Update Go to 1.17.4, replace io/ioutil with io, and update golang.org/x/sys

.circleci/config.yml

@@ -11,7 +11,8 @@ jobs:
       # Needed to install go
       OS: linux
       ARCH: amd64
-      GOVERSION: 1.13
+      GOVERSION: 1.17
+      GO111MODULE: "off"
       # Needed to install protoc
       PROTOC_VERSION: 3.6.1
 
@@ -29,7 +30,7 @@ jobs:
 
     # /dev/shm in the container is tmpfs although files in /dev/shm are not executable.
     # If we specify TMPDIR=/dev/shm, /dev/shm will be used by our tests, which call
-    # ioutil.TempDir/ioutil.TempFile, to write temporary files.
+    # os.MkdirTemp/os.CreateTemp, to write temporary files.
     # We can also specify GOTMPDIR=/tmp or some other non-tmpfs directory
     # (see https://golang.org/doc/go1.10#goroot) - this is the directory in which the
     # go tool itself will put temporarily compiled test executables, etc.

Dockerfile

@@ -1,5 +1,5 @@
 # NOTE(dperny): for some reason, alpine was giving me trouble
-ARG GO_VERSION=1.13.15
+ARG GO_VERSION=1.17.4
 ARG DEBIAN_FRONTEND=noninteractive
 ARG BASE_DEBIAN_DISTRO="buster"
 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
@@ -16,6 +16,7 @@ RUN curl --silent --show-error --location --output protoc.zip \
   && unzip -d /usr/local protoc.zip include/\* bin/\* \
   && rm -f protoc.zip
 
+ENV GO111MODULE=off
 WORKDIR /go/src/github.com/docker/swarmkit/
 
 # install the dependencies from `make setup`

agent/exec/dockerapi/controller_test.go

@@ -5,7 +5,6 @@ import (
 	"context"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"reflect"
 	"runtime"
 	"testing"
@@ -38,7 +37,7 @@ func TestControllerPrepare(t *testing.T) {
 
 	client.ImagePullFn = func(_ context.Context, refStr string, options types.ImagePullOptions) (io.ReadCloser, error) {
 		if refStr == config.image() {
-			return ioutil.NopCloser(bytes.NewBuffer([]byte{})), nil
+			return io.NopCloser(bytes.NewBuffer([]byte{})), nil
 		}
 		panic("unexpected call of ImagePull")
 	}
@@ -68,7 +67,7 @@ func TestControllerPrepareAlreadyPrepared(t *testing.T) {
 
 	client.ImagePullFn = func(_ context.Context, refStr string, options types.ImagePullOptions) (io.ReadCloser, error) {
 		if refStr == config.image() {
-			return ioutil.NopCloser(bytes.NewBuffer([]byte{})), nil
+			return io.NopCloser(bytes.NewBuffer([]byte{})), nil
 		}
 		panic("unexpected call of ImagePull")
 	}

agent/storage_test.go

@@ -1,7 +1,6 @@
 package agent
 
 import (
-	"io/ioutil"
 	"math/rand"
 	"os"
 	"path/filepath"
@@ -176,11 +175,11 @@ func genTaskStatus() *api.TaskStatus {
 // tests.
 func storageTestEnv(t *testing.T) (*bolt.DB, func()) {
 	var cleanup []func()
-	dir, err := ioutil.TempDir("", "agent-TestStorage-")
+	dir, err := os.MkdirTemp("", "agent-TestStorage-")
 	assert.NoError(t, err)
 
 	dbpath := filepath.Join(dir, "tasks.db")
-	assert.NoError(t, os.MkdirAll(dir, 0777))
+	assert.NoError(t, os.MkdirAll(dir, 0o777))
 	cleanup = append(cleanup, func() { os.RemoveAll(dir) })
 
 	db, err := bolt.Open(dbpath, 0666, nil)

agent/testutils/fakes.go

@@ -2,7 +2,6 @@ package testutils
 
 import (
 	"context"
-	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
@@ -235,7 +234,7 @@ func NewMockDispatcher(t *testing.T, secConfig *ca.SecurityConfig, local bool) (
 		cleanup func()
 	)
 	if local {
-		tempDir, err := ioutil.TempDir("", "local-dispatcher-socket")
+		tempDir, err := os.MkdirTemp("", "local-dispatcher-socket")
 		require.NoError(t, err)
 		addr = filepath.Join(tempDir, "socket")
 		l, err = net.Listen("unix", addr)

ca/certificates.go

@@ -14,7 +14,6 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"time"
@@ -687,7 +686,7 @@ func ensureCertKeyMatch(cert *x509.Certificate, key crypto.PublicKey) error {
 // CA certificate, and returns the PEM-encoded Certificate if so
 func GetLocalRootCA(paths CertPaths) (RootCA, error) {
 	// Check if we have a Certificate file
-	cert, err := ioutil.ReadFile(paths.Cert)
+	cert, err := os.ReadFile(paths.Cert)
 	if err != nil {
 		if os.IsNotExist(err) {
 			err = ErrNoLocalRootCA
@@ -697,7 +696,7 @@ func GetLocalRootCA(paths CertPaths) (RootCA, error) {
 	}
 	signingCert := cert
 
-	key, err := ioutil.ReadFile(paths.Key)
+	key, err := os.ReadFile(paths.Key)
 	if err != nil {
 		if !os.IsNotExist(err) {
 			return RootCA{}, err
@@ -910,13 +909,13 @@ func readCertValidity(kr KeyReader) (time.Time, time.Time, error) {
 // SaveRootCA saves a RootCA object to disk
 func SaveRootCA(rootCA RootCA, paths CertPaths) error {
 	// Make sure the necessary dirs exist and they are writable
-	err := os.MkdirAll(filepath.Dir(paths.Cert), 0755)
+	err := os.MkdirAll(filepath.Dir(paths.Cert), 0o755)
 	if err != nil {
 		return err
 	}
 
 	// If the root certificate got returned successfully, save the rootCA to disk.
-	return ioutils.AtomicWriteFile(paths.Cert, rootCA.Certs, 0644)
+	return ioutils.AtomicWriteFile(paths.Cert, rootCA.Certs, 0o644)
 }
 
 // GenerateNewCSR returns a newly generated key and CSR signed with said key

ca/certificates_test.go

@@ -11,7 +11,6 @@ import (
 	"encoding/hex"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"os"
 	"sync"
@@ -79,7 +78,7 @@ func TestMain(m *testing.M) {
 }
 
 func TestCreateRootCASaveRootCA(t *testing.T) {
-	tempBaseDir, err := ioutil.TempDir("", "swarm-ca-test-")
+	tempBaseDir, err := os.MkdirTemp("", "swarm-ca-test-")
 	assert.NoError(t, err)
 	defer os.RemoveAll(tempBaseDir)
 
@@ -100,7 +99,7 @@ func TestCreateRootCASaveRootCA(t *testing.T) {
 	assert.True(t, os.IsNotExist(err))
 
 	// ensure that the cert that was written is already normalized
-	written, err := ioutil.ReadFile(paths.RootCA.Cert)
+	written, err := os.ReadFile(paths.RootCA.Cert)
 	assert.NoError(t, err)
 	assert.Equal(t, written, ca.NormalizePEMs(written))
 }
@@ -118,7 +117,7 @@ func TestCreateRootCAExpiry(t *testing.T) {
 }
 
 func TestGetLocalRootCA(t *testing.T) {
-	tempBaseDir, err := ioutil.TempDir("", "swarm-ca-test-")
+	tempBaseDir, err := os.MkdirTemp("", "swarm-ca-test-")
 	assert.NoError(t, err)
 	defer os.RemoveAll(tempBaseDir)
 
@@ -144,7 +143,7 @@ func TestGetLocalRootCA(t *testing.T) {
 	assert.Equal(t, err, ca.ErrNoValidSigner)
 
 	// write private key and assert we can load it and sign
-	assert.NoError(t, ioutil.WriteFile(paths.RootCA.Key, s.Key, os.FileMode(0600)))
+	assert.NoError(t, os.WriteFile(paths.RootCA.Key, s.Key, os.FileMode(0o600)))
 	rootCA3, err := ca.GetLocalRootCA(paths.RootCA)
 	assert.NoError(t, err)
 	assert.Equal(t, rootCA.Certs, rootCA3.Certs)
@@ -160,30 +159,30 @@ func TestGetLocalRootCA(t *testing.T) {
 		Type:  "EC PRIVATE KEY",
 		Bytes: privKeyBytes,
 	})
-	assert.NoError(t, ioutil.WriteFile(paths.RootCA.Key, privKeyPem, os.FileMode(0600)))
+	assert.NoError(t, os.WriteFile(paths.RootCA.Key, privKeyPem, os.FileMode(0o600)))
 
 	_, err = ca.GetLocalRootCA(paths.RootCA)
 	assert.EqualError(t, err, "certificate key mismatch")
 }
 
 func TestGetLocalRootCAInvalidCert(t *testing.T) {
-	tempBaseDir, err := ioutil.TempDir("", "swarm-ca-test-")
+	tempBaseDir, err := os.MkdirTemp("", "swarm-ca-test-")
 	assert.NoError(t, err)
 	defer os.RemoveAll(tempBaseDir)
 
 	paths := ca.NewConfigPaths(tempBaseDir)
 
 	// Write some garbage to the CA cert
-	require.NoError(t, ioutil.WriteFile(paths.RootCA.Cert, []byte(`-----BEGIN CERTIFICATE-----\n
+	require.NoError(t, os.WriteFile(paths.RootCA.Cert, []byte(`-----BEGIN CERTIFICATE-----\n
 some random garbage\n
------END CERTIFICATE-----`), 0644))
+-----END CERTIFICATE-----`), 0o644))
 
 	_, err = ca.GetLocalRootCA(paths.RootCA)
 	require.Error(t, err)
 }
 
 func TestGetLocalRootCAInvalidKey(t *testing.T) {
-	tempBaseDir, err := ioutil.TempDir("", "swarm-ca-test-")
+	tempBaseDir, err := os.MkdirTemp("", "swarm-ca-test-")
 	assert.NoError(t, err)
 	defer os.RemoveAll(tempBaseDir)
 
@@ -194,9 +193,9 @@ func TestGetLocalRootCAInvalidKey(t *testing.T) {
 	require.NoError(t, ca.SaveRootCA(rootCA, paths.RootCA))
 
 	// Write some garbage to the root key - this will cause the loading to fail
-	require.NoError(t, ioutil.WriteFile(paths.RootCA.Key, []byte(`-----BEGIN PRIVATE KEY-----\n
+	require.NoError(t, os.WriteFile(paths.RootCA.Key, []byte(`-----BEGIN PRIVATE KEY-----\n
 some random garbage\n
------END PRIVATE KEY-----`), 0600))
+-----END PRIVATE KEY-----`), 0o600))
 
 	_, err = ca.GetLocalRootCA(paths.RootCA)
 	require.Error(t, err)
@@ -261,7 +260,7 @@ func TestGetRemoteCA(t *testing.T) {
 
 	// update the test CA to include a multi-certificate bundle as the root - the digest
 	// we use to verify with must be the digest of the whole bundle
-	tmpDir, err := ioutil.TempDir("", "GetRemoteCA")
+	tmpDir, err := os.MkdirTemp("", "GetRemoteCA")
 	require.NoError(t, err)
 	defer os.RemoveAll(tmpDir)
 	paths := ca.NewConfigPaths(tmpDir)
@@ -338,7 +337,7 @@ func testRequestAndSaveNewCertificates(t *testing.T, tc *cautils.TestCA) (*ca.Is
 	require.False(t, perms.GroupWrite())
 	require.False(t, perms.OtherWrite())
 
-	certs, err := ioutil.ReadFile(tc.Paths.Node.Cert)
+	certs, err := os.ReadFile(tc.Paths.Node.Cert)
 	require.NoError(t, err)
 	require.Equal(t, certs, ca.NormalizePEMs(certs))
 
@@ -374,7 +373,7 @@ func TestRequestAndSaveNewCertificatesWithIntermediates(t *testing.T) {
 			CrossSignedCACert: concat([]byte("   "), cautils.ECDSACertChain[1]),
 		},
 	}
-	tempdir, err := ioutil.TempDir("", "test-request-and-save-new-certificates")
+	tempdir, err := os.MkdirTemp("", "test-request-and-save-new-certificates")
 	require.NoError(t, err)
 	defer os.RemoveAll(tempdir)
 
@@ -453,7 +452,7 @@ func TestRequestAndSaveNewCertificatesWithKEKUpdate(t *testing.T) {
 
 // returns the issuer of the issued certificate and the parsed certs of the issued certificate
 func testIssueAndSaveNewCertificates(t *testing.T, rca *ca.RootCA) {
-	tempdir, err := ioutil.TempDir("", "test-issue-and-save-new-certificates")
+	tempdir, err := os.MkdirTemp("", "test-issue-and-save-new-certificates")
 	require.NoError(t, err)
 	defer os.RemoveAll(tempdir)
 	paths := ca.NewConfigPaths(tempdir)
@@ -485,7 +484,7 @@ func testIssueAndSaveNewCertificates(t *testing.T, rca *ca.RootCA) {
 		require.False(t, perms.GroupWrite())
 		require.False(t, perms.OtherWrite())
 
-		certBytes, err := ioutil.ReadFile(paths.Node.Cert)
+		certBytes, err := os.ReadFile(paths.Node.Cert)
 		require.NoError(t, err)
 		parsed := checkLeafCert(t, certBytes, issuer.Subject.CommonName, "CN", role, "org", additionalNames...)
 		if len(rca.Intermediates) > 0 {
@@ -926,7 +925,7 @@ func TestNewRootCA(t *testing.T) {
 }
 
 func TestNewRootCABundle(t *testing.T) {
-	tempBaseDir, err := ioutil.TempDir("", "swarm-ca-test-")
+	tempBaseDir, err := os.MkdirTemp("", "swarm-ca-test-")
 	assert.NoError(t, err)
 	defer os.RemoveAll(tempBaseDir)
 
@@ -944,7 +943,7 @@ func TestNewRootCABundle(t *testing.T) {
 
 	// Overwrite the bytes of the second Root CA with the bundle, creating a valid 2 cert bundle
 	bundle := append(firstRootCA.Certs, secondRootCA.Certs...)
-	err = ioutil.WriteFile(paths.RootCA.Cert, bundle, 0644)
+	err = os.WriteFile(paths.RootCA.Cert, bundle, 0o644)
 	assert.NoError(t, err)
 
 	newRootCA, err := ca.NewRootCA(bundle, firstRootCA.Certs, s.Key, ca.DefaultNodeCertExpiration, nil)
@@ -957,7 +956,7 @@ func TestNewRootCABundle(t *testing.T) {
 	_, _, err = newRootCA.IssueAndSaveNewCertificates(kw, "CN", "OU", "ORG")
 	assert.NoError(t, err)
 
-	certBytes, err := ioutil.ReadFile(paths.Node.Cert)
+	certBytes, err := os.ReadFile(paths.Node.Cert)
 	assert.NoError(t, err)
 	assert.Len(t, checkLeafCert(t, certBytes, "rootCN1", "CN", "OU", "ORG"), 1)
 }
@@ -1189,7 +1188,7 @@ func TestNewRootCAInvalidCertAndKeys(t *testing.T) {
 }
 
 func TestRootCAWithCrossSignedIntermediates(t *testing.T) {
-	tempdir, err := ioutil.TempDir("", "swarm-ca-test-")
+	tempdir, err := os.MkdirTemp("", "swarm-ca-test-")
 	require.NoError(t, err)
 	defer os.RemoveAll(tempdir)
 
@@ -1485,7 +1484,7 @@ func TestRootCACrossSignCACertificate(t *testing.T) {
 		},
 	}
 
-	tempdir, err := ioutil.TempDir("", "cross-sign-cert")
+	tempdir, err := os.MkdirTemp("", "cross-sign-cert")
 	require.NoError(t, err)
 	defer os.RemoveAll(tempdir)
 	paths := ca.NewConfigPaths(tempdir)