Commit Graph

3109 Commits

Author SHA1 Message Date
Derek McGowan
cd89a35ea0 Run CLI tests with cgroups v2
Signed-off-by: Derek McGowan <derek@mcg.dev>
2025-04-09 11:05:14 -07:00
Sebastiaan van Stijn
74b71c41ac update to go1.23.8 (fix CVE-2025-22871)
full diff: https://github.com/golang/go/compare/go1.23.7...go1.23.8
release notes: https://go.dev/doc/devel/release#go1.24.2

go1.23.8 (released 2025-04-01) includes security fixes to the net/http package,
as well as bug fixes to the runtime and the go command. See the Go 1.23.8
milestone on our issue tracker for details;

https://github.com/golang/go/issues?q=milestone%3AGo1.23.8+label%3ACherryPickApproved

From the mailing list:

Hello gophers,

We have just released Go versions 1.24.2 and 1.23.8, minor point releases.
These minor releases include 1 security fixes following the security policy:

- net/http: request smuggling through invalid chunked data
  The net/http package accepted data in the chunked transfer encoding
  containing an invalid chunk-size line terminated by a bare LF.
  When used in conjunction with a server or proxy which incorrectly
  interprets a bare LF in a chunk extension as part of the extension,
  this could permit request smuggling.
  The net/http package now rejects chunk-size lines containing a bare LF.
  Thanks to Jeppe Bonde Weikop for reporting this issue.
  This is CVE-2025-22871 and Go issue https://go.dev/issue/71988.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-04-03 12:30:00 +02:00
Rob Murray
adfed82ab8 Install and run firewalld for CI's firewalld tests
The github action running bake expected FIREWALLD to be set, but
DOCKER_FIREWALLD was set instead, so firewalld wasn't installed
in the dev image.

The dind-systemd script expected DOCKER_FIREWALLD to be set if it
needed to run firewalld, and it was. But it had no effect.

In CI, bake builds the image then make runs it - and the use the
same env. So, align on FIREWALLD (as it's not a docker feature).

Signed-off-by: Rob Murray <rob.murray@docker.com>
2025-03-28 16:59:48 +00:00
Rob Murray
cea56c1d9c Merge pull request #49671 from robmry/unit_test_with_firewalld
Run systemd/rootless when systemd/rootless unit testing
2025-03-27 08:34:31 +00:00
Paweł Gronowski
8d9e3502ab hack: Fix TestOverlay* test failure in pkg/archive
The pkg/archive/archive_linux_test.go tests create a test archive
content in a temporary directory. This also includes device nodes (using
mknod).
Running these tests in Docker-in-Docker (dind) with systemd was failing
with "operation not permitted" because the rootfs is remounted with
`nodev`.

This change aligns `hack/dind-systemd` with `hack/dind` by
conditionally mounting a `tmpfs` on `/tmp` (with dev enabled),
to make the mknod work.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2025-03-26 12:11:44 +00:00
Paweł Gronowski
a60603bfa3 hack/validate: Add gocompat
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2025-03-25 16:10:42 +01:00
Sebastiaan van Stijn
eeee17eaad Dockerfile: update runc binary to v1.2.6
This is the sixth patch release in the 1.2.z series of runc.
It primarily fixes an issue with runc exec vs time namespace,
and a compatibility issue with older kernels.

* Fix a stall issue that would happen if setting `O_CLOEXEC` with
  `CloseExecFrom` failed.
* `runc` now properly handles joining time namespaces (such as with
  `runc exec`). Previously we would attempt to set the time offsets
  when joining, which would fail.
* Handle `EINTR` retries correctly for socket-related direct
  `golang.org/x/sys/unix` system calls.
* We no longer use `F_SEAL_FUTURE_WRITE` when sealing the runc binary, as it
  turns out this had some unfortunate bugs in older kernel versions and was
  never necessary in the first place.
* Remove `Fexecve` helper from `libcontainer/system`. Runc 1.2.1 removed
  runc-dmz, but we forgot to remove this helper added only for that.
* Use Go 1.23 for official builds, run CI with Go 1.24 and drop Ubuntu 20.04
  from CI. We need to drop Ubuntu 20.04 from CI because Github Actions
  announced it's already deprecated and it will be discontinued soon.

full diff: https://github.com/opencontainers/runc/compare/v1.2.5...v1.2.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-03-21 16:54:24 +01:00
Austin Vazquez
35766af7d2 Dockerfile: update containerd binary to v1.7.27
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2025-03-18 15:07:33 +00:00
Paweł Gronowski
8701ff684f Merge pull request #49553 from thaJeztah/bump_containerd_1.7.26
Dockerfile: update containerd binary to v1.7.26
2025-03-12 18:29:55 +00:00
Akihiro Suda
0e54920e01 Dockerfile: update RootlessKit to v2.3.4
https://github.com/rootless-containers/rootlesskit/releases/tag/v2.3.3
https://github.com/rootless-containers/rootlesskit/releases/tag/v2.3.4

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2025-03-10 11:22:37 +09:00
Sebastiaan van Stijn
0a4c0902a5 Merge pull request #49578 from dmcgowan/update-governance
Update governance and maintainers file
2025-03-07 20:22:55 +01:00
Sebastiaan van Stijn
9278110260 Dockerfile: update containerd binary to v1.7.26
- full diff: https://github.com/containerd/containerd/compare/v1.7.25...v1.7.26
- release notes: https://github.com/containerd/containerd/releases/tag/v1.7.26

Welcome to the v1.7.26 release of containerd!

The twenty-sixth patch release for containerd 1.7 contains various fixes
and updates.

Highlights

- Add support for syncfs after unpack
- Update runc binary to v1.2.55
- Fix race between serve and immediate shutdown on the server
- Reject oversized messages from the sender

Container Runtime Interface (CRI)

- Fix fatal concurrency error in port forwarding

Node Resource Interface (NRI)

- Fix initial sync race when registering NRI plugins
- Add API support for reading Pod IPs
- Fix plugin sync to use multiple messages if ttrpc max message limit is hit
- Update API to pass configured timeouts to plugins.
- Fix mount removal in adjustments
- Close plugin if initial synchronization fails
- Add support for adjusting OOM score
- Add API support for NRI-native CDI injection
- Add support for pids cgroup

Runtime

- Fix console TTY leak in runc shim

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-03-07 17:47:59 +01:00
Derek McGowan
6e55f83747 Remove unused toml validation
Signed-off-by: Derek McGowan <derek@mcg.dev>
2025-03-06 01:44:06 -08:00
Sebastiaan van Stijn
f049fd0533 Merge pull request #49541 from thaJeztah/bump_go_version
update minimum go version to go1.23
2025-03-05 20:36:17 +01:00
Sebastiaan van Stijn
6e8eb8a90f vendor.mod: update minimum go version to go1.23
Go maintainers started to unconditionally update the minimum go version
for golang.org/x/ dependencies to go1.23, which means that we'll no longer
be able to support any version below that when updating those dependencies;

> all: upgrade go directive to at least 1.23.0 [generated]
>
> By now Go 1.24.0 has been released, and Go 1.22 is no longer supported
> per the Go Release Policy (https://go.dev/doc/devel/release#policy).
>
> For golang/go#69095.

This updates our minimum version to go1.23, as we won't be able to maintain
compatibility with older versions because of the above.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-03-05 13:39:50 +01:00
Paweł Gronowski
5f912e4cf5 update to go1.23.7
- https://github.com/golang/go/issues?q=milestone%3AGo1.23.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.23.6...go1.23.7

These minor releases include 1 security fixes following the security policy:

net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs

Matching of hosts against proxy patterns could improperly treat an IPv6
zone ID as a hostname component. For example, when the NO_PROXY
environment variable was set to "*.example.com", a request to
"[::1%25.example.com]:80` would incorrectly match and not be proxied.

Thanks to Juho Forsén of Mattermost for reporting this issue.

This is CVE-2025-22870 and Go issue https://go.dev/issue/71984.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.23.7

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2025-03-04 22:57:35 +01:00
Sebastiaan van Stijn
838ae09a23 Dockerfile: update runc binary to v1.2.5
This is the fifth patch release in the 1.2.z series of runc. It primarily fixes
an issue caused by an upstream systemd bug.

* There was a regression in systemd v230 which made the way we define
  device rule restrictions require a systemctl daemon-reload for our
  transient units. This caused issues for workloads using NVIDIA GPUs.
  Workaround the upstream regression by re-arranging how the unit properties
  are defined.
* Dependency github.com/cyphar/filepath-securejoin is updated to v0.4.1,
  to allow projects that vendor runc to bump it as well.
* CI: fixed criu-dev compilation.
* Dependency golang.org/x/net is updated to 0.33.0.

full diff: https://github.com/opencontainers/runc/compare/v1.2.4...v1.2.5
release notes: https://github.com/opencontainers/runc/releases/tag/v1.2.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-02-14 10:22:57 +01:00
Sebastiaan van Stijn
6856bdd5a6 Merge pull request #49444 from thaJeztah/commit_and_exect_response
api/types/container: introduce CommitResponse, ExecCreateResponse types
2025-02-11 12:53:09 +01:00
Sebastiaan van Stijn
0df3a0047a api/types/container: introduce CommitResponse type
Move api/types.IDResponse to a "common" package (to prevent cyclic import
issues), and introduce a container.CommitResponse type as alias. This allows
consumers to use ContainerCommit without having to import the "types" package,
and allows us to differentiate the response for container commit separate from
other endpoints currently using IDResponse.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-02-10 21:14:03 +01:00
Sebastiaan van Stijn
be1ac5d8e5 api/types/container: rename ContainerTopOKBody to TopResponse
Deprecate ContainerTopOKBody, but keep an alias.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-02-10 18:58:31 +01:00
Sebastiaan van Stijn
f4dc38cd36 api/types/container: rename ContainerUpdateOKBody to UpdateResponse
Deprecate ContainerUpdateOKBody, but keep an alias.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-02-10 18:35:35 +01:00
Paweł Gronowski
12756071f1 update to go1.23.6
This minor release include 1 security fix following the security policy:

- crypto/elliptic: timing sidechannel for P-256 on ppc64le

  Due to the usage of a variable time instruction in the assembly implementation
  of an internal function, a small number of bits of secret scalars are leaked on
  the ppc64le architecture. Due to the way this function is used, we do not
  believe this leakage is enough to allow recovery of the private key when P-256
  is used in any well known protocols.

This is CVE-2025-22866 and Go issue https://go.dev/issue/71383.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.23.6

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2025-02-04 20:27:27 +01:00
Sebastiaan van Stijn
96ded2a1ba Merge pull request #48850 from JSchltggr/fix-sed-nix-dind
Fix concurrency issue in dind
2025-02-01 23:39:53 +01:00
JSchltggr
c43aa0b6aa Fix concurrency issue in dind
Signed-off-by: JSchltggr <jschltggr@gmail.com>
2025-01-29 19:25:45 +01:00
Sebastiaan van Stijn
ae0fda655b update to go1.23.5 (fix CVE-2024-45341, CVE-2024-45336)
go1.23.5 (released 2025-01-16) includes security fixes to the crypto/x509 and
net/http packages, as well as bug fixes to the compiler, the runtime, and the
net package. See the Go 1.23.5 milestone on our issue tracker for details;

- https://github.com/golang/go/issues?q=milestone%3AGo1.23.5+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.23.4...go1.23.5

Hello gophers,

We have just released Go versions 1.23.5 and 1.22.11, minor point releases.

These minor releases include 2 security fixes following the security policy:

- crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

  A certificate with a URI which has a IPv6 address with a zone ID may
  incorrectly satisfy a URI name constraint that applies to the certificate
  chain.

  Certificates containing URIs are not permitted in the web PKI, so this
  only affects users of private PKIs which make use of URIs.

  Thanks to Juho Forsén of Mattermost for reporting this issue.

  This is CVE-2024-45341 and Go issue https://go.dev/issue/71156.

- net/http: sensitive headers incorrectly sent after cross-domain redirect

  The HTTP client drops sensitive headers after following a cross-domain redirect.
  For example, a request to a.com/ containing an Authorization header which is
  redirected to b.com/ will not send that header to b.com.

  In the event that the client received a subsequent same-domain redirect, however,
  the sensitive headers would be restored. For example, a chain of redirects from
  a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization
  header to b.com/2.

  Thanks to Kyle Seely for reporting this issue.

  This is CVE-2024-45336 and Go issue https://go.dev/issue/70530.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-01-20 15:47:35 +01:00
Akihiro Suda
aa565ec1ef Dockerfile: update RootlessKit to v2.3.2
https://github.com/rootless-containers/rootlesskit/releases/tag/v2.3.2

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2025-01-20 11:25:53 +09:00
Rob Murray
390cb4c2f1 Increase integration test timeout from 5m to 10m
Networking tests have been creeping towards the limit for a
while, but they're reliably failing in a upcoming PR that adds
a relatively slow test.

Signed-off-by: Rob Murray <rob.murray@docker.com>
2025-01-15 15:44:30 +00:00
Sebastiaan van Stijn
c12bfda3cd Dockerfile: update containerd to v1.7.25
release notes: https://github.com/containerd/containerd/releases/tag/v1.7.25
full diff: https://github.com/containerd/containerd/compare/v1.7.24...v1.7.25

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-01-10 10:59:32 +01:00
Sebastiaan van Stijn
aad7bcedd2 Dockerfile: update runc binary to v1.2.4
This is the fourth patch release of the 1.2.z release branch of runc. It
includes a fix for a regression introduced in 1.2.0 related to the
default device list.

- Re-add tun/tap devices to built-in allowed devices lists.

 In runc 1.2.0 we removed these devices from the default allow-list
 (which were added seemingly by accident early in Docker's history) as
 a precaution in order to try to reduce the attack surface of device
 inodes available to most containers. At the time we thought
 that the vast majority of users using tun/tap would already be
 specifying what devices they need (such as by using --device with
 Docker/Podman) as opposed to doing the mknod manually, and thus
 there would've been no user-visible change.

 Unfortunately, it seems that this regressed a noticeable number of
 users (and not all higher-level tools provide easy ways to specify
 devices to allow) and so this change needed to be reverted. Users
 that do not need these devices are recommended to explicitly disable
 them by adding deny rules in their container configuration.

full diff: https://github.com/opencontainers/runc/compare/v1.2.3...v1.2.4
release notes: https://github.com/opencontainers/runc/releases/tag/v1.2.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-01-08 19:06:02 +01:00
Brian Goff
ce37cb3ea0 Down with the sickness (AUTO_GOPATH)
Go has a nice tool to inspect the currently set (or default) `GOPATH`
with `go env GOPATH`.
We should do that rather than absolutely requiring people to manually
set `GOPATH` or use the `AUTO_GOPATH`.

This doesn't actually remove `AUTO_GOPATH`, people can still use it.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2025-01-02 19:36:52 +00:00
Sebastiaan van Stijn
ec5c9e06e3 Dockerfile: update runc binary to v1.2.3
This is the third patch release of the 1.2.z release branch of runc. It
primarily fixes some minor regressions introduced in 1.2.0.

- Fixed a regression in use of securejoin.MkdirAll, where multiple
  runc processes racing to create the same mountpoint in a shared rootfs
  would result in spurious EEXIST errors. In particular, this regression
  caused issues with BuildKit.
- Fixed a regression in eBPF support for pre-5.6 kernels after upgrading
  Cilium's eBPF library version to 0.16 in runc.

full diff: https://github.com/opencontainers/runc/compare/v1.2.2...v1.2.3
release notes: https://github.com/opencontainers/runc/releases/tag/v1.2.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-12-11 21:52:50 +01:00
Rob Murray
4b8c72060d Merge pull request #49038 from robmry/modprobeless
Try to load kernel modules, without modprobe
2024-12-06 14:08:17 +00:00
Rob Murray
2af19b6b7c Don't try to modprobe ip6_tables in the moby dev container
dockerd will now do this itself, if ip6tables is enabled.

Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-12-06 10:27:24 +00:00
Sebastiaan van Stijn
52d7e407b7 update to go1.23.4
go1.23.4 (released 2024-12-03) includes fixes to the compiler, the runtime,
the trace command, and the syscall package. See the Go 1.23.4 milestone on
our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.23.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.23.3...go1.23.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-12-04 10:02:48 +01:00
Sebastiaan van Stijn
8d4d6c8ae6 Merge pull request #48918 from austinvazquez/update-containerd-v1.7.24-in-ci
Dockerfile: update containerd v1.7.24
2024-11-21 18:54:30 +01:00
Austin Vazquez
8cecf3a71c Dockerfile: update containerd to v1.7.24
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-11-21 15:20:52 +00:00
Sebastiaan van Stijn
e257856116 Dockerfile: update to runc v1.2.2
- 1.2.2 release notes: https://github.com/opencontainers/runc/releases/tag/v1.2.2
- 1.2.1 release notes: https://github.com/opencontainers/runc/releases/tag/v1.2.1
- 1.2.0 release notes: https://github.com/opencontainers/runc/releases/tag/v1.2.0

Breaking changes and deprecations are included below;

Breaking changes:

Several aspects of how mount options work has been adjusted in a way that
could theoretically break users that have very strange mount option strings.
This was necessary to fix glaring issues in how mount options were being
treated. The key changes are:

- Mount options on bind-mounts that clear a mount flag are now always
  applied. Previously, if a user requested a bind-mount with only clearing
  options (such as rw,exec,dev) the options would be ignored and the
  original bind-mount options would be set. Unfortunately this also means
  that container configurations which specified only clearing mount options
  will now actually get what they asked for, which could break existing
  containers (though it seems unlikely that a user who requested a specific
  mount option would consider it "broken" to get the mount options they
  asked foruser who requested a specific mount option would consider it
  "broken" to get the mount options they asked for). This also allows us to
  silently add locked mount flags the user did not explicitly request to be
  cleared in rootless mode, allowing for easier use of bind-mounts for
  rootless containers.
- Container configurations using bind-mounts with superblock mount flags
  (i.e. filesystem-specific mount flags, referred to as "data" in
  mount(2), as opposed to VFS generic mount flags like MS_NODEV) will
  now return an error. This is because superblock mount flags will also
  affect the host mount (as the superblock is shared when bind-mounting),
  which is obviously not acceptable. Previously, these flags were silently
  ignored so this change simply tells users that runc cannot fulfil their
  request rather than just ignoring it.

Deprecated

- runc option --criu is now ignored (with a warning), and the option will
  be removed entirely in a future release. Users who need a non-standard
  criu binary should rely on the standard way of looking up binaries in
  $PATH.
- runc kill option -a is now deprecated. Previously, it had to be specified
  to kill a container (with SIGKILL) which does not have its own private PID
  namespace (so that runc would send SIGKILL to all processes). Now, this is
  done automatically.
- github.com/opencontainers/runc/libcontainer/user is now deprecated, please
  use github.com/moby/sys/user instead. It will be removed in a future
  release.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-11-19 15:16:30 +01:00
Sebastiaan van Stijn
a2f7293405 Merge pull request #48860 from vvoland/hack-features-c8d
hack: Add explicit containerd feature to `daemon.json`
2024-11-13 22:21:42 +01:00
Paweł Gronowski
fc590032f3 hack: Add explicit containerd feature to daemon.json
While it's still turned off by default, it's easier to just flip the
`false` to `true` inside the devcontainer.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-11-13 14:45:01 +01:00
Sebastiaan van Stijn
ae21b3c8ac Merge pull request #48756 from akerouanton/reduce-number-of-firewalld-jobs
ci: re-add firewalld jobs
2024-11-12 15:34:57 +01:00
Paweł Gronowski
20818454c4 update to go1.23.3
- https://github.com/golang/go/issues?q=milestone%3AGo1.23.3+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.23.2...go1.23.3

go1.23.3 (released 2024-11-06) includes fixes to the linker, the
runtime, and the net/http, os, and syscall packages. See the Go 1.23.3
milestone on our issue tracker for details.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-11-07 13:22:47 +01:00
Albin Kerouanton
816dbbfddc ci: re-enable firewalld jobs
Commit 4e567e16 added firewalld to the test matrix for various CI jobs
(namely unit, integration and integration-cli).

Commit 2807c0c2 reverted that commit as it was putting too much load on
GHA cache, and thus it was returning 429 more frequently, so builds had
a greater chance of spending time building everything from scratch. This
was slowing down our CI even more than what it was before.

This new commit re-adds firewalld to the test matrix of unit,
integration and integration-cli jobs. Unlike 4e567e16, not all
combinations of OS, storage and 'mode' will be tested. Instead,
firewalld jobs will run only on ubuntu-22.04, and with the containerd
snapshotter.

Also, the revert commit mistakenly reverted a fix that was originally
intended for commit 8883db20, but was actually 'fixed up' in the wrong
commit. Let's re-revert that too.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2024-10-31 18:01:37 +01:00
Paweł Gronowski
b08bc5df85 Merge pull request #47553 from vvoland/testing-libnetwork-rerun-flaky
hack/unit: Rerun failed flaky libnetwork tests
2024-10-30 10:21:08 +00:00
Albin Kerouanton
2807c0c2d2 Revert "ci: run integration tests with firewalld enabled"
Temporarily remove firewallds jobs. These are actually not running
firewalld due to a typo in GHA definitions. Moreover, these new jobs
are putting too much load on the CI, causing GHA cache backend to return
429 for many jobs. This slows down build jobs (as they can't use
existing cache), and at least one buildkit test is now failing.

This reverts commit 4e567e1622.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2024-10-28 18:24:14 +01:00
Akihiro Suda
1bb5f8bb67 update to go1.23.2
vendor.mod still allows go1.22.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-10-22 00:04:58 +09:00
Albin Kerouanton
4e567e1622 ci: run integration tests with firewalld enabled
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2024-10-15 12:54:51 +02:00
Albin Kerouanton
8883db20c5 hack: run firewalld when $DOCKER_FIREWALLD is set
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2024-10-15 12:52:25 +02:00
Sebastiaan van Stijn
36549fb56e vendor: golang.org/x/mod v0.21.0
full diff: https://github.com/golang/mod/compare/v0.20.0...v0.21.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-10 02:35:59 +02:00
Sebastiaan van Stijn
6b7565ba40 vendor: go.etcd.io/bbolt v1.3.11
BoltDB

- Fix the freelist.allocs isn't rollbacked when a tx is rollbacked.

CMD

- Add -gobench-output option for bench command to adapt to benchstat.

Other

- Bump go version to 1.22.x.
- This patch also added dmflakey package, which can be reused by other projects. See #812.

full diff: https://github.com/etcd-io/bbolt/compare/v1.3.10...v1.3.11

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-10 02:35:08 +02:00
Sebastiaan van Stijn
ca4c68ab95 update to go1.22.8
go1.22.8 (released 2024-10-01) includes fixes to cgo, and the maps and syscall
packages. See the Go 1.22.8 milestone on our issue tracker for details;

- https://github.com/golang/go/issues?q=milestone%3AGo1.22.8+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.22.7...go1.22.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-03 13:12:30 +02:00