Merge branch 'master' into SgtPooki-patch-1

.github/workflows/docker-build.yml

@@ -1,3 +1,4 @@
+# If we decide to run build-image.yml on every PR, we could deprecate this workflow.
 name: Docker Build
 
 on:
@@ -30,3 +31,4 @@ jobs:
           go-version: 1.19.x
       - uses: actions/checkout@v3
       - run: docker build -t $IMAGE_NAME:$WIP_IMAGE_TAG .
+      - run: docker run --rm $IMAGE_NAME:$WIP_IMAGE_TAG --version

.github/workflows/docker-image.yml

@@ -2,6 +2,16 @@ name: Docker Push
 
 on:
   workflow_dispatch:
+    inputs:
+      push:
+        description: 'Push to Docker Hub'
+        required: true
+        default: 'false'
+  # # If we decide to build all images on every PR, we should make sure that
+  # # they are NOT pushed to Docker Hub.
+  # pull_request:
+  #   paths-ignore:
+  #     - '**/*.md'
   push:
     branches:
       - 'master'
@@ -53,15 +63,62 @@ jobs:
           username: ${{ vars.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
-      - name: Build Docker image and publish to Docker Hub
+      # We have to build each platform separately because when using multi-arch
+      # builds, only one platform is being loaded into the cache. This would
+      # prevent us from testing the other platforms.
+      - name: Build Docker image (linux/amd64)
+        uses: docker/build-push-action@v4
+        with:
+          platforms: linux/amd64
+          context: .
+          push: false
+          load: true
+          file: ./Dockerfile
+          tags: ${{ env.IMAGE_NAME }}:linux-amd64
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Build Docker image (linux/arm/v7)
+        uses: docker/build-push-action@v4
+        with:
+          platforms: linux/arm/v7
+          context: .
+          push: false
+          load: true
+          file: ./Dockerfile
+          tags: ${{ env.IMAGE_NAME }}:linux-arm-v7
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Build Docker image (linux/arm64/v8)
+        uses: docker/build-push-action@v4
+        with:
+          platforms: linux/arm64/v8
+          context: .
+          push: false
+          load: true
+          file: ./Dockerfile
+          tags: ${{ env.IMAGE_NAME }}:linux-arm64-v8
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      # We test all the images on amd64 host here. This uses QEMU to emulate
+      # the other platforms.
+      - run: docker run --rm $IMAGE_NAME:linux-amd64 --version
+      - run: docker run --rm $IMAGE_NAME:linux-arm-v7 --version
+      - run: docker run --rm $IMAGE_NAME:linux-arm64-v8 --version
+
+      # This will only push the previously built images.
+      - if: github.event_name != 'workflow_dispatch' || github.event.inputs.push == 'true'
+        name: Publish to Docker Hub
         uses: docker/build-push-action@v4
         with:
           platforms: linux/amd64,linux/arm/v7,linux/arm64/v8
           context: .
           push: true
           file: ./Dockerfile
           tags: "${{ steps.tags.outputs.value }}"
-          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-from: type=local,src=/tmp/.buildx-cache-new
           cache-to: type=local,dest=/tmp/.buildx-cache-new
 
       # https://github.com/docker/build-push-action/issues/252

Dockerfile

@@ -1,16 +1,6 @@
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-buster
-LABEL maintainer="Steven Allen <steven@stebalien.com>"
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.19-buster AS builder
 
-ARG TARGETPLATFORM
-ARG BUILDPLATFORM
-ARG TARGETOS
-ARG TARGETARCH
-
-# Install deps
-RUN apt-get update && apt-get install -y \
-  libssl-dev \
-  ca-certificates \
-  fuse
+ARG TARGETPLATFORM TARGETOS TARGETARCH
 
 ENV SRC_DIR /kubo
 
@@ -31,38 +21,40 @@ RUN cd $SRC_DIR \
   && mkdir -p .git/objects \
   && GOOS=$TARGETOS GOARCH=$TARGETARCH GOFLAGS=-buildvcs=false make build GOTAGS=openssl IPFS_PLUGINS=$IPFS_PLUGINS
 
-# Get su-exec, a very minimal tool for dropping privileges,
-# and tini, a very minimal init daemon for containers
-ENV SUEXEC_VERSION v0.2
-ENV TINI_VERSION v0.19.0
+# Using Debian Buster because the version of busybox we're using is based on it
+# and we want to make sure the libraries we're using are compatible. That's also
+# why we're running this for the target platform.
+FROM debian:buster-slim AS utilities
 RUN set -eux; \
-    dpkgArch="$(dpkg --print-architecture)"; \
-    case "${dpkgArch##*-}" in \
-        "amd64" | "armhf" | "arm64") tiniArch="tini-static-$dpkgArch" ;;\
-        *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \
-    esac; \
-  cd /tmp \
-  && git clone https://github.com/ncopa/su-exec.git \
-  && cd su-exec \
-  && git checkout -q $SUEXEC_VERSION \
-  && make su-exec-static \
-  && cd /tmp \
-  && wget -q -O tini https://github.com/krallin/tini/releases/download/$TINI_VERSION/$tiniArch \
-  && chmod +x tini
+	apt-get update; \
+	apt-get install -y \
+		tini \
+    # Using gosu (~2MB) instead of su-exec (~20KB) because it's easier to
+    # install on Debian. Useful links:
+    # - https://github.com/ncopa/su-exec#why-reinvent-gosu
+    # - https://github.com/tianon/gosu/issues/52#issuecomment-441946745
+		gosu \
+    # This installs fusermount which we later copy over to the target image.
+    fuse \
+    ca-certificates \
+    # This installs libssl.so and libcrypto.so which we later copy over to the
+    # target image. We need these to be able to use the OpenSSL plugin.
+    libssl-dev \
+	; \
+	rm -rf /var/lib/apt/lists/*
 
 # Now comes the actual target image, which aims to be as small as possible.
-FROM --platform=${BUILDPLATFORM:-linux/amd64} busybox:1.31.1-glibc
-LABEL maintainer="Steven Allen <steven@stebalien.com>"
+FROM busybox:1.31.1-glibc
 
 # Get the ipfs binary, entrypoint script, and TLS CAs from the build container.
 ENV SRC_DIR /kubo
-COPY --from=0 $SRC_DIR/cmd/ipfs/ipfs /usr/local/bin/ipfs
-COPY --from=0 $SRC_DIR/bin/container_daemon /usr/local/bin/start_ipfs
-COPY --from=0 $SRC_DIR/bin/container_init_run /usr/local/bin/container_init_run
-COPY --from=0 /tmp/su-exec/su-exec-static /sbin/su-exec
-COPY --from=0 /tmp/tini /sbin/tini
-COPY --from=0 /bin/fusermount /usr/local/bin/fusermount
-COPY --from=0 /etc/ssl/certs /etc/ssl/certs
+COPY --from=builder $SRC_DIR/cmd/ipfs/ipfs /usr/local/bin/ipfs
+COPY --from=builder $SRC_DIR/bin/container_daemon /usr/local/bin/start_ipfs
+COPY --from=builder $SRC_DIR/bin/container_init_run /usr/local/bin/container_init_run
+COPY --from=utilities /usr/sbin/gosu /sbin/gosu
+COPY --from=utilities /usr/bin/tini /sbin/tini
+COPY --from=utilities /bin/fusermount /usr/local/bin/fusermount
+COPY --from=utilities /etc/ssl/certs /etc/ssl/certs
 
 # Add suid bit on fusermount so it will run properly
 RUN chmod 4755 /usr/local/bin/fusermount
@@ -71,11 +63,11 @@ RUN chmod 4755 /usr/local/bin/fusermount
 RUN chmod 0755 /usr/local/bin/start_ipfs
 
 # This shared lib (part of glibc) doesn't seem to be included with busybox.
-COPY --from=0 /lib/*-linux-gnu*/libdl.so.2 /lib/
+COPY --from=utilities /lib/*-linux-gnu*/libdl.so.2 /lib/
 
 # Copy over SSL libraries.
-COPY --from=0 /usr/lib/*-linux-gnu*/libssl.so* /usr/lib/
-COPY --from=0 /usr/lib/*-linux-gnu*/libcrypto.so* /usr/lib/
+COPY --from=utilities /usr/lib/*-linux-gnu*/libssl.so* /usr/lib/
+COPY --from=utilities /usr/lib/*-linux-gnu*/libcrypto.so* /usr/lib/
 
 # Swarm TCP; should be exposed to the public
 EXPOSE 4001

bin/container_daemon

@@ -7,9 +7,9 @@ repo="$IPFS_PATH"
 if [ "$(id -u)" -eq 0 ]; then
   echo "Changing user to $user"
   # ensure folder is writable
-  su-exec "$user" test -w "$repo" || chown -R -- "$user" "$repo"
+  gosu "$user" test -w "$repo" || chown -R -- "$user" "$repo"
   # restart script with new privileges
-  exec su-exec "$user" "$0" "$@"
+  exec gosu "$user" "$0" "$@"
 fi
 
 # 2nd invocation with regular user

core/commands/id.go

@@ -21,18 +21,16 @@ import (
 	"github.com/libp2p/go-libp2p/core/peer"
 	pstore "github.com/libp2p/go-libp2p/core/peerstore"
 	"github.com/libp2p/go-libp2p/core/protocol"
-	"github.com/libp2p/go-libp2p/p2p/protocol/identify"
 )
 
 const offlineIDErrorMessage = "'ipfs id' cannot query information on remote peers without a running daemon; if you only want to convert --peerid-base, pass --offline option"
 
 type IdOutput struct { // nolint
-	ID              string
-	PublicKey       string
-	Addresses       []string
-	AgentVersion    string
-	ProtocolVersion string
-	Protocols       []protocol.ID
+	ID           string
+	PublicKey    string
+	Addresses    []string
+	AgentVersion string
+	Protocols    []protocol.ID
 }
 
 const (
@@ -127,7 +125,6 @@ EXAMPLE:
 				output := format
 				output = strings.Replace(output, "<id>", out.ID, -1)
 				output = strings.Replace(output, "<aver>", out.AgentVersion, -1)
-				output = strings.Replace(output, "<pver>", out.ProtocolVersion, -1)
 				output = strings.Replace(output, "<pubkey>", out.PublicKey, -1)
 				output = strings.Replace(output, "<addrs>", strings.Join(out.Addresses, "\n"), -1)
 				output = strings.Replace(output, "<protocols>", strings.Join(protocol.ConvertToStrings(out.Protocols), "\n"), -1)
@@ -179,11 +176,6 @@ func printPeer(keyEnc ke.KeyEncoder, ps pstore.Peerstore, p peer.ID) (interface{
 	info.Protocols = append(info.Protocols, protocols...)
 	sort.Slice(info.Protocols, func(i, j int) bool { return info.Protocols[i] < info.Protocols[j] })
 
-	if v, err := ps.Get(p, "ProtocolVersion"); err == nil {
-		if vs, ok := v.(string); ok {
-			info.ProtocolVersion = vs
-		}
-	}
 	if v, err := ps.Get(p, "AgentVersion"); err == nil {
 		if vs, ok := v.(string); ok {
 			info.AgentVersion = vs
@@ -217,7 +209,6 @@ func printSelf(keyEnc ke.KeyEncoder, node *core.IpfsNode) (interface{}, error) {
 		info.Protocols = node.PeerHost.Mux().Protocols()
 		sort.Slice(info.Protocols, func(i, j int) bool { return info.Protocols[i] < info.Protocols[j] })
 	}
-	info.ProtocolVersion = identify.DefaultProtocolVersion
 	info.AgentVersion = version.GetUserAgentVersion()
 	return info, nil
 }

core/commands/swarm.go

@@ -490,11 +490,6 @@ func (ci *connInfo) identifyPeer(ps pstore.Peerstore, p peer.ID) (IdOutput, erro
 		sort.Slice(info.Protocols, func(i, j int) bool { return info.Protocols[i] < info.Protocols[j] })
 	}
 
-	if v, err := ps.Get(p, "ProtocolVersion"); err == nil {
-		if vs, ok := v.(string); ok {
-			info.ProtocolVersion = vs
-		}
-	}
 	if v, err := ps.Get(p, "AgentVersion"); err == nil {
 		if vs, ok := v.(string); ok {
 			info.AgentVersion = vs

core/corehttp/gateway.go

@@ -16,13 +16,12 @@ import (
 	"github.com/ipfs/boxo/gateway"
 	"github.com/ipfs/boxo/namesys"
 	offlineroute "github.com/ipfs/boxo/routing/offline"
-	cid "github.com/ipfs/go-cid"
+	"github.com/ipfs/go-cid"
 	version "github.com/ipfs/kubo"
-	config "github.com/ipfs/kubo/config"
-	core "github.com/ipfs/kubo/core"
+	"github.com/ipfs/kubo/config"
+	"github.com/ipfs/kubo/core"
 	"github.com/ipfs/kubo/core/node"
 	"github.com/libp2p/go-libp2p/core/routing"
-	id "github.com/libp2p/go-libp2p/p2p/protocol/identify"
 	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 )
 
@@ -72,7 +71,6 @@ func VersionOption() ServeOption {
 		mux.HandleFunc("/version", func(w http.ResponseWriter, r *http.Request) {
 			fmt.Fprintf(w, "Commit: %s\n", version.CurrentCommit)
 			fmt.Fprintf(w, "Client Version: %s\n", version.GetUserAgentVersion())
-			fmt.Fprintf(w, "Protocol Version: %s\n", id.DefaultProtocolVersion)
 		})
 		return mux, nil
 	}

core/corehttp/gateway_test.go

@@ -9,21 +9,20 @@ import (
 	"strings"
 	"testing"
 
-	namesys "github.com/ipfs/boxo/namesys"
+	"github.com/ipfs/boxo/namesys"
 	version "github.com/ipfs/kubo"
-	core "github.com/ipfs/kubo/core"
+	"github.com/ipfs/kubo/core"
 	"github.com/ipfs/kubo/core/coreapi"
-	repo "github.com/ipfs/kubo/repo"
+	"github.com/ipfs/kubo/repo"
 	"github.com/stretchr/testify/assert"
 
 	iface "github.com/ipfs/boxo/coreiface"
 	nsopts "github.com/ipfs/boxo/coreiface/options/namesys"
-	path "github.com/ipfs/boxo/path"
-	datastore "github.com/ipfs/go-datastore"
+	"github.com/ipfs/boxo/path"
+	"github.com/ipfs/go-datastore"
 	syncds "github.com/ipfs/go-datastore/sync"
-	config "github.com/ipfs/kubo/config"
+	"github.com/ipfs/kubo/config"
 	ci "github.com/libp2p/go-libp2p/core/crypto"
-	id "github.com/libp2p/go-libp2p/p2p/protocol/identify"
 )
 
 type mockNamesys map[string]path.Path
@@ -169,10 +168,6 @@ func TestVersion(t *testing.T) {
 	if !strings.Contains(s, "Client Version: "+version.GetUserAgentVersion()) {
 		t.Fatalf("response doesn't contain client version:\n%s", s)
 	}
-
-	if !strings.Contains(s, "Protocol Version: "+id.DefaultProtocolVersion) {
-		t.Fatalf("response doesn't contain protocol version:\n%s", s)
-	}
 }
 
 func TestDeserializedResponsesInheritance(t *testing.T) {

core/node/libp2p/rcmgr.go

@@ -14,7 +14,6 @@ import (
 	"github.com/libp2p/go-libp2p/core/peer"
 	"github.com/libp2p/go-libp2p/core/protocol"
 	rcmgr "github.com/libp2p/go-libp2p/p2p/host/resource-manager"
-	rcmgrObs "github.com/libp2p/go-libp2p/p2p/host/resource-manager/obs"
 	"github.com/multiformats/go-multiaddr"
 	"go.uber.org/fx"
 
@@ -70,7 +69,7 @@ filled in with autocomputed defaults.`)
 				return nil, opts, err
 			}
 
-			str, err := rcmgrObs.NewStatsTraceReporter()
+			str, err := rcmgr.NewStatsTraceReporter()
 			if err != nil {
 				return nil, opts, err
 			}

core/node/libp2p/relay.go

@@ -37,9 +37,9 @@ func RelayService(enable bool, relayOpts config.RelayService) func() (opts Libp2
 				BufferSize:             int(relayOpts.BufferSize.WithDefault(int64(def.BufferSize))),
 				ReservationTTL:         relayOpts.ReservationTTL.WithDefault(def.ReservationTTL),
 				MaxReservations:        int(relayOpts.MaxReservations.WithDefault(int64(def.MaxReservations))),
-				MaxReservationsPerIP:   int(relayOpts.MaxReservations.WithDefault(int64(def.MaxReservationsPerIP))),
-				MaxReservationsPerPeer: int(relayOpts.MaxReservations.WithDefault(int64(def.MaxReservationsPerPeer))),
-				MaxReservationsPerASN:  int(relayOpts.MaxReservations.WithDefault(int64(def.MaxReservationsPerASN))),
+				MaxReservationsPerIP:   int(relayOpts.MaxReservationsPerIP.WithDefault(int64(def.MaxReservationsPerIP))),
+				MaxReservationsPerPeer: int(relayOpts.MaxReservationsPerPeer.WithDefault(int64(def.MaxReservationsPerPeer))),
+				MaxReservationsPerASN:  int(relayOpts.MaxReservationsPerASN.WithDefault(int64(def.MaxReservationsPerASN))),
 			})))
 		}
 		return

docs/changelogs/v0.21.md

@@ -109,7 +109,7 @@ Rationale can be found in [kubo#9913](https://github.com/ipfs/kubo/pull/9913).
 
 The gateway now supports optional CAR export parameters
 `dag-scope=block|entity|all` and `entity-bytes=from:to` as specified in
-[IPIP-402](https://github.com/ipfs/specs/pull/402).
+[IPIP-402](https://specs.ipfs.tech/ipips/ipip-0402/).
 
 Batch block retrieval minimizes round trips, catering to the requirements of
 light HTTP clients for directory enumeration, range requests, and content path
@@ -144,7 +144,7 @@ By trading some upfront DHT caching and increased memory usage,
 one gets provider throughput improvements up to 6 millions times bigger dataset.
 See [the docs](docs/config.md#routingaccelerateddhtclient) for more info.
 
-The `Experimental.AcceleratedDHTClient` flag moved to `[Routing.AcceleratedDHTClient](docs/config.md#routingaccelerateddhtclient)`.
+The `Experimental.AcceleratedDHTClient` flag moved to [`Routing.AcceleratedDHTClient`](/docs/config.md#routingaccelerateddhtclient).
 A config migration has been added to handle this automatically.
 
 A new tracker estimates the providing speed and warns users if they
@@ -228,7 +228,7 @@ should be using AcceleratedDHTClient because they are falling behind.
   - v0.2.1 ([ipfs/go-ipld-legacy#15](https://github.com/ipfs/go-ipld-legacy/pull/15))
   - Expose a constructor for making a decoder with an existing link system ([ipfs/go-ipld-legacy#14](https://github.com/ipfs/go-ipld-legacy/pull/14))
   - Update to v0.2.0 ([ipfs/go-ipld-legacy#13](https://github.com/ipfs/go-ipld-legacy/pull/13))
-  - Remove global variable ([ipfs/go-ipld-legacy#12](https://github.com/ipfs/go-ipld-legacy/pull/12))
+  - Remove global variable ([ipfs/go-ipld-legacy#12](https://github.com/ipfs/go-ipld-legacy/pull/12))
   - sync: update CI config files (#8) ([ipfs/go-ipld-legacy#8](https://github.com/ipfs/go-ipld-legacy/pull/8))
 - github.com/ipfs/go-unixfsnode (v1.6.0 -> v1.7.1):
   - chore: bump to v1.7.1