diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml index 185f9c6..acabfa0 100644 --- a/.github/workflows/go-tests.yml +++ b/.github/workflows/go-tests.yml @@ -24,7 +24,11 @@ jobs: - run: go version - name: Run GARM Go Tests - run: make test + run: | + make install-lint-deps + export PATH=$PATH:$HOME/go/bin + golangci-lint version + make test go-tests-windows: runs-on: windows-latest diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..91427d4 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: MIT +linters: + disable-all: true + fast: false + enable: + - gci + - goconst + - gocritic + - gocyclo + - gofmt + - gofumpt + - goimports + - godox + - govet + - gosec + - gosimple + - importas + - ineffassign + - loggercheck + - misspell + - nakedret + - nilerr + - predeclared + - promlinter + - staticcheck + - unconvert + - wastedassign + - whitespace + +linters-settings: + gci: + sections: + - standard + - default + - prefix(github.com/cloudbase/garm-provider-openstack) + + goimports: + local-prefixes: github.com/cloudbase/garm-provider-openstack + + gosec: + excludes: + - G115 + diff --git a/Makefile b/Makefile index 7b67b21..b3e28f3 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,7 @@ build-static: test: install-lint-deps verify go-test install-lint-deps: - @$(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest + @$(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.64.8 lint: @golangci-lint run --timeout=8m --build-tags testing diff --git a/client/client.go b/client/client.go index 2b03c34..e63296a 100644 --- a/client/client.go +++ b/client/client.go @@ -15,12 +15,10 @@ package client import ( + gErrors "errors" "fmt" "strings" - gErrors "errors" - - "github.com/cloudbase/garm-provider-openstack/config" "github.com/google/uuid" "github.com/gophercloud/gophercloud" "github.com/gophercloud/gophercloud/openstack/compute/v2/extensions/availabilityzones" @@ -34,6 +32,8 @@ import ( "github.com/gophercloud/gophercloud/openstack/networking/v2/networks" "github.com/gophercloud/gophercloud/pagination" "github.com/gophercloud/utils/openstack/clientconfig" + + "github.com/cloudbase/garm-provider-openstack/config" ) const ( diff --git a/client/client_test.go b/client/client_test.go index c80e1a9..6a112ca 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -399,8 +399,10 @@ func TestListServers(t *testing.T) { ID: "d9072956-1560-487c-97f2-18bdf65ec749", Name: "test-server", Status: "ACTIVE", - Tags: &[]string{"garm-controller-id=my-controller-id", - "garm-pool-id=my-pool-id"}, + Tags: &[]string{ + "garm-controller-id=my-controller-id", + "garm-pool-id=my-pool-id", + }, }, }, { @@ -408,8 +410,10 @@ func TestListServers(t *testing.T) { ID: "d9072956-1560-487c-10f2-18bdf65ec749", Name: "test-server-2", Status: "ACTIVE", - Tags: &[]string{"garm-controller-id=my-controller-id", - "garm-pool-id=my-pool-id"}, + Tags: &[]string{ + "garm-controller-id=my-controller-id", + "garm-pool-id=my-pool-id", + }, }, }, } diff --git a/go.mod b/go.mod index 60b18b1..9f87b15 100644 --- a/go.mod +++ b/go.mod @@ -1,9 +1,9 @@ module github.com/cloudbase/garm-provider-openstack -go 1.24.0 +go 1.24.12 require ( - github.com/BurntSushi/toml v1.5.0 + github.com/BurntSushi/toml v1.6.0 github.com/cloudbase/garm-provider-common v0.1.8-0.20251001105909-bbcacae60e7c github.com/google/uuid v1.6.0 github.com/gophercloud/gophercloud v1.14.1 @@ -18,7 +18,7 @@ require ( github.com/buger/jsonparser v1.1.1 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/mailru/easyjson v0.9.1 // indirect - github.com/stretchr/objx v0.5.2 // indirect + github.com/stretchr/objx v0.5.3 // indirect github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect ) @@ -27,7 +27,7 @@ require ( github.com/felixge/httpsnoop v1.0.4 // indirect github.com/gorilla/handlers v1.5.2 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/minio/sio v0.4.2 // indirect + github.com/minio/sio v0.4.3 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -35,9 +35,9 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 - golang.org/x/crypto v0.42.0 // indirect - golang.org/x/sys v0.36.0 // indirect - golang.org/x/text v0.29.0 // indirect + golang.org/x/crypto v0.47.0 // indirect + golang.org/x/sys v0.40.0 // indirect + golang.org/x/text v0.33.0 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 6dffb39..c530cc1 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= -github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk= +github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= @@ -28,8 +28,8 @@ github.com/mailru/easyjson v0.9.1 h1:LbtsOm5WAswyWbvTEOqhypdPeZzHavpZx96/n553mR8 github.com/mailru/easyjson v0.9.1/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/minio/sio v0.4.2 h1:+ayQoaniewWpKzz6b27F075b+q1HJajQr8ViG9KFZwA= -github.com/minio/sio v0.4.2/go.mod h1:VgJIPc0yCY+2IeI39pkf91yXjyx2geyBN1N+TbB1Rws= +github.com/minio/sio v0.4.3 h1:JqyID1XM86KwBZox5RAdLD4MLPIDoCY2cke2CXCJCkg= +github.com/minio/sio v0.4.3/go.mod h1:4ANoe4CCXqnt1FCiLM0+vlBUhhWZzVOhYCz0069KtFc= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -37,8 +37,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/objx v0.5.3 h1:jmXUvGomnU1o3W/V5h2VEradbpJDwGrzugQQvL0POH4= +github.com/stretchr/objx v0.5.3/go.mod h1:rDQraq+vQZU7Fde9LOZLr8Tax6zZvy4kuNKF+QYS+U0= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= @@ -57,8 +57,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI= -golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8= +golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8= +golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= @@ -74,8 +74,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= -golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= +golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -83,8 +83,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk= -golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4= +golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= +golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= diff --git a/main.go b/main.go index 5b3f613..adcdf0b 100644 --- a/main.go +++ b/main.go @@ -34,23 +34,25 @@ var signals = []os.Signal{ } func main() { - ctx, stop := signal.NotifyContext(context.Background(), signals...) defer stop() executionEnv, err := execution.GetEnvironment() if err != nil { + //nolint:gocritic log.Fatal(err) } prov, err := provider.NewOpenStackProvider(executionEnv.ProviderConfigFile, executionEnv.ControllerID) if err != nil { + //nolint:gocritic log.Fatal(err) } result, err := executionEnv.Run(ctx, prov) if err != nil { fmt.Fprintf(os.Stderr, "failed to run command: %s", err) + //nolint:gocritic os.Exit(commonExecution.ResolveErrorToExitCode(err)) } if len(result) > 0 { diff --git a/provider/provider.go b/provider/provider.go index aaab356..581fe52 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -18,11 +18,11 @@ import ( "context" "fmt" - "github.com/cloudbase/garm-provider-openstack/client" - "github.com/cloudbase/garm-provider-openstack/config" - execution "github.com/cloudbase/garm-provider-common/execution/v0.1.0" "github.com/cloudbase/garm-provider-common/params" + + "github.com/cloudbase/garm-provider-openstack/client" + "github.com/cloudbase/garm-provider-openstack/config" ) var _ execution.ExternalProvider = &openstackProvider{} diff --git a/provider/provider_test.go b/provider/provider_test.go index 1510298..2aac277 100644 --- a/provider/provider_test.go +++ b/provider/provider_test.go @@ -22,12 +22,13 @@ import ( "testing" "github.com/cloudbase/garm-provider-common/params" - "github.com/cloudbase/garm-provider-openstack/client" - "github.com/cloudbase/garm-provider-openstack/config" "github.com/gophercloud/gophercloud/openstack/compute/v2/servers" "github.com/gophercloud/gophercloud/testhelper" thclient "github.com/gophercloud/gophercloud/testhelper/client" "github.com/stretchr/testify/assert" + + "github.com/cloudbase/garm-provider-openstack/client" + "github.com/cloudbase/garm-provider-openstack/config" ) func TestOpenstackServerToInstance(t *testing.T) { diff --git a/provider/spec_test.go b/provider/spec_test.go index a2b0130..8bd1e71 100644 --- a/provider/spec_test.go +++ b/provider/spec_test.go @@ -20,8 +20,9 @@ import ( "github.com/cloudbase/garm-provider-common/cloudconfig" "github.com/cloudbase/garm-provider-common/params" - "github.com/cloudbase/garm-provider-openstack/config" "github.com/stretchr/testify/assert" + + "github.com/cloudbase/garm-provider-openstack/config" ) func Test_machineSpec_MergeExtraSpecs(t *testing.T) { diff --git a/vendor/github.com/BurntSushi/toml/README.md b/vendor/github.com/BurntSushi/toml/README.md index 235496e..1101d20 100644 --- a/vendor/github.com/BurntSushi/toml/README.md +++ b/vendor/github.com/BurntSushi/toml/README.md @@ -1,7 +1,7 @@ TOML stands for Tom's Obvious, Minimal Language. This Go package provides a reflection interface similar to Go's standard library `json` and `xml` packages. -Compatible with TOML version [v1.0.0](https://toml.io/en/v1.0.0). +Compatible with TOML version [v1.1.0](https://toml.io/en/v1.1.0). Documentation: https://pkg.go.dev/github.com/BurntSushi/toml diff --git a/vendor/github.com/BurntSushi/toml/decode.go b/vendor/github.com/BurntSushi/toml/decode.go index 3fa516c..ed88484 100644 --- a/vendor/github.com/BurntSushi/toml/decode.go +++ b/vendor/github.com/BurntSushi/toml/decode.go @@ -206,6 +206,13 @@ func markDecodedRecursive(md *MetaData, tmap map[string]any) { markDecodedRecursive(md, tmap) md.context = md.context[0 : len(md.context)-1] } + if tarr, ok := tmap[key].([]map[string]any); ok { + for _, elm := range tarr { + md.context = append(md.context, key) + markDecodedRecursive(md, elm) + md.context = md.context[0 : len(md.context)-1] + } + } } } @@ -423,7 +430,7 @@ func (md *MetaData) unifyString(data any, rv reflect.Value) error { if i, ok := data.(int64); ok { rv.SetString(strconv.FormatInt(i, 10)) } else if f, ok := data.(float64); ok { - rv.SetString(strconv.FormatFloat(f, 'f', -1, 64)) + rv.SetString(strconv.FormatFloat(f, 'g', -1, 64)) } else { return md.badtype("string", data) } diff --git a/vendor/github.com/BurntSushi/toml/encode.go b/vendor/github.com/BurntSushi/toml/encode.go index ac196e7..bd7aa18 100644 --- a/vendor/github.com/BurntSushi/toml/encode.go +++ b/vendor/github.com/BurntSushi/toml/encode.go @@ -228,9 +228,9 @@ func (enc *Encoder) eElement(rv reflect.Value) { } switch v.Location() { default: - enc.wf(v.Format(format)) + enc.write(v.Format(format)) case internal.LocalDatetime, internal.LocalDate, internal.LocalTime: - enc.wf(v.In(time.UTC).Format(format)) + enc.write(v.In(time.UTC).Format(format)) } return case Marshaler: @@ -279,40 +279,40 @@ func (enc *Encoder) eElement(rv reflect.Value) { case reflect.String: enc.writeQuoted(rv.String()) case reflect.Bool: - enc.wf(strconv.FormatBool(rv.Bool())) + enc.write(strconv.FormatBool(rv.Bool())) case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - enc.wf(strconv.FormatInt(rv.Int(), 10)) + enc.write(strconv.FormatInt(rv.Int(), 10)) case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: - enc.wf(strconv.FormatUint(rv.Uint(), 10)) + enc.write(strconv.FormatUint(rv.Uint(), 10)) case reflect.Float32: f := rv.Float() if math.IsNaN(f) { if math.Signbit(f) { - enc.wf("-") + enc.write("-") } - enc.wf("nan") + enc.write("nan") } else if math.IsInf(f, 0) { if math.Signbit(f) { - enc.wf("-") + enc.write("-") } - enc.wf("inf") + enc.write("inf") } else { - enc.wf(floatAddDecimal(strconv.FormatFloat(f, 'f', -1, 32))) + enc.write(floatAddDecimal(strconv.FormatFloat(f, 'g', -1, 32))) } case reflect.Float64: f := rv.Float() if math.IsNaN(f) { if math.Signbit(f) { - enc.wf("-") + enc.write("-") } - enc.wf("nan") + enc.write("nan") } else if math.IsInf(f, 0) { if math.Signbit(f) { - enc.wf("-") + enc.write("-") } - enc.wf("inf") + enc.write("inf") } else { - enc.wf(floatAddDecimal(strconv.FormatFloat(f, 'f', -1, 64))) + enc.write(floatAddDecimal(strconv.FormatFloat(f, 'g', -1, 64))) } case reflect.Array, reflect.Slice: enc.eArrayOrSliceElement(rv) @@ -330,27 +330,32 @@ func (enc *Encoder) eElement(rv reflect.Value) { // By the TOML spec, all floats must have a decimal with at least one number on // either side. func floatAddDecimal(fstr string) string { - if !strings.Contains(fstr, ".") { - return fstr + ".0" + for _, c := range fstr { + if c == 'e' { // Exponent syntax + return fstr + } + if c == '.' { + return fstr + } } - return fstr + return fstr + ".0" } func (enc *Encoder) writeQuoted(s string) { - enc.wf("\"%s\"", dblQuotedReplacer.Replace(s)) + enc.write(`"` + dblQuotedReplacer.Replace(s) + `"`) } func (enc *Encoder) eArrayOrSliceElement(rv reflect.Value) { length := rv.Len() - enc.wf("[") + enc.write("[") for i := 0; i < length; i++ { elem := eindirect(rv.Index(i)) enc.eElement(elem) if i != length-1 { - enc.wf(", ") + enc.write(", ") } } - enc.wf("]") + enc.write("]") } func (enc *Encoder) eArrayOfTables(key Key, rv reflect.Value) { @@ -363,7 +368,7 @@ func (enc *Encoder) eArrayOfTables(key Key, rv reflect.Value) { continue } enc.newline() - enc.wf("%s[[%s]]", enc.indentStr(key), key) + enc.writef("%s[[%s]]", enc.indentStr(key), key) enc.newline() enc.eMapOrStruct(key, trv, false) } @@ -376,7 +381,7 @@ func (enc *Encoder) eTable(key Key, rv reflect.Value) { enc.newline() } if len(key) > 0 { - enc.wf("%s[%s]", enc.indentStr(key), key) + enc.writef("%s[%s]", enc.indentStr(key), key) enc.newline() } enc.eMapOrStruct(key, rv, false) @@ -422,7 +427,7 @@ func (enc *Encoder) eMap(key Key, rv reflect.Value, inline bool) { if inline { enc.writeKeyValue(Key{mapKey.String()}, val, true) if trailC || i != len(mapKeys)-1 { - enc.wf(", ") + enc.write(", ") } } else { enc.encode(key.add(mapKey.String()), val) @@ -431,12 +436,12 @@ func (enc *Encoder) eMap(key Key, rv reflect.Value, inline bool) { } if inline { - enc.wf("{") + enc.write("{") } writeMapKeys(mapKeysDirect, len(mapKeysSub) > 0) writeMapKeys(mapKeysSub, false) if inline { - enc.wf("}") + enc.write("}") } } @@ -534,7 +539,7 @@ func (enc *Encoder) eStruct(key Key, rv reflect.Value, inline bool) { if inline { enc.writeKeyValue(Key{keyName}, fieldVal, true) if fieldIndex[0] != totalFields-1 { - enc.wf(", ") + enc.write(", ") } } else { enc.encode(key.add(keyName), fieldVal) @@ -543,14 +548,14 @@ func (enc *Encoder) eStruct(key Key, rv reflect.Value, inline bool) { } if inline { - enc.wf("{") + enc.write("{") } l := len(fieldsDirect) + len(fieldsSub) writeFields(fieldsDirect, l) writeFields(fieldsSub, l) if inline { - enc.wf("}") + enc.write("}") } } @@ -700,7 +705,7 @@ func isEmpty(rv reflect.Value) bool { func (enc *Encoder) newline() { if enc.hasWritten { - enc.wf("\n") + enc.write("\n") } } @@ -722,14 +727,22 @@ func (enc *Encoder) writeKeyValue(key Key, val reflect.Value, inline bool) { enc.eElement(val) return } - enc.wf("%s%s = ", enc.indentStr(key), key.maybeQuoted(len(key)-1)) + enc.writef("%s%s = ", enc.indentStr(key), key.maybeQuoted(len(key)-1)) enc.eElement(val) if !inline { enc.newline() } } -func (enc *Encoder) wf(format string, v ...any) { +func (enc *Encoder) write(s string) { + _, err := enc.w.WriteString(s) + if err != nil { + encPanic(err) + } + enc.hasWritten = true +} + +func (enc *Encoder) writef(format string, v ...any) { _, err := fmt.Fprintf(enc.w, format, v...) if err != nil { encPanic(err) diff --git a/vendor/github.com/BurntSushi/toml/lex.go b/vendor/github.com/BurntSushi/toml/lex.go index 1c3b477..9f4396a 100644 --- a/vendor/github.com/BurntSushi/toml/lex.go +++ b/vendor/github.com/BurntSushi/toml/lex.go @@ -13,7 +13,6 @@ type itemType int const ( itemError itemType = iota - itemNIL // used in the parser to indicate no type itemEOF itemText itemString @@ -47,14 +46,13 @@ func (p Position) String() string { } type lexer struct { - input string - start int - pos int - line int - state stateFn - items chan item - tomlNext bool - esc bool + input string + start int + pos int + line int + state stateFn + items chan item + esc bool // Allow for backing up up to 4 runes. This is necessary because TOML // contains 3-rune tokens (""" and '''). @@ -90,14 +88,13 @@ func (lx *lexer) nextItem() item { } } -func lex(input string, tomlNext bool) *lexer { +func lex(input string) *lexer { lx := &lexer{ - input: input, - state: lexTop, - items: make(chan item, 10), - stack: make([]stateFn, 0, 10), - line: 1, - tomlNext: tomlNext, + input: input, + state: lexTop, + items: make(chan item, 10), + stack: make([]stateFn, 0, 10), + line: 1, } return lx } @@ -108,7 +105,7 @@ func (lx *lexer) push(state stateFn) { func (lx *lexer) pop() stateFn { if len(lx.stack) == 0 { - return lx.errorf("BUG in lexer: no states to pop") + panic("BUG in lexer: no states to pop") } last := lx.stack[len(lx.stack)-1] lx.stack = lx.stack[0 : len(lx.stack)-1] @@ -305,6 +302,8 @@ func lexTop(lx *lexer) stateFn { return lexTableStart case eof: if lx.pos > lx.start { + // TODO: never reached? I think this can only occur on a bug in the + // lexer(?) return lx.errorf("unexpected EOF") } lx.emit(itemEOF) @@ -392,8 +391,6 @@ func lexTableNameStart(lx *lexer) stateFn { func lexTableNameEnd(lx *lexer) stateFn { lx.skip(isWhitespace) switch r := lx.next(); { - case isWhitespace(r): - return lexTableNameEnd case r == '.': lx.ignore() return lexTableNameStart @@ -412,7 +409,7 @@ func lexTableNameEnd(lx *lexer) stateFn { // Lexes only one part, e.g. only 'a' inside 'a.b'. func lexBareName(lx *lexer) stateFn { r := lx.next() - if isBareKeyChar(r, lx.tomlNext) { + if isBareKeyChar(r) { return lexBareName } lx.backup() @@ -420,23 +417,23 @@ func lexBareName(lx *lexer) stateFn { return lx.pop() } -// lexBareName lexes one part of a key or table. -// -// It assumes that at least one valid character for the table has already been -// read. +// lexQuotedName lexes one part of a quoted key or table name. It assumes that +// it starts lexing at the quote itself (" or '). // // Lexes only one part, e.g. only '"a"' inside '"a".b'. func lexQuotedName(lx *lexer) stateFn { r := lx.next() switch { - case isWhitespace(r): - return lexSkip(lx, lexValue) case r == '"': lx.ignore() // ignore the '"' return lexString case r == '\'': lx.ignore() // ignore the "'" return lexRawString + + // TODO: I don't think any of the below conditions can ever be reached? + case isWhitespace(r): + return lexSkip(lx, lexValue) case r == eof: return lx.errorf("unexpected EOF; expected value") default: @@ -464,17 +461,19 @@ func lexKeyStart(lx *lexer) stateFn { func lexKeyNameStart(lx *lexer) stateFn { lx.skip(isWhitespace) switch r := lx.peek(); { - case r == '=' || r == eof: - return lx.errorf("unexpected '='") - case r == '.': - return lx.errorf("unexpected '.'") + default: + lx.push(lexKeyEnd) + return lexBareName case r == '"' || r == '\'': lx.ignore() lx.push(lexKeyEnd) return lexQuotedName - default: - lx.push(lexKeyEnd) - return lexBareName + + // TODO: I think these can never be reached? + case r == '=' || r == eof: + return lx.errorf("unexpected '='") + case r == '.': + return lx.errorf("unexpected '.'") } } @@ -485,7 +484,7 @@ func lexKeyEnd(lx *lexer) stateFn { switch r := lx.next(); { case isWhitespace(r): return lexSkip(lx, lexKeyEnd) - case r == eof: + case r == eof: // TODO: never reached return lx.errorf("unexpected EOF; expected key separator '='") case r == '.': lx.ignore() @@ -628,10 +627,7 @@ func lexInlineTableValue(lx *lexer) stateFn { case isWhitespace(r): return lexSkip(lx, lexInlineTableValue) case isNL(r): - if lx.tomlNext { - return lexSkip(lx, lexInlineTableValue) - } - return lx.errorPrevLine(errLexInlineTableNL{}) + return lexSkip(lx, lexInlineTableValue) case r == '#': lx.push(lexInlineTableValue) return lexCommentStart @@ -653,10 +649,7 @@ func lexInlineTableValueEnd(lx *lexer) stateFn { case isWhitespace(r): return lexSkip(lx, lexInlineTableValueEnd) case isNL(r): - if lx.tomlNext { - return lexSkip(lx, lexInlineTableValueEnd) - } - return lx.errorPrevLine(errLexInlineTableNL{}) + return lexSkip(lx, lexInlineTableValueEnd) case r == '#': lx.push(lexInlineTableValueEnd) return lexCommentStart @@ -664,10 +657,7 @@ func lexInlineTableValueEnd(lx *lexer) stateFn { lx.ignore() lx.skip(isWhitespace) if lx.peek() == '}' { - if lx.tomlNext { - return lexInlineTableValueEnd - } - return lx.errorf("trailing comma not allowed in inline tables") + return lexInlineTableValueEnd } return lexInlineTableValue case r == '}': @@ -855,9 +845,6 @@ func lexStringEscape(lx *lexer) stateFn { r := lx.next() switch r { case 'e': - if !lx.tomlNext { - return lx.error(errLexEscape{r}) - } fallthrough case 'b': fallthrough @@ -878,9 +865,6 @@ func lexStringEscape(lx *lexer) stateFn { case '\\': return lx.pop() case 'x': - if !lx.tomlNext { - return lx.error(errLexEscape{r}) - } return lexHexEscape case 'u': return lexShortUnicodeEscape @@ -928,19 +912,9 @@ func lexLongUnicodeEscape(lx *lexer) stateFn { // lexBaseNumberOrDate can differentiate base prefixed integers from other // types. func lexNumberOrDateStart(lx *lexer) stateFn { - r := lx.next() - switch r { - case '0': + if lx.next() == '0' { return lexBaseNumberOrDate } - - if !isDigit(r) { - // The only way to reach this state is if the value starts - // with a digit, so specifically treat anything else as an - // error. - return lx.errorf("expected a digit but got %q", r) - } - return lexNumberOrDate } @@ -1196,13 +1170,13 @@ func lexSkip(lx *lexer, nextState stateFn) stateFn { } func (s stateFn) String() string { + if s == nil { + return "" + } name := runtime.FuncForPC(reflect.ValueOf(s).Pointer()).Name() if i := strings.LastIndexByte(name, '.'); i > -1 { name = name[i+1:] } - if s == nil { - name = "" - } return name + "()" } @@ -1210,8 +1184,6 @@ func (itype itemType) String() string { switch itype { case itemError: return "Error" - case itemNIL: - return "NIL" case itemEOF: return "EOF" case itemText: @@ -1226,18 +1198,22 @@ func (itype itemType) String() string { return "Float" case itemDatetime: return "DateTime" + case itemArray: + return "Array" + case itemArrayEnd: + return "ArrayEnd" case itemTableStart: return "TableStart" case itemTableEnd: return "TableEnd" + case itemArrayTableStart: + return "ArrayTableStart" + case itemArrayTableEnd: + return "ArrayTableEnd" case itemKeyStart: return "KeyStart" case itemKeyEnd: return "KeyEnd" - case itemArray: - return "Array" - case itemArrayEnd: - return "ArrayEnd" case itemCommentStart: return "CommentStart" case itemInlineTableStart: @@ -1266,7 +1242,7 @@ func isDigit(r rune) bool { return r >= '0' && r <= '9' } func isBinary(r rune) bool { return r == '0' || r == '1' } func isOctal(r rune) bool { return r >= '0' && r <= '7' } func isHex(r rune) bool { return (r >= '0' && r <= '9') || (r|0x20 >= 'a' && r|0x20 <= 'f') } -func isBareKeyChar(r rune, tomlNext bool) bool { +func isBareKeyChar(r rune) bool { return (r >= 'A' && r <= 'Z') || (r >= 'a' && r <= 'z') || (r >= '0' && r <= '9') || r == '_' || r == '-' } diff --git a/vendor/github.com/BurntSushi/toml/parse.go b/vendor/github.com/BurntSushi/toml/parse.go index e3ea8a9..b474247 100644 --- a/vendor/github.com/BurntSushi/toml/parse.go +++ b/vendor/github.com/BurntSushi/toml/parse.go @@ -3,7 +3,6 @@ package toml import ( "fmt" "math" - "os" "strconv" "strings" "time" @@ -17,7 +16,6 @@ type parser struct { context Key // Full key for the current hash in scope. currentKey string // Base key name for everything except hashes. pos Position // Current position in the TOML file. - tomlNext bool ordered []Key // List of keys in the order that they appear in the TOML data. @@ -32,8 +30,6 @@ type keyInfo struct { } func parse(data string) (p *parser, err error) { - _, tomlNext := os.LookupEnv("BURNTSUSHI_TOML_110") - defer func() { if r := recover(); r != nil { if pErr, ok := r.(ParseError); ok { @@ -73,10 +69,9 @@ func parse(data string) (p *parser, err error) { p = &parser{ keyInfo: make(map[string]keyInfo), mapping: make(map[string]any), - lx: lex(data, tomlNext), + lx: lex(data), ordered: make([]Key, 0), implicits: make(map[string]struct{}), - tomlNext: tomlNext, } for { item := p.next() @@ -350,17 +345,14 @@ func (p *parser) valueFloat(it item) (any, tomlType) { var dtTypes = []struct { fmt string zone *time.Location - next bool }{ - {time.RFC3339Nano, time.Local, false}, - {"2006-01-02T15:04:05.999999999", internal.LocalDatetime, false}, - {"2006-01-02", internal.LocalDate, false}, - {"15:04:05.999999999", internal.LocalTime, false}, - - // tomlNext - {"2006-01-02T15:04Z07:00", time.Local, true}, - {"2006-01-02T15:04", internal.LocalDatetime, true}, - {"15:04", internal.LocalTime, true}, + {time.RFC3339Nano, time.Local}, + {"2006-01-02T15:04:05.999999999", internal.LocalDatetime}, + {"2006-01-02", internal.LocalDate}, + {"15:04:05.999999999", internal.LocalTime}, + {"2006-01-02T15:04Z07:00", time.Local}, + {"2006-01-02T15:04", internal.LocalDatetime}, + {"15:04", internal.LocalTime}, } func (p *parser) valueDatetime(it item) (any, tomlType) { @@ -371,9 +363,6 @@ func (p *parser) valueDatetime(it item) (any, tomlType) { err error ) for _, dt := range dtTypes { - if dt.next && !p.tomlNext { - continue - } t, err = time.ParseInLocation(dt.fmt, it.val, dt.zone) if err == nil { if missingLeadingZero(it.val, dt.fmt) { @@ -644,6 +633,11 @@ func (p *parser) setValue(key string, value any) { // Note that since it has already been defined (as a hash), we don't // want to overwrite it. So our business is done. if p.isArray(keyContext) { + if !p.isImplicit(keyContext) { + if _, ok := hash[key]; ok { + p.panicf("Key '%s' has already been defined.", keyContext) + } + } p.removeImplicit(keyContext) hash[key] = value return @@ -802,10 +796,8 @@ func (p *parser) replaceEscapes(it item, str string) string { b.WriteByte(0x0d) skip = 1 case 'e': - if p.tomlNext { - b.WriteByte(0x1b) - skip = 1 - } + b.WriteByte(0x1b) + skip = 1 case '"': b.WriteByte(0x22) skip = 1 @@ -815,11 +807,9 @@ func (p *parser) replaceEscapes(it item, str string) string { // The lexer guarantees the correct number of characters are present; // don't need to check here. case 'x': - if p.tomlNext { - escaped := p.asciiEscapeToUnicode(it, str[i+2:i+4]) - b.WriteRune(escaped) - skip = 3 - } + escaped := p.asciiEscapeToUnicode(it, str[i+2:i+4]) + b.WriteRune(escaped) + skip = 3 case 'u': escaped := p.asciiEscapeToUnicode(it, str[i+2:i+6]) b.WriteRune(escaped) diff --git a/vendor/github.com/minio/sio/.golangci.yml b/vendor/github.com/minio/sio/.golangci.yml index dd2cc77..c690c8b 100644 --- a/vendor/github.com/minio/sio/.golangci.yml +++ b/vendor/github.com/minio/sio/.golangci.yml @@ -1,34 +1,47 @@ -linters-settings: - golint: - min-confidence: 0 - - misspell: - locale: US - - staticcheck: - checks: ['all', '-SA6002'] - +version: "2" linters: - disable-all: true + default: none enable: - durationcheck + - errcheck - gocritic - - gofumpt - - goimports - gomodguard + - gosec - govet - ineffassign - misspell - revive - staticcheck - - tenv - - typecheck - unconvert - unused - -issues: - exclude-use-default: false - exclude: - - should have a package comment - - error strings should not be capitalized or end with punctuation or a newline - - don't use ALL_CAPS in Go names + settings: + misspell: + locale: US + revive: + rules: + - name: package-comments + disabled: true + - name: error-strings + disabled: true + staticcheck: + checks: + - all + - -SA6002 + - -ST1003 + exclusions: + generated: lax + rules: + - linters: + - revive + text: don't use ALL_CAPS in Go names + paths: + - third_party$ + - builtin$ + - examples$ +formatters: + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ diff --git a/vendor/github.com/minio/sio/.travis.yml b/vendor/github.com/minio/sio/.travis.yml deleted file mode 100644 index 3efbefb..0000000 --- a/vendor/github.com/minio/sio/.travis.yml +++ /dev/null @@ -1,22 +0,0 @@ -go_import_path: github.com/minio/sio -sudo: required - -dist: trusty - -language: go - -os: -- linux - -env: -- ARCH=x86_64 -- ARCH=i686 - -go: -- "1.12" -- "1.13" - -script: -- diff -au <(gofmt -d .) <(printf "") -- go vet ./... -- go test -v ./... diff --git a/vendor/github.com/minio/sio/CONTRIBUTING.md b/vendor/github.com/minio/sio/CONTRIBUTING.md new file mode 100644 index 0000000..a17199a --- /dev/null +++ b/vendor/github.com/minio/sio/CONTRIBUTING.md @@ -0,0 +1,262 @@ +# Contributing to sio + +Thank you for your interest in contributing to `sio`! This document provides guidelines and instructions for contributing. + +## Code of Conduct + +Be respectful and professional in all interactions. We're here to build great software together. + +## Getting Started + +### Prerequisites + +- Go 1.24 or later +- Git +- golangci-lint (for linting) +- Basic understanding of cryptography (helpful but not required) + +### Development Setup + +1. Fork the repository on GitHub +2. Clone your fork: + ```bash + git clone https://github.com/YOUR_USERNAME/sio.git + cd sio + ``` +3. Add the upstream repository: + ```bash + git remote add upstream https://github.com/minio/sio.git + ``` +4. Install dependencies: + ```bash + go mod download + ``` + +## Development Workflow + +### 1. Create a Branch + +```bash +git checkout -b feature/your-feature-name +``` + +Use prefixes: + +- `feature/` - New features +- `fix/` - Bug fixes +- `docs/` - Documentation changes +- `perf/` - Performance improvements +- `refactor/` - Code refactoring + +### 2. Make Changes + +Follow the coding standards below and ensure your code: + +- Is well-tested +- Includes documentation +- Passes all existing tests +- Doesn't introduce security vulnerabilities + +### 3. Run Tests + +```bash +# Run all tests +go test -v ./... + +# Run with race detector +go test -race ./... + +# Run with coverage +go test -coverprofile=coverage.out ./... +go tool cover -html=coverage.out +``` + +### 4. Run Linters + +```bash +# Run gofmt +gofmt -s -w . + +# Run go vet +go vet ./... + +# Run golangci-lint +golangci-lint run +``` + +### 5. Commit Changes + +Write clear commit messages following this format: + +``` +Short summary (50 chars or less) + +More detailed explanation if needed. Wrap at 72 characters. +Explain the problem this commit solves and why you chose +this solution. + +Fixes #123 +``` + +### 6. Push and Create Pull Request + +```bash +git push origin feature/your-feature-name +``` + +Then create a pull request on GitHub with: + +- Clear description of the changes +- Reference to related issues +- Screenshots/examples if applicable + +## Coding Standards + +### Go Style + +- Follow [Effective Go](https://golang.org/doc/effective_go.html) +- Use `gofmt` for formatting +- Keep functions small and focused +- Write self-documenting code with clear names + +### Error Handling + +- Always check errors +- Wrap errors with context using `fmt.Errorf("context: %w", err)` +- Return errors, don't panic (except for truly unrecoverable situations) +- Use typed errors for API boundaries + +### Testing + +- Write table-driven tests where appropriate +- Test edge cases and error conditions +- Aim for >80% code coverage +- Use meaningful test names: `TestFunctionName_Scenario` + +### Documentation + +- Add godoc comments for all exported types, functions, and constants +- Include usage examples for complex functionality +- Update README.md if adding user-facing features +- Document security considerations + +### Security + +- Never commit secrets or sensitive data +- Be cautious with cryptographic code +- Consider timing attacks and side channels +- Add tests for security-critical code paths + +## Pull Request Process + +1. **Update documentation** - README.md, godoc comments, etc. +2. **Add tests** - New code must include tests +3. **Pass CI checks** - All tests and linters must pass +4. **Get reviewed** - At least one maintainer must approve +5. **Squash commits** - Keep history clean with meaningful commits + +### PR Checklist + +- [ ] Tests added/updated and passing +- [ ] Documentation updated +- [ ] golangci-lint passes +- [ ] No breaking changes (or documented in PR) +- [ ] Commit messages are clear +- [ ] Branch is up to date with master + +## Testing Guidelines + +### Unit Tests + +Focus on: + +- Individual function behavior +- Edge cases (empty inputs, max size, etc.) +- Error conditions +- Different cipher suites + +### Integration Tests + +Focus on: + +- End-to-end encryption/decryption +- Different stream sizes +- Reader/Writer interfaces +- Version compatibility + +### Fuzzing + +For cryptographic code, consider adding fuzz tests: + +```go +func FuzzDecrypt(f *testing.F) { + // Add corpus and fuzz implementation +} +``` + +## Benchmarking + +When making performance-related changes: + +```bash +# Run benchmarks +go test -bench=. -benchmem + +# Compare before/after +go test -bench=. -benchmem > old.txt +# make changes +go test -bench=. -benchmem > new.txt +benchstat old.txt new.txt +``` + +## Release Process + +(For maintainers) + +1. Update version numbers and CHANGELOG +2. Run full test suite including race detector +3. Tag release: `git tag v1.x.x` +4. Push tag: `git push origin v1.x.x` +5. GitHub Actions will create the release + +## Common Tasks + +### Adding a New Function + +1. Implement the function +2. Add godoc comment +3. Add unit tests +4. Add example test +5. Update README if user-facing + +### Fixing a Bug + +1. Add a test that reproduces the bug +2. Fix the bug +3. Verify the test now passes +4. Consider adding additional edge case tests + +### Improving Performance + +1. Add benchmark before changes +2. Make improvements +3. Run benchmark again +4. Include benchmark results in PR +5. Verify no functionality regression + +## Getting Help + +- **Questions**: Open a GitHub Discussion +- **Bugs**: Open a GitHub Issue +- **Security**: Email security@min.io +- **Chat**: Join MinIO Slack (link in README) + +## Recognition + +Contributors will be: + +- Listed in release notes +- Mentioned in commit history +- Added to CONTRIBUTORS file (if significant contribution) + +Thank you for contributing to sio! diff --git a/vendor/github.com/minio/sio/DARE.md b/vendor/github.com/minio/sio/DARE.md index 67c2ab2..fe89648 100644 --- a/vendor/github.com/minio/sio/DARE.md +++ b/vendor/github.com/minio/sio/DARE.md @@ -13,9 +13,10 @@ on (untrusted) storage providers. DARE specifies how to split an arbitrary data stream into small chunks (packages) and concatenate them into a tamper-proof chain. Tamper-proof means that an attacker is not able to: - - decrypt one or more packages. - - modify the content of one or more packages. - - reorder/rearrange one or more packages. + +- decrypt one or more packages. +- modify the content of one or more packages. +- reorder/rearrange one or more packages. An attacker is defined as somebody who has full access to the encrypted data but not to the encryption key. An attacker can also act as storage provider. @@ -23,46 +24,48 @@ but not to the encryption key. An attacker can also act as storage provider. ### 2.1 Cryptographic Notation DARE will use the following notations: - - The set **{a,b}** means select **one** of the provided values **a**, **b**. - - The concatenation of the byte sequences **a** and **b** is **a || b**. - - The function **len(seq)** returns the length of a byte sequence **seq** in bytes. - - The index access **seq[i]** accesses one byte at index **i** of the sequence **seq**. - - The range access **seq[i : j]** accesses a range of bytes starting at **i** (inclusive) - and ending at **j** (exclusive). - - The compare functions **a == b => f** and **a != b => f** succeed when **a** - is equal to **b** and **a** is not equal to **b** respectively and execute the command **f**. - - The function **CTC(a, b)** returns **1** only if **a** and **b** are equal, 0 otherwise. - CTC compares both values in **constant time**. - - **ENC(key, nonce, plaintext, addData)** represents the byte sequence which is - the output from an AEAD cipher authenticating the *addData*, encrypting and - authenticating the *plaintext* with the secret encryption *key* and the *nonce*. - - **DEC(key, nonce, ciphertext, addData)** represents the byte sequence which is - the output from an AEAD cipher verifying the integrity of the *ciphertext* & - *addData* and decrypting the *ciphertext* with the secret encryption *key* and - the *nonce*. The decryption **always** fails if the integrity check fails. + +- The set **{a,b}** means select **one** of the provided values **a**, **b**. +- The concatenation of the byte sequences **a** and **b** is **a || b**. +- The function **len(seq)** returns the length of a byte sequence **seq** in bytes. +- The index access **seq[i]** accesses one byte at index **i** of the sequence **seq**. +- The range access **seq[i : j]** accesses a range of bytes starting at **i** (inclusive) + and ending at **j** (exclusive). +- The compare functions **a == b => f** and **a != b => f** succeed when **a** + is equal to **b** and **a** is not equal to **b** respectively and execute the command **f**. +- The function **CTC(a, b)** returns **1** only if **a** and **b** are equal, 0 otherwise. + CTC compares both values in **constant time**. +- **ENC(key, nonce, plaintext, addData)** represents the byte sequence which is + the output from an AEAD cipher authenticating the _addData_, encrypting and + authenticating the _plaintext_ with the secret encryption _key_ and the _nonce_. +- **DEC(key, nonce, ciphertext, addData)** represents the byte sequence which is + the output from an AEAD cipher verifying the integrity of the _ciphertext_ & + _addData_ and decrypting the _ciphertext_ with the secret encryption _key_ and + the _nonce_. The decryption **always** fails if the integrity check fails. All numbers must be converted into byte sequences by using the little endian byte -order. An AEAD cipher will be either AES-256_GCM or CHACHA20_POLY1305. +order. An AEAD cipher will be either AES-256_GCM or CHACHA20_POLY1305. ## 2.2 Keys Both ciphers - AES-256_GCM and CHACHA20_POLY1305 - require a 32 byte key. The key **must** be unique for one encrypted data stream. Reusing a key **compromises** some security properties provided by DARE. See Appendix A for recommendations -about generating keys and preventing key reuse. +about generating keys and preventing key reuse. ## 2.3 Errors DARE defines the following errors: - - **err_unsupported_version**: Indicates that the header version is not supported. - - **err_unsupported_cipher**: Indicates that the cipher suite is not supported. - - **err_missing_header**: Indicates that the payload header is missing or incomplete. - - **err_payload_too_short**: Indicates that the actual payload size is smaller than the + +- **err_unsupported_version**: Indicates that the header version is not supported. +- **err_unsupported_cipher**: Indicates that the cipher suite is not supported. +- **err_missing_header**: Indicates that the payload header is missing or incomplete. +- **err_payload_too_short**: Indicates that the actual payload size is smaller than the payload size field of the header. - - **err_package_out_of_order**: Indicates that the sequence number of the package does - not match the expected sequence number. - - **err_tag_mismatch**: Indicates that the tag of the package does not match the tag - computed while decrypting the package. +- **err_package_out_of_order**: Indicates that the sequence number of the package does + not match the expected sequence number. +- **err_tag_mismatch**: Indicates that the tag of the package does not match the tag + computed while decrypting the package. ## 3. Package Format @@ -70,23 +73,23 @@ DARE splits an arbitrary data stream into a sequence of packages. Each package i encrypted separately. A package consists of a header, a payload and an authentication tag. -Header | Payload | Tag ----------|----------------|--------- -16 bytes | 1 byte - 64 KB | 16 bytes +| Header | Payload | Tag | +| -------- | -------------- | -------- | +| 16 bytes | 1 byte - 64 KB | 16 bytes | The header contains information about the package. It consists of: -Version | Cipher suite | Payload size | Sequence number | nonce ---------|--------------|------------------|------------------|--------- -1 byte | 1 byte | 2 bytes / uint16 | 4 bytes / uint32 | 8 bytes +| Version | Cipher suite | Payload size | Sequence number | nonce | +| ------- | ------------ | ---------------- | ---------------- | ------- | +| 1 byte | 1 byte | 2 bytes / uint16 | 4 bytes / uint32 | 8 bytes | -The first byte specifies the version of the format and is equal to 0x10 for DARE +The first byte specifies the version of the format and is equal to 0x10 for DARE version 1.0. The second byte specifies the cipher used to encrypt the package. -Cipher | Value -------------------|------- -AES-256_GCM | 0x00 -CHACHA20_POLY1305 | 0x01 +| Cipher | Value | +| ----------------- | ----- | +| AES-256_GCM | 0x00 | +| CHACHA20_POLY1305 | 0x01 | The payload size is an uint16 number. The real payload size is defined as the payload size field as uint32 + 1. This ensures that the payload can be exactly 64 KB long and @@ -94,7 +97,7 @@ prevents empty packages without a payload. The sequence number is an uint32 number identifying the package within a sequence of packages. It is a monotonically increasing number. The sequence number **must** be 0 for -the first package and **must** be incremented for every subsequent package. The +the first package and **must** be incremented for every subsequent package. The sequence number of the n-th package is n-1. This means a sequence of packages can consist of 2 ^ 32 packages and each package can hold up to 64 KB data. The maximum size of a data stream is limited by `64 KB * 2^32 = 256 TB`. This should be sufficient @@ -112,7 +115,7 @@ The payload contains the encrypted data. It must be at least 1 byte long and can The authentication tag is generated by the AEAD cipher while encrypting and authenticating the package. The authentication tag **must** always be verified while decrypting the package. -Decrypted content **must never** be returned before the authentication tag is successfully +Decrypted content **must never** be returned before the authentication tag is successfully verified. ## 4. Encryption @@ -120,7 +123,7 @@ verified. DARE encrypts every package separately. The header version, cipher suite and nonce **should** be the same for all encrypted packages of one data stream. It is **recommended** to not change this values within one sequence of packages. The nonce **should** be generated randomly once -at the beginning of the encryption process and repeated in every header. See Appendix B for +at the beginning of the encryption process and repeated in every header. See Appendix B for recommendations about generating random numbers. The sequence number is the sequence number of the previous package plus 1. The sequence number @@ -137,7 +140,7 @@ header[2:4] = little_endian( len(plaintext) - 1 ) header[4:8] = little_endian( sequence_number ) header[8:16] = nonce -payload || tag = ENC(key, header[4:16], plaintext, header[0:4]) +payload || tag = ENC(key, header[4:16], plaintext, header[0:4]) sequence_number = sequence_number + 1 ``` @@ -152,7 +155,7 @@ plaintext is returned. The decryption happens in three steps: to save the first expected sequence number at the beginning of the decryption process. After every successfully decrypted package this sequence number is incremented by 1. The sequence number of all packages **must** match the saved / expected number. -3. Verify that the authentication tag at the end of the package is equal to the authentication tag +3. Verify that the authentication tag at the end of the package is equal to the authentication tag computed while decrypting the package. This **must** happen in constant time. The decryption is defined as following: @@ -168,25 +171,27 @@ plaintext || tag := DEC(key, header[4:16], ciphertext, header[0:4]) CTC(ciphertext[len(plaintext) : len(plaintext) + 16], tag) != 1 => err_tag_mismatch expected_sequence_number = expected_sequence_number + 1 -``` +``` ## Security DARE provides confidentiality and integrity of the encrypted data as long as the encryption key is never reused. This means that a **different** encryption key **must** be used for every data -stream. See Appendix A for recommendations. +stream. See Appendix A for recommendations. If the same encryption key is used to encrypt two different data streams, an attacker is able to -exchange packages with the same sequence number. This means that the attacker is able to replace +exchange packages with the same sequence number. This means that the attacker is able to replace any package of a sequence with another package as long as: - - Both packages are encrypted with the same key. - - The sequence numbers of both packages are equal. + +- Both packages are encrypted with the same key. +- The sequence numbers of both packages are equal. If two data streams are encrypted with the same key the attacker will not be able to decrypt any package of those streams without breaking the cipher as long as the nonces are different. To be more precise the attacker may only be able to decrypt a package if: - - There is another package encrypted with the same key. - - The sequence number and nonce of those two packages (encrypted with the same key) are equal. + +- There is another package encrypted with the same key. +- The sequence number and nonce of those two packages (encrypted with the same key) are equal. As long as the nonce of a sequence of packages differs from every other nonce (and the nonce is repeated within one sequence - which is **recommended**) the attacker will not be able to decrypt @@ -199,12 +204,12 @@ It is sufficient when the nonces differ from each other in at least one bit. DARE needs a unique encryption key per data stream. The best approach to ensure that the keys are unique is to derive every encryption key from a master key. Therefore a key derivation function -(KDF) - e.g. HKDF, BLAKE2X or HChaCha20 - can be used. The master key itself may be derived from +(KDF) - e.g. HKDF, BLAKE2X or HChaCha20 - can be used. The master key itself may be derived from a password using functions like Argon2 or scrypt. Deriving those keys is the responsibility of the users of DARE. It is **not recommended** to derive encryption keys from a master key and an identifier (like the -file path). If a different data stream is stored under the same identifier - e.g. overwriting the +file path). If a different data stream is stored under the same identifier - e.g. overwriting the data - the derived key would be the same for both streams. Instead encryption keys should be derived from a master key and a random value. It is not required diff --git a/vendor/github.com/minio/sio/README.md b/vendor/github.com/minio/sio/README.md index 4ddf3e8..3f93e6f 100644 --- a/vendor/github.com/minio/sio/README.md +++ b/vendor/github.com/minio/sio/README.md @@ -1,13 +1,16 @@ -[![Godoc Reference](https://godoc.org/github.com/minio/sio?status.svg)](https://godoc.org/github.com/minio/sio) -[![Travis CI](https://travis-ci.org/minio/sio.svg?branch=master)](https://travis-ci.org/minio/sio) -[![Go Report Card](https://goreportcard.com/badge/minio/sio)](https://goreportcard.com/report/minio/sio) +[![Go Reference](https://pkg.go.dev/badge/github.com/minio/sio.svg)](https://pkg.go.dev/github.com/minio/sio) +[![Go](https://github.com/minio/sio/actions/workflows/go.yml/badge.svg)](https://github.com/minio/sio/actions/workflows/go.yml) +[![Go Report Card](https://goreportcard.com/badge/github.com/minio/sio)](https://goreportcard.com/report/github.com/minio/sio) +[![Security](https://img.shields.io/badge/Security-Policy-blue)](SECURITY.md) +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE) # Secure IO + ## Go implementation of the Data At Rest Encryption (DARE) format. ## Introduction -It is a common problem to store data securely - especially on untrusted remote storage. +It is a common problem to store data securely - especially on untrusted remote storage. One solution to this problem is cryptography. Before data is stored it is encrypted to ensure that the data is confidential. Unfortunately encrypting data is not enough to prevent more sophisticated attacks. Anyone who has access to the stored data can try to @@ -15,9 +18,10 @@ manipulate the data - even if the data is encrypted. To prevent these kinds of attacks the data must be encrypted in a tamper-resistant way. This means an attacker should not be able to: - - Read the stored data - this is achieved by modern encryption algorithms. - - Modify the data by changing parts of the encrypted data. - - Rearrange or reorder parts of the encrypted data. + +- Read the stored data - this is achieved by modern encryption algorithms. +- Modify the data by changing parts of the encrypted data. +- Rearrange or reorder parts of the encrypted data. Authenticated encryption schemes (AE) - like AES-GCM or ChaCha20-Poly1305 - encrypt and authenticate data. Any modification to the encrypted data (ciphertext) is detected while @@ -26,19 +30,19 @@ kinds of data manipulation. All modern AE schemes produce an authentication tag which is verified after the ciphertext is decrypted. If a large amount of data is decrypted it is not always possible to buffer -all decrypted data until the authentication tag is verified. Returning unauthenticated +all decrypted data until the authentication tag is verified. Returning unauthenticated data has the same issues like encrypting data without authentication. Splitting the data into small chunks fixes the problem of deferred authentication checks -but introduces a new one. The chunks can be reordered - e.g. exchanging chunk 1 and 2 - +but introduces a new one. The chunks can be reordered - e.g. exchanging chunk 1 and 2 - because every chunk is encrypted separately. Therefore the order of the chunks must be -encoded somehow into the chunks itself to be able to detect rearranging any number of -chunks. +encoded somehow into the chunks itself to be able to detect rearranging any number of +chunks. -This project specifies a [format](https://github.com/minio/sio/blob/master/DARE.md) for +This project specifies a [format](https://github.com/minio/sio/blob/master/DARE.md) for en/decrypting an arbitrary data stream and gives some [recommendations](https://github.com/minio/sio/blob/master/DARE.md#appendices) about how to use and implement data at rest encryption (DARE). Additionally this project -provides a reference implementation in Go. +provides a reference implementation in Go. ## Applications @@ -47,25 +51,34 @@ with a very simple reorder protection mechanism to build a tamper-resistant encr scheme. DARE can be used to encrypt files, backups and even large object storage systems. Its main properties are: - - Security and high performance by relying on modern AEAD ciphers - - Small overhead - encryption increases the amount of data by ~0.05% - - Support for long data streams - up to 256 TB under the same key - - Random access - arbitrary sequences / ranges can be decrypted independently + +- Security and high performance by relying on modern AEAD ciphers +- Small overhead - encryption increases the amount of data by ~0.05% +- Support for long data streams - up to 256 TB under the same key +- Random access - arbitrary sequences / ranges can be decrypted independently **Install:** `go get -u github.com/minio/sio` -DARE and `github.com/minio/sio` are finalized and can be used in production. +DARE and `github.com/minio/sio` are stable and production-ready. We also provide a CLI tool to en/decrypt arbitrary data streams directly from your command line: -**Install ncrypt:** `go get -u github.com/minio/sio/cmd/ncrypt && ncrypt -h` +**Install ncrypt:** `go install github.com/minio/sio/cmd/ncrypt@latest && ncrypt -h` + +## Contributing + +We welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines. + +## Security + +For security vulnerability reports, please see our [Security Policy](SECURITY.md). ## Performance -Cipher | 8 KB | 64 KB | 512 KB | 1 MB ------------------ | -------- | --------- | --------- | -------- -AES_256_GCM | 90 MB/s | 1.96 GB/s | 2.64 GB/s | 2.83 GB/s -CHACHA20_POLY1305 | 97 MB/s | 1.23 GB/s | 1.54 GB/s | 1.57 GB/s +| Cipher | 8 KB | 64 KB | 512 KB | 1 MB | +| ----------------- | ------- | --------- | --------- | --------- | +| AES_256_GCM | 90 MB/s | 1.96 GB/s | 2.64 GB/s | 2.83 GB/s | +| CHACHA20_POLY1305 | 97 MB/s | 1.23 GB/s | 1.54 GB/s | 1.57 GB/s | -*On i7-6500U 2 x 2.5 GHz | Linux 4.10.0-32-generic | Go 1.8.3 | AES-NI & AVX2* \ No newline at end of file +_On i7-6500U 2 x 2.5 GHz | Linux 4.10.0-32-generic | Go 1.8.3 | AES-NI & AVX2_ diff --git a/vendor/github.com/minio/sio/SECURITY.md b/vendor/github.com/minio/sio/SECURITY.md new file mode 100644 index 0000000..3cfce70 --- /dev/null +++ b/vendor/github.com/minio/sio/SECURITY.md @@ -0,0 +1,130 @@ +# Security Policy + +## Supported Versions + +We actively support the following versions of `sio`: + +| Version | Supported | +| ------- | ------------------ | +| latest | :white_check_mark: | + +We recommend always using the latest version to ensure you have the most recent security updates. + +## Reporting a Vulnerability + +The MinIO team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings. + +### How to Report + +**Please do NOT report security vulnerabilities through public GitHub issues.** + +Instead, please report security vulnerabilities by emailing: + +**security@min.io** + +Include the following information in your report: + +- Type of vulnerability (e.g., buffer overflow, authentication bypass, cryptographic weakness) +- Full paths of source file(s) related to the vulnerability +- Location of the affected source code (tag/branch/commit or direct URL) +- Step-by-step instructions to reproduce the issue +- Proof-of-concept or exploit code (if available) +- Impact of the vulnerability, including how an attacker might exploit it + +### What to Expect + +- **Acknowledgment**: You will receive an acknowledgment of your report within 48 hours. +- **Communication**: We will keep you informed of the progress toward a fix and public disclosure. +- **Credit**: We will credit you in the security advisory (unless you prefer to remain anonymous). +- **Timeline**: We aim to patch critical vulnerabilities within 30 days of responsible disclosure. + +## Security Best Practices + +When using `sio`, follow these security best practices: + +### Key Management + +1. **Never reuse encryption keys**: Each data stream should use a unique key derived from a master key +2. **Use a KDF**: Derive per-stream keys using HKDF, BLAKE2X, or similar with unique context +3. **Secure key storage**: Store master keys in hardware security modules (HSMs) or key management services +4. **Key rotation**: Implement regular key rotation policies + +### Implementation + +1. **Verify authenticity**: Always check for sio.Error types which indicate authentication failures +2. **Handle errors**: Never ignore decryption errors or continue processing unauthenticated data +3. **Memory safety**: Be aware that decrypted data must be explicitly cleared from memory if needed +4. **Random sources**: Use crypto/rand.Reader for all random value generation +5. **Version pinning**: Pin specific versions in production and test updates before deployment + +### Known Limitations + +1. **Key reuse**: Reusing keys across different data streams allows package-level replay attacks +2. **Maximum size**: Single encrypted streams are limited to 256 TB +3. **Sequence numbers**: Limited to 2^32 packages per stream (~256 TB at 64KB packages) + +## Cryptographic Design + +### Algorithms + +- **AES-256-GCM**: Authenticated encryption with 256-bit keys (when hardware acceleration available) +- **ChaCha20-Poly1305**: Authenticated encryption with 256-bit keys (software fallback) + +### Security Properties + +`sio` provides: + +- **Confidentiality**: Data cannot be read without the correct key +- **Integrity**: Modifications to ciphertext are detected during decryption +- **Authenticity**: Data origin is verified through AEAD tags +- **Reorder protection**: Sequence numbers prevent package reordering + +### Attack Resistance + +`sio` is designed to resist: + +- Chosen-plaintext attacks (CPA) +- Chosen-ciphertext attacks (CCA) +- Package reordering attacks +- Truncation attacks (V2.0 with final package flag) + +### Not Protected Against + +`sio` does NOT protect against: + +- Key compromise +- Side-channel attacks (timing, power analysis) on the underlying cipher +- Replay attacks when keys are reused +- Attacks on the key derivation or storage mechanisms + +## Audit History + +- **2018**: Initial implementation review +- **2024**: Ongoing maintenance and security updates +- **TBD**: Formal cryptographic audit (planned) + +## Security Updates + +Security updates will be published as: + +- GitHub Security Advisories +- Release notes with [SECURITY] tags +- Updates to this SECURITY.md file + +Subscribe to repository releases to be notified of security updates. + +## References + +- [DARE Specification](DARE.md) +- [MinIO Security](https://min.io/security) +- [Go Cryptography Policy](https://golang.org/security) + +## Hall of Fame + +We appreciate security researchers who have responsibly disclosed vulnerabilities: + +(No vulnerabilities disclosed yet) + +--- + +Last updated: 2025-01-10 diff --git a/vendor/github.com/minio/sio/dare.go b/vendor/github.com/minio/sio/dare.go index 5aaf4c0..0c17dc5 100644 --- a/vendor/github.com/minio/sio/dare.go +++ b/vendor/github.com/minio/sio/dare.go @@ -29,7 +29,7 @@ func (h headerV10) Len() int { return int(binary.LittleEndia func (h headerV10) SequenceNumber() uint32 { return binary.LittleEndian.Uint32(h[4:]) } func (h headerV10) SetVersion() { h[0] = Version10 } func (h headerV10) SetCipher(suite byte) { h[1] = suite } -func (h headerV10) SetLen(length int) { binary.LittleEndian.PutUint16(h[2:], uint16(length-1)) } +func (h headerV10) SetLen(length int) { binary.LittleEndian.PutUint16(h[2:], uint16(length-1)) } //nolint:gosec // Expected conversion func (h headerV10) SetSequenceNumber(num uint32) { binary.LittleEndian.PutUint32(h[4:], num) } func (h headerV10) SetRand(randVal []byte) { copy(h[8:headerSize], randVal) } func (h headerV10) Nonce() []byte { return h[4:headerSize] } @@ -49,7 +49,7 @@ func (h headerV20) SetVersion() { h[0] = Version20 } func (h headerV20) Cipher() byte { return h[1] } func (h headerV20) SetCipher(cipher byte) { h[1] = cipher } func (h headerV20) Length() int { return int(binary.LittleEndian.Uint16(h[2:4])) + 1 } -func (h headerV20) SetLength(length int) { binary.LittleEndian.PutUint16(h[2:4], uint16(length-1)) } +func (h headerV20) SetLength(length int) { binary.LittleEndian.PutUint16(h[2:4], uint16(length-1)) } //nolint:gosec // Expected conversion func (h headerV20) IsFinal() bool { return h[4]&0x80 == 0x80 } func (h headerV20) Nonce() []byte { return h[4:headerSize] } func (h headerV20) AddData() []byte { return h[:4] } @@ -184,12 +184,12 @@ func newAuthEncV20(cfg *Config) (authEncV20, error) { }, nil } -func (ae *authEncV20) Seal(dst, src []byte) { ae.seal(dst, src, false) } -func (ae *authEncV20) SealFinal(dst, src []byte) { ae.seal(dst, src, true) } +func (ae *authEncV20) Seal(dst, src []byte) error { return ae.seal(dst, src, false) } +func (ae *authEncV20) SealFinal(dst, src []byte) error { return ae.seal(dst, src, true) } -func (ae *authEncV20) seal(dst, src []byte, finalize bool) { +func (ae *authEncV20) seal(dst, src []byte, finalize bool) error { if ae.finalized { // callers are not supposed to call Seal(Final) after a SealFinal call happened - panic("sio: cannot seal any package after final one") + return errSealAfterFinal } ae.finalized = finalize @@ -205,6 +205,7 @@ func (ae *authEncV20) seal(dst, src []byte, finalize bool) { ae.Cipher.Seal(dst[headerSize:headerSize], nonce[:], src, header.AddData()) ae.SeqNum++ + return nil } type authDecV20 struct { diff --git a/vendor/github.com/minio/sio/reader-v1.go b/vendor/github.com/minio/sio/reader-v1.go index be58f74..91711e2 100644 --- a/vendor/github.com/minio/sio/reader-v1.go +++ b/vendor/github.com/minio/sio/reader-v1.go @@ -128,7 +128,7 @@ func (r *decReaderV10) Read(p []byte) (n int, err error) { if len(p) < remaining { n = copy(p, payload[r.offset:+r.offset+len(p)]) r.offset += n - return + return n, err } n = copy(p, payload[r.offset:r.offset+remaining]) p = p[remaining:] @@ -232,7 +232,7 @@ func (r *decReaderAtV10) ReadAt(p []byte, offset int64) (n int, err error) { recycle: recycle, offset: 0, } - decReader.SeqNum = uint32(t) + decReader.SeqNum = uint32(t) //nolint:gosec // Safe conversion if k := offset % int64(maxPayloadSize); k > 0 { if _, err := io.CopyN(io.Discard, &decReader, k); err != nil { return 0, err diff --git a/vendor/github.com/minio/sio/reader-v2.go b/vendor/github.com/minio/sio/reader-v2.go index ab06e90..dd5aaf2 100644 --- a/vendor/github.com/minio/sio/reader-v2.go +++ b/vendor/github.com/minio/sio/reader-v2.go @@ -43,7 +43,8 @@ var packageBufferPool = sync.Pool{ func getBuffer() ([]byte, func()) { p := packageBufferPool.Get().(*[]byte) return *p, sync.OnceFunc(func() { - clear(*p) // Clear to avoid leaking data between callers + toZero := *p + clear(toZero[:cap(toZero)]) packageBufferPool.Put(p) }) } @@ -107,11 +108,15 @@ func (r *encReaderV20) Read(p []byte) (n int, err error) { return n, err // failed to read from src } if err == io.EOF || err == io.ErrUnexpectedEOF { // read less than 64KB -> final package - r.SealFinal(p, r.buffer[headerSize:headerSize+1+nn]) + if sealErr := r.SealFinal(p, r.buffer[headerSize:headerSize+1+nn]); sealErr != nil { + return n, sealErr + } return n + headerSize + tagSize + 1 + nn, io.EOF } r.lastByte = r.buffer[headerSize+maxPayloadSize] // save last read byte for the next package - r.Seal(p, r.buffer[headerSize:headerSize+maxPayloadSize]) + if sealErr := r.Seal(p, r.buffer[headerSize:headerSize+maxPayloadSize]); sealErr != nil { + return n, sealErr + } p = p[maxPackageSize:] n += maxPackageSize } @@ -124,7 +129,11 @@ func (r *encReaderV20) Read(p []byte) (n int, err error) { return n, err // failed to read from src } if err == io.EOF || err == io.ErrUnexpectedEOF { // read less than 64KB -> final package - r.SealFinal(r.buffer, r.buffer[headerSize:headerSize+1+nn]) + if sealErr := r.SealFinal(r.buffer, r.buffer[headerSize:headerSize+1+nn]); sealErr != nil { + r.stateErr = sealErr + r.recycle() + return n, sealErr + } if len(p) > r.buffer.Length() { n += copy(p, r.buffer[:r.buffer.Length()]) r.stateErr = io.EOF @@ -133,7 +142,11 @@ func (r *encReaderV20) Read(p []byte) (n int, err error) { } } else { r.lastByte = r.buffer[headerSize+maxPayloadSize] // save last read byte for the next package - r.Seal(r.buffer, r.buffer[headerSize:headerSize+maxPayloadSize]) + if sealErr := r.Seal(r.buffer, r.buffer[headerSize:headerSize+maxPayloadSize]); sealErr != nil { + r.stateErr = sealErr + r.recycle() + return n, sealErr + } } r.offset = copy(p, r.buffer[:len(p)]) // len(p) < len(r.buffer) - otherwise we would be still in the for-loop n += r.offset @@ -305,7 +318,7 @@ func (r *decReaderAtV20) ReadAt(p []byte, offset int64) (n int, err error) { recycle: recycle, offset: 0, } - decReader.SeqNum = uint32(t) + decReader.SeqNum = uint32(t) //nolint:gosec // Safe conversion if k > 0 { if _, err := io.CopyN(io.Discard, &decReader, k); err != nil { return 0, err diff --git a/vendor/github.com/minio/sio/sio.go b/vendor/github.com/minio/sio/sio.go index 32985d3..8f379dd 100644 --- a/vendor/github.com/minio/sio/sio.go +++ b/vendor/github.com/minio/sio/sio.go @@ -22,6 +22,7 @@ import ( "crypto/cipher" "crypto/rand" "errors" + "fmt" "io" "runtime" @@ -45,7 +46,24 @@ const ( // supportsAES indicates whether the CPU provides hardware support for AES-GCM. // AES-GCM should only be selected as default cipher if there's hardware support. -var supportsAES = (cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ) || runtime.GOARCH == "s390x" +var supportsAES = detectAESSupport() + +func detectAESSupport() bool { + // x86/x86_64: Check for AES-NI and PCLMULQDQ instructions + if runtime.GOARCH == "amd64" || runtime.GOARCH == "386" { + return cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ + } + // ARM64: Check for AES and PMULL crypto extensions + if runtime.GOARCH == "arm64" { + return cpu.ARM64.HasAES && cpu.ARM64.HasPMULL + } + // s390x: Has built-in hardware acceleration + if runtime.GOARCH == "s390x" { + return true + } + // For other architectures, default to ChaCha20-Poly1305 + return false +} const ( keySize = 32 @@ -83,9 +101,11 @@ var ( errPackageOutOfOrder = Error{"sio: sequence number mismatch"} // Version 2.0 specific - errNonceMismatch = Error{"sio: header nonce mismatch"} - errUnexpectedEOF = Error{"sio: unexpected EOF"} - errUnexpectedData = Error{"sio: unexpected data after final package"} + errNonceMismatch = Error{"sio: header nonce mismatch"} + errUnexpectedEOF = Error{"sio: unexpected EOF"} + errUnexpectedData = Error{"sio: unexpected data after final package"} + errSealAfterFinal = Error{"sio: cannot seal any package after final one"} + errWriteAfterClose = Error{"sio: write to stream after close"} ) // Error is the error returned by an io.Reader or io.Writer @@ -179,9 +199,13 @@ func DecryptedSize(size uint64) (uint64, error) { func Encrypt(dst io.Writer, src io.Reader, config Config) (n int64, err error) { encReader, err := EncryptReader(src, config) if err != nil { - return 0, err + return 0, fmt.Errorf("sio: failed to create encryption reader: %w", err) } - return io.CopyBuffer(dst, encReader, make([]byte, headerSize+maxPayloadSize+tagSize)) + n, err = io.CopyBuffer(dst, encReader, make([]byte, headerSize+maxPayloadSize+tagSize)) + if err != nil { + return n, fmt.Errorf("sio: encryption failed: %w", err) + } + return n, nil } // Decrypt reads from src until it encounters an io.EOF and decrypts all received @@ -194,9 +218,13 @@ func Encrypt(dst io.Writer, src io.Reader, config Config) (n int64, err error) { func Decrypt(dst io.Writer, src io.Reader, config Config) (n int64, err error) { decReader, err := DecryptReader(src, config) if err != nil { - return 0, err + return 0, fmt.Errorf("sio: failed to create decryption reader: %w", err) + } + n, err = io.CopyBuffer(dst, decReader, make([]byte, maxPayloadSize)) + if err != nil { + return n, fmt.Errorf("sio: decryption failed: %w", err) } - return io.CopyBuffer(dst, decReader, make([]byte, maxPayloadSize)) + return n, nil } // DecryptBuffer decrypts all received data in src. diff --git a/vendor/github.com/minio/sio/writer-v1.go b/vendor/github.com/minio/sio/writer-v1.go index 7488633..2997f4f 100644 --- a/vendor/github.com/minio/sio/writer-v1.go +++ b/vendor/github.com/minio/sio/writer-v1.go @@ -49,12 +49,15 @@ func decryptWriterV10(dst io.Writer, config *Config) (*decWriterV10, error) { } func (w *decWriterV10) Write(p []byte) (n int, err error) { + if w.closeErr != nil { + return 0, w.closeErr + } if w.offset > 0 && w.offset < headerSize { // buffer the header -> special code b/c we don't know when to decrypt without header remaining := headerSize - w.offset if len(p) < remaining { n = copy(w.buffer[w.offset:], p) w.offset += n - return + return n, err } n = copy(w.buffer[w.offset:], p[:remaining]) p = p[remaining:] @@ -113,7 +116,7 @@ func (w *decWriterV10) Close() (err error) { if w.closeErr != nil { if dst, ok := w.dst.(io.Closer); ok { - dst.Close() + _ = dst.Close() } return w.closeErr } @@ -178,12 +181,15 @@ func encryptWriterV10(dst io.Writer, config *Config) (*encWriterV10, error) { } func (w *encWriterV10) Write(p []byte) (n int, err error) { + if w.closeErr != nil { + return 0, w.closeErr + } if w.offset > 0 { // buffer the plaintext remaining := w.payloadSize - w.offset if len(p) < remaining { n = copy(w.buffer[headerSize+w.offset:], p) w.offset += n - return + return n, err } n = copy(w.buffer[headerSize+w.offset:], p[:remaining]) w.Seal(w.buffer, w.buffer[headerSize:headerSize+w.payloadSize]) @@ -209,7 +215,7 @@ func (w *encWriterV10) Write(p []byte) (n int, err error) { w.offset = copy(w.buffer[headerSize:], p) n += w.offset } - return + return n, err } func (w *encWriterV10) Close() (err error) { @@ -217,7 +223,7 @@ func (w *encWriterV10) Close() (err error) { if w.closeErr != nil { if dst, ok := w.dst.(io.Closer); ok { - dst.Close() + _ = dst.Close() } return w.closeErr } diff --git a/vendor/github.com/minio/sio/writer-v2.go b/vendor/github.com/minio/sio/writer-v2.go index 8f27a98..2b15e26 100644 --- a/vendor/github.com/minio/sio/writer-v2.go +++ b/vendor/github.com/minio/sio/writer-v2.go @@ -49,10 +49,13 @@ func encryptWriterV20(dst io.Writer, config *Config) (*encWriterV20, error) { } func (w *encWriterV20) Write(p []byte) (n int, err error) { + if w.closeErr != nil { + return 0, w.closeErr + } if w.finalized { // The caller closed the encWriterV20 instance (called encWriterV20.Close()). // This is a bug in the calling code - Write after Close is not allowed. - panic("sio: write to stream after close") + return 0, errWriteAfterClose } if w.offset > 0 { // buffer the plaintext data remaining := maxPayloadSize - w.offset @@ -61,7 +64,11 @@ func (w *encWriterV20) Write(p []byte) (n int, err error) { return len(p), nil } n = copy(w.buffer[headerSize+w.offset:], p[:remaining]) - w.Seal(w.buffer, w.buffer[headerSize:headerSize+maxPayloadSize]) + if err = w.Seal(w.buffer, w.buffer[headerSize:headerSize+maxPayloadSize]); err != nil { + w.recycle() + w.closeErr = err + return n, err + } if err = flush(w.dst, w.buffer); err != nil { // write to underlying io.Writer w.recycle() w.closeErr = err @@ -71,7 +78,11 @@ func (w *encWriterV20) Write(p []byte) (n int, err error) { w.offset = 0 } for len(p) > maxPayloadSize { // > is important here to call Seal (not SealFinal) only if there is at least on package left - see: Close() - w.Seal(w.buffer, p[:maxPayloadSize]) + if err = w.Seal(w.buffer, p[:maxPayloadSize]); err != nil { + w.recycle() + w.closeErr = err + return n, err + } if err = flush(w.dst, w.buffer); err != nil { // write to underlying io.Writer w.recycle() w.closeErr = err @@ -92,14 +103,17 @@ func (w *encWriterV20) Close() (err error) { if w.closeErr != nil { if closer, ok := w.dst.(io.Closer); ok { - closer.Close() + _ = closer.Close() } return w.closeErr } if w.offset > 0 { // true if at least one Write call happened - w.SealFinal(w.buffer, w.buffer[headerSize:headerSize+w.offset]) - w.closeErr = flush(w.dst, w.buffer[:headerSize+w.offset+tagSize]) // write to underlying io.Writer + if err := w.SealFinal(w.buffer, w.buffer[headerSize:headerSize+w.offset]); err != nil { + w.closeErr = err + } else { + w.closeErr = flush(w.dst, w.buffer[:headerSize+w.offset+tagSize]) // write to underlying io.Writer + } w.offset = 0 } if closer, ok := w.dst.(io.Closer); ok { @@ -140,6 +154,9 @@ func decryptWriterV20(dst io.Writer, config *Config) (*decWriterV20, error) { } func (w *decWriterV20) Write(p []byte) (n int, err error) { + if w.closeErr != nil { + return 0, w.closeErr + } if w.offset > 0 { // buffer package remaining := headerSize + maxPayloadSize + tagSize - w.offset if len(p) < remaining { @@ -193,7 +210,7 @@ func (w *decWriterV20) Close() (err error) { if w.closeErr != nil { if closer, ok := w.dst.(io.Closer); ok { - closer.Close() + _ = closer.Close() } return w.closeErr } diff --git a/vendor/github.com/stretchr/objx/README.md b/vendor/github.com/stretchr/objx/README.md index 78dc1f8..e9ba830 100644 --- a/vendor/github.com/stretchr/objx/README.md +++ b/vendor/github.com/stretchr/objx/README.md @@ -1,8 +1,6 @@ # Objx [![Build Status](https://travis-ci.org/stretchr/objx.svg?branch=master)](https://travis-ci.org/stretchr/objx) [![Go Report Card](https://goreportcard.com/badge/github.com/stretchr/objx)](https://goreportcard.com/report/github.com/stretchr/objx) -[![Maintainability](https://api.codeclimate.com/v1/badges/1d64bc6c8474c2074f2b/maintainability)](https://codeclimate.com/github/stretchr/objx/maintainability) -[![Test Coverage](https://api.codeclimate.com/v1/badges/1d64bc6c8474c2074f2b/test_coverage)](https://codeclimate.com/github/stretchr/objx/test_coverage) [![Sourcegraph](https://sourcegraph.com/github.com/stretchr/objx/-/badge.svg)](https://sourcegraph.com/github.com/stretchr/objx) [![GoDoc](https://pkg.go.dev/badge/github.com/stretchr/objx?utm_source=godoc)](https://pkg.go.dev/github.com/stretchr/objx) @@ -19,49 +17,62 @@ Objx provides the `objx.Map` type, which is a `map[string]interface{}` that expo ### Pattern Objx uses a predictable pattern to make access data from within `map[string]interface{}` easy. Call one of the `objx.` functions to create your `objx.Map` to get going: - m, err := objx.FromJSON(json) +```go +m, err := objx.FromJSON(json) +``` NOTE: Any methods or functions with the `Must` prefix will panic if something goes wrong, the rest will be optimistic and try to figure things out without panicking. Use `Get` to access the value you're interested in. You can use dot and array notation too: - m.Get("places[0].latlng") +```go +m.Get("places[0].latlng") +``` Once you have sought the `Value` you're interested in, you can use the `Is*` methods to determine its type. - if m.Get("code").IsStr() { // Your code... } +```go +if m.Get("code").IsStr() { // Your code... } +``` Or you can just assume the type, and use one of the strong type methods to extract the real value: - m.Get("code").Int() +```go +m.Get("code").Int() +``` If there's no value there (or if it's the wrong type) then a default value will be returned, or you can be explicit about the default value. - Get("code").Int(-1) - +```go +Get("code").Int(-1) +``` If you're dealing with a slice of data as a value, Objx provides many useful methods for iterating, manipulating and selecting that data. You can find out more by exploring the index below. ### Reading data A simple example of how to use Objx: - // Use MustFromJSON to make an objx.Map from some JSON - m := objx.MustFromJSON(`{"name": "Mat", "age": 30}`) +```go +// Use MustFromJSON to make an objx.Map from some JSON +m := objx.MustFromJSON(`{"name": "Mat", "age": 30}`) - // Get the details - name := m.Get("name").Str() - age := m.Get("age").Int() +// Get the details +name := m.Get("name").Str() +age := m.Get("age").Int() - // Get their nickname (or use their name if they don't have one) - nickname := m.Get("nickname").Str(name) +// Get their nickname (or use their name if they don't have one) +nickname := m.Get("nickname").Str(name) +``` ### Ranging Since `objx.Map` is a `map[string]interface{}` you can treat it as such. For example, to `range` the data, do what you would expect: - m := objx.MustFromJSON(json) - for key, value := range m { - // Your code... - } +```go +m := objx.MustFromJSON(json) +for key, value := range m { + // Your code... +} +``` ## Installation To install Objx, use go get: diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s index 7dd2638..769af38 100644 --- a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s +++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s @@ -29,7 +29,7 @@ loop: MOVD $NUM_ROUNDS, R21 VLD1 (R11), [V30.S4, V31.S4] - // load contants + // load constants // VLD4R (R10), [V0.S4, V1.S4, V2.S4, V3.S4] WORD $0x4D60E940 diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go index 8cf5d81..9567955 100644 --- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go +++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go @@ -38,6 +38,9 @@ type chacha20poly1305 struct { // New returns a ChaCha20-Poly1305 AEAD that uses the given 256-bit key. func New(key []byte) (cipher.AEAD, error) { + if fips140Enforced() { + return nil, errors.New("chacha20poly1305: use of ChaCha20Poly1305 is not allowed in FIPS 140-only mode") + } if len(key) != KeySize { return nil, errors.New("chacha20poly1305: bad key length") } diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go index 50695a1..b850e77 100644 --- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go +++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go @@ -56,7 +56,10 @@ func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) [] ret, out := sliceForAppend(dst, len(plaintext)+16) if alias.InexactOverlap(out, plaintext) { - panic("chacha20poly1305: invalid buffer overlap") + panic("chacha20poly1305: invalid buffer overlap of output and input") + } + if alias.AnyOverlap(out, additionalData) { + panic("chacha20poly1305: invalid buffer overlap of output and additional data") } chacha20Poly1305Seal(out[:], state[:], plaintext, additionalData) return ret @@ -73,7 +76,10 @@ func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ( ciphertext = ciphertext[:len(ciphertext)-16] ret, out := sliceForAppend(dst, len(ciphertext)) if alias.InexactOverlap(out, ciphertext) { - panic("chacha20poly1305: invalid buffer overlap") + panic("chacha20poly1305: invalid buffer overlap of output and input") + } + if alias.AnyOverlap(out, additionalData) { + panic("chacha20poly1305: invalid buffer overlap of output and additional data") } if !chacha20Poly1305Open(out, state[:], ciphertext, additionalData) { for i := range out { diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go index 6313898..2ecc840 100644 --- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go +++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go @@ -31,7 +31,10 @@ func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []b ret, out := sliceForAppend(dst, len(plaintext)+poly1305.TagSize) ciphertext, tag := out[:len(plaintext)], out[len(plaintext):] if alias.InexactOverlap(out, plaintext) { - panic("chacha20poly1305: invalid buffer overlap") + panic("chacha20poly1305: invalid buffer overlap of output and input") + } + if alias.AnyOverlap(out, additionalData) { + panic("chacha20poly1305: invalid buffer overlap of output and additional data") } var polyKey [32]byte @@ -67,7 +70,10 @@ func (c *chacha20poly1305) openGeneric(dst, nonce, ciphertext, additionalData [] ret, out := sliceForAppend(dst, len(ciphertext)) if alias.InexactOverlap(out, ciphertext) { - panic("chacha20poly1305: invalid buffer overlap") + panic("chacha20poly1305: invalid buffer overlap of output and input") + } + if alias.AnyOverlap(out, additionalData) { + panic("chacha20poly1305: invalid buffer overlap of output and additional data") } if !p.Verify(tag) { for i := range out { diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/fips140only_compat.go b/vendor/golang.org/x/crypto/chacha20poly1305/fips140only_compat.go new file mode 100644 index 0000000..9b9d564 --- /dev/null +++ b/vendor/golang.org/x/crypto/chacha20poly1305/fips140only_compat.go @@ -0,0 +1,9 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !go1.26 + +package chacha20poly1305 + +func fips140Enforced() bool { return false } diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/fips140only_go1.26.go b/vendor/golang.org/x/crypto/chacha20poly1305/fips140only_go1.26.go new file mode 100644 index 0000000..f71089c --- /dev/null +++ b/vendor/golang.org/x/crypto/chacha20poly1305/fips140only_go1.26.go @@ -0,0 +1,11 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build go1.26 + +package chacha20poly1305 + +import "crypto/fips140" + +func fips140Enforced() bool { return fips140.Enforced() } diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go index 1cebfe9..b4299b7 100644 --- a/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go +++ b/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go @@ -22,6 +22,9 @@ type xchacha20poly1305 struct { // preferred when nonce uniqueness cannot be trivially ensured, or whenever // nonces are randomly generated. func NewX(key []byte) (cipher.AEAD, error) { + if fips140Enforced() { + return nil, errors.New("chacha20poly1305: use of ChaCha20Poly1305 is not allowed in FIPS 140-only mode") + } if len(key) != KeySize { return nil, errors.New("chacha20poly1305: bad key length") } diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s index 22cc998..3b0450a 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_arm64.s +++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s @@ -9,31 +9,27 @@ // func getisar0() uint64 TEXT ·getisar0(SB),NOSPLIT,$0-8 // get Instruction Set Attributes 0 into x0 - // mrs x0, ID_AA64ISAR0_EL1 = d5380600 - WORD $0xd5380600 + MRS ID_AA64ISAR0_EL1, R0 MOVD R0, ret+0(FP) RET // func getisar1() uint64 TEXT ·getisar1(SB),NOSPLIT,$0-8 // get Instruction Set Attributes 1 into x0 - // mrs x0, ID_AA64ISAR1_EL1 = d5380620 - WORD $0xd5380620 + MRS ID_AA64ISAR1_EL1, R0 MOVD R0, ret+0(FP) RET // func getpfr0() uint64 TEXT ·getpfr0(SB),NOSPLIT,$0-8 // get Processor Feature Register 0 into x0 - // mrs x0, ID_AA64PFR0_EL1 = d5380400 - WORD $0xd5380400 + MRS ID_AA64PFR0_EL1, R0 MOVD R0, ret+0(FP) RET // func getzfr0() uint64 TEXT ·getzfr0(SB),NOSPLIT,$0-8 // get SVE Feature Register 0 into x0 - // mrs x0, ID_AA64ZFR0_EL1 = d5380480 - WORD $0xd5380480 + MRS ID_AA64ZFR0_EL1, R0 MOVD R0, ret+0(FP) RET diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go index 1e642f3..f5723d4 100644 --- a/vendor/golang.org/x/sys/cpu/cpu_x86.go +++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go @@ -64,6 +64,80 @@ func initOptions() { func archInit() { + // From internal/cpu + const ( + // eax bits + cpuid_AVXVNNI = 1 << 4 + + // ecx bits + cpuid_SSE3 = 1 << 0 + cpuid_PCLMULQDQ = 1 << 1 + cpuid_AVX512VBMI = 1 << 1 + cpuid_AVX512VBMI2 = 1 << 6 + cpuid_SSSE3 = 1 << 9 + cpuid_AVX512GFNI = 1 << 8 + cpuid_AVX512VAES = 1 << 9 + cpuid_AVX512VNNI = 1 << 11 + cpuid_AVX512BITALG = 1 << 12 + cpuid_FMA = 1 << 12 + cpuid_AVX512VPOPCNTDQ = 1 << 14 + cpuid_SSE41 = 1 << 19 + cpuid_SSE42 = 1 << 20 + cpuid_POPCNT = 1 << 23 + cpuid_AES = 1 << 25 + cpuid_OSXSAVE = 1 << 27 + cpuid_AVX = 1 << 28 + + // "Extended Feature Flag" bits returned in EBX for CPUID EAX=0x7 ECX=0x0 + cpuid_BMI1 = 1 << 3 + cpuid_AVX2 = 1 << 5 + cpuid_BMI2 = 1 << 8 + cpuid_ERMS = 1 << 9 + cpuid_AVX512F = 1 << 16 + cpuid_AVX512DQ = 1 << 17 + cpuid_ADX = 1 << 19 + cpuid_AVX512CD = 1 << 28 + cpuid_SHA = 1 << 29 + cpuid_AVX512BW = 1 << 30 + cpuid_AVX512VL = 1 << 31 + + // "Extended Feature Flag" bits returned in ECX for CPUID EAX=0x7 ECX=0x0 + cpuid_AVX512_VBMI = 1 << 1 + cpuid_AVX512_VBMI2 = 1 << 6 + cpuid_GFNI = 1 << 8 + cpuid_AVX512VPCLMULQDQ = 1 << 10 + cpuid_AVX512_BITALG = 1 << 12 + + // edx bits + cpuid_FSRM = 1 << 4 + // edx bits for CPUID 0x80000001 + cpuid_RDTSCP = 1 << 27 + ) + // Additional constants not in internal/cpu + const ( + // eax=1: edx + cpuid_SSE2 = 1 << 26 + // eax=1: ecx + cpuid_CX16 = 1 << 13 + cpuid_RDRAND = 1 << 30 + // eax=7,ecx=0: ebx + cpuid_RDSEED = 1 << 18 + cpuid_AVX512IFMA = 1 << 21 + cpuid_AVX512PF = 1 << 26 + cpuid_AVX512ER = 1 << 27 + // eax=7,ecx=0: edx + cpuid_AVX5124VNNIW = 1 << 2 + cpuid_AVX5124FMAPS = 1 << 3 + cpuid_AMXBF16 = 1 << 22 + cpuid_AMXTile = 1 << 24 + cpuid_AMXInt8 = 1 << 25 + // eax=7,ecx=1: eax + cpuid_AVX512BF16 = 1 << 5 + cpuid_AVXIFMA = 1 << 23 + // eax=7,ecx=1: edx + cpuid_AVXVNNIInt8 = 1 << 4 + ) + Initialized = true maxID, _, _, _ := cpuid(0, 0) @@ -73,90 +147,90 @@ func archInit() { } _, _, ecx1, edx1 := cpuid(1, 0) - X86.HasSSE2 = isSet(26, edx1) - - X86.HasSSE3 = isSet(0, ecx1) - X86.HasPCLMULQDQ = isSet(1, ecx1) - X86.HasSSSE3 = isSet(9, ecx1) - X86.HasFMA = isSet(12, ecx1) - X86.HasCX16 = isSet(13, ecx1) - X86.HasSSE41 = isSet(19, ecx1) - X86.HasSSE42 = isSet(20, ecx1) - X86.HasPOPCNT = isSet(23, ecx1) - X86.HasAES = isSet(25, ecx1) - X86.HasOSXSAVE = isSet(27, ecx1) - X86.HasRDRAND = isSet(30, ecx1) + X86.HasSSE2 = isSet(edx1, cpuid_SSE2) + + X86.HasSSE3 = isSet(ecx1, cpuid_SSE3) + X86.HasPCLMULQDQ = isSet(ecx1, cpuid_PCLMULQDQ) + X86.HasSSSE3 = isSet(ecx1, cpuid_SSSE3) + X86.HasFMA = isSet(ecx1, cpuid_FMA) + X86.HasCX16 = isSet(ecx1, cpuid_CX16) + X86.HasSSE41 = isSet(ecx1, cpuid_SSE41) + X86.HasSSE42 = isSet(ecx1, cpuid_SSE42) + X86.HasPOPCNT = isSet(ecx1, cpuid_POPCNT) + X86.HasAES = isSet(ecx1, cpuid_AES) + X86.HasOSXSAVE = isSet(ecx1, cpuid_OSXSAVE) + X86.HasRDRAND = isSet(ecx1, cpuid_RDRAND) var osSupportsAVX, osSupportsAVX512 bool // For XGETBV, OSXSAVE bit is required and sufficient. if X86.HasOSXSAVE { eax, _ := xgetbv() // Check if XMM and YMM registers have OS support. - osSupportsAVX = isSet(1, eax) && isSet(2, eax) + osSupportsAVX = isSet(eax, 1<<1) && isSet(eax, 1<<2) if runtime.GOOS == "darwin" { // Darwin requires special AVX512 checks, see cpu_darwin_x86.go osSupportsAVX512 = osSupportsAVX && darwinSupportsAVX512() } else { // Check if OPMASK and ZMM registers have OS support. - osSupportsAVX512 = osSupportsAVX && isSet(5, eax) && isSet(6, eax) && isSet(7, eax) + osSupportsAVX512 = osSupportsAVX && isSet(eax, 1<<5) && isSet(eax, 1<<6) && isSet(eax, 1<<7) } } - X86.HasAVX = isSet(28, ecx1) && osSupportsAVX + X86.HasAVX = isSet(ecx1, cpuid_AVX) && osSupportsAVX if maxID < 7 { return } eax7, ebx7, ecx7, edx7 := cpuid(7, 0) - X86.HasBMI1 = isSet(3, ebx7) - X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX - X86.HasBMI2 = isSet(8, ebx7) - X86.HasERMS = isSet(9, ebx7) - X86.HasRDSEED = isSet(18, ebx7) - X86.HasADX = isSet(19, ebx7) - - X86.HasAVX512 = isSet(16, ebx7) && osSupportsAVX512 // Because avx-512 foundation is the core required extension + X86.HasBMI1 = isSet(ebx7, cpuid_BMI1) + X86.HasAVX2 = isSet(ebx7, cpuid_AVX2) && osSupportsAVX + X86.HasBMI2 = isSet(ebx7, cpuid_BMI2) + X86.HasERMS = isSet(ebx7, cpuid_ERMS) + X86.HasRDSEED = isSet(ebx7, cpuid_RDSEED) + X86.HasADX = isSet(ebx7, cpuid_ADX) + + X86.HasAVX512 = isSet(ebx7, cpuid_AVX512F) && osSupportsAVX512 // Because avx-512 foundation is the core required extension if X86.HasAVX512 { X86.HasAVX512F = true - X86.HasAVX512CD = isSet(28, ebx7) - X86.HasAVX512ER = isSet(27, ebx7) - X86.HasAVX512PF = isSet(26, ebx7) - X86.HasAVX512VL = isSet(31, ebx7) - X86.HasAVX512BW = isSet(30, ebx7) - X86.HasAVX512DQ = isSet(17, ebx7) - X86.HasAVX512IFMA = isSet(21, ebx7) - X86.HasAVX512VBMI = isSet(1, ecx7) - X86.HasAVX5124VNNIW = isSet(2, edx7) - X86.HasAVX5124FMAPS = isSet(3, edx7) - X86.HasAVX512VPOPCNTDQ = isSet(14, ecx7) - X86.HasAVX512VPCLMULQDQ = isSet(10, ecx7) - X86.HasAVX512VNNI = isSet(11, ecx7) - X86.HasAVX512GFNI = isSet(8, ecx7) - X86.HasAVX512VAES = isSet(9, ecx7) - X86.HasAVX512VBMI2 = isSet(6, ecx7) - X86.HasAVX512BITALG = isSet(12, ecx7) + X86.HasAVX512CD = isSet(ebx7, cpuid_AVX512CD) + X86.HasAVX512ER = isSet(ebx7, cpuid_AVX512ER) + X86.HasAVX512PF = isSet(ebx7, cpuid_AVX512PF) + X86.HasAVX512VL = isSet(ebx7, cpuid_AVX512VL) + X86.HasAVX512BW = isSet(ebx7, cpuid_AVX512BW) + X86.HasAVX512DQ = isSet(ebx7, cpuid_AVX512DQ) + X86.HasAVX512IFMA = isSet(ebx7, cpuid_AVX512IFMA) + X86.HasAVX512VBMI = isSet(ecx7, cpuid_AVX512_VBMI) + X86.HasAVX5124VNNIW = isSet(edx7, cpuid_AVX5124VNNIW) + X86.HasAVX5124FMAPS = isSet(edx7, cpuid_AVX5124FMAPS) + X86.HasAVX512VPOPCNTDQ = isSet(ecx7, cpuid_AVX512VPOPCNTDQ) + X86.HasAVX512VPCLMULQDQ = isSet(ecx7, cpuid_AVX512VPCLMULQDQ) + X86.HasAVX512VNNI = isSet(ecx7, cpuid_AVX512VNNI) + X86.HasAVX512GFNI = isSet(ecx7, cpuid_AVX512GFNI) + X86.HasAVX512VAES = isSet(ecx7, cpuid_AVX512VAES) + X86.HasAVX512VBMI2 = isSet(ecx7, cpuid_AVX512VBMI2) + X86.HasAVX512BITALG = isSet(ecx7, cpuid_AVX512BITALG) } - X86.HasAMXTile = isSet(24, edx7) - X86.HasAMXInt8 = isSet(25, edx7) - X86.HasAMXBF16 = isSet(22, edx7) + X86.HasAMXTile = isSet(edx7, cpuid_AMXTile) + X86.HasAMXInt8 = isSet(edx7, cpuid_AMXInt8) + X86.HasAMXBF16 = isSet(edx7, cpuid_AMXBF16) // These features depend on the second level of extended features. if eax7 >= 1 { eax71, _, _, edx71 := cpuid(7, 1) if X86.HasAVX512 { - X86.HasAVX512BF16 = isSet(5, eax71) + X86.HasAVX512BF16 = isSet(eax71, cpuid_AVX512BF16) } if X86.HasAVX { - X86.HasAVXIFMA = isSet(23, eax71) - X86.HasAVXVNNI = isSet(4, eax71) - X86.HasAVXVNNIInt8 = isSet(4, edx71) + X86.HasAVXIFMA = isSet(eax71, cpuid_AVXIFMA) + X86.HasAVXVNNI = isSet(eax71, cpuid_AVXVNNI) + X86.HasAVXVNNIInt8 = isSet(edx71, cpuid_AVXVNNIInt8) } } } -func isSet(bitpos uint, value uint32) bool { - return value&(1< #include #include +#include #include #include #include @@ -255,6 +256,7 @@ struct ltchars { #include #include #include +#include #include #include #include @@ -529,6 +531,7 @@ ccflags="$@" $2 ~ /^O[CNPFPL][A-Z]+[^_][A-Z]+$/ || $2 ~ /^(NL|CR|TAB|BS|VT|FF)DLY$/ || $2 ~ /^(NL|CR|TAB|BS|VT|FF)[0-9]$/ || + $2 ~ /^(DT|EI|ELF|EV|NN|NT|PF|SHF|SHN|SHT|STB|STT|VER)_/ || $2 ~ /^O?XTABS$/ || $2 ~ /^TC[IO](ON|OFF)$/ || $2 ~ /^IN_/ || @@ -611,7 +614,7 @@ ccflags="$@" $2 !~ /IOC_MAGIC/ && $2 ~ /^[A-Z][A-Z0-9_]+_MAGIC2?$/ || $2 ~ /^(VM|VMADDR)_/ || - $2 ~ /^IOCTL_VM_SOCKETS_/ || + $2 ~ /^(IOCTL_VM_SOCKETS_|IOCTL_MEI_)/ || $2 ~ /^(TASKSTATS|TS)_/ || $2 ~ /^CGROUPSTATS_/ || $2 ~ /^GENL_/ || diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 4958a65..06c0eea 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -801,9 +801,7 @@ func (sa *SockaddrPPPoE) sockaddr() (unsafe.Pointer, _Socklen, error) { // one. The kernel expects SID to be in network byte order. binary.BigEndian.PutUint16(sa.raw[6:8], sa.SID) copy(sa.raw[8:14], sa.Remote) - for i := 14; i < 14+IFNAMSIZ; i++ { - sa.raw[i] = 0 - } + clear(sa.raw[14 : 14+IFNAMSIZ]) copy(sa.raw[14:], sa.Dev) return unsafe.Pointer(&sa.raw), SizeofSockaddrPPPoX, nil } @@ -2645,3 +2643,9 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) { //sys Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) //sys Mseal(b []byte, flags uint) (err error) + +//sys setMemPolicy(mode int, mask *CPUSet, size int) (err error) = SYS_SET_MEMPOLICY + +func SetMemPolicy(mode int, mask *CPUSet) error { + return setMemPolicy(mode, mask, _CPU_SETSIZE) +} diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd.go b/vendor/golang.org/x/sys/unix/syscall_netbsd.go index 8816209..34a4676 100644 --- a/vendor/golang.org/x/sys/unix/syscall_netbsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_netbsd.go @@ -248,6 +248,23 @@ func Statvfs(path string, buf *Statvfs_t) (err error) { return Statvfs1(path, buf, ST_WAIT) } +func Getvfsstat(buf []Statvfs_t, flags int) (n int, err error) { + var ( + _p0 unsafe.Pointer + bufsize uintptr + ) + if len(buf) > 0 { + _p0 = unsafe.Pointer(&buf[0]) + bufsize = unsafe.Sizeof(Statvfs_t{}) * uintptr(len(buf)) + } + r0, _, e1 := Syscall(SYS_GETVFSSTAT, uintptr(_p0), bufsize, uintptr(flags)) + n = int(r0) + if e1 != 0 { + err = e1 + } + return +} + /* * Exposed directly */ diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index b6db27d..120a7b3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -853,20 +853,86 @@ const ( DM_VERSION_MAJOR = 0x4 DM_VERSION_MINOR = 0x32 DM_VERSION_PATCHLEVEL = 0x0 + DT_ADDRRNGHI = 0x6ffffeff + DT_ADDRRNGLO = 0x6ffffe00 DT_BLK = 0x6 DT_CHR = 0x2 + DT_DEBUG = 0x15 DT_DIR = 0x4 + DT_ENCODING = 0x20 DT_FIFO = 0x1 + DT_FINI = 0xd + DT_FLAGS_1 = 0x6ffffffb + DT_GNU_HASH = 0x6ffffef5 + DT_HASH = 0x4 + DT_HIOS = 0x6ffff000 + DT_HIPROC = 0x7fffffff + DT_INIT = 0xc + DT_JMPREL = 0x17 DT_LNK = 0xa + DT_LOOS = 0x6000000d + DT_LOPROC = 0x70000000 + DT_NEEDED = 0x1 + DT_NULL = 0x0 + DT_PLTGOT = 0x3 + DT_PLTREL = 0x14 + DT_PLTRELSZ = 0x2 DT_REG = 0x8 + DT_REL = 0x11 + DT_RELA = 0x7 + DT_RELACOUNT = 0x6ffffff9 + DT_RELAENT = 0x9 + DT_RELASZ = 0x8 + DT_RELCOUNT = 0x6ffffffa + DT_RELENT = 0x13 + DT_RELSZ = 0x12 + DT_RPATH = 0xf DT_SOCK = 0xc + DT_SONAME = 0xe + DT_STRSZ = 0xa + DT_STRTAB = 0x5 + DT_SYMBOLIC = 0x10 + DT_SYMENT = 0xb + DT_SYMTAB = 0x6 + DT_TEXTREL = 0x16 DT_UNKNOWN = 0x0 + DT_VALRNGHI = 0x6ffffdff + DT_VALRNGLO = 0x6ffffd00 + DT_VERDEF = 0x6ffffffc + DT_VERDEFNUM = 0x6ffffffd + DT_VERNEED = 0x6ffffffe + DT_VERNEEDNUM = 0x6fffffff + DT_VERSYM = 0x6ffffff0 DT_WHT = 0xe ECHO = 0x8 ECRYPTFS_SUPER_MAGIC = 0xf15f EFD_SEMAPHORE = 0x1 EFIVARFS_MAGIC = 0xde5e81e4 EFS_SUPER_MAGIC = 0x414a53 + EI_CLASS = 0x4 + EI_DATA = 0x5 + EI_MAG0 = 0x0 + EI_MAG1 = 0x1 + EI_MAG2 = 0x2 + EI_MAG3 = 0x3 + EI_NIDENT = 0x10 + EI_OSABI = 0x7 + EI_PAD = 0x8 + EI_VERSION = 0x6 + ELFCLASS32 = 0x1 + ELFCLASS64 = 0x2 + ELFCLASSNONE = 0x0 + ELFCLASSNUM = 0x3 + ELFDATA2LSB = 0x1 + ELFDATA2MSB = 0x2 + ELFDATANONE = 0x0 + ELFMAG = "\177ELF" + ELFMAG0 = 0x7f + ELFMAG1 = 'E' + ELFMAG2 = 'L' + ELFMAG3 = 'F' + ELFOSABI_LINUX = 0x3 + ELFOSABI_NONE = 0x0 EM_386 = 0x3 EM_486 = 0x6 EM_68K = 0x4 @@ -1152,14 +1218,24 @@ const ( ETH_P_WCCP = 0x883e ETH_P_X25 = 0x805 ETH_P_XDSA = 0xf8 + ET_CORE = 0x4 + ET_DYN = 0x3 + ET_EXEC = 0x2 + ET_HIPROC = 0xffff + ET_LOPROC = 0xff00 + ET_NONE = 0x0 + ET_REL = 0x1 EV_ABS = 0x3 EV_CNT = 0x20 + EV_CURRENT = 0x1 EV_FF = 0x15 EV_FF_STATUS = 0x17 EV_KEY = 0x1 EV_LED = 0x11 EV_MAX = 0x1f EV_MSC = 0x4 + EV_NONE = 0x0 + EV_NUM = 0x2 EV_PWR = 0x16 EV_REL = 0x2 EV_REP = 0x14 @@ -1539,6 +1615,8 @@ const ( IN_OPEN = 0x20 IN_Q_OVERFLOW = 0x4000 IN_UNMOUNT = 0x2000 + IOCTL_MEI_CONNECT_CLIENT = 0xc0104801 + IOCTL_MEI_CONNECT_CLIENT_VTAG = 0xc0144804 IPPROTO_AH = 0x33 IPPROTO_BEETPH = 0x5e IPPROTO_COMP = 0x6c @@ -2276,7 +2354,167 @@ const ( NLM_F_REPLACE = 0x100 NLM_F_REQUEST = 0x1 NLM_F_ROOT = 0x100 + NN_386_IOPERM = "LINUX" + NN_386_TLS = "LINUX" + NN_ARC_V2 = "LINUX" + NN_ARM_FPMR = "LINUX" + NN_ARM_GCS = "LINUX" + NN_ARM_HW_BREAK = "LINUX" + NN_ARM_HW_WATCH = "LINUX" + NN_ARM_PACA_KEYS = "LINUX" + NN_ARM_PACG_KEYS = "LINUX" + NN_ARM_PAC_ENABLED_KEYS = "LINUX" + NN_ARM_PAC_MASK = "LINUX" + NN_ARM_POE = "LINUX" + NN_ARM_SSVE = "LINUX" + NN_ARM_SVE = "LINUX" + NN_ARM_SYSTEM_CALL = "LINUX" + NN_ARM_TAGGED_ADDR_CTRL = "LINUX" + NN_ARM_TLS = "LINUX" + NN_ARM_VFP = "LINUX" + NN_ARM_ZA = "LINUX" + NN_ARM_ZT = "LINUX" + NN_AUXV = "CORE" + NN_FILE = "CORE" + NN_GNU_PROPERTY_TYPE_0 = "GNU" + NN_LOONGARCH_CPUCFG = "LINUX" + NN_LOONGARCH_CSR = "LINUX" + NN_LOONGARCH_HW_BREAK = "LINUX" + NN_LOONGARCH_HW_WATCH = "LINUX" + NN_LOONGARCH_LASX = "LINUX" + NN_LOONGARCH_LBT = "LINUX" + NN_LOONGARCH_LSX = "LINUX" + NN_MIPS_DSP = "LINUX" + NN_MIPS_FP_MODE = "LINUX" + NN_MIPS_MSA = "LINUX" + NN_PPC_DEXCR = "LINUX" + NN_PPC_DSCR = "LINUX" + NN_PPC_EBB = "LINUX" + NN_PPC_HASHKEYR = "LINUX" + NN_PPC_PKEY = "LINUX" + NN_PPC_PMU = "LINUX" + NN_PPC_PPR = "LINUX" + NN_PPC_SPE = "LINUX" + NN_PPC_TAR = "LINUX" + NN_PPC_TM_CDSCR = "LINUX" + NN_PPC_TM_CFPR = "LINUX" + NN_PPC_TM_CGPR = "LINUX" + NN_PPC_TM_CPPR = "LINUX" + NN_PPC_TM_CTAR = "LINUX" + NN_PPC_TM_CVMX = "LINUX" + NN_PPC_TM_CVSX = "LINUX" + NN_PPC_TM_SPR = "LINUX" + NN_PPC_VMX = "LINUX" + NN_PPC_VSX = "LINUX" + NN_PRFPREG = "CORE" + NN_PRPSINFO = "CORE" + NN_PRSTATUS = "CORE" + NN_PRXFPREG = "LINUX" + NN_RISCV_CSR = "LINUX" + NN_RISCV_TAGGED_ADDR_CTRL = "LINUX" + NN_RISCV_VECTOR = "LINUX" + NN_S390_CTRS = "LINUX" + NN_S390_GS_BC = "LINUX" + NN_S390_GS_CB = "LINUX" + NN_S390_HIGH_GPRS = "LINUX" + NN_S390_LAST_BREAK = "LINUX" + NN_S390_PREFIX = "LINUX" + NN_S390_PV_CPU_DATA = "LINUX" + NN_S390_RI_CB = "LINUX" + NN_S390_SYSTEM_CALL = "LINUX" + NN_S390_TDB = "LINUX" + NN_S390_TIMER = "LINUX" + NN_S390_TODCMP = "LINUX" + NN_S390_TODPREG = "LINUX" + NN_S390_VXRS_HIGH = "LINUX" + NN_S390_VXRS_LOW = "LINUX" + NN_SIGINFO = "CORE" + NN_TASKSTRUCT = "CORE" + NN_VMCOREDD = "LINUX" + NN_X86_SHSTK = "LINUX" + NN_X86_XSAVE_LAYOUT = "LINUX" + NN_X86_XSTATE = "LINUX" NSFS_MAGIC = 0x6e736673 + NT_386_IOPERM = 0x201 + NT_386_TLS = 0x200 + NT_ARC_V2 = 0x600 + NT_ARM_FPMR = 0x40e + NT_ARM_GCS = 0x410 + NT_ARM_HW_BREAK = 0x402 + NT_ARM_HW_WATCH = 0x403 + NT_ARM_PACA_KEYS = 0x407 + NT_ARM_PACG_KEYS = 0x408 + NT_ARM_PAC_ENABLED_KEYS = 0x40a + NT_ARM_PAC_MASK = 0x406 + NT_ARM_POE = 0x40f + NT_ARM_SSVE = 0x40b + NT_ARM_SVE = 0x405 + NT_ARM_SYSTEM_CALL = 0x404 + NT_ARM_TAGGED_ADDR_CTRL = 0x409 + NT_ARM_TLS = 0x401 + NT_ARM_VFP = 0x400 + NT_ARM_ZA = 0x40c + NT_ARM_ZT = 0x40d + NT_AUXV = 0x6 + NT_FILE = 0x46494c45 + NT_GNU_PROPERTY_TYPE_0 = 0x5 + NT_LOONGARCH_CPUCFG = 0xa00 + NT_LOONGARCH_CSR = 0xa01 + NT_LOONGARCH_HW_BREAK = 0xa05 + NT_LOONGARCH_HW_WATCH = 0xa06 + NT_LOONGARCH_LASX = 0xa03 + NT_LOONGARCH_LBT = 0xa04 + NT_LOONGARCH_LSX = 0xa02 + NT_MIPS_DSP = 0x800 + NT_MIPS_FP_MODE = 0x801 + NT_MIPS_MSA = 0x802 + NT_PPC_DEXCR = 0x111 + NT_PPC_DSCR = 0x105 + NT_PPC_EBB = 0x106 + NT_PPC_HASHKEYR = 0x112 + NT_PPC_PKEY = 0x110 + NT_PPC_PMU = 0x107 + NT_PPC_PPR = 0x104 + NT_PPC_SPE = 0x101 + NT_PPC_TAR = 0x103 + NT_PPC_TM_CDSCR = 0x10f + NT_PPC_TM_CFPR = 0x109 + NT_PPC_TM_CGPR = 0x108 + NT_PPC_TM_CPPR = 0x10e + NT_PPC_TM_CTAR = 0x10d + NT_PPC_TM_CVMX = 0x10a + NT_PPC_TM_CVSX = 0x10b + NT_PPC_TM_SPR = 0x10c + NT_PPC_VMX = 0x100 + NT_PPC_VSX = 0x102 + NT_PRFPREG = 0x2 + NT_PRPSINFO = 0x3 + NT_PRSTATUS = 0x1 + NT_PRXFPREG = 0x46e62b7f + NT_RISCV_CSR = 0x900 + NT_RISCV_TAGGED_ADDR_CTRL = 0x902 + NT_RISCV_VECTOR = 0x901 + NT_S390_CTRS = 0x304 + NT_S390_GS_BC = 0x30c + NT_S390_GS_CB = 0x30b + NT_S390_HIGH_GPRS = 0x300 + NT_S390_LAST_BREAK = 0x306 + NT_S390_PREFIX = 0x305 + NT_S390_PV_CPU_DATA = 0x30e + NT_S390_RI_CB = 0x30d + NT_S390_SYSTEM_CALL = 0x307 + NT_S390_TDB = 0x308 + NT_S390_TIMER = 0x301 + NT_S390_TODCMP = 0x302 + NT_S390_TODPREG = 0x303 + NT_S390_VXRS_HIGH = 0x30a + NT_S390_VXRS_LOW = 0x309 + NT_SIGINFO = 0x53494749 + NT_TASKSTRUCT = 0x4 + NT_VMCOREDD = 0x700 + NT_X86_SHSTK = 0x204 + NT_X86_XSAVE_LAYOUT = 0x205 + NT_X86_XSTATE = 0x202 OCFS2_SUPER_MAGIC = 0x7461636f OCRNL = 0x8 OFDEL = 0x80 @@ -2463,6 +2701,59 @@ const ( PERF_RECORD_MISC_USER = 0x2 PERF_SAMPLE_BRANCH_PLM_ALL = 0x7 PERF_SAMPLE_WEIGHT_TYPE = 0x1004000 + PF_ALG = 0x26 + PF_APPLETALK = 0x5 + PF_ASH = 0x12 + PF_ATMPVC = 0x8 + PF_ATMSVC = 0x14 + PF_AX25 = 0x3 + PF_BLUETOOTH = 0x1f + PF_BRIDGE = 0x7 + PF_CAIF = 0x25 + PF_CAN = 0x1d + PF_DECnet = 0xc + PF_ECONET = 0x13 + PF_FILE = 0x1 + PF_IB = 0x1b + PF_IEEE802154 = 0x24 + PF_INET = 0x2 + PF_INET6 = 0xa + PF_IPX = 0x4 + PF_IRDA = 0x17 + PF_ISDN = 0x22 + PF_IUCV = 0x20 + PF_KCM = 0x29 + PF_KEY = 0xf + PF_LLC = 0x1a + PF_LOCAL = 0x1 + PF_MAX = 0x2e + PF_MCTP = 0x2d + PF_MPLS = 0x1c + PF_NETBEUI = 0xd + PF_NETLINK = 0x10 + PF_NETROM = 0x6 + PF_NFC = 0x27 + PF_PACKET = 0x11 + PF_PHONET = 0x23 + PF_PPPOX = 0x18 + PF_QIPCRTR = 0x2a + PF_R = 0x4 + PF_RDS = 0x15 + PF_ROSE = 0xb + PF_ROUTE = 0x10 + PF_RXRPC = 0x21 + PF_SECURITY = 0xe + PF_SMC = 0x2b + PF_SNA = 0x16 + PF_TIPC = 0x1e + PF_UNIX = 0x1 + PF_UNSPEC = 0x0 + PF_VSOCK = 0x28 + PF_W = 0x2 + PF_WANPIPE = 0x19 + PF_X = 0x1 + PF_X25 = 0x9 + PF_XDP = 0x2c PID_FS_MAGIC = 0x50494446 PIPEFS_MAGIC = 0x50495045 PPPIOCGNPMODE = 0xc008744c @@ -2758,6 +3049,23 @@ const ( PTRACE_SYSCALL_INFO_NONE = 0x0 PTRACE_SYSCALL_INFO_SECCOMP = 0x3 PTRACE_TRACEME = 0x0 + PT_AARCH64_MEMTAG_MTE = 0x70000002 + PT_DYNAMIC = 0x2 + PT_GNU_EH_FRAME = 0x6474e550 + PT_GNU_PROPERTY = 0x6474e553 + PT_GNU_RELRO = 0x6474e552 + PT_GNU_STACK = 0x6474e551 + PT_HIOS = 0x6fffffff + PT_HIPROC = 0x7fffffff + PT_INTERP = 0x3 + PT_LOAD = 0x1 + PT_LOOS = 0x60000000 + PT_LOPROC = 0x70000000 + PT_NOTE = 0x4 + PT_NULL = 0x0 + PT_PHDR = 0x6 + PT_SHLIB = 0x5 + PT_TLS = 0x7 P_ALL = 0x0 P_PGID = 0x2 P_PID = 0x1 @@ -3091,6 +3399,47 @@ const ( SEEK_MAX = 0x4 SEEK_SET = 0x0 SELINUX_MAGIC = 0xf97cff8c + SHF_ALLOC = 0x2 + SHF_EXCLUDE = 0x8000000 + SHF_EXECINSTR = 0x4 + SHF_GROUP = 0x200 + SHF_INFO_LINK = 0x40 + SHF_LINK_ORDER = 0x80 + SHF_MASKOS = 0xff00000 + SHF_MASKPROC = 0xf0000000 + SHF_MERGE = 0x10 + SHF_ORDERED = 0x4000000 + SHF_OS_NONCONFORMING = 0x100 + SHF_RELA_LIVEPATCH = 0x100000 + SHF_RO_AFTER_INIT = 0x200000 + SHF_STRINGS = 0x20 + SHF_TLS = 0x400 + SHF_WRITE = 0x1 + SHN_ABS = 0xfff1 + SHN_COMMON = 0xfff2 + SHN_HIPROC = 0xff1f + SHN_HIRESERVE = 0xffff + SHN_LIVEPATCH = 0xff20 + SHN_LOPROC = 0xff00 + SHN_LORESERVE = 0xff00 + SHN_UNDEF = 0x0 + SHT_DYNAMIC = 0x6 + SHT_DYNSYM = 0xb + SHT_HASH = 0x5 + SHT_HIPROC = 0x7fffffff + SHT_HIUSER = 0xffffffff + SHT_LOPROC = 0x70000000 + SHT_LOUSER = 0x80000000 + SHT_NOBITS = 0x8 + SHT_NOTE = 0x7 + SHT_NULL = 0x0 + SHT_NUM = 0xc + SHT_PROGBITS = 0x1 + SHT_REL = 0x9 + SHT_RELA = 0x4 + SHT_SHLIB = 0xa + SHT_STRTAB = 0x3 + SHT_SYMTAB = 0x2 SHUT_RD = 0x0 SHUT_RDWR = 0x2 SHUT_WR = 0x1 @@ -3317,6 +3666,16 @@ const ( STATX_UID = 0x8 STATX_WRITE_ATOMIC = 0x10000 STATX__RESERVED = 0x80000000 + STB_GLOBAL = 0x1 + STB_LOCAL = 0x0 + STB_WEAK = 0x2 + STT_COMMON = 0x5 + STT_FILE = 0x4 + STT_FUNC = 0x2 + STT_NOTYPE = 0x0 + STT_OBJECT = 0x1 + STT_SECTION = 0x3 + STT_TLS = 0x6 SYNC_FILE_RANGE_WAIT_AFTER = 0x4 SYNC_FILE_RANGE_WAIT_BEFORE = 0x1 SYNC_FILE_RANGE_WRITE = 0x2 @@ -3553,6 +3912,8 @@ const ( UTIME_OMIT = 0x3ffffffe V9FS_MAGIC = 0x1021997 VERASE = 0x2 + VER_FLG_BASE = 0x1 + VER_FLG_WEAK = 0x2 VINTR = 0x0 VKILL = 0x3 VLNEXT = 0xf diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 1c37f9f..97a61fc 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 6f54d34..a0d6d49 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 783ec5c..dd9c903 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index ca83d3b..384c61c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -120,6 +120,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 607e611..6384c98 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -116,6 +116,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index b9cb5bd..553c1c6 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 65b078a..b3339f2 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 5298a30..177091d 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 7bc557c..c5abf15 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x100 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x80 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 152399b..f1f3fad 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 1a1ce24..203ad9c 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 4231a1f..4b9abcb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x400 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 21c0e95..f879830 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xffffff0f IPV6_FLOWLABEL_MASK = 0xffff0f00 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index f00d1cd..64347eb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -115,6 +115,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x80000 IN_NONBLOCK = 0x800 + IOCTL_MEI_NOTIFY_GET = 0x80044803 + IOCTL_MEI_NOTIFY_SET = 0x40044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index bc8d539..7d71911 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -119,6 +119,8 @@ const ( IEXTEN = 0x8000 IN_CLOEXEC = 0x400000 IN_NONBLOCK = 0x4000 + IOCTL_MEI_NOTIFY_GET = 0x40044803 + IOCTL_MEI_NOTIFY_SET = 0x80044802 IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9 IPV6_FLOWINFO_MASK = 0xfffffff IPV6_FLOWLABEL_MASK = 0xfffff diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 5cc1e8e..8935d10 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -2238,3 +2238,13 @@ func Mseal(b []byte, flags uint) (err error) { } return } + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func setMemPolicy(mode int, mask *CPUSet, size int) (err error) { + _, _, e1 := Syscall(SYS_SET_MEMPOLICY, uintptr(mode), uintptr(unsafe.Pointer(mask)), uintptr(size)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index 944e75a..c1a4670 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -3590,6 +3590,8 @@ type Nhmsg struct { Flags uint32 } +const SizeofNhmsg = 0x8 + type NexthopGrp struct { Id uint32 Weight uint8 @@ -3597,6 +3599,8 @@ type NexthopGrp struct { Resvd2 uint16 } +const SizeofNexthopGrp = 0x8 + const ( NHA_UNSPEC = 0x0 NHA_ID = 0x1 @@ -6332,3 +6336,30 @@ type SockDiagReq struct { } const RTM_NEWNVLAN = 0x70 + +const ( + MPOL_BIND = 0x2 + MPOL_DEFAULT = 0x0 + MPOL_F_ADDR = 0x2 + MPOL_F_MEMS_ALLOWED = 0x4 + MPOL_F_MOF = 0x8 + MPOL_F_MORON = 0x10 + MPOL_F_NODE = 0x1 + MPOL_F_NUMA_BALANCING = 0x2000 + MPOL_F_RELATIVE_NODES = 0x4000 + MPOL_F_SHARED = 0x1 + MPOL_F_STATIC_NODES = 0x8000 + MPOL_INTERLEAVE = 0x3 + MPOL_LOCAL = 0x4 + MPOL_MAX = 0x7 + MPOL_MF_INTERNAL = 0x10 + MPOL_MF_LAZY = 0x8 + MPOL_MF_MOVE_ALL = 0x4 + MPOL_MF_MOVE = 0x2 + MPOL_MF_STRICT = 0x1 + MPOL_MF_VALID = 0x7 + MPOL_MODE_FLAGS = 0xe000 + MPOL_PREFERRED = 0x1 + MPOL_PREFERRED_MANY = 0x5 + MPOL_WEIGHTED_INTERLEAVE = 0x6 +) diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go index 439548e..50e8e64 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go @@ -104,7 +104,7 @@ type Statvfs_t struct { Fsid uint32 Namemax uint32 Owner uint32 - Spare [4]uint32 + Spare [4]uint64 Fstypename [32]byte Mntonname [1024]byte Mntfromname [1024]byte diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 640f6b1..69439df 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -321,6 +321,8 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys SetConsoleOutputCP(cp uint32) (err error) = kernel32.SetConsoleOutputCP //sys WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, reserved *byte) (err error) = kernel32.WriteConsoleW //sys ReadConsole(console Handle, buf *uint16, toread uint32, read *uint32, inputControl *byte) (err error) = kernel32.ReadConsoleW +//sys GetNumberOfConsoleInputEvents(console Handle, numevents *uint32) (err error) = kernel32.GetNumberOfConsoleInputEvents +//sys FlushConsoleInputBuffer(console Handle) (err error) = kernel32.FlushConsoleInputBuffer //sys resizePseudoConsole(pconsole Handle, size uint32) (hr error) = kernel32.ResizePseudoConsole //sys CreateToolhelp32Snapshot(flags uint32, processId uint32) (handle Handle, err error) [failretval==InvalidHandle] = kernel32.CreateToolhelp32Snapshot //sys Module32First(snapshot Handle, moduleEntry *ModuleEntry32) (err error) = kernel32.Module32FirstW @@ -890,8 +892,12 @@ const socket_error = uintptr(^uint32(0)) //sys MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) = kernel32.MultiByteToWideChar //sys getBestInterfaceEx(sockaddr unsafe.Pointer, pdwBestIfIndex *uint32) (errcode error) = iphlpapi.GetBestInterfaceEx //sys GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) = iphlpapi.GetIfEntry2Ex +//sys GetIpForwardEntry2(row *MibIpForwardRow2) (errcode error) = iphlpapi.GetIpForwardEntry2 +//sys GetIpForwardTable2(family uint16, table **MibIpForwardTable2) (errcode error) = iphlpapi.GetIpForwardTable2 //sys GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) = iphlpapi.GetUnicastIpAddressEntry +//sys FreeMibTable(memory unsafe.Pointer) = iphlpapi.FreeMibTable //sys NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyIpInterfaceChange +//sys NotifyRouteChange2(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyRouteChange2 //sys NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyUnicastIpAddressChange //sys CancelMibChangeNotify2(notificationHandle Handle) (errcode error) = iphlpapi.CancelMibChangeNotify2 @@ -914,6 +920,17 @@ type RawSockaddrInet6 struct { Scope_id uint32 } +// RawSockaddrInet is a union that contains an IPv4, an IPv6 address, or an address family. See +// https://learn.microsoft.com/en-us/windows/win32/api/ws2ipdef/ns-ws2ipdef-sockaddr_inet. +// +// A [*RawSockaddrInet] may be converted to a [*RawSockaddrInet4] or [*RawSockaddrInet6] using +// unsafe, depending on the address family. +type RawSockaddrInet struct { + Family uint16 + Port uint16 + Data [6]uint32 +} + type RawSockaddr struct { Family uint16 Data [14]int8 diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go index 993a229..6e4f50e 100644 --- a/vendor/golang.org/x/sys/windows/types_windows.go +++ b/vendor/golang.org/x/sys/windows/types_windows.go @@ -65,6 +65,22 @@ var signals = [...]string{ 15: "terminated", } +// File flags for [os.OpenFile]. The O_ prefix is used to indicate +// that these flags are specific to the OpenFile function. +const ( + O_FILE_FLAG_OPEN_NO_RECALL = FILE_FLAG_OPEN_NO_RECALL + O_FILE_FLAG_OPEN_REPARSE_POINT = FILE_FLAG_OPEN_REPARSE_POINT + O_FILE_FLAG_SESSION_AWARE = FILE_FLAG_SESSION_AWARE + O_FILE_FLAG_POSIX_SEMANTICS = FILE_FLAG_POSIX_SEMANTICS + O_FILE_FLAG_BACKUP_SEMANTICS = FILE_FLAG_BACKUP_SEMANTICS + O_FILE_FLAG_DELETE_ON_CLOSE = FILE_FLAG_DELETE_ON_CLOSE + O_FILE_FLAG_SEQUENTIAL_SCAN = FILE_FLAG_SEQUENTIAL_SCAN + O_FILE_FLAG_RANDOM_ACCESS = FILE_FLAG_RANDOM_ACCESS + O_FILE_FLAG_NO_BUFFERING = FILE_FLAG_NO_BUFFERING + O_FILE_FLAG_OVERLAPPED = FILE_FLAG_OVERLAPPED + O_FILE_FLAG_WRITE_THROUGH = FILE_FLAG_WRITE_THROUGH +) + const ( FILE_READ_DATA = 0x00000001 FILE_READ_ATTRIBUTES = 0x00000080 @@ -2304,6 +2320,82 @@ type MibIfRow2 struct { OutQLen uint64 } +// IP_ADDRESS_PREFIX stores an IP address prefix. See +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-ip_address_prefix. +type IpAddressPrefix struct { + Prefix RawSockaddrInet + PrefixLength uint8 +} + +// NL_ROUTE_ORIGIN enumeration from nldef.h or +// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_route_origin. +const ( + NlroManual = 0 + NlroWellKnown = 1 + NlroDHCP = 2 + NlroRouterAdvertisement = 3 + Nlro6to4 = 4 +) + +// NL_ROUTE_ORIGIN enumeration from nldef.h or +// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_route_protocol. +const ( + MIB_IPPROTO_OTHER = 1 + MIB_IPPROTO_LOCAL = 2 + MIB_IPPROTO_NETMGMT = 3 + MIB_IPPROTO_ICMP = 4 + MIB_IPPROTO_EGP = 5 + MIB_IPPROTO_GGP = 6 + MIB_IPPROTO_HELLO = 7 + MIB_IPPROTO_RIP = 8 + MIB_IPPROTO_IS_IS = 9 + MIB_IPPROTO_ES_IS = 10 + MIB_IPPROTO_CISCO = 11 + MIB_IPPROTO_BBN = 12 + MIB_IPPROTO_OSPF = 13 + MIB_IPPROTO_BGP = 14 + MIB_IPPROTO_IDPR = 15 + MIB_IPPROTO_EIGRP = 16 + MIB_IPPROTO_DVMRP = 17 + MIB_IPPROTO_RPL = 18 + MIB_IPPROTO_DHCP = 19 + MIB_IPPROTO_NT_AUTOSTATIC = 10002 + MIB_IPPROTO_NT_STATIC = 10006 + MIB_IPPROTO_NT_STATIC_NON_DOD = 10007 +) + +// MIB_IPFORWARD_ROW2 stores information about an IP route entry. See +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_ipforward_row2. +type MibIpForwardRow2 struct { + InterfaceLuid uint64 + InterfaceIndex uint32 + DestinationPrefix IpAddressPrefix + NextHop RawSockaddrInet + SitePrefixLength uint8 + ValidLifetime uint32 + PreferredLifetime uint32 + Metric uint32 + Protocol uint32 + Loopback uint8 + AutoconfigureAddress uint8 + Publish uint8 + Immortal uint8 + Age uint32 + Origin uint32 +} + +// MIB_IPFORWARD_TABLE2 contains a table of IP route entries. See +// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_ipforward_table2. +type MibIpForwardTable2 struct { + NumEntries uint32 + Table [1]MibIpForwardRow2 +} + +// Rows returns the IP route entries in the table. +func (t *MibIpForwardTable2) Rows() []MibIpForwardRow2 { + return unsafe.Slice(&t.Table[0], t.NumEntries) +} + // MIB_UNICASTIPADDRESS_ROW stores information about a unicast IP address. See // https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_unicastipaddress_row. type MibUnicastIpAddressRow struct { diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 641a5f4..f25b730 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -182,13 +182,17 @@ var ( procDwmGetWindowAttribute = moddwmapi.NewProc("DwmGetWindowAttribute") procDwmSetWindowAttribute = moddwmapi.NewProc("DwmSetWindowAttribute") procCancelMibChangeNotify2 = modiphlpapi.NewProc("CancelMibChangeNotify2") + procFreeMibTable = modiphlpapi.NewProc("FreeMibTable") procGetAdaptersAddresses = modiphlpapi.NewProc("GetAdaptersAddresses") procGetAdaptersInfo = modiphlpapi.NewProc("GetAdaptersInfo") procGetBestInterfaceEx = modiphlpapi.NewProc("GetBestInterfaceEx") procGetIfEntry = modiphlpapi.NewProc("GetIfEntry") procGetIfEntry2Ex = modiphlpapi.NewProc("GetIfEntry2Ex") + procGetIpForwardEntry2 = modiphlpapi.NewProc("GetIpForwardEntry2") + procGetIpForwardTable2 = modiphlpapi.NewProc("GetIpForwardTable2") procGetUnicastIpAddressEntry = modiphlpapi.NewProc("GetUnicastIpAddressEntry") procNotifyIpInterfaceChange = modiphlpapi.NewProc("NotifyIpInterfaceChange") + procNotifyRouteChange2 = modiphlpapi.NewProc("NotifyRouteChange2") procNotifyUnicastIpAddressChange = modiphlpapi.NewProc("NotifyUnicastIpAddressChange") procAddDllDirectory = modkernel32.NewProc("AddDllDirectory") procAssignProcessToJobObject = modkernel32.NewProc("AssignProcessToJobObject") @@ -238,6 +242,7 @@ var ( procFindResourceW = modkernel32.NewProc("FindResourceW") procFindVolumeClose = modkernel32.NewProc("FindVolumeClose") procFindVolumeMountPointClose = modkernel32.NewProc("FindVolumeMountPointClose") + procFlushConsoleInputBuffer = modkernel32.NewProc("FlushConsoleInputBuffer") procFlushFileBuffers = modkernel32.NewProc("FlushFileBuffers") procFlushViewOfFile = modkernel32.NewProc("FlushViewOfFile") procFormatMessageW = modkernel32.NewProc("FormatMessageW") @@ -284,6 +289,7 @@ var ( procGetNamedPipeHandleStateW = modkernel32.NewProc("GetNamedPipeHandleStateW") procGetNamedPipeInfo = modkernel32.NewProc("GetNamedPipeInfo") procGetNamedPipeServerProcessId = modkernel32.NewProc("GetNamedPipeServerProcessId") + procGetNumberOfConsoleInputEvents = modkernel32.NewProc("GetNumberOfConsoleInputEvents") procGetOverlappedResult = modkernel32.NewProc("GetOverlappedResult") procGetPriorityClass = modkernel32.NewProc("GetPriorityClass") procGetProcAddress = modkernel32.NewProc("GetProcAddress") @@ -1622,6 +1628,11 @@ func CancelMibChangeNotify2(notificationHandle Handle) (errcode error) { return } +func FreeMibTable(memory unsafe.Pointer) { + syscall.SyscallN(procFreeMibTable.Addr(), uintptr(memory)) + return +} + func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) { r0, _, _ := syscall.SyscallN(procGetAdaptersAddresses.Addr(), uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer))) if r0 != 0 { @@ -1662,6 +1673,22 @@ func GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) { return } +func GetIpForwardEntry2(row *MibIpForwardRow2) (errcode error) { + r0, _, _ := syscall.SyscallN(procGetIpForwardEntry2.Addr(), uintptr(unsafe.Pointer(row))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + +func GetIpForwardTable2(family uint16, table **MibIpForwardTable2) (errcode error) { + r0, _, _ := syscall.SyscallN(procGetIpForwardTable2.Addr(), uintptr(family), uintptr(unsafe.Pointer(table))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + func GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) { r0, _, _ := syscall.SyscallN(procGetUnicastIpAddressEntry.Addr(), uintptr(unsafe.Pointer(row))) if r0 != 0 { @@ -1682,6 +1709,18 @@ func NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsa return } +func NotifyRouteChange2(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) { + var _p0 uint32 + if initialNotification { + _p0 = 1 + } + r0, _, _ := syscall.SyscallN(procNotifyRouteChange2.Addr(), uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle))) + if r0 != 0 { + errcode = syscall.Errno(r0) + } + return +} + func NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) { var _p0 uint32 if initialNotification { @@ -2111,6 +2150,14 @@ func FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error) { return } +func FlushConsoleInputBuffer(console Handle) (err error) { + r1, _, e1 := syscall.SyscallN(procFlushConsoleInputBuffer.Addr(), uintptr(console)) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func FlushFileBuffers(handle Handle) (err error) { r1, _, e1 := syscall.SyscallN(procFlushFileBuffers.Addr(), uintptr(handle)) if r1 == 0 { @@ -2481,6 +2528,14 @@ func GetNamedPipeServerProcessId(pipe Handle, serverProcessID *uint32) (err erro return } +func GetNumberOfConsoleInputEvents(console Handle, numevents *uint32) (err error) { + r1, _, e1 := syscall.SyscallN(procGetNumberOfConsoleInputEvents.Addr(), uintptr(console), uintptr(unsafe.Pointer(numevents))) + if r1 == 0 { + err = errnoErr(e1) + } + return +} + func GetOverlappedResult(handle Handle, overlapped *Overlapped, done *uint32, wait bool) (err error) { var _p0 uint32 if wait { diff --git a/vendor/modules.txt b/vendor/modules.txt index 3c26c46..fcfab29 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# github.com/BurntSushi/toml v1.5.0 +# github.com/BurntSushi/toml v1.6.0 ## explicit; go 1.18 github.com/BurntSushi/toml github.com/BurntSushi/toml/internal @@ -74,8 +74,8 @@ github.com/mailru/easyjson/jwriter # github.com/mattn/go-isatty v0.0.20 ## explicit; go 1.15 github.com/mattn/go-isatty -# github.com/minio/sio v0.4.2 -## explicit; go 1.24 +# github.com/minio/sio v0.4.3 +## explicit; go 1.24.0 github.com/minio/sio # github.com/mitchellh/go-homedir v1.1.0 ## explicit @@ -86,7 +86,7 @@ github.com/pkg/errors # github.com/pmezard/go-difflib v1.0.0 ## explicit github.com/pmezard/go-difflib/difflib -# github.com/stretchr/objx v0.5.2 +# github.com/stretchr/objx v0.5.3 ## explicit; go 1.20 github.com/stretchr/objx # github.com/stretchr/testify v1.11.1 @@ -109,7 +109,7 @@ github.com/xeipuuv/gojsonreference # github.com/xeipuuv/gojsonschema v1.2.0 ## explicit github.com/xeipuuv/gojsonschema -# golang.org/x/crypto v0.42.0 +# golang.org/x/crypto v0.47.0 ## explicit; go 1.24.0 golang.org/x/crypto/bcrypt golang.org/x/crypto/blowfish @@ -118,12 +118,12 @@ golang.org/x/crypto/chacha20poly1305 golang.org/x/crypto/hkdf golang.org/x/crypto/internal/alias golang.org/x/crypto/internal/poly1305 -# golang.org/x/sys v0.36.0 +# golang.org/x/sys v0.40.0 ## explicit; go 1.24.0 golang.org/x/sys/cpu golang.org/x/sys/unix golang.org/x/sys/windows -# golang.org/x/text v0.29.0 +# golang.org/x/text v0.33.0 ## explicit; go 1.24.0 golang.org/x/text/encoding golang.org/x/text/encoding/charmap