Freshgomod (#106)

* initial go modules, fresh start to find breaking change * change dep to go mod vendor * main go modules done, tests passed locally * upgrade go in dockerfileserver
2020-10-06 19:28:48 +01:00
parent a2940a4ba8
commit 678a62f152
1346 changed files with 125903 additions and 266970 deletions
--- a/vendor/github.com/syndtr/gocapability/capability/capability_linux.go
+++ b/vendor/github.com/syndtr/gocapability/capability/capability_linux.go
@@ -103,12 +103,12 @@ func newPid(pid int) (c Capabilities, err error) {
 	case linuxCapVer1:
 		p := new(capsV1)
 		p.hdr.version = capVers
-		p.hdr.pid = pid
+		p.hdr.pid = int32(pid)
 		c = p
 	case linuxCapVer2, linuxCapVer3:
 		p := new(capsV3)
 		p.hdr.version = capVers
-		p.hdr.pid = pid
+		p.hdr.pid = int32(pid)
 		c = p
 	default:
 		err = errUnknownVers
--- a/vendor/github.com/syndtr/gocapability/capability/capability_test.go
+++ b/vendor/github.com/syndtr/gocapability/capability/capability_test.go
@@ -1,83 +0,0 @@
-// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
-// All rights reserved.
-//
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-package capability
-
-import "testing"
-
-func TestState(t *testing.T) {
-	testEmpty := func(name string, c Capabilities, whats CapType) {
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			if (i&whats) != 0 && !c.Empty(i) {
-				t.Errorf(name+": capabilities set %q wasn't empty", i)
-			}
-		}
-	}
-	testFull := func(name string, c Capabilities, whats CapType) {
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			if (i&whats) != 0 && !c.Full(i) {
-				t.Errorf(name+": capabilities set %q wasn't full", i)
-			}
-		}
-	}
-	testPartial := func(name string, c Capabilities, whats CapType) {
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			if (i&whats) != 0 && (c.Empty(i) || c.Full(i)) {
-				t.Errorf(name+": capabilities set %q wasn't partial", i)
-			}
-		}
-	}
-	testGet := func(name string, c Capabilities, whats CapType, max Cap) {
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			if (i & whats) == 0 {
-				continue
-			}
-			for j := Cap(0); j <= max; j++ {
-				if !c.Get(i, j) {
-					t.Errorf(name+": capability %q wasn't found on %q", j, i)
-				}
-			}
-		}
-	}
-
-	capf := new(capsFile)
-	capf.data.version = 2
-	for _, tc := range []struct {
-		name string
-		c    Capabilities
-		sets CapType
-		max  Cap
-	}{
-		{"v1", new(capsV1), EFFECTIVE | PERMITTED, CAP_AUDIT_CONTROL},
-		{"v3", new(capsV3), EFFECTIVE | PERMITTED | BOUNDING, CAP_LAST_CAP},
-		{"file_v1", new(capsFile), EFFECTIVE | PERMITTED, CAP_AUDIT_CONTROL},
-		{"file_v2", capf, EFFECTIVE | PERMITTED, CAP_LAST_CAP},
-	} {
-		testEmpty(tc.name, tc.c, tc.sets)
-		tc.c.Fill(CAPS | BOUNDS)
-		testFull(tc.name, tc.c, tc.sets)
-		testGet(tc.name, tc.c, tc.sets, tc.max)
-		tc.c.Clear(CAPS | BOUNDS)
-		testEmpty(tc.name, tc.c, tc.sets)
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			for j := Cap(0); j <= CAP_LAST_CAP; j++ {
-				tc.c.Set(i, j)
-			}
-		}
-		testFull(tc.name, tc.c, tc.sets)
-		testGet(tc.name, tc.c, tc.sets, tc.max)
-		for i := CapType(1); i <= BOUNDING; i <<= 1 {
-			for j := Cap(0); j <= CAP_LAST_CAP; j++ {
-				tc.c.Unset(i, j)
-			}
-		}
-		testEmpty(tc.name, tc.c, tc.sets)
-		tc.c.Set(PERMITTED, CAP_CHOWN)
-		testPartial(tc.name, tc.c, PERMITTED)
-		tc.c.Clear(CAPS | BOUNDS)
-		testEmpty(tc.name, tc.c, tc.sets)
-	}
-}
--- a/vendor/github.com/syndtr/gocapability/capability/enum.go
+++ b/vendor/github.com/syndtr/gocapability/capability/enum.go
@@ -41,7 +41,9 @@ const (
 //go:generate go run enumgen/gen.go
 type Cap int

-// POSIX-draft defined capabilities.
+// POSIX-draft defined capabilities and Linux extensions.
+//
+// Defined in https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h
 const (
 	// In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
 	// overrides the restriction of changing file ownership and group
@@ -187,6 +189,7 @@ const (
 	// arbitrary SCSI commands
 	// Allow setting encryption key on loopback filesystem
 	// Allow setting zone reclaim policy
+	// Allow everything under CAP_BPF and CAP_PERFMON for backward compatibility
 	CAP_SYS_ADMIN = Cap(21)

 	// Allow use of reboot()
@@ -211,6 +214,7 @@ const (
 	// Allow more than 64hz interrupts from the real-time clock
 	// Override max number of consoles on console allocation
 	// Override max number of keymaps
+	// Control memory reclaim behavior
 	CAP_SYS_RESOURCE = Cap(24)

 	// Allow manipulation of system clock
@@ -256,8 +260,45 @@ const (
 	// Allow preventing system suspends
 	CAP_BLOCK_SUSPEND = Cap(36)

-	// Allow reading audit messages from the kernel
+	// Allow reading the audit log via multicast netlink socket
 	CAP_AUDIT_READ = Cap(37)
+
+	// Allow system performance and observability privileged operations
+	// using perf_events, i915_perf and other kernel subsystems
+	CAP_PERFMON = Cap(38)
+
+	// CAP_BPF allows the following BPF operations:
+	// - Creating all types of BPF maps
+	// - Advanced verifier features
+	//   - Indirect variable access
+	//   - Bounded loops
+	//   - BPF to BPF function calls
+	//   - Scalar precision tracking
+	//   - Larger complexity limits
+	//   - Dead code elimination
+	//   - And potentially other features
+	// - Loading BPF Type Format (BTF) data
+	// - Retrieve xlated and JITed code of BPF programs
+	// - Use bpf_spin_lock() helper
+	//
+	// CAP_PERFMON relaxes the verifier checks further:
+	// - BPF progs can use of pointer-to-integer conversions
+	// - speculation attack hardening measures are bypassed
+	// - bpf_probe_read to read arbitrary kernel memory is allowed
+	// - bpf_trace_printk to print kernel memory is allowed
+	//
+	// CAP_SYS_ADMIN is required to use bpf_probe_write_user.
+	//
+	// CAP_SYS_ADMIN is required to iterate system wide loaded
+	// programs, maps, links, BTFs and convert their IDs to file descriptors.
+	//
+	// CAP_PERFMON and CAP_BPF are required to load tracing programs.
+	// CAP_NET_ADMIN and CAP_BPF are required to load networking programs.
+	CAP_BPF = Cap(39)
+
+	// Allow checkpoint/restore related operations.
+	// Introduced in kernel 5.9
+	CAP_CHECKPOINT_RESTORE = Cap(40)
 )

 var (
--- a/vendor/github.com/syndtr/gocapability/capability/enum_gen.go
+++ b/vendor/github.com/syndtr/gocapability/capability/enum_gen.go
@@ -80,6 +80,12 @@ func (c Cap) String() string {
 		return "block_suspend"
 	case CAP_AUDIT_READ:
 		return "audit_read"
+	case CAP_PERFMON:
+		return "perfmon"
+	case CAP_BPF:
+		return "bpf"
+	case CAP_CHECKPOINT_RESTORE:
+		return "checkpoint_restore"
 	}
 	return "unknown"
 }
@@ -125,5 +131,8 @@ func List() []Cap {
 		CAP_WAKE_ALARM,
 		CAP_BLOCK_SUSPEND,
 		CAP_AUDIT_READ,
+		CAP_PERFMON,
+		CAP_BPF,
+		CAP_CHECKPOINT_RESTORE,
 	}
 }
--- a/vendor/github.com/syndtr/gocapability/capability/enumgen/gen.go
+++ b/vendor/github.com/syndtr/gocapability/capability/enumgen/gen.go
@@ -1,92 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"fmt"
-	"go/ast"
-	"go/format"
-	"go/parser"
-	"go/token"
-	"io/ioutil"
-	"log"
-	"os"
-	"strings"
-)
-
-const fileName = "enum.go"
-const genName = "enum_gen.go"
-
-type generator struct {
-	buf  bytes.Buffer
-	caps []string
-}
-
-func (g *generator) writeHeader() {
-	g.buf.WriteString("// generated file; DO NOT EDIT - use go generate in directory with source\n")
-	g.buf.WriteString("\n")
-	g.buf.WriteString("package capability")
-}
-
-func (g *generator) writeStringFunc() {
-	g.buf.WriteString("\n")
-	g.buf.WriteString("func (c Cap) String() string {\n")
-	g.buf.WriteString("switch c {\n")
-	for _, cap := range g.caps {
-		fmt.Fprintf(&g.buf, "case %s:\n", cap)
-		fmt.Fprintf(&g.buf, "return \"%s\"\n", strings.ToLower(cap[4:]))
-	}
-	g.buf.WriteString("}\n")
-	g.buf.WriteString("return \"unknown\"\n")
-	g.buf.WriteString("}\n")
-}
-
-func (g *generator) writeListFunc() {
-	g.buf.WriteString("\n")
-	g.buf.WriteString("// List returns list of all supported capabilities\n")
-	g.buf.WriteString("func List() []Cap {\n")
-	g.buf.WriteString("return []Cap{\n")
-	for _, cap := range g.caps {
-		fmt.Fprintf(&g.buf, "%s,\n", cap)
-	}
-	g.buf.WriteString("}\n")
-	g.buf.WriteString("}\n")
-}
-
-func main() {
-	fs := token.NewFileSet()
-	parsedFile, err := parser.ParseFile(fs, fileName, nil, 0)
-	if err != nil {
-		log.Fatal(err)
-	}
-	var caps []string
-	for _, decl := range parsedFile.Decls {
-		decl, ok := decl.(*ast.GenDecl)
-		if !ok || decl.Tok != token.CONST {
-			continue
-		}
-		for _, spec := range decl.Specs {
-			vspec := spec.(*ast.ValueSpec)
-			name := vspec.Names[0].Name
-			if strings.HasPrefix(name, "CAP_") {
-				caps = append(caps, name)
-			}
-		}
-	}
-	g := &generator{caps: caps}
-	g.writeHeader()
-	g.writeStringFunc()
-	g.writeListFunc()
-	src, err := format.Source(g.buf.Bytes())
-	if err != nil {
-		fmt.Println("generated invalid Go code")
-		fmt.Println(g.buf.String())
-		log.Fatal(err)
-	}
-	fi, err := os.Stat(fileName)
-	if err != nil {
-		log.Fatal(err)
-	}
-	if err := ioutil.WriteFile(genName, src, fi.Mode().Perm()); err != nil {
-		log.Fatal(err)
-	}
-}
--- a/vendor/github.com/syndtr/gocapability/capability/syscall_linux.go
+++ b/vendor/github.com/syndtr/gocapability/capability/syscall_linux.go
@@ -13,7 +13,7 @@ import (

 type capHeader struct {
 	version uint32
-	pid     int
+	pid     int32
 }

 type capData struct {