From da5e63dfe39795b7afb964b8cbff718b0984e1f3 Mon Sep 17 00:00:00 2001 From: Roman Perekhod <2403905@gmail.com> Date: Mon, 9 Feb 2026 11:10:41 +0100 Subject: [PATCH] feat: bump go to 1.25 feat: bump mockery to v2.53.5 feat: bump govulncheck feat: bump bingo to v0.10.0 force go-1.25.7 update thumbnail images for test bump reva to latest --- .bingo/.gitignore | 1 + .bingo/README.md | 11 +- .bingo/Variables.mk | 52 ++-- .bingo/bingo.mod | 4 +- .bingo/bingo.sum | 21 ++ .bingo/govulncheck.mod | 4 +- .bingo/govulncheck.sum | 12 + .bingo/mockery.mod | 2 +- .bingo/mockery.sum | 6 + .bingo/variables.env | 8 +- .drone.star | 6 +- Dockerfile | 2 +- README.md | 2 +- changelog/unreleased/bump-go-1.25.md | 5 + go.mod | 6 +- go.sum | 4 +- ocis-pkg/kql/dictionary_gen.go | 2 +- ocis-pkg/oidc/mocks/oidc_client.go | 2 +- ocis/docker/Dockerfile.linux.amd64 | 2 +- ocis/docker/Dockerfile.linux.arm64 | 2 +- services/graph/mocks/base_graph_provider.go | 2 +- .../mocks/drive_item_permissions_provider.go | 2 +- .../graph/mocks/drives_drive_item_provider.go | 2 +- services/graph/mocks/gateway_selector.go | 2 +- services/graph/mocks/http_client.go | 2 +- services/graph/mocks/permissions.go | 2 +- services/graph/mocks/role_service.go | 2 +- services/graph/pkg/identity/mocks/backend.go | 2 +- .../pkg/identity/mocks/education_backend.go | 2 +- .../graph/pkg/identity/mocks/ldapclient.go | 2 +- .../pkg/backends/keycloak/mocks/client.go | 2 +- .../pkg/user/backend/mocks/user_backend.go | 2 +- .../pkg/userroles/mocks/user_role_assigner.go | 2 +- .../search/pkg/content/mocks/extractor.go | 2 +- .../search/pkg/content/mocks/retriever.go | 2 +- services/search/pkg/engine/mocks/engine.go | 2 +- services/search/pkg/search/mocks/searcher.go | 2 +- .../settings/pkg/settings/mocks/manager.go | 2 +- tests/ociswrapper/go.mod | 2 +- .../internal/grpc/interceptors/auth/scope.go | 261 ++++-------------- vendor/modules.txt | 2 +- 41 files changed, 174 insertions(+), 281 deletions(-) create mode 100644 changelog/unreleased/bump-go-1.25.md diff --git a/.bingo/.gitignore b/.bingo/.gitignore index 9efccf683cd..4428593c37f 100755 --- a/.bingo/.gitignore +++ b/.bingo/.gitignore @@ -11,3 +11,4 @@ !variables.env *tmp.mod +*tmp.sum diff --git a/.bingo/README.md b/.bingo/README.md index 7a5c2d4f6da..c812e3a6c2c 100755 --- a/.bingo/README.md +++ b/.bingo/README.md @@ -1,14 +1,13 @@ # Project Development Dependencies. -This is directory which stores Go modules with pinned buildable package that is used within this repository, managed by https://github.com/bwplotka/bingo. +This is directory which stores Go modules with pinned buildable package that is used within this repository, managed by . * Run `bingo get` to install all tools having each own module file in this directory. -* Run `bingo get ` to install that have own module file in this directory. -* For Makefile: Make sure to put `include .bingo/Variables.mk` in your Makefile, then use $() variable where is the .bingo/.mod. +* Run `bingo get ` to install `` that have own module file in this directory. +* For Makefile: Make sure to put `include .bingo/Variables.mk` in your Makefile, then use `\$()` variable where `` is the .bingo/`.mod`. * For shell: Run `source .bingo/variables.env` to source all environment variable for each tool. -* For go: Import `.bingo/variables.go` to for variable names. -* See https://github.com/bwplotka/bingo or -h on how to add, remove or change binaries dependencies. +* See or -h on how to add, remove or change binaries dependencies. ## Requirements -* Go 1.14+ +* Go 1.24.x or 1.25.x diff --git a/.bingo/Variables.mk b/.bingo/Variables.mk index 10df836d15e..25da0bec835 100644 --- a/.bingo/Variables.mk +++ b/.bingo/Variables.mk @@ -1,10 +1,16 @@ -# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.9. DO NOT EDIT. +# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.10. DO NOT EDIT. # All tools are designed to be build inside $GOBIN. BINGO_DIR := $(dir $(lastword $(MAKEFILE_LIST))) GOPATH ?= $(shell go env GOPATH) GOBIN ?= $(firstword $(subst :, ,${GOPATH}))/bin GO ?= $(shell which go) +# Ensure bingo-managed tools are always built for the host platform, +# even when GOOS/GOARCH are set for cross-compilation of other targets. +GOHOSTOS ?= $(shell $(GO) env GOHOSTOS) +GOHOSTARCH ?= $(shell $(GO) env GOHOSTARCH) +GOHOSTARM ?= $(shell $(GO) env GOHOSTARM) + # Below generated variables ensure that every time a tool under each variable is invoked, the correct version # will be used; reinstalling only if needed. # For example for bingo variable: @@ -17,99 +23,99 @@ GO ?= $(shell which go) # @echo "Running bingo" # @$(BINGO) # -BINGO := $(GOBIN)/bingo-v0.9.0 +BINGO := $(GOBIN)/bingo-v0.10.0 $(BINGO): $(BINGO_DIR)/bingo.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. - @echo "(re)installing $(GOBIN)/bingo-v0.9.0" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=bingo.mod -o=$(GOBIN)/bingo-v0.9.0 "github.com/bwplotka/bingo" + @echo "(re)installing $(GOBIN)/bingo-v0.10.0" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=bingo.mod -o=$(GOBIN)/bingo-v0.10.0 "github.com/bwplotka/bingo" BUF := $(GOBIN)/buf-v1.39.0 $(BUF): $(BINGO_DIR)/buf.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/buf-v1.39.0" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=buf.mod -o=$(GOBIN)/buf-v1.39.0 "github.com/bufbuild/buf/cmd/buf" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=buf.mod -o=$(GOBIN)/buf-v1.39.0 "github.com/bufbuild/buf/cmd/buf" BUILDIFIER := $(GOBIN)/buildifier-v0.0.0-20220323134444-a9f46b2bb3de $(BUILDIFIER): $(BINGO_DIR)/buildifier.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/buildifier-v0.0.0-20220323134444-a9f46b2bb3de" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=buildifier.mod -o=$(GOBIN)/buildifier-v0.0.0-20220323134444-a9f46b2bb3de "github.com/bazelbuild/buildtools/buildifier" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=buildifier.mod -o=$(GOBIN)/buildifier-v0.0.0-20220323134444-a9f46b2bb3de "github.com/bazelbuild/buildtools/buildifier" CALENS := $(GOBIN)/calens-v0.4.0 $(CALENS): $(BINGO_DIR)/calens.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/calens-v0.4.0" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=calens.mod -o=$(GOBIN)/calens-v0.4.0 "github.com/restic/calens" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=calens.mod -o=$(GOBIN)/calens-v0.4.0 "github.com/restic/calens" GO_LICENSES := $(GOBIN)/go-licenses-v1.5.0 $(GO_LICENSES): $(BINGO_DIR)/go-licenses.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/go-licenses-v1.5.0" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=go-licenses.mod -o=$(GOBIN)/go-licenses-v1.5.0 "github.com/google/go-licenses" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=go-licenses.mod -o=$(GOBIN)/go-licenses-v1.5.0 "github.com/google/go-licenses" GOLANGCI_LINT := $(GOBIN)/golangci-lint-v1.64.6 $(GOLANGCI_LINT): $(BINGO_DIR)/golangci-lint.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/golangci-lint-v1.64.6" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=golangci-lint.mod -o=$(GOBIN)/golangci-lint-v1.64.6 "github.com/golangci/golangci-lint/cmd/golangci-lint" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=golangci-lint.mod -o=$(GOBIN)/golangci-lint-v1.64.6 "github.com/golangci/golangci-lint/cmd/golangci-lint" -GOVULNCHECK := $(GOBIN)/govulncheck-v1.0.1 +GOVULNCHECK := $(GOBIN)/govulncheck-v1.1.4 $(GOVULNCHECK): $(BINGO_DIR)/govulncheck.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. - @echo "(re)installing $(GOBIN)/govulncheck-v1.0.1" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=govulncheck.mod -o=$(GOBIN)/govulncheck-v1.0.1 "golang.org/x/vuln/cmd/govulncheck" + @echo "(re)installing $(GOBIN)/govulncheck-v1.1.4" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=govulncheck.mod -o=$(GOBIN)/govulncheck-v1.1.4 "golang.org/x/vuln/cmd/govulncheck" -MOCKERY := $(GOBIN)/mockery-v2.52.3 +MOCKERY := $(GOBIN)/mockery-v2.53.5 $(MOCKERY): $(BINGO_DIR)/mockery.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. - @echo "(re)installing $(GOBIN)/mockery-v2.52.3" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=mockery.mod -o=$(GOBIN)/mockery-v2.52.3 "github.com/vektra/mockery/v2" + @echo "(re)installing $(GOBIN)/mockery-v2.53.5" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=mockery.mod -o=$(GOBIN)/mockery-v2.53.5 "github.com/vektra/mockery/v2" PIGEON := $(GOBIN)/pigeon-v1.2.1 $(PIGEON): $(BINGO_DIR)/pigeon.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/pigeon-v1.2.1" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=pigeon.mod -o=$(GOBIN)/pigeon-v1.2.1 "github.com/mna/pigeon" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=pigeon.mod -o=$(GOBIN)/pigeon-v1.2.1 "github.com/mna/pigeon" PROTOC_GEN_DOC := $(GOBIN)/protoc-gen-doc-v1.5.1 $(PROTOC_GEN_DOC): $(BINGO_DIR)/protoc-gen-doc.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/protoc-gen-doc-v1.5.1" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=protoc-gen-doc.mod -o=$(GOBIN)/protoc-gen-doc-v1.5.1 "github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=protoc-gen-doc.mod -o=$(GOBIN)/protoc-gen-doc-v1.5.1 "github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc" PROTOC_GEN_GO := $(GOBIN)/protoc-gen-go-v1.28.1 $(PROTOC_GEN_GO): $(BINGO_DIR)/protoc-gen-go.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/protoc-gen-go-v1.28.1" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=protoc-gen-go.mod -o=$(GOBIN)/protoc-gen-go-v1.28.1 "google.golang.org/protobuf/cmd/protoc-gen-go" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=protoc-gen-go.mod -o=$(GOBIN)/protoc-gen-go-v1.28.1 "google.golang.org/protobuf/cmd/protoc-gen-go" PROTOC_GEN_MICRO := $(GOBIN)/protoc-gen-micro-v1.0.0 $(PROTOC_GEN_MICRO): $(BINGO_DIR)/protoc-gen-micro.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/protoc-gen-micro-v1.0.0" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=protoc-gen-micro.mod -o=$(GOBIN)/protoc-gen-micro-v1.0.0 "github.com/go-micro/generator/cmd/protoc-gen-micro" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=protoc-gen-micro.mod -o=$(GOBIN)/protoc-gen-micro-v1.0.0 "github.com/go-micro/generator/cmd/protoc-gen-micro" PROTOC_GEN_MICROWEB := $(GOBIN)/protoc-gen-microweb-v0.0.0-20250812083720-c9765347567d $(PROTOC_GEN_MICROWEB): $(BINGO_DIR)/protoc-gen-microweb.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/protoc-gen-microweb-v0.0.0-20250812083720-c9765347567d" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=protoc-gen-microweb.mod -o=$(GOBIN)/protoc-gen-microweb-v0.0.0-20250812083720-c9765347567d "github.com/owncloud/protoc-gen-microweb" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=protoc-gen-microweb.mod -o=$(GOBIN)/protoc-gen-microweb-v0.0.0-20250812083720-c9765347567d "github.com/owncloud/protoc-gen-microweb" PROTOC_GEN_OPENAPIV2 := $(GOBIN)/protoc-gen-openapiv2-v2.13.0 $(PROTOC_GEN_OPENAPIV2): $(BINGO_DIR)/protoc-gen-openapiv2.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/protoc-gen-openapiv2-v2.13.0" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=protoc-gen-openapiv2.mod -o=$(GOBIN)/protoc-gen-openapiv2-v2.13.0 "github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=protoc-gen-openapiv2.mod -o=$(GOBIN)/protoc-gen-openapiv2-v2.13.0 "github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2" PROTOC_GO_INJECT_TAG := $(GOBIN)/protoc-go-inject-tag-v1.4.0 $(PROTOC_GO_INJECT_TAG): $(BINGO_DIR)/protoc-go-inject-tag.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/protoc-go-inject-tag-v1.4.0" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=protoc-go-inject-tag.mod -o=$(GOBIN)/protoc-go-inject-tag-v1.4.0 "github.com/favadi/protoc-go-inject-tag" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=protoc-go-inject-tag.mod -o=$(GOBIN)/protoc-go-inject-tag-v1.4.0 "github.com/favadi/protoc-go-inject-tag" REFLEX := $(GOBIN)/reflex-v0.3.1 $(REFLEX): $(BINGO_DIR)/reflex.mod @# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies. @echo "(re)installing $(GOBIN)/reflex-v0.3.1" - @cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=reflex.mod -o=$(GOBIN)/reflex-v0.3.1 "github.com/cespare/reflex" + @cd $(BINGO_DIR) && GOWORK=off GOOS=$(GOHOSTOS) GOARCH=$(GOHOSTARCH) GOARM=$(GOHOSTARM) $(GO) build -mod=mod -modfile=reflex.mod -o=$(GOBIN)/reflex-v0.3.1 "github.com/cespare/reflex" diff --git a/.bingo/bingo.mod b/.bingo/bingo.mod index e9bf4cf98b4..8888b1e841b 100644 --- a/.bingo/bingo.mod +++ b/.bingo/bingo.mod @@ -1,5 +1,5 @@ module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT -go 1.17 +go 1.24.9 -require github.com/bwplotka/bingo v0.9.0 +require github.com/bwplotka/bingo v0.10.0 diff --git a/.bingo/bingo.sum b/.bingo/bingo.sum index 90a2d8c6bea..d326102f7b0 100644 --- a/.bingo/bingo.sum +++ b/.bingo/bingo.sum @@ -10,7 +10,10 @@ github.com/bwplotka/bingo v0.8.0 h1:Cx9eQb+ed9aU7sbrmZagomKx+wYor9y5z5HM91bvp1U= github.com/bwplotka/bingo v0.8.0/go.mod h1:eXPFwhZ92mmOUBk6F7aKcAJoq8HX88Ju3wLZKwtNKEw= github.com/bwplotka/bingo v0.9.0 h1:slnsdJYExR4iRalHR6/ZiYnr9vSazOuFGmc2LdX293g= github.com/bwplotka/bingo v0.9.0/go.mod h1:GxC/y/xbmOK5P29cn+B3HuOSw0s2gruddT3r+rDizDw= +github.com/bwplotka/bingo v0.10.0 h1:NhodmVTA5T6prv7ZDRbr8wMOKlUE14GsKBaKlioBd58= +github.com/bwplotka/bingo v0.10.0/go.mod h1:dFsm4aLJesa7lAhddUS0yLuuCKeM5n+GIPT7K9yycu4= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.15/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= @@ -18,6 +21,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/efficientgo/core v1.0.0-rc.0 h1:jJoA0N+C4/knWYVZ6GrdHOtDyrg8Y/TR4vFpTaqTsqs= github.com/efficientgo/core v1.0.0-rc.0/go.mod h1:kQa0V74HNYMfuJH6jiPiwNdpWXl4xd/K4tzlrcvYDQI= +github.com/efficientgo/core v1.0.0-rc.3 h1:X6CdgycYWDcbYiJr1H1+lQGzx13o7bq3EUkbB9DsSPc= +github.com/efficientgo/core v1.0.0-rc.3/go.mod h1:FfGdkzWarkuzOlY04VY+bGfb1lWrjaL6x/GLcQ4vJps= github.com/efficientgo/tools/core v0.0.0-20210201220623-8118984754c2 h1:GD19G/vhEa8amDJDBYcTaFXZjxKed67Ev0ZFPHdd/LQ= github.com/efficientgo/tools/core v0.0.0-20210201220623-8118984754c2/go.mod h1:cFZoHUhKg31xkPnPjhPKFtevnx0Xcg67ptBRxbpaxtk= github.com/efficientgo/tools/core v0.0.0-20220225185207-fe763185946b h1:ZHiD4/yE4idlbqvAO6iYCOYRzOMRpxkW+FKasRA3tsQ= @@ -29,6 +34,8 @@ github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWU github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= @@ -49,8 +56,13 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= +github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= +github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= +github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -64,6 +76,8 @@ golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= +golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -85,6 +99,8 @@ golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f h1:rlezHXNlxYWvBCzNses9Dlc7n golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= +golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20191110171634-ad39bd3f0407 h1:5zh5atpUEdIc478E/ebrIaHLKcfVvG6dL/fGv7BcMoM= golang.org/x/term v0.0.0-20191110171634-ad39bd3f0407/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20210916214954-140adaaadfaf/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -92,6 +108,8 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= +golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -108,6 +126,7 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= mvdan.cc/editorconfig v0.1.1-0.20200121172147-e40951bde157/go.mod h1:Ge4atmRUYqueGppvJ7JNrtqpqokoJEFxYbP0Z+WeKS8= mvdan.cc/editorconfig v0.2.0/go.mod h1:lvnnD3BNdBYkhq+B4uBuFFKatfp02eB6HixDvEz91C0= mvdan.cc/sh/v3 v3.2.4 h1:+fZaWcXWRjYAvqzEKoDhDM3DkxdDUykU2iw0VMKFe9s= @@ -116,3 +135,5 @@ mvdan.cc/sh/v3 v3.4.3 h1:zbuKH7YH9cqU6PGajhFFXZY7dhPXcDr55iN/cUAqpuw= mvdan.cc/sh/v3 v3.4.3/go.mod h1:p/tqPPI4Epfk2rICAe2RoaNd8HBSJ8t9Y2DA9yQlbzY= mvdan.cc/sh/v3 v3.7.0 h1:lSTjdP/1xsddtaKfGg7Myu7DnlHItd3/M2tomOcNNBg= mvdan.cc/sh/v3 v3.7.0/go.mod h1:K2gwkaesF/D7av7Kxl0HbF5kGOd2ArupNTX3X44+8l8= +mvdan.cc/sh/v3 v3.12.0 h1:ejKUR7ONP5bb+UGHGEG/k9V5+pRVIyD+LsZz7o8KHrI= +mvdan.cc/sh/v3 v3.12.0/go.mod h1:Se6Cj17eYSn+sNooLZiEUnNNmNxg0imoYlTu4CyaGyg= diff --git a/.bingo/govulncheck.mod b/.bingo/govulncheck.mod index d9807763afd..56d09470b84 100644 --- a/.bingo/govulncheck.mod +++ b/.bingo/govulncheck.mod @@ -1,5 +1,5 @@ module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT -go 1.21.4 +go 1.22.0 -require golang.org/x/vuln v1.0.1 // cmd/govulncheck +require golang.org/x/vuln v1.1.4 // cmd/govulncheck diff --git a/.bingo/govulncheck.sum b/.bingo/govulncheck.sum index 9203aa1391c..492245910e6 100644 --- a/.bingo/govulncheck.sum +++ b/.bingo/govulncheck.sum @@ -1,10 +1,22 @@ golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0= +golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E= golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= +golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE= +golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588= golang.org/x/vuln v1.0.1 h1:KUas02EjQK5LTuIx1OylBQdKKZ9jeugs+HiqO5HormU= golang.org/x/vuln v1.0.1/go.mod h1:bb2hMwln/tqxg32BNY4CcxHWtHXuYa3SbIBmtsyjxtM= +golang.org/x/vuln v1.1.4 h1:Ju8QsuyhX3Hk8ma3CesTbO8vfJD9EvUBgHvkxHBzj0I= +golang.org/x/vuln v1.1.4/go.mod h1:F+45wmU18ym/ca5PLTPLsSzr2KppzswxPP603ldA67s= diff --git a/.bingo/mockery.mod b/.bingo/mockery.mod index d32150d95c7..0084da7431a 100644 --- a/.bingo/mockery.mod +++ b/.bingo/mockery.mod @@ -4,4 +4,4 @@ go 1.24 toolchain go1.24.0 -require github.com/vektra/mockery/v2 v2.52.3 +require github.com/vektra/mockery/v2 v2.53.5 diff --git a/.bingo/mockery.sum b/.bingo/mockery.sum index 49d24c165bf..adb5a7917d5 100644 --- a/.bingo/mockery.sum +++ b/.bingo/mockery.sum @@ -67,6 +67,8 @@ github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss= +github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -212,6 +214,8 @@ github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU= github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA= github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= +github.com/spf13/viper v1.20.0 h1:zrxIyR3RQIOsarIrgL8+sAvALXul9jeEPa06Y0Ph6vY= +github.com/spf13/viper v1.20.0/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -234,6 +238,8 @@ github.com/vektra/mockery/v2 v2.43.2 h1:OdivAsQL/uoQ55UnTt25tliRI8kaj5j6caHk9xaA github.com/vektra/mockery/v2 v2.43.2/go.mod h1:XNTE9RIu3deGAGQRVjP1VZxGpQNm0YedZx4oDs3prr8= github.com/vektra/mockery/v2 v2.52.3 h1:lInrh+OuJu3dY/UPFvdFmJ/lsscEnUFrTmagcRJKoWU= github.com/vektra/mockery/v2 v2.52.3/go.mod h1:zGDY/f6bip0Yh13GQ5j7xa43fuEoYBa4ICHEaihisHw= +github.com/vektra/mockery/v2 v2.53.5 h1:iktAY68pNiMvLoHxKqlSNSv/1py0QF/17UGrrAMYDI8= +github.com/vektra/mockery/v2 v2.53.5/go.mod h1:hIFFb3CvzPdDJJiU7J4zLRblUMv7OuezWsHPmswriwo= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/.bingo/variables.env b/.bingo/variables.env index 619d1f4ea83..be5dd9d44b4 100644 --- a/.bingo/variables.env +++ b/.bingo/variables.env @@ -1,4 +1,4 @@ -# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.9. DO NOT EDIT. +# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.10. DO NOT EDIT. # All tools are designed to be build inside $GOBIN. # Those variables will work only until 'bingo get' was invoked, or if tools were installed via Makefile's Variables.mk. GOBIN=${GOBIN:=$(go env GOBIN)} @@ -8,7 +8,7 @@ if [ -z "$GOBIN" ]; then fi -BINGO="${GOBIN}/bingo-v0.9.0" +BINGO="${GOBIN}/bingo-v0.10.0" BUF="${GOBIN}/buf-v1.39.0" @@ -20,9 +20,9 @@ GO_LICENSES="${GOBIN}/go-licenses-v1.5.0" GOLANGCI_LINT="${GOBIN}/golangci-lint-v1.64.6" -GOVULNCHECK="${GOBIN}/govulncheck-v1.0.1" +GOVULNCHECK="${GOBIN}/govulncheck-v1.1.4" -MOCKERY="${GOBIN}/mockery-v2.52.3" +MOCKERY="${GOBIN}/mockery-v2.53.5" PIGEON="${GOBIN}/pigeon-v1.2.1" diff --git a/.drone.star b/.drone.star index 36b7422dd3d..ee6ed3a00dd 100644 --- a/.drone.star +++ b/.drone.star @@ -19,7 +19,7 @@ OC_CI_BAZEL_BUILDIFIER = "owncloudci/bazel-buildifier:latest" OC_CI_CLAMAVD = "owncloudci/clamavd" OC_CI_DRONE_ANSIBLE = "owncloudci/drone-ansible:latest" OC_CI_DRONE_SKIP_PIPELINE = "owncloudci/drone-skip-pipeline" -OC_CI_GOLANG = "owncloudci/golang:1.24" +OC_CI_GOLANG = "owncloudci/golang:1.25" OC_CI_NODEJS = "owncloudci/nodejs:%s" OC_CI_PHP = "owncloudci/php:%s" OC_CI_WAIT_FOR = "owncloudci/wait-for:latest" @@ -3855,7 +3855,7 @@ def prepareOcisDeployment(): return [{ "name": "prepare-ocis-deployment", - "image": "owncloudci/golang:latest", + "image": "owncloudci/golang:1.25", "commands": commands, "volumes": [ { @@ -3887,7 +3887,7 @@ def setupOcisConfigMaps(): def deployOcis(): return [{ "name": "deploy-ocis", - "image": "owncloudci/golang:latest", + "image": "owncloudci/golang:1.25", "commands": [ "export KUBECONFIG=%s/kubeconfig-$${DRONE_BUILD_NUMBER}.yaml" % dirs["base"], "cd %s/ocis-charts" % dirs["base"], diff --git a/Dockerfile b/Dockerfile index 84d742b828e..f9363417afa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,7 +28,7 @@ COPY --from=generate /ocis /ocis WORKDIR /ocis/ocis RUN make ci-go-generate build ENABLE_VIPS=true -FROM alpine:3.23 +FROM alpine:3.23.3 RUN apk add --no-cache attr ca-certificates curl mailcap tree vips && \ echo 'hosts: files dns' >| /etc/nsswitch.conf diff --git a/README.md b/README.md index 35e1179a815..15ef8058263 100644 --- a/README.md +++ b/README.md @@ -108,7 +108,7 @@ See the [Install Infinite Scale on a Server](https://doc.owncloud.com/ocis/next/ Use this method to build and run an instance with the latest code. This is only recommended for development purposes. -The minimum go version required is `1.24`.\ +The minimum go version required is `1.25.7`.\ Note that you need a C compile environment installed as a prerequisite because some dependencies, like reva, have components that require C-Go libraries and toolchains. The command installing for debian based systems is: `sudo apt install build-essential`. To build and run a local instance with demo users: diff --git a/changelog/unreleased/bump-go-1.25.md b/changelog/unreleased/bump-go-1.25.md new file mode 100644 index 00000000000..96a1e5055f9 --- /dev/null +++ b/changelog/unreleased/bump-go-1.25.md @@ -0,0 +1,5 @@ +Enhancement: Update to go 1.25 + +We have updated go to version 1.25 and alpine to version 3.23.3 + +https://github.com/owncloud/ocis/pull/12011 diff --git a/go.mod b/go.mod index de54ac5c739..fdd609167c2 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/owncloud/ocis/v2 -go 1.24.6 - -toolchain go1.24.9 +go 1.25.7 require ( dario.cat/mergo v1.0.2 @@ -66,7 +64,7 @@ require ( github.com/open-policy-agent/opa v1.12.3 github.com/orcaman/concurrent-map v1.0.0 github.com/owncloud/libre-graph-api-go v1.0.5-0.20260116104114-10074a92be64 - github.com/owncloud/reva/v2 v2.0.0-20260123085534-22a1be2b211e + github.com/owncloud/reva/v2 v2.0.0-20260206095425-032663e2f51a github.com/pkg/errors v0.9.1 github.com/pkg/xattr v0.4.12 github.com/prometheus/client_golang v1.23.2 diff --git a/go.sum b/go.sum index 8ede23e2b69..9ff27c7cfeb 100644 --- a/go.sum +++ b/go.sum @@ -742,8 +742,8 @@ github.com/orcaman/concurrent-map v1.0.0 h1:I/2A2XPCb4IuQWcQhBhSwGfiuybl/J0ev9HD github.com/orcaman/concurrent-map v1.0.0/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI= github.com/owncloud/libre-graph-api-go v1.0.5-0.20260116104114-10074a92be64 h1:z9djjzd+leAy6QZpi8dLy3OVjc/um+1XAGk1SJEvwE8= github.com/owncloud/libre-graph-api-go v1.0.5-0.20260116104114-10074a92be64/go.mod h1:z61VMGAJRtR1nbgXWiNoCkxUXP1B3Je9rMuJbnGd+Og= -github.com/owncloud/reva/v2 v2.0.0-20260123085534-22a1be2b211e h1:SL7kqt9HyZpyeWjb0saiRm1COMPZhQ9w8lUoCHWgm2o= -github.com/owncloud/reva/v2 v2.0.0-20260123085534-22a1be2b211e/go.mod h1:eHbT6pmVlcjdiBeVEYw7exlfJmemMzKBh4R+HFgx9Cc= +github.com/owncloud/reva/v2 v2.0.0-20260206095425-032663e2f51a h1:XvU5fvmqFzs9pT+JAZHR0QHY1KsCemNAJp000QkPqrM= +github.com/owncloud/reva/v2 v2.0.0-20260206095425-032663e2f51a/go.mod h1:ahCZbT/ltp5J8aURUpTOfpA/dLBeTvHaMm772cvj7+U= github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw= github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0= github.com/pablodz/inotifywaitgo v0.0.9 h1:njquRbBU7fuwIe5rEvtaniVBjwWzcpdUVptSgzFqZsw= diff --git a/ocis-pkg/kql/dictionary_gen.go b/ocis-pkg/kql/dictionary_gen.go index 123e5246674..e89a4e86ece 100644 --- a/ocis-pkg/kql/dictionary_gen.go +++ b/ocis-pkg/kql/dictionary_gen.go @@ -2721,7 +2721,7 @@ var ( // errMaxExprCnt is used to signal that the maximum number of // expressions have been parsed. - errMaxExprCnt = errors.New("max number of expressions parsed") + errMaxExprCnt = errors.New("max number of expresssions parsed") ) // Option is a function that can set an option on the parser. It returns diff --git a/ocis-pkg/oidc/mocks/oidc_client.go b/ocis-pkg/oidc/mocks/oidc_client.go index 92230b90280..5de0e304299 100644 --- a/ocis-pkg/oidc/mocks/oidc_client.go +++ b/ocis-pkg/oidc/mocks/oidc_client.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/ocis/docker/Dockerfile.linux.amd64 b/ocis/docker/Dockerfile.linux.amd64 index ae8e63b7251..16ca0e6ea99 100644 --- a/ocis/docker/Dockerfile.linux.amd64 +++ b/ocis/docker/Dockerfile.linux.amd64 @@ -1,4 +1,4 @@ -FROM amd64/alpine:3.23 +FROM amd64/alpine:3.23.3 ARG VERSION="" ARG REVISION="" diff --git a/ocis/docker/Dockerfile.linux.arm64 b/ocis/docker/Dockerfile.linux.arm64 index f40a98fb4f5..b6563be1ac1 100644 --- a/ocis/docker/Dockerfile.linux.arm64 +++ b/ocis/docker/Dockerfile.linux.arm64 @@ -1,4 +1,4 @@ -FROM arm64v8/alpine:3.23 +FROM arm64v8/alpine:3.23.3 ARG VERSION="" ARG REVISION="" diff --git a/services/graph/mocks/base_graph_provider.go b/services/graph/mocks/base_graph_provider.go index ba8fe62971a..f27396252f6 100644 --- a/services/graph/mocks/base_graph_provider.go +++ b/services/graph/mocks/base_graph_provider.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/graph/mocks/drive_item_permissions_provider.go b/services/graph/mocks/drive_item_permissions_provider.go index 54687a9274b..fbe45f41844 100644 --- a/services/graph/mocks/drive_item_permissions_provider.go +++ b/services/graph/mocks/drive_item_permissions_provider.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/graph/mocks/drives_drive_item_provider.go b/services/graph/mocks/drives_drive_item_provider.go index 41702d95481..a1a90eedf5f 100644 --- a/services/graph/mocks/drives_drive_item_provider.go +++ b/services/graph/mocks/drives_drive_item_provider.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/graph/mocks/gateway_selector.go b/services/graph/mocks/gateway_selector.go index de51afa0a7e..9bdfe19f829 100644 --- a/services/graph/mocks/gateway_selector.go +++ b/services/graph/mocks/gateway_selector.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/graph/mocks/http_client.go b/services/graph/mocks/http_client.go index 328cb3c6f16..7d436764748 100644 --- a/services/graph/mocks/http_client.go +++ b/services/graph/mocks/http_client.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/graph/mocks/permissions.go b/services/graph/mocks/permissions.go index 66f49ccfde3..3ce71d46f39 100644 --- a/services/graph/mocks/permissions.go +++ b/services/graph/mocks/permissions.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/graph/mocks/role_service.go b/services/graph/mocks/role_service.go index 5ed64ee2a2d..67e5fa44877 100644 --- a/services/graph/mocks/role_service.go +++ b/services/graph/mocks/role_service.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/graph/pkg/identity/mocks/backend.go b/services/graph/pkg/identity/mocks/backend.go index 168e2a14b86..e07e116fcac 100644 --- a/services/graph/pkg/identity/mocks/backend.go +++ b/services/graph/pkg/identity/mocks/backend.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/graph/pkg/identity/mocks/education_backend.go b/services/graph/pkg/identity/mocks/education_backend.go index 3af2ceba915..ba0f1e4af1c 100644 --- a/services/graph/pkg/identity/mocks/education_backend.go +++ b/services/graph/pkg/identity/mocks/education_backend.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/graph/pkg/identity/mocks/ldapclient.go b/services/graph/pkg/identity/mocks/ldapclient.go index 278eb9358c8..9ec6a940998 100644 --- a/services/graph/pkg/identity/mocks/ldapclient.go +++ b/services/graph/pkg/identity/mocks/ldapclient.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/invitations/pkg/backends/keycloak/mocks/client.go b/services/invitations/pkg/backends/keycloak/mocks/client.go index ef06f7b120f..2a958e4ce22 100644 --- a/services/invitations/pkg/backends/keycloak/mocks/client.go +++ b/services/invitations/pkg/backends/keycloak/mocks/client.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/proxy/pkg/user/backend/mocks/user_backend.go b/services/proxy/pkg/user/backend/mocks/user_backend.go index d5079bf5a4e..e9ef67099f1 100644 --- a/services/proxy/pkg/user/backend/mocks/user_backend.go +++ b/services/proxy/pkg/user/backend/mocks/user_backend.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/proxy/pkg/userroles/mocks/user_role_assigner.go b/services/proxy/pkg/userroles/mocks/user_role_assigner.go index d234d5fdc0d..03aa1a27800 100644 --- a/services/proxy/pkg/userroles/mocks/user_role_assigner.go +++ b/services/proxy/pkg/userroles/mocks/user_role_assigner.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/search/pkg/content/mocks/extractor.go b/services/search/pkg/content/mocks/extractor.go index 15130dc2349..956bd8ce9ec 100644 --- a/services/search/pkg/content/mocks/extractor.go +++ b/services/search/pkg/content/mocks/extractor.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/search/pkg/content/mocks/retriever.go b/services/search/pkg/content/mocks/retriever.go index 5ef44cf0d0d..ac0a33e3d4e 100644 --- a/services/search/pkg/content/mocks/retriever.go +++ b/services/search/pkg/content/mocks/retriever.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/search/pkg/engine/mocks/engine.go b/services/search/pkg/engine/mocks/engine.go index b9190c27b9f..35d7fbe5fbb 100644 --- a/services/search/pkg/engine/mocks/engine.go +++ b/services/search/pkg/engine/mocks/engine.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/search/pkg/search/mocks/searcher.go b/services/search/pkg/search/mocks/searcher.go index 2e699f692ab..15a82d2477e 100644 --- a/services/search/pkg/search/mocks/searcher.go +++ b/services/search/pkg/search/mocks/searcher.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/services/settings/pkg/settings/mocks/manager.go b/services/settings/pkg/settings/mocks/manager.go index f4f2c11c805..c4f9759d4cc 100644 --- a/services/settings/pkg/settings/mocks/manager.go +++ b/services/settings/pkg/settings/mocks/manager.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.52.3. DO NOT EDIT. +// Code generated by mockery v2.53.5. DO NOT EDIT. package mocks diff --git a/tests/ociswrapper/go.mod b/tests/ociswrapper/go.mod index 41536ae820b..d09113b7f86 100644 --- a/tests/ociswrapper/go.mod +++ b/tests/ociswrapper/go.mod @@ -1,6 +1,6 @@ module ociswrapper -go 1.22 +go 1.25 require ( github.com/creack/pty v1.1.24 diff --git a/vendor/github.com/owncloud/reva/v2/internal/grpc/interceptors/auth/scope.go b/vendor/github.com/owncloud/reva/v2/internal/grpc/interceptors/auth/scope.go index d4cfa8e5092..5c252919ef8 100644 --- a/vendor/github.com/owncloud/reva/v2/internal/grpc/interceptors/auth/scope.go +++ b/vendor/github.com/owncloud/reva/v2/internal/grpc/interceptors/auth/scope.go @@ -22,7 +22,6 @@ import ( "context" "fmt" "strings" - "time" appprovider "github.com/cs3org/go-cs3apis/cs3/app/provider/v1beta1" appregistry "github.com/cs3org/go-cs3apis/cs3/app/registry/v1beta1" @@ -41,17 +40,11 @@ import ( "github.com/owncloud/reva/v2/pkg/errtypes" statuspkg "github.com/owncloud/reva/v2/pkg/rgrpc/status" "github.com/owncloud/reva/v2/pkg/rgrpc/todo/pool" - "github.com/owncloud/reva/v2/pkg/storagespace" "github.com/owncloud/reva/v2/pkg/token" "github.com/owncloud/reva/v2/pkg/utils" "google.golang.org/grpc/metadata" ) -const ( - scopeDelimiter = "#" - scopeCacheExpiration = 3600 -) - func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[string]*authpb.Scope, user *userpb.User, gatewayAddr string, mgr token.Manager) error { log := appctx.GetLogger(ctx) client, err := pool.GetGatewayServiceClient(gatewayAddr) @@ -80,10 +73,6 @@ func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[s return nil } - case strings.HasPrefix(k, "lightweight"): - if err = resolveLightweightScope(ctx, ref, tokenScope[k], user, client, mgr); err == nil { - return nil - } case strings.HasPrefix(k, "ocmshare"): if err = resolveOCMShare(ctx, ref, tokenScope[k], client, mgr); err == nil { return nil @@ -91,72 +80,11 @@ func expandAndVerifyScope(ctx context.Context, req interface{}, tokenScope map[s } log.Err(err).Interface("ref", ref).Interface("scope", k).Msg("error resolving reference under scope") } - - } else if ref, ok := extractShareRef(req); ok { - // It's a share ref - // The request might be coming from a share created for a lightweight account - // after the token was minted. - log.Info().Msgf("resolving share reference against received shares to verify token scope %+v", ref.String()) - for k := range tokenScope { - if strings.HasPrefix(k, "lightweight") { - // Check if this ID is cached - key := "lw:" + user.Id.OpaqueId + scopeDelimiter + ref.GetId().OpaqueId - if _, err := scopeExpansionCache.Get(key); err == nil { - return nil - } - - shares, err := client.ListReceivedShares(ctx, &collaboration.ListReceivedSharesRequest{}) - if err != nil || shares.Status.Code != rpc.Code_CODE_OK { - log.Warn().Err(err).Msg("error listing received shares") - continue - } - for _, s := range shares.Shares { - shareKey := "lw:" + user.Id.OpaqueId + scopeDelimiter + s.Share.Id.OpaqueId - _ = scopeExpansionCache.SetWithExpire(shareKey, nil, scopeCacheExpiration*time.Second) - - if ref.GetId() != nil && ref.GetId().OpaqueId == s.Share.Id.OpaqueId { - return nil - } - if key := ref.GetKey(); key != nil && (utils.UserEqual(key.Owner, s.Share.Owner) || utils.UserEqual(key.Owner, s.Share.Creator)) && - utils.ResourceIDEqual(key.ResourceId, s.Share.ResourceId) && utils.GranteeEqual(key.Grantee, s.Share.Grantee) { - return nil - } - } - } - } } return errtypes.PermissionDenied(fmt.Sprintf("access to resource %+v not allowed within the assigned scope", req)) } -func resolveLightweightScope(ctx context.Context, ref *provider.Reference, scope *authpb.Scope, user *userpb.User, client gateway.GatewayAPIClient, mgr token.Manager) error { - // Check if this ref is cached - key := "lw:" + user.Id.OpaqueId + scopeDelimiter + getRefKey(ref) - if _, err := scopeExpansionCache.Get(key); err == nil { - return nil - } - - shares, err := client.ListReceivedShares(ctx, &collaboration.ListReceivedSharesRequest{}) - if err != nil || shares.Status.Code != rpc.Code_CODE_OK { - return errtypes.InternalError("error listing received shares") - } - - for _, share := range shares.Shares { - shareKey := "lw:" + user.Id.OpaqueId + scopeDelimiter + storagespace.FormatResourceID(share.Share.ResourceId) - _ = scopeExpansionCache.SetWithExpire(shareKey, nil, scopeCacheExpiration*time.Second) - - if ref.ResourceId != nil && utils.ResourceIDEqual(share.Share.ResourceId, ref.ResourceId) { - return nil - } - if ok, err := checkIfNestedResource(ctx, ref, share.Share.ResourceId, client, mgr); err == nil && ok { - _ = scopeExpansionCache.SetWithExpire(key, nil, scopeCacheExpiration*time.Second) - return nil - } - } - - return errtypes.PermissionDenied("request is not for a nested resource") -} - func resolvePublicShare(ctx context.Context, ref *provider.Reference, scope *authpb.Scope, client gateway.GatewayAPIClient, mgr token.Manager) error { var share link.PublicShare err := utils.UnmarshalJSONToProtoV1(scope.Resource.Value, &share) @@ -164,13 +92,7 @@ func resolvePublicShare(ctx context.Context, ref *provider.Reference, scope *aut return err } - if err := checkCacheForNestedResource(ctx, ref, share.ResourceId, client, mgr); err == nil { - return nil - } - - // Some services like wopi don't access the shared resource relative to the - // share root but instead relative to the shared resources parent. - return checkRelativeReference(ctx, ref, share.ResourceId, client) + return checkIfNestedResource(ctx, ref, share.ResourceId, client, mgr) } func resolveOCMShare(ctx context.Context, ref *provider.Reference, scope *authpb.Scope, client gateway.GatewayAPIClient, mgr token.Manager) error { @@ -184,54 +106,7 @@ func resolveOCMShare(ctx context.Context, ref *provider.Reference, scope *authpb ref.ResourceId = share.GetResourceId() } - if err := checkCacheForNestedResource(ctx, ref, share.ResourceId, client, mgr); err == nil { - return nil - } - - // Some services like wopi don't access the shared resource relative to the - // share root but instead relative to the shared resources parent. - return checkRelativeReference(ctx, ref, share.ResourceId, client) -} - -// checkRelativeReference checks if the shared resource is being accessed via a relative reference -// e.g.: -// storage: abcd, space: efgh -// /root (id: efgh) -// - New file.txt (id: ijkl) <- shared resource -// -// If the requested reference looks like this: -// Reference{ResourceId: {StorageId: "abcd", SpaceId: "efgh"}, Path: "./New file.txt"} -// then the request is considered relative and this function would return true. -// Only references which are relative to the immediate parent of a resource are considered valid. -func checkRelativeReference(ctx context.Context, requested *provider.Reference, sharedResourceID *provider.ResourceId, client gateway.GatewayAPIClient) error { - sRes, err := client.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: sharedResourceID}}) - if err != nil { - return err - } - if sRes.Status.Code != rpc.Code_CODE_OK { - return statuspkg.NewErrorFromCode(sRes.Status.Code, "auth interceptor") - } - - sharedResource := sRes.Info - - // Is this a shared space - if sharedResource.ParentId == nil { - // Is the requested resource part of the shared space? - if requested.ResourceId.StorageId != sharedResource.Id.StorageId || requested.ResourceId.SpaceId != sharedResource.Id.SpaceId { - return errtypes.PermissionDenied("space access forbidden via public link") - } - } else { - parentID := sharedResource.ParentId - parentID.StorageId = sharedResource.Id.StorageId - - if !utils.ResourceIDEqual(parentID, requested.ResourceId) && utils.MakeRelativePath(sharedResource.Path) != requested.Path { - return errtypes.PermissionDenied("access forbidden via public link") - } - } - - key := storagespace.FormatResourceID(sharedResourceID) + scopeDelimiter + getRefKey(requested) - _ = scopeExpansionCache.SetWithExpire(key, nil, scopeCacheExpiration*time.Second) - return nil + return checkIfNestedResource(ctx, ref, share.ResourceId, client, mgr) } func resolveUserShare(ctx context.Context, ref *provider.Reference, scope *authpb.Scope, client gateway.GatewayAPIClient, mgr token.Manager) error { @@ -241,105 +116,99 @@ func resolveUserShare(ctx context.Context, ref *provider.Reference, scope *authp return err } - return checkCacheForNestedResource(ctx, ref, share.ResourceId, client, mgr) + return checkIfNestedResource(ctx, ref, share.ResourceId, client, mgr) } -func checkCacheForNestedResource(ctx context.Context, ref *provider.Reference, resource *provider.ResourceId, client gateway.GatewayAPIClient, mgr token.Manager) error { - // Check if this ref is cached - key := storagespace.FormatResourceID(resource) + scopeDelimiter + getRefKey(ref) - if _, err := scopeExpansionCache.Get(key); err == nil { - return nil - } - - if ok, err := checkIfNestedResource(ctx, ref, resource, client, mgr); err == nil && ok { - _ = scopeExpansionCache.SetWithExpire(key, nil, scopeCacheExpiration*time.Second) - return nil - } - - return errtypes.PermissionDenied("request is not for a nested resource") -} - -func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent *provider.ResourceId, client gateway.GatewayAPIClient, mgr token.Manager) (bool, error) { +func checkIfNestedResource(ctx context.Context, ref *provider.Reference, shareRoot *provider.ResourceId, client gateway.GatewayAPIClient, mgr token.Manager) error { // Since the resource ID is obtained from the scope, the current token // has access to it. - statResponse, err := client.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: parent}}) + rootStat, err := client.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: shareRoot}}) if err != nil { - return false, err + return err } - if statResponse.GetStatus().GetCode() != rpc.Code_CODE_OK { - return false, statuspkg.NewErrorFromCode(statResponse.Status.Code, "auth interceptor") + if rootStat.GetStatus().GetCode() != rpc.Code_CODE_OK { + return statuspkg.NewErrorFromCode(rootStat.Status.Code, "auth interceptor") } - pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: statResponse.GetInfo().GetId()}) - if err != nil { - return false, err - } - if pathResp.Status.Code != rpc.Code_CODE_OK { - return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor") - } - parentPath := pathResp.Path + rootInfo := rootStat.GetInfo() - childPath := ref.GetPath() - if childPath != "" && childPath != "." && strings.HasPrefix(childPath, parentPath) { - // if the request is relative from the root, we can return directly - return true, nil - } - - // The request is not relative to the root. We need to find out if the requested resource is child of the `parent` (coming from token scope) + // We need to find out if the requested resource is a child of the `shareRoot` (coming from token scope) // We mint a token as the owner of the public share and try to stat the reference - // TODO(ishank011): We need to find a better alternative to this - // NOTE: did somebody say service accounts? ... var user *userpb.User - if statResponse.GetInfo().GetOwner().GetType() == userpb.UserType_USER_TYPE_SPACE_OWNER { + if rootInfo.GetOwner().GetType() == userpb.UserType_USER_TYPE_SPACE_OWNER { // fake a space owner user user = &userpb.User{ - Id: statResponse.GetInfo().GetOwner(), + Id: rootInfo.GetOwner(), } } else { - userResp, err := client.GetUser(ctx, &userpb.GetUserRequest{UserId: statResponse.Info.Owner, SkipFetchingUserGroups: true}) + userResp, err := client.GetUser(ctx, &userpb.GetUserRequest{UserId: rootInfo.GetOwner(), SkipFetchingUserGroups: true}) if err != nil || userResp.Status.Code != rpc.Code_CODE_OK { - return false, err + return err } user = userResp.User } scope, err := scope.AddOwnerScope(map[string]*authpb.Scope{}) if err != nil { - return false, err + return err } token, err := mgr.MintToken(ctx, user, scope) if err != nil { - return false, err + return err } ctx = metadata.AppendToOutgoingContext(context.Background(), ctxpkg.TokenHeader, token) - childStat, err := client.Stat(ctx, &provider.StatRequest{Ref: ref}) + resourceStat, err := client.Stat(ctx, &provider.StatRequest{Ref: ref}) if err != nil { - return false, err + return err } - if childStat.GetStatus().GetCode() == rpc.Code_CODE_NOT_FOUND && ref.GetPath() != "" && ref.GetPath() != "." { + if resourceStat.GetStatus().GetCode() == rpc.Code_CODE_NOT_FOUND && ref.GetPath() != "" && ref.GetPath() != "." { // The resource does not seem to exist (yet?). We might be part of an initiate upload request. // Stat the parent to get its path and check that against the root path. - childStat, err = client.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: ref.GetResourceId()}}) + resourceStat, err = client.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: ref.GetResourceId()}}) if err != nil { - return false, err + return err } } - if childStat.GetStatus().GetCode() != rpc.Code_CODE_OK { - return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor") + if resourceStat.GetStatus().GetCode() != rpc.Code_CODE_OK { + return statuspkg.NewErrorFromCode(resourceStat.Status.Code, "auth interceptor") } - pathResp, err = client.GetPath(ctx, &provider.GetPathRequest{ResourceId: childStat.GetInfo().GetId()}) + + // Check if the resource and the share root are in the same storage space + ci := resourceStat.GetInfo() + if ci.GetId().GetStorageId() != rootInfo.GetId().GetStorageId() || + ci.GetId().GetSpaceId() != rootInfo.GetId().GetSpaceId() { + return errtypes.PermissionDenied("invalid resource") + } + + // check if the resource path is subpath of the share root path + rootPath, err := getPath(ctx, rootStat.GetInfo().GetId(), client) if err != nil { - return false, err + return err } - if pathResp.GetStatus().GetCode() != rpc.Code_CODE_OK { - return false, statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor") + + resourcePath, err := getPath(ctx, resourceStat.GetInfo().GetId(), client) + if err != nil { + return err } - childPath = pathResp.Path - return strings.HasPrefix(childPath, parentPath), nil + if rootPath == "/" || resourcePath == rootPath || strings.HasPrefix(resourcePath, rootPath+"/") { + return nil + } + return errtypes.PermissionDenied("invalid resource") +} + +func getPath(ctx context.Context, resourceId *provider.ResourceId, client gateway.GatewayAPIClient) (string, error) { + pathResp, err := client.GetPath(ctx, &provider.GetPathRequest{ResourceId: resourceId}) + if err != nil { + return "", err + } + if pathResp.Status.Code != rpc.Code_CODE_OK { + return "", statuspkg.NewErrorFromCode(pathResp.Status.Code, "auth interceptor") + } + return pathResp.Path, nil } func extractRefFromListProvidersReq(v *registry.ListStorageProvidersRequest) (*provider.Reference, bool) { @@ -503,27 +372,3 @@ func extractRef(req interface{}, tokenScope map[string]*authpb.Scope) (*provider return nil, false } - -func extractShareRef(req interface{}) (*collaboration.ShareReference, bool) { - switch v := req.(type) { - case *collaboration.GetReceivedShareRequest: - return v.GetRef(), true - case *collaboration.UpdateReceivedShareRequest: - return &collaboration.ShareReference{Spec: &collaboration.ShareReference_Id{Id: v.GetShare().GetShare().GetId()}}, true - } - return nil, false -} - -func getRefKey(ref *provider.Reference) string { - if ref.GetPath() != "" { - return ref.Path - } - - if ref.GetResourceId() != nil { - return storagespace.FormatResourceID(ref.ResourceId) - } - - // on malicious request both path and rid could be empty - // we still should not panic - return "" -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 9f1bc78989a..90afb5d782b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1313,7 +1313,7 @@ github.com/orcaman/concurrent-map # github.com/owncloud/libre-graph-api-go v1.0.5-0.20260116104114-10074a92be64 ## explicit; go 1.18 github.com/owncloud/libre-graph-api-go -# github.com/owncloud/reva/v2 v2.0.0-20260123085534-22a1be2b211e +# github.com/owncloud/reva/v2 v2.0.0-20260206095425-032663e2f51a ## explicit; go 1.24.0 github.com/owncloud/reva/v2/cmd/revad/internal/grace github.com/owncloud/reva/v2/cmd/revad/runtime