vendor: update buildkit with typed errors support

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

vendor/github.com/docker/cli/opts/capabilities.go

@@ -0,0 +1,89 @@
+package opts
+
+import (
+	"sort"
+	"strings"
+)
+
+const (
+	// AllCapabilities is a special value to add or drop all capabilities
+	AllCapabilities = "ALL"
+
+	// ResetCapabilities is a special value to reset capabilities when updating.
+	// This value should only be used when updating, not used on "create".
+	ResetCapabilities = "RESET"
+)
+
+// NormalizeCapability normalizes a capability by upper-casing, trimming white space
+// and adding a CAP_ prefix (if not yet present). This function also accepts the
+// "ALL" magic-value, as used by CapAdd/CapDrop.
+//
+// This function only handles rudimentary formatting; no validation is performed,
+// as the list of available capabilities can be updated over time, thus should be
+// handled by the daemon.
+func NormalizeCapability(cap string) string {
+	cap = strings.ToUpper(strings.TrimSpace(cap))
+	if cap == AllCapabilities || cap == ResetCapabilities {
+		return cap
+	}
+	if !strings.HasPrefix(cap, "CAP_") {
+		cap = "CAP_" + cap
+	}
+	return cap
+}
+
+// CapabilitiesMap normalizes the given capabilities and converts them to a map.
+func CapabilitiesMap(caps []string) map[string]bool {
+	normalized := make(map[string]bool)
+	for _, c := range caps {
+		normalized[NormalizeCapability(c)] = true
+	}
+	return normalized
+}
+
+// EffectiveCapAddCapDrop normalizes and sorts capabilities to "add" and "drop",
+// and returns the effective capabilities to include in both.
+//
+// "CapAdd" takes precedence over "CapDrop", so capabilities included in both
+// lists are removed from the list of capabilities to drop. The special "ALL"
+// capability is also taken into account.
+//
+// Note that the special "RESET" value is only used when updating an existing
+// service, and will be ignored.
+//
+// Duplicates are removed, and the resulting lists are sorted.
+func EffectiveCapAddCapDrop(add, drop []string) (capAdd, capDrop []string) {
+	var (
+		addCaps  = CapabilitiesMap(add)
+		dropCaps = CapabilitiesMap(drop)
+	)
+
+	if addCaps[AllCapabilities] {
+		// Special case: "ALL capabilities" trumps any other capability added.
+		addCaps = map[string]bool{AllCapabilities: true}
+	}
+	if dropCaps[AllCapabilities] {
+		// Special case: "ALL capabilities" trumps any other capability added.
+		dropCaps = map[string]bool{AllCapabilities: true}
+	}
+	for c := range dropCaps {
+		if addCaps[c] {
+			// Adding a capability takes precedence, so skip dropping
+			continue
+		}
+		if c != ResetCapabilities {
+			capDrop = append(capDrop, c)
+		}
+	}
+
+	for c := range addCaps {
+		if c != ResetCapabilities {
+			capAdd = append(capAdd, c)
+		}
+	}
+
+	sort.Strings(capAdd)
+	sort.Strings(capDrop)
+
+	return capAdd, capDrop
+}

vendor/github.com/docker/cli/opts/env.go

@@ -1,46 +1,30 @@
 package opts
 
 import (
-	"fmt"
 	"os"
-	"runtime"
 	"strings"
+
+	"github.com/pkg/errors"
 )
 
 // ValidateEnv validates an environment variable and returns it.
-// If no value is specified, it returns the current value using os.Getenv.
+// If no value is specified, it obtains its value from the current environment
 //
 // As on ParseEnvFile and related to #16585, environment variable names
-// are not validate what so ever, it's up to application inside docker
+// are not validated, and it's up to the application inside the container
 // to validate them or not.
 //
 // The only validation here is to check if name is empty, per #25099
 func ValidateEnv(val string) (string, error) {
-	arr := strings.Split(val, "=")
+	arr := strings.SplitN(val, "=", 2)
 	if arr[0] == "" {
-		return "", fmt.Errorf("invalid environment variable: %s", val)
+		return "", errors.New("invalid environment variable: " + val)
 	}
 	if len(arr) > 1 {
 		return val, nil
 	}
-	if !doesEnvExist(val) {
-		return val, nil
+	if envVal, ok := os.LookupEnv(arr[0]); ok {
+		return arr[0] + "=" + envVal, nil
 	}
-	return fmt.Sprintf("%s=%s", val, os.Getenv(val)), nil
-}
-
-func doesEnvExist(name string) bool {
-	for _, entry := range os.Environ() {
-		parts := strings.SplitN(entry, "=", 2)
-		if runtime.GOOS == "windows" {
-			// Environment variable are case-insensitive on Windows. PaTh, path and PATH are equivalent.
-			if strings.EqualFold(parts[0], name) {
-				return true
-			}
-		}
-		if parts[0] == name {
-			return true
-		}
-	}
-	return false
+	return val, nil
 }

vendor/github.com/docker/cli/opts/hosts.go

@@ -8,25 +8,25 @@ import (
 	"strings"
 )
 
-var (
-	// DefaultHTTPPort Default HTTP Port used if only the protocol is provided to -H flag e.g. dockerd -H tcp://
+const (
+	// defaultHTTPPort Default HTTP Port used if only the protocol is provided to -H flag e.g. dockerd -H tcp://
 	// These are the IANA registered port numbers for use with Docker
 	// see http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker
-	DefaultHTTPPort = 2375 // Default HTTP Port
-	// DefaultTLSHTTPPort Default HTTP Port used when TLS enabled
-	DefaultTLSHTTPPort = 2376 // Default TLS encrypted HTTP Port
-	// DefaultUnixSocket Path for the unix socket.
+	defaultHTTPPort = "2375" // Default HTTP Port
+	// defaultTLSHTTPPort Default HTTP Port used when TLS enabled
+	defaultTLSHTTPPort = "2376" // Default TLS encrypted HTTP Port
+	// defaultUnixSocket Path for the unix socket.
 	// Docker daemon by default always listens on the default unix socket
-	DefaultUnixSocket = "/var/run/docker.sock"
-	// DefaultTCPHost constant defines the default host string used by docker on Windows
-	DefaultTCPHost = fmt.Sprintf("tcp://%s:%d", DefaultHTTPHost, DefaultHTTPPort)
+	defaultUnixSocket = "/var/run/docker.sock"
+	// defaultTCPHost constant defines the default host string used by docker on Windows
+	defaultTCPHost = "tcp://" + defaultHTTPHost + ":" + defaultHTTPPort
 	// DefaultTLSHost constant defines the default host string used by docker for TLS sockets
-	DefaultTLSHost = fmt.Sprintf("tcp://%s:%d", DefaultHTTPHost, DefaultTLSHTTPPort)
+	defaultTLSHost = "tcp://" + defaultHTTPHost + ":" + defaultTLSHTTPPort
 	// DefaultNamedPipe defines the default named pipe used by docker on Windows
-	DefaultNamedPipe = `//./pipe/docker_engine`
+	defaultNamedPipe = `//./pipe/docker_engine`
 	// hostGatewayName defines a special string which users can append to --add-host
 	// to add an extra entry in /etc/hosts that maps host.docker.internal to the host IP
-	// TODO Consider moving the HostGatewayName constant defined in docker at
+	// TODO Consider moving the hostGatewayName constant defined in docker at
 	// github.com/docker/docker/daemon/network/constants.go outside of the "daemon"
 	// package, so that the CLI can consume it.
 	hostGatewayName = "host-gateway"
@@ -52,9 +52,9 @@ func ParseHost(defaultToTLS bool, val string) (string, error) {
 	host := strings.TrimSpace(val)
 	if host == "" {
 		if defaultToTLS {
-			host = DefaultTLSHost
+			host = defaultTLSHost
 		} else {
-			host = DefaultHost
+			host = defaultHost
 		}
 	} else {
 		var err error
@@ -76,11 +76,11 @@ func parseDockerDaemonHost(addr string) (string, error) {
 
 	switch addrParts[0] {
 	case "tcp":
-		return ParseTCPAddr(addrParts[1], DefaultTCPHost)
+		return ParseTCPAddr(addrParts[1], defaultTCPHost)
 	case "unix":
-		return parseSimpleProtoAddr("unix", addrParts[1], DefaultUnixSocket)
+		return parseSimpleProtoAddr("unix", addrParts[1], defaultUnixSocket)
 	case "npipe":
-		return parseSimpleProtoAddr("npipe", addrParts[1], DefaultNamedPipe)
+		return parseSimpleProtoAddr("npipe", addrParts[1], defaultNamedPipe)
 	case "fd":
 		return addr, nil
 	case "ssh":

vendor/github.com/docker/cli/opts/hosts_unix.go

@@ -2,7 +2,8 @@
 
 package opts
 
-import "fmt"
+// defaultHost constant defines the default host string used by docker on other hosts than Windows
+const defaultHost = "unix://" + defaultUnixSocket
 
-// DefaultHost constant defines the default host string used by docker on other hosts than Windows
-var DefaultHost = fmt.Sprintf("unix://%s", DefaultUnixSocket)
+// defaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
+const defaultHTTPHost = "localhost"

vendor/github.com/docker/cli/opts/hosts_windows.go

@@ -2,5 +2,60 @@
 
 package opts
 
-// DefaultHost constant defines the default host string used by docker on Windows
-var DefaultHost = "npipe://" + DefaultNamedPipe
+// defaultHost constant defines the default host string used by docker on Windows
+const defaultHost = "npipe://" + defaultNamedPipe
+
+// TODO Windows. Identify bug in GOLang 1.5.1+ and/or Windows Server 2016 TP5.
+// @jhowardmsft, @swernli.
+//
+// On Windows, this mitigates a problem with the default options of running
+// a docker client against a local docker daemon on TP5.
+//
+// What was found that if the default host is "localhost", even if the client
+// (and daemon as this is local) is not physically on a network, and the DNS
+// cache is flushed (ipconfig /flushdns), then the client will pause for
+// exactly one second when connecting to the daemon for calls. For example
+// using docker run windowsservercore cmd, the CLI will send a create followed
+// by an attach. You see the delay between the attach finishing and the attach
+// being seen by the daemon.
+//
+// Here's some daemon debug logs with additional debug spew put in. The
+// AfterWriteJSON log is the very last thing the daemon does as part of the
+// create call. The POST /attach is the second CLI call. Notice the second
+// time gap.
+//
+// time="2015-11-06T13:38:37.259627400-08:00" level=debug msg="After createRootfs"
+// time="2015-11-06T13:38:37.263626300-08:00" level=debug msg="After setHostConfig"
+// time="2015-11-06T13:38:37.267631200-08:00" level=debug msg="before createContainerPl...."
+// time="2015-11-06T13:38:37.271629500-08:00" level=debug msg=ToDiskLocking....
+// time="2015-11-06T13:38:37.275643200-08:00" level=debug msg="loggin event...."
+// time="2015-11-06T13:38:37.277627600-08:00" level=debug msg="logged event...."
+// time="2015-11-06T13:38:37.279631800-08:00" level=debug msg="In defer func"
+// time="2015-11-06T13:38:37.282628100-08:00" level=debug msg="After daemon.create"
+// time="2015-11-06T13:38:37.286651700-08:00" level=debug msg="return 2"
+// time="2015-11-06T13:38:37.289629500-08:00" level=debug msg="Returned from daemon.ContainerCreate"
+// time="2015-11-06T13:38:37.311629100-08:00" level=debug msg="After WriteJSON"
+// ... 1 second gap here....
+// time="2015-11-06T13:38:38.317866200-08:00" level=debug msg="Calling POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach"
+// time="2015-11-06T13:38:38.326882500-08:00" level=info msg="POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach?stderr=1&stdin=1&stdout=1&stream=1"
+//
+// We suspect this is either a bug introduced in GOLang 1.5.1, or that a change
+// in GOLang 1.5.1 (from 1.4.3) is exposing a bug in Windows. In theory,
+// the Windows networking stack is supposed to resolve "localhost" internally,
+// without hitting DNS, or even reading the hosts file (which is why localhost
+// is commented out in the hosts file on Windows).
+//
+// We have validated that working around this using the actual IPv4 localhost
+// address does not cause the delay.
+//
+// This does not occur with the docker client built with 1.4.3 on the same
+// Windows build, regardless of whether the daemon is built using 1.5.1
+// or 1.4.3. It does not occur on Linux. We also verified we see the same thing
+// on a cross-compiled Windows binary (from Linux).
+//
+// Final note: This is a mitigation, not a 'real' fix. It is still susceptible
+// to the delay if a user were to do 'docker run -H=tcp://localhost:2375...'
+// explicitly.
+
+// defaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
+const defaultHTTPHost = "127.0.0.1"

vendor/github.com/docker/cli/opts/opts_unix.go

@@ -1,6 +0,0 @@
-// +build !windows
-
-package opts
-
-// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
-const DefaultHTTPHost = "localhost"

vendor/github.com/docker/cli/opts/opts_windows.go

@@ -1,56 +0,0 @@
-package opts
-
-// TODO Windows. Identify bug in GOLang 1.5.1+ and/or Windows Server 2016 TP5.
-// @jhowardmsft, @swernli.
-//
-// On Windows, this mitigates a problem with the default options of running
-// a docker client against a local docker daemon on TP5.
-//
-// What was found that if the default host is "localhost", even if the client
-// (and daemon as this is local) is not physically on a network, and the DNS
-// cache is flushed (ipconfig /flushdns), then the client will pause for
-// exactly one second when connecting to the daemon for calls. For example
-// using docker run windowsservercore cmd, the CLI will send a create followed
-// by an attach. You see the delay between the attach finishing and the attach
-// being seen by the daemon.
-//
-// Here's some daemon debug logs with additional debug spew put in. The
-// AfterWriteJSON log is the very last thing the daemon does as part of the
-// create call. The POST /attach is the second CLI call. Notice the second
-// time gap.
-//
-// time="2015-11-06T13:38:37.259627400-08:00" level=debug msg="After createRootfs"
-// time="2015-11-06T13:38:37.263626300-08:00" level=debug msg="After setHostConfig"
-// time="2015-11-06T13:38:37.267631200-08:00" level=debug msg="before createContainerPl...."
-// time="2015-11-06T13:38:37.271629500-08:00" level=debug msg=ToDiskLocking....
-// time="2015-11-06T13:38:37.275643200-08:00" level=debug msg="loggin event...."
-// time="2015-11-06T13:38:37.277627600-08:00" level=debug msg="logged event...."
-// time="2015-11-06T13:38:37.279631800-08:00" level=debug msg="In defer func"
-// time="2015-11-06T13:38:37.282628100-08:00" level=debug msg="After daemon.create"
-// time="2015-11-06T13:38:37.286651700-08:00" level=debug msg="return 2"
-// time="2015-11-06T13:38:37.289629500-08:00" level=debug msg="Returned from daemon.ContainerCreate"
-// time="2015-11-06T13:38:37.311629100-08:00" level=debug msg="After WriteJSON"
-// ... 1 second gap here....
-// time="2015-11-06T13:38:38.317866200-08:00" level=debug msg="Calling POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach"
-// time="2015-11-06T13:38:38.326882500-08:00" level=info msg="POST /v1.22/containers/984758282b842f779e805664b2c95d563adc9a979c8a3973e68c807843ee4757/attach?stderr=1&stdin=1&stdout=1&stream=1"
-//
-// We suspect this is either a bug introduced in GOLang 1.5.1, or that a change
-// in GOLang 1.5.1 (from 1.4.3) is exposing a bug in Windows. In theory,
-// the Windows networking stack is supposed to resolve "localhost" internally,
-// without hitting DNS, or even reading the hosts file (which is why localhost
-// is commented out in the hosts file on Windows).
-//
-// We have validated that working around this using the actual IPv4 localhost
-// address does not cause the delay.
-//
-// This does not occur with the docker client built with 1.4.3 on the same
-// Windows build, regardless of whether the daemon is built using 1.5.1
-// or 1.4.3. It does not occur on Linux. We also verified we see the same thing
-// on a cross-compiled Windows binary (from Linux).
-//
-// Final note: This is a mitigation, not a 'real' fix. It is still susceptible
-// to the delay if a user were to do 'docker run -H=tcp://localhost:2375...'
-// explicitly.
-
-// DefaultHTTPHost Default HTTP Host used if only port is provided to -H flag e.g. dockerd -H tcp://:8080
-const DefaultHTTPHost = "127.0.0.1"

vendor/github.com/docker/cli/opts/parse.go

@@ -23,7 +23,7 @@ func ReadKVEnvStrings(files []string, override []string) ([]string, error) {
 }
 
 func readKVStrings(files []string, override []string, emptyFn func(string) (string, bool)) ([]string, error) {
-	variables := []string{}
+	var variables []string
 	for _, ef := range files {
 		parsedVars, err := parseKeyValueFile(ef, emptyFn)
 		if err != nil {

vendor/github.com/docker/cli/opts/ulimit.go

@@ -2,6 +2,7 @@ package opts
 
 import (
 	"fmt"
+	"sort"
 
 	"github.com/docker/go-units"
 )
@@ -11,7 +12,7 @@ type UlimitOpt struct {
 	values *map[string]*units.Ulimit
 }
 
-// NewUlimitOpt creates a new UlimitOpt
+// NewUlimitOpt creates a new UlimitOpt. Ulimits are not validated.
 func NewUlimitOpt(ref *map[string]*units.Ulimit) *UlimitOpt {
 	if ref == nil {
 		ref = &map[string]*units.Ulimit{}
@@ -31,23 +32,25 @@ func (o *UlimitOpt) Set(val string) error {
 	return nil
 }
 
-// String returns Ulimit values as a string.
+// String returns Ulimit values as a string. Values are sorted by name.
 func (o *UlimitOpt) String() string {
 	var out []string
 	for _, v := range *o.values {
 		out = append(out, v.String())
 	}
-
+	sort.Strings(out)
 	return fmt.Sprintf("%v", out)
 }
 
-// GetList returns a slice of pointers to Ulimits.
+// GetList returns a slice of pointers to Ulimits. Values are sorted by name.
 func (o *UlimitOpt) GetList() []*units.Ulimit {
 	var ulimits []*units.Ulimit
 	for _, v := range *o.values {
 		ulimits = append(ulimits, v)
 	}
-
+	sort.SliceStable(ulimits, func(i, j int) bool {
+		return ulimits[i].Name < ulimits[j].Name
+	})
 	return ulimits
 }