storage") + assert.Equal(t, "/run/"+strconv.Itoa(unshare.GetRootlessUID())+"/containers/storage", storageOpts.RunRoot) + assert.Equal(t, os.Getenv("HOME")+"/"+strconv.Itoa(unshare.GetRootlessUID())+"/containers/storage", storageOpts.GraphRoot) } diff --git a/vendor/gotest.tools/v3/LICENSE b/vendor/gotest.tools/v3/LICENSE deleted file mode 100644 index aeaa2fac3d..0000000000 --- a/vendor/gotest.tools/v3/LICENSE +++ /dev/null @@ -1,13 +0,0 @@ -Copyright 2018 gotest.tools authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/vendor/gotest.tools/v3/assert/assert.go b/vendor/gotest.tools/v3/assert/assert.go deleted file mode 100644 index ae62cefec1..0000000000 --- a/vendor/gotest.tools/v3/assert/assert.go +++ /dev/null @@ -1,311 +0,0 @@ -/* -Package assert provides assertions for comparing expected values to actual -values in tests. When an assertion fails a helpful error message is printed. - -# Example usage - -All the assertions in this package use [testing.T.Helper] to mark themselves as -test helpers. This allows the testing package to print the filename and line -number of the file function that failed. - - assert.NilError(t, err) - // filename_test.go:212: assertion failed: error is not nil: file not found - -If any assertion is called from a helper function, make sure to call t.Helper -from the helper function so that the filename and line number remain correct. - -The examples below show assert used with some common types and the failure -messages it produces. The filename and line number portion of the failure -message is omitted from these examples for brevity. - - // booleans - - assert.Assert(t, ok) - // assertion failed: ok is false - assert.Assert(t, !missing) - // assertion failed: missing is true - - // primitives - - assert.Equal(t, count, 1) - // assertion failed: 0 (count int) != 1 (int) - assert.Equal(t, msg, "the message") - // assertion failed: my message (msg string) != the message (string) - assert.Assert(t, total != 10) // use Assert for NotEqual - // assertion failed: total is 10 - assert.Assert(t, count > 20, "count=%v", count) - // assertion failed: count is <= 20: count=1 - - // errors - - assert.NilError(t, closer.Close()) - // assertion failed: error is not nil: close /file: errno 11 - assert.Error(t, err, "the exact error message") - // assertion failed: expected error "the exact error message", got "oops" - assert.ErrorContains(t, err, "includes this") - // assertion failed: expected error to contain "includes this", got "oops" - assert.ErrorIs(t, err, os.ErrNotExist) - // assertion failed: error is "oops", not "file does not exist" (os.ErrNotExist) - - // complex types - - assert.DeepEqual(t, result, myStruct{Name: "title"}) - // assertion failed: ... (diff of the two structs) - assert.Assert(t, is.Len(items, 3)) - // assertion failed: expected [] (length 0) to have length 3 - assert.Assert(t, len(sequence) != 0) // use Assert for NotEmpty - // assertion failed: len(sequence) is 0 - assert.Assert(t, is.Contains(mapping, "key")) - // assertion failed: map[other:1] does not contain key - - // pointers and interface - - assert.Assert(t, ref == nil) - // assertion failed: ref is not nil - assert.Assert(t, ref != nil) // use Assert for NotNil - // assertion failed: ref is nil - -# Assert and Check - -[Assert] and [Check] are very similar, they both accept a [cmp.Comparison], and fail -the test when the comparison fails. The one difference is that Assert uses -[testing.T.FailNow] to fail the test, which will end the test execution immediately. -Check uses [testing.T.Fail] to fail the test, which allows it to return the -result of the comparison, then proceed with the rest of the test case. - -Like [testing.T.FailNow], [Assert] must be called from the goroutine running the test, -not from other goroutines created during the test. [Check] is safe to use from any -goroutine. - -# Comparisons - -Package [gotest.tools/v3/assert/cmp] provides -many common comparisons. Additional comparisons can be written to compare -values in other ways. See the example Assert (CustomComparison). - -# Automated migration from testify - -gty-migrate-from-testify is a command which translates Go source code from -testify assertions to the assertions provided by this package. - -See http://pkg.go.dev/gotest.tools/v3/assert/cmd/gty-migrate-from-testify. -*/ -package assert // import "gotest.tools/v3/assert" - -import ( - gocmp "github.com/google/go-cmp/cmp" - "gotest.tools/v3/assert/cmp" - "gotest.tools/v3/internal/assert" -) - -// BoolOrComparison can be a bool, [cmp.Comparison], or error. See [Assert] for -// details about how this type is used. -type BoolOrComparison interface{} - -// TestingT is the subset of [testing.T] (see also [testing.TB]) used by the assert package. -type TestingT interface { - FailNow() - Fail() - Log(args ...interface{}) -} - -type helperT interface { - Helper() -} - -// Assert performs a comparison. If the comparison fails, the test is marked as -// failed, a failure message is logged, and execution is stopped immediately. -// -// The comparison argument may be one of three types: -// -// bool -// True is success. False is a failure. The failure message will contain -// the literal source code of the expression. -// -// cmp.Comparison -// Uses cmp.Result.Success() to check for success or failure. -// The comparison is responsible for producing a helpful failure message. -// http://pkg.go.dev/gotest.tools/v3/assert/cmp provides many common comparisons. -// -// error -// A nil value is considered success, and a non-nil error is a failure. -// The return value of error.Error is used as the failure message. -// -// Extra details can be added to the failure message using msgAndArgs. msgAndArgs -// may be either a single string, or a format string and args that will be -// passed to [fmt.Sprintf]. -// -// Assert uses [testing.TB.FailNow] to fail the test. Like t.FailNow, Assert must be called -// from the goroutine running the test function, not from other -// goroutines created during the test. Use [Check] from other goroutines. -func Assert(t TestingT, comparison BoolOrComparison, msgAndArgs ...interface{}) { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - if !assert.Eval(t, assert.ArgsFromComparisonCall, comparison, msgAndArgs...) { - t.FailNow() - } -} - -// Check performs a comparison. If the comparison fails the test is marked as -// failed, a failure message is printed, and Check returns false. If the comparison -// is successful Check returns true. Check may be called from any goroutine. -// -// See [Assert] for details about the comparison arg and failure messages. -func Check(t TestingT, comparison BoolOrComparison, msgAndArgs ...interface{}) bool { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - if !assert.Eval(t, assert.ArgsFromComparisonCall, comparison, msgAndArgs...) { - t.Fail() - return false - } - return true -} - -// NilError fails the test immediately if err is not nil, and includes err.Error -// in the failure message. -// -// NilError uses [testing.TB.FailNow] to fail the test. Like t.FailNow, NilError must be -// called from the goroutine running the test function, not from other -// goroutines created during the test. Use [Check] from other goroutines. -func NilError(t TestingT, err error, msgAndArgs ...interface{}) { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - if !assert.Eval(t, assert.ArgsAfterT, err, msgAndArgs...) { - t.FailNow() - } -} - -// Equal uses the == operator to assert two values are equal and fails the test -// if they are not equal. -// -// If the comparison fails Equal will use the variable names and types of -// x and y as part of the failure message to identify the actual and expected -// values. -// -// assert.Equal(t, actual, expected) -// // main_test.go:41: assertion failed: 1 (actual int) != 21 (expected int32) -// -// If either x or y are a multi-line string the failure message will include a -// unified diff of the two values. If the values only differ by whitespace -// the unified diff will be augmented by replacing whitespace characters with -// visible characters to identify the whitespace difference. -// -// Equal uses [testing.T.FailNow] to fail the test. Like t.FailNow, Equal must be -// called from the goroutine running the test function, not from other -// goroutines created during the test. Use [Check] with [cmp.Equal] from other -// goroutines. -func Equal(t TestingT, x, y interface{}, msgAndArgs ...interface{}) { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - if !assert.Eval(t, assert.ArgsAfterT, cmp.Equal(x, y), msgAndArgs...) { - t.FailNow() - } -} - -// DeepEqual uses [github.com/google/go-cmp/cmp] -// to assert two values are equal and fails the test if they are not equal. -// -// Package [gotest.tools/v3/assert/opt] provides some additional -// commonly used Options. -// -// DeepEqual uses [testing.T.FailNow] to fail the test. Like t.FailNow, DeepEqual must be -// called from the goroutine running the test function, not from other -// goroutines created during the test. Use [Check] with [cmp.DeepEqual] from other -// goroutines. -func DeepEqual(t TestingT, x, y interface{}, opts ...gocmp.Option) { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - if !assert.Eval(t, assert.ArgsAfterT, cmp.DeepEqual(x, y, opts...)) { - t.FailNow() - } -} - -// Error fails the test if err is nil, or if err.Error is not equal to expected. -// Both err.Error and expected will be included in the failure message. -// Error performs an exact match of the error text. Use [ErrorContains] if only -// part of the error message is relevant. Use [ErrorType] or [ErrorIs] to compare -// errors by type. -// -// Error uses [testing.T.FailNow] to fail the test. Like t.FailNow, Error must be -// called from the goroutine running the test function, not from other -// goroutines created during the test. Use [Check] with [cmp.Error] from other -// goroutines. -func Error(t TestingT, err error, expected string, msgAndArgs ...interface{}) { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - if !assert.Eval(t, assert.ArgsAfterT, cmp.Error(err, expected), msgAndArgs...) { - t.FailNow() - } -} - -// ErrorContains fails the test if err is nil, or if err.Error does not -// contain the expected substring. Both err.Error and the expected substring -// will be included in the failure message. -// -// ErrorContains uses [testing.T.FailNow] to fail the test. Like t.FailNow, ErrorContains -// must be called from the goroutine running the test function, not from other -// goroutines created during the test. Use [Check] with [cmp.ErrorContains] from other -// goroutines. -func ErrorContains(t TestingT, err error, substring string, msgAndArgs ...interface{}) { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - if !assert.Eval(t, assert.ArgsAfterT, cmp.ErrorContains(err, substring), msgAndArgs...) { - t.FailNow() - } -} - -// ErrorType fails the test if err is nil, or err is not the expected type. -// New code should use ErrorIs instead. -// -// Expected can be one of: -// -// func(error) bool -// The function should return true if the error is the expected type. -// -// struct{} or *struct{} -// A struct or a pointer to a struct. The assertion fails if the error is -// not of the same type. -// -// *interface{} -// A pointer to an interface type. The assertion fails if err does not -// implement the interface. -// -// reflect.Type -// The assertion fails if err does not implement the reflect.Type. -// -// ErrorType uses [testing.T.FailNow] to fail the test. Like t.FailNow, ErrorType -// must be called from the goroutine running the test function, not from other -// goroutines created during the test. Use [Check] with [cmp.ErrorType] from other -// goroutines. -func ErrorType(t TestingT, err error, expected interface{}, msgAndArgs ...interface{}) { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - if !assert.Eval(t, assert.ArgsAfterT, cmp.ErrorType(err, expected), msgAndArgs...) { - t.FailNow() - } -} - -// ErrorIs fails the test if err is nil, or the error does not match expected -// when compared using errors.Is. See [errors.Is] for -// accepted arguments. -// -// ErrorIs uses [testing.T.FailNow] to fail the test. Like t.FailNow, ErrorIs -// must be called from the goroutine running the test function, not from other -// goroutines created during the test. Use [Check] with [cmp.ErrorIs] from other -// goroutines. -func ErrorIs(t TestingT, err error, expected error, msgAndArgs ...interface{}) { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - if !assert.Eval(t, assert.ArgsAfterT, cmp.ErrorIs(err, expected), msgAndArgs...) { - t.FailNow() - } -} diff --git a/vendor/gotest.tools/v3/assert/cmp/compare.go b/vendor/gotest.tools/v3/assert/cmp/compare.go deleted file mode 100644 index a7507e6591..0000000000 --- a/vendor/gotest.tools/v3/assert/cmp/compare.go +++ /dev/null @@ -1,403 +0,0 @@ -/*Package cmp provides Comparisons for Assert and Check*/ -package cmp // import "gotest.tools/v3/assert/cmp" - -import ( - "errors" - "fmt" - "reflect" - "regexp" - "strings" - - "github.com/google/go-cmp/cmp" - "gotest.tools/v3/internal/format" -) - -// Comparison is a function which compares values and returns [ResultSuccess] if -// the actual value matches the expected value. If the values do not match the -// [Result] will contain a message about why it failed. -type Comparison func() Result - -// DeepEqual compares two values using [github.com/google/go-cmp/cmp] -// and succeeds if the values are equal. -// -// The comparison can be customized using comparison Options. -// Package [gotest.tools/v3/assert/opt] provides some additional -// commonly used Options. -func DeepEqual(x, y interface{}, opts ...cmp.Option) Comparison { - return func() (result Result) { - defer func() { - if panicmsg, handled := handleCmpPanic(recover()); handled { - result = ResultFailure(panicmsg) - } - }() - diff := cmp.Diff(x, y, opts...) - if diff == "" { - return ResultSuccess - } - return multiLineDiffResult(diff, x, y) - } -} - -func handleCmpPanic(r interface{}) (string, bool) { - if r == nil { - return "", false - } - panicmsg, ok := r.(string) - if !ok { - panic(r) - } - switch { - case strings.HasPrefix(panicmsg, "cannot handle unexported field"): - return panicmsg, true - } - panic(r) -} - -func toResult(success bool, msg string) Result { - if success { - return ResultSuccess - } - return ResultFailure(msg) -} - -// RegexOrPattern may be either a [*regexp.Regexp] or a string that is a valid -// regexp pattern. -type RegexOrPattern interface{} - -// Regexp succeeds if value v matches regular expression re. -// -// Example: -// -// assert.Assert(t, cmp.Regexp("^[0-9a-f]{32}$", str)) -// r := regexp.MustCompile("^[0-9a-f]{32}$") -// assert.Assert(t, cmp.Regexp(r, str)) -func Regexp(re RegexOrPattern, v string) Comparison { - match := func(re *regexp.Regexp) Result { - return toResult( - re.MatchString(v), - fmt.Sprintf("value %q does not match regexp %q", v, re.String())) - } - - return func() Result { - switch regex := re.(type) { - case *regexp.Regexp: - return match(regex) - case string: - re, err := regexp.Compile(regex) - if err != nil { - return ResultFailure(err.Error()) - } - return match(re) - default: - return ResultFailure(fmt.Sprintf("invalid type %T for regex pattern", regex)) - } - } -} - -// Equal succeeds if x == y. See [gotest.tools/v3/assert.Equal] for full documentation. -func Equal(x, y interface{}) Comparison { - return func() Result { - switch { - case x == y: - return ResultSuccess - case isMultiLineStringCompare(x, y): - diff := format.UnifiedDiff(format.DiffConfig{A: x.(string), B: y.(string)}) - return multiLineDiffResult(diff, x, y) - } - return ResultFailureTemplate(` - {{- printf "%v" .Data.x}} ( - {{- with callArg 0 }}{{ formatNode . }} {{end -}} - {{- printf "%T" .Data.x -}} - ) != {{ printf "%v" .Data.y}} ( - {{- with callArg 1 }}{{ formatNode . }} {{end -}} - {{- printf "%T" .Data.y -}} - )`, - map[string]interface{}{"x": x, "y": y}) - } -} - -func isMultiLineStringCompare(x, y interface{}) bool { - strX, ok := x.(string) - if !ok { - return false - } - strY, ok := y.(string) - if !ok { - return false - } - return strings.Contains(strX, "\n") || strings.Contains(strY, "\n") -} - -func multiLineDiffResult(diff string, x, y interface{}) Result { - return ResultFailureTemplate(` ---- {{ with callArg 0 }}{{ formatNode . }}{{else}}←{{end}} -+++ {{ with callArg 1 }}{{ formatNode . }}{{else}}→{{end}} -{{ .Data.diff }}`, - map[string]interface{}{"diff": diff, "x": x, "y": y}) -} - -// Len succeeds if the sequence has the expected length. -func Len(seq interface{}, expected int) Comparison { - return func() (result Result) { - defer func() { - if e := recover(); e != nil { - result = ResultFailure(fmt.Sprintf("type %T does not have a length", seq)) - } - }() - value := reflect.ValueOf(seq) - length := value.Len() - if length == expected { - return ResultSuccess - } - msg := fmt.Sprintf("expected %s (length %d) to have length %d", seq, length, expected) - return ResultFailure(msg) - } -} - -// Contains succeeds if item is in collection. Collection may be a string, map, -// slice, or array. -// -// If collection is a string, item must also be a string, and is compared using -// [strings.Contains]. -// If collection is a Map, contains will succeed if item is a key in the map. -// If collection is a slice or array, item is compared to each item in the -// sequence using [reflect.DeepEqual]. -func Contains(collection interface{}, item interface{}) Comparison { - return func() Result { - colValue := reflect.ValueOf(collection) - if !colValue.IsValid() { - return ResultFailure("nil does not contain items") - } - msg := fmt.Sprintf("%v does not contain %v", collection, item) - - itemValue := reflect.ValueOf(item) - switch colValue.Type().Kind() { - case reflect.String: - if itemValue.Type().Kind() != reflect.String { - return ResultFailure("string may only contain strings") - } - return toResult( - strings.Contains(colValue.String(), itemValue.String()), - fmt.Sprintf("string %q does not contain %q", collection, item)) - - case reflect.Map: - if itemValue.Type() != colValue.Type().Key() { - return ResultFailure(fmt.Sprintf( - "%v can not contain a %v key", colValue.Type(), itemValue.Type())) - } - return toResult(colValue.MapIndex(itemValue).IsValid(), msg) - - case reflect.Slice, reflect.Array: - for i := 0; i < colValue.Len(); i++ { - if reflect.DeepEqual(colValue.Index(i).Interface(), item) { - return ResultSuccess - } - } - return ResultFailure(msg) - default: - return ResultFailure(fmt.Sprintf("type %T does not contain items", collection)) - } - } -} - -// Panics succeeds if f() panics. -func Panics(f func()) Comparison { - return func() (result Result) { - defer func() { - if err := recover(); err != nil { - result = ResultSuccess - } - }() - f() - return ResultFailure("did not panic") - } -} - -// Error succeeds if err is a non-nil error, and the error message equals the -// expected message. -func Error(err error, message string) Comparison { - return func() Result { - switch { - case err == nil: - return ResultFailure("expected an error, got nil") - case err.Error() != message: - return ResultFailure(fmt.Sprintf( - "expected error %q, got %s", message, formatErrorMessage(err))) - } - return ResultSuccess - } -} - -// ErrorContains succeeds if err is a non-nil error, and the error message contains -// the expected substring. -func ErrorContains(err error, substring string) Comparison { - return func() Result { - switch { - case err == nil: - return ResultFailure("expected an error, got nil") - case !strings.Contains(err.Error(), substring): - return ResultFailure(fmt.Sprintf( - "expected error to contain %q, got %s", substring, formatErrorMessage(err))) - } - return ResultSuccess - } -} - -type causer interface { - Cause() error -} - -func formatErrorMessage(err error) string { - //nolint:errorlint,nolintlint // unwrapping is not appropriate here - if _, ok := err.(causer); ok { - return fmt.Sprintf("%q\n%+v", err, err) - } - // This error was not wrapped with github.com/pkg/errors - return fmt.Sprintf("%q", err) -} - -// Nil succeeds if obj is a nil interface, pointer, or function. -// -// Use [gotest.tools/v3/assert.NilError] for comparing errors. Use Len(obj, 0) for comparing slices, -// maps, and channels. -func Nil(obj interface{}) Comparison { - msgFunc := func(value reflect.Value) string { - return fmt.Sprintf("%v (type %s) is not nil", reflect.Indirect(value), value.Type()) - } - return isNil(obj, msgFunc) -} - -func isNil(obj interface{}, msgFunc func(reflect.Value) string) Comparison { - return func() Result { - if obj == nil { - return ResultSuccess - } - value := reflect.ValueOf(obj) - kind := value.Type().Kind() - if kind >= reflect.Chan && kind <= reflect.Slice { - if value.IsNil() { - return ResultSuccess - } - return ResultFailure(msgFunc(value)) - } - - return ResultFailure(fmt.Sprintf("%v (type %s) can not be nil", value, value.Type())) - } -} - -// ErrorType succeeds if err is not nil and is of the expected type. -// New code should use [ErrorIs] instead. -// -// Expected can be one of: -// -// func(error) bool -// -// Function should return true if the error is the expected type. -// -// type struct{}, type &struct{} -// -// A struct or a pointer to a struct. -// Fails if the error is not of the same type as expected. -// -// type &interface{} -// -// A pointer to an interface type. -// Fails if err does not implement the interface. -// -// reflect.Type -// -// Fails if err does not implement the [reflect.Type]. -func ErrorType(err error, expected interface{}) Comparison { - return func() Result { - switch expectedType := expected.(type) { - case func(error) bool: - return cmpErrorTypeFunc(err, expectedType) - case reflect.Type: - if expectedType.Kind() == reflect.Interface { - return cmpErrorTypeImplementsType(err, expectedType) - } - return cmpErrorTypeEqualType(err, expectedType) - case nil: - return ResultFailure("invalid type for expected: nil") - } - - expectedType := reflect.TypeOf(expected) - switch { - case expectedType.Kind() == reflect.Struct, isPtrToStruct(expectedType): - return cmpErrorTypeEqualType(err, expectedType) - case isPtrToInterface(expectedType): - return cmpErrorTypeImplementsType(err, expectedType.Elem()) - } - return ResultFailure(fmt.Sprintf("invalid type for expected: %T", expected)) - } -} - -func cmpErrorTypeFunc(err error, f func(error) bool) Result { - if f(err) { - return ResultSuccess - } - actual := "nil" - if err != nil { - actual = fmt.Sprintf("%s (%T)", err, err) - } - return ResultFailureTemplate(`error is {{ .Data.actual }} - {{- with callArg 1 }}, not {{ formatNode . }}{{end -}}`, - map[string]interface{}{"actual": actual}) -} - -func cmpErrorTypeEqualType(err error, expectedType reflect.Type) Result { - if err == nil { - return ResultFailure(fmt.Sprintf("error is nil, not %s", expectedType)) - } - errValue := reflect.ValueOf(err) - if errValue.Type() == expectedType { - return ResultSuccess - } - return ResultFailure(fmt.Sprintf("error is %s (%T), not %s", err, err, expectedType)) -} - -func cmpErrorTypeImplementsType(err error, expectedType reflect.Type) Result { - if err == nil { - return ResultFailure(fmt.Sprintf("error is nil, not %s", expectedType)) - } - errValue := reflect.ValueOf(err) - if errValue.Type().Implements(expectedType) { - return ResultSuccess - } - return ResultFailure(fmt.Sprintf("error is %s (%T), not %s", err, err, expectedType)) -} - -func isPtrToInterface(typ reflect.Type) bool { - return typ.Kind() == reflect.Ptr && typ.Elem().Kind() == reflect.Interface -} - -func isPtrToStruct(typ reflect.Type) bool { - return typ.Kind() == reflect.Ptr && typ.Elem().Kind() == reflect.Struct -} - -var ( - stdlibErrorNewType = reflect.TypeOf(errors.New("")) - stdlibFmtErrorType = reflect.TypeOf(fmt.Errorf("%w", fmt.Errorf(""))) -) - -// ErrorIs succeeds if errors.Is(actual, expected) returns true. See -// [errors.Is] for accepted argument values. -func ErrorIs(actual error, expected error) Comparison { - return func() Result { - if errors.Is(actual, expected) { - return ResultSuccess - } - - // The type of stdlib errors is excluded because the type is not relevant - // in those cases. The type is only important when it is a user defined - // custom error type. - return ResultFailureTemplate(`error is - {{- if not .Data.a }} nil,{{ else }} - {{- printf " \"%v\"" .Data.a }} - {{- if notStdlibErrorType .Data.a }} ({{ printf "%T" .Data.a }}){{ end }}, - {{- end }} not {{ printf "\"%v\"" .Data.x }} ( - {{- with callArg 1 }}{{ formatNode . }}{{ end }} - {{- if notStdlibErrorType .Data.x }}{{ printf " %T" .Data.x }}{{ end }})`, - map[string]interface{}{"a": actual, "x": expected}) - } -} diff --git a/vendor/gotest.tools/v3/assert/cmp/result.go b/vendor/gotest.tools/v3/assert/cmp/result.go deleted file mode 100644 index 9992ede544..0000000000 --- a/vendor/gotest.tools/v3/assert/cmp/result.go +++ /dev/null @@ -1,110 +0,0 @@ -package cmp - -import ( - "bytes" - "fmt" - "go/ast" - "reflect" - "text/template" - - "gotest.tools/v3/internal/source" -) - -// A Result of a [Comparison]. -type Result interface { - Success() bool -} - -// StringResult is an implementation of [Result] that reports the error message -// string verbatim and does not provide any templating or formatting of the -// message. -type StringResult struct { - success bool - message string -} - -// Success returns true if the comparison was successful. -func (r StringResult) Success() bool { - return r.success -} - -// FailureMessage returns the message used to provide additional information -// about the failure. -func (r StringResult) FailureMessage() string { - return r.message -} - -// ResultSuccess is a constant which is returned by a [Comparison] to -// indicate success. -var ResultSuccess = StringResult{success: true} - -// ResultFailure returns a failed [Result] with a failure message. -func ResultFailure(message string) StringResult { - return StringResult{message: message} -} - -// ResultFromError returns [ResultSuccess] if err is nil. Otherwise [ResultFailure] -// is returned with the error message as the failure message. -func ResultFromError(err error) Result { - if err == nil { - return ResultSuccess - } - return ResultFailure(err.Error()) -} - -type templatedResult struct { - template string - data map[string]interface{} -} - -func (r templatedResult) Success() bool { - return false -} - -func (r templatedResult) FailureMessage(args []ast.Expr) string { - msg, err := renderMessage(r, args) - if err != nil { - return fmt.Sprintf("failed to render failure message: %s", err) - } - return msg -} - -func (r templatedResult) UpdatedExpected(stackIndex int) error { - // TODO: would be nice to have structured data instead of a map - return source.UpdateExpectedValue(stackIndex+1, r.data["x"], r.data["y"]) -} - -// ResultFailureTemplate returns a [Result] with a template string and data which -// can be used to format a failure message. The template may access data from .Data, -// the comparison args with the callArg function, and the formatNode function may -// be used to format the call args. -func ResultFailureTemplate(template string, data map[string]interface{}) Result { - return templatedResult{template: template, data: data} -} - -func renderMessage(result templatedResult, args []ast.Expr) (string, error) { - tmpl := template.New("failure").Funcs(template.FuncMap{ - "formatNode": source.FormatNode, - "callArg": func(index int) ast.Expr { - if index >= len(args) { - return nil - } - return args[index] - }, - // TODO: any way to include this from ErrorIS instead of here? - "notStdlibErrorType": func(typ interface{}) bool { - r := reflect.TypeOf(typ) - return r != stdlibFmtErrorType && r != stdlibErrorNewType - }, - }) - var err error - tmpl, err = tmpl.Parse(result.template) - if err != nil { - return "", err - } - buf := new(bytes.Buffer) - err = tmpl.Execute(buf, map[string]interface{}{ - "Data": result.data, - }) - return buf.String(), err -} diff --git a/vendor/gotest.tools/v3/internal/assert/assert.go b/vendor/gotest.tools/v3/internal/assert/assert.go deleted file mode 100644 index 1e8727682c..0000000000 --- a/vendor/gotest.tools/v3/internal/assert/assert.go +++ /dev/null @@ -1,160 +0,0 @@ -// Package assert provides internal utilties for assertions. -package assert - -import ( - "fmt" - "go/ast" - "go/token" - "reflect" - - "gotest.tools/v3/assert/cmp" - "gotest.tools/v3/internal/format" - "gotest.tools/v3/internal/source" -) - -// LogT is the subset of testing.T used by the assert package. -type LogT interface { - Log(args ...interface{}) -} - -type helperT interface { - Helper() -} - -const failureMessage = "assertion failed: " - -// Eval the comparison and print a failure messages if the comparison has failed. -func Eval( - t LogT, - argSelector argSelector, - comparison interface{}, - msgAndArgs ...interface{}, -) bool { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - var success bool - switch check := comparison.(type) { - case bool: - if check { - return true - } - logFailureFromBool(t, msgAndArgs...) - - // Undocumented legacy comparison without Result type - case func() (success bool, message string): - success = runCompareFunc(t, check, msgAndArgs...) - - case nil: - return true - - case error: - msg := failureMsgFromError(check) - t.Log(format.WithCustomMessage(failureMessage+msg, msgAndArgs...)) - - case cmp.Comparison: - success = RunComparison(t, argSelector, check, msgAndArgs...) - - case func() cmp.Result: - success = RunComparison(t, argSelector, check, msgAndArgs...) - - default: - t.Log(fmt.Sprintf("invalid Comparison: %v (%T)", check, check)) - } - return success -} - -func runCompareFunc( - t LogT, - f func() (success bool, message string), - msgAndArgs ...interface{}, -) bool { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - if success, message := f(); !success { - t.Log(format.WithCustomMessage(failureMessage+message, msgAndArgs...)) - return false - } - return true -} - -func logFailureFromBool(t LogT, msgAndArgs ...interface{}) { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - const stackIndex = 3 // Assert()/Check(), assert(), logFailureFromBool() - args, err := source.CallExprArgs(stackIndex) - if err != nil { - t.Log(err.Error()) - } - - var msg string - const comparisonArgIndex = 1 // Assert(t, comparison) - if len(args) <= comparisonArgIndex { - msg = "but assert failed to find the expression to print" - } else { - msg, err = boolFailureMessage(args[comparisonArgIndex]) - if err != nil { - t.Log(err.Error()) - msg = "expression is false" - } - } - - t.Log(format.WithCustomMessage(failureMessage+msg, msgAndArgs...)) -} - -func failureMsgFromError(err error) string { - // Handle errors with non-nil types - v := reflect.ValueOf(err) - if v.Kind() == reflect.Ptr && v.IsNil() { - return fmt.Sprintf("error is not nil: error has type %T", err) - } - return "error is not nil: " + err.Error() -} - -func boolFailureMessage(expr ast.Expr) (string, error) { - if binaryExpr, ok := expr.(*ast.BinaryExpr); ok { - x, err := source.FormatNode(binaryExpr.X) - if err != nil { - return "", err - } - y, err := source.FormatNode(binaryExpr.Y) - if err != nil { - return "", err - } - - switch binaryExpr.Op { - case token.NEQ: - return x + " is " + y, nil - case token.EQL: - return x + " is not " + y, nil - case token.GTR: - return x + " is <= " + y, nil - case token.LSS: - return x + " is >= " + y, nil - case token.GEQ: - return x + " is less than " + y, nil - case token.LEQ: - return x + " is greater than " + y, nil - } - } - - if unaryExpr, ok := expr.(*ast.UnaryExpr); ok && unaryExpr.Op == token.NOT { - x, err := source.FormatNode(unaryExpr.X) - if err != nil { - return "", err - } - return x + " is true", nil - } - - if ident, ok := expr.(*ast.Ident); ok { - return ident.Name + " is false", nil - } - - formatted, err := source.FormatNode(expr) - if err != nil { - return "", err - } - return "expression is false: " + formatted, nil -} diff --git a/vendor/gotest.tools/v3/internal/assert/result.go b/vendor/gotest.tools/v3/internal/assert/result.go deleted file mode 100644 index bb8741eb44..0000000000 --- a/vendor/gotest.tools/v3/internal/assert/result.go +++ /dev/null @@ -1,146 +0,0 @@ -package assert - -import ( - "errors" - "fmt" - "go/ast" - - "gotest.tools/v3/assert/cmp" - "gotest.tools/v3/internal/format" - "gotest.tools/v3/internal/source" -) - -// RunComparison and return Comparison.Success. If the comparison fails a messages -// will be printed using t.Log. -func RunComparison( - t LogT, - argSelector argSelector, - f cmp.Comparison, - msgAndArgs ...interface{}, -) bool { - if ht, ok := t.(helperT); ok { - ht.Helper() - } - result := f() - if result.Success() { - return true - } - - if source.IsUpdate() { - if updater, ok := result.(updateExpected); ok { - const stackIndex = 3 // Assert/Check, assert, RunComparison - err := updater.UpdatedExpected(stackIndex) - switch { - case err == nil: - return true - case errors.Is(err, source.ErrNotFound): - // do nothing, fallthrough to regular failure message - default: - t.Log("failed to update source", err) - return false - } - } - } - - var message string - switch typed := result.(type) { - case resultWithComparisonArgs: - const stackIndex = 3 // Assert/Check, assert, RunComparison - args, err := source.CallExprArgs(stackIndex) - if err != nil { - t.Log(err.Error()) - } - message = typed.FailureMessage(filterPrintableExpr(argSelector(args))) - case resultBasic: - message = typed.FailureMessage() - default: - message = fmt.Sprintf("comparison returned invalid Result type: %T", result) - } - - t.Log(format.WithCustomMessage(failureMessage+message, msgAndArgs...)) - return false -} - -type resultWithComparisonArgs interface { - FailureMessage(args []ast.Expr) string -} - -type resultBasic interface { - FailureMessage() string -} - -type updateExpected interface { - UpdatedExpected(stackIndex int) error -} - -// filterPrintableExpr filters the ast.Expr slice to only include Expr that are -// easy to read when printed and contain relevant information to an assertion. -// -// Ident and SelectorExpr are included because they print nicely and the variable -// names may provide additional context to their values. -// BasicLit and CompositeLit are excluded because their source is equivalent to -// their value, which is already available. -// Other types are ignored for now, but could be added if they are relevant. -func filterPrintableExpr(args []ast.Expr) []ast.Expr { - result := make([]ast.Expr, len(args)) - for i, arg := range args { - if isShortPrintableExpr(arg) { - result[i] = arg - continue - } - - if starExpr, ok := arg.(*ast.StarExpr); ok { - result[i] = starExpr.X - continue - } - } - return result -} - -func isShortPrintableExpr(expr ast.Expr) bool { - switch expr.(type) { - case *ast.Ident, *ast.SelectorExpr, *ast.IndexExpr, *ast.SliceExpr: - return true - case *ast.BinaryExpr, *ast.UnaryExpr: - return true - default: - // CallExpr, ParenExpr, TypeAssertExpr, KeyValueExpr, StarExpr - return false - } -} - -type argSelector func([]ast.Expr) []ast.Expr - -// ArgsAfterT selects args starting at position 1. Used when the caller has a -// testing.T as the first argument, and the args to select should follow it. -func ArgsAfterT(args []ast.Expr) []ast.Expr { - if len(args) < 1 { - return nil - } - return args[1:] -} - -// ArgsFromComparisonCall selects args from the CallExpression at position 1. -// Used when the caller has a testing.T as the first argument, and the args to -// select are passed to the cmp.Comparison at position 1. -func ArgsFromComparisonCall(args []ast.Expr) []ast.Expr { - if len(args) <= 1 { - return nil - } - if callExpr, ok := args[1].(*ast.CallExpr); ok { - return callExpr.Args - } - return nil -} - -// ArgsAtZeroIndex selects args from the CallExpression at position 1. -// Used when the caller accepts a single cmp.Comparison argument. -func ArgsAtZeroIndex(args []ast.Expr) []ast.Expr { - if len(args) == 0 { - return nil - } - if callExpr, ok := args[0].(*ast.CallExpr); ok { - return callExpr.Args - } - return nil -} diff --git a/vendor/gotest.tools/v3/internal/difflib/LICENSE b/vendor/gotest.tools/v3/internal/difflib/LICENSE deleted file mode 100644 index c67dad612a..0000000000 --- a/vendor/gotest.tools/v3/internal/difflib/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2013, Patrick Mezard -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. - The names of its contributors may not be used to endorse or promote -products derived from this software without specific prior written -permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS -IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/gotest.tools/v3/internal/difflib/difflib.go b/vendor/gotest.tools/v3/internal/difflib/difflib.go deleted file mode 100644 index bedacca3e5..0000000000 --- a/vendor/gotest.tools/v3/internal/difflib/difflib.go +++ /dev/null @@ -1,427 +0,0 @@ -/* -Package difflib is a partial port of Python difflib module. - -Original source: https://github.com/pmezard/go-difflib - -This file is trimmed to only the parts used by this repository. -*/ -package difflib // import "gotest.tools/v3/internal/difflib" - -func minInt(a, b int) int { - if a < b { - return a - } - return b -} - -func maxInt(a, b int) int { - if a > b { - return a - } - return b -} - -// Match stores line numbers of size of match -type Match struct { - A int - B int - Size int -} - -// OpCode identifies the type of diff -type OpCode struct { - Tag byte - I1 int - I2 int - J1 int - J2 int -} - -// SequenceMatcher compares sequence of strings. The basic -// algorithm predates, and is a little fancier than, an algorithm -// published in the late 1980's by Ratcliff and Obershelp under the -// hyperbolic name "gestalt pattern matching". The basic idea is to find -// the longest contiguous matching subsequence that contains no "junk" -// elements (R-O doesn't address junk). The same idea is then applied -// recursively to the pieces of the sequences to the left and to the right -// of the matching subsequence. This does not yield minimal edit -// sequences, but does tend to yield matches that "look right" to people. -// -// SequenceMatcher tries to compute a "human-friendly diff" between two -// sequences. Unlike e.g. UNIX(tm) diff, the fundamental notion is the -// longest *contiguous* & junk-free matching subsequence. That's what -// catches peoples' eyes. The Windows(tm) windiff has another interesting -// notion, pairing up elements that appear uniquely in each sequence. -// That, and the method here, appear to yield more intuitive difference -// reports than does diff. This method appears to be the least vulnerable -// to synching up on blocks of "junk lines", though (like blank lines in -// ordinary text files, or maybe "

" lines in HTML files). That may be -// because this is the only method of the 3 that has a *concept* of -// "junk" . -// -// Timing: Basic R-O is cubic time worst case and quadratic time expected -// case. SequenceMatcher is quadratic time for the worst case and has -// expected-case behavior dependent in a complicated way on how many -// elements the sequences have in common; best case time is linear. -type SequenceMatcher struct { - a []string - b []string - b2j map[string][]int - IsJunk func(string) bool - autoJunk bool - bJunk map[string]struct{} - matchingBlocks []Match - fullBCount map[string]int - bPopular map[string]struct{} - opCodes []OpCode -} - -// NewMatcher returns a new SequenceMatcher -func NewMatcher(a, b []string) *SequenceMatcher { - m := SequenceMatcher{autoJunk: true} - m.SetSeqs(a, b) - return &m -} - -// SetSeqs sets two sequences to be compared. -func (m *SequenceMatcher) SetSeqs(a, b []string) { - m.SetSeq1(a) - m.SetSeq2(b) -} - -// SetSeq1 sets the first sequence to be compared. The second sequence to be compared is -// not changed. -// -// SequenceMatcher computes and caches detailed information about the second -// sequence, so if you want to compare one sequence S against many sequences, -// use .SetSeq2(s) once and call .SetSeq1(x) repeatedly for each of the other -// sequences. -// -// See also SetSeqs() and SetSeq2(). -func (m *SequenceMatcher) SetSeq1(a []string) { - if &a == &m.a { - return - } - m.a = a - m.matchingBlocks = nil - m.opCodes = nil -} - -// SetSeq2 sets the second sequence to be compared. The first sequence to be compared is -// not changed. -func (m *SequenceMatcher) SetSeq2(b []string) { - if &b == &m.b { - return - } - m.b = b - m.matchingBlocks = nil - m.opCodes = nil - m.fullBCount = nil - m.chainB() -} - -func (m *SequenceMatcher) chainB() { - // Populate line -> index mapping - b2j := map[string][]int{} - for i, s := range m.b { - indices := b2j[s] - indices = append(indices, i) - b2j[s] = indices - } - - // Purge junk elements - m.bJunk = map[string]struct{}{} - if m.IsJunk != nil { - junk := m.bJunk - for s := range b2j { - if m.IsJunk(s) { - junk[s] = struct{}{} - } - } - for s := range junk { - delete(b2j, s) - } - } - - // Purge remaining popular elements - popular := map[string]struct{}{} - n := len(m.b) - if m.autoJunk && n >= 200 { - ntest := n/100 + 1 - for s, indices := range b2j { - if len(indices) > ntest { - popular[s] = struct{}{} - } - } - for s := range popular { - delete(b2j, s) - } - } - m.bPopular = popular - m.b2j = b2j -} - -func (m *SequenceMatcher) isBJunk(s string) bool { - _, ok := m.bJunk[s] - return ok -} - -// Find longest matching block in a[alo:ahi] and b[blo:bhi]. -// -// If IsJunk is not defined: -// -// Return (i,j,k) such that a[i:i+k] is equal to b[j:j+k], where -// -// alo <= i <= i+k <= ahi -// blo <= j <= j+k <= bhi -// -// and for all (i',j',k') meeting those conditions, -// -// k >= k' -// i <= i' -// and if i == i', j <= j' -// -// In other words, of all maximal matching blocks, return one that -// starts earliest in a, and of all those maximal matching blocks that -// start earliest in a, return the one that starts earliest in b. -// -// If IsJunk is defined, first the longest matching block is -// determined as above, but with the additional restriction that no -// junk element appears in the block. Then that block is extended as -// far as possible by matching (only) junk elements on both sides. So -// the resulting block never matches on junk except as identical junk -// happens to be adjacent to an "interesting" match. -// -// If no blocks match, return (alo, blo, 0). -func (m *SequenceMatcher) findLongestMatch(alo, ahi, blo, bhi int) Match { - // CAUTION: stripping common prefix or suffix would be incorrect. - // E.g., - // ab - // acab - // Longest matching block is "ab", but if common prefix is - // stripped, it's "a" (tied with "b"). UNIX(tm) diff does so - // strip, so ends up claiming that ab is changed to acab by - // inserting "ca" in the middle. That's minimal but unintuitive: - // "it's obvious" that someone inserted "ac" at the front. - // Windiff ends up at the same place as diff, but by pairing up - // the unique 'b's and then matching the first two 'a's. - besti, bestj, bestsize := alo, blo, 0 - - // find longest junk-free match - // during an iteration of the loop, j2len[j] = length of longest - // junk-free match ending with a[i-1] and b[j] - j2len := map[int]int{} - for i := alo; i != ahi; i++ { - // look at all instances of a[i] in b; note that because - // b2j has no junk keys, the loop is skipped if a[i] is junk - newj2len := map[int]int{} - for _, j := range m.b2j[m.a[i]] { - // a[i] matches b[j] - if j < blo { - continue - } - if j >= bhi { - break - } - k := j2len[j-1] + 1 - newj2len[j] = k - if k > bestsize { - besti, bestj, bestsize = i-k+1, j-k+1, k - } - } - j2len = newj2len - } - - // Extend the best by non-junk elements on each end. In particular, - // "popular" non-junk elements aren't in b2j, which greatly speeds - // the inner loop above, but also means "the best" match so far - // doesn't contain any junk *or* popular non-junk elements. - for besti > alo && bestj > blo && !m.isBJunk(m.b[bestj-1]) && - m.a[besti-1] == m.b[bestj-1] { - besti, bestj, bestsize = besti-1, bestj-1, bestsize+1 - } - for besti+bestsize < ahi && bestj+bestsize < bhi && - !m.isBJunk(m.b[bestj+bestsize]) && - m.a[besti+bestsize] == m.b[bestj+bestsize] { - bestsize += 1 - } - - // Now that we have a wholly interesting match (albeit possibly - // empty!), we may as well suck up the matching junk on each - // side of it too. Can't think of a good reason not to, and it - // saves post-processing the (possibly considerable) expense of - // figuring out what to do with it. In the case of an empty - // interesting match, this is clearly the right thing to do, - // because no other kind of match is possible in the regions. - for besti > alo && bestj > blo && m.isBJunk(m.b[bestj-1]) && - m.a[besti-1] == m.b[bestj-1] { - besti, bestj, bestsize = besti-1, bestj-1, bestsize+1 - } - for besti+bestsize < ahi && bestj+bestsize < bhi && - m.isBJunk(m.b[bestj+bestsize]) && - m.a[besti+bestsize] == m.b[bestj+bestsize] { - bestsize += 1 - } - - return Match{A: besti, B: bestj, Size: bestsize} -} - -// GetMatchingBlocks returns a list of triples describing matching subsequences. -// -// Each triple is of the form (i, j, n), and means that -// a[i:i+n] == b[j:j+n]. The triples are monotonically increasing in -// i and in j. It's also guaranteed that if (i, j, n) and (i', j', n') are -// adjacent triples in the list, and the second is not the last triple in the -// list, then i+n != i' or j+n != j'. IOW, adjacent triples never describe -// adjacent equal blocks. -// -// The last triple is a dummy, (len(a), len(b), 0), and is the only -// triple with n==0. -func (m *SequenceMatcher) GetMatchingBlocks() []Match { - if m.matchingBlocks != nil { - return m.matchingBlocks - } - - var matchBlocks func(alo, ahi, blo, bhi int, matched []Match) []Match - matchBlocks = func(alo, ahi, blo, bhi int, matched []Match) []Match { - match := m.findLongestMatch(alo, ahi, blo, bhi) - i, j, k := match.A, match.B, match.Size - if match.Size > 0 { - if alo < i && blo < j { - matched = matchBlocks(alo, i, blo, j, matched) - } - matched = append(matched, match) - if i+k < ahi && j+k < bhi { - matched = matchBlocks(i+k, ahi, j+k, bhi, matched) - } - } - return matched - } - matched := matchBlocks(0, len(m.a), 0, len(m.b), nil) - - // It's possible that we have adjacent equal blocks in the - // matching_blocks list now. - nonAdjacent := []Match{} - i1, j1, k1 := 0, 0, 0 - for _, b := range matched { - // Is this block adjacent to i1, j1, k1? - i2, j2, k2 := b.A, b.B, b.Size - if i1+k1 == i2 && j1+k1 == j2 { - // Yes, so collapse them -- this just increases the length of - // the first block by the length of the second, and the first - // block so lengthened remains the block to compare against. - k1 += k2 - } else { - // Not adjacent. Remember the first block (k1==0 means it's - // the dummy we started with), and make the second block the - // new block to compare against. - if k1 > 0 { - nonAdjacent = append(nonAdjacent, Match{i1, j1, k1}) - } - i1, j1, k1 = i2, j2, k2 - } - } - if k1 > 0 { - nonAdjacent = append(nonAdjacent, Match{i1, j1, k1}) - } - - nonAdjacent = append(nonAdjacent, Match{len(m.a), len(m.b), 0}) - m.matchingBlocks = nonAdjacent - return m.matchingBlocks -} - -// GetOpCodes returns a list of 5-tuples describing how to turn a into b. -// -// Each tuple is of the form (tag, i1, i2, j1, j2). The first tuple -// has i1 == j1 == 0, and remaining tuples have i1 == the i2 from the -// tuple preceding it, and likewise for j1 == the previous j2. -// -// The tags are characters, with these meanings: -// -// 'r' (replace): a[i1:i2] should be replaced by b[j1:j2] -// -// 'd' (delete): a[i1:i2] should be deleted, j1==j2 in this case. -// -// 'i' (insert): b[j1:j2] should be inserted at a[i1:i1], i1==i2 in this case. -// -// 'e' (equal): a[i1:i2] == b[j1:j2] -func (m *SequenceMatcher) GetOpCodes() []OpCode { - if m.opCodes != nil { - return m.opCodes - } - i, j := 0, 0 - matching := m.GetMatchingBlocks() - opCodes := make([]OpCode, 0, len(matching)) - for _, m := range matching { - // invariant: we've pumped out correct diffs to change - // a[:i] into b[:j], and the next matching block is - // a[ai:ai+size] == b[bj:bj+size]. So we need to pump - // out a diff to change a[i:ai] into b[j:bj], pump out - // the matching block, and move (i,j) beyond the match - ai, bj, size := m.A, m.B, m.Size - tag := byte(0) - if i < ai && j < bj { - tag = 'r' - } else if i < ai { - tag = 'd' - } else if j < bj { - tag = 'i' - } - if tag > 0 { - opCodes = append(opCodes, OpCode{tag, i, ai, j, bj}) - } - i, j = ai+size, bj+size - // the list of matching blocks is terminated by a - // sentinel with size 0 - if size > 0 { - opCodes = append(opCodes, OpCode{'e', ai, i, bj, j}) - } - } - m.opCodes = opCodes - return m.opCodes -} - -// GetGroupedOpCodes isolates change clusters by eliminating ranges with no changes. -// -// Return a generator of groups with up to n lines of context. -// Each group is in the same format as returned by GetOpCodes(). -func (m *SequenceMatcher) GetGroupedOpCodes(n int) [][]OpCode { - if n < 0 { - n = 3 - } - codes := m.GetOpCodes() - if len(codes) == 0 { - codes = []OpCode{{'e', 0, 1, 0, 1}} - } - // Fixup leading and trailing groups if they show no changes. - if codes[0].Tag == 'e' { - c := codes[0] - i1, i2, j1, j2 := c.I1, c.I2, c.J1, c.J2 - codes[0] = OpCode{c.Tag, maxInt(i1, i2-n), i2, maxInt(j1, j2-n), j2} - } - if codes[len(codes)-1].Tag == 'e' { - c := codes[len(codes)-1] - i1, i2, j1, j2 := c.I1, c.I2, c.J1, c.J2 - codes[len(codes)-1] = OpCode{c.Tag, i1, minInt(i2, i1+n), j1, minInt(j2, j1+n)} - } - nn := n + n - groups := [][]OpCode{} - group := []OpCode{} - for _, c := range codes { - i1, i2, j1, j2 := c.I1, c.I2, c.J1, c.J2 - // End the current group and start a new one whenever - // there is a large range with no changes. - if c.Tag == 'e' && i2-i1 > nn { - group = append(group, OpCode{c.Tag, i1, minInt(i2, i1+n), - j1, minInt(j2, j1+n)}) - groups = append(groups, group) - group = []OpCode{} - i1, j1 = maxInt(i1, i2-n), maxInt(j1, j2-n) - } - group = append(group, OpCode{c.Tag, i1, i2, j1, j2}) - } - if len(group) > 0 && !(len(group) == 1 && group[0].Tag == 'e') { - groups = append(groups, group) - } - return groups -} diff --git a/vendor/gotest.tools/v3/internal/format/diff.go b/vendor/gotest.tools/v3/internal/format/diff.go deleted file mode 100644 index 4f6c07a350..0000000000 --- a/vendor/gotest.tools/v3/internal/format/diff.go +++ /dev/null @@ -1,162 +0,0 @@ -// Package format provides utilities for formatting diffs and messages. -package format - -import ( - "bytes" - "fmt" - "strings" - "unicode" - - "gotest.tools/v3/internal/difflib" -) - -const ( - contextLines = 2 -) - -// DiffConfig for a unified diff -type DiffConfig struct { - A string - B string - From string - To string -} - -// UnifiedDiff is a modified version of difflib.WriteUnifiedDiff with better -// support for showing the whitespace differences. -func UnifiedDiff(conf DiffConfig) string { - a := strings.SplitAfter(conf.A, "\n") - b := strings.SplitAfter(conf.B, "\n") - groups := difflib.NewMatcher(a, b).GetGroupedOpCodes(contextLines) - if len(groups) == 0 { - return "" - } - - buf := new(bytes.Buffer) - writeFormat := func(format string, args ...interface{}) { - buf.WriteString(fmt.Sprintf(format, args...)) - } - writeLine := func(prefix string, s string) { - buf.WriteString(prefix + s) - } - if hasWhitespaceDiffLines(groups, a, b) { - writeLine = visibleWhitespaceLine(writeLine) - } - formatHeader(writeFormat, conf) - for _, group := range groups { - formatRangeLine(writeFormat, group) - for _, opCode := range group { - in, out := a[opCode.I1:opCode.I2], b[opCode.J1:opCode.J2] - switch opCode.Tag { - case 'e': - formatLines(writeLine, " ", in) - case 'r': - formatLines(writeLine, "-", in) - formatLines(writeLine, "+", out) - case 'd': - formatLines(writeLine, "-", in) - case 'i': - formatLines(writeLine, "+", out) - } - } - } - return buf.String() -} - -// hasWhitespaceDiffLines returns true if any diff groups is only different -// because of whitespace characters. -func hasWhitespaceDiffLines(groups [][]difflib.OpCode, a, b []string) bool { - for _, group := range groups { - in, out := new(bytes.Buffer), new(bytes.Buffer) - for _, opCode := range group { - if opCode.Tag == 'e' { - continue - } - for _, line := range a[opCode.I1:opCode.I2] { - in.WriteString(line) - } - for _, line := range b[opCode.J1:opCode.J2] { - out.WriteString(line) - } - } - if removeWhitespace(in.String()) == removeWhitespace(out.String()) { - return true - } - } - return false -} - -func removeWhitespace(s string) string { - var result []rune - for _, r := range s { - if !unicode.IsSpace(r) { - result = append(result, r) - } - } - return string(result) -} - -func visibleWhitespaceLine(ws func(string, string)) func(string, string) { - mapToVisibleSpace := func(r rune) rune { - switch r { - case '\n': - case ' ': - return '·' - case '\t': - return '▷' - case '\v': - return '▽' - case '\r': - return '↵' - case '\f': - return '↓' - default: - if unicode.IsSpace(r) { - return '�' - } - } - return r - } - return func(prefix, s string) { - ws(prefix, strings.Map(mapToVisibleSpace, s)) - } -} - -func formatHeader(wf func(string, ...interface{}), conf DiffConfig) { - if conf.From != "" || conf.To != "" { - wf("--- %s\n", conf.From) - wf("+++ %s\n", conf.To) - } -} - -func formatRangeLine(wf func(string, ...interface{}), group []difflib.OpCode) { - first, last := group[0], group[len(group)-1] - range1 := formatRangeUnified(first.I1, last.I2) - range2 := formatRangeUnified(first.J1, last.J2) - wf("@@ -%s +%s @@\n", range1, range2) -} - -// Convert range to the "ed" format -func formatRangeUnified(start, stop int) string { - // Per the diff spec at http://www.unix.org/single_unix_specification/ - beginning := start + 1 // lines start numbering with one - length := stop - start - if length == 1 { - return fmt.Sprintf("%d", beginning) - } - if length == 0 { - beginning-- // empty ranges begin at line just before the range - } - return fmt.Sprintf("%d,%d", beginning, length) -} - -func formatLines(writeLine func(string, string), prefix string, lines []string) { - for _, line := range lines { - writeLine(prefix, line) - } - // Add a newline if the last line is missing one so that the diff displays - // properly. - if !strings.HasSuffix(lines[len(lines)-1], "\n") { - writeLine("", "\n") - } -} diff --git a/vendor/gotest.tools/v3/internal/format/format.go b/vendor/gotest.tools/v3/internal/format/format.go deleted file mode 100644 index 5097e4bd6e..0000000000 --- a/vendor/gotest.tools/v3/internal/format/format.go +++ /dev/null @@ -1,27 +0,0 @@ -package format // import "gotest.tools/v3/internal/format" - -import "fmt" - -// Message accepts a msgAndArgs varargs and formats it using fmt.Sprintf -func Message(msgAndArgs ...interface{}) string { - switch len(msgAndArgs) { - case 0: - return "" - case 1: - return fmt.Sprintf("%v", msgAndArgs[0]) - default: - return fmt.Sprintf(msgAndArgs[0].(string), msgAndArgs[1:]...) - } -} - -// WithCustomMessage accepts one or two messages and formats them appropriately -func WithCustomMessage(source string, msgAndArgs ...interface{}) string { - custom := Message(msgAndArgs...) - switch { - case custom == "": - return source - case source == "": - return custom - } - return fmt.Sprintf("%s: %s", source, custom) -} diff --git a/vendor/gotest.tools/v3/internal/source/bazel.go b/vendor/gotest.tools/v3/internal/source/bazel.go deleted file mode 100644 index 1f5197ddfc..0000000000 --- a/vendor/gotest.tools/v3/internal/source/bazel.go +++ /dev/null @@ -1,51 +0,0 @@ -package source - -import ( - "fmt" - "os" - "path/filepath" -) - -// These Bazel env vars are documented here: -// https://bazel.build/reference/test-encyclopedia - -// Signifies test executable is being driven by `bazel test`. -// -// Due to Bazel's compilation and sandboxing strategy, -// some care is required to handle resolving the original *.go source file. -var inBazelTest = os.Getenv("BAZEL_TEST") == "1" - -// The name of the target being tested (ex: //some_package:some_package_test) -var bazelTestTarget = os.Getenv("TEST_TARGET") - -// Absolute path to the base of the runfiles tree -var bazelTestSrcdir = os.Getenv("TEST_SRCDIR") - -// The local repository's workspace name (ex: __main__) -var bazelTestWorkspace = os.Getenv("TEST_WORKSPACE") - -func bazelSourcePath(filename string) (string, error) { - // Use the env vars to resolve the test source files, - // which must be provided as test data in the respective go_test target. - filename = filepath.Join(bazelTestSrcdir, bazelTestWorkspace, filename) - - _, err := os.Stat(filename) - if os.IsNotExist(err) { - return "", fmt.Errorf(bazelMissingSourceMsg, filename, bazelTestTarget) - } - return filename, nil -} - -var bazelMissingSourceMsg = ` -the test source file does not exist: %s -It appears that you are running this test under Bazel (target: %s). -Check that your test source files are added as test data in your go_test targets. - -Example: - go_test( - name = "your_package_test", - srcs = ["your_test.go"], - deps = ["@tools_gotest_v3//assert"], - data = glob(["*_test.go"]) - )" -` diff --git a/vendor/gotest.tools/v3/internal/source/defers.go b/vendor/gotest.tools/v3/internal/source/defers.go deleted file mode 100644 index 392d9fe071..0000000000 --- a/vendor/gotest.tools/v3/internal/source/defers.go +++ /dev/null @@ -1,52 +0,0 @@ -package source - -import ( - "fmt" - "go/ast" - "go/token" -) - -func scanToDeferLine(fileset *token.FileSet, node ast.Node, lineNum int) ast.Node { - var matchedNode ast.Node - ast.Inspect(node, func(node ast.Node) bool { - switch { - case node == nil || matchedNode != nil: - return false - case fileset.Position(node.End()).Line == lineNum: - if funcLit, ok := node.(*ast.FuncLit); ok { - matchedNode = funcLit - return false - } - } - return true - }) - debug("defer line node: %s", debugFormatNode{matchedNode}) - return matchedNode -} - -func guessDefer(node ast.Node) (ast.Node, error) { - defers := collectDefers(node) - switch len(defers) { - case 0: - return nil, fmt.Errorf("failed to find expression in defer") - case 1: - return defers[0].Call, nil - default: - return nil, fmt.Errorf( - "ambiguous call expression: multiple (%d) defers in call block", - len(defers)) - } -} - -func collectDefers(node ast.Node) []*ast.DeferStmt { - var defers []*ast.DeferStmt - ast.Inspect(node, func(node ast.Node) bool { - if d, ok := node.(*ast.DeferStmt); ok { - defers = append(defers, d) - debug("defer: %s", debugFormatNode{d}) - return false - } - return true - }) - return defers -} diff --git a/vendor/gotest.tools/v3/internal/source/source.go b/vendor/gotest.tools/v3/internal/source/source.go deleted file mode 100644 index 9ac4bfa7d1..0000000000 --- a/vendor/gotest.tools/v3/internal/source/source.go +++ /dev/null @@ -1,159 +0,0 @@ -// Package source provides utilities for handling source-code. -package source // import "gotest.tools/v3/internal/source" - -import ( - "bytes" - "errors" - "fmt" - "go/ast" - "go/format" - "go/parser" - "go/token" - "os" - "path/filepath" - "runtime" -) - -// FormattedCallExprArg returns the argument from an ast.CallExpr at the -// index in the call stack. The argument is formatted using FormatNode. -func FormattedCallExprArg(stackIndex int, argPos int) (string, error) { - args, err := CallExprArgs(stackIndex + 1) - if err != nil { - return "", err - } - if argPos >= len(args) { - return "", errors.New("failed to find expression") - } - return FormatNode(args[argPos]) -} - -// CallExprArgs returns the ast.Expr slice for the args of an ast.CallExpr at -// the index in the call stack. -func CallExprArgs(stackIndex int) ([]ast.Expr, error) { - _, filename, line, ok := runtime.Caller(stackIndex + 1) - if !ok { - return nil, errors.New("failed to get call stack") - } - debug("call stack position: %s:%d", filename, line) - - // Normally, `go` will compile programs with absolute paths in - // the debug metadata. However, in the name of reproducibility, - // Bazel uses a compilation strategy that results in relative paths - // (otherwise, since Bazel uses a random tmp dir for compile and sandboxing, - // the resulting binaries would change across compiles/test runs). - if inBazelTest && !filepath.IsAbs(filename) { - var err error - filename, err = bazelSourcePath(filename) - if err != nil { - return nil, err - } - } - - fileset := token.NewFileSet() - astFile, err := parser.ParseFile(fileset, filename, nil, parser.AllErrors) - if err != nil { - return nil, fmt.Errorf("failed to parse source file %s: %w", filename, err) - } - - expr, err := getCallExprArgs(fileset, astFile, line) - if err != nil { - return nil, fmt.Errorf("call from %s:%d: %w", filename, line, err) - } - return expr, nil -} - -func getNodeAtLine(fileset *token.FileSet, astFile ast.Node, lineNum int) (ast.Node, error) { - if node := scanToLine(fileset, astFile, lineNum); node != nil { - return node, nil - } - if node := scanToDeferLine(fileset, astFile, lineNum); node != nil { - node, err := guessDefer(node) - if err != nil || node != nil { - return node, err - } - } - return nil, errors.New("failed to find expression") -} - -func scanToLine(fileset *token.FileSet, node ast.Node, lineNum int) ast.Node { - var matchedNode ast.Node - ast.Inspect(node, func(node ast.Node) bool { - switch { - case node == nil || matchedNode != nil: - return false - case fileset.Position(node.Pos()).Line == lineNum: - matchedNode = node - return false - } - return true - }) - return matchedNode -} - -func getCallExprArgs(fileset *token.FileSet, astFile ast.Node, line int) ([]ast.Expr, error) { - node, err := getNodeAtLine(fileset, astFile, line) - if err != nil { - return nil, err - } - - debug("found node: %s", debugFormatNode{node}) - - visitor := &callExprVisitor{} - ast.Walk(visitor, node) - if visitor.expr == nil { - return nil, errors.New("failed to find an expression") - } - debug("callExpr: %s", debugFormatNode{visitor.expr}) - return visitor.expr.Args, nil -} - -type callExprVisitor struct { - expr *ast.CallExpr -} - -func (v *callExprVisitor) Visit(node ast.Node) ast.Visitor { - if v.expr != nil || node == nil { - return nil - } - debug("visit: %s", debugFormatNode{node}) - - switch typed := node.(type) { - case *ast.CallExpr: - v.expr = typed - return nil - case *ast.DeferStmt: - ast.Walk(v, typed.Call.Fun) - return nil - } - return v -} - -// FormatNode using go/format.Node and return the result as a string -func FormatNode(node ast.Node) (string, error) { - buf := new(bytes.Buffer) - err := format.Node(buf, token.NewFileSet(), node) - return buf.String(), err -} - -var debugEnabled = os.Getenv("GOTESTTOOLS_DEBUG") != "" - -func debug(format string, args ...interface{}) { - if debugEnabled { - fmt.Fprintf(os.Stderr, "DEBUG: "+format+"\n", args...) - } -} - -type debugFormatNode struct { - ast.Node -} - -func (n debugFormatNode) String() string { - if n.Node == nil { - return "none" - } - out, err := FormatNode(n.Node) - if err != nil { - return fmt.Sprintf("failed to format %s: %s", n.Node, err) - } - return fmt.Sprintf("(%T) %s", n.Node, out) -} diff --git a/vendor/gotest.tools/v3/internal/source/update.go b/vendor/gotest.tools/v3/internal/source/update.go deleted file mode 100644 index 5591bffd16..0000000000 --- a/vendor/gotest.tools/v3/internal/source/update.go +++ /dev/null @@ -1,171 +0,0 @@ -package source - -import ( - "bytes" - "errors" - "flag" - "fmt" - "go/ast" - "go/format" - "go/parser" - "go/token" - "os" - "runtime" - "strings" -) - -// IsUpdate is returns true if the -update flag is set. It indicates the user -// running the tests would like to update any golden values. -func IsUpdate() bool { - if Update { - return true - } - return flag.Lookup("update").Value.(flag.Getter).Get().(bool) -} - -// Update is a shim for testing, and for compatibility with the old -update-golden -// flag. -var Update bool - -func init() { - if f := flag.Lookup("update"); f != nil { - getter, ok := f.Value.(flag.Getter) - msg := "some other package defined an incompatible -update flag, expected a flag.Bool" - if !ok { - panic(msg) - } - if _, ok := getter.Get().(bool); !ok { - panic(msg) - } - return - } - flag.Bool("update", false, "update golden values") -} - -// ErrNotFound indicates that UpdateExpectedValue failed to find the -// variable to update, likely because it is not a package level variable. -var ErrNotFound = fmt.Errorf("failed to find variable for update of golden value") - -// UpdateExpectedValue looks for a package-level variable with a name that -// starts with expected in the arguments to the caller. If the variable is -// found, the value of the variable will be updated to value of the other -// argument to the caller. -func UpdateExpectedValue(stackIndex int, x, y interface{}) error { - _, filename, line, ok := runtime.Caller(stackIndex + 1) - if !ok { - return errors.New("failed to get call stack") - } - debug("call stack position: %s:%d", filename, line) - - fileset := token.NewFileSet() - astFile, err := parser.ParseFile(fileset, filename, nil, parser.AllErrors|parser.ParseComments) - if err != nil { - return fmt.Errorf("failed to parse source file %s: %w", filename, err) - } - - expr, err := getCallExprArgs(fileset, astFile, line) - if err != nil { - return fmt.Errorf("call from %s:%d: %w", filename, line, err) - } - - if len(expr) < 3 { - debug("not enough arguments %d: %v", - len(expr), debugFormatNode{Node: &ast.CallExpr{Args: expr}}) - return ErrNotFound - } - - argIndex, ident := getIdentForExpectedValueArg(expr) - if argIndex < 0 || ident == nil { - debug("no arguments started with the word 'expected': %v", - debugFormatNode{Node: &ast.CallExpr{Args: expr}}) - return ErrNotFound - } - - value := x - if argIndex == 1 { - value = y - } - - strValue, ok := value.(string) - if !ok { - debug("value must be type string, got %T", value) - return ErrNotFound - } - return UpdateVariable(filename, fileset, astFile, ident, strValue) -} - -// UpdateVariable writes to filename the contents of astFile with the value of -// the variable updated to value. -func UpdateVariable( - filename string, - fileset *token.FileSet, - astFile *ast.File, - ident *ast.Ident, - value string, -) error { - obj := ident.Obj - if obj == nil { - return ErrNotFound - } - if obj.Kind != ast.Con && obj.Kind != ast.Var { - debug("can only update var and const, found %v", obj.Kind) - return ErrNotFound - } - - switch decl := obj.Decl.(type) { - case *ast.ValueSpec: - if len(decl.Names) != 1 { - debug("more than one name in ast.ValueSpec") - return ErrNotFound - } - - decl.Values[0] = &ast.BasicLit{ - Kind: token.STRING, - Value: "`" + value + "`", - } - - case *ast.AssignStmt: - if len(decl.Lhs) != 1 { - debug("more than one name in ast.AssignStmt") - return ErrNotFound - } - - decl.Rhs[0] = &ast.BasicLit{ - Kind: token.STRING, - Value: "`" + value + "`", - } - - default: - debug("can only update *ast.ValueSpec, found %T", obj.Decl) - return ErrNotFound - } - - var buf bytes.Buffer - if err := format.Node(&buf, fileset, astFile); err != nil { - return fmt.Errorf("failed to format file after update: %w", err) - } - - fh, err := os.Create(filename) - if err != nil { - return fmt.Errorf("failed to open file %v: %w", filename, err) - } - if _, err = fh.Write(buf.Bytes()); err != nil { - return fmt.Errorf("failed to write file %v: %w", filename, err) - } - if err := fh.Sync(); err != nil { - return fmt.Errorf("failed to sync file %v: %w", filename, err) - } - return nil -} - -func getIdentForExpectedValueArg(expr []ast.Expr) (int, *ast.Ident) { - for i := 1; i < 3; i++ { - switch e := expr[i].(type) { - case *ast.Ident: - if strings.HasPrefix(strings.ToLower(e.Name), "expected") { - return i, e - } - } - } - return -1, nil -} diff --git a/vendor/gotest.tools/v3/internal/source/version.go b/vendor/gotest.tools/v3/internal/source/version.go deleted file mode 100644 index 5fa8a90312..0000000000 --- a/vendor/gotest.tools/v3/internal/source/version.go +++ /dev/null @@ -1,35 +0,0 @@ -package source - -import ( - "runtime" - "strconv" - "strings" -) - -// GoVersionLessThan returns true if runtime.Version() is semantically less than -// version major.minor. Returns false if a release version can not be parsed from -// runtime.Version(). -func GoVersionLessThan(major, minor int64) bool { - version := runtime.Version() - // not a release version - if !strings.HasPrefix(version, "go") { - return false - } - version = strings.TrimPrefix(version, "go") - parts := strings.Split(version, ".") - if len(parts) < 2 { - return false - } - rMajor, err := strconv.ParseInt(parts[0], 10, 32) - if err != nil { - return false - } - if rMajor != major { - return rMajor < major - } - rMinor, err := strconv.ParseInt(parts[1], 10, 32) - if err != nil { - return false - } - return rMinor < minor -} diff --git a/vendor/modules.txt b/vendor/modules.txt index c878e567e3..d2719543a9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -737,14 +737,6 @@ google.golang.org/protobuf/types/known/timestamppb # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# gotest.tools/v3 v3.5.2 -## explicit; go 1.17 -gotest.tools/v3/assert -gotest.tools/v3/assert/cmp -gotest.tools/v3/internal/assert -gotest.tools/v3/internal/difflib -gotest.tools/v3/internal/format -gotest.tools/v3/internal/source # sigs.k8s.io/yaml v1.6.0 ## explicit; go 1.22 sigs.k8s.io/yaml From 7f806adb492e6574f49bfa08d18bd111f9948f44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 20:29:54 +0200 Subject: [PATCH 08/17] Update github.com/coreos/go-oidc/v3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- image/go.mod | 2 +- image/go.sum | 4 ++-- vendor/modules.txt | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/image/go.mod b/image/go.mod index 2464f359cf..b71b8c6016 100644 --- a/image/go.mod +++ b/image/go.mod @@ -56,7 +56,7 @@ require ( github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.18.2 // indirect - github.com/coreos/go-oidc/v3 v3.17.0 // indirect + github.com/coreos/go-oidc/v3 v3.18.0 // indirect github.com/cyphar/filepath-securejoin v0.6.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/docker/go-units v0.5.0 // indirect diff --git a/image/go.sum b/image/go.sum index d90fa62099..e9ba550ff5 100644 --- a/image/go.sum +++ b/image/go.sum @@ -33,8 +33,8 @@ github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYgle github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.3.0 h1:ps3St6ZWNWhOQ/Kqld6K2wPHt01Mj3AqRTNCZLIWOfo= github.com/containers/ocicrypt v1.3.0/go.mod h1:PmfuGFpBwnGLnbqBm+QIy2nc8noDJ1Wt6B19la7VBFo= -github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc= -github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8= +github.com/coreos/go-oidc/v3 v3.18.0 h1:V9orjXynvu5wiC9SemFTWnG4F45v403aIcjWo0d41+A= +github.com/coreos/go-oidc/v3 v3.18.0/go.mod h1:DYCf24+ncYi+XkIH97GY1+dqoRlbaSI26KVTCI9SrY4= github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 h1:uX1JmpONuD549D73r6cgnxyUu18Zb7yHAy5AYU0Pm4Q= github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= github.com/cyphar/filepath-securejoin v0.6.1 h1:5CeZ1jPXEiYt3+Z6zqprSAgSWiggmpVyciv8syjIpVE= diff --git a/vendor/modules.txt b/vendor/modules.txt index d2719543a9..bf26d3aeb2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -79,8 +79,8 @@ github.com/containers/ocicrypt/keywrap/pkcs7 github.com/containers/ocicrypt/spec github.com/containers/ocicrypt/utils github.com/containers/ocicrypt/utils/keyprovider -# github.com/coreos/go-oidc/v3 v3.17.0 -## explicit; go 1.24.0 +# github.com/coreos/go-oidc/v3 v3.18.0 +## explicit; go 1.25.0 github.com/coreos/go-oidc/v3/oidc # github.com/coreos/go-systemd/v22 v22.7.0 ## explicit; go 1.23 From 0572c008661d7b85b084e81f3bd7a2bd00702612 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 20:38:17 +0200 Subject: [PATCH 09/17] Update github.com/fatih/color MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- image/go.mod | 2 +- image/go.sum | 4 ++-- vendor/modules.txt | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/image/go.mod b/image/go.mod index b71b8c6016..317f7acb00 100644 --- a/image/go.mod +++ b/image/go.mod @@ -60,7 +60,7 @@ require ( github.com/cyphar/filepath-securejoin v0.6.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/fatih/color v1.18.0 // indirect + github.com/fatih/color v1.19.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-jose/go-jose/v4 v4.1.4 // indirect github.com/go-logr/logr v1.4.3 // indirect diff --git a/image/go.sum b/image/go.sum index e9ba550ff5..2d1cd465f9 100644 --- a/image/go.sum +++ b/image/go.sum @@ -57,8 +57,8 @@ github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf github.com/docker/go-connections v0.7.0/go.mod h1:no1qkHdjq7kLMGUXYAduOhYPSJxxvgWBh7ogVvptn3Q= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= -github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/fatih/color v1.19.0 h1:Zp3PiM21/9Ld6FzSKyL5c/BULoe/ONr9KlbYVOfG8+w= +github.com/fatih/color v1.19.0/go.mod h1:zNk67I0ZUT1bEGsSGyCZYZNrHuTkJJB+r6Q9VuMi0LE= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= diff --git a/vendor/modules.txt b/vendor/modules.txt index bf26d3aeb2..cf3b2a86c8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -133,8 +133,8 @@ github.com/docker/go-connections/tlsconfig # github.com/docker/go-units v0.5.0 ## explicit github.com/docker/go-units -# github.com/fatih/color v1.18.0 -## explicit; go 1.17 +# github.com/fatih/color v1.19.0 +## explicit; go 1.25.0 # github.com/felixge/httpsnoop v1.0.4 ## explicit; go 1.13 github.com/felixge/httpsnoop From f0dacb107bf426222d0ae27054caa945b93cd266 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 21:30:19 +0200 Subject: [PATCH 10/17] Update github.com/google/go-containerregistry MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- common/go.mod | 6 +- common/go.sum | 9 +- go.work.sum | 2 + image/go.mod | 2 +- image/go.sum | 4 +- .../go-containerregistry/pkg/name/registry.go | 4 +- .../go-containerregistry/pkg/v1/manifest.go | 2 + vendor/golang.org/x/tools/go/ast/edge/edge.go | 24 +- .../golang.org/x/tools/go/packages/golist.go | 17 +- .../x/tools/go/packages/packages.go | 16 +- .../x/tools/go/types/objectpath/objectpath.go | 563 +++++++++++------- .../x/tools/internal/gcimporter/ureader.go | 42 +- .../x/tools/internal/gocommand/version.go | 5 +- vendor/modules.txt | 8 +- 14 files changed, 443 insertions(+), 261 deletions(-) diff --git a/common/go.mod b/common/go.mod index f3b615e64a..e3dadfb2bb 100644 --- a/common/go.mod +++ b/common/go.mod @@ -77,7 +77,7 @@ require ( github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-cmp v0.7.0 // indirect - github.com/google/go-containerregistry v0.21.1 // indirect + github.com/google/go-containerregistry v0.21.6 // indirect github.com/google/go-intervals v0.0.2 // indirect github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 // indirect github.com/google/uuid v1.6.0 // indirect @@ -121,10 +121,10 @@ require ( go.opentelemetry.io/otel/trace v1.43.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/mod v0.35.0 // indirect + golang.org/x/mod v0.36.0 // indirect golang.org/x/net v0.54.0 // indirect golang.org/x/text v0.37.0 // indirect - golang.org/x/tools v0.44.0 // indirect + golang.org/x/tools v0.45.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect google.golang.org/grpc v1.80.0 // indirect diff --git a/common/go.sum b/common/go.sum index bf0c7b0270..f66cf64e6a 100644 --- a/common/go.sum +++ b/common/go.sum @@ -98,8 +98,7 @@ github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-containerregistry v0.21.1 h1:sOt/o9BS2b87FnR7wxXPvRKU1XVJn2QCwOS5g8zQXlc= -github.com/google/go-containerregistry v0.21.1/go.mod h1:ctO5aCaewH4AK1AumSF5DPW+0+R+d2FmylMJdp5G7p0= +github.com/google/go-containerregistry v0.21.6 h1:T+yqQIlJXKrM98Om4DlW3GoWQAmhZuLMwoDOvVrtiUM= github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM= github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -294,8 +293,7 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= -golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= +golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= @@ -360,8 +358,7 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c= -golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI= +golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= diff --git a/go.work.sum b/go.work.sum index 806ab0ad49..6b72d3b01c 100644 --- a/go.work.sum +++ b/go.work.sum @@ -495,6 +495,7 @@ golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= +golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -609,6 +610,7 @@ golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= +golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/image/go.mod b/image/go.mod index 317f7acb00..21adaa5548 100644 --- a/image/go.mod +++ b/image/go.mod @@ -66,7 +66,7 @@ require ( github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/google/go-containerregistry v0.21.1 // indirect + github.com/google/go-containerregistry v0.21.6 // indirect github.com/google/go-intervals v0.0.2 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.1 // indirect diff --git a/image/go.sum b/image/go.sum index 2d1cd465f9..8089e7c266 100644 --- a/image/go.sum +++ b/image/go.sum @@ -75,8 +75,8 @@ github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-containerregistry v0.21.1 h1:sOt/o9BS2b87FnR7wxXPvRKU1XVJn2QCwOS5g8zQXlc= -github.com/google/go-containerregistry v0.21.1/go.mod h1:ctO5aCaewH4AK1AumSF5DPW+0+R+d2FmylMJdp5G7p0= +github.com/google/go-containerregistry v0.21.6 h1:T+yqQIlJXKrM98Om4DlW3GoWQAmhZuLMwoDOvVrtiUM= +github.com/google/go-containerregistry v0.21.6/go.mod h1:U7MMSBIJynke2MVQrQk19NP9k/uQsGz/h0amIFSHMbo= github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM= github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/registry.go b/vendor/github.com/google/go-containerregistry/pkg/name/registry.go index 5e6b6e62a0..7531d2426b 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/name/registry.go +++ b/vendor/github.com/google/go-containerregistry/pkg/name/registry.go @@ -24,8 +24,8 @@ import ( "strings" ) -// Detect more complex forms of local references. -var reLocal = regexp.MustCompile(`.*\.local(?:host)?(?::\d{1,5})?$`) +// Detect more complex forms of localhost references. +var reLocal = regexp.MustCompile(`.*\.localhost(?::\d{1,5})?$`) // Detect the loopback IP (127.0.0.1) var reLoopback = regexp.MustCompile(regexp.QuoteMeta("127.0.0.1")) diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go b/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go index 22d483f3bd..783eecc695 100644 --- a/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go +++ b/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go @@ -29,6 +29,7 @@ type Manifest struct { Layers []Descriptor `json:"layers"` Annotations map[string]string `json:"annotations,omitempty"` Subject *Descriptor `json:"subject,omitempty"` + ArtifactType string `json:"artifactType,omitempty"` } // IndexManifest represents an OCI image index in a structured way. @@ -38,6 +39,7 @@ type IndexManifest struct { Manifests []Descriptor `json:"manifests"` Annotations map[string]string `json:"annotations,omitempty"` Subject *Descriptor `json:"subject,omitempty"` + ArtifactType string `json:"artifactType,omitempty"` } // Descriptor holds a reference from the manifest to one of its constituent elements. diff --git a/vendor/golang.org/x/tools/go/ast/edge/edge.go b/vendor/golang.org/x/tools/go/ast/edge/edge.go index 4f6ccfd6e5..8dc4dd1502 100644 --- a/vendor/golang.org/x/tools/go/ast/edge/edge.go +++ b/vendor/golang.org/x/tools/go/ast/edge/edge.go @@ -12,7 +12,7 @@ import ( "reflect" ) -// A Kind describes a field of an ast.Node struct. +// A Kind describes a field of an [ast.Node] struct. type Kind uint8 // String returns a description of the edge kind. @@ -41,21 +41,25 @@ func (k Kind) Get(n ast.Node, idx int) ast.Node { panic(fmt.Sprintf("%v.Get(%T): invalid node type", k, n)) } v := reflect.ValueOf(n).Elem().Field(fieldInfos[k].index) - if idx != -1 { - v = v.Index(idx) // asserts valid index - } else { - // (The type assertion below asserts that v is not a slice.) + + if v.Kind() == reflect.Slice { + v = v.Index(idx) // asserts valid idx + } else if idx != -1 { + panic(fmt.Sprintf("%v, Get(%T, %d): cannot index non-slice", v, n, idx)) } - return v.Interface().(ast.Node) // may be nil + + out, _ := v.Interface().(ast.Node) // may be nil + return out } +// Each [Kind] is named Type_Field, where Type is the +// [ast.Node] struct type and Field is the name of the field const ( Invalid Kind = iota // for nodes at the root of the traversal - // Kinds are sorted alphabetically. - // Numbering is not stable. - // Each is named Type_Field, where Type is the - // ast.Node struct type and Field is the name of the field + // As of Go1.26 these kinds are sorted alphabetically, but + // numbering must be stable, so any new addition of const should + // use a new value (be added at the end of the list). ArrayType_Elt ArrayType_Len diff --git a/vendor/golang.org/x/tools/go/packages/golist.go b/vendor/golang.org/x/tools/go/packages/golist.go index a6c17cf634..8e60cbbed7 100644 --- a/vendor/golang.org/x/tools/go/packages/golist.go +++ b/vendor/golang.org/x/tools/go/packages/golist.go @@ -207,11 +207,10 @@ func goListDriver(cfg *Config, runner *gocommand.Runner, overlay string, pattern // doesn't exist. extractQueries: for _, pattern := range patterns { - eqidx := strings.Index(pattern, "=") - if eqidx < 0 { + query, value, ok := strings.Cut(pattern, "=") + if !ok { restPatterns = append(restPatterns, pattern) } else { - query, value := pattern[:eqidx], pattern[eqidx+len("="):] switch query { case "file": containFiles = append(containFiles, value) @@ -563,8 +562,18 @@ func (state *golistState) createDriverResponse(words ...string) (*DriverResponse } else { // golang/go#38990: go list silently fails to do cgo processing pkg.CompiledGoFiles = nil + + var msg strings.Builder + fmt.Fprintf(&msg, "go list failed to return CompiledGoFiles for %q.\n", p.Name) + + for _, err := range p.DepsErrors { + msg.WriteString(strings.TrimSpace(err.Err)) + msg.WriteByte('\n') + } + + msg.WriteString("This may indicate failure to perform cgo processing; try building at the command line. See https://golang.org/issue/38990.") pkg.Errors = append(pkg.Errors, Error{ - Msg: "go list failed to return CompiledGoFiles. This may indicate failure to perform cgo processing; try building at the command line. See https://golang.org/issue/38990.", + Msg: msg.String(), Kind: ListError, }) } diff --git a/vendor/golang.org/x/tools/go/packages/packages.go b/vendor/golang.org/x/tools/go/packages/packages.go index 412ba06b56..de683684ab 100644 --- a/vendor/golang.org/x/tools/go/packages/packages.go +++ b/vendor/golang.org/x/tools/go/packages/packages.go @@ -539,6 +539,11 @@ type Package struct { // depsErrors is the DepsErrors field from the go list response, if any. depsErrors []*packagesinternal.PackageError + + // exportDataError is the error encountered reading export data, if any. + // Decoding export data should ordinarily be infallible, so this typically + // indicates a producer/consumer version skew. + exportDataError error } // Module provides module information for a package. @@ -1073,10 +1078,11 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) { } // TODO(adonovan): this condition looks wrong: - // I think it should be lpkg.needtypes && !lpg.needsrc, + // I think it should be lpkg.needtypes && !lpkg.needsrc, // so that NeedSyntax without NeedTypes can be satisfied by export data. if !lpkg.needsrc { if err := ld.loadFromExportData(lpkg); err != nil { + lpkg.exportDataError = err lpkg.Errors = append(lpkg.Errors, Error{ Pos: "-", Msg: err.Error(), @@ -1215,7 +1221,13 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) { if ipkg.Types != nil && ipkg.Types.Complete() { return ipkg.Types, nil } - log.Fatalf("internal error: package %q without types was imported from %q", path, lpkg) + + // If types are unavailable, there must be an export data error. + if ipkg.exportDataError != nil { + return nil, ipkg.exportDataError + } + + log.Fatalf("internal error: expected complete types for package %q", path) panic("unreachable") }) diff --git a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go index 77aad553d5..0d6d0bced0 100644 --- a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go +++ b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go @@ -24,8 +24,10 @@ package objectpath import ( + "encoding/binary" "fmt" "go/types" + "slices" "strconv" "strings" @@ -124,7 +126,66 @@ func For(obj types.Object) (Path, error) { // An Encoder amortizes the cost of encoding the paths of multiple objects. // The zero value of an Encoder is ready to use. type Encoder struct { - scopeMemo map[*types.Scope][]types.Object // memoization of scopeObjects + pkgIndex map[*types.Package]*pkgIndex +} + +// A traversal encapsulates the state of a single traversal of the object/type graph. +type traversal struct { + pkg *types.Package + ix *pkgIndex // non-nil if we are building the index + + target types.Object // the sought symbol (if ix == nil) + found Path // the found path (if ix == nil) + + // These maps are used to short circuit cycles through + // interface methods, such as occur in the following example: + // + // type I interface { f() interface{I} } + // + // See golang/go#68046 for details. + seenTParamNames map[*types.TypeName]bool // global cycle breaking through type parameters + seenMethods map[*types.Func]bool // global cycle breaking through recursive interfaces +} + +// A pkgIndex holds a compressed index of objectpaths of all symbols +// (fields, methods, params) requiring search for an entire package. +// +// The first time a search for a given package is requested, we simply +// traverse the type graph for the target object, maintaining the +// current object path as a stack. If we find the target object, we +// save the path and terminate the main loop (but it's not worth +// breaking out of the current recursion). +// +// On the second search (a pkgIndex exists but its data is nil), we +// build an index of the traversal, which we use for all subsequent +// searches. +// +// The traversal index is encoded in the data field as a list of records, +// one per node, in preorder. Records are of two types: +// +// - A record for a package-level object consists of a pair +// (parent, nameIndex uvarint), where parent is zero and +// nameIndex is the index of the object's name in the sorted +// pkg.Scope().Names() slice. +// +// - A record for a nested node (a segment of an object path) +// consists of (parent uvarint, op byte, index uvarint), where +// parent is the index of the record for the parent node, +// op is the destructuring operator, and index (if op = [AFMTr]) +// is its integer operand. +// +// Since data[0] = 0 all nodes have positive offsets. In effect the +// encoding is a trie in which each node stores one path segment +// and points to the node for its prefix. +// +// TODO(adonovan): opt: evaluate an only 2-level tree with nodes for +// package-level objects and the-rest-of-the-path. One calculation +// suggested that it might be similar speed but 30% more compact. +type pkgIndex struct { + pkg *types.Package + data []byte // encoding of traversal; nil if not yet constructed + scopeNames []string // memo of pkg.Scope().Names() to avoid O(n) alloc/sort at lookup + offsets map[types.Object]uint32 // each object's node offset within encoded traversal data } // For returns the path to an object relative to its package, @@ -211,10 +272,9 @@ func (enc *Encoder) For(obj types.Object) (Path, error) { if pkg == nil { return "", fmt.Errorf("predeclared %s has no path", obj) } - scope := pkg.Scope() // 2. package-level object? - if scope.Lookup(obj.Name()) == obj { + if pkg.Scope().Lookup(obj.Name()) == obj { // Only exported objects (and non-exported types) have a path. // Non-exported types may be referenced by other objects. if _, ok := obj.(*types.TypeName); !ok && !obj.Exported() { @@ -232,19 +292,18 @@ func (enc *Encoder) For(obj types.Object) (Path, error) { // have a path. return "", fmt.Errorf("no path for %v", obj) } + case *types.Const, // Only package-level constants have a path. *types.Label, // Labels are function-local. *types.PkgName: // PkgNames are file-local. return "", fmt.Errorf("no path for %v", obj) case *types.Var: - // Could be: - // - a field (obj.IsField()) - // - a func parameter or result - // - a local var. - // Sadly there is no way to distinguish - // a param/result from a local - // so we must proceed to the find. + // A var, if not package-level, must be a + // parameter (incl. receiver) or result, or a struct field. + if obj.Kind() == types.LocalVar { + return "", fmt.Errorf("no path for local %v", obj) + } case *types.Func: // A func, if not package-level, must be a method. @@ -261,89 +320,311 @@ func (enc *Encoder) For(obj types.Object) (Path, error) { panic(obj) } - // 4. Search the API for the path to the var (field/param/result) or method. + // 4. Search the object/type graph for the path to + // the var (field/param/result) or method. + ix, ok := enc.pkgIndex[pkg] + if !ok { + // First search: don't build an index, just traverse. + // This avoids allocation in [For], whose Encoder + // lives for a single call. + ix = &pkgIndex{pkg: pkg} + + if enc.pkgIndex == nil { + enc.pkgIndex = make(map[*types.Package]*pkgIndex) + } + enc.pkgIndex[pkg] = ix // build the index next time + + f := traversal{pkg: pkg, target: obj} + f.traverse() + + if f.found != "" { + return f.found, nil + } + } else { + // Second search: build an index while traversing. + if ix.data == nil { + ix.offsets = make(map[types.Object]uint32) + ix.data = []byte{0} // offset 0 is sentinel + (&traversal{pkg: pkg, ix: ix}).traverse() + } + + // Second and later searches: consult the index. + if offset, ok := ix.offsets[obj]; ok { + return ix.path(offset), nil + } + } + + return "", fmt.Errorf("can't find path for %v in %s", obj, pkg.Path()) +} + +// traverse performs a complete traversal of all symbols reachable from the package. +func (tr *traversal) traverse() { + scope := tr.pkg.Scope() + names := scope.Names() + if tr.ix != nil { + tr.ix.scopeNames = names + } + + empty := make([]byte, 0, 48) // initial space for stack (ix == nil) - // First inspect package-level named types. + // First inspect package-level type names. // In the presence of path aliases, these give // the best paths because non-types may // refer to types, but not the reverse. - empty := make([]byte, 0, 48) // initial space - objs := enc.scopeObjects(scope) - for _, o := range objs { - tname, ok := o.(*types.TypeName) - if !ok { - continue // handle non-types in second pass + for i, name := range names { + if tr.found != "" { + return // found (ix == nil) } - path := append(empty, o.Name()...) - path = append(path, opType) - - T := o.Type() - if alias, ok := T.(*types.Alias); ok { - if r := findTypeParam(obj, alias.TypeParams(), path, opTypeParam); r != nil { - return Path(r), nil - } - if r := find(obj, alias.Rhs(), append(path, opRhs)); r != nil { - return Path(r), nil - } + obj := scope.Lookup(name) + if _, ok := obj.(*types.TypeName); !ok { + continue // handle non-types in second pass + } - } else if tname.IsAlias() { - // legacy alias - if r := find(obj, T, path); r != nil { - return Path(r), nil - } + // emit (name, opType) + var path []byte + var offset uint32 + if tr.ix == nil { + path = append(empty, name...) + path = append(path, opType) + } else { + offset = tr.ix.emitPackageLevel(i) + tr.ix.offsets[obj] = offset + offset = tr.ix.emitPathSegment(offset, opType, -1) + } - } else if named, ok := T.(*types.Named); ok { - // defined (named) type - if r := findTypeParam(obj, named.TypeParams(), path, opTypeParam); r != nil { - return Path(r), nil - } - if r := find(obj, named.Underlying(), append(path, opUnderlying)); r != nil { - return Path(r), nil - } + // A TypeName (for Named or Alias) may have type parameters. + switch t := obj.Type().(type) { + case *types.Alias: + tr.tparams(t.TypeParams(), path, offset, opTypeParam) + tr.typ(path, offset, opRhs, -1, t.Rhs()) + case *types.Named: + tr.tparams(t.TypeParams(), path, offset, opTypeParam) + tr.typ(path, offset, opUnderlying, -1, t.Underlying()) } } // Then inspect everything else: - // non-types, and declared methods of defined types. - for _, o := range objs { - path := append(empty, o.Name()...) - if _, ok := o.(*types.TypeName); !ok { - if o.Exported() { + // exported non-types, and declared methods of defined types. + for i, name := range names { + if tr.found != "" { + return // found (ix == nil) + } + + obj := scope.Lookup(name) + + if tname, ok := obj.(*types.TypeName); !ok { + if obj.Exported() { // exported non-type (const, var, func) - if r := find(obj, o.Type(), append(path, opType)); r != nil { - return Path(r), nil + var path []byte + var offset uint32 + if tr.ix == nil { + path = append(empty, name...) + } else { + offset = tr.ix.emitPackageLevel(i) + tr.ix.offsets[obj] = offset } + tr.typ(path, offset, opType, -1, obj.Type()) } - continue - } - // Inspect declared methods of defined types. - if T, ok := types.Unalias(o.Type()).(*types.Named); ok { - path = append(path, opType) + } else if T, ok := types.Unalias(tname.Type()).(*types.Named); ok { + // defined type + var path []byte + var offset uint32 + if tr.ix == nil { + path = append(empty, name...) + path = append(path, opType) + } else { + // Inv: map entry for obj was populated in first pass. + offset = tr.ix.emitPathSegment(tr.ix.offsets[obj], opType, -1) + } + + // Inspect declared methods of defined types. + // // The method index here is always with respect // to the underlying go/types data structures, // which ultimately derives from source order // and must be preserved by export data. for i := 0; i < T.NumMethods(); i++ { m := T.Method(i) - path2 := appendOpArg(path, opMethod, i) - if m == obj { - return Path(path2), nil // found declared method - } - if r := find(obj, m.Type(), append(path2, opType)); r != nil { - return Path(r), nil + tr.object(path, offset, opMethod, i, m) + } + } + } +} + +func (tr *traversal) visitType(path []byte, offset uint32, T types.Type) { + switch T := T.(type) { + case *types.Alias: + tr.typ(path, offset, opRhs, -1, T.Rhs()) + + case *types.Basic, *types.Named: + // Named types belonging to pkg were handled already, + // so T must belong to another package. No path. + return + + case *types.Pointer, *types.Slice, *types.Array, *types.Chan: + type hasElem interface{ Elem() types.Type } // note: includes Map + tr.typ(path, offset, opElem, -1, T.(hasElem).Elem()) + + case *types.Map: + tr.typ(path, offset, opKey, -1, T.Key()) + tr.typ(path, offset, opElem, -1, T.Elem()) + + case *types.Signature: + tr.tparams(T.RecvTypeParams(), path, offset, opRecvTypeParam) + tr.tparams(T.TypeParams(), path, offset, opTypeParam) + tr.typ(path, offset, opParams, -1, T.Params()) + tr.typ(path, offset, opResults, -1, T.Results()) + + case *types.Struct: + for i := 0; i < T.NumFields(); i++ { + tr.object(path, offset, opField, i, T.Field(i)) + } + + case *types.Tuple: + for i := 0; i < T.Len(); i++ { + tr.object(path, offset, opAt, i, T.At(i)) + } + + case *types.Interface: + for i := 0; i < T.NumMethods(); i++ { + m := T.Method(i) + if m.Pkg() != nil && m.Pkg() != tr.pkg { + continue // embedded method from another package + } + if !tr.seenMethods[m] { + if tr.seenMethods == nil { + tr.seenMethods = make(map[*types.Func]bool) } + tr.seenMethods[m] = true + tr.object(path, offset, opMethod, i, m) } } + + case *types.TypeParam: + tname := T.Obj() + if tname.Pkg() != nil && tname.Pkg() != tr.pkg { + return // type parameter from another package + } + if !tr.seenTParamNames[tname] { + if tr.seenTParamNames == nil { + tr.seenTParamNames = make(map[*types.TypeName]bool) + } + tr.seenTParamNames[tname] = true + tr.object(path, offset, opObj, -1, tname) + tr.typ(path, offset, opConstraint, -1, T.Constraint()) + } } +} - return "", fmt.Errorf("can't find path for %v in %s", obj, pkg.Path()) +func (tr *traversal) tparams(list *types.TypeParamList, path []byte, offset uint32, op byte) { + for i := 0; i < list.Len(); i++ { + tr.typ(path, offset, op, i, list.At(i)) + } +} + +// typ descends the type graph edge (op, index), then proceeds to traverse type t. +func (tr *traversal) typ(path []byte, offset uint32, op byte, index int, t types.Type) { + if tr.ix == nil { + path = appendOpArg(path, op, index) + } else { + offset = tr.ix.emitPathSegment(offset, op, index) + } + tr.visitType(path, offset, t) +} + +// object descends the type graph edge (op, index), records object +// obj, then proceeds to traverse its type. +func (tr *traversal) object(path []byte, offset uint32, op byte, index int, obj types.Object) { + if tr.ix == nil { + path = appendOpArg(path, op, index) + if obj == tr.target && tr.found == "" { + tr.found = Path(path) + } + path = append(path, opType) + } else { + offset = tr.ix.emitPathSegment(offset, op, index) + if _, ok := tr.ix.offsets[obj]; !ok { + tr.ix.offsets[obj] = offset + } + offset = tr.ix.emitPathSegment(offset, opType, -1) + } + tr.visitType(path, offset, obj.Type()) +} + +// emitPackageLevel encodes a record for a package-level symbol, +// identified by its index in ix.scopeNames. +func (p *pkgIndex) emitPackageLevel(index int) uint32 { + off := uint32(len(p.data)) + p.data = append(p.data, 0) // zero varint => no parent + p.data = binary.AppendUvarint(p.data, uint64(index)) + return off +} + +// emitPathSegment emits a record for a non-initial object path segment. +func (p *pkgIndex) emitPathSegment(parent uint32, op byte, index int) uint32 { + off := uint32(len(p.data)) + p.data = binary.AppendUvarint(p.data, uint64(parent)) + p.data = append(p.data, op) + switch op { + case opAt, opField, opMethod, opTypeParam, opRecvTypeParam: + p.data = binary.AppendUvarint(p.data, uint64(index)) + } + return off +} + +// path returns the Path for the encoded node at the specified offset. +func (p *pkgIndex) path(offset uint32) Path { + var elems []string // path elements in reverse + for { + // Read parent index. + parent, n := binary.Uvarint(p.data[offset:]) + offset += uint32(n) + + if parent == 0 { + break // root (end of path) + } + + op := p.data[offset] + offset++ + + // The [AFMTr] operators have a numeric operand. + switch op { + case opAt, opField, opMethod, opTypeParam, opRecvTypeParam: + val, n := binary.Uvarint(p.data[offset:]) + offset += uint32(n) + elems = append(elems, strconv.Itoa(int(val))) + } + + elems = append(elems, string([]byte{op})) + + offset = uint32(parent) + } + idx, _ := binary.Uvarint(p.data[offset:]) + + // Convert index to Path string. + name := p.scopeNames[idx] + sz := len(name) + for _, elem := range elems { + sz += len(elem) + } + var buf strings.Builder + buf.Grow(sz) + buf.WriteString(name) + for _, elem := range slices.Backward(elems) { + buf.WriteString(elem) + } + return Path(buf.String()) } -func appendOpArg(path []byte, op byte, arg int) []byte { +// appendOpArg appends (op, index) to the object path. +// A negative index is ignored. +func appendOpArg(path []byte, op byte, index int) []byte { path = append(path, op) - path = strconv.AppendInt(path, int64(arg), 10) + if index >= 0 { + path = strconv.AppendInt(path, int64(index), 10) + } return path } @@ -442,138 +723,6 @@ func (enc *Encoder) concreteMethod(meth *types.Func) (Path, bool) { // panic(fmt.Sprintf("couldn't find method %s on type %s; methods: %#v", meth, named, enc.namedMethods(named))) } -// find finds obj within type T, returning the path to it, or nil if not found. -// -// The seen map is used to short circuit cycles through type parameters. If -// nil, it will be allocated as necessary. -// -// The seenMethods map is used internally to short circuit cycles through -// interface methods, such as occur in the following example: -// -// type I interface { f() interface{I} } -// -// See golang/go#68046 for details. -func find(obj types.Object, T types.Type, path []byte) []byte { - return (&finder{obj: obj}).find(T, path) -} - -// finder closes over search state for a call to find. -type finder struct { - obj types.Object // the sought object - seenTParamNames map[*types.TypeName]bool // for cycle breaking through type parameters - seenMethods map[*types.Func]bool // for cycle breaking through recursive interfaces -} - -func (f *finder) find(T types.Type, path []byte) []byte { - switch T := T.(type) { - case *types.Alias: - return f.find(types.Unalias(T), path) - case *types.Basic, *types.Named: - // Named types belonging to pkg were handled already, - // so T must belong to another package. No path. - return nil - case *types.Pointer: - return f.find(T.Elem(), append(path, opElem)) - case *types.Slice: - return f.find(T.Elem(), append(path, opElem)) - case *types.Array: - return f.find(T.Elem(), append(path, opElem)) - case *types.Chan: - return f.find(T.Elem(), append(path, opElem)) - case *types.Map: - if r := f.find(T.Key(), append(path, opKey)); r != nil { - return r - } - return f.find(T.Elem(), append(path, opElem)) - case *types.Signature: - if r := f.findTypeParam(T.RecvTypeParams(), path, opRecvTypeParam); r != nil { - return r - } - if r := f.findTypeParam(T.TypeParams(), path, opTypeParam); r != nil { - return r - } - if r := f.find(T.Params(), append(path, opParams)); r != nil { - return r - } - return f.find(T.Results(), append(path, opResults)) - case *types.Struct: - for i := 0; i < T.NumFields(); i++ { - fld := T.Field(i) - path2 := appendOpArg(path, opField, i) - if fld == f.obj { - return path2 // found field var - } - if r := f.find(fld.Type(), append(path2, opType)); r != nil { - return r - } - } - return nil - case *types.Tuple: - for i := 0; i < T.Len(); i++ { - v := T.At(i) - path2 := appendOpArg(path, opAt, i) - if v == f.obj { - return path2 // found param/result var - } - if r := f.find(v.Type(), append(path2, opType)); r != nil { - return r - } - } - return nil - case *types.Interface: - for i := 0; i < T.NumMethods(); i++ { - m := T.Method(i) - if f.seenMethods[m] { - continue // break cycles (see TestIssue70418) - } - path2 := appendOpArg(path, opMethod, i) - if m == f.obj { - return path2 // found interface method - } - if f.seenMethods == nil { - f.seenMethods = make(map[*types.Func]bool) - } - f.seenMethods[m] = true - if r := f.find(m.Type(), append(path2, opType)); r != nil { - return r - } - } - return nil - case *types.TypeParam: - name := T.Obj() - if f.seenTParamNames[name] { - return nil - } - if name == f.obj { - return append(path, opObj) - } - if f.seenTParamNames == nil { - f.seenTParamNames = make(map[*types.TypeName]bool) - } - f.seenTParamNames[name] = true - if r := f.find(T.Constraint(), append(path, opConstraint)); r != nil { - return r - } - return nil - } - panic(T) -} - -func findTypeParam(obj types.Object, list *types.TypeParamList, path []byte, op byte) []byte { - return (&finder{obj: obj}).findTypeParam(list, path, op) -} - -func (f *finder) findTypeParam(list *types.TypeParamList, path []byte, op byte) []byte { - for i := 0; i < list.Len(); i++ { - tparam := list.At(i) - path2 := appendOpArg(path, op, i) - if r := f.find(tparam, path2); r != nil { - return r - } - } - return nil -} - // Object returns the object denoted by path p within the package pkg. func Object(pkg *types.Package, p Path) (types.Object, error) { pathstr := string(p) @@ -708,7 +857,7 @@ func Object(pkg *types.Package, p Path) (types.Object, error) { } tparams := hasTypeParams.TypeParams() if n := tparams.Len(); index >= n { - return nil, fmt.Errorf("tuple index %d out of range [0-%d)", index, n) + return nil, fmt.Errorf("type parameter index %d out of range [0-%d)", index, n) } t = tparams.At(index) @@ -719,7 +868,7 @@ func Object(pkg *types.Package, p Path) (types.Object, error) { } rtparams := sig.RecvTypeParams() if n := rtparams.Len(); index >= n { - return nil, fmt.Errorf("tuple index %d out of range [0-%d)", index, n) + return nil, fmt.Errorf("receiver type parameter index %d out of range [0-%d)", index, n) } t = rtparams.At(index) @@ -794,23 +943,3 @@ func Object(pkg *types.Package, p Path) (types.Object, error) { return obj, nil // success } - -// scopeObjects is a memoization of scope objects. -// Callers must not modify the result. -func (enc *Encoder) scopeObjects(scope *types.Scope) []types.Object { - m := enc.scopeMemo - if m == nil { - m = make(map[*types.Scope][]types.Object) - enc.scopeMemo = m - } - objs, ok := m[scope] - if !ok { - names := scope.Names() // allocates and sorts - objs = make([]types.Object, len(names)) - for i, name := range names { - objs[i] = scope.Lookup(name) - } - m[scope] = objs - } - return objs -} diff --git a/vendor/golang.org/x/tools/internal/gcimporter/ureader.go b/vendor/golang.org/x/tools/internal/gcimporter/ureader.go index 3db62b8908..5d3b7c867a 100644 --- a/vendor/golang.org/x/tools/internal/gcimporter/ureader.go +++ b/vendor/golang.org/x/tools/internal/gcimporter/ureader.go @@ -11,6 +11,7 @@ import ( "go/token" "go/types" "sort" + "strings" "golang.org/x/tools/internal/aliases" "golang.org/x/tools/internal/pkgbits" @@ -523,6 +524,12 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index) (*types.Package, string) { return objPkg, objName } + // TODO(mark): This, like the above splitVargenSuffix, is not ideal. + // Ignore generic methods promoted to global scope. + if strings.Contains(objName, ".") { + return objPkg, objName + } + if objPkg.Scope().Lookup(objName) == nil { dict := pr.objDictIdx(idx) @@ -554,15 +561,11 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index) (*types.Package, string) { case pkgbits.ObjFunc: pos := r.pos() - var rtparams []*types.TypeParam - var recv *types.Var - if r.Version().Has(pkgbits.GenericMethods) && r.Bool() { - r.selector() - rtparams = r.typeParamNames(true) - recv = r.param() + if r.Version().Has(pkgbits.GenericMethods) { + assert(!r.Bool()) // generic methods are read in their defining type } tparams := r.typeParamNames(false) - sig := r.signature(recv, rtparams, tparams) + sig := r.signature(nil, nil, tparams) declare(types.NewFunc(pos, objPkg, objName, sig)) case pkgbits.ObjType: @@ -630,6 +633,29 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index) (*types.Package, string) { named.AddMethod(r.method()) } + if r.Version().Has(pkgbits.GenericMethods) { + for range r.Len() { + // Careful: objIdx is used to read in package-scoped declarations, which + // methods are not. Instead, decode it here. This makes it easier to + // associate it with the type and avoids the main objIdx loop. + idx := r.Reloc(pkgbits.RelocObj) + + r := pr.tempReader(pkgbits.RelocObj, idx, pkgbits.SyncObject1) + r.dict = pr.objDictIdx(idx) + + pos := r.pos() + assert(r.Bool()) // generic method + pkg, name := r.selector() + rtparams := r.typeParamNames(true) + recv := r.param() + tparams := r.typeParamNames(false) + sig := r.signature(recv, rtparams, tparams) + + pr.retireReader(r) + named.AddMethod(types.NewFunc(pos, pkg, name, sig)) + } + } + case pkgbits.ObjVar: pos := r.pos() typ := r.typ() @@ -653,7 +679,7 @@ func (pr *pkgReader) objDictIdx(idx pkgbits.Index) *readerDict { } nreceivers := 0 - if r.Version().Has(pkgbits.GenericMethods) && r.Bool() { + if r.Version().Has(pkgbits.GenericMethods) { nreceivers = r.Len() } nexplicits := r.Len() diff --git a/vendor/golang.org/x/tools/internal/gocommand/version.go b/vendor/golang.org/x/tools/internal/gocommand/version.go index cce290c419..d82f13a7e6 100644 --- a/vendor/golang.org/x/tools/internal/gocommand/version.go +++ b/vendor/golang.org/x/tools/internal/gocommand/version.go @@ -8,6 +8,7 @@ import ( "context" "fmt" "regexp" + "slices" "strings" ) @@ -41,9 +42,9 @@ func GoVersion(ctx context.Context, inv Invocation, r *Runner) (int, error) { } // Split up "[go1.1 go1.15]" and return highest go1.X value. tags := strings.Fields(stdout[1 : len(stdout)-2]) - for i := len(tags) - 1; i >= 0; i-- { + for _, tag := range slices.Backward(tags) { var version int - if _, err := fmt.Sscanf(tags[i], "go1.%d", &version); err != nil { + if _, err := fmt.Sscanf(tag, "go1.%d", &version); err != nil { continue } return version, nil diff --git a/vendor/modules.txt b/vendor/modules.txt index cf3b2a86c8..27e91f79ed 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -170,8 +170,8 @@ github.com/google/go-cmp/cmp/internal/diff github.com/google/go-cmp/cmp/internal/flags github.com/google/go-cmp/cmp/internal/function github.com/google/go-cmp/cmp/internal/value -# github.com/google/go-containerregistry v0.21.1 -## explicit; go 1.25.6 +# github.com/google/go-containerregistry v0.21.6 +## explicit; go 1.25.0 github.com/google/go-containerregistry/pkg/name github.com/google/go-containerregistry/pkg/v1 github.com/google/go-containerregistry/pkg/v1/types @@ -537,7 +537,7 @@ golang.org/x/crypto/ssh golang.org/x/crypto/ssh/agent golang.org/x/crypto/ssh/internal/bcrypt_pbkdf golang.org/x/crypto/ssh/knownhosts -# golang.org/x/mod v0.35.0 +# golang.org/x/mod v0.36.0 ## explicit; go 1.25.0 golang.org/x/mod/semver # golang.org/x/net v0.54.0 @@ -600,7 +600,7 @@ golang.org/x/text/secure/bidirule golang.org/x/text/transform golang.org/x/text/unicode/bidi golang.org/x/text/unicode/norm -# golang.org/x/tools v0.44.0 +# golang.org/x/tools v0.45.0 ## explicit; go 1.25.0 golang.org/x/tools/cover golang.org/x/tools/go/ast/edge From 771d506d663366540b250b583ab5884817f4dcd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 21:43:22 +0200 Subject: [PATCH 11/17] Update github.com/miekg/pkcs11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- common/go.mod | 2 +- common/go.sum | 7 +- image/go.mod | 2 +- image/go.sum | 4 +- vendor/github.com/miekg/pkcs11/params.go | 33 +- vendor/github.com/miekg/pkcs11/pkcs11.go | 38 +- vendor/github.com/miekg/pkcs11/release.go | 2 +- vendor/github.com/miekg/pkcs11/types.go | 17 +- vendor/github.com/miekg/pkcs11/vendor.go | 14 +- vendor/github.com/miekg/pkcs11/zconst.go | 1444 +++++++++++---------- vendor/modules.txt | 2 +- 11 files changed, 886 insertions(+), 679 deletions(-) diff --git a/common/go.mod b/common/go.mod index e3dadfb2bb..3a2070942d 100644 --- a/common/go.mod +++ b/common/go.mod @@ -90,7 +90,7 @@ require ( github.com/manifoldco/promptui v0.9.0 // indirect github.com/mattn/go-runewidth v0.0.23 // indirect github.com/mattn/go-sqlite3 v1.14.44 // indirect - github.com/miekg/pkcs11 v1.1.1 // indirect + github.com/miekg/pkcs11 v1.1.2 // indirect github.com/mistifyio/go-zfs/v4 v4.0.0 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/moby/api v1.54.2 // indirect diff --git a/common/go.sum b/common/go.sum index f66cf64e6a..4b2567c970 100644 --- a/common/go.sum +++ b/common/go.sum @@ -99,6 +99,7 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-containerregistry v0.21.6 h1:T+yqQIlJXKrM98Om4DlW3GoWQAmhZuLMwoDOvVrtiUM= +github.com/google/go-containerregistry v0.21.6/go.mod h1:U7MMSBIJynke2MVQrQk19NP9k/uQsGz/h0amIFSHMbo= github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM= github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -142,8 +143,8 @@ github.com/mattn/go-sqlite3 v1.14.44 h1:3VSe+xafpbzsLbdr2AWlAZk9yRHiBhTBakioXaCK github.com/mattn/go-sqlite3 v1.14.44/go.mod h1:pjEuOr8IwzLJP2MfGeTb0A35jauH+C2kbHKBr7yXKVQ= github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= -github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= -github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/miekg/pkcs11 v1.1.2 h1:/VxmeAX5qU6Q3EwafypogwWbYryHFmF2RpkJmw3m4MQ= +github.com/miekg/pkcs11 v1.1.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mistifyio/go-zfs/v4 v4.0.0 h1:sU0+5dX45tdDK5xNZ3HBi95nxUc48FS92qbIZEvpAg4= github.com/mistifyio/go-zfs/v4 v4.0.0/go.mod h1:weotFtXTHvBwhr9Mv96KYnDkTPBOHFUbm9cBmQpesL0= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= @@ -294,6 +295,7 @@ golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.36.0 h1:JJjpVx6myfUsUdAzZuOSTTmRE0PfZeNWzzvKrP7amb4= +golang.org/x/mod v0.36.0/go.mod h1:moc6ELqsWcOw5Ef3xVprK5ul/MvtVvkIXLziUOICjUQ= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= @@ -359,6 +361,7 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/tools v0.45.0 h1:18qN3FAooORvApf5XjCXgsuayZOEtXf6JK18I3+ONa8= +golang.org/x/tools v0.45.0/go.mod h1:LuUGqqaXcXMEFEruIVJVm5mgDD8vww/z/SR1gQ4uE/0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= diff --git a/image/go.mod b/image/go.mod index 21adaa5548..ddf42fc2d9 100644 --- a/image/go.mod +++ b/image/go.mod @@ -73,7 +73,7 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-runewidth v0.0.23 // indirect - github.com/miekg/pkcs11 v1.1.1 // indirect + github.com/miekg/pkcs11 v1.1.2 // indirect github.com/mistifyio/go-zfs/v4 v4.0.0 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/sys/capability v0.4.0 // indirect diff --git a/image/go.sum b/image/go.sum index 8089e7c266..c768b67c68 100644 --- a/image/go.sum +++ b/image/go.sum @@ -114,8 +114,8 @@ github.com/mattn/go-runewidth v0.0.23 h1:7ykA0T0jkPpzSvMS5i9uoNn2Xy3R383f9HDx3Ry github.com/mattn/go-runewidth v0.0.23/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs= github.com/mattn/go-sqlite3 v1.14.44 h1:3VSe+xafpbzsLbdr2AWlAZk9yRHiBhTBakioXaCKTF8= github.com/mattn/go-sqlite3 v1.14.44/go.mod h1:pjEuOr8IwzLJP2MfGeTb0A35jauH+C2kbHKBr7yXKVQ= -github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= -github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/miekg/pkcs11 v1.1.2 h1:/VxmeAX5qU6Q3EwafypogwWbYryHFmF2RpkJmw3m4MQ= +github.com/miekg/pkcs11 v1.1.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mistifyio/go-zfs/v4 v4.0.0 h1:sU0+5dX45tdDK5xNZ3HBi95nxUc48FS92qbIZEvpAg4= github.com/mistifyio/go-zfs/v4 v4.0.0/go.mod h1:weotFtXTHvBwhr9Mv96KYnDkTPBOHFUbm9cBmQpesL0= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= diff --git a/vendor/github.com/miekg/pkcs11/params.go b/vendor/github.com/miekg/pkcs11/params.go index 6d9ce96ae8..f111086c37 100644 --- a/vendor/github.com/miekg/pkcs11/params.go +++ b/vendor/github.com/miekg/pkcs11/params.go @@ -26,6 +26,11 @@ static inline void putECDH1PublicParams(CK_ECDH1_DERIVE_PARAMS_PTR params, CK_VO params->pPublicData = pPublicData; params->ulPublicDataLen = ulPublicDataLen; } + +static inline void putRSAAESKeyWrapParams(CK_RSA_AES_KEY_WRAP_PARAMS_PTR params, CK_VOID_PTR pOAEPParams) +{ + params->pOAEPParams = pOAEPParams; +} */ import "C" import "unsafe" @@ -84,7 +89,7 @@ func cGCMParams(p *GCMParams) []byte { p.Free() p.arena = arena p.params = ¶ms - return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params))) + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)) } // IV returns a copy of the actual IV used for the operation. @@ -121,7 +126,7 @@ func NewPSSParams(hashAlg, mgf, saltLength uint) []byte { mgf: C.CK_RSA_PKCS_MGF_TYPE(mgf), sLen: C.CK_ULONG(saltLength), } - return C.GoBytes(unsafe.Pointer(&p), C.int(unsafe.Sizeof(p))) + return memBytes(unsafe.Pointer(&p), unsafe.Sizeof(p)) } // OAEPParams can be passed to NewMechanism to implement CKM_RSA_PKCS_OAEP. @@ -153,7 +158,7 @@ func cOAEPParams(p *OAEPParams, arena arena) ([]byte, arena) { // field is unaligned on windows so this has to call into C C.putOAEPParams(¶ms, buf, len) } - return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params))), arena + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena } // ECDH1DeriveParams can be passed to NewMechanism to implement CK_ECDH1_DERIVE_PARAMS. @@ -186,5 +191,25 @@ func cECDH1DeriveParams(p *ECDH1DeriveParams, arena arena) ([]byte, arena) { publicKeyData, publicKeyDataLen := arena.Allocate(p.PublicKeyData) C.putECDH1PublicParams(¶ms, publicKeyData, publicKeyDataLen) - return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params))), arena + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena } + +type RSAAESKeyWrapParams struct { + AESKeyBits uint + OAEPParams OAEPParams +} + +func cRSAAESKeyWrapParams(p *RSAAESKeyWrapParams, arena arena) ([]byte, arena) { + var param []byte + params := C.CK_RSA_AES_KEY_WRAP_PARAMS { + ulAESKeyBits: C.CK_MECHANISM_TYPE(p.AESKeyBits), + } + + param, arena = cOAEPParams(&p.OAEPParams, arena) + if len(param) != 0 { + buf, _ := arena.Allocate(param) + C.putRSAAESKeyWrapParams(¶ms, buf) + } + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena +} + diff --git a/vendor/github.com/miekg/pkcs11/pkcs11.go b/vendor/github.com/miekg/pkcs11/pkcs11.go index e1b5824ec8..8d8d4c39cd 100644 --- a/vendor/github.com/miekg/pkcs11/pkcs11.go +++ b/vendor/github.com/miekg/pkcs11/pkcs11.go @@ -5,6 +5,8 @@ //go:generate go run const_generate.go // Package pkcs11 is a wrapper around the PKCS#11 cryptographic library. +// Latest version of the specification: +// http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html package pkcs11 // It is *assumed*, that: @@ -104,11 +106,12 @@ void Destroy(struct ctx *c) } #endif -CK_RV Initialize(struct ctx * c) +CK_RV Initialize(struct ctx * c, CK_FLAGS flags, CK_VOID_PTR reserved) { CK_C_INITIALIZE_ARGS args; memset(&args, 0, sizeof(args)); - args.flags = CKF_OS_LOCKING_OK; + args.flags = flags; + args.pReserved = reserved; return c->sym->C_Initialize(&args); } @@ -803,9 +806,36 @@ func (c *Ctx) Destroy() { c.ctx = nil } +type initializeArgs struct { + flags uint + reserved unsafe.Pointer +} + +// An InitializeOption modifies the default behavior of Initialize. +type InitializeOption func(*initializeArgs) + +// InitializeWithFlags sets the flags field in CK_C_INITIALIZE_ARGS. +// Note that flags defaults to CKF_OS_LOCKING_OK if this option is not provided. +func InitializeWithFlags(flags uint) InitializeOption { + return func(args *initializeArgs) { + args.flags = flags + } +} + +// InitializeWithReserved sets the pReserved field in CK_C_INITIALIZE_ARGS. +func InitializeWithReserved(reserved unsafe.Pointer) InitializeOption { + return func(args *initializeArgs) { + args.reserved = reserved + } +} + // Initialize initializes the Cryptoki library. -func (c *Ctx) Initialize() error { - e := C.Initialize(c.ctx) +func (c *Ctx) Initialize(opts ...InitializeOption) error { + args := initializeArgs{flags: CKF_OS_LOCKING_OK} + for _, o := range opts { + o(&args) + } + e := C.Initialize(c.ctx, C.CK_FLAGS(args.flags), C.CK_VOID_PTR(args.reserved)) return toError(e) } diff --git a/vendor/github.com/miekg/pkcs11/release.go b/vendor/github.com/miekg/pkcs11/release.go index d8b99f147e..c9fcb0e735 100644 --- a/vendor/github.com/miekg/pkcs11/release.go +++ b/vendor/github.com/miekg/pkcs11/release.go @@ -6,7 +6,7 @@ package pkcs11 import "fmt" // Release is current version of the pkcs11 library. -var Release = R{1, 1, 1} +var Release = R{1, 1, 2} // R holds the version of this library. type R struct { diff --git a/vendor/github.com/miekg/pkcs11/types.go b/vendor/github.com/miekg/pkcs11/types.go index 60eadcb71b..d3bfce80da 100644 --- a/vendor/github.com/miekg/pkcs11/types.go +++ b/vendor/github.com/miekg/pkcs11/types.go @@ -53,7 +53,7 @@ func toList(clist C.CK_ULONG_PTR, size C.CK_ULONG) []uint { for i := 0; i < len(l); i++ { l[i] = uint(C.Index(clist, C.CK_ULONG(i))) } - defer C.free(unsafe.Pointer(clist)) + C.free(unsafe.Pointer(clist)) return l } @@ -65,9 +65,15 @@ func cBBool(x bool) C.CK_BBOOL { return C.CK_BBOOL(C.CK_FALSE) } +// memBytes returns a byte slice that references an arbitrary memory area +func memBytes(p unsafe.Pointer, len uintptr) []byte { + const maxIndex int32 = (1 << 31) - 1 + return (*([maxIndex]byte))(p)[:len:len] +} + func uintToBytes(x uint64) []byte { ul := C.CK_ULONG(x) - return C.GoBytes(unsafe.Pointer(&ul), C.int(unsafe.Sizeof(ul))) + return memBytes(unsafe.Pointer(&ul), unsafe.Sizeof(ul)) } // Error represents an PKCS#11 error. @@ -255,13 +261,14 @@ func NewMechanism(mech uint, x interface{}) *Mechanism { } switch p := x.(type) { - case *GCMParams, *OAEPParams, *ECDH1DeriveParams: + case *GCMParams, *OAEPParams, *ECDH1DeriveParams, *RSAAESKeyWrapParams: // contains pointers; defer serialization until cMechanism m.generator = p case []byte: m.Parameter = p default: - panic("parameter must be one of type: []byte, *GCMParams, *OAEPParams, *ECDH1DeriveParams") + panic("parameter must be one of type: []byte, *GCMParams, *OAEPParams, *ECDH1DeriveParams," + + " *RSAAESKeyWrapParams") } return m @@ -284,6 +291,8 @@ func cMechanism(mechList []*Mechanism) (arena, *C.CK_MECHANISM) { param, arena = cOAEPParams(p, arena) case *ECDH1DeriveParams: param, arena = cECDH1DeriveParams(p, arena) + case *RSAAESKeyWrapParams: + param, arena = cRSAAESKeyWrapParams(p, arena) } if len(param) != 0 { buf, len := arena.Allocate(param) diff --git a/vendor/github.com/miekg/pkcs11/vendor.go b/vendor/github.com/miekg/pkcs11/vendor.go index 83188e5001..5132dc4f07 100644 --- a/vendor/github.com/miekg/pkcs11/vendor.go +++ b/vendor/github.com/miekg/pkcs11/vendor.go @@ -10,12 +10,12 @@ const ( // Vendor specific mechanisms for HMAC on Ncipher HSMs where Ncipher does not allow use of generic_secret keys. const ( - CKM_NC_SHA_1_HMAC_KEY_GEN = CKM_NCIPHER + 0x3 /* no params */ - CKM_NC_MD5_HMAC_KEY_GEN = CKM_NCIPHER + 0x6 /* no params */ - CKM_NC_SHA224_HMAC_KEY_GEN = CKM_NCIPHER + 0x24 /* no params */ - CKM_NC_SHA256_HMAC_KEY_GEN = CKM_NCIPHER + 0x25 /* no params */ - CKM_NC_SHA384_HMAC_KEY_GEN = CKM_NCIPHER + 0x26 /* no params */ - CKM_NC_SHA512_HMAC_KEY_GEN = CKM_NCIPHER + 0x27 /* no params */ + CKM_NC_SHA_1_HMAC_KEY_GEN = CKM_NCIPHER + 0x3 // no params + CKM_NC_MD5_HMAC_KEY_GEN = CKM_NCIPHER + 0x6 // no params + CKM_NC_SHA224_HMAC_KEY_GEN = CKM_NCIPHER + 0x24 // no params + CKM_NC_SHA256_HMAC_KEY_GEN = CKM_NCIPHER + 0x25 // no params + CKM_NC_SHA384_HMAC_KEY_GEN = CKM_NCIPHER + 0x26 // no params + CKM_NC_SHA512_HMAC_KEY_GEN = CKM_NCIPHER + 0x27 // no params ) // Vendor specific range for Mozilla NSS. @@ -67,6 +67,8 @@ const ( CKA_NSS_JPAKE_X2 = CKA_NSS + 32 CKA_NSS_JPAKE_X2S = CKA_NSS + 33 CKA_NSS_MOZILLA_CA_POLICY = CKA_NSS + 34 + CKA_NSS_SERVER_DISTRUST_AFTER = CKA_NSS + 35 + CKA_NSS_EMAIL_DISTRUST_AFTER = CKA_NSS + 36 CKA_TRUST_DIGITAL_SIGNATURE = CKA_TRUST + 1 CKA_TRUST_NON_REPUDIATION = CKA_TRUST + 2 CKA_TRUST_KEY_ENCIPHERMENT = CKA_TRUST + 3 diff --git a/vendor/github.com/miekg/pkcs11/zconst.go b/vendor/github.com/miekg/pkcs11/zconst.go index 41df5cfcf0..164054decc 100644 --- a/vendor/github.com/miekg/pkcs11/zconst.go +++ b/vendor/github.com/miekg/pkcs11/zconst.go @@ -7,107 +7,199 @@ package pkcs11 const ( - CK_TRUE = 1 - CK_FALSE = 0 - CK_UNAVAILABLE_INFORMATION = ^uint(0) - CK_EFFECTIVELY_INFINITE = 0 - CK_INVALID_HANDLE = 0 - CKN_SURRENDER = 0 - CKN_OTP_CHANGED = 1 - CKF_TOKEN_PRESENT = 0x00000001 - CKF_REMOVABLE_DEVICE = 0x00000002 - CKF_HW_SLOT = 0x00000004 - CKF_RNG = 0x00000001 - CKF_WRITE_PROTECTED = 0x00000002 - CKF_LOGIN_REQUIRED = 0x00000004 - CKF_USER_PIN_INITIALIZED = 0x00000008 - CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020 - CKF_CLOCK_ON_TOKEN = 0x00000040 - CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100 - CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200 - CKF_TOKEN_INITIALIZED = 0x00000400 - CKF_SECONDARY_AUTHENTICATION = 0x00000800 - CKF_USER_PIN_COUNT_LOW = 0x00010000 - CKF_USER_PIN_FINAL_TRY = 0x00020000 - CKF_USER_PIN_LOCKED = 0x00040000 - CKF_USER_PIN_TO_BE_CHANGED = 0x00080000 - CKF_SO_PIN_COUNT_LOW = 0x00100000 - CKF_SO_PIN_FINAL_TRY = 0x00200000 - CKF_SO_PIN_LOCKED = 0x00400000 - CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 - CKF_ERROR_STATE = 0x01000000 - CKU_SO = 0 - CKU_USER = 1 - CKU_CONTEXT_SPECIFIC = 2 - CKS_RO_PUBLIC_SESSION = 0 - CKS_RO_USER_FUNCTIONS = 1 - CKS_RW_PUBLIC_SESSION = 2 - CKS_RW_USER_FUNCTIONS = 3 - CKS_RW_SO_FUNCTIONS = 4 - CKF_RW_SESSION = 0x00000002 - CKF_SERIAL_SESSION = 0x00000004 - CKO_DATA = 0x00000000 - CKO_CERTIFICATE = 0x00000001 - CKO_PUBLIC_KEY = 0x00000002 - CKO_PRIVATE_KEY = 0x00000003 - CKO_SECRET_KEY = 0x00000004 - CKO_HW_FEATURE = 0x00000005 - CKO_DOMAIN_PARAMETERS = 0x00000006 - CKO_MECHANISM = 0x00000007 - CKO_OTP_KEY = 0x00000008 - CKO_VENDOR_DEFINED = 0x80000000 - CKH_MONOTONIC_COUNTER = 0x00000001 - CKH_CLOCK = 0x00000002 - CKH_USER_INTERFACE = 0x00000003 - CKH_VENDOR_DEFINED = 0x80000000 - CKK_RSA = 0x00000000 - CKK_DSA = 0x00000001 - CKK_DH = 0x00000002 - CKK_ECDSA = 0x00000003 // Deprecated - CKK_EC = 0x00000003 - CKK_X9_42_DH = 0x00000004 - CKK_KEA = 0x00000005 - CKK_GENERIC_SECRET = 0x00000010 - CKK_RC2 = 0x00000011 - CKK_RC4 = 0x00000012 - CKK_DES = 0x00000013 - CKK_DES2 = 0x00000014 - CKK_DES3 = 0x00000015 - CKK_CAST = 0x00000016 - CKK_CAST3 = 0x00000017 - CKK_CAST5 = 0x00000018 // Deprecated - CKK_CAST128 = 0x00000018 - CKK_RC5 = 0x00000019 - CKK_IDEA = 0x0000001A - CKK_SKIPJACK = 0x0000001B - CKK_BATON = 0x0000001C - CKK_JUNIPER = 0x0000001D - CKK_CDMF = 0x0000001E - CKK_AES = 0x0000001F - CKK_BLOWFISH = 0x00000020 - CKK_TWOFISH = 0x00000021 - CKK_SECURID = 0x00000022 - CKK_HOTP = 0x00000023 - CKK_ACTI = 0x00000024 - CKK_CAMELLIA = 0x00000025 - CKK_ARIA = 0x00000026 - CKK_MD5_HMAC = 0x00000027 - CKK_SHA_1_HMAC = 0x00000028 - CKK_RIPEMD128_HMAC = 0x00000029 - CKK_RIPEMD160_HMAC = 0x0000002A - CKK_SHA256_HMAC = 0x0000002B - CKK_SHA384_HMAC = 0x0000002C - CKK_SHA512_HMAC = 0x0000002D - CKK_SHA224_HMAC = 0x0000002E - CKK_SEED = 0x0000002F - CKK_GOSTR3410 = 0x00000030 - CKK_GOSTR3411 = 0x00000031 - CKK_GOST28147 = 0x00000032 - CKK_SHA3_224_HMAC = 0x00000033 - CKK_SHA3_256_HMAC = 0x00000034 - CKK_SHA3_384_HMAC = 0x00000035 - CKK_SHA3_512_HMAC = 0x00000036 - CKK_VENDOR_DEFINED = 0x80000000 + CK_TRUE = true + CK_FALSE = false + + // some special values for certain CK_ULONG variables + CK_UNAVAILABLE_INFORMATION = ^uint(0) + CK_EFFECTIVELY_INFINITE = 0 + + // The following value is always invalid if used as a session + // handle or object handle + CK_INVALID_HANDLE = 0 + + CKN_SURRENDER = 0 + CKN_OTP_CHANGED = 1 + + // flags: bit flags that provide capabilities of the slot + // + // Bit Flag Mask Meaning + CKF_TOKEN_PRESENT = 0x00000001 // a token is there + CKF_REMOVABLE_DEVICE = 0x00000002 // removable devices + CKF_HW_SLOT = 0x00000004 // hardware slot + + // The flags parameter is defined as follows: + // + // Bit Flag Mask Meaning + CKF_RNG = 0x00000001 // has random # generator + CKF_WRITE_PROTECTED = 0x00000002 // token is write-protected + CKF_LOGIN_REQUIRED = 0x00000004 // user must login + CKF_USER_PIN_INITIALIZED = 0x00000008 // normal user's PIN is set + + // CKF_RESTORE_KEY_NOT_NEEDED. If it is set, + // that means that *every* time the state of cryptographic + // operations of a session is successfully saved, all keys + // needed to continue those operations are stored in the state + CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020 + + // CKF_CLOCK_ON_TOKEN. If it is set, that means + // that the token has some sort of clock. The time on that + // clock is returned in the token info structure + CKF_CLOCK_ON_TOKEN = 0x00000040 + + // CKF_PROTECTED_AUTHENTICATION_PATH. If it is + // set, that means that there is some way for the user to login + // without sending a PIN through the Cryptoki library itself + CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100 + + // CKF_DUAL_CRYPTO_OPERATIONS. If it is true, + // that means that a single session with the token can perform + // dual simultaneous cryptographic operations (digest and + // encrypt; decrypt and digest; sign and encrypt; and decrypt + // and sign) + CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200 + + // CKF_TOKEN_INITIALIZED. If it is true, the + // token has been initialized using C_InitializeToken or an + // equivalent mechanism outside the scope of PKCS #11. + // Calling C_InitializeToken when this flag is set will cause + // the token to be reinitialized. + CKF_TOKEN_INITIALIZED = 0x00000400 + + // CKF_SECONDARY_AUTHENTICATION. If it is + // true, the token supports secondary authentication for + // private key objects. + CKF_SECONDARY_AUTHENTICATION = 0x00000800 + + // CKF_USER_PIN_COUNT_LOW. If it is true, an + // incorrect user login PIN has been entered at least once + // since the last successful authentication. + CKF_USER_PIN_COUNT_LOW = 0x00010000 + + // CKF_USER_PIN_FINAL_TRY. If it is true, + // supplying an incorrect user PIN will it to become locked. + CKF_USER_PIN_FINAL_TRY = 0x00020000 + + // CKF_USER_PIN_LOCKED. If it is true, the + // user PIN has been locked. User login to the token is not + // possible. + CKF_USER_PIN_LOCKED = 0x00040000 + + // CKF_USER_PIN_TO_BE_CHANGED. If it is true, + // the user PIN value is the default value set by token + // initialization or manufacturing, or the PIN has been + // expired by the card. + CKF_USER_PIN_TO_BE_CHANGED = 0x00080000 + + // CKF_SO_PIN_COUNT_LOW. If it is true, an + // incorrect SO login PIN has been entered at least once since + // the last successful authentication. + CKF_SO_PIN_COUNT_LOW = 0x00100000 + + // CKF_SO_PIN_FINAL_TRY. If it is true, + // supplying an incorrect SO PIN will it to become locked. + CKF_SO_PIN_FINAL_TRY = 0x00200000 + + // CKF_SO_PIN_LOCKED. If it is true, the SO + // PIN has been locked. SO login to the token is not possible. + CKF_SO_PIN_LOCKED = 0x00400000 + + // CKF_SO_PIN_TO_BE_CHANGED. If it is true, + // the SO PIN value is the default value set by token + // initialization or manufacturing, or the PIN has been + // expired by the card. + CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 + CKF_ERROR_STATE = 0x01000000 + + // Security Officer + CKU_SO = 0 + + // Normal user + CKU_USER = 1 + + // Context specific + CKU_CONTEXT_SPECIFIC = 2 + + CKS_RO_PUBLIC_SESSION = 0 + CKS_RO_USER_FUNCTIONS = 1 + CKS_RW_PUBLIC_SESSION = 2 + CKS_RW_USER_FUNCTIONS = 3 + CKS_RW_SO_FUNCTIONS = 4 + + // The flags are defined in the following table: + // + // Bit Flag Mask Meaning + CKF_RW_SESSION = 0x00000002 // session is r/w + CKF_SERIAL_SESSION = 0x00000004 // no parallel + + // The following classes of objects are defined: + CKO_DATA = 0x00000000 + CKO_CERTIFICATE = 0x00000001 + CKO_PUBLIC_KEY = 0x00000002 + CKO_PRIVATE_KEY = 0x00000003 + CKO_SECRET_KEY = 0x00000004 + CKO_HW_FEATURE = 0x00000005 + CKO_DOMAIN_PARAMETERS = 0x00000006 + CKO_MECHANISM = 0x00000007 + CKO_OTP_KEY = 0x00000008 + CKO_VENDOR_DEFINED = 0x80000000 + + // The following hardware feature types are defined + CKH_MONOTONIC_COUNTER = 0x00000001 + CKH_CLOCK = 0x00000002 + CKH_USER_INTERFACE = 0x00000003 + CKH_VENDOR_DEFINED = 0x80000000 + + // the following key types are defined: + CKK_RSA = 0x00000000 + CKK_DSA = 0x00000001 + CKK_DH = 0x00000002 + CKK_ECDSA = 0x00000003 // Deprecated + CKK_EC = 0x00000003 + CKK_X9_42_DH = 0x00000004 + CKK_KEA = 0x00000005 + CKK_GENERIC_SECRET = 0x00000010 + CKK_RC2 = 0x00000011 + CKK_RC4 = 0x00000012 + CKK_DES = 0x00000013 + CKK_DES2 = 0x00000014 + CKK_DES3 = 0x00000015 + CKK_CAST = 0x00000016 + CKK_CAST3 = 0x00000017 + CKK_CAST5 = 0x00000018 // Deprecated + CKK_CAST128 = 0x00000018 + CKK_RC5 = 0x00000019 + CKK_IDEA = 0x0000001A + CKK_SKIPJACK = 0x0000001B + CKK_BATON = 0x0000001C + CKK_JUNIPER = 0x0000001D + CKK_CDMF = 0x0000001E + CKK_AES = 0x0000001F + CKK_BLOWFISH = 0x00000020 + CKK_TWOFISH = 0x00000021 + CKK_SECURID = 0x00000022 + CKK_HOTP = 0x00000023 + CKK_ACTI = 0x00000024 + CKK_CAMELLIA = 0x00000025 + CKK_ARIA = 0x00000026 + CKK_MD5_HMAC = 0x00000027 + CKK_SHA_1_HMAC = 0x00000028 + CKK_RIPEMD128_HMAC = 0x00000029 + CKK_RIPEMD160_HMAC = 0x0000002A + CKK_SHA256_HMAC = 0x0000002B + CKK_SHA384_HMAC = 0x0000002C + CKK_SHA512_HMAC = 0x0000002D + CKK_SHA224_HMAC = 0x0000002E + CKK_SEED = 0x0000002F + CKK_GOSTR3410 = 0x00000030 + CKK_GOSTR3411 = 0x00000031 + CKK_GOST28147 = 0x00000032 + CKK_SHA3_224_HMAC = 0x00000033 + CKK_SHA3_256_HMAC = 0x00000034 + CKK_SHA3_384_HMAC = 0x00000035 + CKK_SHA3_512_HMAC = 0x00000036 + CKK_VENDOR_DEFINED = 0x80000000 + CK_CERTIFICATE_CATEGORY_UNSPECIFIED = 0 CK_CERTIFICATE_CATEGORY_TOKEN_USER = 1 CK_CERTIFICATE_CATEGORY_AUTHORITY = 2 @@ -116,513 +208,539 @@ const ( CK_SECURITY_DOMAIN_MANUFACTURER = 1 CK_SECURITY_DOMAIN_OPERATOR = 2 CK_SECURITY_DOMAIN_THIRD_PARTY = 3 - CKC_X_509 = 0x00000000 - CKC_X_509_ATTR_CERT = 0x00000001 - CKC_WTLS = 0x00000002 - CKC_VENDOR_DEFINED = 0x80000000 - CKF_ARRAY_ATTRIBUTE = 0x40000000 - CK_OTP_FORMAT_DECIMAL = 0 - CK_OTP_FORMAT_HEXADECIMAL = 1 - CK_OTP_FORMAT_ALPHANUMERIC = 2 - CK_OTP_FORMAT_BINARY = 3 - CK_OTP_PARAM_IGNORED = 0 - CK_OTP_PARAM_OPTIONAL = 1 - CK_OTP_PARAM_MANDATORY = 2 - CKA_CLASS = 0x00000000 - CKA_TOKEN = 0x00000001 - CKA_PRIVATE = 0x00000002 - CKA_LABEL = 0x00000003 - CKA_APPLICATION = 0x00000010 - CKA_VALUE = 0x00000011 - CKA_OBJECT_ID = 0x00000012 - CKA_CERTIFICATE_TYPE = 0x00000080 - CKA_ISSUER = 0x00000081 - CKA_SERIAL_NUMBER = 0x00000082 - CKA_AC_ISSUER = 0x00000083 - CKA_OWNER = 0x00000084 - CKA_ATTR_TYPES = 0x00000085 - CKA_TRUSTED = 0x00000086 - CKA_CERTIFICATE_CATEGORY = 0x00000087 - CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 - CKA_URL = 0x00000089 - CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A - CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B - CKA_NAME_HASH_ALGORITHM = 0x0000008C - CKA_CHECK_VALUE = 0x00000090 - CKA_KEY_TYPE = 0x00000100 - CKA_SUBJECT = 0x00000101 - CKA_ID = 0x00000102 - CKA_SENSITIVE = 0x00000103 - CKA_ENCRYPT = 0x00000104 - CKA_DECRYPT = 0x00000105 - CKA_WRAP = 0x00000106 - CKA_UNWRAP = 0x00000107 - CKA_SIGN = 0x00000108 - CKA_SIGN_RECOVER = 0x00000109 - CKA_VERIFY = 0x0000010A - CKA_VERIFY_RECOVER = 0x0000010B - CKA_DERIVE = 0x0000010C - CKA_START_DATE = 0x00000110 - CKA_END_DATE = 0x00000111 - CKA_MODULUS = 0x00000120 - CKA_MODULUS_BITS = 0x00000121 - CKA_PUBLIC_EXPONENT = 0x00000122 - CKA_PRIVATE_EXPONENT = 0x00000123 - CKA_PRIME_1 = 0x00000124 - CKA_PRIME_2 = 0x00000125 - CKA_EXPONENT_1 = 0x00000126 - CKA_EXPONENT_2 = 0x00000127 - CKA_COEFFICIENT = 0x00000128 - CKA_PUBLIC_KEY_INFO = 0x00000129 - CKA_PRIME = 0x00000130 - CKA_SUBPRIME = 0x00000131 - CKA_BASE = 0x00000132 - CKA_PRIME_BITS = 0x00000133 - CKA_SUBPRIME_BITS = 0x00000134 - CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS - CKA_VALUE_BITS = 0x00000160 - CKA_VALUE_LEN = 0x00000161 - CKA_EXTRACTABLE = 0x00000162 - CKA_LOCAL = 0x00000163 - CKA_NEVER_EXTRACTABLE = 0x00000164 - CKA_ALWAYS_SENSITIVE = 0x00000165 - CKA_KEY_GEN_MECHANISM = 0x00000166 - CKA_MODIFIABLE = 0x00000170 - CKA_COPYABLE = 0x00000171 - CKA_DESTROYABLE = 0x00000172 - CKA_ECDSA_PARAMS = 0x00000180 // Deprecated - CKA_EC_PARAMS = 0x00000180 - CKA_EC_POINT = 0x00000181 - CKA_SECONDARY_AUTH = 0x00000200 // Deprecated - CKA_AUTH_PIN_FLAGS = 0x00000201 // Deprecated - CKA_ALWAYS_AUTHENTICATE = 0x00000202 - CKA_WRAP_WITH_TRUSTED = 0x00000210 - CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000211) - CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000212) - CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000213) - CKA_OTP_FORMAT = 0x00000220 - CKA_OTP_LENGTH = 0x00000221 - CKA_OTP_TIME_INTERVAL = 0x00000222 - CKA_OTP_USER_FRIENDLY_MODE = 0x00000223 - CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224 - CKA_OTP_TIME_REQUIREMENT = 0x00000225 - CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 - CKA_OTP_PIN_REQUIREMENT = 0x00000227 - CKA_OTP_COUNTER = 0x0000022E - CKA_OTP_TIME = 0x0000022F - CKA_OTP_USER_IDENTIFIER = 0x0000022A - CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B - CKA_OTP_SERVICE_LOGO = 0x0000022C - CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D - CKA_GOSTR3410_PARAMS = 0x00000250 - CKA_GOSTR3411_PARAMS = 0x00000251 - CKA_GOST28147_PARAMS = 0x00000252 - CKA_HW_FEATURE_TYPE = 0x00000300 - CKA_RESET_ON_INIT = 0x00000301 - CKA_HAS_RESET = 0x00000302 - CKA_PIXEL_X = 0x00000400 - CKA_PIXEL_Y = 0x00000401 - CKA_RESOLUTION = 0x00000402 - CKA_CHAR_ROWS = 0x00000403 - CKA_CHAR_COLUMNS = 0x00000404 - CKA_COLOR = 0x00000405 - CKA_BITS_PER_PIXEL = 0x00000406 - CKA_CHAR_SETS = 0x00000480 - CKA_ENCODING_METHODS = 0x00000481 - CKA_MIME_TYPES = 0x00000482 - CKA_MECHANISM_TYPE = 0x00000500 - CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501 - CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 - CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 - CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE | 0x00000600) - CKA_VENDOR_DEFINED = 0x80000000 - CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 - CKM_RSA_PKCS = 0x00000001 - CKM_RSA_9796 = 0x00000002 - CKM_RSA_X_509 = 0x00000003 - CKM_MD2_RSA_PKCS = 0x00000004 - CKM_MD5_RSA_PKCS = 0x00000005 - CKM_SHA1_RSA_PKCS = 0x00000006 - CKM_RIPEMD128_RSA_PKCS = 0x00000007 - CKM_RIPEMD160_RSA_PKCS = 0x00000008 - CKM_RSA_PKCS_OAEP = 0x00000009 - CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A - CKM_RSA_X9_31 = 0x0000000B - CKM_SHA1_RSA_X9_31 = 0x0000000C - CKM_RSA_PKCS_PSS = 0x0000000D - CKM_SHA1_RSA_PKCS_PSS = 0x0000000E - CKM_DSA_KEY_PAIR_GEN = 0x00000010 - CKM_DSA = 0x00000011 - CKM_DSA_SHA1 = 0x00000012 - CKM_DSA_SHA224 = 0x00000013 - CKM_DSA_SHA256 = 0x00000014 - CKM_DSA_SHA384 = 0x00000015 - CKM_DSA_SHA512 = 0x00000016 - CKM_DSA_SHA3_224 = 0x00000018 - CKM_DSA_SHA3_256 = 0x00000019 - CKM_DSA_SHA3_384 = 0x0000001A - CKM_DSA_SHA3_512 = 0x0000001B - CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 - CKM_DH_PKCS_DERIVE = 0x00000021 - CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 - CKM_X9_42_DH_DERIVE = 0x00000031 - CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032 - CKM_X9_42_MQV_DERIVE = 0x00000033 - CKM_SHA256_RSA_PKCS = 0x00000040 - CKM_SHA384_RSA_PKCS = 0x00000041 - CKM_SHA512_RSA_PKCS = 0x00000042 - CKM_SHA256_RSA_PKCS_PSS = 0x00000043 - CKM_SHA384_RSA_PKCS_PSS = 0x00000044 - CKM_SHA512_RSA_PKCS_PSS = 0x00000045 - CKM_SHA224_RSA_PKCS = 0x00000046 - CKM_SHA224_RSA_PKCS_PSS = 0x00000047 - CKM_SHA512_224 = 0x00000048 - CKM_SHA512_224_HMAC = 0x00000049 - CKM_SHA512_224_HMAC_GENERAL = 0x0000004A - CKM_SHA512_224_KEY_DERIVATION = 0x0000004B - CKM_SHA512_256 = 0x0000004C - CKM_SHA512_256_HMAC = 0x0000004D - CKM_SHA512_256_HMAC_GENERAL = 0x0000004E - CKM_SHA512_256_KEY_DERIVATION = 0x0000004F - CKM_SHA512_T = 0x00000050 - CKM_SHA512_T_HMAC = 0x00000051 - CKM_SHA512_T_HMAC_GENERAL = 0x00000052 - CKM_SHA512_T_KEY_DERIVATION = 0x00000053 - CKM_SHA3_256_RSA_PKCS = 0x00000060 - CKM_SHA3_384_RSA_PKCS = 0x00000061 - CKM_SHA3_512_RSA_PKCS = 0x00000062 - CKM_SHA3_256_RSA_PKCS_PSS = 0x00000063 - CKM_SHA3_384_RSA_PKCS_PSS = 0x00000064 - CKM_SHA3_512_RSA_PKCS_PSS = 0x00000065 - CKM_SHA3_224_RSA_PKCS = 0x00000066 - CKM_SHA3_224_RSA_PKCS_PSS = 0x00000067 - CKM_RC2_KEY_GEN = 0x00000100 - CKM_RC2_ECB = 0x00000101 - CKM_RC2_CBC = 0x00000102 - CKM_RC2_MAC = 0x00000103 - CKM_RC2_MAC_GENERAL = 0x00000104 - CKM_RC2_CBC_PAD = 0x00000105 - CKM_RC4_KEY_GEN = 0x00000110 - CKM_RC4 = 0x00000111 - CKM_DES_KEY_GEN = 0x00000120 - CKM_DES_ECB = 0x00000121 - CKM_DES_CBC = 0x00000122 - CKM_DES_MAC = 0x00000123 - CKM_DES_MAC_GENERAL = 0x00000124 - CKM_DES_CBC_PAD = 0x00000125 - CKM_DES2_KEY_GEN = 0x00000130 - CKM_DES3_KEY_GEN = 0x00000131 - CKM_DES3_ECB = 0x00000132 - CKM_DES3_CBC = 0x00000133 - CKM_DES3_MAC = 0x00000134 - CKM_DES3_MAC_GENERAL = 0x00000135 - CKM_DES3_CBC_PAD = 0x00000136 - CKM_DES3_CMAC_GENERAL = 0x00000137 - CKM_DES3_CMAC = 0x00000138 - CKM_CDMF_KEY_GEN = 0x00000140 - CKM_CDMF_ECB = 0x00000141 - CKM_CDMF_CBC = 0x00000142 - CKM_CDMF_MAC = 0x00000143 - CKM_CDMF_MAC_GENERAL = 0x00000144 - CKM_CDMF_CBC_PAD = 0x00000145 - CKM_DES_OFB64 = 0x00000150 - CKM_DES_OFB8 = 0x00000151 - CKM_DES_CFB64 = 0x00000152 - CKM_DES_CFB8 = 0x00000153 - CKM_MD2 = 0x00000200 - CKM_MD2_HMAC = 0x00000201 - CKM_MD2_HMAC_GENERAL = 0x00000202 - CKM_MD5 = 0x00000210 - CKM_MD5_HMAC = 0x00000211 - CKM_MD5_HMAC_GENERAL = 0x00000212 - CKM_SHA_1 = 0x00000220 - CKM_SHA_1_HMAC = 0x00000221 - CKM_SHA_1_HMAC_GENERAL = 0x00000222 - CKM_RIPEMD128 = 0x00000230 - CKM_RIPEMD128_HMAC = 0x00000231 - CKM_RIPEMD128_HMAC_GENERAL = 0x00000232 - CKM_RIPEMD160 = 0x00000240 - CKM_RIPEMD160_HMAC = 0x00000241 - CKM_RIPEMD160_HMAC_GENERAL = 0x00000242 - CKM_SHA256 = 0x00000250 - CKM_SHA256_HMAC = 0x00000251 - CKM_SHA256_HMAC_GENERAL = 0x00000252 - CKM_SHA224 = 0x00000255 - CKM_SHA224_HMAC = 0x00000256 - CKM_SHA224_HMAC_GENERAL = 0x00000257 - CKM_SHA384 = 0x00000260 - CKM_SHA384_HMAC = 0x00000261 - CKM_SHA384_HMAC_GENERAL = 0x00000262 - CKM_SHA512 = 0x00000270 - CKM_SHA512_HMAC = 0x00000271 - CKM_SHA512_HMAC_GENERAL = 0x00000272 - CKM_SECURID_KEY_GEN = 0x00000280 - CKM_SECURID = 0x00000282 - CKM_HOTP_KEY_GEN = 0x00000290 - CKM_HOTP = 0x00000291 - CKM_ACTI = 0x000002A0 - CKM_ACTI_KEY_GEN = 0x000002A1 - CKM_SHA3_256 = 0x000002B0 - CKM_SHA3_256_HMAC = 0x000002B1 - CKM_SHA3_256_HMAC_GENERAL = 0x000002B2 - CKM_SHA3_256_KEY_GEN = 0x000002B3 - CKM_SHA3_224 = 0x000002B5 - CKM_SHA3_224_HMAC = 0x000002B6 - CKM_SHA3_224_HMAC_GENERAL = 0x000002B7 - CKM_SHA3_224_KEY_GEN = 0x000002B8 - CKM_SHA3_384 = 0x000002C0 - CKM_SHA3_384_HMAC = 0x000002C1 - CKM_SHA3_384_HMAC_GENERAL = 0x000002C2 - CKM_SHA3_384_KEY_GEN = 0x000002C3 - CKM_SHA3_512 = 0x000002D0 - CKM_SHA3_512_HMAC = 0x000002D1 - CKM_SHA3_512_HMAC_GENERAL = 0x000002D2 - CKM_SHA3_512_KEY_GEN = 0x000002D3 - CKM_CAST_KEY_GEN = 0x00000300 - CKM_CAST_ECB = 0x00000301 - CKM_CAST_CBC = 0x00000302 - CKM_CAST_MAC = 0x00000303 - CKM_CAST_MAC_GENERAL = 0x00000304 - CKM_CAST_CBC_PAD = 0x00000305 - CKM_CAST3_KEY_GEN = 0x00000310 - CKM_CAST3_ECB = 0x00000311 - CKM_CAST3_CBC = 0x00000312 - CKM_CAST3_MAC = 0x00000313 - CKM_CAST3_MAC_GENERAL = 0x00000314 - CKM_CAST3_CBC_PAD = 0x00000315 - CKM_CAST5_KEY_GEN = 0x00000320 - CKM_CAST128_KEY_GEN = 0x00000320 - CKM_CAST5_ECB = 0x00000321 - CKM_CAST128_ECB = 0x00000321 - CKM_CAST5_CBC = 0x00000322 // Deprecated - CKM_CAST128_CBC = 0x00000322 - CKM_CAST5_MAC = 0x00000323 // Deprecated - CKM_CAST128_MAC = 0x00000323 - CKM_CAST5_MAC_GENERAL = 0x00000324 // Deprecated - CKM_CAST128_MAC_GENERAL = 0x00000324 - CKM_CAST5_CBC_PAD = 0x00000325 // Deprecated - CKM_CAST128_CBC_PAD = 0x00000325 - CKM_RC5_KEY_GEN = 0x00000330 - CKM_RC5_ECB = 0x00000331 - CKM_RC5_CBC = 0x00000332 - CKM_RC5_MAC = 0x00000333 - CKM_RC5_MAC_GENERAL = 0x00000334 - CKM_RC5_CBC_PAD = 0x00000335 - CKM_IDEA_KEY_GEN = 0x00000340 - CKM_IDEA_ECB = 0x00000341 - CKM_IDEA_CBC = 0x00000342 - CKM_IDEA_MAC = 0x00000343 - CKM_IDEA_MAC_GENERAL = 0x00000344 - CKM_IDEA_CBC_PAD = 0x00000345 - CKM_GENERIC_SECRET_KEY_GEN = 0x00000350 - CKM_CONCATENATE_BASE_AND_KEY = 0x00000360 - CKM_CONCATENATE_BASE_AND_DATA = 0x00000362 - CKM_CONCATENATE_DATA_AND_BASE = 0x00000363 - CKM_XOR_BASE_AND_DATA = 0x00000364 - CKM_EXTRACT_KEY_FROM_KEY = 0x00000365 - CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370 - CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371 - CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372 - CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373 - CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374 - CKM_TLS_MASTER_KEY_DERIVE = 0x00000375 - CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376 - CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377 - CKM_TLS_PRF = 0x00000378 - CKM_SSL3_MD5_MAC = 0x00000380 - CKM_SSL3_SHA1_MAC = 0x00000381 - CKM_MD5_KEY_DERIVATION = 0x00000390 - CKM_MD2_KEY_DERIVATION = 0x00000391 - CKM_SHA1_KEY_DERIVATION = 0x00000392 - CKM_SHA256_KEY_DERIVATION = 0x00000393 - CKM_SHA384_KEY_DERIVATION = 0x00000394 - CKM_SHA512_KEY_DERIVATION = 0x00000395 - CKM_SHA224_KEY_DERIVATION = 0x00000396 - CKM_SHA3_256_KEY_DERIVE = 0x00000397 - CKM_SHA3_224_KEY_DERIVE = 0x00000398 - CKM_SHA3_384_KEY_DERIVE = 0x00000399 - CKM_SHA3_512_KEY_DERIVE = 0x0000039A - CKM_SHAKE_128_KEY_DERIVE = 0x0000039B - CKM_SHAKE_256_KEY_DERIVE = 0x0000039C - CKM_PBE_MD2_DES_CBC = 0x000003A0 - CKM_PBE_MD5_DES_CBC = 0x000003A1 - CKM_PBE_MD5_CAST_CBC = 0x000003A2 - CKM_PBE_MD5_CAST3_CBC = 0x000003A3 - CKM_PBE_MD5_CAST5_CBC = 0x000003A4 // Deprecated - CKM_PBE_MD5_CAST128_CBC = 0x000003A4 - CKM_PBE_SHA1_CAST5_CBC = 0x000003A5 // Deprecated - CKM_PBE_SHA1_CAST128_CBC = 0x000003A5 - CKM_PBE_SHA1_RC4_128 = 0x000003A6 - CKM_PBE_SHA1_RC4_40 = 0x000003A7 - CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8 - CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9 - CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA - CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB - CKM_PKCS5_PBKD2 = 0x000003B0 - CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0 - CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0 - CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1 - CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2 - CKM_WTLS_PRF = 0x000003D3 - CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4 - CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5 - CKM_TLS10_MAC_SERVER = 0x000003D6 - CKM_TLS10_MAC_CLIENT = 0x000003D7 - CKM_TLS12_MAC = 0x000003D8 - CKM_TLS12_KDF = 0x000003D9 - CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0 - CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1 - CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2 - CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3 - CKM_TLS_MAC = 0x000003E4 - CKM_TLS_KDF = 0x000003E5 - CKM_KEY_WRAP_LYNKS = 0x00000400 - CKM_KEY_WRAP_SET_OAEP = 0x00000401 - CKM_CMS_SIG = 0x00000500 - CKM_KIP_DERIVE = 0x00000510 - CKM_KIP_WRAP = 0x00000511 - CKM_KIP_MAC = 0x00000512 - CKM_CAMELLIA_KEY_GEN = 0x00000550 - CKM_CAMELLIA_ECB = 0x00000551 - CKM_CAMELLIA_CBC = 0x00000552 - CKM_CAMELLIA_MAC = 0x00000553 - CKM_CAMELLIA_MAC_GENERAL = 0x00000554 - CKM_CAMELLIA_CBC_PAD = 0x00000555 - CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556 - CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557 - CKM_CAMELLIA_CTR = 0x00000558 - CKM_ARIA_KEY_GEN = 0x00000560 - CKM_ARIA_ECB = 0x00000561 - CKM_ARIA_CBC = 0x00000562 - CKM_ARIA_MAC = 0x00000563 - CKM_ARIA_MAC_GENERAL = 0x00000564 - CKM_ARIA_CBC_PAD = 0x00000565 - CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 - CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 - CKM_SEED_KEY_GEN = 0x00000650 - CKM_SEED_ECB = 0x00000651 - CKM_SEED_CBC = 0x00000652 - CKM_SEED_MAC = 0x00000653 - CKM_SEED_MAC_GENERAL = 0x00000654 - CKM_SEED_CBC_PAD = 0x00000655 - CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 - CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 - CKM_SKIPJACK_KEY_GEN = 0x00001000 - CKM_SKIPJACK_ECB64 = 0x00001001 - CKM_SKIPJACK_CBC64 = 0x00001002 - CKM_SKIPJACK_OFB64 = 0x00001003 - CKM_SKIPJACK_CFB64 = 0x00001004 - CKM_SKIPJACK_CFB32 = 0x00001005 - CKM_SKIPJACK_CFB16 = 0x00001006 - CKM_SKIPJACK_CFB8 = 0x00001007 - CKM_SKIPJACK_WRAP = 0x00001008 - CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009 - CKM_SKIPJACK_RELAYX = 0x0000100a - CKM_KEA_KEY_PAIR_GEN = 0x00001010 - CKM_KEA_KEY_DERIVE = 0x00001011 - CKM_KEA_DERIVE = 0x00001012 - CKM_FORTEZZA_TIMESTAMP = 0x00001020 - CKM_BATON_KEY_GEN = 0x00001030 - CKM_BATON_ECB128 = 0x00001031 - CKM_BATON_ECB96 = 0x00001032 - CKM_BATON_CBC128 = 0x00001033 - CKM_BATON_COUNTER = 0x00001034 - CKM_BATON_SHUFFLE = 0x00001035 - CKM_BATON_WRAP = 0x00001036 - CKM_ECDSA_KEY_PAIR_GEN = 0x00001040 // Deprecated - CKM_EC_KEY_PAIR_GEN = 0x00001040 - CKM_ECDSA = 0x00001041 - CKM_ECDSA_SHA1 = 0x00001042 - CKM_ECDSA_SHA224 = 0x00001043 - CKM_ECDSA_SHA256 = 0x00001044 - CKM_ECDSA_SHA384 = 0x00001045 - CKM_ECDSA_SHA512 = 0x00001046 - CKM_ECDH1_DERIVE = 0x00001050 - CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 - CKM_ECMQV_DERIVE = 0x00001052 - CKM_ECDH_AES_KEY_WRAP = 0x00001053 - CKM_RSA_AES_KEY_WRAP = 0x00001054 - CKM_JUNIPER_KEY_GEN = 0x00001060 - CKM_JUNIPER_ECB128 = 0x00001061 - CKM_JUNIPER_CBC128 = 0x00001062 - CKM_JUNIPER_COUNTER = 0x00001063 - CKM_JUNIPER_SHUFFLE = 0x00001064 - CKM_JUNIPER_WRAP = 0x00001065 - CKM_FASTHASH = 0x00001070 - CKM_AES_KEY_GEN = 0x00001080 - CKM_AES_ECB = 0x00001081 - CKM_AES_CBC = 0x00001082 - CKM_AES_MAC = 0x00001083 - CKM_AES_MAC_GENERAL = 0x00001084 - CKM_AES_CBC_PAD = 0x00001085 - CKM_AES_CTR = 0x00001086 - CKM_AES_GCM = 0x00001087 - CKM_AES_CCM = 0x00001088 - CKM_AES_CTS = 0x00001089 - CKM_AES_CMAC = 0x0000108A - CKM_AES_CMAC_GENERAL = 0x0000108B - CKM_AES_XCBC_MAC = 0x0000108C - CKM_AES_XCBC_MAC_96 = 0x0000108D - CKM_AES_GMAC = 0x0000108E - CKM_BLOWFISH_KEY_GEN = 0x00001090 - CKM_BLOWFISH_CBC = 0x00001091 - CKM_TWOFISH_KEY_GEN = 0x00001092 - CKM_TWOFISH_CBC = 0x00001093 - CKM_BLOWFISH_CBC_PAD = 0x00001094 - CKM_TWOFISH_CBC_PAD = 0x00001095 - CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 - CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 - CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 - CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 - CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 - CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 - CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 - CKM_GOSTR3410 = 0x00001201 - CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 - CKM_GOSTR3410_KEY_WRAP = 0x00001203 - CKM_GOSTR3410_DERIVE = 0x00001204 - CKM_GOSTR3411 = 0x00001210 - CKM_GOSTR3411_HMAC = 0x00001211 - CKM_GOST28147_KEY_GEN = 0x00001220 - CKM_GOST28147_ECB = 0x00001221 - CKM_GOST28147 = 0x00001222 - CKM_GOST28147_MAC = 0x00001223 - CKM_GOST28147_KEY_WRAP = 0x00001224 - CKM_DSA_PARAMETER_GEN = 0x00002000 - CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 - CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 - CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003 - CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004 - CKM_AES_OFB = 0x00002104 - CKM_AES_CFB64 = 0x00002105 - CKM_AES_CFB8 = 0x00002106 - CKM_AES_CFB128 = 0x00002107 - CKM_AES_CFB1 = 0x00002108 - CKM_AES_KEY_WRAP = 0x00002109 - CKM_AES_KEY_WRAP_PAD = 0x0000210A - CKM_RSA_PKCS_TPM_1_1 = 0x00004001 - CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 - CKM_VENDOR_DEFINED = 0x80000000 - CKF_HW = 0x00000001 - CKF_ENCRYPT = 0x00000100 - CKF_DECRYPT = 0x00000200 - CKF_DIGEST = 0x00000400 - CKF_SIGN = 0x00000800 - CKF_SIGN_RECOVER = 0x00001000 - CKF_VERIFY = 0x00002000 - CKF_VERIFY_RECOVER = 0x00004000 - CKF_GENERATE = 0x00008000 - CKF_GENERATE_KEY_PAIR = 0x00010000 - CKF_WRAP = 0x00020000 - CKF_UNWRAP = 0x00040000 - CKF_DERIVE = 0x00080000 - CKF_EC_F_P = 0x00100000 - CKF_EC_F_2M = 0x00200000 - CKF_EC_ECPARAMETERS = 0x00400000 - CKF_EC_NAMEDCURVE = 0x00800000 - CKF_EC_UNCOMPRESS = 0x01000000 - CKF_EC_COMPRESS = 0x02000000 - CKF_EXTENSION = 0x80000000 + + // The following certificate types are defined: + CKC_X_509 = 0x00000000 + CKC_X_509_ATTR_CERT = 0x00000001 + CKC_WTLS = 0x00000002 + CKC_VENDOR_DEFINED = 0x80000000 + + // The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which + // consists of an array of values. + CKF_ARRAY_ATTRIBUTE = 0x40000000 + + // The following OTP-related defines relate to the CKA_OTP_FORMAT attribute + CK_OTP_FORMAT_DECIMAL = 0 + CK_OTP_FORMAT_HEXADECIMAL = 1 + CK_OTP_FORMAT_ALPHANUMERIC = 2 + CK_OTP_FORMAT_BINARY = 3 + + // The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT + // attributes + CK_OTP_PARAM_IGNORED = 0 + CK_OTP_PARAM_OPTIONAL = 1 + CK_OTP_PARAM_MANDATORY = 2 + + // The following attribute types are defined: + CKA_CLASS = 0x00000000 + CKA_TOKEN = 0x00000001 + CKA_PRIVATE = 0x00000002 + CKA_LABEL = 0x00000003 + CKA_APPLICATION = 0x00000010 + CKA_VALUE = 0x00000011 + CKA_OBJECT_ID = 0x00000012 + CKA_CERTIFICATE_TYPE = 0x00000080 + CKA_ISSUER = 0x00000081 + CKA_SERIAL_NUMBER = 0x00000082 + CKA_AC_ISSUER = 0x00000083 + CKA_OWNER = 0x00000084 + CKA_ATTR_TYPES = 0x00000085 + CKA_TRUSTED = 0x00000086 + CKA_CERTIFICATE_CATEGORY = 0x00000087 + CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 + CKA_URL = 0x00000089 + CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A + CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B + CKA_NAME_HASH_ALGORITHM = 0x0000008C + CKA_CHECK_VALUE = 0x00000090 + CKA_KEY_TYPE = 0x00000100 + CKA_SUBJECT = 0x00000101 + CKA_ID = 0x00000102 + CKA_SENSITIVE = 0x00000103 + CKA_ENCRYPT = 0x00000104 + CKA_DECRYPT = 0x00000105 + CKA_WRAP = 0x00000106 + CKA_UNWRAP = 0x00000107 + CKA_SIGN = 0x00000108 + CKA_SIGN_RECOVER = 0x00000109 + CKA_VERIFY = 0x0000010A + CKA_VERIFY_RECOVER = 0x0000010B + CKA_DERIVE = 0x0000010C + CKA_START_DATE = 0x00000110 + CKA_END_DATE = 0x00000111 + CKA_MODULUS = 0x00000120 + CKA_MODULUS_BITS = 0x00000121 + CKA_PUBLIC_EXPONENT = 0x00000122 + CKA_PRIVATE_EXPONENT = 0x00000123 + CKA_PRIME_1 = 0x00000124 + CKA_PRIME_2 = 0x00000125 + CKA_EXPONENT_1 = 0x00000126 + CKA_EXPONENT_2 = 0x00000127 + CKA_COEFFICIENT = 0x00000128 + CKA_PUBLIC_KEY_INFO = 0x00000129 + CKA_PRIME = 0x00000130 + CKA_SUBPRIME = 0x00000131 + CKA_BASE = 0x00000132 + CKA_PRIME_BITS = 0x00000133 + CKA_SUBPRIME_BITS = 0x00000134 + CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS + CKA_VALUE_BITS = 0x00000160 + CKA_VALUE_LEN = 0x00000161 + CKA_EXTRACTABLE = 0x00000162 + CKA_LOCAL = 0x00000163 + CKA_NEVER_EXTRACTABLE = 0x00000164 + CKA_ALWAYS_SENSITIVE = 0x00000165 + CKA_KEY_GEN_MECHANISM = 0x00000166 + CKA_MODIFIABLE = 0x00000170 + CKA_COPYABLE = 0x00000171 + CKA_DESTROYABLE = 0x00000172 + CKA_ECDSA_PARAMS = 0x00000180 // Deprecated + CKA_EC_PARAMS = 0x00000180 + CKA_EC_POINT = 0x00000181 + CKA_SECONDARY_AUTH = 0x00000200 // Deprecated + CKA_AUTH_PIN_FLAGS = 0x00000201 // Deprecated + CKA_ALWAYS_AUTHENTICATE = 0x00000202 + CKA_WRAP_WITH_TRUSTED = 0x00000210 + CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000211) + CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000212) + CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000213) + CKA_OTP_FORMAT = 0x00000220 + CKA_OTP_LENGTH = 0x00000221 + CKA_OTP_TIME_INTERVAL = 0x00000222 + CKA_OTP_USER_FRIENDLY_MODE = 0x00000223 + CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224 + CKA_OTP_TIME_REQUIREMENT = 0x00000225 + CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 + CKA_OTP_PIN_REQUIREMENT = 0x00000227 + CKA_OTP_COUNTER = 0x0000022E + CKA_OTP_TIME = 0x0000022F + CKA_OTP_USER_IDENTIFIER = 0x0000022A + CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B + CKA_OTP_SERVICE_LOGO = 0x0000022C + CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D + CKA_GOSTR3410_PARAMS = 0x00000250 + CKA_GOSTR3411_PARAMS = 0x00000251 + CKA_GOST28147_PARAMS = 0x00000252 + CKA_HW_FEATURE_TYPE = 0x00000300 + CKA_RESET_ON_INIT = 0x00000301 + CKA_HAS_RESET = 0x00000302 + CKA_PIXEL_X = 0x00000400 + CKA_PIXEL_Y = 0x00000401 + CKA_RESOLUTION = 0x00000402 + CKA_CHAR_ROWS = 0x00000403 + CKA_CHAR_COLUMNS = 0x00000404 + CKA_COLOR = 0x00000405 + CKA_BITS_PER_PIXEL = 0x00000406 + CKA_CHAR_SETS = 0x00000480 + CKA_ENCODING_METHODS = 0x00000481 + CKA_MIME_TYPES = 0x00000482 + CKA_MECHANISM_TYPE = 0x00000500 + CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501 + CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 + CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 + CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE | 0x00000600) + CKA_VENDOR_DEFINED = 0x80000000 + + // the following mechanism types are defined: + CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 + CKM_RSA_PKCS = 0x00000001 + CKM_RSA_9796 = 0x00000002 + CKM_RSA_X_509 = 0x00000003 + CKM_MD2_RSA_PKCS = 0x00000004 + CKM_MD5_RSA_PKCS = 0x00000005 + CKM_SHA1_RSA_PKCS = 0x00000006 + CKM_RIPEMD128_RSA_PKCS = 0x00000007 + CKM_RIPEMD160_RSA_PKCS = 0x00000008 + CKM_RSA_PKCS_OAEP = 0x00000009 + CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A + CKM_RSA_X9_31 = 0x0000000B + CKM_SHA1_RSA_X9_31 = 0x0000000C + CKM_RSA_PKCS_PSS = 0x0000000D + CKM_SHA1_RSA_PKCS_PSS = 0x0000000E + CKM_DSA_KEY_PAIR_GEN = 0x00000010 + CKM_DSA = 0x00000011 + CKM_DSA_SHA1 = 0x00000012 + CKM_DSA_SHA224 = 0x00000013 + CKM_DSA_SHA256 = 0x00000014 + CKM_DSA_SHA384 = 0x00000015 + CKM_DSA_SHA512 = 0x00000016 + CKM_DSA_SHA3_224 = 0x00000018 + CKM_DSA_SHA3_256 = 0x00000019 + CKM_DSA_SHA3_384 = 0x0000001A + CKM_DSA_SHA3_512 = 0x0000001B + CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 + CKM_DH_PKCS_DERIVE = 0x00000021 + CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 + CKM_X9_42_DH_DERIVE = 0x00000031 + CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032 + CKM_X9_42_MQV_DERIVE = 0x00000033 + CKM_SHA256_RSA_PKCS = 0x00000040 + CKM_SHA384_RSA_PKCS = 0x00000041 + CKM_SHA512_RSA_PKCS = 0x00000042 + CKM_SHA256_RSA_PKCS_PSS = 0x00000043 + CKM_SHA384_RSA_PKCS_PSS = 0x00000044 + CKM_SHA512_RSA_PKCS_PSS = 0x00000045 + CKM_SHA224_RSA_PKCS = 0x00000046 + CKM_SHA224_RSA_PKCS_PSS = 0x00000047 + CKM_SHA512_224 = 0x00000048 + CKM_SHA512_224_HMAC = 0x00000049 + CKM_SHA512_224_HMAC_GENERAL = 0x0000004A + CKM_SHA512_224_KEY_DERIVATION = 0x0000004B + CKM_SHA512_256 = 0x0000004C + CKM_SHA512_256_HMAC = 0x0000004D + CKM_SHA512_256_HMAC_GENERAL = 0x0000004E + CKM_SHA512_256_KEY_DERIVATION = 0x0000004F + CKM_SHA512_T = 0x00000050 + CKM_SHA512_T_HMAC = 0x00000051 + CKM_SHA512_T_HMAC_GENERAL = 0x00000052 + CKM_SHA512_T_KEY_DERIVATION = 0x00000053 + CKM_SHA3_256_RSA_PKCS = 0x00000060 + CKM_SHA3_384_RSA_PKCS = 0x00000061 + CKM_SHA3_512_RSA_PKCS = 0x00000062 + CKM_SHA3_256_RSA_PKCS_PSS = 0x00000063 + CKM_SHA3_384_RSA_PKCS_PSS = 0x00000064 + CKM_SHA3_512_RSA_PKCS_PSS = 0x00000065 + CKM_SHA3_224_RSA_PKCS = 0x00000066 + CKM_SHA3_224_RSA_PKCS_PSS = 0x00000067 + CKM_RC2_KEY_GEN = 0x00000100 + CKM_RC2_ECB = 0x00000101 + CKM_RC2_CBC = 0x00000102 + CKM_RC2_MAC = 0x00000103 + CKM_RC2_MAC_GENERAL = 0x00000104 + CKM_RC2_CBC_PAD = 0x00000105 + CKM_RC4_KEY_GEN = 0x00000110 + CKM_RC4 = 0x00000111 + CKM_DES_KEY_GEN = 0x00000120 + CKM_DES_ECB = 0x00000121 + CKM_DES_CBC = 0x00000122 + CKM_DES_MAC = 0x00000123 + CKM_DES_MAC_GENERAL = 0x00000124 + CKM_DES_CBC_PAD = 0x00000125 + CKM_DES2_KEY_GEN = 0x00000130 + CKM_DES3_KEY_GEN = 0x00000131 + CKM_DES3_ECB = 0x00000132 + CKM_DES3_CBC = 0x00000133 + CKM_DES3_MAC = 0x00000134 + CKM_DES3_MAC_GENERAL = 0x00000135 + CKM_DES3_CBC_PAD = 0x00000136 + CKM_DES3_CMAC_GENERAL = 0x00000137 + CKM_DES3_CMAC = 0x00000138 + CKM_CDMF_KEY_GEN = 0x00000140 + CKM_CDMF_ECB = 0x00000141 + CKM_CDMF_CBC = 0x00000142 + CKM_CDMF_MAC = 0x00000143 + CKM_CDMF_MAC_GENERAL = 0x00000144 + CKM_CDMF_CBC_PAD = 0x00000145 + CKM_DES_OFB64 = 0x00000150 + CKM_DES_OFB8 = 0x00000151 + CKM_DES_CFB64 = 0x00000152 + CKM_DES_CFB8 = 0x00000153 + CKM_MD2 = 0x00000200 + CKM_MD2_HMAC = 0x00000201 + CKM_MD2_HMAC_GENERAL = 0x00000202 + CKM_MD5 = 0x00000210 + CKM_MD5_HMAC = 0x00000211 + CKM_MD5_HMAC_GENERAL = 0x00000212 + CKM_SHA_1 = 0x00000220 + CKM_SHA_1_HMAC = 0x00000221 + CKM_SHA_1_HMAC_GENERAL = 0x00000222 + CKM_RIPEMD128 = 0x00000230 + CKM_RIPEMD128_HMAC = 0x00000231 + CKM_RIPEMD128_HMAC_GENERAL = 0x00000232 + CKM_RIPEMD160 = 0x00000240 + CKM_RIPEMD160_HMAC = 0x00000241 + CKM_RIPEMD160_HMAC_GENERAL = 0x00000242 + CKM_SHA256 = 0x00000250 + CKM_SHA256_HMAC = 0x00000251 + CKM_SHA256_HMAC_GENERAL = 0x00000252 + CKM_SHA224 = 0x00000255 + CKM_SHA224_HMAC = 0x00000256 + CKM_SHA224_HMAC_GENERAL = 0x00000257 + CKM_SHA384 = 0x00000260 + CKM_SHA384_HMAC = 0x00000261 + CKM_SHA384_HMAC_GENERAL = 0x00000262 + CKM_SHA512 = 0x00000270 + CKM_SHA512_HMAC = 0x00000271 + CKM_SHA512_HMAC_GENERAL = 0x00000272 + CKM_SECURID_KEY_GEN = 0x00000280 + CKM_SECURID = 0x00000282 + CKM_HOTP_KEY_GEN = 0x00000290 + CKM_HOTP = 0x00000291 + CKM_ACTI = 0x000002A0 + CKM_ACTI_KEY_GEN = 0x000002A1 + CKM_SHA3_256 = 0x000002B0 + CKM_SHA3_256_HMAC = 0x000002B1 + CKM_SHA3_256_HMAC_GENERAL = 0x000002B2 + CKM_SHA3_256_KEY_GEN = 0x000002B3 + CKM_SHA3_224 = 0x000002B5 + CKM_SHA3_224_HMAC = 0x000002B6 + CKM_SHA3_224_HMAC_GENERAL = 0x000002B7 + CKM_SHA3_224_KEY_GEN = 0x000002B8 + CKM_SHA3_384 = 0x000002C0 + CKM_SHA3_384_HMAC = 0x000002C1 + CKM_SHA3_384_HMAC_GENERAL = 0x000002C2 + CKM_SHA3_384_KEY_GEN = 0x000002C3 + CKM_SHA3_512 = 0x000002D0 + CKM_SHA3_512_HMAC = 0x000002D1 + CKM_SHA3_512_HMAC_GENERAL = 0x000002D2 + CKM_SHA3_512_KEY_GEN = 0x000002D3 + CKM_CAST_KEY_GEN = 0x00000300 + CKM_CAST_ECB = 0x00000301 + CKM_CAST_CBC = 0x00000302 + CKM_CAST_MAC = 0x00000303 + CKM_CAST_MAC_GENERAL = 0x00000304 + CKM_CAST_CBC_PAD = 0x00000305 + CKM_CAST3_KEY_GEN = 0x00000310 + CKM_CAST3_ECB = 0x00000311 + CKM_CAST3_CBC = 0x00000312 + CKM_CAST3_MAC = 0x00000313 + CKM_CAST3_MAC_GENERAL = 0x00000314 + CKM_CAST3_CBC_PAD = 0x00000315 + + // Note that CAST128 and CAST5 are the same algorithm + CKM_CAST5_KEY_GEN = 0x00000320 + CKM_CAST128_KEY_GEN = 0x00000320 + CKM_CAST5_ECB = 0x00000321 + CKM_CAST128_ECB = 0x00000321 + CKM_CAST5_CBC = 0x00000322 // Deprecated + CKM_CAST128_CBC = 0x00000322 + CKM_CAST5_MAC = 0x00000323 // Deprecated + CKM_CAST128_MAC = 0x00000323 + CKM_CAST5_MAC_GENERAL = 0x00000324 // Deprecated + CKM_CAST128_MAC_GENERAL = 0x00000324 + CKM_CAST5_CBC_PAD = 0x00000325 // Deprecated + CKM_CAST128_CBC_PAD = 0x00000325 + CKM_RC5_KEY_GEN = 0x00000330 + CKM_RC5_ECB = 0x00000331 + CKM_RC5_CBC = 0x00000332 + CKM_RC5_MAC = 0x00000333 + CKM_RC5_MAC_GENERAL = 0x00000334 + CKM_RC5_CBC_PAD = 0x00000335 + CKM_IDEA_KEY_GEN = 0x00000340 + CKM_IDEA_ECB = 0x00000341 + CKM_IDEA_CBC = 0x00000342 + CKM_IDEA_MAC = 0x00000343 + CKM_IDEA_MAC_GENERAL = 0x00000344 + CKM_IDEA_CBC_PAD = 0x00000345 + CKM_GENERIC_SECRET_KEY_GEN = 0x00000350 + CKM_CONCATENATE_BASE_AND_KEY = 0x00000360 + CKM_CONCATENATE_BASE_AND_DATA = 0x00000362 + CKM_CONCATENATE_DATA_AND_BASE = 0x00000363 + CKM_XOR_BASE_AND_DATA = 0x00000364 + CKM_EXTRACT_KEY_FROM_KEY = 0x00000365 + CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370 + CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371 + CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372 + CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373 + CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374 + CKM_TLS_MASTER_KEY_DERIVE = 0x00000375 + CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376 + CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377 + CKM_TLS_PRF = 0x00000378 + CKM_SSL3_MD5_MAC = 0x00000380 + CKM_SSL3_SHA1_MAC = 0x00000381 + CKM_MD5_KEY_DERIVATION = 0x00000390 + CKM_MD2_KEY_DERIVATION = 0x00000391 + CKM_SHA1_KEY_DERIVATION = 0x00000392 + CKM_SHA256_KEY_DERIVATION = 0x00000393 + CKM_SHA384_KEY_DERIVATION = 0x00000394 + CKM_SHA512_KEY_DERIVATION = 0x00000395 + CKM_SHA224_KEY_DERIVATION = 0x00000396 + CKM_SHA3_256_KEY_DERIVE = 0x00000397 + CKM_SHA3_224_KEY_DERIVE = 0x00000398 + CKM_SHA3_384_KEY_DERIVE = 0x00000399 + CKM_SHA3_512_KEY_DERIVE = 0x0000039A + CKM_SHAKE_128_KEY_DERIVE = 0x0000039B + CKM_SHAKE_256_KEY_DERIVE = 0x0000039C + CKM_PBE_MD2_DES_CBC = 0x000003A0 + CKM_PBE_MD5_DES_CBC = 0x000003A1 + CKM_PBE_MD5_CAST_CBC = 0x000003A2 + CKM_PBE_MD5_CAST3_CBC = 0x000003A3 + CKM_PBE_MD5_CAST5_CBC = 0x000003A4 // Deprecated + CKM_PBE_MD5_CAST128_CBC = 0x000003A4 + CKM_PBE_SHA1_CAST5_CBC = 0x000003A5 // Deprecated + CKM_PBE_SHA1_CAST128_CBC = 0x000003A5 + CKM_PBE_SHA1_RC4_128 = 0x000003A6 + CKM_PBE_SHA1_RC4_40 = 0x000003A7 + CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8 + CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9 + CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA + CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB + CKM_PKCS5_PBKD2 = 0x000003B0 + CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0 + CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0 + CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1 + CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2 + CKM_WTLS_PRF = 0x000003D3 + CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4 + CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5 + CKM_TLS10_MAC_SERVER = 0x000003D6 + CKM_TLS10_MAC_CLIENT = 0x000003D7 + CKM_TLS12_MAC = 0x000003D8 + CKM_TLS12_KDF = 0x000003D9 + CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0 + CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1 + CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2 + CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3 + CKM_TLS_MAC = 0x000003E4 + CKM_TLS_KDF = 0x000003E5 + CKM_KEY_WRAP_LYNKS = 0x00000400 + CKM_KEY_WRAP_SET_OAEP = 0x00000401 + CKM_CMS_SIG = 0x00000500 + CKM_KIP_DERIVE = 0x00000510 + CKM_KIP_WRAP = 0x00000511 + CKM_KIP_MAC = 0x00000512 + CKM_CAMELLIA_KEY_GEN = 0x00000550 + CKM_CAMELLIA_ECB = 0x00000551 + CKM_CAMELLIA_CBC = 0x00000552 + CKM_CAMELLIA_MAC = 0x00000553 + CKM_CAMELLIA_MAC_GENERAL = 0x00000554 + CKM_CAMELLIA_CBC_PAD = 0x00000555 + CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556 + CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557 + CKM_CAMELLIA_CTR = 0x00000558 + CKM_ARIA_KEY_GEN = 0x00000560 + CKM_ARIA_ECB = 0x00000561 + CKM_ARIA_CBC = 0x00000562 + CKM_ARIA_MAC = 0x00000563 + CKM_ARIA_MAC_GENERAL = 0x00000564 + CKM_ARIA_CBC_PAD = 0x00000565 + CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 + CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 + CKM_SEED_KEY_GEN = 0x00000650 + CKM_SEED_ECB = 0x00000651 + CKM_SEED_CBC = 0x00000652 + CKM_SEED_MAC = 0x00000653 + CKM_SEED_MAC_GENERAL = 0x00000654 + CKM_SEED_CBC_PAD = 0x00000655 + CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 + CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 + CKM_SKIPJACK_KEY_GEN = 0x00001000 + CKM_SKIPJACK_ECB64 = 0x00001001 + CKM_SKIPJACK_CBC64 = 0x00001002 + CKM_SKIPJACK_OFB64 = 0x00001003 + CKM_SKIPJACK_CFB64 = 0x00001004 + CKM_SKIPJACK_CFB32 = 0x00001005 + CKM_SKIPJACK_CFB16 = 0x00001006 + CKM_SKIPJACK_CFB8 = 0x00001007 + CKM_SKIPJACK_WRAP = 0x00001008 + CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009 + CKM_SKIPJACK_RELAYX = 0x0000100a + CKM_KEA_KEY_PAIR_GEN = 0x00001010 + CKM_KEA_KEY_DERIVE = 0x00001011 + CKM_KEA_DERIVE = 0x00001012 + CKM_FORTEZZA_TIMESTAMP = 0x00001020 + CKM_BATON_KEY_GEN = 0x00001030 + CKM_BATON_ECB128 = 0x00001031 + CKM_BATON_ECB96 = 0x00001032 + CKM_BATON_CBC128 = 0x00001033 + CKM_BATON_COUNTER = 0x00001034 + CKM_BATON_SHUFFLE = 0x00001035 + CKM_BATON_WRAP = 0x00001036 + CKM_ECDSA_KEY_PAIR_GEN = 0x00001040 // Deprecated + CKM_EC_KEY_PAIR_GEN = 0x00001040 + CKM_ECDSA = 0x00001041 + CKM_ECDSA_SHA1 = 0x00001042 + CKM_ECDSA_SHA224 = 0x00001043 + CKM_ECDSA_SHA256 = 0x00001044 + CKM_ECDSA_SHA384 = 0x00001045 + CKM_ECDSA_SHA512 = 0x00001046 + CKM_ECDH1_DERIVE = 0x00001050 + CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 + CKM_ECMQV_DERIVE = 0x00001052 + CKM_ECDH_AES_KEY_WRAP = 0x00001053 + CKM_RSA_AES_KEY_WRAP = 0x00001054 + CKM_JUNIPER_KEY_GEN = 0x00001060 + CKM_JUNIPER_ECB128 = 0x00001061 + CKM_JUNIPER_CBC128 = 0x00001062 + CKM_JUNIPER_COUNTER = 0x00001063 + CKM_JUNIPER_SHUFFLE = 0x00001064 + CKM_JUNIPER_WRAP = 0x00001065 + CKM_FASTHASH = 0x00001070 + CKM_AES_KEY_GEN = 0x00001080 + CKM_AES_ECB = 0x00001081 + CKM_AES_CBC = 0x00001082 + CKM_AES_MAC = 0x00001083 + CKM_AES_MAC_GENERAL = 0x00001084 + CKM_AES_CBC_PAD = 0x00001085 + CKM_AES_CTR = 0x00001086 + CKM_AES_GCM = 0x00001087 + CKM_AES_CCM = 0x00001088 + CKM_AES_CTS = 0x00001089 + CKM_AES_CMAC = 0x0000108A + CKM_AES_CMAC_GENERAL = 0x0000108B + CKM_AES_XCBC_MAC = 0x0000108C + CKM_AES_XCBC_MAC_96 = 0x0000108D + CKM_AES_GMAC = 0x0000108E + CKM_BLOWFISH_KEY_GEN = 0x00001090 + CKM_BLOWFISH_CBC = 0x00001091 + CKM_TWOFISH_KEY_GEN = 0x00001092 + CKM_TWOFISH_CBC = 0x00001093 + CKM_BLOWFISH_CBC_PAD = 0x00001094 + CKM_TWOFISH_CBC_PAD = 0x00001095 + CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 + CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 + CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 + CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 + CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 + CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 + CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 + CKM_GOSTR3410 = 0x00001201 + CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 + CKM_GOSTR3410_KEY_WRAP = 0x00001203 + CKM_GOSTR3410_DERIVE = 0x00001204 + CKM_GOSTR3411 = 0x00001210 + CKM_GOSTR3411_HMAC = 0x00001211 + CKM_GOST28147_KEY_GEN = 0x00001220 + CKM_GOST28147_ECB = 0x00001221 + CKM_GOST28147 = 0x00001222 + CKM_GOST28147_MAC = 0x00001223 + CKM_GOST28147_KEY_WRAP = 0x00001224 + CKM_DSA_PARAMETER_GEN = 0x00002000 + CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 + CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 + CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003 + CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004 + CKM_AES_OFB = 0x00002104 + CKM_AES_CFB64 = 0x00002105 + CKM_AES_CFB8 = 0x00002106 + CKM_AES_CFB128 = 0x00002107 + CKM_AES_CFB1 = 0x00002108 + CKM_AES_KEY_WRAP = 0x00002109 // WAS: 0x00001090 + CKM_AES_KEY_WRAP_PAD = 0x0000210A // WAS: 0x00001091 + CKM_RSA_PKCS_TPM_1_1 = 0x00004001 + CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 + CKM_VENDOR_DEFINED = 0x80000000 + + // The flags are defined as follows: + // + // Bit Flag Mask Meaning + CKF_HW = 0x00000001 // performed by HW + + // Specify whether or not a mechanism can be used for a particular task + CKF_ENCRYPT = 0x00000100 + CKF_DECRYPT = 0x00000200 + CKF_DIGEST = 0x00000400 + CKF_SIGN = 0x00000800 + CKF_SIGN_RECOVER = 0x00001000 + CKF_VERIFY = 0x00002000 + CKF_VERIFY_RECOVER = 0x00004000 + CKF_GENERATE = 0x00008000 + CKF_GENERATE_KEY_PAIR = 0x00010000 + CKF_WRAP = 0x00020000 + CKF_UNWRAP = 0x00040000 + CKF_DERIVE = 0x00080000 + + // Describe a token's EC capabilities not available in mechanism + // information. + CKF_EC_F_P = 0x00100000 + CKF_EC_F_2M = 0x00200000 + CKF_EC_ECPARAMETERS = 0x00400000 + CKF_EC_NAMEDCURVE = 0x00800000 + CKF_EC_UNCOMPRESS = 0x01000000 + CKF_EC_COMPRESS = 0x02000000 + CKF_EXTENSION = 0x80000000 + CKR_OK = 0x00000000 CKR_CANCEL = 0x00000001 CKR_HOST_MEMORY = 0x00000002 @@ -718,49 +836,69 @@ const ( CKR_PUBLIC_KEY_INVALID = 0x000001B9 CKR_FUNCTION_REJECTED = 0x00000200 CKR_VENDOR_DEFINED = 0x80000000 - CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 - CKF_OS_LOCKING_OK = 0x00000002 - CKF_DONT_BLOCK = 1 - CKG_MGF1_SHA1 = 0x00000001 - CKG_MGF1_SHA256 = 0x00000002 - CKG_MGF1_SHA384 = 0x00000003 - CKG_MGF1_SHA512 = 0x00000004 - CKG_MGF1_SHA224 = 0x00000005 - CKZ_DATA_SPECIFIED = 0x00000001 - CKD_NULL = 0x00000001 - CKD_SHA1_KDF = 0x00000002 - CKD_SHA1_KDF_ASN1 = 0x00000003 - CKD_SHA1_KDF_CONCATENATE = 0x00000004 - CKD_SHA224_KDF = 0x00000005 - CKD_SHA256_KDF = 0x00000006 - CKD_SHA384_KDF = 0x00000007 - CKD_SHA512_KDF = 0x00000008 - CKD_CPDIVERSIFY_KDF = 0x00000009 - CKD_SHA3_224_KDF = 0x0000000A - CKD_SHA3_256_KDF = 0x0000000B - CKD_SHA3_384_KDF = 0x0000000C - CKD_SHA3_512_KDF = 0x0000000D - CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001 - CKP_PKCS5_PBKD2_HMAC_GOSTR3411 = 0x00000002 - CKP_PKCS5_PBKD2_HMAC_SHA224 = 0x00000003 - CKP_PKCS5_PBKD2_HMAC_SHA256 = 0x00000004 - CKP_PKCS5_PBKD2_HMAC_SHA384 = 0x00000005 - CKP_PKCS5_PBKD2_HMAC_SHA512 = 0x00000006 - CKP_PKCS5_PBKD2_HMAC_SHA512_224 = 0x00000007 - CKP_PKCS5_PBKD2_HMAC_SHA512_256 = 0x00000008 - CKZ_SALT_SPECIFIED = 0x00000001 - CK_OTP_VALUE = 0 - CK_OTP_PIN = 1 - CK_OTP_CHALLENGE = 2 - CK_OTP_TIME = 3 - CK_OTP_COUNTER = 4 - CK_OTP_FLAGS = 5 - CK_OTP_OUTPUT_LENGTH = 6 - CK_OTP_OUTPUT_FORMAT = 7 - CKF_NEXT_OTP = 0x00000001 - CKF_EXCLUDE_TIME = 0x00000002 - CKF_EXCLUDE_COUNTER = 0x00000004 - CKF_EXCLUDE_CHALLENGE = 0x00000008 - CKF_EXCLUDE_PIN = 0x00000010 - CKF_USER_FRIENDLY_OTP = 0x00000020 + + // flags: bit flags that provide capabilities of the slot + // + // Bit Flag Mask Meaning + CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 + CKF_OS_LOCKING_OK = 0x00000002 + + // additional flags for parameters to functions + // CKF_DONT_BLOCK is for the function C_WaitForSlotEvent + CKF_DONT_BLOCK = 1 + + // The following MGFs are defined + CKG_MGF1_SHA1 = 0x00000001 + CKG_MGF1_SHA256 = 0x00000002 + CKG_MGF1_SHA384 = 0x00000003 + CKG_MGF1_SHA512 = 0x00000004 + CKG_MGF1_SHA224 = 0x00000005 + + // The following encoding parameter sources are defined + CKZ_DATA_SPECIFIED = 0x00000001 + + // The following EC Key Derivation Functions are defined + CKD_NULL = 0x00000001 + CKD_SHA1_KDF = 0x00000002 + + // The following X9.42 DH key derivation functions are defined + CKD_SHA1_KDF_ASN1 = 0x00000003 + CKD_SHA1_KDF_CONCATENATE = 0x00000004 + CKD_SHA224_KDF = 0x00000005 + CKD_SHA256_KDF = 0x00000006 + CKD_SHA384_KDF = 0x00000007 + CKD_SHA512_KDF = 0x00000008 + CKD_CPDIVERSIFY_KDF = 0x00000009 + CKD_SHA3_224_KDF = 0x0000000A + CKD_SHA3_256_KDF = 0x0000000B + CKD_SHA3_384_KDF = 0x0000000C + CKD_SHA3_512_KDF = 0x0000000D + + CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001 + CKP_PKCS5_PBKD2_HMAC_GOSTR3411 = 0x00000002 + CKP_PKCS5_PBKD2_HMAC_SHA224 = 0x00000003 + CKP_PKCS5_PBKD2_HMAC_SHA256 = 0x00000004 + CKP_PKCS5_PBKD2_HMAC_SHA384 = 0x00000005 + CKP_PKCS5_PBKD2_HMAC_SHA512 = 0x00000006 + CKP_PKCS5_PBKD2_HMAC_SHA512_224 = 0x00000007 + CKP_PKCS5_PBKD2_HMAC_SHA512_256 = 0x00000008 + + // The following salt value sources are defined in PKCS #5 v2.0. + CKZ_SALT_SPECIFIED = 0x00000001 + + CK_OTP_VALUE = 0 + CK_OTP_PIN = 1 + CK_OTP_CHALLENGE = 2 + CK_OTP_TIME = 3 + CK_OTP_COUNTER = 4 + CK_OTP_FLAGS = 5 + CK_OTP_OUTPUT_LENGTH = 6 + CK_OTP_OUTPUT_FORMAT = 7 + + CKF_NEXT_OTP = 0x00000001 + CKF_EXCLUDE_TIME = 0x00000002 + CKF_EXCLUDE_COUNTER = 0x00000004 + CKF_EXCLUDE_CHALLENGE = 0x00000008 + CKF_EXCLUDE_PIN = 0x00000010 + CKF_USER_FRIENDLY_OTP = 0x00000020 ) diff --git a/vendor/modules.txt b/vendor/modules.txt index 27e91f79ed..ad6cf1eeb1 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -243,7 +243,7 @@ github.com/mattn/go-shellwords # github.com/mattn/go-sqlite3 v1.14.44 ## explicit; go 1.21 github.com/mattn/go-sqlite3 -# github.com/miekg/pkcs11 v1.1.1 +# github.com/miekg/pkcs11 v1.1.2 ## explicit; go 1.12 github.com/miekg/pkcs11 # github.com/mistifyio/go-zfs/v4 v4.0.0 From fbe6578e046cc881a6e9a8d617d7590402548868 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 21:50:12 +0200 Subject: [PATCH 12/17] Update github.com/sigstore/protobuf-specs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- common/go.mod | 2 +- common/go.sum | 4 +- image/go.mod | 2 +- image/go.sum | 4 +- .../gen/pb-go/common/v1/sigstore_common.pb.go | 278 +++++++----------- vendor/modules.txt | 4 +- 6 files changed, 119 insertions(+), 175 deletions(-) diff --git a/common/go.mod b/common/go.mod index 3a2070942d..f7492c3bc8 100644 --- a/common/go.mod +++ b/common/go.mod @@ -103,7 +103,7 @@ require ( github.com/proglottis/gpgme v0.1.6 // indirect github.com/secure-systems-lab/go-securesystemslib v0.11.0 // indirect github.com/sigstore/fulcio v1.8.5 // indirect - github.com/sigstore/protobuf-specs v0.5.0 // indirect + github.com/sigstore/protobuf-specs v0.5.1 // indirect github.com/sigstore/sigstore v1.10.6 // indirect github.com/smallstep/pkcs7 v0.1.1 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect diff --git a/common/go.sum b/common/go.sum index 4b2567c970..7880f6d992 100644 --- a/common/go.sum +++ b/common/go.sum @@ -207,8 +207,8 @@ github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/sigstore/fulcio v1.8.5 h1:HYTD1/L5wlBp8JxsWxUf8hmfaNBBF/x3r3p5l6tZwbA= github.com/sigstore/fulcio v1.8.5/go.mod h1:tSLYK3JsKvJpDW1BsIsVHZgHj+f8TjXARzqIUWSsSPQ= -github.com/sigstore/protobuf-specs v0.5.0 h1:F8YTI65xOHw70NrvPwJ5PhAzsvTnuJMGLkA4FIkofAY= -github.com/sigstore/protobuf-specs v0.5.0/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= +github.com/sigstore/protobuf-specs v0.5.1 h1:/5OPaNuolRJmQfeZLayJGFXMpsRJEdgC6ah1/+7Px7U= +github.com/sigstore/protobuf-specs v0.5.1/go.mod h1:DRBzpFuE+LnvQMN10/dU6nBeKwVLGEQ6o2FovN2Rats= github.com/sigstore/sigstore v1.10.6 h1:YWhMQfTrJSK80QB1pbxjYeAwGKx+5UwWPPAY9hrPPZg= github.com/sigstore/sigstore v1.10.6/go.mod h1:k/mcVVXw3I87dYG/iCVTSW2xTrW7vPzxxGic4KqsqXs= github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w= diff --git a/image/go.mod b/image/go.mod index ddf42fc2d9..b268b2aa8d 100644 --- a/image/go.mod +++ b/image/go.mod @@ -86,7 +86,7 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/sergi/go-diff v1.4.0 // indirect - github.com/sigstore/protobuf-specs v0.5.0 // indirect + github.com/sigstore/protobuf-specs v0.5.1 // indirect github.com/smallstep/pkcs7 v0.1.1 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect github.com/tchap/go-patricia/v2 v2.3.3 // indirect diff --git a/image/go.sum b/image/go.sum index c768b67c68..c84319a413 100644 --- a/image/go.sum +++ b/image/go.sum @@ -163,8 +163,8 @@ github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw= github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/sigstore/fulcio v1.8.5 h1:HYTD1/L5wlBp8JxsWxUf8hmfaNBBF/x3r3p5l6tZwbA= github.com/sigstore/fulcio v1.8.5/go.mod h1:tSLYK3JsKvJpDW1BsIsVHZgHj+f8TjXARzqIUWSsSPQ= -github.com/sigstore/protobuf-specs v0.5.0 h1:F8YTI65xOHw70NrvPwJ5PhAzsvTnuJMGLkA4FIkofAY= -github.com/sigstore/protobuf-specs v0.5.0/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= +github.com/sigstore/protobuf-specs v0.5.1 h1:/5OPaNuolRJmQfeZLayJGFXMpsRJEdgC6ah1/+7Px7U= +github.com/sigstore/protobuf-specs v0.5.1/go.mod h1:DRBzpFuE+LnvQMN10/dU6nBeKwVLGEQ6o2FovN2Rats= github.com/sigstore/sigstore v1.10.6 h1:YWhMQfTrJSK80QB1pbxjYeAwGKx+5UwWPPAY9hrPPZg= github.com/sigstore/sigstore v1.10.6/go.mod h1:k/mcVVXw3I87dYG/iCVTSW2xTrW7vPzxxGic4KqsqXs= github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w= diff --git a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go index 5f339b2d78..4730718f47 100644 --- a/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go +++ b/vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go @@ -14,8 +14,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.5 -// protoc v6.30.2 +// protoc-gen-go v1.36.10 +// protoc v7.34.1 // source: sigstore_common.proto package v1 @@ -51,8 +51,14 @@ const ( HashAlgorithm_SHA2_256 HashAlgorithm = 1 HashAlgorithm_SHA2_384 HashAlgorithm = 2 HashAlgorithm_SHA2_512 HashAlgorithm = 3 - HashAlgorithm_SHA3_256 HashAlgorithm = 4 - HashAlgorithm_SHA3_384 HashAlgorithm = 5 + // Used for LMS + // + // Deprecated: Marked as deprecated in sigstore_common.proto. + HashAlgorithm_SHA3_256 HashAlgorithm = 4 + // Used for LMS + // + // Deprecated: Marked as deprecated in sigstore_common.proto. + HashAlgorithm_SHA3_384 HashAlgorithm = 5 ) // Enum value maps for HashAlgorithm. @@ -161,9 +167,7 @@ const ( // LMS and LM-OTS // // These algorithms are deprecated and should not be used. - // Keys and signatures MAY be used by private Sigstore - // deployments, but will not be supported by the public - // good instance. + // There are no plans to support SLH-DSA at this time. // // USER WARNING: LMS and LM-OTS are both stateful signature schemes. // Using them correctly requires discretion and careful consideration @@ -179,18 +183,21 @@ const ( PublicKeyDetails_LMOTS_SHA256 PublicKeyDetails = 15 // ML-DSA // - // These ML_DSA_65 and ML-DSA_87 algorithms are the pure variants that - // take data to sign rather than the prehash variants (HashML-DSA), which - // take digests. While considered quantum-resistant, their usage + // These ML_DSA_44, ML_DSA_65 and ML-DSA_87 algorithms are the pure variants + // that take data to sign rather than the prehash variants (HashML-DSA), which + // take digests. While considered quantum-resistant, their usage // involves tradeoffs in that signatures and keys are much larger, and // this makes deployments more costly. // - // USER WARNING: ML_DSA_65 and ML_DSA_87 are experimental algorithms. + // USER WARNING: ML_DSA_44, ML_DSA_65 and ML_DSA_87 are experimental algorithms. // In the future they MAY be used by private Sigstore deployments, but - // they are not yet fully functional. This warning will be removed when + // they are not yet fully functional. This warning will be removed when // these algorithms are widely supported by Sigstore clients and servers, // but care should still be taken for production environments. - PublicKeyDetails_ML_DSA_65 PublicKeyDetails = 21 // See NIST FIPS 204 + // + // See NIST FIPS 204, RFC 9881 for algorithm identifiers + PublicKeyDetails_ML_DSA_44 PublicKeyDetails = 23 + PublicKeyDetails_ML_DSA_65 PublicKeyDetails = 21 PublicKeyDetails_ML_DSA_87 PublicKeyDetails = 22 ) @@ -218,6 +225,7 @@ var ( 20: "PKIX_ECDSA_P521_SHA_256", 14: "LMS_SHA256", 15: "LMOTS_SHA256", + 23: "ML_DSA_44", 21: "ML_DSA_65", 22: "ML_DSA_87", } @@ -243,6 +251,7 @@ var ( "PKIX_ECDSA_P521_SHA_256": 20, "LMS_SHA256": 14, "LMOTS_SHA256": 15, + "ML_DSA_44": 23, "ML_DSA_65": 21, "ML_DSA_87": 22, } @@ -1062,160 +1071,95 @@ func (x *TimeRange) GetEnd() *timestamppb.Timestamp { var File_sigstore_common_proto protoreflect.FileDescriptor -var file_sigstore_common_proto_rawDesc = string([]byte{ - 0x0a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x16, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x1a, - 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, - 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0x69, 0x0a, 0x0a, 0x48, 0x61, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x12, - 0x43, 0x0a, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, - 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, - 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x09, 0x61, 0x6c, 0x67, 0x6f, 0x72, - 0x69, 0x74, 0x68, 0x6d, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0x80, 0x01, 0x0a, - 0x10, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x12, 0x49, 0x0a, 0x0e, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x64, 0x69, 0x67, - 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, - 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x52, 0x0d, 0x6d, - 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x09, - 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, - 0x23, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, - 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x6b, - 0x65, 0x79, 0x49, 0x64, 0x22, 0x48, 0x0a, 0x16, 0x52, 0x46, 0x43, 0x33, 0x31, 0x36, 0x31, 0x53, - 0x69, 0x67, 0x6e, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x2e, - 0x0a, 0x10, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, - 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0f, 0x73, - 0x69, 0x67, 0x6e, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0xd9, - 0x01, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x09, - 0x72, 0x61, 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, - 0x00, 0x52, 0x08, 0x72, 0x61, 0x77, 0x42, 0x79, 0x74, 0x65, 0x73, 0x88, 0x01, 0x01, 0x12, 0x49, - 0x0a, 0x0b, 0x6b, 0x65, 0x79, 0x5f, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x52, 0x0a, 0x6b, - 0x65, 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x43, 0x0a, 0x09, 0x76, 0x61, 0x6c, - 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x48, - 0x01, 0x52, 0x08, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x88, 0x01, 0x01, 0x42, 0x0c, - 0x0a, 0x0a, 0x5f, 0x72, 0x61, 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x42, 0x0c, 0x0a, 0x0a, - 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x22, 0x29, 0x0a, 0x13, 0x50, 0x75, - 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, - 0x72, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x69, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x68, 0x69, 0x6e, 0x74, 0x22, 0x27, 0x0a, 0x10, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x12, 0x13, 0x0a, 0x02, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x02, 0x69, 0x64, 0x22, 0x6d, - 0x0a, 0x19, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, - 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x50, 0x61, 0x69, 0x72, 0x12, 0x3a, 0x0a, 0x03, 0x6f, - 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, - 0x31, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, - 0x65, 0x72, 0x52, 0x03, 0x6f, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x58, 0x0a, - 0x11, 0x44, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x75, 0x69, 0x73, 0x68, 0x65, 0x64, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, - 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x22, 0x33, 0x0a, 0x0f, 0x58, 0x35, 0x30, 0x39, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x20, 0x0a, 0x09, 0x72, 0x61, - 0x77, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, - 0x41, 0x02, 0x52, 0x08, 0x72, 0x61, 0x77, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x9e, 0x01, 0x0a, - 0x16, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, - 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x46, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x53, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, - 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, - 0x18, 0x0a, 0x06, 0x72, 0x65, 0x67, 0x65, 0x78, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x00, 0x52, 0x06, 0x72, 0x65, 0x67, 0x65, 0x78, 0x70, 0x12, 0x16, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x42, 0x0a, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x63, 0x0a, - 0x14, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x4b, 0x0a, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x64, 0x65, - 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x52, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x73, 0x22, 0x78, 0x0a, 0x09, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, - 0x30, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, - 0x74, 0x12, 0x31, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x48, 0x00, 0x52, 0x03, 0x65, 0x6e, - 0x64, 0x88, 0x01, 0x01, 0x42, 0x06, 0x0a, 0x04, 0x5f, 0x65, 0x6e, 0x64, 0x2a, 0x75, 0x0a, 0x0d, - 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x1e, 0x0a, - 0x1a, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, - 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0c, 0x0a, - 0x08, 0x53, 0x48, 0x41, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x53, - 0x48, 0x41, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, - 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, - 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x33, 0x38, - 0x34, 0x10, 0x05, 0x2a, 0x8f, 0x05, 0x0a, 0x10, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, - 0x79, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x12, 0x22, 0x0a, 0x1e, 0x50, 0x55, 0x42, 0x4c, - 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x44, 0x45, 0x54, 0x41, 0x49, 0x4c, 0x53, 0x5f, 0x55, - 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x11, - 0x50, 0x4b, 0x43, 0x53, 0x31, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, - 0x35, 0x10, 0x01, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x15, 0x0a, 0x0d, 0x50, 0x4b, 0x43, 0x53, 0x31, - 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x02, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x18, - 0x0a, 0x10, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, - 0x56, 0x35, 0x10, 0x03, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x14, 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, - 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x10, 0x04, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x21, - 0x0a, 0x1d, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, - 0x56, 0x31, 0x35, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, - 0x09, 0x12, 0x21, 0x0a, 0x1d, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x50, 0x4b, - 0x43, 0x53, 0x31, 0x56, 0x31, 0x35, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, - 0x35, 0x36, 0x10, 0x0a, 0x12, 0x21, 0x0a, 0x1d, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, - 0x5f, 0x50, 0x4b, 0x43, 0x53, 0x31, 0x56, 0x31, 0x35, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, - 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0b, 0x12, 0x1c, 0x0a, 0x18, 0x50, 0x4b, 0x49, 0x58, 0x5f, - 0x52, 0x53, 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x48, 0x41, - 0x32, 0x35, 0x36, 0x10, 0x10, 0x12, 0x1c, 0x0a, 0x18, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, - 0x41, 0x5f, 0x50, 0x53, 0x53, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, - 0x36, 0x10, 0x11, 0x12, 0x1c, 0x0a, 0x18, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x52, 0x53, 0x41, 0x5f, - 0x50, 0x53, 0x53, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, - 0x12, 0x12, 0x24, 0x0a, 0x1c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, - 0x50, 0x32, 0x35, 0x36, 0x5f, 0x48, 0x4d, 0x41, 0x43, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, - 0x36, 0x10, 0x06, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, - 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, - 0x35, 0x36, 0x10, 0x05, 0x12, 0x1b, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, - 0x53, 0x41, 0x5f, 0x50, 0x33, 0x38, 0x34, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x33, 0x38, 0x34, 0x10, - 0x0c, 0x12, 0x1b, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, - 0x50, 0x35, 0x32, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x0d, 0x12, 0x10, - 0x0a, 0x0c, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x07, - 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, - 0x5f, 0x50, 0x48, 0x10, 0x08, 0x12, 0x1f, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, 0x43, - 0x44, 0x53, 0x41, 0x5f, 0x50, 0x33, 0x38, 0x34, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, 0x36, - 0x10, 0x13, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x1f, 0x0a, 0x17, 0x50, 0x4b, 0x49, 0x58, 0x5f, 0x45, - 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x35, 0x32, 0x31, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x35, - 0x36, 0x10, 0x14, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x12, 0x0a, 0x0a, 0x4c, 0x4d, 0x53, 0x5f, 0x53, - 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0e, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x14, 0x0a, 0x0c, 0x4c, - 0x4d, 0x4f, 0x54, 0x53, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0f, 0x1a, 0x02, 0x08, - 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x4d, 0x4c, 0x5f, 0x44, 0x53, 0x41, 0x5f, 0x36, 0x35, 0x10, 0x15, - 0x12, 0x0d, 0x0a, 0x09, 0x4d, 0x4c, 0x5f, 0x44, 0x53, 0x41, 0x5f, 0x38, 0x37, 0x10, 0x16, 0x22, - 0x04, 0x08, 0x17, 0x10, 0x32, 0x2a, 0x6f, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x41, 0x6c, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, 0x69, 0x76, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x41, - 0x4c, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x5f, - 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, - 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x4d, 0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, - 0x03, 0x55, 0x52, 0x49, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x4f, 0x54, 0x48, 0x45, 0x52, 0x5f, - 0x4e, 0x41, 0x4d, 0x45, 0x10, 0x03, 0x42, 0x7c, 0x0a, 0x1c, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, - 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, - 0x2d, 0x67, 0x6f, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x14, - 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -}) +const file_sigstore_common_proto_rawDesc = "" + + "\n" + + "\x15sigstore_common.proto\x12\x16dev.sigstore.common.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"i\n" + + "\n" + + "HashOutput\x12C\n" + + "\talgorithm\x18\x01 \x01(\x0e2%.dev.sigstore.common.v1.HashAlgorithmR\talgorithm\x12\x16\n" + + "\x06digest\x18\x02 \x01(\fR\x06digest\"\x80\x01\n" + + "\x10MessageSignature\x12I\n" + + "\x0emessage_digest\x18\x01 \x01(\v2\".dev.sigstore.common.v1.HashOutputR\rmessageDigest\x12!\n" + + "\tsignature\x18\x02 \x01(\fB\x03\xe0A\x02R\tsignature\"#\n" + + "\x05LogId\x12\x1a\n" + + "\x06key_id\x18\x01 \x01(\fB\x03\xe0A\x02R\x05keyId\"H\n" + + "\x16RFC3161SignedTimestamp\x12.\n" + + "\x10signed_timestamp\x18\x01 \x01(\fB\x03\xe0A\x02R\x0fsignedTimestamp\"\xd9\x01\n" + + "\tPublicKey\x12 \n" + + "\traw_bytes\x18\x01 \x01(\fH\x00R\brawBytes\x88\x01\x01\x12I\n" + + "\vkey_details\x18\x02 \x01(\x0e2(.dev.sigstore.common.v1.PublicKeyDetailsR\n" + + "keyDetails\x12C\n" + + "\tvalid_for\x18\x03 \x01(\v2!.dev.sigstore.common.v1.TimeRangeH\x01R\bvalidFor\x88\x01\x01B\f\n" + + "\n" + + "_raw_bytesB\f\n" + + "\n" + + "_valid_for\")\n" + + "\x13PublicKeyIdentifier\x12\x12\n" + + "\x04hint\x18\x01 \x01(\tR\x04hint\"'\n" + + "\x10ObjectIdentifier\x12\x13\n" + + "\x02id\x18\x01 \x03(\x05B\x03\xe0A\x02R\x02id\"m\n" + + "\x19ObjectIdentifierValuePair\x12:\n" + + "\x03oid\x18\x01 \x01(\v2(.dev.sigstore.common.v1.ObjectIdentifierR\x03oid\x12\x14\n" + + "\x05value\x18\x02 \x01(\fR\x05value\"X\n" + + "\x11DistinguishedName\x12\"\n" + + "\forganization\x18\x01 \x01(\tR\forganization\x12\x1f\n" + + "\vcommon_name\x18\x02 \x01(\tR\n" + + "commonName\"3\n" + + "\x0fX509Certificate\x12 \n" + + "\traw_bytes\x18\x01 \x01(\fB\x03\xe0A\x02R\brawBytes\"\x9e\x01\n" + + "\x16SubjectAlternativeName\x12F\n" + + "\x04type\x18\x01 \x01(\x0e22.dev.sigstore.common.v1.SubjectAlternativeNameTypeR\x04type\x12\x18\n" + + "\x06regexp\x18\x02 \x01(\tH\x00R\x06regexp\x12\x16\n" + + "\x05value\x18\x03 \x01(\tH\x00R\x05valueB\n" + + "\n" + + "\bidentity\"c\n" + + "\x14X509CertificateChain\x12K\n" + + "\fcertificates\x18\x01 \x03(\v2'.dev.sigstore.common.v1.X509CertificateR\fcertificates\"x\n" + + "\tTimeRange\x120\n" + + "\x05start\x18\x01 \x01(\v2\x1a.google.protobuf.TimestampR\x05start\x121\n" + + "\x03end\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampH\x00R\x03end\x88\x01\x01B\x06\n" + + "\x04_end*}\n" + + "\rHashAlgorithm\x12\x1e\n" + + "\x1aHASH_ALGORITHM_UNSPECIFIED\x10\x00\x12\f\n" + + "\bSHA2_256\x10\x01\x12\f\n" + + "\bSHA2_384\x10\x02\x12\f\n" + + "\bSHA2_512\x10\x03\x12\x10\n" + + "\bSHA3_256\x10\x04\x1a\x02\b\x01\x12\x10\n" + + "\bSHA3_384\x10\x05\x1a\x02\b\x01*\x9e\x05\n" + + "\x10PublicKeyDetails\x12\"\n" + + "\x1ePUBLIC_KEY_DETAILS_UNSPECIFIED\x10\x00\x12\x19\n" + + "\x11PKCS1_RSA_PKCS1V5\x10\x01\x1a\x02\b\x01\x12\x15\n" + + "\rPKCS1_RSA_PSS\x10\x02\x1a\x02\b\x01\x12\x18\n" + + "\x10PKIX_RSA_PKCS1V5\x10\x03\x1a\x02\b\x01\x12\x14\n" + + "\fPKIX_RSA_PSS\x10\x04\x1a\x02\b\x01\x12!\n" + + "\x1dPKIX_RSA_PKCS1V15_2048_SHA256\x10\t\x12!\n" + + "\x1dPKIX_RSA_PKCS1V15_3072_SHA256\x10\n" + + "\x12!\n" + + "\x1dPKIX_RSA_PKCS1V15_4096_SHA256\x10\v\x12\x1c\n" + + "\x18PKIX_RSA_PSS_2048_SHA256\x10\x10\x12\x1c\n" + + "\x18PKIX_RSA_PSS_3072_SHA256\x10\x11\x12\x1c\n" + + "\x18PKIX_RSA_PSS_4096_SHA256\x10\x12\x12$\n" + + "\x1cPKIX_ECDSA_P256_HMAC_SHA_256\x10\x06\x1a\x02\b\x01\x12\x1b\n" + + "\x17PKIX_ECDSA_P256_SHA_256\x10\x05\x12\x1b\n" + + "\x17PKIX_ECDSA_P384_SHA_384\x10\f\x12\x1b\n" + + "\x17PKIX_ECDSA_P521_SHA_512\x10\r\x12\x10\n" + + "\fPKIX_ED25519\x10\a\x12\x13\n" + + "\x0fPKIX_ED25519_PH\x10\b\x12\x1f\n" + + "\x17PKIX_ECDSA_P384_SHA_256\x10\x13\x1a\x02\b\x01\x12\x1f\n" + + "\x17PKIX_ECDSA_P521_SHA_256\x10\x14\x1a\x02\b\x01\x12\x12\n" + + "\n" + + "LMS_SHA256\x10\x0e\x1a\x02\b\x01\x12\x14\n" + + "\fLMOTS_SHA256\x10\x0f\x1a\x02\b\x01\x12\r\n" + + "\tML_DSA_44\x10\x17\x12\r\n" + + "\tML_DSA_65\x10\x15\x12\r\n" + + "\tML_DSA_87\x10\x16\"\x04\b\x18\x102*o\n" + + "\x1aSubjectAlternativeNameType\x12-\n" + + ")SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED\x10\x00\x12\t\n" + + "\x05EMAIL\x10\x01\x12\a\n" + + "\x03URI\x10\x02\x12\x0e\n" + + "\n" + + "OTHER_NAME\x10\x03B|\n" + + "\x1cdev.sigstore.proto.common.v1B\vCommonProtoP\x01Z6github.com/sigstore/protobuf-specs/gen/pb-go/common/v1\xea\x02\x14Sigstore::Common::V1b\x06proto3" var ( file_sigstore_common_proto_rawDescOnce sync.Once diff --git a/vendor/modules.txt b/vendor/modules.txt index ad6cf1eeb1..f57451ddd8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -395,8 +395,8 @@ github.com/secure-systems-lab/go-securesystemslib/encrypted ## explicit; go 1.25.0 github.com/sigstore/fulcio/pkg/api github.com/sigstore/fulcio/pkg/certificate -# github.com/sigstore/protobuf-specs v0.5.0 -## explicit; go 1.22.0 +# github.com/sigstore/protobuf-specs v0.5.1 +## explicit; go 1.23 github.com/sigstore/protobuf-specs/gen/pb-go/common/v1 # github.com/sigstore/sigstore v1.10.6 ## explicit; go 1.25.0 From 7e84da15c6a0bd9a6ad5361101e886193321e6af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 21:54:38 +0200 Subject: [PATCH 13/17] Update github.com/smallstep/pkcs7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- common/go.mod | 2 +- common/go.sum | 14 +++--- image/go.mod | 2 +- image/go.sum | 14 +++--- vendor/github.com/smallstep/pkcs7/pkcs7.go | 7 +++ vendor/github.com/smallstep/pkcs7/sign.go | 47 ++++++++++++++++++++- vendor/github.com/smallstep/pkcs7/verify.go | 32 +++++++++++--- vendor/modules.txt | 2 +- 8 files changed, 96 insertions(+), 24 deletions(-) diff --git a/common/go.mod b/common/go.mod index f7492c3bc8..6b4c7f68d2 100644 --- a/common/go.mod +++ b/common/go.mod @@ -105,7 +105,7 @@ require ( github.com/sigstore/fulcio v1.8.5 // indirect github.com/sigstore/protobuf-specs v0.5.1 // indirect github.com/sigstore/sigstore v1.10.6 // indirect - github.com/smallstep/pkcs7 v0.1.1 // indirect + github.com/smallstep/pkcs7 v0.2.1 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect github.com/sylabs/sif/v2 v2.24.0 // indirect github.com/tchap/go-patricia/v2 v2.3.3 // indirect diff --git a/common/go.sum b/common/go.sum index 7880f6d992..14a2a76db8 100644 --- a/common/go.sum +++ b/common/go.sum @@ -215,8 +215,8 @@ github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g= github.com/skeema/knownhosts v1.3.2 h1:EDL9mgf4NzwMXCTfaxSD/o/a5fxDw/xL9nkU28JjdBg= github.com/skeema/knownhosts v1.3.2/go.mod h1:bEg3iQAuw+jyiw+484wwFJoKSLwcfd7fqRy+N0QTiow= -github.com/smallstep/pkcs7 v0.1.1 h1:x+rPdt2W088V9Vkjho4KtoggyktZJlMduZAtRHm68LU= -github.com/smallstep/pkcs7 v0.1.1/go.mod h1:dL6j5AIz9GHjVEBTXtW+QliALcgM19RtXaTeyxI+AfA= +github.com/smallstep/pkcs7 v0.2.1 h1:6Kfzr/QizdIuB6LSv8y1LJdZ3aPSfTNhTLqAx9CTLfA= +github.com/smallstep/pkcs7 v0.2.1/go.mod h1:RcXHsMfL+BzH8tRhmrF1NkkpebKpq3JEM66cOFxanf0= github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -286,7 +286,7 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= -golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -312,7 +312,7 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -329,7 +329,7 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ= golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= @@ -340,7 +340,7 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -351,7 +351,7 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/image/go.mod b/image/go.mod index b268b2aa8d..b18b6480e9 100644 --- a/image/go.mod +++ b/image/go.mod @@ -87,7 +87,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/sergi/go-diff v1.4.0 // indirect github.com/sigstore/protobuf-specs v0.5.1 // indirect - github.com/smallstep/pkcs7 v0.1.1 // indirect + github.com/smallstep/pkcs7 v0.2.1 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect github.com/tchap/go-patricia/v2 v2.3.3 // indirect github.com/vbatts/tar-split v0.12.3 // indirect diff --git a/image/go.sum b/image/go.sum index c84319a413..a8fdae3e68 100644 --- a/image/go.sum +++ b/image/go.sum @@ -169,8 +169,8 @@ github.com/sigstore/sigstore v1.10.6 h1:YWhMQfTrJSK80QB1pbxjYeAwGKx+5UwWPPAY9hrP github.com/sigstore/sigstore v1.10.6/go.mod h1:k/mcVVXw3I87dYG/iCVTSW2xTrW7vPzxxGic4KqsqXs= github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w= github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g= -github.com/smallstep/pkcs7 v0.1.1 h1:x+rPdt2W088V9Vkjho4KtoggyktZJlMduZAtRHm68LU= -github.com/smallstep/pkcs7 v0.1.1/go.mod h1:dL6j5AIz9GHjVEBTXtW+QliALcgM19RtXaTeyxI+AfA= +github.com/smallstep/pkcs7 v0.2.1 h1:6Kfzr/QizdIuB6LSv8y1LJdZ3aPSfTNhTLqAx9CTLfA= +github.com/smallstep/pkcs7 v0.2.1/go.mod h1:RcXHsMfL+BzH8tRhmrF1NkkpebKpq3JEM66cOFxanf0= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 h1:pnnLyeX7o/5aX8qUQ69P/mLojDqwda8hFOCBTmP/6hw= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -222,7 +222,7 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= -golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI= golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -248,7 +248,7 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -264,7 +264,7 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ= golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= @@ -275,7 +275,7 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4= golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -286,7 +286,7 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/vendor/github.com/smallstep/pkcs7/pkcs7.go b/vendor/github.com/smallstep/pkcs7/pkcs7.go index f6c6dfbbb5..dd5b18380a 100644 --- a/vendor/github.com/smallstep/pkcs7/pkcs7.go +++ b/vendor/github.com/smallstep/pkcs7/pkcs7.go @@ -12,6 +12,7 @@ import ( "encoding/asn1" "errors" "fmt" + "io" "sort" "sync" @@ -26,9 +27,15 @@ type PKCS7 struct { Certificates []*x509.Certificate CRLs []pkix.CertificateList Signers []signerInfo + Hasher Hasher raw interface{} } +// Hasher is an interface defining a custom hash calculator. +type Hasher interface { + Hash(crypto.Hash, io.Reader) ([]byte, error) +} + type contentInfo struct { ContentType asn1.ObjectIdentifier Content asn1.RawValue `asn1:"explicit,optional,tag:0"` diff --git a/vendor/github.com/smallstep/pkcs7/sign.go b/vendor/github.com/smallstep/pkcs7/sign.go index 31c3654c51..74ce50d802 100644 --- a/vendor/github.com/smallstep/pkcs7/sign.go +++ b/vendor/github.com/smallstep/pkcs7/sign.go @@ -11,9 +11,54 @@ import ( "errors" "fmt" "math/big" + "sync" "time" ) +func init() { + defaultMessageDigestAlgorithm.oid = OIDDigestAlgorithmSHA1 +} + +var defaultMessageDigestAlgorithm struct { + sync.RWMutex + oid asn1.ObjectIdentifier +} + +// SetDefaultDigestAlgorithm sets the default digest algorithm +// to be used for signing operations on [SignedData]. +// +// This must be called before creating a new instance of [SignedData] +// using [NewSignedData]. +// +// When this function is not called, the default digest algorithm is SHA1. +func SetDefaultDigestAlgorithm(d asn1.ObjectIdentifier) error { + defaultMessageDigestAlgorithm.Lock() + defer defaultMessageDigestAlgorithm.Unlock() + + switch { + case d.Equal(OIDDigestAlgorithmSHA1), + d.Equal(OIDDigestAlgorithmSHA224), d.Equal(OIDDigestAlgorithmSHA256), + d.Equal(OIDDigestAlgorithmSHA384), d.Equal(OIDDigestAlgorithmSHA512), + d.Equal(OIDDigestAlgorithmDSA), d.Equal(OIDDigestAlgorithmDSASHA1), + d.Equal(OIDDigestAlgorithmECDSASHA1), d.Equal(OIDDigestAlgorithmECDSASHA256), + d.Equal(OIDDigestAlgorithmECDSASHA384), d.Equal(OIDDigestAlgorithmECDSASHA512): + break + default: + return fmt.Errorf("unsupported message digest algorithm %v", d) + } + + defaultMessageDigestAlgorithm.oid = d + + return nil +} + +func defaultMessageDigestAlgorithmOID() asn1.ObjectIdentifier { + defaultMessageDigestAlgorithm.RLock() + defer defaultMessageDigestAlgorithm.RUnlock() + + return defaultMessageDigestAlgorithm.oid +} + // SignedData is an opaque data structure for creating signed data payloads type SignedData struct { sd signedData @@ -39,7 +84,7 @@ func NewSignedData(data []byte) (*SignedData, error) { ContentInfo: ci, Version: 1, } - return &SignedData{sd: sd, data: data, digestOid: OIDDigestAlgorithmSHA1}, nil + return &SignedData{sd: sd, data: data, digestOid: defaultMessageDigestAlgorithmOID()}, nil } // SignerInfoConfig are optional values to include when adding a signer diff --git a/vendor/github.com/smallstep/pkcs7/verify.go b/vendor/github.com/smallstep/pkcs7/verify.go index 7525f918b1..f9ad34bbab 100644 --- a/vendor/github.com/smallstep/pkcs7/verify.go +++ b/vendor/github.com/smallstep/pkcs7/verify.go @@ -1,6 +1,8 @@ package pkcs7 import ( + "bytes" + "crypto" "crypto/subtle" "crypto/x509" "crypto/x509/pkix" @@ -89,9 +91,10 @@ func verifySignatureAtTime(p7 *PKCS7, signer signerInfo, truststore *x509.CertPo if err != nil { return err } - h := hash.New() - h.Write(p7.Content) - computed := h.Sum(nil) + computed, err := calculateHash(p7.Hasher, hash, p7.Content) + if err != nil { + return err + } if subtle.ConstantTimeCompare(digest, computed) != 1 { return &MessageDigestMismatchError{ ExpectedDigest: digest, @@ -145,9 +148,10 @@ func verifySignature(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool) (e if err != nil { return err } - h := hash.New() - h.Write(p7.Content) - computed := h.Sum(nil) + computed, err := calculateHash(p7.Hasher, hash, p7.Content) + if err != nil { + return err + } if subtle.ConstantTimeCompare(digest, computed) != 1 { return &MessageDigestMismatchError{ ExpectedDigest: digest, @@ -363,3 +367,19 @@ func unmarshalAttribute(attrs []attribute, attributeType asn1.ObjectIdentifier, } return errors.New("pkcs7: attribute type not in attributes") } + +func calculateHash(hasher Hasher, hashFunc crypto.Hash, content []byte) (computed []byte, err error) { + if hasher != nil { + computed, err = hasher.Hash(hashFunc, bytes.NewReader(content)) + } else { + if !hashFunc.Available() { + return nil, fmt.Errorf("hash function %v not available", hashFunc) + } + + h := hashFunc.New() + _, _ = h.Write(content) + computed = h.Sum(nil) + } + + return +} diff --git a/vendor/modules.txt b/vendor/modules.txt index f57451ddd8..0be3a3f723 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -412,7 +412,7 @@ github.com/sirupsen/logrus # github.com/skeema/knownhosts v1.3.2 ## explicit; go 1.24.0 github.com/skeema/knownhosts -# github.com/smallstep/pkcs7 v0.1.1 +# github.com/smallstep/pkcs7 v0.2.1 ## explicit; go 1.14 github.com/smallstep/pkcs7 github.com/smallstep/pkcs7/internal/legacy/x509 From 99eef297f809b0883173dcf9fe6234651861d928 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 22:08:29 +0200 Subject: [PATCH 14/17] Update google.golang.org/grpc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- common/go.mod | 4 +- common/go.sum | 6 +- image/go.mod | 4 +- image/go.sum | 8 +- vendor/google.golang.org/grpc/clientconn.go | 48 +++- .../grpc/experimental/stats/metrics.go | 17 ++ .../grpc/internal/envconfig/envconfig.go | 10 + .../grpc/internal/envconfig/xds.go | 10 + .../grpc/internal/mem/buffer_pool.go | 27 +- .../grpc/internal/resolver/config_selector.go | 6 + .../grpc/internal/transport/http2_client.go | 18 +- .../grpc/internal/transport/http_util.go | 54 ++-- .../transport/readyreader/raw_conn_linux.go | 39 +++ .../readyreader/raw_conn_nonlinux.go | 35 +++ .../transport/readyreader/ready_reader.go | 253 ++++++++++++++++++ .../grpc/internal/transport/transport.go | 17 ++ .../grpc/mem/buffer_slice.go | 2 +- vendor/google.golang.org/grpc/mem/buffers.go | 40 +++ vendor/google.golang.org/grpc/stream.go | 3 +- vendor/google.golang.org/grpc/version.go | 2 +- vendor/modules.txt | 7 +- 21 files changed, 550 insertions(+), 60 deletions(-) create mode 100644 vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go create mode 100644 vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go create mode 100644 vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go diff --git a/common/go.mod b/common/go.mod index 6b4c7f68d2..97e2f9adfd 100644 --- a/common/go.mod +++ b/common/go.mod @@ -126,8 +126,8 @@ require ( golang.org/x/text v0.37.0 // indirect golang.org/x/tools v0.45.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect - google.golang.org/grpc v1.80.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260519071638-aa98bba5eb94 // indirect + google.golang.org/grpc v1.81.1 // indirect google.golang.org/protobuf v1.36.11 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/common/go.sum b/common/go.sum index 14a2a76db8..94f42d1a93 100644 --- a/common/go.sum +++ b/common/go.sum @@ -367,10 +367,8 @@ gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 h1:VPWxll4HlMw1Vs/qXtN7BvhZqsS9cdAittCNvVENElA= google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 h1:m8qni9SQFH0tJc1X0vmnpw/0t+AImlSvp30sEupozUg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= -google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= -google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260519071638-aa98bba5eb94 h1:eZCjr/aAF8c5ccm5pb6T4EXgIei5MlAAPWPJk+5ArfY= +google.golang.org/grpc v1.81.1 h1:VnnIIZ88UzOOKLukQi+ImGz8O1Wdp8nAGGnvOfEIWQQ= google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/image/go.mod b/image/go.mod index b18b6480e9..0a5632a9cb 100644 --- a/image/go.mod +++ b/image/go.mod @@ -100,7 +100,7 @@ require ( golang.org/x/sys v0.44.0 // indirect golang.org/x/text v0.37.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect - google.golang.org/grpc v1.80.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260519071638-aa98bba5eb94 // indirect + google.golang.org/grpc v1.81.1 // indirect google.golang.org/protobuf v1.36.11 // indirect ) diff --git a/image/go.sum b/image/go.sum index a8fdae3e68..5498f3978f 100644 --- a/image/go.sum +++ b/image/go.sum @@ -300,10 +300,10 @@ gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 h1:VPWxll4HlMw1Vs/qXtN7BvhZqsS9cdAittCNvVENElA= google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 h1:m8qni9SQFH0tJc1X0vmnpw/0t+AImlSvp30sEupozUg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= -google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= -google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260519071638-aa98bba5eb94 h1:eZCjr/aAF8c5ccm5pb6T4EXgIei5MlAAPWPJk+5ArfY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260519071638-aa98bba5eb94/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= +google.golang.org/grpc v1.81.1 h1:VnnIIZ88UzOOKLukQi+ImGz8O1Wdp8nAGGnvOfEIWQQ= +google.golang.org/grpc v1.81.1/go.mod h1:xGH9GfzOyMTGIOXBJmXt+BX/V0kcdQbdcuwQ/zNw42I= google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index 5dec2dacc0..c4bca5203e 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -24,10 +24,12 @@ import ( "fmt" "math" "net/url" + "os" "slices" "strings" "sync" "sync/atomic" + "syscall" "time" "google.golang.org/grpc/balancer" @@ -1268,8 +1270,9 @@ type addrConn struct { channelz *channelz.SubChannel - localityLabel string - backendServiceLabel string + localityLabel string + backendServiceLabel string + disconnectErrorLabel string } // Note: this requires a lock on ac.mu. @@ -1286,9 +1289,14 @@ func (ac *addrConn) updateConnectivityState(s connectivity.State, lastErr error) // TODO: https://github.com/grpc/grpc-go/issues/7862 - Remove the second // part of the if condition below once the issue is fixed. if ac.state == connectivity.Ready || (ac.state == connectivity.Connecting && s == connectivity.Idle) { - disconnectionsMetric.Record(ac.cc.metricsRecorderList, 1, ac.cc.target, ac.backendServiceLabel, ac.localityLabel, "unknown") + disconnectError := ac.disconnectErrorLabel + if disconnectError == "" { + disconnectError = "unknown" + } + disconnectionsMetric.Record(ac.cc.metricsRecorderList, 1, ac.cc.target, ac.backendServiceLabel, ac.localityLabel, disconnectError) openConnectionsMetric.Record(ac.cc.metricsRecorderList, -1, ac.cc.target, ac.backendServiceLabel, ac.securityLevelLocked(), ac.localityLabel) } + ac.disconnectErrorLabel = "" // Reset for next time ac.state = s ac.channelz.ChannelMetrics.State.Store(&s) if lastErr == nil { @@ -1483,11 +1491,11 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, addr.ServerName = ac.cc.getServerName(addr) hctx, hcancel := context.WithCancel(ctx) - onClose := func(r transport.GoAwayReason) { + onClose := func(info transport.GoAwayInfo) { ac.mu.Lock() defer ac.mu.Unlock() // adjust params based on GoAwayReason - ac.adjustParams(r) + ac.adjustParams(info.Reason) if ctx.Err() != nil { // Already shut down or connection attempt canceled. tearDown() or // updateAddrs() already cleared the transport and canceled hctx @@ -1504,6 +1512,7 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, return } ac.transport = nil + ac.disconnectErrorLabel = disconnectErrorString(info) // Refresh the name resolver on any connection loss. ac.cc.resolveNow(resolver.ResolveNowOptions{}) // Always go idle and wait for the LB policy to initiate a new @@ -1560,6 +1569,32 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, return nil } +// disconnectErrorString returns the grpc.disconnect_error metric label corresponding +// to the provided transport.GoAwayInfo, as specified by gRFC A94: +// https://github.com/grpc/proposal/blob/master/A94-grpc-subchannel-disconnections-metrics.md +func disconnectErrorString(info transport.GoAwayInfo) string { + err := info.Err + var sysErr syscall.Errno + switch { + case info.Reason != transport.GoAwayInvalid: + return fmt.Sprintf("GOAWAY %s", info.GoAwayCode.String()) + case err == nil: + return "unknown" + case errors.Is(err, context.Canceled): + return "subchannel shutdown" + case errors.Is(err, syscall.ECONNRESET): + return "connection reset" + case errors.Is(err, syscall.ETIMEDOUT), errors.Is(err, context.DeadlineExceeded), errors.Is(err, os.ErrDeadlineExceeded): + return "connection timed out" + case errors.Is(err, syscall.ECONNABORTED): + return "connection aborted" + case errors.As(err, &sysErr): + return "socket error" + default: + return "unknown" + } +} + // startHealthCheck starts the health checking stream (RPC) to watch the health // stats of this connection if health checking is requested and configured. // @@ -1663,6 +1698,9 @@ func (ac *addrConn) tearDown(err error) { } curTr := ac.transport ac.transport = nil + if ac.disconnectErrorLabel == "" { + ac.disconnectErrorLabel = "subchannel shutdown" + } // We have to set the state to Shutdown before anything else to prevent races // between setting the state and logic that waits on context cancellation / etc. ac.updateConnectivityState(connectivity.Shutdown, nil) diff --git a/vendor/google.golang.org/grpc/experimental/stats/metrics.go b/vendor/google.golang.org/grpc/experimental/stats/metrics.go index 88742724a4..8732e53bde 100644 --- a/vendor/google.golang.org/grpc/experimental/stats/metrics.go +++ b/vendor/google.golang.org/grpc/experimental/stats/metrics.go @@ -20,10 +20,27 @@ package stats import ( + "context" + "google.golang.org/grpc/internal" "google.golang.org/grpc/stats" ) +type customLabelKey struct{} + +// NewContextWithCustomLabel returns a new context with the provided custom label +// attached. The label will be propagated to all metric instruments specified in gRFC A108. +func NewContextWithCustomLabel(ctx context.Context, label string) context.Context { + return context.WithValue(ctx, customLabelKey{}, label) +} + +// CustomLabelFromContext returns the custom label from the context if it exists. +// If the custom label is not present, it returns an empty string. +func CustomLabelFromContext(ctx context.Context) string { + label, _ := ctx.Value(customLabelKey{}).(string) + return label +} + // MetricsRecorder records on metrics derived from metric registry. // Implementors must embed UnimplementedMetricsRecorder. type MetricsRecorder interface { diff --git a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go index 3ae45faa40..8ca87a57a2 100644 --- a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go +++ b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go @@ -126,6 +126,16 @@ var ( // enabled by setting the env variable // GRPC_EXPERIMENTAL_ENABLE_PRIORITY_LB_CHILD_POLICY_CACHE to true. EnablePriorityLBChildPolicyCache = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_PRIORITY_LB_CHILD_POLICY_CACHE", false) + + // EnableHTTPFramerReadBufferPooling enables the use of the + // readyreader.Reader interface to perform non-memory-pinning reads, + // provided the underlying net.Conn supports it. This reduces memory usage + // when subchannels are idle. + // + // This environment variable serves as an escape hatch to disable the + // feature if unforeseen issues arise, and it will be removed in a future + // release. + EnableHTTPFramerReadBufferPooling = boolFromEnv("GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING", true) ) func boolFromEnv(envVar string, def bool) bool { diff --git a/vendor/google.golang.org/grpc/internal/envconfig/xds.go b/vendor/google.golang.org/grpc/internal/envconfig/xds.go index 7685d08b54..333d8a0b06 100644 --- a/vendor/google.golang.org/grpc/internal/envconfig/xds.go +++ b/vendor/google.golang.org/grpc/internal/envconfig/xds.go @@ -79,4 +79,14 @@ var ( // xDS bootstrap configuration via the `call_creds` field. For more details, // see: https://github.com/grpc/proposal/blob/master/A97-xds-jwt-call-creds.md XDSBootstrapCallCredsEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_BOOTSTRAP_CALL_CREDS", false) + + // XDSSNIEnabled controls if gRPC should send SNI information in xDS + // configured TLS handshakes. For more details, see: + // https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md + XDSSNIEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_SNI", false) + + // XDSORCAToLRSPropEnabled controls whether ORCA metrics are explicitly + // filtered and prefix-propagated to the LRS server. For more details, see: + // https://github.com/grpc/proposal/blob/master/A85-lrs-custom-metrics-changes.md + XDSORCAToLRSPropEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION", false) ) diff --git a/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go b/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go index c2348a82ef..2d83b2eced 100644 --- a/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go +++ b/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go @@ -73,7 +73,7 @@ type BinaryTieredBufferPool struct { func NewBinaryTieredBufferPool(powerOfTwoExponents ...uint8) (*BinaryTieredBufferPool, error) { return newBinaryTiered(func(size int) bufferPool { return newSizedBufferPool(size, true) - }, &simpleBufferPool{shouldZero: true}, powerOfTwoExponents...) + }, &SimpleBufferPool{shouldZero: true}, powerOfTwoExponents...) } // NewDirtyBinaryTieredBufferPool returns a BufferPool backed by multiple @@ -82,7 +82,7 @@ func NewBinaryTieredBufferPool(powerOfTwoExponents ...uint8) (*BinaryTieredBuffe func NewDirtyBinaryTieredBufferPool(powerOfTwoExponents ...uint8) (*BinaryTieredBufferPool, error) { return newBinaryTiered(func(size int) bufferPool { return newSizedBufferPool(size, false) - }, &simpleBufferPool{shouldZero: false}, powerOfTwoExponents...) + }, NewDirtySimplePool(), powerOfTwoExponents...) } func newBinaryTiered(sizedPoolFactory func(int) bufferPool, fallbackPool bufferPool, powerOfTwoExponents ...uint8) (*BinaryTieredBufferPool, error) { @@ -258,7 +258,7 @@ func newSizedBufferPool(size int, zero bool) *sizedBufferPool { // buffer pools for different sizes of buffers. type TieredBufferPool struct { sizedPools []*sizedBufferPool - fallbackPool simpleBufferPool + fallbackPool SimpleBufferPool } // NewTieredBufferPool returns a BufferPool implementation that uses multiple @@ -271,7 +271,7 @@ func NewTieredBufferPool(poolSizes ...int) *TieredBufferPool { } return &TieredBufferPool{ sizedPools: pools, - fallbackPool: simpleBufferPool{shouldZero: true}, + fallbackPool: SimpleBufferPool{shouldZero: true}, } } @@ -297,16 +297,26 @@ func (p *TieredBufferPool) getPool(size int) bufferPool { return p.sizedPools[poolIdx] } -// simpleBufferPool is an implementation of the BufferPool interface that +// SimpleBufferPool is an implementation of the mem.BufferPool interface that // attempts to pool buffers with a sync.Pool. When Get is invoked, it tries to // acquire a buffer from the pool but if that buffer is too small, it returns it // to the pool and creates a new one. -type simpleBufferPool struct { +type SimpleBufferPool struct { pool sync.Pool shouldZero bool } -func (p *simpleBufferPool) Get(size int) *[]byte { +// NewDirtySimplePool constructs a [SimpleBufferPool]. It does not initialize +// the buffers before returning them. Callers must ensure they don't read the +// buffers before writing data to them. +func NewDirtySimplePool() *SimpleBufferPool { + return &SimpleBufferPool{ + shouldZero: false, + } +} + +// Get returns a buffer with specified length from the pool. +func (p *SimpleBufferPool) Get(size int) *[]byte { bs, ok := p.pool.Get().(*[]byte) if ok && cap(*bs) >= size { if p.shouldZero { @@ -333,6 +343,7 @@ func (p *simpleBufferPool) Get(size int) *[]byte { return &b } -func (p *simpleBufferPool) Put(buf *[]byte) { +// Put returns a buffer to the pool. +func (p *SimpleBufferPool) Put(buf *[]byte) { p.pool.Put(buf) } diff --git a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go index f0603871c9..3db62ccad2 100644 --- a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go +++ b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go @@ -115,6 +115,9 @@ type ClientInterceptor interface { // ClientStream after done is called, since the interceptor is invoked by // application-layer operations. done must never be nil when called. NewStream(ctx context.Context, ri RPCInfo, done func(), newStream func(ctx context.Context, done func()) (ClientStream, error)) (ClientStream, error) + // Close closes the interceptor. Once called, no new calls to NewStream are + // accepted. Ongoing calls to NewStream are allowed to complete. + Close() } // ServerInterceptor is an interceptor for incoming RPC's on gRPC server side. @@ -123,6 +126,9 @@ type ServerInterceptor interface { // information about connection RPC was received on, and HTTP Headers. This // information will be piped into context. AllowRPC(ctx context.Context) error // TODO: Make this a real interceptor for filters such as rate limiting. + // Close closes the interceptor. Once called, no new calls to NewStream are + // accepted. Ongoing calls to NewStream are allowed to complete. + Close() } type csKeyType string diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go index c943503f35..d6bc6a6cc7 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go @@ -134,6 +134,8 @@ type http2Client struct { // goAwayDebugMessage contains a detailed human readable string about a // GoAway frame, useful for error messages. goAwayDebugMessage string + // goAwayCode records the http2.ErrCode received with the GoAway frame. + goAwayCode http2.ErrCode // A condition variable used to signal when the keepalive goroutine should // go dormant. The condition for dormancy is based on the number of active // streams and the `PermitWithoutStream` keepalive client parameter. And @@ -147,7 +149,7 @@ type http2Client struct { channelz *channelz.Socket - onClose func(GoAwayReason) + onClose OnCloseFunc bufferPool mem.BufferPool @@ -204,7 +206,7 @@ func isTemporary(err error) bool { // NewHTTP2Client constructs a connected ClientTransport to addr based on HTTP2 // and starts to receive messages on it. Non-nil error returns if construction // fails. -func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts ConnectOptions, onClose func(GoAwayReason)) (_ ClientTransport, err error) { +func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts ConnectOptions, onClose OnCloseFunc) (_ ClientTransport, err error) { scheme := "http" ctx, cancel := context.WithCancel(ctx) defer func() { @@ -1015,7 +1017,7 @@ func (t *http2Client) Close(err error) { // Call t.onClose ASAP to prevent the client from attempting to create new // streams. if t.state != draining { - t.onClose(GoAwayInvalid) + t.onClose(GoAwayInfo{Reason: GoAwayInvalid, GoAwayCode: http2.ErrCodeNo, Err: err}) } t.state = closing streams := t.activeStreams @@ -1086,7 +1088,7 @@ func (t *http2Client) GracefulClose() { if t.logger.V(logLevel) { t.logger.Infof("GracefulClose called") } - t.onClose(GoAwayInvalid) + t.onClose(GoAwayInfo{Reason: GoAwayInvalid, GoAwayCode: http2.ErrCodeNo}) t.state = draining active := len(t.activeStreams) t.mu.Unlock() @@ -1236,7 +1238,10 @@ func (t *http2Client) handleData(f *parsedDataFrame) { // The server has closed the stream without sending trailers. Record that // the read direction is closed, and set the status appropriately. if f.StreamEnded() { - t.closeStream(s, io.EOF, false, http2.ErrCodeNo, status.New(codes.Internal, "server closed the stream without sending trailers"), nil, true) + // If client received END_STREAM from server while stream was still + // active, send RST_STREAM. + rstStream := s.getState() == streamActive + t.closeStream(s, io.EOF, rstStream, http2.ErrCodeNo, status.New(codes.Internal, "server closed the stream without sending trailers"), nil, true) } } @@ -1372,7 +1377,7 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) error { // draining, to allow the client to stop attempting to create streams // before disallowing new streams on this connection. if t.state != draining { - t.onClose(t.goAwayReason) + t.onClose(GoAwayInfo{Reason: t.goAwayReason, GoAwayCode: t.goAwayCode}) t.state = draining } } @@ -1422,6 +1427,7 @@ func (t *http2Client) setGoAwayReason(f *http2.GoAwayFrame) { } else { t.goAwayDebugMessage = fmt.Sprintf("code: %s, debug data: %q", f.ErrCode, string(f.DebugData())) } + t.goAwayCode = f.ErrCode } func (t *http2Client) GetGoAwayReason() (GoAwayReason, string) { diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go index 5bbb641ad9..c34975ffef 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http_util.go +++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go @@ -36,6 +36,9 @@ import ( "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" "google.golang.org/grpc/codes" + "google.golang.org/grpc/internal/envconfig" + imem "google.golang.org/grpc/internal/mem" + "google.golang.org/grpc/internal/transport/readyreader" "google.golang.org/grpc/mem" ) @@ -296,7 +299,7 @@ func decodeGrpcMessageUnchecked(msg string) string { } type bufWriter struct { - pool *sync.Pool + pool *imem.SimpleBufferPool buf []byte offset int batchSize int @@ -304,7 +307,7 @@ type bufWriter struct { err error } -func newBufWriter(conn io.Writer, batchSize int, pool *sync.Pool) *bufWriter { +func newBufWriter(conn io.Writer, batchSize int, pool *imem.SimpleBufferPool) *bufWriter { w := &bufWriter{ batchSize: batchSize, conn: conn, @@ -326,7 +329,7 @@ func (w *bufWriter) Write(b []byte) (int, error) { return n, toIOError(err) } if w.buf == nil { - b := w.pool.Get().(*[]byte) + b := w.pool.Get(w.batchSize) w.buf = *b } written := 0 @@ -407,22 +410,32 @@ type framer struct { errDetail error } -var writeBufferPoolMap = make(map[int]*sync.Pool) -var writeBufferMutex sync.Mutex +var ioBufferPoolMap = make(map[int]*imem.SimpleBufferPool) +var ioBufferMutex sync.Mutex + +func bufferedReader(r io.Reader, bufSize int) io.Reader { + if bufSize <= 0 { + return r + } + if envconfig.EnableHTTPFramerReadBufferPooling { + if rr := readyreader.NewNonBlocking(r); rr != nil { + readPool := ioBufferPool(bufSize) + return readyreader.NewBuffered(rr, bufSize, readPool) + } + } + return bufio.NewReaderSize(r, bufSize) +} func newFramer(conn io.ReadWriter, writeBufferSize, readBufferSize int, sharedWriteBuffer bool, maxHeaderListSize uint32, memPool mem.BufferPool) *framer { if writeBufferSize < 0 { writeBufferSize = 0 } - var r io.Reader = conn - if readBufferSize > 0 { - r = bufio.NewReaderSize(r, readBufferSize) - } - var pool *sync.Pool + r := bufferedReader(conn, readBufferSize) + var writePool *imem.SimpleBufferPool if sharedWriteBuffer { - pool = getWriteBufferPool(writeBufferSize) + writePool = ioBufferPool(writeBufferSize) } - w := newBufWriter(conn, writeBufferSize, pool) + w := newBufWriter(conn, writeBufferSize, writePool) f := &framer{ writer: w, fr: http2.NewFramer(w, r), @@ -578,20 +591,15 @@ func (df *parsedDataFrame) Header() http2.FrameHeader { return df.FrameHeader } -func getWriteBufferPool(size int) *sync.Pool { - writeBufferMutex.Lock() - defer writeBufferMutex.Unlock() - pool, ok := writeBufferPoolMap[size] +func ioBufferPool(size int) *imem.SimpleBufferPool { + ioBufferMutex.Lock() + defer ioBufferMutex.Unlock() + pool, ok := ioBufferPoolMap[size] if ok { return pool } - pool = &sync.Pool{ - New: func() any { - b := make([]byte, size) - return &b - }, - } - writeBufferPoolMap[size] = pool + pool = imem.NewDirtySimplePool() + ioBufferPoolMap[size] = pool return pool } diff --git a/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go new file mode 100644 index 0000000000..56906c35b3 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go @@ -0,0 +1,39 @@ +/* + * + * Copyright 2026 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package readyreader + +import "syscall" + +func isRawConnSupported() bool { + return true +} + +// sysRead uses the standard syscall package rather than the modern unix package +// to avoid triggering the race detector. Because both packages perform sync +// operations on a local variable to satisfy the race detector, mixing them +// for read and write syscalls causes data races. We use syscall here to remain +// consistent with net.Conn implementations in standard library. +func sysRead(fd uintptr, p []byte) (int, error) { + return syscall.Read(int(fd), p) +} + +// wouldBlock checks standard Unix non-blocking errors. +func wouldBlock(err error) bool { + return err == syscall.EAGAIN || err == syscall.EWOULDBLOCK +} diff --git a/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go new file mode 100644 index 0000000000..4d1f330060 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go @@ -0,0 +1,35 @@ +//go:build !linux + +/* + * + * Copyright 2026 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package readyreader + +func isRawConnSupported() bool { + return false +} + +// sysRead is not implemented. Support can be added in the future if necessary. +func sysRead(uintptr, []byte) (int, error) { + panic("RawConn functionality is not implemented for non-unix platforms.") +} + +// wouldBlock is not implemented. Support can be added in the future if necessary. +func wouldBlock(error) bool { + panic("RawConn functionality is not implemented for non-unix platforms.") +} diff --git a/vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go b/vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go new file mode 100644 index 0000000000..250a300c73 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go @@ -0,0 +1,253 @@ +/* + * + * Copyright 2026 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Package readyreader provides utilities to perform non-memory-pinning reads. +package readyreader + +import ( + "io" + "net" + "syscall" + + "google.golang.org/grpc/mem" +) + +// Reader is an optional interface that can be implemented by [net.Conn] +// implementations to enable gRPC to perform non-memory-pinning reads. +type Reader interface { + // ReadOnReady waits for data to arrive, fetches a buffer, and performs a + // read. When the underlying IO is readable, it allocates a buffer of size + // bufSize from the pool and reads up to bufSize bytes into the buffer. + // + // It returns a pointer to the buffer so it can be returned to the pool + // later, the number of bytes read, and an error. + // + // Callers should always process the n > 0 bytes returned before considering + // the error. Doing so correctly handles I/O errors that happen after + // reading some bytes, as well as both of the allowed EOF behaviors. + ReadOnReady(bufSize int, pool mem.BufferPool) (b *[]byte, n int, err error) +} + +// nonBlockingReader is optimized for non-memory-pinning reads using the RawConn +// interface. +type nonBlockingReader struct { + raw syscall.RawConn + // The following fields are stored as field to avoid heap allocations. + state readState + doRead func(fd uintptr) bool +} + +type readState struct { + // Request params. + bufSize int + pool mem.BufferPool + + // Response params. + readError error + bytesRead int + buf *[]byte +} + +// NewNonBlocking returns a ReadyReader if the passed reader supports +// non-memory-pinning reads, else nil. +func NewNonBlocking(r io.Reader) Reader { + if rr, ok := r.(Reader); ok { + return rr + } + if !isRawConnSupported() { + return nil + } + // We restrict the types before asserting syscall.Conn. The credentials + // package may return a wrapper that implements syscall.Conn by embedding + // both the raw connection and the encrypted connection. If the code + // attempts to read directly from the raw syscall.RawConn, it would read + // encrypted data. + switch r.(type) { + case *net.TCPConn, *net.UDPConn, *net.UnixConn, *net.IPConn: + default: + return nil + } + sysConn, ok := r.(syscall.Conn) + if !ok { + return nil + } + raw, err := sysConn.SyscallConn() + if err != nil { + return nil + } + rr := &nonBlockingReader{raw: raw} + rr.doRead = func(fd uintptr) bool { + s := &rr.state + + s.buf = s.pool.Get(s.bufSize) + s.bytesRead, s.readError = sysRead(fd, *s.buf) + + if s.readError != nil { + s.pool.Put(s.buf) + s.buf = nil + } + return !wouldBlock(s.readError) + } + return rr +} + +func (c *nonBlockingReader) ReadOnReady(bufSize int, pool mem.BufferPool) (*[]byte, int, error) { + c.state = readState{ + pool: pool, + bufSize: bufSize, + } + err := c.raw.Read(c.doRead) + + buf := c.state.buf + n := c.state.bytesRead + readErr := c.state.readError + c.state = readState{} + + if err != nil { + if buf != nil { + pool.Put(buf) + } + return nil, 0, err + } + if readErr != nil { + // buffer is already released in the callback. + return nil, 0, readErr + } + if n == 0 { + // syscall.Read doesn't consider a graceful socket closure to be an + // error condition, but Go's io.Reader expects an EOF error. + pool.Put(buf) + return nil, 0, io.EOF + } + return buf, n, nil +} + +type blockingReader struct { + reader io.Reader +} + +func (c *blockingReader) ReadOnReady(bufSize int, pool mem.BufferPool) (*[]byte, int, error) { + buf := pool.Get(bufSize) + n, err := c.reader.Read(*buf) + if err != nil { + pool.Put(buf) + return nil, 0, err + } + return buf, n, nil +} + +// New detects if [syscall.RawConn] is available for non-memory-pinning reads. +// If [syscall.RawConn] is unavailable, it falls back to using the simpler +// [io.Reader] interface for reads. +func New(r io.Reader) Reader { + if r := NewNonBlocking(r); r != nil { + return r + } + return &blockingReader{reader: r} +} + +// bufReadyReader implements buffering for a ReadyReader object. +// A new bufReadyReader is created by calling [NewBuffered]. +type bufReadyReader struct { + buf *[]byte + pool mem.BufferPool + bufSize int + rd Reader // reader provided by the caller + r, w int // buf read and write positions + err error + constPool constBufferPool // stored as a field to avoid heap allocations. +} + +// NewBuffered returns a new [io.Reader] with a buffer of the specified size +// which is allocated from the provided pool. +func NewBuffered(rd Reader, size int, pool mem.BufferPool) io.Reader { + return &bufReadyReader{ + rd: rd, + pool: pool, + bufSize: size, + } +} + +func (b *bufReadyReader) readErr() error { + err := b.err + b.err = nil + return err +} + +func (b *bufReadyReader) buffered() int { return b.w - b.r } + +// Read reads data into p. It returns the number of bytes read into p. The +// bytes are taken from at most one Read on the underlying [ReadyReader], +// hence n may be less than len(p). If the underlying [ReadyReader] can return +// a non-zero count with io.EOF, then this Read method can do so as well; see +// the [io.Reader] docs. +func (b *bufReadyReader) Read(p []byte) (n int, err error) { + n = len(p) + if n == 0 { + if b.buffered() > 0 { + return 0, nil + } + return 0, b.readErr() + } + if b.r == b.w { + if b.err != nil { + return 0, b.readErr() + } + if len(p) >= b.bufSize { + // Large read, empty buffer. + // Read directly into p to avoid copy. + b.constPool.buffer = p + _, n, b.err = b.rd.ReadOnReady(len(p), &b.constPool) + return n, b.readErr() + } + // One read. + b.r = 0 + b.w = 0 + b.buf, n, b.err = b.rd.ReadOnReady(b.bufSize, b.pool) + if n == 0 { + if b.buf != nil { + b.pool.Put(b.buf) + b.buf = nil + } + return 0, b.readErr() + } + b.w += n + } + + // copy as much as we can + // b.buf must be non-nil since b.r != b.w. + buf := *b.buf + n = copy(p, buf[b.r:b.w]) + b.r += n + if b.r == b.w { + // Consumed entire buffer, release it. + b.pool.Put(b.buf) + b.buf = nil + } + return n, nil +} + +type constBufferPool struct { + buffer []byte +} + +func (p *constBufferPool) Get(int) *[]byte { + return &p.buffer +} + +func (p *constBufferPool) Put(*[]byte) {} diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go index b86094da94..1e224576e8 100644 --- a/vendor/google.golang.org/grpc/internal/transport/transport.go +++ b/vendor/google.golang.org/grpc/internal/transport/transport.go @@ -31,6 +31,7 @@ import ( "sync/atomic" "time" + "golang.org/x/net/http2" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" "google.golang.org/grpc/internal/channelz" @@ -742,6 +743,22 @@ const ( GoAwayTooManyPings GoAwayReason = 2 ) +// GoAwayInfo contains metadata about why a connection was closed. +type GoAwayInfo struct { + // Reason is the parsed reason for an HTTP/2 GOAWAY frame. + Reason GoAwayReason + // GoAwayCode is the raw HTTP/2 error code received in a GOAWAY frame. + GoAwayCode http2.ErrCode + // Err is the underlying error that caused the connection to close. It is + // populated if the connection was closed due to a socket error or context + // cancellation without receiving a GOAWAY frame. If the connection was + // closed due to a GOAWAY frame, this field will be nil. + Err error +} + +// OnCloseFunc is a callback invoked when a ClientTransport closes. +type OnCloseFunc func(GoAwayInfo) + // ContextErr converts the error from context package into a status error. func ContextErr(err error) error { switch err { diff --git a/vendor/google.golang.org/grpc/mem/buffer_slice.go b/vendor/google.golang.org/grpc/mem/buffer_slice.go index 084fb19c6d..086e9f95de 100644 --- a/vendor/google.golang.org/grpc/mem/buffer_slice.go +++ b/vendor/google.golang.org/grpc/mem/buffer_slice.go @@ -165,7 +165,7 @@ func (r *Reader) Close() error { } func (r *Reader) freeFirstBufferIfEmpty() bool { - if len(r.data) == 0 || r.bufferIdx != len(r.data[0].ReadOnlyData()) { + if len(r.data) == 0 || r.bufferIdx != r.data[0].Len() { return false } diff --git a/vendor/google.golang.org/grpc/mem/buffers.go b/vendor/google.golang.org/grpc/mem/buffers.go index db1620e6ac..2b410b16eb 100644 --- a/vendor/google.golang.org/grpc/mem/buffers.go +++ b/vendor/google.golang.org/grpc/mem/buffers.go @@ -53,6 +53,10 @@ type Buffer interface { Free() // Len returns the Buffer's size. Len() int + // Slice returns a new Buffer that is a view into this buffer's data + // from [start:end). The buffer is not modified. Panics if the buffer + // has been freed or if start/end are out of bounds. + Slice(start, end int) Buffer split(n int) (left, right Buffer) read(buf []byte) (int, Buffer) @@ -180,6 +184,32 @@ func (b *buffer) Len() int { return len(b.ReadOnlyData()) } +func (b *buffer) Slice(start, end int) Buffer { + if b.rootBuf == nil { + panic("Cannot slice freed buffer") + } + + data := b.data[start:end] // access the data to check slice bounds + + if len(data) == 0 { + return emptyBuffer{} + } + if len(data) == len(b.data) { + b.Ref() + return b + } + // We are creating a new reference (view) to a portion of the root buffer's + // data. Therefore, we must increment the reference count of the root buffer + // to ensure the underlying data is not freed while this view is still in + // use. + b.rootBuf.Ref() + s := newBuffer() + s.data = data + s.rootBuf = b.rootBuf + s.refs.Store(1) + return s +} + func (b *buffer) split(n int) (Buffer, Buffer) { if b.rootBuf == nil || b.rootBuf.refs.Add(1) <= 1 { panic("Cannot split freed buffer") @@ -240,6 +270,13 @@ func (e emptyBuffer) Len() int { return 0 } +func (e emptyBuffer) Slice(start, end int) Buffer { + if start != 0 || end != 0 { + panic(fmt.Sprintf("slice bounds out of range [%d:%d] with length 0", start, end)) + } + return e +} + func (e emptyBuffer) split(int) (left, right Buffer) { return e, e } @@ -264,6 +301,9 @@ func (s SliceBuffer) Free() {} // Len is a noop implementation of Len. func (s SliceBuffer) Len() int { return len(s) } +// Slice returns a new SliceBuffer that is a view into the receiver from [start:end). +func (s SliceBuffer) Slice(start, end int) Buffer { return s[start:end] } + func (s SliceBuffer) split(n int) (left, right Buffer) { return s[:n], s[n:] } diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go index eedb5f9b99..4aac644a83 100644 --- a/vendor/google.golang.org/grpc/stream.go +++ b/vendor/google.golang.org/grpc/stream.go @@ -21,6 +21,7 @@ package grpc import ( "context" "errors" + "fmt" "io" "math" rand "math/rand/v2" @@ -749,7 +750,7 @@ func (a *csAttempt) shouldRetry(err error) (bool, error) { return false, err } if cs.numRetries+1 >= rp.MaxAttempts { - return false, err + return false, fmt.Errorf("max retries exhausted: failed after %d attempts: %w", cs.numRetries+1, err) } var dur time.Duration diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index 12f649dcb7..3ccfe515f7 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.80.0" +const Version = "1.81.1" diff --git a/vendor/modules.txt b/vendor/modules.txt index 0be3a3f723..d9a14718f6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -626,11 +626,11 @@ golang.org/x/tools/internal/versions ## explicit; go 1.25.0 google.golang.org/genproto/googleapis/api google.golang.org/genproto/googleapis/api/annotations -# google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20260519071638-aa98bba5eb94 ## explicit; go 1.25.0 google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.80.0 -## explicit; go 1.24.0 +# google.golang.org/grpc v1.81.1 +## explicit; go 1.25.0 google.golang.org/grpc google.golang.org/grpc/attributes google.golang.org/grpc/backoff @@ -683,6 +683,7 @@ google.golang.org/grpc/internal/status google.golang.org/grpc/internal/syscall google.golang.org/grpc/internal/transport google.golang.org/grpc/internal/transport/networktype +google.golang.org/grpc/internal/transport/readyreader google.golang.org/grpc/keepalive google.golang.org/grpc/mem google.golang.org/grpc/metadata From 24f58b570ac42d247fb464ea68b47a99531a32c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 22:38:06 +0200 Subject: [PATCH 15/17] Update github.com/Masterminds/semver/v3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- common/go.mod | 2 +- common/go.sum | 6 +- .../Masterminds/semver/v3/.gitignore | 3 +- .../Masterminds/semver/v3/.golangci.yml | 55 +++++++---- .../Masterminds/semver/v3/constraints.go | 94 ++++++++++++------- .../Masterminds/semver/v3/version.go | 39 +++++++- vendor/modules.txt | 2 +- 7 files changed, 139 insertions(+), 62 deletions(-) diff --git a/common/go.mod b/common/go.mod index 97e2f9adfd..9120cd1fee 100644 --- a/common/go.mod +++ b/common/go.mod @@ -54,7 +54,7 @@ require ( cyphar.com/go-pathrs v0.2.4 // indirect dario.cat/mergo v1.0.2 // indirect github.com/BurntSushi/toml v1.6.0 // indirect - github.com/Masterminds/semver/v3 v3.4.0 // indirect + github.com/Masterminds/semver/v3 v3.5.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect diff --git a/common/go.sum b/common/go.sum index 94f42d1a93..b2f8356075 100644 --- a/common/go.sum +++ b/common/go.sum @@ -4,8 +4,8 @@ dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk= github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= -github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= -github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.5.0 h1:kQceYJfbupGfZOKZQg0kou0DgAKhzDg2NZPAwZ/2OOE= +github.com/Masterminds/semver/v3 v3.5.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= @@ -368,7 +368,9 @@ gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 h1:VPWxll4HlMw1Vs/qXtN7BvhZqsS9cdAittCNvVENElA= google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M= google.golang.org/genproto/googleapis/rpc v0.0.0-20260519071638-aa98bba5eb94 h1:eZCjr/aAF8c5ccm5pb6T4EXgIei5MlAAPWPJk+5ArfY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260519071638-aa98bba5eb94/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= google.golang.org/grpc v1.81.1 h1:VnnIIZ88UzOOKLukQi+ImGz8O1Wdp8nAGGnvOfEIWQQ= +google.golang.org/grpc v1.81.1/go.mod h1:xGH9GfzOyMTGIOXBJmXt+BX/V0kcdQbdcuwQ/zNw42I= google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/github.com/Masterminds/semver/v3/.gitignore b/vendor/github.com/Masterminds/semver/v3/.gitignore index 6b061e6174..35f0e5a3a4 100644 --- a/vendor/github.com/Masterminds/semver/v3/.gitignore +++ b/vendor/github.com/Masterminds/semver/v3/.gitignore @@ -1 +1,2 @@ -_fuzz/ \ No newline at end of file +_fuzz/ +.devcontainer/ \ No newline at end of file diff --git a/vendor/github.com/Masterminds/semver/v3/.golangci.yml b/vendor/github.com/Masterminds/semver/v3/.golangci.yml index fbc6332592..24277f3aca 100644 --- a/vendor/github.com/Masterminds/semver/v3/.golangci.yml +++ b/vendor/github.com/Masterminds/semver/v3/.golangci.yml @@ -1,27 +1,42 @@ -run: - deadline: 2m - +version: "2" linters: - disable-all: true + default: none enable: - - misspell - - govet - - staticcheck + - dupl - errcheck - - unparam + - gocyclo + - gosec + - govet - ineffassign + - misspell - nakedret - - gocyclo - - dupl - - goimports - revive - - gosec - - gosimple - - typecheck + - staticcheck + - unparam - unused - -linters-settings: - gofmt: - simplify: true - dupl: - threshold: 600 + settings: + dupl: + threshold: 600 + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + paths: + - third_party$ + - builtin$ + - examples$ +formatters: + enable: + - goimports + settings: + gofmt: + simplify: true + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ diff --git a/vendor/github.com/Masterminds/semver/v3/constraints.go b/vendor/github.com/Masterminds/semver/v3/constraints.go index 8b7a10f836..e8353bc469 100644 --- a/vendor/github.com/Masterminds/semver/v3/constraints.go +++ b/vendor/github.com/Masterminds/semver/v3/constraints.go @@ -21,21 +21,43 @@ type Constraints struct { IncludePrerelease bool } +// MaxConstraintLen is the maximum allowed length of a constraint string. +const MaxConstraintLen = 512 + +// MaxConstraintGroups is the maximum number of OR groups allowed in a +// constraint string. +const MaxConstraintGroups = 32 + +// ErrConstraintTooLong is returned when a constraint string exceeds the +// maximum allowed length. +var ErrConstraintTooLong = fmt.Errorf("constraint string is too long (max %d bytes)", MaxConstraintLen) + +// ErrTooManyConstraintGroups is returned when a constraint string contains +// too many OR groups. +var ErrTooManyConstraintGroups = fmt.Errorf("too many constraint groups (max %d)", MaxConstraintGroups) + // NewConstraint returns a Constraints instance that a Version instance can // be checked against. If there is a parse error it will be returned. func NewConstraint(c string) (*Constraints, error) { + if len(c) > MaxConstraintLen { + return nil, ErrConstraintTooLong + } + // Rewrite - ranges into a comparison operation. c = rewriteRange(c) ors := strings.Split(c, "||") + if len(ors) > MaxConstraintGroups { + return nil, ErrTooManyConstraintGroups + } lenors := len(ors) or := make([][]*constraint, lenors) hasPre := make([]bool, lenors) for k, v := range ors { // Validate the segment if !validConstraintRegex.MatchString(v) { - return nil, fmt.Errorf("improper constraint: %s", v) + return nil, fmt.Errorf("improper constraint: %q", v) } cs := findConstraintRegex.FindAllString(v, -1) @@ -104,9 +126,9 @@ func (cs Constraints) Validate(v *Version) (bool, []error) { for _, c := range o { // Before running the check handle the case there the version is // a prerelease and the check is not searching for prereleases. - if !(cs.IncludePrerelease || cs.containsPre[i]) && v.pre != "" { + if !cs.IncludePrerelease && !cs.containsPre[i] && v.pre != "" { if !prerelesase { - em := fmt.Errorf("%s is a prerelease version and the constraint is only looking for release versions", v) + em := fmt.Errorf("%q is a prerelease version and the constraint is only looking for release versions", v) e = append(e, em) prerelesase = true } @@ -258,7 +280,7 @@ func parseConstraint(c string) (*constraint, error) { if len(c) > 0 { m := constraintRegex.FindStringSubmatch(c) if m == nil { - return nil, fmt.Errorf("improper constraint: %s", c) + return nil, fmt.Errorf("improper constraint: %q", c) } cs := &constraint{ @@ -325,7 +347,7 @@ func constraintNotEqual(v *Version, c *constraint, includePre bool) (bool, error // The existence of prereleases is checked at the group level and passed in. // Exit early if the version has a prerelease but those are to be ignored. if v.Prerelease() != "" && !includePre { - return false, fmt.Errorf("%s is a prerelease version and the constraint is only looking for release versions", v) + return false, fmt.Errorf("%q is a prerelease version and the constraint is only looking for release versions", v) } if c.dirty { @@ -335,7 +357,7 @@ func constraintNotEqual(v *Version, c *constraint, includePre bool) (bool, error if c.con.Minor() != v.Minor() && !c.minorDirty { return true, nil } else if c.minorDirty { - return false, fmt.Errorf("%s is equal to %s", v, c.orig) + return false, fmt.Errorf("%q is equal to %q", v, c.orig) } else if c.con.Patch() != v.Patch() && !c.patchDirty { return true, nil } else if c.patchDirty { @@ -345,15 +367,15 @@ func constraintNotEqual(v *Version, c *constraint, includePre bool) (bool, error if eq { return true, nil } - return false, fmt.Errorf("%s is equal to %s", v, c.orig) + return false, fmt.Errorf("%q is equal to %q", v, c.orig) } - return false, fmt.Errorf("%s is equal to %s", v, c.orig) + return false, fmt.Errorf("%q is equal to %q", v, c.orig) } } eq := v.Equal(c.con) if eq { - return false, fmt.Errorf("%s is equal to %s", v, c.orig) + return false, fmt.Errorf("%q is equal to %q", v, c.orig) } return true, nil @@ -364,7 +386,7 @@ func constraintGreaterThan(v *Version, c *constraint, includePre bool) (bool, er // The existence of prereleases is checked at the group level and passed in. // Exit early if the version has a prerelease but those are to be ignored. if v.Prerelease() != "" && !includePre { - return false, fmt.Errorf("%s is a prerelease version and the constraint is only looking for release versions", v) + return false, fmt.Errorf("%q is a prerelease version and the constraint is only looking for release versions", v) } var eq bool @@ -374,17 +396,17 @@ func constraintGreaterThan(v *Version, c *constraint, includePre bool) (bool, er if eq { return true, nil } - return false, fmt.Errorf("%s is less than or equal to %s", v, c.orig) + return false, fmt.Errorf("%q is less than or equal to %q", v, c.orig) } if v.Major() > c.con.Major() { return true, nil } else if v.Major() < c.con.Major() { - return false, fmt.Errorf("%s is less than or equal to %s", v, c.orig) + return false, fmt.Errorf("%q is less than or equal to %q", v, c.orig) } else if c.minorDirty { // This is a range case such as >11. When the version is something like // 11.1.0 is it not > 11. For that we would need 12 or higher - return false, fmt.Errorf("%s is less than or equal to %s", v, c.orig) + return false, fmt.Errorf("%q is less than or equal to %q", v, c.orig) } else if c.patchDirty { // This is for ranges such as >11.1. A version of 11.1.1 is not greater // which one of 11.2.1 is greater @@ -392,7 +414,7 @@ func constraintGreaterThan(v *Version, c *constraint, includePre bool) (bool, er if eq { return true, nil } - return false, fmt.Errorf("%s is less than or equal to %s", v, c.orig) + return false, fmt.Errorf("%q is less than or equal to %q", v, c.orig) } // If we have gotten here we are not comparing pre-preleases and can use the @@ -401,21 +423,21 @@ func constraintGreaterThan(v *Version, c *constraint, includePre bool) (bool, er if eq { return true, nil } - return false, fmt.Errorf("%s is less than or equal to %s", v, c.orig) + return false, fmt.Errorf("%q is less than or equal to %q", v, c.orig) } func constraintLessThan(v *Version, c *constraint, includePre bool) (bool, error) { // The existence of prereleases is checked at the group level and passed in. // Exit early if the version has a prerelease but those are to be ignored. if v.Prerelease() != "" && !includePre { - return false, fmt.Errorf("%s is a prerelease version and the constraint is only looking for release versions", v) + return false, fmt.Errorf("%q is a prerelease version and the constraint is only looking for release versions", v) } eq := v.Compare(c.con) < 0 if eq { return true, nil } - return false, fmt.Errorf("%s is greater than or equal to %s", v, c.orig) + return false, fmt.Errorf("%q is greater than or equal to %q", v, c.orig) } func constraintGreaterThanEqual(v *Version, c *constraint, includePre bool) (bool, error) { @@ -423,21 +445,21 @@ func constraintGreaterThanEqual(v *Version, c *constraint, includePre bool) (boo // The existence of prereleases is checked at the group level and passed in. // Exit early if the version has a prerelease but those are to be ignored. if v.Prerelease() != "" && !includePre { - return false, fmt.Errorf("%s is a prerelease version and the constraint is only looking for release versions", v) + return false, fmt.Errorf("%q is a prerelease version and the constraint is only looking for release versions", v) } eq := v.Compare(c.con) >= 0 if eq { return true, nil } - return false, fmt.Errorf("%s is less than %s", v, c.orig) + return false, fmt.Errorf("%q is less than %q", v, c.orig) } func constraintLessThanEqual(v *Version, c *constraint, includePre bool) (bool, error) { // The existence of prereleases is checked at the group level and passed in. // Exit early if the version has a prerelease but those are to be ignored. if v.Prerelease() != "" && !includePre { - return false, fmt.Errorf("%s is a prerelease version and the constraint is only looking for release versions", v) + return false, fmt.Errorf("%q is a prerelease version and the constraint is only looking for release versions", v) } var eq bool @@ -447,13 +469,13 @@ func constraintLessThanEqual(v *Version, c *constraint, includePre bool) (bool, if eq { return true, nil } - return false, fmt.Errorf("%s is greater than %s", v, c.orig) + return false, fmt.Errorf("%q is greater than %q", v, c.orig) } if v.Major() > c.con.Major() { - return false, fmt.Errorf("%s is greater than %s", v, c.orig) + return false, fmt.Errorf("%q is greater than %q", v, c.orig) } else if v.Major() == c.con.Major() && v.Minor() > c.con.Minor() && !c.minorDirty { - return false, fmt.Errorf("%s is greater than %s", v, c.orig) + return false, fmt.Errorf("%q is greater than %q", v, c.orig) } return true, nil @@ -469,11 +491,11 @@ func constraintTilde(v *Version, c *constraint, includePre bool) (bool, error) { // The existence of prereleases is checked at the group level and passed in. // Exit early if the version has a prerelease but those are to be ignored. if v.Prerelease() != "" && !includePre { - return false, fmt.Errorf("%s is a prerelease version and the constraint is only looking for release versions", v) + return false, fmt.Errorf("%q is a prerelease version and the constraint is only looking for release versions", v) } if v.LessThan(c.con) { - return false, fmt.Errorf("%s is less than %s", v, c.orig) + return false, fmt.Errorf("%q is less than %q", v, c.orig) } // ~0.0.0 is a special case where all constraints are accepted. It's @@ -484,11 +506,11 @@ func constraintTilde(v *Version, c *constraint, includePre bool) (bool, error) { } if v.Major() != c.con.Major() { - return false, fmt.Errorf("%s does not have same major version as %s", v, c.orig) + return false, fmt.Errorf("%q does not have same major version as %q", v, c.orig) } if v.Minor() != c.con.Minor() && !c.minorDirty { - return false, fmt.Errorf("%s does not have same major and minor version as %s", v, c.orig) + return false, fmt.Errorf("%q does not have same major and minor version as %q", v, c.orig) } return true, nil @@ -500,7 +522,7 @@ func constraintTildeOrEqual(v *Version, c *constraint, includePre bool) (bool, e // The existence of prereleases is checked at the group level and passed in. // Exit early if the version has a prerelease but those are to be ignored. if v.Prerelease() != "" && !includePre { - return false, fmt.Errorf("%s is a prerelease version and the constraint is only looking for release versions", v) + return false, fmt.Errorf("%q is a prerelease version and the constraint is only looking for release versions", v) } if c.dirty { @@ -512,7 +534,7 @@ func constraintTildeOrEqual(v *Version, c *constraint, includePre bool) (bool, e return true, nil } - return false, fmt.Errorf("%s is not equal to %s", v, c.orig) + return false, fmt.Errorf("%q is not equal to %q", v, c.orig) } // ^* --> (any) @@ -528,12 +550,12 @@ func constraintCaret(v *Version, c *constraint, includePre bool) (bool, error) { // The existence of prereleases is checked at the group level and passed in. // Exit early if the version has a prerelease but those are to be ignored. if v.Prerelease() != "" && !includePre { - return false, fmt.Errorf("%s is a prerelease version and the constraint is only looking for release versions", v) + return false, fmt.Errorf("%q is a prerelease version and the constraint is only looking for release versions", v) } // This less than handles prereleases if v.LessThan(c.con) { - return false, fmt.Errorf("%s is less than %s", v, c.orig) + return false, fmt.Errorf("%q is less than %q", v, c.orig) } var eq bool @@ -548,12 +570,12 @@ func constraintCaret(v *Version, c *constraint, includePre bool) (bool, error) { if eq { return true, nil } - return false, fmt.Errorf("%s does not have same major version as %s", v, c.orig) + return false, fmt.Errorf("%q does not have same major version as %q", v, c.orig) } // ^ when the major is 0 and minor > 0 is >=0.y.z < 0.y+1 if c.con.Major() == 0 && v.Major() > 0 { - return false, fmt.Errorf("%s does not have same major version as %s", v, c.orig) + return false, fmt.Errorf("%q does not have same major version as %q", v, c.orig) } // If the con Minor is > 0 it is not dirty if c.con.Minor() > 0 || c.patchDirty { @@ -561,11 +583,11 @@ func constraintCaret(v *Version, c *constraint, includePre bool) (bool, error) { if eq { return true, nil } - return false, fmt.Errorf("%s does not have same minor version as %s. Expected minor versions to match when constraint major version is 0", v, c.orig) + return false, fmt.Errorf("%q does not have same minor version as %q. Expected minor versions to match when constraint major version is 0", v, c.orig) } // ^ when the minor is 0 and minor > 0 is =0.0.z if c.con.Minor() == 0 && v.Minor() > 0 { - return false, fmt.Errorf("%s does not have same minor version as %s", v, c.orig) + return false, fmt.Errorf("%q does not have same minor version as %q", v, c.orig) } // At this point the major is 0 and the minor is 0 and not dirty. The patch @@ -574,7 +596,7 @@ func constraintCaret(v *Version, c *constraint, includePre bool) (bool, error) { if eq { return true, nil } - return false, fmt.Errorf("%s does not equal %s. Expect version and constraint to equal when major and minor versions are 0", v, c.orig) + return false, fmt.Errorf("%q does not equal %q. Expect version and constraint to equal when major and minor versions are 0", v, c.orig) } func isX(x string) bool { diff --git a/vendor/github.com/Masterminds/semver/v3/version.go b/vendor/github.com/Masterminds/semver/v3/version.go index 7a3ba73887..da428760ce 100644 --- a/vendor/github.com/Masterminds/semver/v3/version.go +++ b/vendor/github.com/Masterminds/semver/v3/version.go @@ -6,6 +6,7 @@ import ( "encoding/json" "errors" "fmt" + "math" "regexp" "strconv" "strings" @@ -48,8 +49,16 @@ var ( // ErrInvalidPrerelease is returned when the pre-release is an invalid format ErrInvalidPrerelease = errors.New("invalid prerelease string") + + // ErrVersionTooLong is returned when a version string exceeds the + // maximum allowed length. + ErrVersionTooLong = fmt.Errorf("version string is too long (max %d bytes)", MaxVersionLen) ) +// MaxVersionLen is the maximum allowed length of a version string. This guards +// against unbounded input causing excessive memory allocations during parsing. +const MaxVersionLen = 256 + // semVerRegex is the regular expression used to parse a semantic version. // This is not the official regex from the semver spec. It has been modified to allow for loose handling // where versions like 2.1 are detected. @@ -94,6 +103,10 @@ func StrictNewVersion(v string) (*Version, error) { return nil, ErrEmptyString } + if len(v) > MaxVersionLen { + return nil, ErrVersionTooLong + } + // Split the parts into [0]major, [1]minor, and [2]patch,prerelease,build parts := strings.SplitN(v, ".", 3) if len(parts) != 3 { @@ -161,6 +174,9 @@ func StrictNewVersion(v string) (*Version, error) { // attempts to convert it to SemVer. If you want to validate it was a strict // semantic version at parse time see StrictNewVersion(). func NewVersion(v string) (*Version, error) { + if len(v) > MaxVersionLen { + return nil, ErrVersionTooLong + } if CoerceNewVersion { return coerceNewVersion(v) } @@ -289,6 +305,8 @@ func coerceNewVersion(v string) (*Version, error) { // New creates a new instance of Version with each of the parts passed in as // arguments instead of parsing a version string. +// Note, New does not validate prerelease or metadata. Incorrect information can +// be passed in. func New(major, minor, patch uint64, pre, metadata string) *Version { v := Version{ major: major, @@ -301,6 +319,7 @@ func New(major, minor, patch uint64, pre, metadata string) *Version { v.original = v.String() + // TODO: In the next semver major version validate the pre and metadata. Return error if there is one. return &v } @@ -388,6 +407,9 @@ func (v Version) IncPatch() Version { } else { vNext.metadata = "" vNext.pre = "" + if v.patch == math.MaxUint64 { + panic("patch version increment would overflow uint64") + } vNext.patch = v.patch + 1 } vNext.original = v.originalVPrefix() + "" + vNext.String() @@ -404,6 +426,9 @@ func (v Version) IncMinor() Version { vNext.metadata = "" vNext.pre = "" vNext.patch = 0 + if v.minor == math.MaxUint64 { + panic("minor version increment would overflow uint64") + } vNext.minor = v.minor + 1 vNext.original = v.originalVPrefix() + "" + vNext.String() return vNext @@ -421,6 +446,9 @@ func (v Version) IncMajor() Version { vNext.pre = "" vNext.patch = 0 vNext.minor = 0 + if v.major == math.MaxUint64 { + panic("major version increment would overflow uint64") + } vNext.major = v.major + 1 vNext.original = v.originalVPrefix() + "" + vNext.String() return vNext @@ -568,7 +596,16 @@ func (v Version) MarshalText() ([]byte, error) { // Scan implements the SQL.Scanner interface. func (v *Version) Scan(value interface{}) error { var s string - s, _ = value.(string) + switch t := value.(type) { + case string: + s = t + case []byte: + s = string(t) + case nil: + return fmt.Errorf("cannot scan nil into Version") + default: + return fmt.Errorf("unsupported Scan type %T", value) + } temp, err := NewVersion(s) if err != nil { return err diff --git a/vendor/modules.txt b/vendor/modules.txt index d9a14718f6..820c816452 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -12,7 +12,7 @@ dario.cat/mergo ## explicit; go 1.18 github.com/BurntSushi/toml github.com/BurntSushi/toml/internal -# github.com/Masterminds/semver/v3 v3.4.0 +# github.com/Masterminds/semver/v3 v3.5.0 ## explicit; go 1.21 github.com/Masterminds/semver/v3 # github.com/Microsoft/go-winio v0.6.2 From 19ddcf9fad7e231bc60339716f8f91e84242eed8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 23:03:13 +0200 Subject: [PATCH 16/17] Update go.yaml.in/yaml/v2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- common/go.mod | 2 +- common/go.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/common/go.mod b/common/go.mod index 9120cd1fee..707af6e52f 100644 --- a/common/go.mod +++ b/common/go.mod @@ -119,7 +119,7 @@ require ( go.opentelemetry.io/otel v1.43.0 // indirect go.opentelemetry.io/otel/metric v1.43.0 // indirect go.opentelemetry.io/otel/trace v1.43.0 // indirect - go.yaml.in/yaml/v2 v2.4.3 // indirect + go.yaml.in/yaml/v2 v2.4.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/mod v0.36.0 // indirect golang.org/x/net v0.54.0 // indirect diff --git a/common/go.sum b/common/go.sum index b2f8356075..f78503d85c 100644 --- a/common/go.sum +++ b/common/go.sum @@ -277,8 +277,8 @@ go.podman.io/image/v5 v5.40.0 h1:gNQvj343Eb4juCitUBkuDz1T82Zpp6nhgMEXzNfCges= go.podman.io/image/v5 v5.40.0/go.mod h1:qgXf1abXJ+2l01pL8+CljaMKryeo6ahaHO7H51ooKIc= go.podman.io/storage v1.63.0 h1:bj/pAWFhChbuBmejzno0iQLhU7FevGVXepRXm5pFGeA= go.podman.io/storage v1.63.0/go.mod h1:z4Z9K+7GhKjWL/Y1O17+4f8a1KGijVeC9hr3tymhSOs= -go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= -go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= +go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= diff --git a/vendor/modules.txt b/vendor/modules.txt index 820c816452..ffed91d65a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -507,7 +507,7 @@ go.opentelemetry.io/otel/trace/noop ## explicit; go 1.25.6 # go.podman.io/storage v1.63.0 ## explicit; go 1.25.0 -# go.yaml.in/yaml/v2 v2.4.3 +# go.yaml.in/yaml/v2 v2.4.4 ## explicit; go 1.15 go.yaml.in/yaml/v2 # go.yaml.in/yaml/v3 v3.0.4 From 5c914be914aa767647444a726ff6426ccd470f2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 21 May 2026 23:11:28 +0200 Subject: [PATCH 17/17] Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Almost a year ago, we were waiting for a hopefully-imminent /v4 to migrate. That's still not happened, so move now. Fixes #187 . Signed-off-by: Miloslav Trmač --- image/docker/registries_d.go | 2 +- image/go.mod | 3 ++- image/go.sum | 2 ++ image/openshift/openshift-copies.go | 2 +- image/openshift/openshift-copies_test.go | 2 +- image/pkg/cli/basetls/tlsdetails/tlsdetails.go | 2 +- image/pkg/cli/sigstore/params/sigstore.go | 2 +- 7 files changed, 9 insertions(+), 6 deletions(-) diff --git a/image/docker/registries_d.go b/image/docker/registries_d.go index 6fe612160b..4312ebb9bd 100644 --- a/image/docker/registries_d.go +++ b/image/docker/registries_d.go @@ -16,7 +16,7 @@ import ( "go.podman.io/storage/pkg/configfile" "go.podman.io/storage/pkg/homedir" "go.podman.io/storage/pkg/unshare" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v3" ) // defaultUserDockerDir is the default lookaside directory for unprivileged user diff --git a/image/go.mod b/image/go.mod index 0a5632a9cb..282bf04df2 100644 --- a/image/go.mod +++ b/image/go.mod @@ -38,11 +38,11 @@ require ( github.com/vbauerster/mpb/v8 v8.12.0 go.etcd.io/bbolt v1.4.3 go.podman.io/storage v1.63.0 + go.yaml.in/yaml/v3 v3.0.4 golang.org/x/crypto v0.51.0 golang.org/x/oauth2 v0.36.0 golang.org/x/sync v0.20.0 golang.org/x/term v0.43.0 - gopkg.in/yaml.v3 v3.0.1 ) require ( @@ -103,4 +103,5 @@ require ( google.golang.org/genproto/googleapis/rpc v0.0.0-20260519071638-aa98bba5eb94 // indirect google.golang.org/grpc v1.81.1 // indirect google.golang.org/protobuf v1.36.11 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/image/go.sum b/image/go.sum index 5498f3978f..eb54375808 100644 --- a/image/go.sum +++ b/image/go.sum @@ -217,6 +217,8 @@ go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09 go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= go.podman.io/storage v1.63.0 h1:bj/pAWFhChbuBmejzno0iQLhU7FevGVXepRXm5pFGeA= go.podman.io/storage v1.63.0/go.mod h1:z4Z9K+7GhKjWL/Y1O17+4f8a1KGijVeC9hr3tymhSOs= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= diff --git a/image/openshift/openshift-copies.go b/image/openshift/openshift-copies.go index 84a46a9836..cf215d79fe 100644 --- a/image/openshift/openshift-copies.go +++ b/image/openshift/openshift-copies.go @@ -23,7 +23,7 @@ import ( "go.podman.io/image/v5/internal/multierr" "go.podman.io/image/v5/types" "go.podman.io/storage/pkg/homedir" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v3" ) // restTLSClientConfig is a modified copy of k8s.io/kubernetes/pkg/client/restclient.TLSClientConfig. diff --git a/image/openshift/openshift-copies_test.go b/image/openshift/openshift-copies_test.go index 1fdc37d81a..97d2c82d89 100644 --- a/image/openshift/openshift-copies_test.go +++ b/image/openshift/openshift-copies_test.go @@ -6,7 +6,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v3" ) const fixtureKubeConfigPath = "testdata/admin.kubeconfig" diff --git a/image/pkg/cli/basetls/tlsdetails/tlsdetails.go b/image/pkg/cli/basetls/tlsdetails/tlsdetails.go index fca6bed917..0333884c81 100644 --- a/image/pkg/cli/basetls/tlsdetails/tlsdetails.go +++ b/image/pkg/cli/basetls/tlsdetails/tlsdetails.go @@ -16,7 +16,7 @@ import ( "os" "go.podman.io/image/v5/pkg/cli/basetls" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v3" ) // BaseTLSFromOptionalFile returns a basetls.Config matching a containers-tls-details.yaml file at the specified path. diff --git a/image/pkg/cli/sigstore/params/sigstore.go b/image/pkg/cli/sigstore/params/sigstore.go index 0151b9acb0..f4dc62639c 100644 --- a/image/pkg/cli/sigstore/params/sigstore.go +++ b/image/pkg/cli/sigstore/params/sigstore.go @@ -5,7 +5,7 @@ import ( "fmt" "os" - "gopkg.in/yaml.v3" + "go.yaml.in/yaml/v3" ) // SigningParameterFile collects parameters used for creating sigstore signatures.