workspace: rules_go, gazelle, go, gVisor update
This commit not only updates rules_go and friends, but also updates
gVisor, removes legacy protobuf usage and switches from using
build_configuration to a config flag for bazel
Change-Id: Idb383f35ca0fec4cb7329e9d991f08f28cf9b1fb
Reviewed-on: https://review.monogon.dev/c/monogon/+/2129
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
diff --git a/.bazelrc b/.bazelrc
index 18253f1..28b7303 100644
--- a/.bazelrc
+++ b/.bazelrc
@@ -1,3 +1,6 @@
+# Set compilation mode (-c) to debug when running with --config debug.
+build:dbg --compilation_mode=dbg
+
# Enable strict_action_env (use static PATH and do not inherit environment variables).
# This avoids unnecessary cache invalidations.
build --incompatible_strict_action_env=true
@@ -56,6 +59,10 @@
# disable wasm plugin support in sqlc
build --@io_bazel_rules_go//go/config:tags=selinux,seccomp,no_zfs,no_aufs,no_devicemapper,providerless,dockerless,nowasm,netgo,osusergo
+# kvm_debug:
+# prevent stackoverflows for gvisor
+build:dbg --@io_bazel_rules_go//go/config:tags=selinux,seccomp,no_zfs,no_aufs,no_devicemapper,providerless,dockerless,nowasm,netgo,osusergo,kvm_debug
+
# Build with C++17.
build --cxxopt=-std=c++17
diff --git a/README.md b/README.md
index 00a6945..34c51d3 100644
--- a/README.md
+++ b/README.md
@@ -23,11 +23,11 @@
Build CLI and node image:
- bazel build //metropolis/cli/dbg //:launch -c dbg
+ bazel build //metropolis/cli/dbg //:launch --config dbg
Launch an ephemeral test node:
- bazel test //:launch -c dbg --test_output=streamed
+ bazel test //:launch --config dbg --test_output=streamed
Run a kubectl command while the test is running:
@@ -37,4 +37,4 @@
Run full test suite:
- bazel test -c dbg //...
+ bazel test --config dbg //...
diff --git a/WORKSPACE b/WORKSPACE
index 47c12b5..5e00a6a 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -48,19 +48,16 @@
register_toolchains("//build/toolchain:host_cc_toolchain")
# Go and Gazelle
-
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
http_archive(
name = "io_bazel_rules_go",
patch_args = ["-p1"],
patches = [
"//third_party/go/patches:rules_go_absolute_embedsrc.patch",
],
- sha256 = "56d8c5a5c91e1af73eca71a6fab2ced959b67c86d12ba37feedb0a2dfea441a6",
+ sha256 = "278b7ff5a826f3dc10f04feaf0b70d48b68748ccd512d7f98bf442077f043fe3",
urls = [
- "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.37.0/rules_go-v0.37.0.zip",
- "https://github.com/bazelbuild/rules_go/releases/download/v0.37.0/rules_go-v0.37.0.zip",
+ "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.41.0/rules_go-v0.41.0.zip",
+ "https://github.com/bazelbuild/rules_go/releases/download/v0.41.0/rules_go-v0.41.0.zip",
],
)
@@ -70,10 +67,10 @@
patches = [
"//third_party/gazelle:add-prepatching.patch",
],
- sha256 = "5982e5463f171da99e3bdaeff8c0f48283a7a5f396ec5282910b9e8a49c0dd7e",
+ sha256 = "29218f8e0cebe583643cbf93cae6f971be8a2484cdcfa1e45057658df8d54002",
urls = [
- "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.25.0/bazel-gazelle-v0.25.0.tar.gz",
- "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.25.0/bazel-gazelle-v0.25.0.tar.gz",
+ "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.32.0/bazel-gazelle-v0.32.0.tar.gz",
+ "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.32.0/bazel-gazelle-v0.32.0.tar.gz",
],
)
@@ -87,7 +84,7 @@
go_rules_dependencies()
go_register_toolchains(
- go_version = "1.18.10",
+ go_version = "1.21.0",
nogo = "@dev_source_monogon//build/analysis:nogo",
)
@@ -113,6 +110,26 @@
rules_proto_toolchains()
+# GRPC
+http_archive(
+ name = "com_github_grpc_grpc",
+ patch_args = ["-p1"],
+ patches = ["//third_party/go/patches:grpc_extra_deps.patch"],
+ sha256 = "ec125d7fdb77ecc25b01050a0d5d32616594834d3fe163b016768e2ae42a2df6",
+ strip_prefix = "grpc-1.52.1",
+ urls = [
+ "https://github.com/grpc/grpc/archive/v1.52.1.tar.gz",
+ ],
+)
+
+load("@com_github_grpc_grpc//bazel:grpc_deps.bzl", "grpc_deps")
+
+grpc_deps()
+
+load("@com_github_grpc_grpc//bazel:grpc_extra_deps.bzl", "grpc_extra_deps")
+
+grpc_extra_deps()
+
# Build packages
http_archive(
name = "rules_pkg",
diff --git a/build/analysis/nogo_config.json b/build/analysis/nogo_config.json
index 06cb4c4..6d9cc8e 100644
--- a/build/analysis/nogo_config.json
+++ b/build/analysis/nogo_config.json
@@ -26,6 +26,11 @@
"external/bazel_gazelle/walk": "third_party"
}
},
+ "shift": {
+ "exclude_files": {
+ "external/dev_gvisor_gvisor/": "third_party"
+ }
+ },
"unsafeptr": {
"exclude_files": {
"external/com_github_modern_go_reflect2/": "third_party",
diff --git a/build/bazel_cc_fix/BUILD.bazel b/build/bazel_cc_fix/BUILD.bazel
index 3b2f197..522cad4 100644
--- a/build/bazel_cc_fix/BUILD.bazel
+++ b/build/bazel_cc_fix/BUILD.bazel
@@ -7,8 +7,8 @@
visibility = ["//visibility:private"],
deps = [
"//build/bazel_cc_fix/ccfixspec",
- "@com_github_golang_protobuf//proto:go_default_library",
"@com_github_mattn_go_shellwords//:go-shellwords",
+ "@org_golang_google_protobuf//encoding/prototext",
],
)
diff --git a/build/bazel_cc_fix/main.go b/build/bazel_cc_fix/main.go
index 611f1eb..2e69110 100644
--- a/build/bazel_cc_fix/main.go
+++ b/build/bazel_cc_fix/main.go
@@ -40,8 +40,8 @@
"regexp"
"strings"
- "github.com/golang/protobuf/proto"
"github.com/mattn/go-shellwords"
+ "google.golang.org/protobuf/encoding/prototext"
"source.monogon.dev/build/bazel_cc_fix/ccfixspec"
)
@@ -329,7 +329,7 @@
}
specRaw, err := os.ReadFile(*specPath)
var spec ccfixspec.CCFixSpec
- if err := proto.UnmarshalText(string(specRaw), &spec); err != nil {
+ if err := prototext.Unmarshal(specRaw, &spec); err != nil {
log.Fatalf("failed to load spec: %v", err)
}
diff --git a/build/ci/jenkins-presubmit.groovy b/build/ci/jenkins-presubmit.groovy
index 02a3a98..d5ad565 100644
--- a/build/ci/jenkins-presubmit.groovy
+++ b/build/ci/jenkins-presubmit.groovy
@@ -24,7 +24,7 @@
sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk test //..."
sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk build --//metropolis/cli/metroctl:buildkind=lite --platforms=@io_bazel_rules_go//go/toolchain:darwin_arm64 //metropolis/cli/metroctl"
sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk build --//metropolis/cli/metroctl:buildkind=lite --platforms=@io_bazel_rules_go//go/toolchain:darwin_amd64 //metropolis/cli/metroctl"
- sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk test -c dbg //..."
+ sh "JENKINS_NODE_COOKIE=dontKillMe bazelisk test --config dbg //..."
}
post {
success {
diff --git a/go.mod b/go.mod
index e22269f..cc88cd0 100644
--- a/go.mod
+++ b/go.mod
@@ -65,10 +65,14 @@
// Our psample patches
replace github.com/vishvananda/netlink => github.com/monogon-dev/netlink v0.0.0-20230125113930-88977c3ff4b3
+// Custom pin for tidb/parser used by sqlc
+// see issue https://github.com/pingcap/tidb/issues/45976
+replace golang.org/x/exp => golang.org/x/exp v0.0.0-20220428152302-39d4317da171
+
require (
cloud.google.com/go/storage v1.28.0
github.com/adrg/xdg v0.4.0
- github.com/bazelbuild/rules_go v0.30.0
+ github.com/bazelbuild/rules_go v0.41.0
github.com/cavaliergopher/cpio v1.0.1
github.com/cenkalti/backoff/v4 v4.1.2
github.com/cockroachdb/cockroach-go/v2 v2.2.10
@@ -80,7 +84,6 @@
github.com/diskfs/go-diskfs v1.2.0
github.com/go-delve/delve v1.8.2
github.com/golang-migrate/migrate/v4 v4.15.2
- github.com/golang/protobuf v1.5.2
github.com/google/cel-go v0.11.4
github.com/google/certificate-transparency-go v1.1.2
github.com/google/go-cmp v0.5.9
@@ -113,28 +116,28 @@
github.com/sbezverk/nfproxy v0.0.0-20210112155058-0d98b4a69f0c
github.com/spf13/cobra v1.6.1
github.com/spf13/pflag v1.0.5
- github.com/stretchr/testify v1.8.1
- github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5
+ github.com/stretchr/testify v1.8.4
+ github.com/vishvananda/netlink v1.1.1-0.20211118161826-650dca95af54
github.com/yalue/native_endian v1.0.2
go.etcd.io/etcd/api/v3 v3.5.4
go.etcd.io/etcd/client/pkg/v3 v3.5.4
go.etcd.io/etcd/client/v3 v3.5.4
go.etcd.io/etcd/server/v3 v3.5.4
go.etcd.io/etcd/tests/v3 v3.5.4
- go.uber.org/multierr v1.8.0
- golang.org/x/crypto v0.6.0
- golang.org/x/exp v0.0.0-20220428152302-39d4317da171
- golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4
- golang.org/x/net v0.7.0
- golang.org/x/sync v0.1.0
- golang.org/x/sys v0.10.1-0.20230720230054-ad7130c58d22
- golang.org/x/text v0.7.0
+ go.uber.org/multierr v1.11.0
+ golang.org/x/crypto v0.12.0
+ golang.org/x/exp v0.0.0-20230725093048-515e97ebf090
+ golang.org/x/mod v0.12.0
+ golang.org/x/net v0.14.0
+ golang.org/x/sync v0.3.0
+ golang.org/x/sys v0.11.0
+ golang.org/x/text v0.12.0
golang.org/x/time v0.0.0-20220224211638-0e9765cccd65
- golang.org/x/tools v0.1.12
+ golang.org/x/tools v0.9.1
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220208144051-fde48d68ee68
google.golang.org/grpc v1.53.0
- google.golang.org/protobuf v1.28.1
- gvisor.dev/gvisor v0.0.0-20220315202956-f1399ecf1672
+ google.golang.org/protobuf v1.28.2-0.20230118093459-a9481185b34d
+ gvisor.dev/gvisor v0.0.0-20230911190645-2e1d76499fd5
k8s.io/api v0.24.2
k8s.io/apimachinery v0.24.2
k8s.io/cli-runtime v0.24.2
@@ -152,6 +155,7 @@
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d // indirect
github.com/beevik/ntp v0.3.0 // indirect
+ github.com/benbjohnson/clock v1.3.5 // indirect
github.com/bytecodealliance/wasmtime-go/v5 v5.0.0 // indirect
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
github.com/cubicdaiya/gonp v1.0.4 // indirect
@@ -159,6 +163,7 @@
github.com/go-kit/log v0.2.0 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect
github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e // indirect
+ github.com/golang/protobuf v1.5.2 // indirect
github.com/hashicorp/go-envparse v0.0.0-20200406174449-d9cfd743a15e // indirect
github.com/hodgesds/perf-utils v0.4.0 // indirect
github.com/illumos/go-kstat v0.0.0-20210513183136-173c9b0a9973 // indirect
@@ -170,6 +175,7 @@
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect
github.com/prometheus/exporter-toolkit v0.7.0 // indirect
github.com/soundcloud/go-runit v0.0.0-20150630195641-06ad41a06c4a // indirect
+ golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect
gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
k8s.io/klog v1.0.0 // indirect
)
@@ -190,7 +196,7 @@
github.com/Azure/go-autorest/autorest/validation v0.1.0 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
- github.com/BurntSushi/toml v0.4.1 // indirect
+ github.com/BurntSushi/toml v1.2.1 // indirect
github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 // indirect
github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
github.com/DataDog/datadog-go/v5 v5.0.2 // indirect
@@ -198,7 +204,7 @@
github.com/GoogleCloudPlatform/k8s-cloud-provider v1.16.1-0.20210702024009-ea6160c1d0e3 // indirect
github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab // indirect
github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd // indirect
- github.com/Microsoft/go-winio v0.5.2 // indirect
+ github.com/Microsoft/go-winio v0.6.0 // indirect
github.com/Microsoft/hcsshim v0.9.3 // indirect
github.com/NYTimes/gziphandler v1.1.1 // indirect
github.com/PuerkitoBio/purell v1.1.1 // indirect
@@ -209,18 +215,18 @@
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e // indirect
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
github.com/aws/aws-sdk-go v1.44.9 // indirect
- github.com/bazelbuild/buildtools v0.0.0-20201023142455-8a8e1e724705 // indirect
+ github.com/bazelbuild/buildtools v0.0.0-20230510134650-37bd1811516d // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cenkalti/backoff v2.2.1+incompatible // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
github.com/checkpoint-restore/go-criu/v5 v5.3.0 // indirect
- github.com/cilium/ebpf v0.7.0 // indirect
+ github.com/cilium/ebpf v0.9.3 // indirect
github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313 // indirect
github.com/containerd/cgroups v1.0.3 // indirect
github.com/containerd/console v1.0.3 // indirect
- github.com/containerd/continuity v0.2.2 // indirect
+ github.com/containerd/continuity v0.3.0 // indirect
github.com/containerd/fifo v1.0.0 // indirect
github.com/containerd/ttrpc v1.1.0 // indirect
github.com/containerd/typeurl v1.0.2 // indirect
@@ -338,7 +344,7 @@
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
- github.com/opencontainers/runtime-spec v1.0.3-0.20211123151946-c2389c3cb60a // indirect
+ github.com/opencontainers/runtime-spec v1.1.0-rc.1 // indirect
github.com/opencontainers/selinux v1.10.1 // indirect
github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect
@@ -351,7 +357,7 @@
github.com/philhofer/fwd v1.1.1 // indirect
github.com/pierrec/lz4 v2.6.1+incompatible // indirect
github.com/pingcap/errors v0.11.5-0.20210425183316-da1aaba5fb63 // indirect
- github.com/pingcap/log v0.0.0-20210906054005-afc726e70354 // indirect
+ github.com/pingcap/log v1.1.0 // indirect
github.com/pingcap/tidb/parser v0.0.0-20220725134311-c80026e61f00 // indirect
github.com/pkg/xattr v0.4.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -361,7 +367,7 @@
github.com/prometheus/common v0.34.0 // indirect
github.com/prometheus/procfs v0.7.4-0.20211011103944-1a7a2bd3279f // indirect
github.com/quobyte/api v0.1.8 // indirect
- github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect
+ github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/rivo/uniseg v0.2.0 // indirect
github.com/robfig/cron/v3 v3.0.1 // indirect
github.com/rs/cors v1.8.0 // indirect
@@ -405,11 +411,11 @@
go.opentelemetry.io/otel/trace v1.3.0 // indirect
go.opentelemetry.io/proto/otlp v0.11.0 // indirect
go.starlark.net v0.0.0-20210223155950-e043a3d3c984
- go.uber.org/atomic v1.9.0 // indirect
- go.uber.org/zap v1.19.1
+ go.uber.org/atomic v1.11.0 // indirect
+ go.uber.org/zap v1.25.0
golang.org/x/arch v0.0.0-20190927153633-4e8777c89be4 // indirect
golang.org/x/oauth2 v0.5.0 // indirect
- golang.org/x/term v0.5.0 // indirect
+ golang.org/x/term v0.11.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
golang.zx2c4.com/wireguard v0.0.0-20220202223031-3b95c81cc178 // indirect
gonum.org/v1/gonum v0.9.3 // indirect
@@ -420,12 +426,12 @@
gopkg.in/djherbis/times.v1 v1.2.0 // indirect
gopkg.in/gcfg.v1 v1.2.3 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
- gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
+ gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
- honnef.co/go/tools v0.2.2 // indirect
+ honnef.co/go/tools v0.4.2 // indirect
k8s.io/apiextensions-apiserver v0.0.0 // indirect
k8s.io/apiserver v0.24.2 // indirect
k8s.io/cloud-provider v0.24.2 // indirect
@@ -449,6 +455,6 @@
sigs.k8s.io/kustomize/api v0.11.4 // indirect
sigs.k8s.io/kustomize/kustomize/v4 v4.5.4 // indirect
sigs.k8s.io/kustomize/kyaml v0.13.6 // indirect
- sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
+ sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.2.0 // indirect
)
diff --git a/go.sum b/go.sum
index 9f026cc..929e7c9 100644
--- a/go.sum
+++ b/go.sum
@@ -87,8 +87,6 @@
contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ=
contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE=
contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20201218220906-28db891af037/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU=
@@ -143,9 +141,9 @@
github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw=
github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
+github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/ClickHouse/clickhouse-go v1.4.3/go.mod h1:EaI/sW7Azgz9UATzd5ZdZHRUhHgv5+JMS9NSr2smCJI=
github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 h1:3nVO1nQyh64IUY6BPZUpMYMZ738Pu+LsMt3E0eqqIYw=
github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583/go.mod h1:EP9f4GqaDJyP1F5jTNMtzdIpw3JpNs3rMSJOnYywCiw=
@@ -186,8 +184,9 @@
github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
+github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
+github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
@@ -328,15 +327,17 @@
github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E=
github.com/aws/smithy-go v1.11.0/go.mod h1:3xHYmszWVx2c0kIwQeEVf9uSm4fYZt67FBJnwub1bgM=
github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
-github.com/bazelbuild/buildtools v0.0.0-20201023142455-8a8e1e724705 h1:M7gqMiatHWf9F3HL32QsFX8H3C/JFh1a8jYM5+F+5JI=
github.com/bazelbuild/buildtools v0.0.0-20201023142455-8a8e1e724705/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU=
-github.com/bazelbuild/rules_go v0.30.0 h1:kX4jVcstqrsRqKPJSn2mq2o+TI21edRzEJSrEOMQtr0=
-github.com/bazelbuild/rules_go v0.30.0/go.mod h1:MC23Dc/wkXEyk3Wpq6lCqz0ZAYOZDw2DR5y3N1q2i7M=
+github.com/bazelbuild/buildtools v0.0.0-20230510134650-37bd1811516d h1:Fl1FfItZp34QIQmmDTbZXHB5XA6JfbNNfH7tRRGWvQo=
+github.com/bazelbuild/buildtools v0.0.0-20230510134650-37bd1811516d/go.mod h1:689QdV3hBP7Vo9dJMmzhoYIyo/9iMhEmHkJcnaPRCbo=
+github.com/bazelbuild/rules_go v0.41.0 h1:JzlRxsFNhlX+g4drDRPhIaU5H5LnI978wdMJ0vK4I+k=
+github.com/bazelbuild/rules_go v0.41.0/go.mod h1:TMHmtfpvyfsxaqfL9WnahCsXMWDMICTw7XeK9yVb+YU=
github.com/beevik/ntp v0.3.0 h1:xzVrPrE4ziasFXgBVBZJDP0Wg/KpMwk2KHJ4Ba8GrDw=
github.com/beevik/ntp v0.3.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg=
github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
-github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
+github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
+github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@@ -410,8 +411,9 @@
github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
-github.com/cilium/ebpf v0.7.0 h1:1k/q3ATgxSXRdrmPfH8d7YK0GfqVsEKZAX9dQZvs56k=
github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
+github.com/cilium/ebpf v0.9.3 h1:5KtxXZU+scyERvkJMEm16TbScVvuuMrlhPly78ZMbSc=
+github.com/cilium/ebpf v0.9.3/go.mod h1:w27N4UjpaQ9X/DGrSugxUG+H+NhgntDuPb5lCzxCn8A=
github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
@@ -497,8 +499,9 @@
github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y=
github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
-github.com/containerd/continuity v0.2.2 h1:QSqfxcn8c+12slxwu00AtzXrsami0MJb/MQs9lOLHLA=
github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk=
+github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
+github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM=
github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
@@ -735,8 +738,8 @@
github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
-github.com/frankban/quicktest v1.13.0 h1:yNZif1OkDfNoDfb9zZa9aXIpejNR4F23Wely0c+Qdqk=
github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU=
+github.com/frankban/quicktest v1.14.0 h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzPPUss=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
@@ -782,9 +785,6 @@
github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks=
github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY=
github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
@@ -1444,8 +1444,8 @@
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
@@ -1764,8 +1764,8 @@
github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20211123151946-c2389c3cb60a h1:9iT75RHhYHWwWRlVWU7wnmtFulYcURCglzQOpT+cAF8=
-github.com/opencontainers/runtime-spec v1.0.3-0.20211123151946-c2389c3cb60a/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.1.0-rc.1 h1:wHa9jroFfKGQqFHj0I1fMRKLl0pfj+ynAqBxo3v6u9w=
+github.com/opencontainers/runtime-spec v1.1.0-rc.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
@@ -1829,8 +1829,8 @@
github.com/pingcap/errors v0.11.0/go.mod h1:Oi8TUi2kEtXXLMJk9l1cGmz20kV3TaQ0usTwv5KuLY8=
github.com/pingcap/errors v0.11.5-0.20210425183316-da1aaba5fb63 h1:+FZIDR/D97YOPik4N4lPDaUcLDF/EQPogxtlHB2ZZRM=
github.com/pingcap/errors v0.11.5-0.20210425183316-da1aaba5fb63/go.mod h1:X2r9ueLEUZgtx2cIogM0v4Zj5uvvzhuuiu7Pn8HzMPg=
-github.com/pingcap/log v0.0.0-20210906054005-afc726e70354 h1:SvWCbCPh1YeHd9yQLksvJYAgft6wLTY1aNG81tpyscQ=
-github.com/pingcap/log v0.0.0-20210906054005-afc726e70354/go.mod h1:DWQW5jICDR7UJh4HtxXSM20Churx4CQL0fwL/SoOSA4=
+github.com/pingcap/log v1.1.0 h1:ELiPxACz7vdo1qAvvaWJg1NrYFoY6gqAh/+Uo6aXdD8=
+github.com/pingcap/log v1.1.0/go.mod h1:DWQW5jICDR7UJh4HtxXSM20Churx4CQL0fwL/SoOSA4=
github.com/pingcap/tidb/parser v0.0.0-20220725134311-c80026e61f00 h1:aDC/yAGx/jPEyrX+UPKV3GWg+4A4yG8ifuP6jBEhDi0=
github.com/pingcap/tidb/parser v0.0.0-20220725134311-c80026e61f00/go.mod h1:wjvp+T3/T9XYt0nKqGX3Kc1AKuyUcfno6LTc6b2A6ew=
github.com/pkg/browser v0.0.0-20210706143420-7d21f8c997e2/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
@@ -1925,8 +1925,9 @@
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
github.com/remyoudompheng/bigfft v0.0.0-20190728182440-6a916e37a237/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
-github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=
github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rmohr/bazeldnf v0.5.4 h1:xYSQoQHuCZY+2mZJtt+2KN0G6TmeEOPR6cxPZomTXX4=
@@ -1942,6 +1943,7 @@
github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
github.com/rs/cors v1.8.0 h1:P2KMzcFwrPoSjkF1WLRPsp3UMLyql8L4v9hQpVeK5so=
github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM=
@@ -2073,8 +2075,9 @@
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stripe/safesql v0.2.0/go.mod h1:q7b2n0JmzM1mVGfcYpanfVb2j23cXZeWFxcILPn3JV4=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
@@ -2300,20 +2303,20 @@
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
+go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
-go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
-go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
@@ -2321,8 +2324,8 @@
go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
-go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI=
-go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
+go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c=
+go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk=
gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI=
golang.org/x/arch v0.0.0-20190927153633-4e8777c89be4 h1:QlVATYS7JBoZMVaf+cNjb90WD/beKVHnIxFKT4QaHVI=
golang.org/x/arch v0.0.0-20190927153633-4e8777c89be4/go.mod h1:flIaEI6LNU6xOCD5PaJvn9wGP0agmIOqjrtsKGRguv4=
@@ -2382,33 +2385,13 @@
golang.org/x/crypto v0.0.0-20220208050332-20e1d8d225ab/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190731235908-ec7cb31e5a56/go.mod h1:JhuoJpWY28nO4Vef9tZUw9qufEGTyX1+7lmHxV5q5G4=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
-golang.org/x/exp v0.0.0-20200901203048-c4f52b2c50aa/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20200908183739-ae8ad444f925/go.mod h1:1phAWC201xIgDyaFpmDeZkgf70Q4Pd/CNqfRtVPtxNw=
-golang.org/x/exp v0.0.0-20210220032938-85be41e4509f/go.mod h1:I6l2HNBLBZEcrOoCpyKLdY2lHoRZ8lI4x60KMCQDft4=
+golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
golang.org/x/exp v0.0.0-20220428152302-39d4317da171 h1:TfdoLivD44QwvssI9Sv1xwa5DcL5XQr4au4sZ2F2NV4=
golang.org/x/exp v0.0.0-20220428152302-39d4317da171/go.mod h1:lgLbSvA5ygNOMpwM/9anMpWVlVJ7Z+cHWq/eFuinpGE=
+golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a h1:Jw5wfR+h9mnIYH+OtGT2im5wV1YGGDora5vTv/aa5bE=
+golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
@@ -2427,25 +2410,19 @@
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mobile v0.0.0-20201217150744-e6ae53a27f4f/go.mod h1:skQtrUTUwhdJvXM/2KKJzY8pDgNr9I/FOMqDVRPBUS4=
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191209134235-331c550502dd/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -2538,8 +2515,8 @@
golang.org/x/net v0.0.0-20220111093109-d55c255bac03/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
golang.org/x/oauth2 v0.0.0-20180227000427-d7d64896b5ff/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -2578,8 +2555,8 @@
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
golang.org/x/sys v0.0.0-20180224232135-f6cff0780e54/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -2631,7 +2608,6 @@
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -2751,14 +2727,14 @@
golang.org/x/sys v0.0.0-20220317061510-51cd9980dadf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220513210249-45d2b4557a2a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220804214406-8e32c043e418/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.10.1-0.20230720230054-ad7130c58d22 h1:ZVBC8ekm7gt68NPszw37xBUjvhYEPKPyOlnmc6d1htg=
-golang.org/x/sys v0.10.1-0.20230720230054-ad7130c58d22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2768,8 +2744,8 @@
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -2792,7 +2768,6 @@
golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
@@ -2812,14 +2787,12 @@
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190903025054-afe7f8212f0d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -2835,12 +2808,10 @@
golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200102200121-6de373a2766c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117012304-6edc0a871e69/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
@@ -2883,11 +2854,12 @@
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
+golang.org/x/tools v0.1.8-0.20211029000441-d6a9af8af023/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
-golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=
+golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -3117,8 +3089,8 @@
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.28.2-0.20230118093459-a9481185b34d h1:qp0AnQCvRCMlu9jBjtdbTaaEmThIgZOrbVyDEOcmKhQ=
+google.golang.org/protobuf v1.28.2-0.20230118093459-a9481185b34d/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
gopkg.in/DataDog/dd-trace-go.v1 v1.38.1 h1:nAKgcpJLXRHF56cKCP3bN8gTTQmmNAZFEblbyGKhKTo=
gopkg.in/DataDog/dd-trace-go.v1 v1.38.1/go.mod h1:GBhK4yaMJ1h329ivtKAqRNe1EZ944UnZwtz5lh7CnJc=
gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
@@ -3150,8 +3122,9 @@
gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/jinzhu/gorm.v1 v1.9.1/go.mod h1:56JJPUzbikvTVnoyP1nppSkbJ2L8sunqTBDY2fDrmFg=
gopkg.in/mcuadros/go-syslog.v2 v2.2.1/go.mod h1:l5LPIyOOyIdQquNg+oU6Z3524YwrcqEm0aKH+5zpt2U=
-gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
gopkg.in/olivere/elastic.v3 v3.0.75/go.mod h1:yDEuSnrM51Pc8dM5ov7U8aI/ToR3PG0llA8aRv2qmw0=
gopkg.in/olivere/elastic.v5 v5.0.84/go.mod h1:LXF6q9XNBxpMqrcgax95C6xyARXWbbCXUrtTxrNrxJI=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
@@ -3201,10 +3174,10 @@
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
-gotest.tools/v3 v3.1.0 h1:rVV8Tcg/8jHUkPUorwjaMTtemIMVXfIPKiOqnhEhakk=
gotest.tools/v3 v3.1.0/go.mod h1:fHy7eyTmJFO5bQbUsEGQ1v4m2J3Jz9eWL54TP2/ZuYQ=
-gvisor.dev/gvisor v0.0.0-20220315202956-f1399ecf1672 h1:aXIFpjZYl3zv2rQyr4rSit5Uq0k7BVXC8lJaDa4Cg7M=
-gvisor.dev/gvisor v0.0.0-20220315202956-f1399ecf1672/go.mod h1:V4WNP2Uwtx69eOhvLDSQ734EaTJTaBI3P8KgRAlROsg=
+gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
+gvisor.dev/gvisor v0.0.0-20230911190645-2e1d76499fd5 h1:jkIUiFfucTr4prtWuxQ1YxuOdWEQc/dIrUnHKyzSQv0=
+gvisor.dev/gvisor v0.0.0-20230911190645-2e1d76499fd5/go.mod h1:lYEMhXbxgudVhALYsMQrBaUAjM3NMinh8mKL1CJv7rc=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -3214,8 +3187,9 @@
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
-honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk=
honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
+honnef.co/go/tools v0.4.2 h1:6qXr+R5w+ktL5UkwEbPp+fEvfyoMPche6GkOpGHZcLc=
+honnef.co/go/tools v0.4.2/go.mod h1:36ZgoUOrqOk1GxwHhyryEkq8FQWkUO2xGuSMhUCcdvA=
k8s.io/api v0.24.2 h1:g518dPU/L7VRLxWfcadQn2OnsiGWVOadTLpdnqgY2OI=
k8s.io/api v0.24.2/go.mod h1:AHqbSkTm6YrQ0ObxjO3Pmp/ubFF/KuM7jU+3khoBsOg=
k8s.io/apiextensions-apiserver v0.24.2 h1:/4NEQHKlEz1MlaK/wHT5KMKC9UKYz6NZz6JE6ov4G6k=
@@ -3343,8 +3317,9 @@
sigs.k8s.io/kustomize/kyaml v0.13.6 h1:eF+wsn4J7GOAXlvajv6OknSunxpcOBQQqsnPxObtkGs=
sigs.k8s.io/kustomize/kyaml v0.13.6/go.mod h1:yHP031rn1QX1lr/Xd934Ri/xdVNG8BE2ECa78Ht/kEg=
sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y=
sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
diff --git a/metropolis/node/build/fsspec/BUILD.bazel b/metropolis/node/build/fsspec/BUILD.bazel
index 49ff9a0..eeddda7 100644
--- a/metropolis/node/build/fsspec/BUILD.bazel
+++ b/metropolis/node/build/fsspec/BUILD.bazel
@@ -14,7 +14,7 @@
embed = [":fsspec_go_proto"],
importpath = "source.monogon.dev/metropolis/node/build/fsspec",
visibility = ["//visibility:public"],
- deps = ["@com_github_golang_protobuf//proto:go_default_library"],
+ deps = ["@org_golang_google_protobuf//encoding/prototext"],
)
go_proto_library(
diff --git a/metropolis/node/build/fsspec/utils.go b/metropolis/node/build/fsspec/utils.go
index 2438220..c51df06 100644
--- a/metropolis/node/build/fsspec/utils.go
+++ b/metropolis/node/build/fsspec/utils.go
@@ -4,7 +4,7 @@
"fmt"
"os"
- "github.com/golang/protobuf/proto"
+ "google.golang.org/protobuf/encoding/prototext"
)
// ReadMergeSpecs reads FSSpecs from all files in paths and merges them into
@@ -18,7 +18,7 @@
}
var spec FSSpec
- if err := proto.UnmarshalText(string(specRaw), &spec); err != nil {
+ if err := prototext.Unmarshal(specRaw, &spec); err != nil {
return nil, fmt.Errorf("failed to parse spec %q: %w", p, err)
}
for _, f := range spec.File {
diff --git a/metropolis/node/core/curator/BUILD.bazel b/metropolis/node/core/curator/BUILD.bazel
index 0e91e0e..302579f 100644
--- a/metropolis/node/core/curator/BUILD.bazel
+++ b/metropolis/node/core/curator/BUILD.bazel
@@ -42,9 +42,9 @@
"@com_github_google_cel_go//checker/decls:go_default_library",
"@com_github_google_cel_go//common/types:go_default_library",
"@com_zx2c4_golang_wireguard_wgctrl//wgtypes",
- "@go_googleapis//google/api/expr/v1alpha1:expr_go_proto",
"@io_etcd_go_etcd_client_v3//:client",
"@io_etcd_go_etcd_client_v3//concurrency",
+ "@org_golang_google_genproto//googleapis/api/expr/v1alpha1",
"@org_golang_google_grpc//:go_default_library",
"@org_golang_google_grpc//codes",
"@org_golang_google_grpc//keepalive",
diff --git a/metropolis/node/kubernetes/BUILD.bazel b/metropolis/node/kubernetes/BUILD.bazel
index cbad367..f888a57 100644
--- a/metropolis/node/kubernetes/BUILD.bazel
+++ b/metropolis/node/kubernetes/BUILD.bazel
@@ -39,7 +39,6 @@
"//metropolis/pkg/supervisor",
"//metropolis/proto/api",
"@com_github_container_storage_interface_spec//lib/go/csi",
- "@io_bazel_rules_go//proto/wkt:wrappers_go_proto",
"@io_k8s_api//core/v1:core",
"@io_k8s_api//storage/v1:storage",
"@io_k8s_apimachinery//pkg/api/errors",
@@ -60,6 +59,7 @@
"@org_golang_google_grpc//:go_default_library",
"@org_golang_google_grpc//codes",
"@org_golang_google_grpc//status",
+ "@org_golang_google_protobuf//types/known/wrapperspb",
"@org_golang_x_sys//unix",
],
)
diff --git a/metropolis/node/kubernetes/csi.go b/metropolis/node/kubernetes/csi.go
index e9f2ffa..ab9549d 100644
--- a/metropolis/node/kubernetes/csi.go
+++ b/metropolis/node/kubernetes/csi.go
@@ -25,11 +25,11 @@
"regexp"
"github.com/container-storage-interface/spec/lib/go/csi"
- "github.com/golang/protobuf/ptypes/wrappers"
"golang.org/x/sys/unix"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
+ "google.golang.org/protobuf/types/known/wrapperspb"
"k8s.io/kubelet/pkg/apis/pluginregistration/v1"
"source.monogon.dev/metropolis/node/core/localstorage"
@@ -279,7 +279,7 @@
}
func (s *csiPluginServer) Probe(ctx context.Context, req *csi.ProbeRequest) (*csi.ProbeResponse, error) {
- return &csi.ProbeResponse{Ready: &wrappers.BoolValue{Value: true}}, nil
+ return &csi.ProbeResponse{Ready: &wrapperspb.BoolValue{Value: true}}, nil
}
// Registration endpoints
diff --git a/metropolis/pkg/scsi/BUILD.bazel b/metropolis/pkg/scsi/BUILD.bazel
index f307a97..9c00b26 100644
--- a/metropolis/pkg/scsi/BUILD.bazel
+++ b/metropolis/pkg/scsi/BUILD.bazel
@@ -10,7 +10,6 @@
"scsi.go",
"scsi_linux.go",
"scsi_linux_defs.go",
- "scsi_linux_defs1.go",
"sensekeydata.go",
],
cgo = True,
diff --git a/metropolis/pkg/tpm/BUILD.bazel b/metropolis/pkg/tpm/BUILD.bazel
index 4873a82..76bb8bd 100644
--- a/metropolis/pkg/tpm/BUILD.bazel
+++ b/metropolis/pkg/tpm/BUILD.bazel
@@ -12,11 +12,11 @@
"//metropolis/pkg/logtree",
"//metropolis/pkg/sysfs",
"//metropolis/pkg/tpm/proto",
- "@com_github_golang_protobuf//proto:go_default_library",
"@com_github_google_go_tpm//tpm2",
"@com_github_google_go_tpm//tpmutil",
"@com_github_google_go_tpm_tools//client",
"@com_github_pkg_errors//:errors",
+ "@org_golang_google_protobuf//proto",
"@org_golang_x_crypto//nacl/secretbox",
"@org_golang_x_sys//unix",
],
diff --git a/metropolis/pkg/tpm/tpm.go b/metropolis/pkg/tpm/tpm.go
index 2a3f67a..7d45036 100644
--- a/metropolis/pkg/tpm/tpm.go
+++ b/metropolis/pkg/tpm/tpm.go
@@ -31,17 +31,18 @@
"sync"
"time"
- "github.com/golang/protobuf/proto"
tpm2tools "github.com/google/go-tpm-tools/client"
"github.com/google/go-tpm/tpm2"
"github.com/google/go-tpm/tpmutil"
"github.com/pkg/errors"
"golang.org/x/crypto/nacl/secretbox"
"golang.org/x/sys/unix"
+ "google.golang.org/protobuf/proto"
+
+ tpmpb "source.monogon.dev/metropolis/pkg/tpm/proto"
"source.monogon.dev/metropolis/pkg/logtree"
"source.monogon.dev/metropolis/pkg/sysfs"
- tpmpb "source.monogon.dev/metropolis/pkg/tpm/proto"
)
var (
diff --git a/third_party/gazelle/add-prepatching.patch b/third_party/gazelle/add-prepatching.patch
index dd2b1e0..1049e8e 100644
--- a/third_party/gazelle/add-prepatching.patch
+++ b/third_party/gazelle/add-prepatching.patch
@@ -1,60 +1,40 @@
-From bf6362aa01dd00c82996dcabfb1cb20d7919c552 Mon Sep 17 00:00:00 2001
-From: Lorenz Brun <lorenz@nexantic.com>
-Date: Wed, 22 Jul 2020 09:46:56 +0200
+From cdcf80bafba0ff61527a710899002936e2b117d6 Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@monogon.tech>
+Date: Thu, 31 Aug 2023 15:52:06 +0200
Subject: [PATCH] Add support for prepatching
---
- internal/go_repository.bzl | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
+ internal/go_repository.bzl | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
diff --git a/internal/go_repository.bzl b/internal/go_repository.bzl
-index 9928fa8..a3af13d 100644
+index cb0ac74..5a2a9e2 100644
--- a/internal/go_repository.bzl
+++ b/internal/go_repository.bzl
-@@ -213,6 +213,8 @@ def _go_repository_impl(ctx):
+@@ -257,6 +257,11 @@ def _go_repository_impl(ctx):
if ctx.attr.debug_mode and result.stderr:
print("fetch_repo: " + result.stderr)
-+ patch(ctx, True)
++ # TODO(lorenz): Replace this with patch() once the patches argument no longer gets merged with
++ # the attribute pulled from ctx.
++ for p in ctx.attr.pre_patches:
++ ctx.patch(p, 1)
+
# Repositories are fetched. Determine if build file generation is needed.
build_file_names = ctx.attr.build_file_name.split(",")
existing_build_file = ""
-@@ -474,6 +476,10 @@ go_repository = repository_rule(
+@@ -538,6 +543,11 @@ go_repository = repository_rule(
Gazelle directives.""",
),
+ # Patches to apply before running gazelle.
-+ "pre_patches": attr.label_list(),
-+ "pre_patch_cmds": attr.string_list(default = []),
++ "pre_patches": attr.label_list(
++ doc = "A list of patches to apply to the repository before gazelle runs.",
++ ),
+
# Patches to apply after running gazelle.
"patches": attr.label_list(
doc = "A list of patches to apply to the repository after gazelle runs.",
-@@ -504,10 +510,11 @@ go_repository = repository_rule(
- """See repository.md#go-repository for full documentation."""
-
- # Copied from @bazel_tools//tools/build_defs/repo:utils.bzl
--def patch(ctx):
-+def patch(ctx, pre_mode = False):
- """Implementation of patching an already extracted repository"""
- bash_exe = ctx.os.environ["BAZEL_SH"] if "BAZEL_SH" in ctx.os.environ else "bash"
-- for patchfile in ctx.attr.patches:
-+ patches = ctx.attr.patches if not pre_mode else ctx.attr.pre_patches
-+ for patchfile in patches:
- command = "{patchtool} {patch_args} < {patchfile}".format(
- patchtool = ctx.attr.patch_tool,
- patchfile = ctx.path(patchfile),
-@@ -520,7 +527,8 @@ def patch(ctx):
- if st.return_code:
- fail("Error applying patch %s:\n%s%s" %
- (str(patchfile), st.stderr, st.stdout))
-- for cmd in ctx.attr.patch_cmds:
-+ patch_cmds = ctx.attr.patch_cmds if not pre_mode else ctx.attr.pre_patch_cmds
-+ for cmd in patch_cmds:
- st = ctx.execute([bash_exe, "-c", cmd])
- if st.return_code:
- fail("Error applying patch command %s:\n%s%s" %
--
-2.25.1
+2.41.0
diff --git a/third_party/go/patches/grpc_extra_deps.patch b/third_party/go/patches/grpc_extra_deps.patch
new file mode 100644
index 0000000..2030e6d
--- /dev/null
+++ b/third_party/go/patches/grpc_extra_deps.patch
@@ -0,0 +1,19 @@
+diff --git a/bazel/grpc_extra_deps.bzl b/bazel/grpc_extra_deps.bzl
+index 4d8afa3131..b42224501f 100644
+--- a/bazel/grpc_extra_deps.bzl
++++ b/bazel/grpc_extra_deps.bzl
+@@ -52,14 +52,6 @@ def grpc_extra_deps(ignore_version_differences = False):
+
+ api_dependencies()
+
+- go_rules_dependencies()
+- go_register_toolchains(version = "1.18")
+- gazelle_dependencies()
+-
+- # Pull-in the go 3rd party dependencies for protoc_gen_validate, which is
+- # needed for building C++ xDS protos
+- go_third_party()
+-
+ apple_rules_dependencies(ignore_version_differences = ignore_version_differences)
+
+ apple_support_dependencies()
\ No newline at end of file
diff --git a/third_party/go/patches/gvisor-containerd-compat.patch b/third_party/go/patches/gvisor-containerd-compat.patch
index 89eb40f..a1a2dc7 100644
--- a/third_party/go/patches/gvisor-containerd-compat.patch
+++ b/third_party/go/patches/gvisor-containerd-compat.patch
@@ -1,6 +1,6 @@
-From bf861ce45721791336b617a44844613bb74c677a Mon Sep 17 00:00:00 2001
-From: Lorenz Brun <lorenz@monogon.tech>
-Date: Tue, 22 Mar 2022 00:52:48 +0100
+From 2aaae27bbcdae1c917441932fb79b6f6b6e0ebcd Mon Sep 17 00:00:00 2001
+From: Tim Windelschmidt <tim@monogon.tech>
+Date: Tue, 12 Sep 2023 14:33:58 +0200
Subject: [PATCH] containerd 1.6 compatibility
---
@@ -24,10 +24,10 @@
}
} else if !e.stdio.IsNull() {
diff --git a/pkg/shim/proc/init.go b/pkg/shim/proc/init.go
-index 6bf090813..76df1101a 100644
+index fcdc8e2bc..f2aaf6c2a 100644
--- a/pkg/shim/proc/init.go
+++ b/pkg/shim/proc/init.go
-@@ -152,7 +152,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) (err error) {
+@@ -155,7 +155,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) (err error) {
if err != nil {
return fmt.Errorf("failed to retrieve console master: %w", err)
}
@@ -37,7 +37,7 @@
return fmt.Errorf("failed to start console copy: %w", err)
}
diff --git a/pkg/shim/service.go b/pkg/shim/service.go
-index 68966afdf..772168052 100644
+index a6904e1ae..964a152c9 100644
--- a/pkg/shim/service.go
+++ b/pkg/shim/service.go
@@ -50,7 +50,7 @@ import (
@@ -46,13 +46,13 @@
"gvisor.dev/gvisor/pkg/cleanup"
- "gvisor.dev/gvisor/pkg/shim/runtimeoptions/v14"
+ v14 "gvisor.dev/gvisor/pkg/shim/runtimeoptions/v14"
-
+
"gvisor.dev/gvisor/pkg/shim/proc"
"gvisor.dev/gvisor/pkg/shim/runsc"
@@ -189,7 +189,7 @@ type service struct {
- shimAddress string
- }
-
+
+ var _ shim.Shim = (*service)(nil)
+
-func (s *service) newCommand(ctx context.Context, containerdBinary, containerdAddress string) (*exec.Cmd, error) {
+func (s *service) newCommand(ctx context.Context, id, containerdBinary, containerdAddress string) (*exec.Cmd, error) {
ns, err := namespaces.NamespaceRequired(ctx)
@@ -69,12 +69,12 @@
@@ -219,14 +220,14 @@ func (s *service) newCommand(ctx context.Context, containerdBinary, containerdAd
return cmd, nil
}
-
+
-func (s *service) StartShim(ctx context.Context, id, containerdBinary, containerdAddress, containerdTTRPCAddress string) (string, error) {
- log.L.Debugf("StartShim, id: %s, binary: %q, address: %q", id, containerdBinary, containerdAddress)
+func (s *service) StartShim(ctx context.Context, opts shim.StartOpts) (string, error) {
+ log.L.Debugf("StartShim, id: %s, binary: %q, address: %q", opts.ID, opts.ContainerdBinary, opts.Address)
-
+
- cmd, err := s.newCommand(ctx, containerdBinary, containerdAddress)
+ cmd, err := s.newCommand(ctx, opts.ID, opts.ContainerdBinary, opts.Address)
if err != nil {
@@ -103,12 +103,12 @@
@@ -33,7 +33,7 @@ type linuxPlatform struct {
epoller *console.Epoller
}
-
+
-func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, wg *sync.WaitGroup) (console.Console, error) {
+func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console, id, stdin, stdout, stderr string, wg *sync.WaitGroup) (console.Console, error) {
if p.epoller == nil {
return nil, fmt.Errorf("uninitialized epoller")
}
---
-2.25.1
+--
+2.41.0
diff --git a/third_party/go/patches/gvisor-fix-debug-builds.patch b/third_party/go/patches/gvisor-fix-debug-builds.patch
new file mode 100644
index 0000000..ea5b04d
--- /dev/null
+++ b/third_party/go/patches/gvisor-fix-debug-builds.patch
@@ -0,0 +1,1364 @@
+From eb22b742839180a0bdb3953c061da15ba822d56d Mon Sep 17 00:00:00 2001
+From: Tim Windelschmidt <tim@monogon.tech>
+Date: Tue, 12 Sep 2023 15:06:49 +0200
+Subject: [PATCH] fix debug builds
+
+---
+ pkg/sentry/platform/kvm/address_space.go | 3 +
+ .../platform/kvm/address_space_debug.go | 242 +++++
+ .../platform/kvm/bluepill_debug_unsafe.go | 215 +++++
+ pkg/sentry/platform/kvm/bluepill_unsafe.go | 4 +-
+ pkg/sentry/platform/kvm/machine.go | 3 +
+ pkg/sentry/platform/kvm/machine_debug.go | 826 ++++++++++++++++++
+ 6 files changed, 1291 insertions(+), 2 deletions(-)
+ create mode 100644 pkg/sentry/platform/kvm/address_space_debug.go
+ create mode 100644 pkg/sentry/platform/kvm/bluepill_debug_unsafe.go
+ create mode 100644 pkg/sentry/platform/kvm/machine_debug.go
+
+diff --git a/pkg/sentry/platform/kvm/address_space.go b/pkg/sentry/platform/kvm/address_space.go
+index 79ccbea35..7e30d0365 100644
+--- a/pkg/sentry/platform/kvm/address_space.go
++++ b/pkg/sentry/platform/kvm/address_space.go
+@@ -12,6 +12,9 @@
+ // See the License for the specific language governing permissions and
+ // limitations under the License.
+
++//go:build !kvm_debug
++// +build !kvm_debug
++
+ package kvm
+
+ import (
+diff --git a/pkg/sentry/platform/kvm/address_space_debug.go b/pkg/sentry/platform/kvm/address_space_debug.go
+new file mode 100644
+index 000000000..69aeba45a
+--- /dev/null
++++ b/pkg/sentry/platform/kvm/address_space_debug.go
+@@ -0,0 +1,242 @@
++// Copyright 2018 The gVisor Authors.
++//
++// Licensed under the Apache License, Version 2.0 (the "License");
++// you may not use this file except in compliance with the License.
++// You may obtain a copy of the License at
++//
++// http://www.apache.org/licenses/LICENSE-2.0
++//
++// Unless required by applicable law or agreed to in writing, software
++// distributed under the License is distributed on an "AS IS" BASIS,
++// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++// See the License for the specific language governing permissions and
++// limitations under the License.
++
++//go:build kvm_debug
++// +build kvm_debug
++
++package kvm
++
++import (
++ "gvisor.dev/gvisor/pkg/atomicbitops"
++ "gvisor.dev/gvisor/pkg/hostarch"
++ "gvisor.dev/gvisor/pkg/ring0/pagetables"
++ "gvisor.dev/gvisor/pkg/sentry/memmap"
++ "gvisor.dev/gvisor/pkg/sentry/platform"
++ "gvisor.dev/gvisor/pkg/sync"
++)
++
++// dirtySet tracks vCPUs for invalidation.
++type dirtySet struct {
++ vCPUMasks []atomicbitops.Uint64
++}
++
++// forEach iterates over all CPUs in the dirty set.
++func (ds *dirtySet) forEach(m *machine, fn func(c *vCPU)) {
++ for index := range ds.vCPUMasks {
++ mask := ds.vCPUMasks[index].Swap(0)
++ if mask != 0 {
++ for bit := 0; bit < 64; bit++ {
++ if mask&(1<<uint64(bit)) == 0 {
++ continue
++ }
++ id := 64*index + bit
++ fn(m.vCPUsByID[id])
++ }
++ }
++ }
++}
++
++// mark marks the given vCPU as dirty and returns whether it was previously
++// clean. Being previously clean implies that a flush is needed on entry.
++func (ds *dirtySet) mark(c *vCPU) bool {
++ index := uint64(c.id) / 64
++ bit := uint64(1) << uint(c.id%64)
++
++ oldValue := ds.vCPUMasks[index].Load()
++ if oldValue&bit != 0 {
++ return false // Not clean.
++ }
++
++ // Set the bit unilaterally, and ensure that a flush takes place. Note
++ // that it's possible for races to occur here, but since the flush is
++ // taking place long after these lines there's no race in practice.
++ atomicbitops.OrUint64(&ds.vCPUMasks[index], bit)
++ return true // Previously clean.
++}
++
++// addressSpace is a wrapper for PageTables.
++type addressSpace struct {
++ platform.NoAddressSpaceIO
++
++ // mu is the lock for modifications to the address space.
++ //
++ // Note that the page tables themselves are not locked.
++ mu sync.Mutex
++
++ // machine is the underlying machine.
++ machine *machine
++
++ // pageTables are for this particular address space.
++ pageTables *pagetables.PageTables
++
++ // dirtySet is the set of dirty vCPUs.
++ dirtySet *dirtySet
++}
++
++// Invalidate interrupts all dirty contexts.
++func (as *addressSpace) Invalidate() {
++ as.mu.Lock()
++ defer as.mu.Unlock()
++ as.invalidate()
++}
++
++// Touch adds the given vCPU to the dirty list.
++//
++// The return value indicates whether a flush is required.
++func (as *addressSpace) Touch(c *vCPU) bool {
++ return as.dirtySet.mark(c)
++}
++
++type hostMapEntry struct {
++ addr uintptr
++ length uintptr
++}
++
++// mapLocked maps the given host entry.
++//
++// +checkescape:hard,stack
++func (as *addressSpace) mapLocked(addr hostarch.Addr, m hostMapEntry, at hostarch.AccessType) (inv bool) {
++ for m.length > 0 {
++ physical, length, ok := translateToPhysical(m.addr)
++ if !ok {
++ panic("unable to translate segment")
++ }
++ if length > m.length {
++ length = m.length
++ }
++
++ // Ensure that this map has physical mappings. If the page does
++ // not have physical mappings, the KVM module may inject
++ // spurious exceptions when emulation fails (i.e. it tries to
++ // emulate because the RIP is pointed at those pages).
++ as.machine.mapPhysical(physical, length, physicalRegions)
++
++ // Install the page table mappings. Note that the ordering is
++ // important; if the pagetable mappings were installed before
++ // ensuring the physical pages were available, then some other
++ // thread could theoretically access them.
++ inv = as.pageTables.Map(addr, length, pagetables.MapOpts{
++ AccessType: at,
++ User: true,
++ }, physical) || inv
++ m.addr += length
++ m.length -= length
++ addr += hostarch.Addr(length)
++ }
++
++ return inv
++}
++
++// MapFile implements platform.AddressSpace.MapFile.
++func (as *addressSpace) MapFile(addr hostarch.Addr, f memmap.File, fr memmap.FileRange, at hostarch.AccessType, precommit bool) error {
++ as.mu.Lock()
++ defer as.mu.Unlock()
++
++ // Get mappings in the sentry's address space, which are guaranteed to be
++ // valid as long as a reference is held on the mapped pages (which is in
++ // turn required by AddressSpace.MapFile precondition).
++ //
++ // If precommit is true, we will touch mappings to commit them, so ensure
++ // that mappings are readable from sentry context.
++ //
++ // We don't execute from application file-mapped memory, and guest page
++ // tables don't care if we have execute permission (but they do need pages
++ // to be readable).
++ bs, err := f.MapInternal(fr, hostarch.AccessType{
++ Read: at.Read || at.Execute || precommit,
++ Write: at.Write,
++ })
++ if err != nil {
++ return err
++ }
++
++ // See block in mapLocked.
++ as.pageTables.Allocator.(*allocator).cpu = as.machine.Get()
++ defer as.machine.Put(as.pageTables.Allocator.(*allocator).cpu)
++
++ // Map the mappings in the sentry's address space (guest physical memory)
++ // into the application's address space (guest virtual memory).
++ inv := false
++ for !bs.IsEmpty() {
++ b := bs.Head()
++ bs = bs.Tail()
++ // Since fr was page-aligned, b should also be page-aligned. We do the
++ // lookup in our host page tables for this translation.
++ if precommit {
++ s := b.ToSlice()
++ for i := 0; i < len(s); i += hostarch.PageSize {
++ _ = s[i] // Touch to commit.
++ }
++ }
++
++ // See bluepill_allocator.go.
++ bluepill(as.pageTables.Allocator.(*allocator).cpu)
++
++ // Perform the mapping.
++ prev := as.mapLocked(addr, hostMapEntry{
++ addr: b.Addr(),
++ length: uintptr(b.Len()),
++ }, at)
++ inv = inv || prev
++ addr += hostarch.Addr(b.Len())
++ }
++ if inv {
++ as.invalidate()
++ }
++
++ return nil
++}
++
++// unmapLocked is an escape-checked wrapped around Unmap.
++//
++// +checkescape:hard,stack
++func (as *addressSpace) unmapLocked(addr hostarch.Addr, length uint64) bool {
++ return as.pageTables.Unmap(addr, uintptr(length))
++}
++
++// Unmap unmaps the given range by calling pagetables.PageTables.Unmap.
++func (as *addressSpace) Unmap(addr hostarch.Addr, length uint64) {
++ as.mu.Lock()
++ defer as.mu.Unlock()
++
++ // See above & bluepill_allocator.go.
++ as.pageTables.Allocator.(*allocator).cpu = as.machine.Get()
++ defer as.machine.Put(as.pageTables.Allocator.(*allocator).cpu)
++ bluepill(as.pageTables.Allocator.(*allocator).cpu)
++
++ if prev := as.unmapLocked(addr, length); prev {
++ // Invalidate all active vCPUs.
++ as.invalidate()
++
++ // Recycle any freed intermediate pages.
++ as.pageTables.Allocator.Recycle()
++ }
++}
++
++// Release releases the page tables.
++func (as *addressSpace) Release() {
++ as.Unmap(0, ^uint64(0))
++
++ // Free all pages from the allocator.
++ as.pageTables.Allocator.(*allocator).base.Drain()
++
++ // Drop all cached machine references.
++ as.machine.dropPageTables(as.pageTables)
++}
++
++// PreFork implements platform.AddressSpace.PreFork.
++func (as *addressSpace) PreFork() {}
++
++// PostFork implements platform.AddressSpace.PostFork.
++func (as *addressSpace) PostFork() {}
+diff --git a/pkg/sentry/platform/kvm/bluepill_debug_unsafe.go b/pkg/sentry/platform/kvm/bluepill_debug_unsafe.go
+new file mode 100644
+index 000000000..5feb45c19
+--- /dev/null
++++ b/pkg/sentry/platform/kvm/bluepill_debug_unsafe.go
+@@ -0,0 +1,215 @@
++// Copyright 2018 The gVisor Authors.
++//
++// Licensed under the Apache License, Version 2.0 (the "License");
++// you may not use this file except in compliance with the License.
++// You may obtain a copy of the License at
++//
++// http://www.apache.org/licenses/LICENSE-2.0
++//
++// Unless required by applicable law or agreed to in writing, software
++// distributed under the License is distributed on an "AS IS" BASIS,
++// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++// See the License for the specific language governing permissions and
++// limitations under the License.
++
++//go:build go1.18 && kvm_debug
++// +build go1.18,kvm_debug
++
++// //go:linkname directives type-checked by checklinkname. Any other
++// non-linkname assumptions outside the Go 1 compatibility guarantee should
++// have an accompanied vet check or version guard build tag.
++
++package kvm
++
++import (
++ "unsafe"
++
++ "golang.org/x/sys/unix"
++ "gvisor.dev/gvisor/pkg/sentry/arch"
++)
++
++//go:linkname throw runtime.throw
++func throw(s string)
++
++// vCPUPtr returns a CPU for the given address.
++func vCPUPtr(addr uintptr) *vCPU {
++ return (*vCPU)(unsafe.Pointer(addr))
++}
++
++// bytePtr returns a bytePtr for the given address.
++func bytePtr(addr uintptr) *byte {
++ return (*byte)(unsafe.Pointer(addr))
++}
++
++// uintptrValue returns a uintptr for the given address.
++func uintptrValue(addr *byte) uintptr {
++ return (uintptr)(unsafe.Pointer(addr))
++}
++
++// bluepillArchContext returns the UContext64.
++func bluepillArchContext(context unsafe.Pointer) *arch.SignalContext64 {
++ return &((*arch.UContext64)(context).MContext)
++}
++
++// bluepillHandleHlt is reponsible for handling VM-Exit.
++func bluepillGuestExit(c *vCPU, context unsafe.Pointer) {
++ // Increment our counter.
++ c.guestExits.Add(1)
++
++ // Copy out registers.
++ bluepillArchExit(c, bluepillArchContext(context))
++
++ // Return to the vCPUReady state; notify any waiters.
++ user := c.state.Load() & vCPUUser
++ switch c.state.Swap(user) {
++ case user | vCPUGuest: // Expected case.
++ case user | vCPUGuest | vCPUWaiter:
++ c.notify()
++ default:
++ throw("invalid state")
++ }
++}
++
++var hexSyms = []byte("0123456789abcdef")
++
++func printHex(title []byte, val uint64) {
++ var str [18]byte
++ for i := 0; i < 16; i++ {
++ str[16-i] = hexSyms[val&0xf]
++ val = val >> 4
++ }
++ str[0] = ' '
++ str[17] = '\n'
++ unix.RawSyscall(unix.SYS_WRITE, uintptr(unix.Stderr), uintptr(unsafe.Pointer(&title[0])), uintptr(len(title)))
++ unix.RawSyscall(unix.SYS_WRITE, uintptr(unix.Stderr), uintptr(unsafe.Pointer(&str)), 18)
++}
++
++// bluepillHandler is called from the signal stub.
++//
++// The world may be stopped while this is executing, and it executes on the
++// signal stack. It should only execute raw system calls and functions that are
++// explicitly marked go:nosplit.
++//
++// Ideally, this function should switch to gsignal, as runtime.sigtramp does,
++// but that is tedious given all the runtime internals. That said, using
++// gsignal inside a signal handler is not _required_, provided we avoid stack
++// splits and allocations. Note that calling any splittable function here will
++// be flaky; if the signal stack is below the G stack then we will trigger a
++// split and crash. If above, we won't trigger a split.
++//
++// +checkescape:all
++func bluepillHandler(context unsafe.Pointer) {
++ // Sanitize the registers; interrupts must always be disabled.
++ c := bluepillArchEnter(bluepillArchContext(context))
++
++ // Mark this as guest mode.
++ switch c.state.Swap(vCPUGuest | vCPUUser) {
++ case vCPUUser: // Expected case.
++ case vCPUUser | vCPUWaiter:
++ c.notify()
++ default:
++ throw("invalid state")
++ }
++
++ for {
++ hostExitCounter.Increment()
++ _, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(c.fd), _KVM_RUN, 0) // escapes: no.
++ switch errno {
++ case 0: // Expected case.
++ case unix.EINTR:
++ interruptCounter.Increment()
++ // First, we process whatever pending signal
++ // interrupted KVM. Since we're in a signal handler
++ // currently, all signals are masked and the signal
++ // must have been delivered directly to this thread.
++ timeout := unix.Timespec{}
++ sig, _, errno := unix.RawSyscall6( // escapes: no.
++ unix.SYS_RT_SIGTIMEDWAIT,
++ uintptr(unsafe.Pointer(&bounceSignalMask)),
++ 0, // siginfo.
++ uintptr(unsafe.Pointer(&timeout)), // timeout.
++ 8, // sigset size.
++ 0, 0)
++ if errno == unix.EAGAIN {
++ continue
++ }
++ if errno != 0 {
++ throw("error waiting for pending signal")
++ }
++ if sig != uintptr(bounceSignal) {
++ throw("unexpected signal")
++ }
++
++ // Check whether the current state of the vCPU is ready
++ // for interrupt injection. Because we don't have a
++ // PIC, we can't inject an interrupt while they are
++ // masked. We need to request a window if it's not
++ // ready.
++ if bluepillReadyStopGuest(c) {
++ // Force injection below; the vCPU is ready.
++ c.runData.exitReason = _KVM_EXIT_IRQ_WINDOW_OPEN
++ } else {
++ c.runData.requestInterruptWindow = 1
++ continue // Rerun vCPU.
++ }
++ case unix.EFAULT:
++ // If a fault is not serviceable due to the host
++ // backing pages having page permissions, instead of an
++ // MMIO exit we receive EFAULT from the run ioctl. We
++ // always inject an NMI here since we may be in kernel
++ // mode and have interrupts disabled.
++ bluepillSigBus(c)
++ continue // Rerun vCPU.
++ case unix.ENOSYS:
++ bluepillHandleEnosys(c)
++ continue
++ default:
++ throw("run failed")
++ }
++
++ switch c.runData.exitReason {
++ case _KVM_EXIT_EXCEPTION:
++ c.die(bluepillArchContext(context), "exception")
++ return
++ case _KVM_EXIT_IO:
++ c.die(bluepillArchContext(context), "I/O")
++ return
++ case _KVM_EXIT_INTERNAL_ERROR:
++ // An internal error is typically thrown when emulation
++ // fails. This can occur via the MMIO path below (and
++ // it might fail because we have multiple regions that
++ // are not mapped). We would actually prefer that no
++ // emulation occur, and don't mind at all if it fails.
++ case _KVM_EXIT_HYPERCALL:
++ c.die(bluepillArchContext(context), "hypercall")
++ return
++ case _KVM_EXIT_DEBUG:
++ c.die(bluepillArchContext(context), "debug")
++ return
++ case _KVM_EXIT_HLT:
++ c.hltSanityCheck()
++ bluepillGuestExit(c, context)
++ return
++ case _KVM_EXIT_MMIO:
++ physical := uintptr(c.runData.data[0])
++ if getHypercallID(physical) == _KVM_HYPERCALL_VMEXIT {
++ bluepillGuestExit(c, context)
++ return
++ }
++
++ c.die(bluepillArchContext(context), "exit_mmio")
++ return
++ case _KVM_EXIT_IRQ_WINDOW_OPEN:
++ bluepillStopGuest(c)
++ case _KVM_EXIT_SHUTDOWN:
++ c.die(bluepillArchContext(context), "shutdown")
++ return
++ case _KVM_EXIT_FAIL_ENTRY:
++ c.die(bluepillArchContext(context), "entry failed")
++ return
++ default:
++ bluepillArchHandleExit(c, context)
++ return
++ }
++ }
++}
+diff --git a/pkg/sentry/platform/kvm/bluepill_unsafe.go b/pkg/sentry/platform/kvm/bluepill_unsafe.go
+index 81bd9f814..ad8b966e7 100644
+--- a/pkg/sentry/platform/kvm/bluepill_unsafe.go
++++ b/pkg/sentry/platform/kvm/bluepill_unsafe.go
+@@ -12,8 +12,8 @@
+ // See the License for the specific language governing permissions and
+ // limitations under the License.
+
+-//go:build go1.18
+-// +build go1.18
++//go:build go1.18 && !kvm_debug
++// +build go1.18,!kvm_debug
+
+ // //go:linkname directives type-checked by checklinkname. Any other
+ // non-linkname assumptions outside the Go 1 compatibility guarantee should
+diff --git a/pkg/sentry/platform/kvm/machine.go b/pkg/sentry/platform/kvm/machine.go
+index f39bf1f06..4f0264db7 100644
+--- a/pkg/sentry/platform/kvm/machine.go
++++ b/pkg/sentry/platform/kvm/machine.go
+@@ -12,6 +12,9 @@
+ // See the License for the specific language governing permissions and
+ // limitations under the License.
+
++//go:build !kvm_debug
++// +build !kvm_debug
++
+ package kvm
+
+ import (
+diff --git a/pkg/sentry/platform/kvm/machine_debug.go b/pkg/sentry/platform/kvm/machine_debug.go
+new file mode 100644
+index 000000000..0a4735d2d
+--- /dev/null
++++ b/pkg/sentry/platform/kvm/machine_debug.go
+@@ -0,0 +1,826 @@
++// Copyright 2018 The gVisor Authors.
++//
++// Licensed under the Apache License, Version 2.0 (the "License");
++// you may not use this file except in compliance with the License.
++// You may obtain a copy of the License at
++//
++// http://www.apache.org/licenses/LICENSE-2.0
++//
++// Unless required by applicable law or agreed to in writing, software
++// distributed under the License is distributed on an "AS IS" BASIS,
++// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++// See the License for the specific language governing permissions and
++// limitations under the License.
++
++//go:build kvm_debug
++// +build kvm_debug
++
++package kvm
++
++import (
++ "fmt"
++ "runtime"
++ gosync "sync"
++ "sync/atomic"
++ "time"
++
++ "golang.org/x/sys/unix"
++ "gvisor.dev/gvisor/pkg/abi/linux"
++ "gvisor.dev/gvisor/pkg/atomicbitops"
++ "gvisor.dev/gvisor/pkg/hostarch"
++ "gvisor.dev/gvisor/pkg/hosttid"
++ "gvisor.dev/gvisor/pkg/log"
++ "gvisor.dev/gvisor/pkg/metric"
++ "gvisor.dev/gvisor/pkg/ring0"
++ "gvisor.dev/gvisor/pkg/ring0/pagetables"
++ "gvisor.dev/gvisor/pkg/seccomp"
++ ktime "gvisor.dev/gvisor/pkg/sentry/time"
++ "gvisor.dev/gvisor/pkg/sighandling"
++ "gvisor.dev/gvisor/pkg/sync"
++)
++
++// machine contains state associated with the VM as a whole.
++type machine struct {
++ // fd is the vm fd.
++ fd int
++
++ // machinePoolIndex is the index in the machinePool array.
++ machinePoolIndex uint32
++
++ // nextSlot is the next slot for setMemoryRegion.
++ //
++ // If nextSlot is ^uint32(0), then slots are currently being updated, and the
++ // caller should retry.
++ nextSlot atomicbitops.Uint32
++
++ // upperSharedPageTables tracks the read-only shared upper of all the pagetables.
++ upperSharedPageTables *pagetables.PageTables
++
++ // kernel is the set of global structures.
++ kernel ring0.Kernel
++
++ // mu protects vCPUs.
++ mu sync.RWMutex
++
++ // available is notified when vCPUs are available.
++ available sync.Cond
++
++ // vCPUsByTID are the machine vCPUs.
++ //
++ // These are populated dynamically.
++ vCPUsByTID map[uint64]*vCPU
++
++ // vCPUsByID are the machine vCPUs, can be indexed by the vCPU's ID.
++ vCPUsByID []*vCPU
++
++ // usedVCPUs is the number of vCPUs that have been used from the
++ // vCPUsByID pool.
++ usedVCPUs int
++
++ // maxVCPUs is the maximum number of vCPUs supported by the machine.
++ maxVCPUs int
++
++ // maxSlots is the maximum number of memory slots supported by the machine.
++ maxSlots int
++
++ // tscControl checks whether cpu supports TSC scaling
++ tscControl bool
++
++ // usedSlots is the set of used physical addresses (not sorted).
++ usedSlots []uintptr
++}
++
++const (
++ // vCPUReady is an alias for all the below clear.
++ vCPUReady uint32 = 0
++
++ // vCPUser indicates that the vCPU is in or about to enter user mode.
++ vCPUUser uint32 = 1 << 0
++
++ // vCPUGuest indicates the vCPU is in guest mode.
++ vCPUGuest uint32 = 1 << 1
++
++ // vCPUWaiter indicates that there is a waiter.
++ //
++ // If this is set, then notify must be called on any state transitions.
++ vCPUWaiter uint32 = 1 << 2
++)
++
++// Field values for the get_vcpu metric acquisition path used.
++var (
++ getVCPUAcquisitionFastReused = metric.FieldValue{"fast_reused"}
++ getVCPUAcquisitionReused = metric.FieldValue{"reused"}
++ getVCPUAcquisitionUnused = metric.FieldValue{"unused"}
++ getVCPUAcquisitionStolen = metric.FieldValue{"stolen"}
++)
++
++var (
++ // hostExitCounter is a metric that tracks how many times the sentry
++ // performed a host to guest world switch.
++ hostExitCounter = metric.MustCreateNewProfilingUint64Metric(
++ "/kvm/host_exits", false, "The number of times the sentry performed a host to guest world switch.")
++
++ // userExitCounter is a metric that tracks how many times the sentry has
++ // had an exit from userspace. Analogous to vCPU.userExits.
++ userExitCounter = metric.MustCreateNewProfilingUint64Metric(
++ "/kvm/user_exits", false, "The number of times the sentry has had an exit from userspace.")
++
++ // interruptCounter is a metric that tracks how many times execution returned
++ // to the KVM host to handle a pending signal.
++ interruptCounter = metric.MustCreateNewProfilingUint64Metric(
++ "/kvm/interrupts", false, "The number of times the signal handler was invoked.")
++
++ // mmapCallCounter is a metric that tracks how many times the function
++ // seccompMmapSyscall has been called.
++ mmapCallCounter = metric.MustCreateNewProfilingUint64Metric(
++ "/kvm/mmap_calls", false, "The number of times seccompMmapSyscall has been called.")
++
++ // getVCPUCounter is a metric that tracks how many times different paths of
++ // machine.Get() are triggered.
++ getVCPUCounter = metric.MustCreateNewProfilingUint64Metric(
++ "/kvm/get_vcpu", false, "The number of times that machine.Get() was called, split by path the function took.",
++ metric.NewField("acquisition_type", &getVCPUAcquisitionFastReused, &getVCPUAcquisitionReused, &getVCPUAcquisitionUnused, &getVCPUAcquisitionStolen))
++
++ // asInvalidateDuration are durations of calling addressSpace.invalidate().
++ asInvalidateDuration = metric.MustCreateNewProfilingTimerMetric("/kvm/address_space_invalidate",
++ metric.NewExponentialBucketer(15, uint64(time.Nanosecond*100), 1, 2),
++ "Duration of calling addressSpace.invalidate().")
++)
++
++// vCPU is a single KVM vCPU.
++type vCPU struct {
++ // CPU is the kernel CPU data.
++ //
++ // This must be the first element of this structure, it is referenced
++ // by the bluepill code (see bluepill_amd64.s).
++ ring0.CPU
++
++ // id is the vCPU id.
++ id int
++
++ // fd is the vCPU fd.
++ fd int
++
++ // tid is the last set tid.
++ tid atomicbitops.Uint64
++
++ // userExits is the count of user exits.
++ userExits atomicbitops.Uint64
++
++ // guestExits is the count of guest to host world switches.
++ guestExits atomicbitops.Uint64
++
++ // faults is a count of world faults (informational only).
++ faults uint32
++
++ // state is the vCPU state.
++ //
++ // This is a bitmask of the three fields (vCPU*) described above.
++ state atomicbitops.Uint32
++
++ // runData for this vCPU.
++ runData *runData
++
++ // machine associated with this vCPU.
++ machine *machine
++
++ // active is the current addressSpace: this is set and read atomically,
++ // it is used to elide unnecessary interrupts due to invalidations.
++ active atomicAddressSpace
++
++ // vCPUArchState is the architecture-specific state.
++ vCPUArchState
++
++ // dieState holds state related to vCPU death.
++ dieState dieState
++}
++
++type dieState struct {
++ // message is thrown from die.
++ message string
++
++ // guestRegs is used to store register state during vCPU.die() to prevent
++ // allocation inside nosplit function.
++ guestRegs userRegs
++}
++
++// createVCPU creates and returns a new vCPU.
++//
++// Precondition: mu must be held.
++func (m *machine) createVCPU(id int) *vCPU {
++ // Create the vCPU.
++ fd, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CREATE_VCPU, uintptr(id))
++ if errno != 0 {
++ panic(fmt.Sprintf("error creating new vCPU: %v", errno))
++ }
++
++ c := &vCPU{
++ id: id,
++ fd: int(fd),
++ machine: m,
++ }
++ c.CPU.Init(&m.kernel, c.id, c)
++ m.vCPUsByID[c.id] = c
++
++ // Ensure the signal mask is correct.
++ if err := c.setSignalMask(); err != nil {
++ panic(fmt.Sprintf("error setting signal mask: %v", err))
++ }
++
++ // Map the run data.
++ runData, err := mapRunData(int(fd))
++ if err != nil {
++ panic(fmt.Sprintf("error mapping run data: %v", err))
++ }
++ c.runData = runData
++
++ // Initialize architecture state.
++ if err := c.initArchState(); err != nil {
++ panic(fmt.Sprintf("error initialization vCPU state: %v", err))
++ }
++
++ return c // Done.
++}
++
++// newMachine returns a new VM context.
++func newMachine(vm int) (*machine, error) {
++ // Create the machine.
++ m := &machine{fd: vm}
++ m.available.L = &m.mu
++
++ // Pull the maximum vCPUs.
++ m.getMaxVCPU()
++ log.Debugf("The maximum number of vCPUs is %d.", m.maxVCPUs)
++ m.vCPUsByTID = make(map[uint64]*vCPU)
++ m.vCPUsByID = make([]*vCPU, m.maxVCPUs)
++ m.kernel.Init(m.maxVCPUs)
++
++ // Pull the maximum slots.
++ maxSlots, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_MAX_MEMSLOTS)
++ if errno != 0 {
++ m.maxSlots = _KVM_NR_MEMSLOTS
++ } else {
++ m.maxSlots = int(maxSlots)
++ }
++ log.Debugf("The maximum number of slots is %d.", m.maxSlots)
++ m.usedSlots = make([]uintptr, m.maxSlots)
++
++ // Check TSC Scaling
++ hasTSCControl, _, errno := unix.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), _KVM_CHECK_EXTENSION, _KVM_CAP_TSC_CONTROL)
++ m.tscControl = errno == 0 && hasTSCControl == 1
++ log.Debugf("TSC scaling support: %t.", m.tscControl)
++
++ // Create the upper shared pagetables and kernel(sentry) pagetables.
++ m.upperSharedPageTables = pagetables.New(newAllocator())
++ m.mapUpperHalf(m.upperSharedPageTables)
++ m.upperSharedPageTables.Allocator.(*allocator).base.Drain()
++ m.upperSharedPageTables.MarkReadOnlyShared()
++ m.kernel.PageTables = pagetables.NewWithUpper(newAllocator(), m.upperSharedPageTables, ring0.KernelStartAddress)
++
++ // Install seccomp rules to trap runtime mmap system calls. They will
++ // be handled by seccompMmapHandler.
++ seccompMmapRules(m)
++
++ // Apply the physical mappings. Note that these mappings may point to
++ // guest physical addresses that are not actually available. These
++ // physical pages are mapped on demand, see kernel_unsafe.go.
++ applyPhysicalRegions(func(pr physicalRegion) bool {
++ // Map everything in the lower half.
++ m.kernel.PageTables.Map(
++ hostarch.Addr(pr.virtual),
++ pr.length,
++ pagetables.MapOpts{AccessType: hostarch.ReadWrite},
++ pr.physical)
++
++ return true // Keep iterating.
++ })
++
++ // Ensure that the currently mapped virtual regions are actually
++ // available in the VM. Note that this doesn't guarantee no future
++ // faults, however it should guarantee that everything is available to
++ // ensure successful vCPU entry.
++ mapRegion := func(vr virtualRegion, flags uint32) {
++ for virtual := vr.virtual; virtual < vr.virtual+vr.length; {
++ physical, length, ok := translateToPhysical(virtual)
++ if !ok {
++ // This must be an invalid region that was
++ // knocked out by creation of the physical map.
++ return
++ }
++ if virtual+length > vr.virtual+vr.length {
++ // Cap the length to the end of the area.
++ length = vr.virtual + vr.length - virtual
++ }
++ // Update page tables for executable mappings.
++ if vr.accessType.Execute {
++ if vr.accessType.Write {
++ panic(fmt.Sprintf("executable mapping can't be writable: %#v", vr))
++ }
++ m.kernel.PageTables.Map(
++ hostarch.Addr(virtual),
++ length,
++ pagetables.MapOpts{AccessType: vr.accessType},
++ physical)
++ }
++
++ // Ensure the physical range is mapped.
++ m.mapPhysical(physical, length, physicalRegions)
++ virtual += length
++ }
++ }
++
++ // handleBluepillFault takes the slot spinlock and it is called from
++ // seccompMmapHandler, so here we have to guarantee that mmap is not
++ // called while we hold the slot spinlock.
++ disableAsyncPreemption()
++ applyVirtualRegions(func(vr virtualRegion) {
++ if excludeVirtualRegion(vr) {
++ return // skip region.
++ }
++ // Take into account that the stack can grow down.
++ if vr.filename == "[stack]" {
++ vr.virtual -= 1 << 20
++ vr.length += 1 << 20
++ }
++
++ mapRegion(vr, 0)
++
++ })
++ enableAsyncPreemption()
++
++ // Initialize architecture state.
++ if err := m.initArchState(); err != nil {
++ m.Destroy()
++ return nil, err
++ }
++
++ // Ensure the machine is cleaned up properly.
++ runtime.SetFinalizer(m, (*machine).Destroy)
++ return m, nil
++}
++
++// hasSlot returns true if the given address is mapped.
++//
++// This must be done via a linear scan.
++//
++//go:nosplit
++func (m *machine) hasSlot(physical uintptr) bool {
++ slotLen := int(m.nextSlot.Load())
++ // When slots are being updated, nextSlot is ^uint32(0). As this situation
++ // is less likely happen, we just set the slotLen to m.maxSlots, and scan
++ // the whole usedSlots array.
++ if slotLen == int(^uint32(0)) {
++ slotLen = m.maxSlots
++ }
++ for i := 0; i < slotLen; i++ {
++ if p := atomic.LoadUintptr(&m.usedSlots[i]); p == physical {
++ return true
++ }
++ }
++ return false
++}
++
++// mapPhysical checks for the mapping of a physical range, and installs one if
++// not available. This attempts to be efficient for calls in the hot path.
++//
++// This throws on error.
++func (m *machine) mapPhysical(physical, length uintptr, phyRegions []physicalRegion) {
++ for end := physical + length; physical < end; {
++ _, physicalStart, length, pr := calculateBluepillFault(physical, phyRegions)
++ if pr == nil {
++ // Should never happen.
++ throw("mapPhysical on unknown physical address")
++ }
++
++ // Is this already mapped? Check the usedSlots.
++ if !m.hasSlot(physicalStart) {
++ if _, ok := handleBluepillFault(m, physical, phyRegions); !ok {
++ throw("handleBluepillFault failed")
++ }
++ }
++
++ // Move to the next chunk.
++ physical = physicalStart + length
++ }
++}
++
++// Destroy frees associated resources.
++//
++// Destroy should only be called once all active users of the machine are gone.
++// The machine object should not be used after calling Destroy.
++//
++// Precondition: all vCPUs must be returned to the machine.
++func (m *machine) Destroy() {
++ runtime.SetFinalizer(m, nil)
++
++ // Destroy vCPUs.
++ for _, c := range m.vCPUsByID {
++ if c == nil {
++ continue
++ }
++
++ // Ensure the vCPU is not still running in guest mode. This is
++ // possible iff teardown has been done by other threads, and
++ // somehow a single thread has not executed any system calls.
++ c.BounceToHost()
++
++ // Note that the runData may not be mapped if an error occurs
++ // during the middle of initialization.
++ if c.runData != nil {
++ if err := unmapRunData(c.runData); err != nil {
++ panic(fmt.Sprintf("error unmapping rundata: %v", err))
++ }
++ }
++ if err := unix.Close(int(c.fd)); err != nil {
++ panic(fmt.Sprintf("error closing vCPU fd: %v", err))
++ }
++ }
++
++ machinePool[m.machinePoolIndex].Store(nil)
++ seccompMmapSync()
++
++ // vCPUs are gone: teardown machine state.
++ if err := unix.Close(m.fd); err != nil {
++ panic(fmt.Sprintf("error closing VM fd: %v", err))
++ }
++}
++
++// Get gets an available vCPU.
++//
++// This will return with the OS thread locked.
++//
++// It is guaranteed that if any OS thread TID is in guest, m.vCPUs[TID] points
++// to the vCPU in which the OS thread TID is running. So if Get() returns with
++// the corrent context in guest, the vCPU of it must be the same as what
++// Get() returns.
++func (m *machine) Get() *vCPU {
++ m.mu.RLock()
++ runtime.LockOSThread()
++ tid := hosttid.Current()
++
++ // Check for an exact match.
++ if c := m.vCPUsByTID[tid]; c != nil {
++ c.lock()
++ m.mu.RUnlock()
++ getVCPUCounter.Increment(&getVCPUAcquisitionFastReused)
++ return c
++ }
++
++ // The happy path failed. We now proceed to acquire an exclusive lock
++ // (because the vCPU map may change), and scan all available vCPUs.
++ // In this case, we first unlock the OS thread. Otherwise, if mu is
++ // not available, the current system thread will be parked and a new
++ // system thread spawned. We avoid this situation by simply refreshing
++ // tid after relocking the system thread.
++ m.mu.RUnlock()
++ runtime.UnlockOSThread()
++ m.mu.Lock()
++ runtime.LockOSThread()
++ tid = hosttid.Current()
++
++ // Recheck for an exact match.
++ if c := m.vCPUsByTID[tid]; c != nil {
++ c.lock()
++ m.mu.Unlock()
++ getVCPUCounter.Increment(&getVCPUAcquisitionReused)
++ return c
++ }
++
++ for {
++ // Get vCPU from the m.vCPUsByID pool.
++ if m.usedVCPUs < m.maxVCPUs {
++ c := m.vCPUsByID[m.usedVCPUs]
++ m.usedVCPUs++
++ c.lock()
++ m.vCPUsByTID[tid] = c
++ m.mu.Unlock()
++ c.loadSegments(tid)
++ getVCPUCounter.Increment(&getVCPUAcquisitionUnused)
++ return c
++ }
++
++ // Scan for an available vCPU.
++ for origTID, c := range m.vCPUsByTID {
++ if c.state.CompareAndSwap(vCPUReady, vCPUUser) {
++ delete(m.vCPUsByTID, origTID)
++ m.vCPUsByTID[tid] = c
++ m.mu.Unlock()
++ c.loadSegments(tid)
++ getVCPUCounter.Increment(&getVCPUAcquisitionUnused)
++ return c
++ }
++ }
++
++ // Scan for something not in user mode.
++ for origTID, c := range m.vCPUsByTID {
++ if !c.state.CompareAndSwap(vCPUGuest, vCPUGuest|vCPUWaiter) {
++ continue
++ }
++
++ // The vCPU is not be able to transition to
++ // vCPUGuest|vCPUWaiter or to vCPUUser because that
++ // transition requires holding the machine mutex, as we
++ // do now. There is no path to register a waiter on
++ // just the vCPUReady state.
++ for {
++ c.waitUntilNot(vCPUGuest | vCPUWaiter)
++ if c.state.CompareAndSwap(vCPUReady, vCPUUser) {
++ break
++ }
++ }
++
++ // Steal the vCPU.
++ delete(m.vCPUsByTID, origTID)
++ m.vCPUsByTID[tid] = c
++ m.mu.Unlock()
++ c.loadSegments(tid)
++ getVCPUCounter.Increment(&getVCPUAcquisitionStolen)
++ return c
++ }
++
++ // Everything is executing in user mode. Wait until something
++ // is available. Note that signaling the condition variable
++ // will have the extra effect of kicking the vCPUs out of guest
++ // mode if that's where they were.
++ m.available.Wait()
++ }
++}
++
++// Put puts the current vCPU.
++func (m *machine) Put(c *vCPU) {
++ c.unlock()
++ runtime.UnlockOSThread()
++
++ m.mu.RLock()
++ m.available.Signal()
++ m.mu.RUnlock()
++}
++
++// newDirtySet returns a new dirty set.
++func (m *machine) newDirtySet() *dirtySet {
++ return &dirtySet{
++ vCPUMasks: make([]atomicbitops.Uint64,
++ (m.maxVCPUs+63)/64, (m.maxVCPUs+63)/64),
++ }
++}
++
++// dropPageTables drops cached page table entries.
++func (m *machine) dropPageTables(pt *pagetables.PageTables) {
++ m.mu.Lock()
++ defer m.mu.Unlock()
++
++ // Clear from all PCIDs.
++ for _, c := range m.vCPUsByID {
++ if c != nil && c.PCIDs != nil {
++ c.PCIDs.Drop(pt)
++ }
++ }
++}
++
++// lock marks the vCPU as in user mode.
++//
++// This should only be called directly when known to be safe, i.e. when
++// the vCPU is owned by the current TID with no chance of theft.
++//
++//go:nosplit
++func (c *vCPU) lock() {
++ atomicbitops.OrUint32(&c.state, vCPUUser)
++}
++
++// unlock clears the vCPUUser bit.
++//
++//go:nosplit
++func (c *vCPU) unlock() {
++ origState := atomicbitops.CompareAndSwapUint32(&c.state, vCPUUser|vCPUGuest, vCPUGuest)
++ if origState == vCPUUser|vCPUGuest {
++ // Happy path: no exits are forced, and we can continue
++ // executing on our merry way with a single atomic access.
++ return
++ }
++
++ // Clear the lock.
++ for {
++ state := atomicbitops.CompareAndSwapUint32(&c.state, origState, origState&^vCPUUser)
++ if state == origState {
++ break
++ }
++ origState = state
++ }
++ switch origState {
++ case vCPUUser:
++ // Normal state.
++ case vCPUUser | vCPUGuest | vCPUWaiter:
++ // Force a transition: this must trigger a notification when we
++ // return from guest mode. We must clear vCPUWaiter here
++ // anyways, because BounceToKernel will force a transition only
++ // from ring3 to ring0, which will not clear this bit. Halt may
++ // workaround the issue, but if there is no exception or
++ // syscall in this period, BounceToKernel will hang.
++ atomicbitops.AndUint32(&c.state, ^vCPUWaiter)
++ c.notify()
++ case vCPUUser | vCPUWaiter:
++ // Waiting for the lock to be released; the responsibility is
++ // on us to notify the waiter and clear the associated bit.
++ atomicbitops.AndUint32(&c.state, ^vCPUWaiter)
++ c.notify()
++ default:
++ panic("invalid state")
++ }
++}
++
++// NotifyInterrupt implements interrupt.Receiver.NotifyInterrupt.
++//
++//go:nosplit
++func (c *vCPU) NotifyInterrupt() {
++ c.BounceToKernel()
++}
++
++// pid is used below in bounce.
++var pid = unix.Getpid()
++
++// bounce forces a return to the kernel or to host mode.
++//
++// This effectively unwinds the state machine.
++func (c *vCPU) bounce(forceGuestExit bool) {
++ origGuestExits := c.guestExits.Load()
++ origUserExits := c.userExits.Load()
++ for {
++ switch state := c.state.Load(); state {
++ case vCPUReady, vCPUWaiter:
++ // There is nothing to be done, we're already in the
++ // kernel pre-acquisition. The Bounce criteria have
++ // been satisfied.
++ return
++ case vCPUUser:
++ // We need to register a waiter for the actual guest
++ // transition. When the transition takes place, then we
++ // can inject an interrupt to ensure a return to host
++ // mode.
++ c.state.CompareAndSwap(state, state|vCPUWaiter)
++ case vCPUUser | vCPUWaiter:
++ // Wait for the transition to guest mode. This should
++ // come from the bluepill handler.
++ c.waitUntilNot(state)
++ case vCPUGuest, vCPUUser | vCPUGuest:
++ if state == vCPUGuest && !forceGuestExit {
++ // The vCPU is already not acquired, so there's
++ // no need to do a fresh injection here.
++ return
++ }
++ // The vCPU is in user or kernel mode. Attempt to
++ // register a notification on change.
++ if !c.state.CompareAndSwap(state, state|vCPUWaiter) {
++ break // Retry.
++ }
++ for {
++ // We need to spin here until the signal is
++ // delivered, because Tgkill can return EAGAIN
++ // under memory pressure. Since we already
++ // marked ourselves as a waiter, we need to
++ // ensure that a signal is actually delivered.
++ if err := unix.Tgkill(pid, int(c.tid.Load()), bounceSignal); err == nil {
++ break
++ } else if err.(unix.Errno) == unix.EAGAIN {
++ continue
++ } else {
++ // Nothing else should be returned by tgkill.
++ panic(fmt.Sprintf("unexpected tgkill error: %v", err))
++ }
++ }
++ case vCPUGuest | vCPUWaiter, vCPUUser | vCPUGuest | vCPUWaiter:
++ if state == vCPUGuest|vCPUWaiter && !forceGuestExit {
++ // See above.
++ return
++ }
++ // Wait for the transition. This again should happen
++ // from the bluepill handler, but on the way out.
++ c.waitUntilNot(state)
++ default:
++ // Should not happen: the above is exhaustive.
++ panic("invalid state")
++ }
++
++ // Check if we've missed the state transition, but
++ // we can safely return at this point in time.
++ newGuestExits := c.guestExits.Load()
++ newUserExits := c.userExits.Load()
++ if newUserExits != origUserExits && (!forceGuestExit || newGuestExits != origGuestExits) {
++ return
++ }
++ }
++}
++
++// BounceToKernel ensures that the vCPU bounces back to the kernel.
++//
++//go:nosplit
++func (c *vCPU) BounceToKernel() {
++ c.bounce(false)
++}
++
++// BounceToHost ensures that the vCPU is in host mode.
++//
++//go:nosplit
++func (c *vCPU) BounceToHost() {
++ c.bounce(true)
++}
++
++// setSystemTimeLegacy calibrates and sets an approximate system time.
++func (c *vCPU) setSystemTimeLegacy() error {
++ const minIterations = 10
++ minimum := uint64(0)
++ for iter := 0; ; iter++ {
++ // Try to set the TSC to an estimate of where it will be
++ // on the host during a "fast" system call iteration.
++ start := uint64(ktime.Rdtsc())
++ if err := c.setTSC(start + (minimum / 2)); err != nil {
++ return err
++ }
++ // See if this is our new minimum call time. Note that this
++ // serves two functions: one, we make sure that we are
++ // accurately predicting the offset we need to set. Second, we
++ // don't want to do the final set on a slow call, which could
++ // produce a really bad result.
++ end := uint64(ktime.Rdtsc())
++ if end < start {
++ continue // Totally bogus: unstable TSC?
++ }
++ current := end - start
++ if current < minimum || iter == 0 {
++ minimum = current // Set our new minimum.
++ }
++ // Is this past minIterations and within ~10% of minimum?
++ upperThreshold := (((minimum << 3) + minimum) >> 3)
++ if iter >= minIterations && current <= upperThreshold {
++ return nil
++ }
++ }
++}
++
++const machinePoolSize = 16
++
++// machinePool is enumerated from the seccompMmapHandler signal handler
++var (
++ machinePool [machinePoolSize]machineAtomicPtr
++ machinePoolLen atomicbitops.Uint32
++ machinePoolMu sync.Mutex
++ seccompMmapRulesOnce gosync.Once
++)
++
++func sigsysHandler()
++func addrOfSigsysHandler() uintptr
++
++// seccompMmapRules adds seccomp rules to trap mmap system calls that will be
++// handled in seccompMmapHandler.
++func seccompMmapRules(m *machine) {
++ seccompMmapRulesOnce.Do(func() {
++ // Install the handler.
++ if err := sighandling.ReplaceSignalHandler(unix.SIGSYS, addrOfSigsysHandler(), &savedSigsysHandler); err != nil {
++ panic(fmt.Sprintf("Unable to set handler for signal %d: %v", bluepillSignal, err))
++ }
++ rules := []seccomp.RuleSet{}
++ rules = append(rules, []seccomp.RuleSet{
++ // Trap mmap system calls and handle them in sigsysGoHandler
++ {
++ Rules: seccomp.SyscallRules{
++ unix.SYS_MMAP: {
++ {
++ seccomp.MatchAny{},
++ seccomp.MatchAny{},
++ seccomp.MaskedEqual(unix.PROT_EXEC, 0),
++ /* MAP_DENYWRITE is ignored and used only for filtering. */
++ seccomp.MaskedEqual(unix.MAP_DENYWRITE, 0),
++ },
++ },
++ },
++ Action: linux.SECCOMP_RET_TRAP,
++ },
++ }...)
++ instrs, err := seccomp.BuildProgram(rules, linux.SECCOMP_RET_ALLOW, linux.SECCOMP_RET_ALLOW)
++ if err != nil {
++ panic(fmt.Sprintf("failed to build rules: %v", err))
++ }
++ // Perform the actual installation.
++ if err := seccomp.SetFilter(instrs); err != nil {
++ panic(fmt.Sprintf("failed to set filter: %v", err))
++ }
++ })
++
++ machinePoolMu.Lock()
++ n := machinePoolLen.Load()
++ i := uint32(0)
++ for ; i < n; i++ {
++ if machinePool[i].Load() == nil {
++ break
++ }
++ }
++ if i == n {
++ if i == machinePoolSize {
++ machinePoolMu.Unlock()
++ panic("machinePool is full")
++ }
++ machinePoolLen.Add(1)
++ }
++ machinePool[i].Store(m)
++ m.machinePoolIndex = i
++ machinePoolMu.Unlock()
++}
+--
+2.41.0
+
diff --git a/third_party/go/patches/gvisor-fix-gazelle-debug-builds.patch b/third_party/go/patches/gvisor-fix-gazelle-debug-builds.patch
new file mode 100644
index 0000000..fb33edb
--- /dev/null
+++ b/third_party/go/patches/gvisor-fix-gazelle-debug-builds.patch
@@ -0,0 +1,26 @@
+--- a/pkg/sentry/platform/kvm/BUILD.bazel
++++ b/pkg/sentry/platform/kvm/BUILD.bazel
+@@ -6,6 +6,7 @@
+ "address_space.go",
+ "address_space_amd64.go",
+ "address_space_arm64.go",
++ "address_space_debug.go",
+ "atomicptr_machine_unsafe.go",
+ "bluepill.go",
+ "bluepill_allocator.go",
+@@ -15,6 +16,7 @@
+ "bluepill_arm64.go",
+ "bluepill_arm64.s",
+ "bluepill_arm64_unsafe.go",
++ "bluepill_debug_unsafe.go",
+ "bluepill_fault.go",
+ "bluepill_unsafe.go",
+ "context.go",
+@@ -40,6 +42,7 @@
+ "machine_amd64_unsafe.go",
+ "machine_arm64.go",
+ "machine_arm64_unsafe.go",
++ "machine_debug.go",
+ "machine_unsafe.go",
+ "physical_map.go",
+ "physical_map_amd64.go",
\ No newline at end of file
diff --git a/third_party/go/patches/gvisor-fix-resolution.patch b/third_party/go/patches/gvisor-fix-resolution.patch
index 71e0af5..0f79599 100644
--- a/third_party/go/patches/gvisor-fix-resolution.patch
+++ b/third_party/go/patches/gvisor-fix-resolution.patch
@@ -8,3 +8,4 @@
+ "@io_bazel_rules_go//go/tools/coverdata",
],
)
+
diff --git a/third_party/go/patches/libseccomp.patch b/third_party/go/patches/libseccomp.patch
index 0778f33..27de7d5 100644
--- a/third_party/go/patches/libseccomp.patch
+++ b/third_party/go/patches/libseccomp.patch
@@ -1,5 +1,5 @@
---- a/BUILD.bazel 2022-03-21 17:04:56.160536936 +0100
-+++ b/BUILD.bazel 2022-03-21 17:05:52.439616250 +0100
+--- a/BUILD.bazel
++++ b/BUILD.bazel
@@ -6,6 +6,9 @@
"seccomp.go",
"seccomp_internal.go",
diff --git a/third_party/go/repositories.bzl b/third_party/go/repositories.bzl
index 4f59ea0..abfdfe4 100644
--- a/third_party/go/repositories.bzl
+++ b/third_party/go/repositories.bzl
@@ -23,8 +23,8 @@
go_repository(
name = "co_honnef_go_tools",
importpath = "honnef.co/go/tools",
- sum = "h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk=",
- version = "v0.2.2",
+ sum = "h1:6qXr+R5w+ktL5UkwEbPp+fEvfyoMPche6GkOpGHZcLc=",
+ version = "v0.4.2",
)
go_repository(
name = "com_4d63_gochecknoinits",
@@ -446,15 +446,15 @@
go_repository(
name = "com_github_bazelbuild_buildtools",
importpath = "github.com/bazelbuild/buildtools",
- sum = "h1:M7gqMiatHWf9F3HL32QsFX8H3C/JFh1a8jYM5+F+5JI=",
- version = "v0.0.0-20201023142455-8a8e1e724705",
+ sum = "h1:Fl1FfItZp34QIQmmDTbZXHB5XA6JfbNNfH7tRRGWvQo=",
+ version = "v0.0.0-20230510134650-37bd1811516d",
)
go_repository(
name = "com_github_bazelbuild_rules_go",
importpath = "github.com/bazelbuild/rules_go",
- sum = "h1:kX4jVcstqrsRqKPJSn2mq2o+TI21edRzEJSrEOMQtr0=",
- version = "v0.30.0",
+ sum = "h1:JzlRxsFNhlX+g4drDRPhIaU5H5LnI978wdMJ0vK4I+k=",
+ version = "v0.41.0",
)
go_repository(
name = "com_github_beevik_ntp",
@@ -466,8 +466,8 @@
go_repository(
name = "com_github_benbjohnson_clock",
importpath = "github.com/benbjohnson/clock",
- sum = "h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=",
- version = "v1.1.0",
+ sum = "h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=",
+ version = "v1.3.5",
)
go_repository(
@@ -600,15 +600,10 @@
go_repository(
name = "com_github_burntsushi_toml",
importpath = "github.com/BurntSushi/toml",
- sum = "h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw=",
- version = "v0.4.1",
+ sum = "h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=",
+ version = "v1.2.1",
)
- go_repository(
- name = "com_github_burntsushi_xgb",
- importpath = "github.com/BurntSushi/xgb",
- sum = "h1:1BDTz0u9nC3//pOCMdNH+CiXJVYJh5UQNCOBG7jbELc=",
- version = "v0.0.0-20160522181843-27f122750802",
- )
+
go_repository(
name = "com_github_bytecodealliance_wasmtime_go_v5",
importpath = "github.com/bytecodealliance/wasmtime-go/v5",
@@ -740,8 +735,8 @@
go_repository(
name = "com_github_cilium_ebpf",
importpath = "github.com/cilium/ebpf",
- sum = "h1:1k/q3ATgxSXRdrmPfH8d7YK0GfqVsEKZAX9dQZvs56k=",
- version = "v0.7.0",
+ sum = "h1:5KtxXZU+scyERvkJMEm16TbScVvuuMrlhPly78ZMbSc=",
+ version = "v0.9.3",
)
go_repository(
name = "com_github_circonus_labs_circonus_gometrics",
@@ -897,8 +892,8 @@
go_repository(
name = "com_github_containerd_continuity",
importpath = "github.com/containerd/continuity",
- sum = "h1:QSqfxcn8c+12slxwu00AtzXrsami0MJb/MQs9lOLHLA=",
- version = "v0.2.2",
+ sum = "h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=",
+ version = "v0.3.0",
)
go_repository(
name = "com_github_containerd_fifo",
@@ -1559,8 +1554,8 @@
go_repository(
name = "com_github_frankban_quicktest",
importpath = "github.com/frankban/quicktest",
- sum = "h1:yNZif1OkDfNoDfb9zZa9aXIpejNR4F23Wely0c+Qdqk=",
- version = "v1.13.0",
+ sum = "h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzPPUss=",
+ version = "v1.14.0",
)
go_repository(
name = "com_github_fsnotify_fsnotify",
@@ -1686,6 +1681,8 @@
name = "com_github_go_delve_delve",
importpath = "github.com/go-delve/delve",
patch_args = ["-p1"],
+ # https://github.com/bazelbuild/bazel-gazelle/issues/1424#issuecomment-1568744161
+ patch_tool = "patch",
patches = [
"//third_party/go/patches:delve-fix-cgo.patch",
],
@@ -1730,18 +1727,6 @@
)
go_repository(
- name = "com_github_go_gl_glfw",
- importpath = "github.com/go-gl/glfw",
- sum = "h1:QbL/5oDUmRBzO9/Z7Seo6zf912W/a6Sr4Eu0G/3Jho0=",
- version = "v0.0.0-20190409004039-e6da0acd62b1",
- )
- go_repository(
- name = "com_github_go_gl_glfw_v3_3_glfw",
- importpath = "github.com/go-gl/glfw/v3.3/glfw",
- sum = "h1:WtGNWLvXpe6ZudgnXrq0barxBImvnnJoMEhXAzcbM0I=",
- version = "v0.0.0-20200222043503-6f7a984d4dc4",
- )
- go_repository(
name = "com_github_go_ini_ini",
importpath = "github.com/go-ini/ini",
sum = "h1:Mujh4R/dH6YL8bxuISne3xX2+qcQ9p0IxKAP6ExWoUo=",
@@ -2365,6 +2350,7 @@
sum = "h1:BW6OvS3kpT5UEPbCZ+KyX/OB4Ks9/MNMhWjqPPkZxsE=",
version = "v0.0.0-20191226140753-aa36bfddb3a0",
)
+
go_repository(
name = "com_github_google_shlex",
importpath = "github.com/google/shlex",
@@ -2412,6 +2398,7 @@
)
go_repository(
name = "com_github_googleapis_gax_go_v2",
+ build_file_proto_mode = "disable",
importpath = "github.com/googleapis/gax-go/v2",
sum = "h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ=",
version = "v2.7.0",
@@ -2421,8 +2408,8 @@
name = "com_github_googleapis_gnostic",
build_file_proto_mode = "disable",
importpath = "github.com/googleapis/gnostic",
- sum = "h1:A8Yhf6EtqTv9RMsU6MQTyrtV1TjWlR6xU9BsZIwuTCM=",
- version = "v0.5.1",
+ sum = "h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw=",
+ version = "v0.5.5",
)
go_repository(
name = "com_github_googlecloudplatform_cloudsql_proxy",
@@ -2532,11 +2519,14 @@
)
go_repository(
name = "com_github_grpc_ecosystem_grpc_gateway",
+ # Force generation of new build files for this package, required due to changes in how gazelle handles @go_googleapis.
+ build_file_generation = "on",
build_naming_convention = "go_default_library",
importpath = "github.com/grpc-ecosystem/grpc-gateway",
sum = "h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=",
version = "v1.16.0",
)
+
go_repository(
name = "com_github_grpc_ecosystem_grpc_opentracing",
importpath = "github.com/grpc-ecosystem/grpc-opentracing",
@@ -2549,6 +2539,12 @@
sum = "h1:5upAirOpQc1Q53c0bnx2ufif5kANL7bfZWcc6VJWJd8=",
version = "v0.0.0-20160125115350-e80d13ce29ed",
)
+ go_repository(
+ name = "com_github_hanwen_go_fuse_v2",
+ importpath = "github.com/hanwen/go-fuse/v2",
+ sum = "h1:t5ivNIH2PK+zw4OBul/iJjsoG9K6kXo4nMDoBpciC8A=",
+ version = "v2.3.0",
+ )
go_repository(
name = "com_github_hashicorp_consul_api",
@@ -3230,8 +3226,8 @@
go_repository(
name = "com_github_kr_pretty",
importpath = "github.com/kr/pretty",
- sum = "h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=",
- version = "v0.2.1",
+ sum = "h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=",
+ version = "v0.3.0",
)
go_repository(
name = "com_github_kr_pty",
@@ -3629,8 +3625,8 @@
go_repository(
name = "com_github_microsoft_go_winio",
importpath = "github.com/Microsoft/go-winio",
- sum = "h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=",
- version = "v0.5.2",
+ sum = "h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=",
+ version = "v0.6.0",
)
go_repository(
name = "com_github_microsoft_hcsshim",
@@ -4061,8 +4057,8 @@
go_repository(
name = "com_github_opencontainers_runtime_spec",
importpath = "github.com/opencontainers/runtime-spec",
- sum = "h1:9iT75RHhYHWwWRlVWU7wnmtFulYcURCglzQOpT+cAF8=",
- version = "v1.0.3-0.20211123151946-c2389c3cb60a",
+ sum = "h1:wHa9jroFfKGQqFHj0I1fMRKLl0pfj+ynAqBxo3v6u9w=",
+ version = "v1.1.0-rc.1",
)
go_repository(
name = "com_github_opencontainers_runtime_tools",
@@ -4238,11 +4234,12 @@
sum = "h1:+FZIDR/D97YOPik4N4lPDaUcLDF/EQPogxtlHB2ZZRM=",
version = "v0.11.5-0.20210425183316-da1aaba5fb63",
)
+
go_repository(
name = "com_github_pingcap_log",
importpath = "github.com/pingcap/log",
- sum = "h1:SvWCbCPh1YeHd9yQLksvJYAgft6wLTY1aNG81tpyscQ=",
- version = "v0.0.0-20210906054005-afc726e70354",
+ sum = "h1:ELiPxACz7vdo1qAvvaWJg1NrYFoY6gqAh/+Uo6aXdD8=",
+ version = "v1.1.0",
)
go_repository(
name = "com_github_pingcap_tidb_parser",
@@ -4402,8 +4399,8 @@
go_repository(
name = "com_github_remyoudompheng_bigfft",
importpath = "github.com/remyoudompheng/bigfft",
- sum = "h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=",
- version = "v0.0.0-20200410134404-eec4a21b6bb0",
+ sum = "h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=",
+ version = "v0.0.0-20230129092748-24d4a6f8daec",
)
go_repository(
@@ -4441,8 +4438,8 @@
go_repository(
name = "com_github_rogpeppe_go_internal",
importpath = "github.com/rogpeppe/go-internal",
- sum = "h1:RR9dF3JtopPvtkroDZuVD7qquD0bnHlKSqaQhgwt8yk=",
- version = "v1.3.0",
+ sum = "h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=",
+ version = "v1.6.1",
)
go_repository(
name = "com_github_rs_cors",
@@ -4778,8 +4775,8 @@
go_repository(
name = "com_github_stretchr_testify",
importpath = "github.com/stretchr/testify",
- sum = "h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=",
- version = "v1.8.1",
+ sum = "h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=",
+ version = "v1.8.4",
)
go_repository(
name = "com_github_stripe_safesql",
@@ -5265,6 +5262,7 @@
sum = "h1:AONoTYJviyv1vS4IkvWzq69gEVdvHx35wKXc+e6wjZQ=",
version = "v1.4.0",
)
+
go_repository(
name = "com_google_cloud_go_appengine",
importpath = "cloud.google.com/go/appengine",
@@ -5441,6 +5439,7 @@
sum = "h1:gVOqNmElfa6n/ccG/QDlfurMWwrK3ezvy2b2eDoCmS0=",
version = "v1.8.0",
)
+
go_repository(
name = "com_google_cloud_go_dataqna",
importpath = "cloud.google.com/go/dataqna",
@@ -5539,6 +5538,7 @@
sum = "h1:97OAEQtDazAJD7yh/kvQdSCQuTKdR0O+qWAJBZJ4xiA=",
version = "v1.8.0",
)
+
go_repository(
name = "com_google_cloud_go_gkebackup",
importpath = "cloud.google.com/go/gkebackup",
@@ -5823,6 +5823,7 @@
sum = "h1:ImIzbOu6y4jL6ob65I++QzvqgFaoAKgHOG+RU9/c4y8=",
version = "v1.5.0",
)
+
go_repository(
name = "com_google_cloud_go_servicedirectory",
importpath = "cloud.google.com/go/servicedirectory",
@@ -5841,6 +5842,7 @@
sum = "h1:b0EwJxPJLpavSljMQh0RcdHsUrr5DQ+Nelt/3BAs5ro=",
version = "v1.4.0",
)
+
go_repository(
name = "com_google_cloud_go_shell",
importpath = "cloud.google.com/go/shell",
@@ -5960,12 +5962,6 @@
)
go_repository(
- name = "com_shuralyov_dmitri_gpu_mtl",
- importpath = "dmitri.shuralyov.com/gpu/mtl",
- sum = "h1:+PdD6GLKejR9DizMAKT5DpSAkKswvZrurk1/eEt9+pw=",
- version = "v0.0.0-20201218220906-28db891af037",
- )
- go_repository(
name = "com_sourcegraph_sourcegraph_appdash",
importpath = "sourcegraph.com/sourcegraph/appdash",
sum = "h1:ucqkfpjg9WzSUubAO62csmucvxl4/JeW3F4I4909XkM=",
@@ -6003,18 +5999,29 @@
sum = "h1:EDRyaRAnMGSq/QBto486gWFxMLczAfIYUmusV7XLNBM=",
version = "v0.19.0",
)
+
go_repository(
name = "dev_gvisor_gvisor",
importpath = "gvisor.dev/gvisor",
patch_args = ["-p1"],
patches = [
- "//third_party/go/patches:gvisor-containerd-compat.patch",
"//third_party/go/patches:gvisor-fix-resolution.patch",
"//third_party/go/patches:gvisor-fix-syslog.patch",
+ "//third_party/go/patches:gvisor-containerd-compat.patch",
+ # Gazelle doesn't understand conditional build files.
+ # https://github.com/bazelbuild/bazel-gazelle/issues/1262
+ "//third_party/go/patches:gvisor-fix-gazelle-debug-builds.patch",
],
- sum = "h1:aXIFpjZYl3zv2rQyr4rSit5Uq0k7BVXC8lJaDa4Cg7M=",
- version = "v0.0.0-20220315202956-f1399ecf1672",
+ pre_patches = [
+ # Modified patch for the go branch.
+ # Upstream issue https://github.com/google/gvisor/issues/9039
+ # Upstream patch https://github.com/google/gvisor/commit/62afa160fe8ad17302d43f7c6016061de57c7f4d
+ "//third_party/go/patches:gvisor-fix-debug-builds.patch",
+ ],
+ sum = "h1:jkIUiFfucTr4prtWuxQ1YxuOdWEQc/dIrUnHKyzSQv0=",
+ version = "v0.0.0-20230911190645-2e1d76499fd5",
)
+
go_repository(
name = "im_mellium_sasl",
importpath = "mellium.im/sasl",
@@ -6132,8 +6139,8 @@
go_repository(
name = "in_gopkg_natefinch_lumberjack_v2",
importpath = "gopkg.in/natefinch/lumberjack.v2",
- sum = "h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=",
- version = "v2.0.0",
+ sum = "h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=",
+ version = "v2.2.1",
)
go_repository(
name = "in_gopkg_olivere_elastic_v3",
@@ -6612,8 +6619,8 @@
go_repository(
name = "io_k8s_sigs_structured_merge_diff_v4",
importpath = "sigs.k8s.io/structured-merge-diff/v4",
- sum = "h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y=",
- version = "v4.2.1",
+ sum = "h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=",
+ version = "v4.2.3",
)
go_repository(
name = "io_k8s_sigs_yaml",
@@ -6883,8 +6890,8 @@
go_repository(
name = "org_golang_google_protobuf",
importpath = "google.golang.org/protobuf",
- sum = "h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=",
- version = "v1.28.1",
+ sum = "h1:qp0AnQCvRCMlu9jBjtdbTaaEmThIgZOrbVyDEOcmKhQ=",
+ version = "v1.28.2-0.20230118093459-a9481185b34d",
)
go_repository(
@@ -6897,16 +6904,24 @@
go_repository(
name = "org_golang_x_crypto",
importpath = "golang.org/x/crypto",
- sum = "h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=",
- version = "v0.6.0",
+ sum = "h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=",
+ version = "v0.12.0",
)
go_repository(
name = "org_golang_x_exp",
importpath = "golang.org/x/exp",
+ replace = "golang.org/x/exp",
sum = "h1:TfdoLivD44QwvssI9Sv1xwa5DcL5XQr4au4sZ2F2NV4=",
version = "v0.0.0-20220428152302-39d4317da171",
)
go_repository(
+ name = "org_golang_x_exp_typeparams",
+ importpath = "golang.org/x/exp/typeparams",
+ sum = "h1:Jw5wfR+h9mnIYH+OtGT2im5wV1YGGDora5vTv/aa5bE=",
+ version = "v0.0.0-20221208152030-732eee02a75a",
+ )
+
+ go_repository(
name = "org_golang_x_image",
importpath = "golang.org/x/image",
sum = "h1:lP9pYkih3DUSC641giIXa2XqfTIbbbRr0w2EOTA7wHA=",
@@ -6918,12 +6933,6 @@
sum = "h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=",
version = "v0.0.0-20210508222113-6edffad5e616",
)
- go_repository(
- name = "org_golang_x_mobile",
- importpath = "golang.org/x/mobile",
- sum = "h1:kgfVkAEEQXXQ0qc6dH7n6y37NAYmTFmz0YRwrRjgxKw=",
- version = "v0.0.0-20201217150744-e6ae53a27f4f",
- )
go_repository(
name = "org_golang_x_mod",
@@ -6932,14 +6941,14 @@
"-go_naming_convention_external=import_alias",
],
importpath = "golang.org/x/mod",
- sum = "h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=",
- version = "v0.6.0-dev.0.20220419223038-86c51ed26bb4",
+ sum = "h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=",
+ version = "v0.12.0",
)
go_repository(
name = "org_golang_x_net",
importpath = "golang.org/x/net",
- sum = "h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=",
- version = "v0.7.0",
+ sum = "h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=",
+ version = "v0.14.0",
)
go_repository(
name = "org_golang_x_oauth2",
@@ -6955,27 +6964,27 @@
"-go_naming_convention_external=import_alias",
],
importpath = "golang.org/x/sync",
- sum = "h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=",
- version = "v0.1.0",
+ sum = "h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=",
+ version = "v0.3.0",
)
go_repository(
name = "org_golang_x_sys",
importpath = "golang.org/x/sys",
- sum = "h1:ZVBC8ekm7gt68NPszw37xBUjvhYEPKPyOlnmc6d1htg=",
- version = "v0.10.1-0.20230720230054-ad7130c58d22",
+ sum = "h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=",
+ version = "v0.11.0",
)
go_repository(
name = "org_golang_x_term",
importpath = "golang.org/x/term",
- sum = "h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=",
- version = "v0.5.0",
+ sum = "h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=",
+ version = "v0.11.0",
)
go_repository(
name = "org_golang_x_text",
importpath = "golang.org/x/text",
- sum = "h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=",
- version = "v0.7.0",
+ sum = "h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=",
+ version = "v0.12.0",
)
go_repository(
name = "org_golang_x_time",
@@ -6990,8 +6999,8 @@
patches = [
"//third_party/go/patches:goimports-group-merging.patch",
],
- sum = "h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=",
- version = "v0.1.12",
+ sum = "h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo=",
+ version = "v0.9.1",
)
go_repository(
name = "org_golang_x_xerrors",
@@ -7111,13 +7120,13 @@
sum = "h1:/0RX92k9vwVeDXj+Xn23DKp2VJubL7k8qNffND6qn3A=",
version = "v0.1.1",
)
-
go_repository(
name = "org_modernc_parser",
importpath = "modernc.org/parser",
sum = "h1:/qHLDn1ezrcRk9/XbErYp84bPPM4+w0kIDuvMdRk6Vc=",
version = "v1.0.2",
)
+
go_repository(
name = "org_modernc_ql",
importpath = "modernc.org/ql",
@@ -7169,6 +7178,7 @@
sum = "h1:+QT+MtLkwkvLkh3fYQq+YD5vw2s5paVE73jdl5R/Py8=",
version = "v1.0.1",
)
+
go_repository(
name = "org_modernc_z",
importpath = "modernc.org/z",
@@ -7198,21 +7208,21 @@
go_repository(
name = "org_uber_go_atomic",
importpath = "go.uber.org/atomic",
- sum = "h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=",
- version = "v1.9.0",
+ sum = "h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=",
+ version = "v1.11.0",
)
go_repository(
name = "org_uber_go_goleak",
importpath = "go.uber.org/goleak",
- sum = "h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=",
- version = "v1.1.12",
+ sum = "h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=",
+ version = "v1.2.0",
)
go_repository(
name = "org_uber_go_multierr",
importpath = "go.uber.org/multierr",
- sum = "h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=",
- version = "v1.8.0",
+ sum = "h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=",
+ version = "v1.11.0",
)
go_repository(
name = "org_uber_go_tools",
@@ -7224,8 +7234,8 @@
go_repository(
name = "org_uber_go_zap",
importpath = "go.uber.org/zap",
- sum = "h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI=",
- version = "v1.19.1",
+ sum = "h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c=",
+ version = "v1.25.0",
)
go_repository(
name = "tools_gotest",
@@ -7237,6 +7247,6 @@
go_repository(
name = "tools_gotest_v3",
importpath = "gotest.tools/v3",
- sum = "h1:rVV8Tcg/8jHUkPUorwjaMTtemIMVXfIPKiOqnhEhakk=",
- version = "v3.1.0",
+ sum = "h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=",
+ version = "v3.4.0",
)