disable requests

Push w/ obsc URL

Disable

Add docs, changelog and authors in CONTRIBUTION

add docs, changelog and authors in Development. fixes #2252 Signed-off-by: Shrijal Acharya coveringguy0123@gmail.com Signed-off-by: OctoPie23 coveringguy0123@gmail.com

Remove old mailing list and add missing period

Signed-off-by: OctoPie23 coveringguy0123@gmail.com

Merge pull request #3204 from OctoPie23/docs-edit

Add docs, changelog and authors in CONTRIBUTION and fix typos and errors

README.md: PyPI case typo (#7880)

PyPI has three capital letters. See the front page of the service: https://pypi.org/ "The Python Package Index (PyPI) ..."

Update the Python link under "Supported programming languages"

Co-authored-by: Michael Le michael.le647@gmail.com

c8d/inspect: Add digested reference to details

Fixes RepoDigests value being null in inspect output.

Signed-off-by: Paweł Gronowski pawel.gronowski@docker.com

Move buildkit client opts to new package

Not everyone who imports the client wants to pull in all of buildkit, so move it to a separate package.

Signed-off-by: Brian Goff cpuguy83@gmail.com

c8d/inspect: Handle dangling images

Don't try to parse dangling images name (they have a non-canonical format - moby-dangling@sha256:...) as a reference. Log a warning if the image is not dangling and its name is not a valid named reference.

Signed-off-by: Paweł Gronowski pawel.gronowski@docker.com

Update github.com/containerd/containerd to the HEAD of release/1.6 and vendor

Signed-off-by: Laura Brehm laurabrehm@hey.com

c8d: add support for docker diff

Signed-off-by: Laura Brehm laurabrehm@hey.com

Skip Buildkit digest tests

(see https://github.com/moby/buildkit/pull/3736)

Signed-off-by: Laura Brehm laurabrehm@hey.com

c8d/commit: Use manifest digest for dangling image

Previously commit incorrectly used image config digest as an image id for the new image which isn't consistent with the image target. This changes it to use manifest digest.

Signed-off-by: Paweł Gronowski pawel.gronowski@docker.com

vendor: github.com/opencontainers/runc v1.1.5

no changes in vendored code, just keeping scanners happy :)

release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.5 diff: https://github.com/opencontainers/runc/compare/v1.1.4...v1.1.5

This is the fifth patch release in the 1.1.z series of runc, which fixes three CVEs found in runc.

• CVE-2023-25809 is a vulnerability involving rootless containers where (under specific configurations), the container would have write access to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host were affected. This vulnerability was discovered by Akihiro Suda. https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc

• CVE-2023-27561 was a regression which effectively re-introduced CVE-2019-19921. This bug was present from v1.0.0-rc95 to v1.1.4. This regression was discovered by @Beuc. https://github.com/advisories/GHSA-vpvm-3wq2-2wvm

• CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the same patch. This variant of the above vulnerability was reported by Lei Wang. https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c

In addition, the following other fixes are included in this release:

• Fix the inability to use /dev/null when inside a container.
• Fix changing the ownership of host's /dev/null caused by fd redirection (a regression in 1.1.1).
• Fix rare runc exec/enter unshare error on older kernels, including CentOS < 7.7.
• nsexec: Check for errors in write_log().

Signed-off-by: Sebastiaan van Stijn github@gone.nl

update runc binary to v1.1.5

release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.5 diff: https://github.com/opencontainers/runc/compare/v1.1.4...v1.1.5

This is the fifth patch release in the 1.1.z series of runc, which fixes three CVEs found in runc.

• CVE-2023-25809 is a vulnerability involving rootless containers where (under specific configurations), the container would have write access to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other hierarchies on the host were affected. This vulnerability was discovered by Akihiro Suda. https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc

• CVE-2023-27561 was a regression which effectively re-introduced CVE-2019-19921. This bug was present from v1.0.0-rc95 to v1.1.4. This regression was discovered by @Beuc. https://github.com/advisories/GHSA-vpvm-3wq2-2wvm

• CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the same patch. This variant of the above vulnerability was reported by Lei Wang. https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c

In addition, the following other fixes are included in this release:

• Fix the inability to use /dev/null when inside a container.
• Fix changing the ownership of host's /dev/null caused by fd redirection (a regression in 1.1.1).
• Fix rare runc exec/enter unshare error on older kernels, including CentOS < 7.7.
• nsexec: Check for errors in write_log().

Signed-off-by: Sebastiaan van Stijn github@gone.nl

Merge pull request #45234 from vvoland/c8d-commit-dangling-digest

c8d/commit: Use manifest digest for dangling image name

Add the events services to the containerd image service

No events are sent yet, these will come at a later stage.

Signed-off-by: Djordje Lukic djordje.lukic@docker.com

images/push: Accept reference

Push the reference parsing from repo and tag names into the api and pass a reference object to the ImageService.

Signed-off-by: Paweł Gronowski pawel.gronowski@docker.com

c8d: Implement push

This implements docker push under containerd image store. When pushing manifest lists that reference a content which is not present in the local content store, it will attempt to perform the cross-repo mount the content if possible.

Considering this scenario:

$ docker pull docker.io/library/busybox

This will download manifest list and only host platform-specific manifest and blobs.

Note, tagging to a different repository (but still the same registry) and pushing:

$ docker tag docker.io/library/busybox docker.io/private-repo/mybusybox
$ docker push docker.io/private-repo/mybusybox

will result in error, because the neither we nor the target repository doesn't have the manifests that the busybox manifest list references (because manifests can't be cross-repo mounted).

If for some reason the manifests and configs for all other platforms would be present in the content store, but only layer blobs were missing, then the push would work, because the blobs can be cross-repo mounted (only if we push to the same registry).

Signed-off-by: Paweł Gronowski pawel.gronowski@docker.com

Merge pull request #45236 from thaJeztah/update_runc_binary_1.1.5

update runc binary to v1.1.5

Merge pull request #44964 from laurazard/c8d-docker-diff

containerd integration: docker diff

Merge pull request #45239 from thaJeztah/vendor_runc_1.1.5

vendor: github.com/opencontainers/runc v1.1.5

Merge pull request #45224 from cpuguy83/move_bk_client

Move buildkit client opts to new package

Merge pull request #45231 from vvoland/c8d-inspect-dangling

c8d/inspect: Handle dangling images

Merge pull request #45122 from vvoland/c8d-upstream-inspect-digest

c8d/inspect: Add digested reference to details

Merge pull request #44963 from vvoland/c8d-push-upstream

c8d: Implement push

MINOR: Change ordering of checks to prevent log spam on metadata updates (#13447)

On startup, we always update the metadata. The topic ID also goes from null to defined. Move the epoch is null check to before the topic ID check to prevent log spam.

Reviewers: David Jacot djacot@confluent.io, Jason Gustafson jason@confluent.io

MINOR: Deflake some tests in TopicCommandIntegrationTest (#13479)

A couple tests in TopicCommandIntegrationTest look flaky, such as testTopicDeletion and testTopicWithCollidingCharDeletionAndCreateAgain.

I also updated part of a comment that implies the code only runs in ZK mode but thats not the case so I removed it.

Reviewers: Colin P. McCabe cmccabe@apache.org, Justine Olshan jolshan@confluent.io

Switch to SplittableRandom in ProducerPerformance utility (#13482)

Why: Using java.util.Random to generate every byte sent from the ProducerPerformance appears to be a limiting factor. Throughput of the ProducerPerformance script is higher with a file of records as compared to randomly generated records.

On my machine a single thread can generate ~100MB/second of uppercase letters using java.util.Random and ~300MB/sec using java.util.SplittableRandom. This is a limit on throughput.

Note: you can optimise further by expanding it from 26 letters to 32 letter generated as it is more efficient to generate a nicely distributed int when the bound is a power of two.

Reviewers: Luke Chen showuon@gmail.com

KAFKA-14617: Update AlterPartitionRequest and enable Kraft controller to reject stale request. (#13408)

Second part of the KIP-903, it updates the AlterPartitionRequest:

• Deprecate the NewIsr field
• Create a new field BrokerState with BrokerId and BrokerEpoch
• Bump the AlterPartition version to 3

With this change, the Quorum Controller is enabled to reject stale AlterPartition request.

Reviewers: Jun Rao junrao@gmail.com, David Jacot djacot@confluent.io

Merge branch 'trunk' of https://github.com/apache/kafka into trunk

Update go documentation link to point to root module (#7879)

Co-authored-by: Derek Bailey derekbailey@google.com

Silence GRPC logs unless our log level is debug

GRPC is logging a lot of garbage at info level. This configures the GRPC logger such that it is only giving us logs when at debug level and also adds a log field indicating where the logs are coming from.

containerd is still currently spewing these same log messages and needs a separate update.

Without this change docker build is extremely noisy in the daemon logs.

Signed-off-by: Brian Goff cpuguy83@gmail.com

libn/i/setmatrix: make generic and constructorless

Allow SetMatrix to be used as a value type with a ready-to-use zero value. SetMatrix values are already non-copyable by virtue of having a mutex field so there is no harm in allowing non-pointer values to be used as local variables or struct fields. Any attempts to pass around by-value copies, e.g. as function arguments, will be flagged by go vet.

Signed-off-by: Cory Snider csnider@mirantis.com

Merge pull request #45169 from corhere/libnet/generic-setmatrix

libn/i/setmatrix: make generic and constructorless

Merge pull request #45187 from cpuguy83/stfu_grpc

Silence GRPC logs unless our log level is debug

KAFKA-14829: Consolidate reassignment logic into PartitionReassignmentReplicas (#13440)

Currently, we have various bits of reassignment logic spread across different classes. For example, ReplicationControlManager contains logic for when a reassignment is in progress, which is duplication in PartitionChangeBuilder. Another example is PartitionReassignmentRevert which contains logic for how to undo/revert a reassignment. The idea here is to move the logic to PartitionReassignmentReplicas so it's more testable and easier to reason about.

Reviewers: José Armando García Sancio jsancio@apache.org

KAFKA-14857: Fix some MetadataLoader bugs (#13462)

The MetadataLoader is not supposed to publish metadata updates until we have loaded up to the high water mark. Previously, this logic was broken, and we published updates immediately. This PR fixes that and adds a junit test.

Another issue is that the MetadataLoader previously assumed that we would periodically get callbacks from the Raft layer even if nothing had happened. We relied on this to install new publishers in a timely fashion, for example. However, in older MetadataVersions that don't include NoOpRecord, this is not a safe assumption.

Aside from the above changes, also fix a deadlock in SnapshotGeneratorTest, fix the log prefix for BrokerLifecycleManager, and remove metadata publishers on brokerserver shutdown (like we do for controllers).

Reviewers: David Arthur mumrah@gmail.com, dengziming dengziming1993@gmail.com

MINOR: Remove addOne to fix build (#13469)

Removed addOne method that broke scala 2.12 build

Co-authored-by: David Arthur mumrah@gmail.com

Reviewers: Colin P. McCabe cmccabe@apache.org, Jason Gustafson jason@confluent.io

KAFKA-14468: Committed API (#13380)

In this PR, I implemented the committed API. Here are the specifics:

• the CommitRequestManager handles committed() request.
• I implemented a UnsentOffsetFetchRequestState to handle deduping the request: because we don't want to send the exact requests repeatedly.
• I implemented the retry mechanism: Some retriable errors will be retried automatically
• ClientResponse errors are handled in the handlers.
• Some of the top-level APIs were refactored lightly.

Reviewers: Guozhang Wang wangguoz@gmail.com

MINOR: Create only one FeatureControlManager instance in ReplicationControlManagerTest (#13468)

This is a small patch to make it so we only create one FeatureControlManager instance in ReplicationControlManagerTest. Currently we create two, which isn't needed. Its also a bit confusing because the ReplicationControlTestContext objects ends up having a different FeatureControlManager reference that the one its own ReplicationControlManager instance has a reference to.

Reviewers: José Armando García Sancio jsancio@apache.org, dengziming dengziming1993@gmail.com

Merge branch 'trunk' of https://github.com/apache/kafka into trunk

Implement fix and tests

Changelog

Add changelog

Merge branch 'js_escape_security_fix'

version bump

Merge branch 'release/4.3.1'

fix: redact secretKey from printed on screen (#4526)

Merge branch 'master' of https://github.com/minio/mc

Deal with partial writes on SSL write

SSL write may do partial writes in some cases. For example, document of mbedtls_ssl_write says: If the return value is non-negative but less than length, the function must be called again with updated arguments: buf + ret, len - ret (if ret is the return value) until it returns a value equal to the last 'len' argument.

In case of partial writes, we should continue writing the same chain of buffer, not the next chain.

integration-cli: Enable TestExecStartFails on Windows

Signed-off-by: Paweł Gronowski pawel.gronowski@docker.com

Prefer loading docker-init from an appropriate "libexec" directory

The docker-init binary is not intended to be a user-facing command, and as such it is more appropriate for it to be found in /usr/libexec (or similar) than in PATH (see the FHS, especially https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s07.html and https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html#USRLIBLIBRARIESFORPROGRAMMINGANDPA).

This adjusts the logic for using that configuration option to take this into account and appropriately search for docker-init (or the user's configured alternative) in these directories before falling back to the existing PATH lookup behavior.

This behavior used to exist for the old dockerinit binary (of a similar name and used in a similar way but for an alternative purpose), but that behavior was removed in 4357ed4a7363a1032edf93cf03232953c805184f when that older dockerinit was also removed.

Most of this reasoning also applies to docker-proxy (and various containerd-xxx binaries such as the shims), but this change does not affect those. It would be relatively straightforward to adapt LookupInitPath to be a more generic function such as libexecLookupPath or similar if we wanted to explore that.

See https://github.com/docker/cli/blob/14482589df194a86b2ee07df643ba3277b40df7d/cli-plugins/manager/manager_unix.go for the related path list in the CLI which loads CLI plugins from a similar set of paths (with a similar rationale - plugin binaries are not typically intended to be run directly by users but rather invoked via the CLI binary).

Signed-off-by: Tianon Gravi admwiggin@gmail.com

Add laurazard as curator

Adding Laura as curator so that she can help with triage.

Signed-off-by: Sebastiaan van Stijn github@gone.nl

Add akerouanton as curator

Adding Albin as curator so that he can help triage.

Signed-off-by: Sebastiaan van Stijn github@gone.nl

Merge pull request #45218 from thaJeztah/new_curators

Add Laura and Albin as curator

Merge pull request #45186 from vvoland/test-windows-execstartfails

integration-cli: Enable TestExecStartFails on Windows

Merge pull request #45198 from tianon/libexec-docker-init

Prefer loading docker-init from an appropriate "libexec" directory

KAFKA-14853 the serializer/deserialize which extends ClusterResourceListener is not added to Metadata (#13460)

Reviewers: dengziming dengziming1993@gmail.com

Merge branch 'trunk' of https://github.com/apache/kafka into trunk

KAFKA-14843: Include Connect framework properties when retrieving connector config definitions (#13445)

Reviewers: Yash Mayya yash.mayya@gmail.com, Greg Harris greg.harris@aiven.io, Chris Egerton chrise@aiven.io

Merge branch 'trunk' of https://github.com/apache/kafka into trunk

Fix #3250: Invalid SPDX with empty file: no SHA1

Signed-off-by: Marc-Etienne Vargenau marc-etienne.vargenau@nokia.com

Add test test_output_spdx_tv_sh1_of_empty_file

Signed-off-by: Marc-Etienne Vargenau marc-etienne.vargenau@nokia.com

Merge pull request #3279 from vargenau/add-sha1-for-empty-file

Fix #3250: Invalid SPDX with empty file: no SHA1

libnetwork/d/overlay: handle peer ops directly

Funneling the peer operations into an unbuffered channel only serves to achieve the same result as a mutex, using a lot more boilerplate and indirection. Get rid of the boilerplate and unnecessary indirection by using a mutex and calling the operations directly.

Signed-off-by: Cory Snider csnider@mirantis.com

client: Add buildkit ClientOpts

This adds a function to the client package which can be used to create a buildkit client from our moby client.

Example:

package main

import (
  "context"

  "github.com/moby/moby/client"
  bkclient "github.com/moby/buildkit/client"
)

func main() {
  c := client.NewWithOpts()
  bc, _ := bkclient.New(context.Background(), ""
    client.BuildkitClientOpts(c),
  )
  // ...
}

Signed-off-by: Brian Goff cpuguy83@gmail.com

vendor: github.com/moby/buildkit v0.11.5

full diff: https://github.com/moby/buildkit/compare/v0.11.4...v0.11.5

Signed-off-by: Sebastiaan van Stijn github@gone.nl

Merge pull request #45164 from corhere/libnet/peer-op-function-call

libnetwork/d/overlay: handle peer ops directly

Merge pull request #45214 from thaJeztah/bump_buildkit

vendor: github.com/moby/buildkit v0.11.5

Merge pull request #45203 from cpuguy83/client_add_buildkit_helper

client: Add buildkit ClientOpts

KAFKA-14848: KafkaConsumer incorrectly passes locally-scoped serializers to FetchConfig (#13452)

Fix for a NPE bug that was caused by referring to a local variable and not the instance variable of the deserializers.

Co-authored-by: Robert Yokota 1761488+rayokota@users.noreply.github.com

Reviewers: Robert Yokota 1761488+rayokota@users.noreply.github.com, Guozhang Wang wangguoz@gmail.com

KAFKA-14796 Migrate ACLs from AclAuthorizor to KRaft (#13368)

This patch refactors the loadCache method in AclAuthorizer to make it reusable by ZkMigrationClient. The loaded ACLs are converted to AccessControlEntryRecord. I noticed we still have the defunct AccessControlRecord, so I've deleted it.

Also included here are the methods to write ACL changes back to ZK while in dual-write mode.

Reviewers: Rajini Sivaram rajinisivaram@googlemail.com, Colin P. McCabe cmccabe@apache.org

KAFKA-14827: Support for StandardAuthorizer benchmark (#13423)

• KAFKA-14827: Support for StandardAuthorizer benchmark

Co-authored-by: Purshotam Chauhan purshotam.r.chauhan@gmail.com

• reverting unintentional change

Co-authored-by: David Arthur mumrah@gmail.com

Reviewers: Manikumar Reddy manikumar.reddy@gmail.com

KAFKA-14586: Moving StreamResetter to tools (#13127)

Moves StreamResetter to tools project.

Reviewers: Federico Valeri fedevaleri@gmail.com, Christo Lolov lolovc@amazon.com, Bruno Cadonna cadonna@apache.org

KAFKA-14837/14842:Avoid the rebalance caused by the addition and deletion of irrelevant groups for MirrorCheckPointConnector (#13446)

Reviewers: Chris Egerton chrise@aiven.io

Merge branch 'trunk' of https://github.com/apache/kafka into trunk

add error message when storing data to temp file fails. Github: closes #182

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908684 13f79535-47bb-0310-9956-ffa450edef68

*) mod_http2: fixed a crash during connection termination. See PR 66539.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908691 13f79535-47bb-0310-9956-ffa450edef68

fr doc XML file update.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908712 13f79535-47bb-0310-9956-ffa450edef68

fr doc XML file update.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908713 13f79535-47bb-0310-9956-ffa450edef68

fr doc rebuild.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908714 13f79535-47bb-0310-9956-ffa450edef68

Merge branch 'trunk' of https://github.com/apache/httpd into trunk

http: style fix: use space between arguments list (#1435)

use Bool for flatbuffers bool instead of Byte (#7876)

Add test for Bool type in swift

Co-authored-by: mustiikhalil 26250654+mustiikhalil@users.noreply.github.com

Fix log DateTime format unit test (#13441)

Reviewers: Viktor Somogyi-Vass viktorsomogyi@gmail.com

KAFKA-14774 the removed listeners should not be reconfigurable (#13326)

Reviewers: Mickael Maison mimaison@users.noreply.github.com

Merge branch 'trunk' of https://github.com/apache/kafka into trunk

Upgrade actions/checkout and actions/cache (#870)

Managesieve: Support :encodeurl (RFC 5435) (#8917)

Add List-ID to the list of headers for creating new sieve-filters (#8307)

Bump ngtcp2 to v0.14.0

Merge pull request #1891 from nghttp2/bump-ngtcp2

Bump ngtcp2 to v0.14.0

nghttpx: write watcher should only be started upon blocking write

Merge pull request #1892 from nghttp2/nghttpx-h3-write-event

nghttpx: write watcher should only be started upon blocking write

dockerversion: DockerUserAgent(): use sync.Once to construct User-Agent

The User-Agent includes the kernel version, which involves making a syscall (and parsing the results) on Linux, and reading (plus parsing) the registry on Windows. These operations are relatively costly, and we should not perform those on every request that uses the User-Agent.

This patch adds a sync.Once so that we only perform these actions once for the lifetime of the daemon's process.

Signed-off-by: Sebastiaan van Stijn github@gone.nl

Update delve version

Signed-off-by: Albin Kerouanton albinker@gmail.com

libnet/d/windows: log EnableInternalDNS val after setting it

Signed-off-by: Albin Kerouanton albinker@gmail.com

Merge pull request #45195 from thaJeztah/useragent_once

Merge pull request #45211 from akerouanton/fix-windows-log

libnet/d/windows: log EnableInternalDNS val after setting it

Merge pull request #45212 from akerouanton/update-delve

Update delve version

MINOR: Rename remote_controller_quorum to isolated_controller_quorum (#13448)

Similar to https://github.com/apache/kafka/pull/13439:

ddd652c standardized on "isolated" as the name for all the isolated modes, and renamed remote_controller_quorum to kafkatest.services.kafka.quorum.remote_kraft to isolated_controller_quorum. This broke SecurityTest.test_quorum_ssl_endpoint_validation_failure, which should be fixed by this simple rename.

Reviewers: Colin P. McCabe cmccabe@apache.org

KAFKA-14835: Create ControllerMetadataMetricsPublisher (#13438)

Separate out KRaft controller metrics into two groups: metrics directly managed by the QuorumController, and metrics handled by an external publisher. This separation of concerns makes the code easier to reason about, by clarifying what metrics can be changed where.

The external publisher, ControllerServerMetricsPublisher, handles all metrics which are related to the content of metadata. For example, metrics about number of topics or number of partitions, etc. etc. It fits into the MetadataLoader metadata publishing framework as another publisher. Since ControllerServerMetricsPublisher operates off of a MetadataImage, we don't have to create (essentially) another copy of the metadata in memory, as ControllerMetricsManager. This reduces memory consumption. Another benefit of operating off of the MetadataImage is that we don't have to have special handling for each record type, like we do now in ControllerMetricsManager.

Reviewers: David Arthur mumrah@gmail.com

KAFKA-14365: Extract common logic from Fetcher (#13425)

• KAFKA-14365: Extract common logic from Fetcher

Extract logic from Fetcher into AbstractFetcher.

Also introduce FetchConfig as a more concise way to delineate state from incoming configuration.

Formalized the defaults in CommonClientConfigs and ConsumerConfig to be accessible elsewhere.

• Removed overridden methods in favor of synchronizing where needed

Reviewers: Guozhang Wang wangguoz@gmail.com

KAFKA-10244 An new java interface to replace 'kafka.common.MessageReader' (#13393)

Reviewers: Mickael Maison mimaison@users.noreply.github.com

Merge branch 'trunk' of https://github.com/apache/kafka into trunk

MINOR: doc: fix typo in config-streams (#13450)

Reviewers: Chia-Ping Tsai chia7712@gmail.com

Merge branch 'trunk' of https://github.com/apache/kafka into trunk