[ { "path": ".codespellrc", "content": "# https://github.com/codespell-project/codespell#using-a-config-file\n\n[codespell]\n\n# Comma separated list of dirs to be skipped.\nskip = .git,go.mod,go.sum,*.pb.desc,*/node_modules/*,*/public/js/*,*/public/scss/*\n\n# Comma separated list of words to be ignored. Words must be lowercased.\nignore-words-list = ans,distroname,testof,hda,ststr,archtypes,sme\n\n# Check file names as well.\ncheck-filenames = true\n" }, { "path": ".editorconfig", "content": "root = true\n\n[*]\ntrim_trailing_whitespace = true\ninsert_final_newline = true\n\n# Protobuf descriptors are binary files\n[*.pb.desc]\ninsert_final_newline = unset\ntrim_trailing_whitespace = unset\n" }, { "path": ".github/ISSUE_TEMPLATE/bug_report.yaml", "content": "name: Bug report\ndescription: Report a potential bug\nbody:\n- type: textarea\n attributes:\n label: Description\n description: Please make sure to include the version of Lima and the host OS\n" }, { "path": ".github/ISSUE_TEMPLATE/config.yml", "content": "blank_issues_enabled: true\ncontact_links:\n- name: Ask a question (GitHub Discussions)\n url: https://github.com/lima-vm/lima/discussions\n about: We use GitHub Discussions for questions, GitHub issues for tracking bug reports and feature requests\n- name: Chat with Lima users and developers\n url: https://slack.cncf.io/\n about: CNCF slack has `#lima` channel\n" }, { "path": ".github/ISSUE_TEMPLATE/feature_request.yaml", "content": "name: Feature request\ndescription: Request a feature\nbody:\n- type: textarea\n attributes:\n label: Description\n" }, { "path": ".github/actions/setup_cache_for_template/action.yml", "content": "name: 'setup cache for template'\ndescription: 'setup cache for template'\ninputs:\n arch:\n description: arch to setup cache for\n required: false\n template:\n description: template yaml file\n required: true\nruns:\n using: \"composite\"\n steps:\n - name: \"detect platform for download directory\"\n id: detect-platform\n run: |\n if [[ \"$(uname)\" == \"Darwin\" ]]; then\n download_dir=~/Library/Caches/lima/download\n else\n download_dir=~/.cache/lima/download\n fi\n echo \"download-dir=$download_dir\" >> \"$GITHUB_OUTPUT\"\n shell: bash\n - name: \"create cache parameters from template\"\n if: always()\n id: cache-params-from-template\n run: |\n set -eux\n source hack/cache-common-inc.sh\n print_cache_informations_from_template \"${{ inputs.template }}\" \"${{ inputs.arch }}\" >> \"$GITHUB_OUTPUT\"\n shell: bash\n\n - name: \"Cache ${{ steps.cache-params-from-template.outputs.image-path }}\"\n if: ${{ steps.cache-params-from-template.outputs.image-key != '' }}\n # avoid using `~` in path that will be expanded to platform specific home directory\n uses: actions/cache@v4\n with:\n path: ${{ steps.cache-params-from-template.outputs.image-path }}\n key: ${{ steps.cache-params-from-template.outputs.image-key }}\n enableCrossOsArchive: true\n\n - name: \"Cache ${{ steps.cache-params-from-template.outputs.kernel-path }}\"\n if: ${{ steps.cache-params-from-template.outputs.kernel-key != '' }}\n # avoid using `~` in path that will be expanded to platform specific home directory\n uses: actions/cache@v4\n with:\n path: ${{ steps.cache-params-from-template.outputs.kernel-path }}\n key: ${{ steps.cache-params-from-template.outputs.kernel-key }}\n enableCrossOsArchive: true\n\n - name: \"Cache ${{ steps.cache-params-from-template.outputs.initrd-path }}\"\n if: ${{ steps.cache-params-from-template.outputs.initrd-key != '' }}\n # avoid using `~` in path that will be expanded to platform specific home directory\n uses: actions/cache@v4\n with:\n path: ${{ steps.cache-params-from-template.outputs.initrd-path }}\n key: ${{ steps.cache-params-from-template.outputs.initrd-key }}\n enableCrossOsArchive: true\n\n - name: \"Cache ${{ steps.cache-params-from-template.outputs.containerd-key }}\"\n if: ${{ steps.cache-params-from-template.outputs.containerd-key != '' }}\n uses: actions/cache@v4\n with:\n path: ${{ steps.cache-params-from-template.outputs.containerd-path }}\n key: ${{ steps.cache-params-from-template.outputs.containerd-key }}\n enableCrossOsArchive: true\n\n - name: \"Create symbolic link named ${{ steps.detect-platform.outputs.download-dir }} pointing to .download\"\n run: |\n set -eux\n [ -d .download ] || mkdir -p .download\n path_to_cache=${{ steps.detect-platform.outputs.download-dir }}\n mkdir -p \"$(dirname \"$path_to_cache\")\"\n ln -sfn \"$PWD/.download\" \"$path_to_cache\"\n shell: bash\n" }, { "path": ".github/actions/upload_failure_logs_if_exists/action.yml", "content": "name: 'upload failure-logs if exists'\ndescription: 'upload failure-logs if exists'\ninputs:\n suffix:\n description: suffix to append to the name of the artifact\n required: false\n default: ''\nruns:\n using: \"composite\"\n steps:\n - name: \"Check if failure-logs exists\"\n if: always()\n id: check-if-failure-logs-exists\n run: echo \"exists=$([ -d \"failure-logs\" ] && echo \"true\" || echo \"false\")\" >> \"$GITHUB_OUTPUT\"\n shell: bash\n - id: normalize-suffix\n # To avoid using special characters in artifact name, normalize the suffix\n if: steps.check-if-failure-logs-exists.outputs.exists == 'true'\n run: |\n suffix=\"${{ inputs.suffix }}\"\n suffix=\"${suffix//[^a-zA-Z0-9_]/_}\"\n suffix=\"${suffix:+-$suffix}\"\n echo \"result=$suffix\" >> \"$GITHUB_OUTPUT\"\n shell: bash\n - name: \"Upload failure-logs\"\n if: steps.check-if-failure-logs-exists.outputs.exists == 'true'\n uses: actions/upload-artifact@v4\n with:\n name: failure-logs-${{ github.job }}${{ steps.normalize-suffix.outputs.result }}\n path: failure-logs/\n" }, { "path": ".github/dependabot.yml", "content": "version: 2\nupdates:\n- package-ecosystem: gomod\n directories:\n - \"/\"\n - \"/hack/tools\"\n schedule:\n interval: daily\n open-pull-requests-limit: 10\n groups:\n golang-x:\n patterns:\n - \"golang.org/x/*\"\n k8s:\n patterns:\n - \"k8s.io/*\"\n- package-ecosystem: github-actions\n directory: \"/\"\n schedule:\n interval: daily\n open-pull-requests-limit: 10\n" }, { "path": ".github/workflows/codeql.yaml", "content": "name: \"CodeQL Advanced\"\n\non:\n # paths-ignore should be kept in sync with test.yml\n push:\n branches: [\"master\"]\n paths-ignore:\n - \"docs/**\"\n - \"website/**\"\n - \"**.md\"\n pull_request:\n branches: [\"master\"]\n paths-ignore:\n - \"docs/**\"\n - \"website/**\"\n - \"**.md\"\n schedule:\n - cron: '33 19 * * 5'\n workflow_dispatch:\n\npermissions:\n contents: read\n\njobs:\n analyze:\n name: Analyze (${{ matrix.language }})\n runs-on: 'ubuntu-latest'\n permissions:\n security-events: write\n # required to fetch internal or private CodeQL packs\n packages: read\n\n strategy:\n fail-fast: false\n matrix:\n include:\n - language: go\n build-mode: autobuild\n steps:\n - name: Checkout repository\n uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n\n - name: Initialize CodeQL\n uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0\n with:\n languages: ${{ matrix.language }}\n build-mode: ${{ matrix.build-mode }}\n\n - if: matrix.build-mode == 'manual'\n shell: bash\n run: |\n echo 'If you are using a \"manual\" build mode for one or more of the' \\\n 'languages you are analyzing, replace this with the commands to build' \\\n 'your code, for example:'\n echo ' make bootstrap'\n echo ' make release'\n exit 1\n\n - name: Perform CodeQL Analysis\n uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0\n with:\n category: \"/language:${{matrix.language}}\"\n" }, { "path": ".github/workflows/release.yml", "content": "# Forked from https://github.com/containerd/nerdctl/blob/v0.8.1/.github/workflows/release.yml\n# Apache License 2.0\n\nname: Release\non:\n # paths-ignore should be kept in sync with test.yml\n push:\n branches:\n - 'master'\n tags:\n - 'v*'\n paths-ignore:\n - \"docs/**\"\n - \"website/**\"\n - \"**.md\"\n pull_request:\n branches:\n - 'master'\n paths-ignore:\n - \"docs/**\"\n - \"website/**\"\n - \"**.md\"\nenv:\n GO111MODULE: on\n GOTOOLCHAIN: local\npermissions:\n contents: read\n\njobs:\n artifacts-darwin:\n name: Artifacts Darwin\n # The latest release of macOS is used to enable new features.\n # https://github.com/lima-vm/lima/issues/2767\n #\n # Apparently, a binary built on a newer version of macOS can still run on\n # an older release of macOS without an error.\n # This is quite different from Linux and glibc.\n runs-on: macos-26\n timeout-minutes: 20\n steps:\n - name: \"Show xcode and SDK version\"\n run: |\n # Xcode version\n xcodebuild -version\n # macOS SDK version\n xcrun --show-sdk-version || true\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Make darwin artifacts\n run: make artifacts-darwin\n - name: \"Upload artifacts\"\n uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0\n with:\n name: artifacts-darwin\n path: _artifacts/\n release:\n # An old release of Ubuntu is chosen for glibc compatibility\n runs-on: ubuntu-22.04\n needs: artifacts-darwin\n timeout-minutes: 20\n # The maximum access is \"read\" for PRs from public forked repos\n # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token\n permissions:\n contents: write # for releases\n id-token: write # for provenances\n attestations: write # for provenances\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1\n with:\n name: artifacts-darwin\n path: _artifacts/\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Install gcc\n run: |\n sudo apt-get update\n sudo apt-get install -y gcc-x86-64-linux-gnu gcc-aarch64-linux-gnu\n - name: \"Compile binaries\"\n run: make artifacts-linux\n - name: \"Make misc artifacts\"\n run: make artifacts-misc\n - name: \"Validate artifactts\"\n run: ./hack/validate-artifact.sh ./_artifacts/*.tar.gz\n - name: \"SHA256SUMS\"\n run: |\n ( cd _artifacts; sha256sum *.tar.gz ) | tee /tmp/SHA256SUMS\n mv /tmp/SHA256SUMS _artifacts/SHA256SUMS\n - name: \"The sha256sum of the SHA256SUMS file\"\n run: (cd _artifacts; sha256sum SHA256SUMS)\n - name: \"Prepare the release note\"\n run: |\n shasha=$(sha256sum _artifacts/SHA256SUMS | awk '{print $1}')\n cat <<-EOF | tee /tmp/release-note.txt\n (Changes to be documented)\n\n ## Usage\n \\`\\`\\`console\n $ limactl create\n $ limactl start\n ...\n INFO[0029] READY. Run \\`lima\\` to open the shell.\n\n $ lima uname\n Linux\n \\`\\`\\`\n\n - - -\n The binaries were built automatically on GitHub Actions.\n The build log is available for 90 days: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n The sha256sum of the SHA256SUMS file itself is \\`${shasha}\\` .\n - - -\n Release manager: [ADD YOUR NAME HERE] (@[ADD YOUR GITHUB ID HERE])\n EOF\n - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0\n if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')\n with:\n subject-path: _artifacts/*\n - name: \"Create release\"\n if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n run: |\n tag=\"${GITHUB_REF##*/}\"\n gh release create -F /tmp/release-note.txt --draft --title \"${tag}\" \"${tag}\" _artifacts/*\n" }, { "path": ".github/workflows/scorecard.yml", "content": "name: Scorecard supply-chain security\non:\n # For Branch-Protection check. Only the default branch is supported. See\n # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection\n branch_protection_rule:\n # To guarantee Maintained check is occasionally updated. See\n # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained\n schedule:\n - cron: '23 13 * * 4'\n push:\n branches:\n - master\n workflow_dispatch:\n\n# Declare default permissions as read only.\npermissions: read-all\n\njobs:\n analysis:\n name: Scorecard analysis\n runs-on: ubuntu-latest\n permissions:\n # Needed to upload the results to code-scanning dashboard.\n security-events: write\n # Needed to publish results and get a badge (see publish_results below).\n id-token: write\n\n steps:\n - name: \"Checkout code\"\n uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n with:\n persist-credentials: false\n\n - name: \"Run analysis\"\n uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3\n with:\n results_file: results.sarif\n results_format: sarif\n # (Optional) \"write\" PAT token. Uncomment the `repo_token` line below if:\n # - you want to enable the Branch-Protection check on a *public* repository, or\n # - you are installing Scorecard on a *private* repository\n # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.\n # repo_token: ${{ secrets.SCORECARD_TOKEN }}\n\n # Public repositories:\n # - Publish results to OpenSSF REST API for easy access by consumers\n # - Allows the repository to include the Scorecard badge.\n # - See https://github.com/ossf/scorecard-action#publishing-results.\n publish_results: true\n\n # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF\n # format to the repository Actions tab.\n - name: \"Upload artifact\"\n uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0\n with:\n name: SARIF file\n path: results.sarif\n retention-days: 5\n\n # Upload the results to GitHub's code scanning dashboard (optional).\n # Commenting out will disable upload of results to your repo's Code Scanning dashboard\n - name: \"Upload to code-scanning\"\n uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0\n with:\n sarif_file: results.sarif\n" }, { "path": ".github/workflows/spell.yml", "content": "# split from test.yml so as to run spell checks for doc-only PRs too\nname: spell\n\non:\n push:\n branches:\n - master\n - 'release/**'\n pull_request:\n\npermissions:\n contents: read\n\njobs:\n spell:\n name: \"Spell check\"\n runs-on: ubuntu-24.04\n timeout-minutes: 5\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2.2\n with:\n check_filenames: true\n check_hidden: true\n # by default, codespell uses configuration from the .codespellrc\n" }, { "path": ".github/workflows/test.yml", "content": "name: test\n\non:\n push:\n branches:\n - master\n - 'release/**'\n paths-ignore:\n - \"docs/**\"\n - \"website/**\"\n - \"**.md\"\n pull_request:\n paths-ignore:\n - \"docs/**\"\n - \"website/**\"\n - \"**.md\"\nenv:\n LIMACTL_CREATE_ARGS: \"\"\n GOTOOLCHAIN: local\n\npermissions: read-all\n\njobs:\n lints:\n name: \"Lints\"\n runs-on: ubuntu-24.04\n timeout-minutes: 30\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Install protoc and Go plugins\n run: |\n sudo apt-get update\n sudo apt-get install -y protobuf-compiler\n make install-protoc-tools\n - name: Verify generated files\n run: make generate check-generated\n - name: Run nobin\n run: >-\n go tool -modfile=./hack/tools/go.mod nobin\n --allow-emoji\n --allow-escape\n --gitignore\n --skip-ext pb.desc\n --skip 'website/static/images/**/*.{gif,png}'\n --skip 'docs/reports/**/*.pdf'\n - name: Run editorconfig-checker\n run: go tool -modfile=./hack/tools/go.mod editorconfig-checker\n - name: Run yamllint\n run: yamllint .\n - name: Install shellcheck\n run: |\n sudo apt-get update\n sudo apt-get install -y shellcheck\n - name: Run file and directory name linter\n uses: ls-lint/action@02e380fe8733d499cbfc9e22276de5085508a5bd # v2.3.1\n - name: Run shellcheck\n run: find . -name '*.sh' | xargs shellcheck\n - name: Run shfmt\n run: find . -name '*.sh' | xargs go tool -modfile=./hack/tools/go.mod shfmt -s -d\n - name: Check hyperlinks\n uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0\n with:\n args: >-\n --exclude https://img.shields.io\n --exclude http://127.0.0.1:8080\n --exclude https://github.com/lima-vm/lima/releases/download\n --exclude https://xbarapp.com\n --exclude https://api.github.com\n README.md\n token: ${{ secrets.GITHUB_TOKEN }}\n - name: Install go-licenses\n # TODO: move to `go tool` after upgrading to v2\n run: go install github.com/google/go-licenses@v1.6.0\n - name: Check licenses\n # the allow list corresponds to https://github.com/cncf/foundation/blob/e5db022a0009f4db52b89d9875640cf3137153fe/allowed-third-party-license-policy.md\n # hashicorp/hcl/v2 is MPL-2.0; covered by the CNCF license exception for hashicorp/hcl\n # see also https://github.com/cncf/foundation/issues/1242\n run: go-licenses check --include_tests --ignore github.com/hashicorp/hcl/v2 ./... --allowed_licenses=$(cat ./hack/allowed-licenses.txt)\n - name: Check license boilerplates\n run: go tool -modfile=./hack/tools/go.mod ltag -t ./hack/ltag --check -v\n - name: Check protobuf files\n run: go tool -modfile=./hack/tools/go.mod protolint .\n\n lint-go:\n name: \"Lint Go\"\n timeout-minutes: 30\n strategy:\n matrix:\n runs-on: [ubuntu-24.04, macos-26, windows-2025]\n runs-on: ${{ matrix.runs-on }}\n steps:\n - name: Force git to use LF\n # This step is required on Windows to work around golangci-lint issues with formatters. See https://github.com/golangci/golangci-lint/discussions/5840\n # TODO: replace with a checkout option when https://github.com/actions/checkout/issues/226 is implemented\n if: runner.os == 'Windows'\n run: |\n git config --global core.autocrlf false\n git config --global core.eol lf\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - id: golangci-lint-version\n shell: bash\n working-directory: hack/tools\n run: |\n echo \"GOLANGCI_LINT_VERSION=$(go list -m -f '{{.Version}}' github.com/golangci/golangci-lint/v2)\" >> $GITHUB_OUTPUT\n - name: Run golangci-lint\n uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0\n with:\n version: ${{ steps.golangci-lint-version.outputs.GOLANGCI_LINT_VERSION }}\n args: --verbose\n\n security:\n name: \"Vulncheck\"\n runs-on: ubuntu-24.04\n timeout-minutes: 5\n steps:\n - uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4\n\n unit:\n name: \"Unit tests\"\n runs-on: ubuntu-24.04\n timeout-minutes: 30\n strategy:\n fail-fast: false\n matrix:\n # For non-Homebrew we have to support an old release of Go\n go-version: [\"oldstable\", \"stable\"]\n steps:\n - name: Install test dependencies\n run: |\n sudo apt-get update\n sudo apt-get install -y --no-install-recommends qemu-utils\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: ${{ matrix.go-version }}\n - name: Unit tests\n run: go test -v ./...\n - name: Make\n run: make\n - name: Install\n run: sudo make install\n - name: Verify templates match `limactl edit` format\n run: |\n find templates -name '*.yaml' -exec limactl edit --set 'del(.nothing)' {} \\;\n git diff-index --exit-code HEAD\n - name: Uninstall\n run: sudo make uninstall\n\n windows:\n name: \"Windows tests (WSL2)\"\n runs-on: windows-2025\n timeout-minutes: 30\n steps:\n - name: Enable WSL2\n run: |\n wsl --set-default-version 2\n wsl --shutdown\n wsl --update\n wsl --status\n wsl --version\n wsl --list --online\n - name: Install WSL2 distro\n timeout-minutes: 1\n run: |\n # FIXME: At least one distro has to be installed here,\n # otherwise `wsl --list --verbose` (called from Lima) fails:\n # https://github.com/lima-vm/lima/pull/1826#issuecomment-1729993334\n # The distro image itself is not consumed by Lima.\n # Starting with WSL2 version 2.5.7.0 the distro will be rejected\n # if it doesn't contain /bin/sh and /etc.\n # ------------------------------------------------------------------\n mkdir dummy\n mkdir dummy\\bin\n mkdir dummy\\etc\n echo \"\" >dummy\\bin\\sh\n tar -cf dummy.tar --format ustar -C dummy .\n wsl --import dummy $env:TEMP dummy.tar\n wsl --list --verbose\n - name: Set gitconfig\n run: |\n git config --global core.autocrlf false\n git config --global core.eol lf\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Unit tests\n run: go test -v ./...\n - name: Make\n run: make\n - name: Integration tests (WSL2, Windows host)\n run: |\n $env:PATH = \"$pwd\\_output\\bin;\" + 'C:\\msys64\\usr\\bin;' + $env:PATH\n pacman -Sy --noconfirm openbsd-netcat diffutils socat w3m\n $env:MSYS2_ENV_CONV_EXCL = 'HOME_HOST;HOME_GUEST;_LIMA_WINDOWS_EXTRA_PATH'\n $env:HOME_HOST = $(cygpath.exe \"$env:USERPROFILE\")\n $env:HOME_GUEST = \"/mnt$env:HOME_HOST\"\n $env:LIMACTL_CREATE_ARGS = '--vm-type=wsl2 --mount-type=wsl2 --containerd=system'\n $env:_LIMA_WINDOWS_EXTRA_PATH = 'C:\\Program Files\\Git\\usr\\bin'\n bash.exe -c \"./hack/test-templates.sh templates/experimental/wsl2.yaml\"\n\n windows-qemu:\n name: \"Windows tests (QEMU)\"\n runs-on: windows-2025\n timeout-minutes: 30\n steps:\n - name: Set gitconfig\n run: |\n git config --global core.autocrlf false\n git config --global core.eol lf\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Make\n run: make\n - name: Install QEMU\n run: |\n winget install --silent --accept-source-agreements --accept-package-agreements --disable-interactivity SoftwareFreedomConservancy.QEMU\n - name: Integration tests (QEMU, Windows host)\n run: |\n $env:PATH = \"$pwd\\_output\\bin;\" + 'C:\\msys64\\usr\\bin;' + 'C:\\Program Files\\QEMU;' + $env:PATH\n pacman -Sy --noconfirm openbsd-netcat diffutils socat w3m\n $env:MSYS2_ENV_CONV_EXCL = 'HOME_HOST;HOME_GUEST;_LIMA_WINDOWS_EXTRA_PATH'\n $env:HOME_HOST = $(cygpath.exe \"$env:USERPROFILE\")\n $env:HOME_GUEST = \"$env:HOME_HOST\"\n $env:LIMACTL_CREATE_ARGS = '--vm-type=qemu'\n $env:_LIMA_WINDOWS_EXTRA_PATH = 'C:\\Program Files\\Git\\usr\\bin'\n bash.exe -c \"./hack/test-templates.sh templates/default.yaml\"\n\n qemu:\n name: \"Integration tests (QEMU, macOS host)\"\n runs-on: macos-15-large # Intel\n timeout-minutes: 120\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Unit tests\n run: go test -v ./...\n - name: Make\n run: make\n - name: \"Inject `no_timer_check` to kernel cmdline\"\n # workaround to https://github.com/lima-vm/lima/issues/84\n run: |\n export PATH=\"$PWD/_output/bin:$PATH\"\n ./hack/inject-cmdline-to-template.sh _output/share/lima/templates/_images/ubuntu.yaml no_timer_check\n - name: Install\n run: sudo make install\n - name: Validate jsonschema\n run: make schema-limayaml.json\n - name: Validate templates\n # Can't validate base templates in `_default` because they have no images\n run: find -L templates -name '*.yaml' ! -path '*/_default/*' | xargs limactl validate\n - name: Install test dependencies\n # QEMU: required by Lima itself\n # bash: required by test-templates.sh (OS version of bash is too old)\n # coreutils: required by test-templates.sh for the \"timeout\" command\n # w3m : required by test-templates.sh for port forwarding tests\n # socat: required by test-templates.sh for port forwarding tests\n run: brew install qemu bash coreutils w3m socat\n - name: \"Adjust LIMACTL_CREATE_ARGS\"\n run: echo \"LIMACTL_CREATE_ARGS=${LIMACTL_CREATE_ARGS} --vm-type=qemu\" >>$GITHUB_ENV\n - name: Cache image used by default.yaml\n uses: ./.github/actions/setup_cache_for_template\n with:\n template: templates/default.yaml\n - name: \"Show cache\"\n run: ./hack/debug-cache.sh\n - name: \"Test default.yaml\"\n uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2\n with:\n timeout_minutes: 30\n retry_on: error\n max_attempts: 3\n command: ./hack/test-templates.sh templates/default.yaml\n # GHA macOS is slow and flaky, so we only test default.yaml here.\n # Other yamls are tested on Linux instances.\n #\n - if: always()\n uses: ./.github/actions/upload_failure_logs_if_exists\n - name: \"Show cache\"\n if: always()\n run: ./hack/debug-cache.sh\n\n # Non-default templates are tested on Linux instances of GHA,\n # as they seem more stable than macOS instances.\n qemu-linux:\n name: \"Integration tests (QEMU, Linux host)\"\n runs-on: ubuntu-24.04\n timeout-minutes: 120\n strategy:\n fail-fast: false\n matrix:\n # Most templates use 9p as the mount type\n template:\n - alpine.yaml\n - debian.yaml # reverse-sshfs\n - fedora.yaml\n - archlinux.yaml\n - opensuse.yaml\n - docker.yaml\n - ../hack/test-templates/alpine-iso-9p-writable.yaml # Covers alpine-iso.yaml\n - ../hack/test-templates/net-user-v2.yaml\n - ../hack/test-templates/test-misc.yaml # TODO: merge net-user-v2 into test-misc\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Make\n run: make\n - name: Install\n run: sudo make install\n - name: Cache image used by templates/${{ matrix.template }}\n uses: ./.github/actions/setup_cache_for_template\n with:\n template: templates/${{ matrix.template }}\n - name: Install test dependencies\n run: |\n sudo apt-get update\n sudo ./hack/install-qemu.sh\n sudo apt-get install -y --no-install-recommends socat w3m\n - name: Install ansible-playbook\n run: |\n sudo apt-get install -y --no-install-recommends ansible\n if: matrix.template == '../hack/test-templates/test-misc.yaml'\n - name: \"Show cache\"\n run: ./hack/debug-cache.sh\n - name: \"Test\"\n uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2\n with:\n timeout_minutes: 30\n retry_on: error\n max_attempts: 3\n command: ./hack/test-templates.sh templates/${{ matrix.template }}\n - if: always()\n uses: ./.github/actions/upload_failure_logs_if_exists\n with:\n suffix: ${{ matrix.template }}\n - name: \"Show cache\"\n run: ./hack/debug-cache.sh\n\n bats:\n name: \"Integration tests (BATS)\"\n runs-on: ubuntu-24.04\n timeout-minutes: 30\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n with:\n # BATS tests don't expect lima version warnings like:\n # msg=\"treating lima version \\\"ea336ae\\\" from \\\"/Users/runner/.lima-bats/dummy/lima-version\\\" as very latest release\"\n fetch-depth: 0\n submodules: true\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Make\n run: make\n - name: Install\n run: sudo make install\n - name: Install test dependencies\n run: |\n sudo apt-get update\n sudo ./hack/install-qemu.sh\n - name: Cache image used by templates/default.yaml\n uses: ./.github/actions/setup_cache_for_template\n with:\n template: templates/default.yaml\n - name: \"Run BATS integration tests\"\n run: make bats\n env:\n # The url-github.bats tests makes GitHub API requests\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n - name: Cache image used by templates/k8s.yaml\n uses: ./.github/actions/setup_cache_for_template\n with:\n template: templates/k8s.yaml\n - name: \"Run BATS k8s tests\"\n run: ./hack/bats/lib/bats-core/bin/bats --timing ./hack/bats/extras/k8s.bats\n env:\n LIMA_BATS_ALL_TESTS_RETRIES: 3\n - name: Cache image used by templates/freebsd.yaml\n uses: ./.github/actions/setup_cache_for_template\n with:\n template: templates/freebsd.yaml\n - name: \"Run BATS freebsd tests\"\n run: |\n set -eux -o pipefail\n # xorriso is required for creating Joliet filesystem\n sudo apt-get install -y xorriso\n ./hack/bats/lib/bats-core/bin/bats --timing ./hack/bats/extras/freebsd.bats\n\n colima:\n name: \"Colima tests (QEMU, Linux host)\"\n runs-on: ubuntu-24.04\n timeout-minutes: 120\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n with:\n # fetch-depth is set to 0 to let `limactl --version` print semver-ish version\n # fetch-depth: 0 is required for Colima integration test because Colima\n # checks Lima's version and requires proper semantic version format\n fetch-depth: 0\n ref: ${{ github.event.pull_request.head.sha }}\n submodules: true\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Make\n run: make\n - name: Install\n run: sudo make install\n - name: Install colima\n id: install-colima\n run: |\n git clone https://github.com/abiosoft/colima\n cd colima\n latest=\"$(git tag --sort=-v:refname | head -n1)\"\n git checkout \"$latest\"\n make\n sudo make install\n echo \"version=$latest\" >>$GITHUB_OUTPUT\n - name: Install test dependencies\n run: |\n sudo apt-get update\n sudo ./hack/install-qemu.sh\n - name: Cache colima\n uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4\n with:\n path: ~/.cache/colima\n key: colima-${{ steps.install-colima.outputs.version }}\n - name: Run BATS colima tests\n run: ./hack/bats/lib/bats-core/bin/bats --timing ./hack/bats/extras/colima.bats\n\n vmnet:\n name: \"VMNet tests (QEMU)\"\n runs-on: macos-15-large # Intel\n timeout-minutes: 120\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Make\n run: make\n - name: \"Inject `no_timer_check` to kernel cmdline\"\n # workaround to https://github.com/lima-vm/lima/issues/84\n run: |\n export PATH=\"$PWD/_output/bin:$PATH\"\n ./hack/inject-cmdline-to-template.sh _output/share/lima/templates/_images/ubuntu.yaml no_timer_check\n - name: Install\n run: sudo make install\n - name: \"Adjust LIMACTL_CREATE_ARGS\"\n run: echo \"LIMACTL_CREATE_ARGS=${LIMACTL_CREATE_ARGS} --vm-type=qemu --network=lima:shared\" >>$GITHUB_ENV\n - name: Cache image used by default .yaml\n uses: ./.github/actions/setup_cache_for_template\n with:\n template: templates/default.yaml\n - name: Install test dependencies\n run: brew install qemu bash coreutils w3m socat\n - name: Install socket_vmnet\n env:\n SOCKET_VMNET_VERSION: v1.2.2\n run: |\n (\n cd ~\n git clone https://github.com/lima-vm/socket_vmnet\n cd socket_vmnet\n git checkout $SOCKET_VMNET_VERSION\n sudo git config --global --add safe.directory /Users/runner/socket_vmnet\n sudo make PREFIX=/opt/socket_vmnet install\n )\n limactl sudoers | sudo tee /etc/sudoers.d/lima\n - name: Unit test (pkg/networks) with socket_vmnet\n # Set -count=1 to disable cache\n run: go test -v -count=1 ./pkg/networks/...\n - name: Test socket_vmnet\n uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2\n with:\n timeout_minutes: 30\n retry_on: error\n max_attempts: 3\n command: ./hack/test-templates.sh templates/default.yaml\n - if: always()\n uses: ./.github/actions/upload_failure_logs_if_exists\n\n upgrade:\n name: \"Upgrade tests (QEMU, macOS host)\"\n runs-on: macos-15-large # Intel\n timeout-minutes: 120\n strategy:\n matrix:\n oldver: [\"v0.15.1\"] # The default VM type was always QEMU until Lima v1.0\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - name: Fetch homebrew-core commit messages\n uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n with:\n # needed by ./hack/brew-install-version.sh\n repository: homebrew/homebrew-core\n path: homebrew-core\n fetch-depth: 0\n filter: tree:0\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Cache image used by ${{ matrix.oldver }}/examples/ubuntu-lts.yaml\n uses: ./.github/actions/setup_cache_for_template\n with:\n template: https://raw.githubusercontent.com/lima-vm/lima/${{ matrix.oldver }}/examples/ubuntu-lts.yaml\n - name: Install test dependencies\n run: |\n brew install bash coreutils\n # QEMU 9.1.0 seems to break on GitHub runners, both on Monterey and Ventura\n # We revert back to 8.2.1, which seems to work fine\n git config --global user.name \"GitHub Actions Bot\"\n git config --global user.email \"nobody@localhost\"\n ./hack/brew-install-version.sh qemu 8.2.1\n - name: Test\n uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2\n with:\n timeout_minutes: 30\n retry_on: error\n max_attempts: 3\n command: ./hack/test-upgrade.sh ${{ matrix.oldver }} ${{ github.sha }}\n - if: always()\n uses: ./.github/actions/upload_failure_logs_if_exists\n\n vz:\n name: \"Integration tests (vz)\"\n runs-on: macos-15-large # Intel\n timeout-minutes: 120\n strategy:\n fail-fast: false\n matrix:\n template:\n - default.yaml\n steps:\n - name: \"Adjust LIMACTL_CREATE_ARGS\"\n # --cpus=1 is needed for running vz on GHA: https://github.com/lima-vm/lima/pull/1511#issuecomment-1574937888\n run: echo \"LIMACTL_CREATE_ARGS=${LIMACTL_CREATE_ARGS} --cpus 1 --memory 1\" >>$GITHUB_ENV\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Make\n run: make\n - name: Install\n run: sudo make install\n - name: Cache image used by templates/${{ matrix.template }}\n uses: ./.github/actions/setup_cache_for_template\n with:\n template: templates/${{ matrix.template }}\n - name: Install test dependencies\n run: brew install bash coreutils w3m socat\n - name: Uninstall qemu\n run: brew uninstall --ignore-dependencies --force qemu\n - name: Test\n run: ./hack/test-templates.sh templates/${{ matrix.template }}\n - if: failure()\n uses: ./.github/actions/upload_failure_logs_if_exists\n with:\n suffix: ${{ matrix.template }}\n\n # gomodjail is a library sandbox for Go\n # https://github.com/AkihiroSuda/gomodjail\n #\n # This is an early experiment.\n # CI failures that only occurs with gomodjail shall not block merging PRs.\n gomodjail:\n name: \"gomodjail (experimental; failures shall not block merging PRs)\"\n runs-on: macos-15-large # Intel\n timeout-minutes: 30\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Install gomodjail\n run: |\n set -eux -o pipefail\n git clone https://github.com/AkihiroSuda/gomodjail\n cd gomodjail\n make binaries install\n - name: Install Lima\n # gomodjail depends on symbols\n run: |\n make KEEP_SYMBOLS=1 binaries\n sudo make install\n - name: Cache image used by templates/default.yaml\n uses: ./.github/actions/setup_cache_for_template\n with:\n template: templates/default.yaml\n - name: Smoke test\n run: gomodjail run --go-mod=./go.mod -- limactl start --tty=false\n\n cross:\n name: \"Cross-compile (NetBSD, DragonFlyBSD)\"\n runs-on: ubuntu-24.04\n timeout-minutes: 30\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - run: GOOS=netbsd go build ./...\n - run: GOOS=dragonfly go build ./...\n\n qemu-linux-old:\n name: \"Smoke tests (QEMU, old Linux host)\"\n runs-on: ubuntu-22.04 # QEMU 6.2\n timeout-minutes: 30\n steps:\n - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0\n with:\n go-version: stable\n - name: Make\n run: make\n - name: Install\n run: sudo make install\n - name: Cache image used by templates/default.yaml\n uses: ./.github/actions/setup_cache_for_template\n with:\n template: templates/default.yaml\n - name: Install test dependencies\n run: |\n sudo apt-get update\n sudo ./hack/install-qemu.sh\n - name: Smoke test\n run: limactl start --tty=false\n" }, { "path": ".gitignore", "content": "_output/\n_artifacts/\nlima.REJECTED.yaml\ndefault-template.yaml\nschema-limayaml.json\n.config\n" }, { "path": ".gitmodules", "content": "[submodule \"hack/bats/lib/bats-core\"]\n\tpath = hack/bats/lib/bats-core\n\turl = https://github.com/bats-core/bats-core.git\n\tbranch = master\n[submodule \"hack/bats/lib/bats-file\"]\n\tpath = hack/bats/lib/bats-file\n\turl = https://github.com/bats-core/bats-file.git\n\tbranch = master\n[submodule \"hack/bats/lib/bats-assert\"]\n\tpath = hack/bats/lib/bats-assert\n\turl = https://github.com/bats-core/bats-assert.git\n\tbranch = master\n[submodule \"hack/bats/lib/bats-support\"]\n\tpath = hack/bats/lib/bats-support\n\turl = https://github.com/bats-core/bats-support.git\n\tbranch = master\n" }, { "path": ".golangci.yml", "content": "# golangci-lint configuration file.\n# https://golangci-lint.run/usage/configuration/\nversion: \"2\"\nrun:\n concurrency: 6\nlinters:\n default: none\n enable:\n - bodyclose\n - copyloopvar\n - depguard\n - dupword\n - errcheck\n - errorlint\n - forbidigo\n - gocritic\n - godot\n - govet\n - ineffassign\n - intrange\n - misspell\n - modernize\n - nakedret\n - noctx\n - nolintlint\n - perfsprint\n - revive\n - staticcheck\n - unconvert\n - unused\n - usetesting\n - whitespace\n settings:\n depguard:\n rules:\n main:\n deny:\n - pkg: golang.org/x/net/context\n desc: use the 'context' package from the standard library\n - pkg: math/rand$\n desc: use the 'math/rand/v2' package\n errorlint:\n asserts: false\n forbidigo:\n forbid:\n - pattern: ^print(ln)?$\n msg: Do not use builtin print functions. It's for bootstrapping only and may be removed in the future.\n - pattern: ^fmt\\.Print.*$\n msg: Do not use fmt.Print statements.\n - pattern: ^testing.T.Fatal.*$\n msg: Use assert functions from the gotest.tools/v3/assert package instead.\n - pattern: ^sort.*$\n msg: Use sorting functions from the slices package instead.\n analyze-types: true\n gocritic:\n disabled-checks:\n - appendCombine\n - sloppyReassign\n - unlabelStmt\n - rangeValCopy\n - hugeParam\n - importShadow\n - sprintfQuotedString\n - builtinShadow\n - filepathJoin\n # See \"Tags\" section in https://github.com/go-critic/go-critic#usage\n enabled-tags:\n - diagnostic\n - performance\n - style\n - opinionated\n - experimental\n settings:\n ifElseChain:\n # Min number of if-else blocks that makes the warning trigger.\n minThreshold: 3\n modernize:\n disable:\n - omitzero\n perfsprint:\n int-conversion: false\n integer-format: false\n err-error: false\n errorf: true\n sprintf1: false\n strconcat: false\n concat-loop: false\n revive:\n # Set below 0.8 to enable error-strings\n confidence: 0.6\n # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md\n rules:\n - name: bare-return\n - name: blank-imports\n - name: context-as-argument\n - name: context-keys-type\n - name: deep-exit\n - name: dot-imports\n arguments:\n - allowedPackages:\n - github.com/lima-vm/lima/v2/pkg/must\n - name: empty-block\n - name: error-naming\n - name: error-return\n - name: error-strings\n - name: errorf\n - name: exported\n disabled: true\n - name: increment-decrement\n - name: indent-error-flow\n - name: package-comments\n disabled: true\n - name: package-directory-mismatch\n - name: range\n - name: receiver-naming\n - name: redefines-builtin-id\n - name: superfluous-else\n - name: time-naming\n - name: unexported-return\n - name: unnecessary-format\n - name: unreachable-code\n - name: unused-parameter\n - name: use-any\n - name: var-declaration\n - name: var-naming\n staticcheck:\n # https://staticcheck.dev/docs/configuration/options/#checks\n checks:\n - all\n - -QF1001 # apply De Morgan's law\n - -QF1008 # remove embedded field from selector\n - -SA3000 # false positive for Go 1.15+. See https://github.com/golang/go/issues/34129\n - -ST1000\n - -ST1001 # duplicates revive.dot-imports\n - -ST1022\n usetesting:\n os-temp-dir: true\n context-background: true\n context-todo: true\n exclusions:\n presets:\n - common-false-positives\n - legacy\n - std-error-handling\n rules:\n # Allow using Uid, Gid in pkg/osutil.\n - path: pkg/osutil/\n text: '(?i)(uid)|(gid)'\n # Disable some linters for test files.\n - linters:\n - godot\n path: _test\\.go\n # Allow \"api\" package names in hostagent and guestagent.\n - linters:\n - revive\n path: pkg/(hostagent|guestagent)/api/\n text: avoid meaningless package names\nissues:\n # Maximum issues count per one linter.\n max-issues-per-linter: 0\n # Maximum count of issues with the same text.\n max-same-issues: 0\nformatters:\n enable:\n - gci\n - gofmt\n - gofumpt\n settings:\n gci:\n sections:\n - standard\n - default\n - localmodule\n" }, { "path": ".ls-lint.yml", "content": "# ls-lint configuration file.\n# https://ls-lint.org/2.2/configuration/the-basics.html\nls:\n .dir: kebab-case\n .go: snake_case\n .lima: snake_case\n .sh: kebab-case\n .TEMPLATE.yaml: kebab-case\n .yaml: kebab-case\n .yml: kebab-case\n\n .github:\n .yaml: snake_case\n\n cmd/limactl:\n # valid names are `show-ssh.go`, `show-ssh_windows.go` or `show-ssh_test.go`\n .go: lowercase\n\n templates:\n # _default and _images have leading underscores\n .dir: lowercase\n\n website/content:\n .dir: lowercase\n\nignore:\n- .git\n- .golangci.yml\n- .ls-lint.yml\n- '_output'\n- '**/*.pb\\.go'\n- hack/common.inc.sh\n- pkg/cidata/cidata.TEMPLATE.d\n- pkg/cidata/cidata.TEMPLATE.d/util/compare_version.sh\n- website\n# \"ubuntu-24.04\" does not follow the kebab-case\n- '**/ubuntu-*\\.yaml'\n# \"boot.\" does not follow the kebab-case\n- '**/boot.*'\n" }, { "path": ".markdownlint.json", "content": "{\n \"first-line-h1\": false,\n \"no-inline-html\": false,\n \"blanks-around-headers\": false,\n \"blanks-around-lists\": false,\n \"blanks-around-fences\": false,\n \"commands-show-output\": false,\n \"ul-style\": false,\n \"line-length\": false\n}\n" }, { "path": ".protolint.yaml", "content": "# This is the configuration for protolint.\n# See https://github.com/yoheimuta/protolint/blob/v0.55.6/_example/config/.protolint.yaml for details.\n---\nlint:\n rules:\n # Enable all default rules.\n no_default: false\n rules_option:\n # MAX_LINE_LENGTH rule option.\n max_line_length:\n max_chars: 100\n" }, { "path": ".shellcheckrc", "content": "source-path=SCRIPTDIR\n" }, { "path": ".yamllint", "content": "---\n\nextends: default\n\nignore: |\n # this is a yaml template, needs to be executed\n pkg/cidata/cloud-config.yaml\n\nrules:\n indentation:\n indent-sequences: false\n truthy:\n allowed-values: ['true', 'false', 'on', 'off']\n comments-indentation: disable\n document-start: disable\n line-length: disable\n" }, { "path": "LICENSE", "content": "\n Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n \"License\" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n \"Licensor\" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n \"Legal Entity\" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n \"control\" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n \"You\" (or \"Your\") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n \"Source\" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n \"Object\" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n \"Work\" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n \"Derivative Works\" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n \"Contribution\" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, \"submitted\"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as \"Not a Contribution.\"\n\n \"Contributor\" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a \"NOTICE\" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same \"printed page\" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n" }, { "path": "MAINTAINERS.md", "content": "Moved to .\n" }, { "path": "Makefile", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n# Files are installed under $(DESTDIR)/$(PREFIX)\nPREFIX ?= /usr/local\nDEST := $(shell echo \"$(DESTDIR)/$(PREFIX)\" | sed 's:///*:/:g; s://*$$::')\n\nGO ?= go\nTAR ?= tar\nZIP ?= zip\nPLANTUML ?= plantuml # may also be \"java -jar plantuml.jar\" if installed elsewhere\n\nGOARCH ?= $(shell $(GO) env GOARCH)\nGOHOSTARCH := $(shell $(GO) env GOHOSTARCH)\nGOHOSTOS := $(shell $(GO) env GOHOSTOS)\nGOOS ?= $(shell $(GO) env GOOS)\nifeq ($(GOOS),windows)\nbat = .bat\nexe = .exe\nendif\n\nifeq ($(GOOS),darwin)\nMACOS_SDK_VERSION = $(shell xcrun --show-sdk-version | cut -d . -f 1)\n# xcrun command seems to fail even when the SDK is available:\n# > xcrun: error: unable to lookup item 'SDKVersion' in SDK '/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk'\nifeq ($(MACOS_SDK_VERSION),)\nMACOS_SDK_VERSION = $(shell readlink /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk | sed -E -e \"s/^MacOSX//\" -e \"s/\\.[0-9]+\\.sdk//\")\nendif\nendif\n\nDEFAULT_ADDITIONAL_DRIVERS :=\nifeq ($(GOOS),darwin)\nifeq ($(GOARCH),arm64)\nifeq ($(shell test $(MACOS_SDK_VERSION) -ge 14; echo $$?),0)\n# krunkit needs macOS 14 or later: https://github.com/containers/libkrun/blob/main/README.md#macos-efi-variant\nDEFAULT_ADDITIONAL_DRIVERS += krunkit\nendif\nendif\nendif\nADDITIONAL_DRIVERS ?= $(DEFAULT_ADDITIONAL_DRIVERS)\n\nGO_BUILDTAGS ?=\nifeq ($(GOOS),darwin)\nifeq ($(shell test $(MACOS_SDK_VERSION) -lt 13; echo $$?),0)\n# The \"vz\" mode needs macOS 13 SDK or later\nGO_BUILDTAGS += no_vz\nendif\nendif\n\nifeq ($(GOHOSTOS),windows)\nWINVER_MAJOR=$(shell powershell.exe \"[System.Environment]::OSVersion.Version.Major\")\nifeq ($(WINVER_MAJOR),10)\nWINVER_BUILD=$(shell powershell.exe \"[System.Environment]::OSVersion.Version.Build\")\nWINVER_BUILD_HIGH_ENOUGH=$(shell powershell.exe $(WINVER_BUILD) -ge 19041)\nifeq ($(WINVER_BUILD_HIGH_ENOUGH),False)\nGO_BUILDTAGS += no_wsl\nendif\nendif\nendif\n\nPACKAGE := github.com/lima-vm/lima/v2\n\nVERSION ?= $(shell git describe --match 'v[0-9]*' --dirty='.m' --always --tags 2>/dev/null)\nVERSION_TRIMMED := $(VERSION:v%=%)\n\nifeq ($(VERSION),)\n$(error VERSION could not be determined. Build from a git repo or run: make VERSION=vX.Y.Z)\nendif\n\n# `DEBUG` flag to build binaries with debug information for use by `dlv exec`.\n# This implies KEEP_DWARF=1 and KEEP_SYMBOLS=1.\nDEBUG ?=\nGO_BUILD_GCFLAGS ?=\nKEEP_DWARF ?=\nKEEP_SYMBOLS ?=\nifeq ($(DEBUG),1)\n\t# Disable optimizations and inlining to make debugging easier.\n\tGO_BUILD_GCFLAGS = -gcflags=\"all=-N -l\"\n\t# Keep the symbol table\n\tKEEP_DWARF = 1\n\t# Enable DWARF generation\n\tKEEP_SYMBOLS = 1\nendif\n\nGO_BUILD_LDFLAGS_W := true\nifeq ($(KEEP_DWARF),1)\n\tGO_BUILD_LDFLAGS_W = false\nendif\n\nGO_BUILD_LDFLAGS_S := true\nifeq ($(KEEP_SYMBOLS),1)\n\tGO_BUILD_LDFLAGS_S = false\nendif\n# `-s`: Strip the symbol table according to the KEEP_SYMBOLS config\n# `-w`: Disable DWARF generation according to the KEEP_DWARF config\n# `-X`: Embed version information.\nGO_BUILD_LDFLAGS := -ldflags=\"-s=$(GO_BUILD_LDFLAGS_S) -w=$(GO_BUILD_LDFLAGS_W) -X $(PACKAGE)/pkg/version.Version=$(VERSION)\"\n# `go -version -m` returns -tags with comma-separated list, because space-separated list is deprecated in go1.13.\n# converting to comma-separated list is useful for comparing with the output of `go version -m`.\nGO_BUILD_FLAG_TAGS := $(addprefix -tags=,$(shell echo \"$(GO_BUILDTAGS)\"|tr \" \" \"\\n\"|paste -sd \",\" -))\nGO_BUILD := $(strip $(GO) build $(GO_BUILD_GCFLAGS) $(GO_BUILD_LDFLAGS) $(GO_BUILD_FLAG_TAGS))\n\n################################################################################\n# Features\n.NOTPARALLEL:\n.SECONDEXPANSION:\n\n################################################################################\n.PHONY: all\nall: binaries manpages\n\n################################################################################\n# Help\n.PHONY: help\nhelp:\n\t@echo ' binaries - Build all binaries'\n\t@echo ' manpages - Build manual pages'\n\t@echo\n\t@echo ' help-variables - Show Makefile variables'\n\t@echo ' help-targets - Show additional Makefile targets'\n\n.PHONY: help-variables\nhelp-variables:\n\t@echo '# Variables that can be overridden.'\n\t@echo\n\t@echo '- PREFIX (directory) : Installation prefix (default: /usr/local)'\n\t@echo '- KEEP_DWARF (1 or 0) : Whether to keep DWARF information (default: 0)'\n\t@echo '- KEEP_SYMBOLS (1 or 0) : Whether to keep symbols (default: 0)'\n\t@echo '- DEBUG (1 or 0) : Whether to build with debug information (default: 0)'\n\n.PHONY: help-targets\nhelp-targets:\n\t@echo '# Targets can be categorized by their location.'\n\t@echo\n\t@echo 'Targets for files in _output/bin/:'\n\t@echo '- limactl : Build limactl, and lima'\n\t@echo '- lima : Copy lima, and lima.bat'\n\t@echo '- helpers : Copy nerdctl.lima, apptainer.lima, docker.lima, podman.lima, and kubectl.lima'\n\t@echo\n\t@echo 'Targets for files in _output/libexec/lima/:'\n\t@echo '- limactl-plugins : Build limactl-* CLI plugins'\n\t@echo\n\t@echo 'Targets for files in _output/share/lima/:'\n\t@echo '- guestagents : Build guestagents'\n\t@echo '- native-guestagent : Build guestagent for native arch'\n\t@echo '- additional-guestagents : Build guestagents for archs other than native arch'\n\t@echo '- -guestagent : Build guestagent for : $(sort $(LINUX_GUESTAGENT_ARCHS))'\n\t@echo\n\t@echo 'Targets for files in _output/share/lima/templates/:'\n\t@echo '- templates : Copy templates'\n\t@echo '- template_experimentals : Copy experimental templates to experimental/'\n\t@echo '- default_template : Copy default.yaml template'\n\t@echo '- update-templates : Update templates'\n\t@echo\n\t@echo 'Targets for files in _output/share/doc/lima:'\n\t@echo '- documentation : Copy documentation to _output/share/doc/lima'\n\t@echo '- create-links-in-doc-dir : Create some symlinks pointing ../../lima/templates'\n\t@echo\n\t@echo '# e.g. to install limactl, helpers, native guestagent, and templates:'\n\t@echo '# make native install'\n\n.PHONY: help-artifact\nhelp-artifact:\n\t@echo '# Targets for building artifacts to _artifacts/'\n\t@echo\n\t@echo 'Targets to building multiple archs artifacts for GOOS:'\n\t@echo '- artifacts : Build artifacts for current OS and supported archs'\n\t@echo '- artifacts- : Build artifacts for supported archs and : darwin, linux, or windows'\n\t@echo\n\t@echo 'Targets to building GOOS and ARCH (GOARCH, or uname -m) specific artifacts:'\n\t@echo '- artifact : Build artifacts for current GOOS and GOARCH'\n\t@echo '- artifact- : Build artifacts for current GOARCH and : darwin, linux, or windows'\n\t@echo '- artifact- : Build artifacts for current GOOS with : amd64, arm64, x86_64, or aarch64'\n\t@echo '- artifact-- : Build artifacts for and '\n\t@echo\n\t@echo '# GOOS and GOARCH can be specified with make parameters or environment variables.'\n\t@echo '# e.g. to build artifact for linux and arm64:'\n\t@echo '# make GOOS=linux GOARCH=arm64 artifact'\n\t@echo\n\t@echo 'Targets for miscellaneous artifacts:'\n\t@echo '- artifacts-misc : Build artifacts for go.mod, go.sum, and vendor'\n\n################################################################################\n# convenience targets\nexe: _output/bin/limactl$(exe)\n\n.PHONY: minimal native\nminimal: clean limactl native-guestagent default_template\nnative: clean limactl limactl-plugins helpers native-guestagent templates template_experimentals additional-drivers\n\n################################################################################\n# These configs were once customizable but should no longer be changed.\nCONFIG_GUESTAGENT_OS_LINUX=y\nCONFIG_GUESTAGENT_OS_DARWIN=\nifeq ($(GOOS),darwin)\nifeq ($(GOARCH),arm64)\nCONFIG_GUESTAGENT_OS_DARWIN=y\nendif\nendif\nCONFIG_GUESTAGENT_ARCH_X8664=y\nCONFIG_GUESTAGENT_ARCH_AARCH64=y\nCONFIG_GUESTAGENT_ARCH_ARMV7L=y\nCONFIG_GUESTAGENT_ARCH_PPC64LE=y\nCONFIG_GUESTAGENT_ARCH_RISCV64=y\nCONFIG_GUESTAGENT_ARCH_S390X=y\nCONFIG_GUESTAGENT_COMPRESS=y\n\n################################################################################\n.PHONY: binaries\nbinaries: limactl helpers limactl-plugins guestagents \\\n\ttemplates template_experimentals \\\n\tdocumentation create-links-in-doc-dir\n\n################################################################################\n# _output/bin\n.PHONY: limactl lima helpers\nlimactl: _output/bin/limactl$(exe) lima\n\n### Listing Dependencies\n\n# returns a list of files expanded from $(1) excluding directories and files ending with '_test.go'.\nfind_files_excluding_dir_and_test = $(shell find $(1) ! -type d ! -name '*_test.go')\nFILES_IN_PKG = $(call find_files_excluding_dir_and_test, ./pkg)\n\n# returns a list of files which are dependencies for the command $(1).\ndependencies_for_cmd = go.mod $(call find_files_excluding_dir_and_test, ./cmd/$(1)) $(FILES_IN_PKG)\n\n### Force Building Targets\n\n# returns GOVERSION, CGO*, GO*, -ldflags, and -tags build variables from the output of `go version -m $(1)`.\n# When CGO_* variables are not set, they are not included in the output.\n# Because the CGO_* variables are not set means that those values are default values,\n# it can be assumed that those values are same if the GOVERSION is same.\n# $(1): target binary\nextract_build_vars = $(shell \\\n\t($(GO) version -m $(1) 2>&- || echo $(1):) | \\\n\tawk 'FNR==1{print \"GOVERSION=\"$$2}$$2~/^(CGO|GO|-gcflags|-ldflags|-tags).*=.+$$/{sub(\"^.*\"$$2,$$2); print $$0}' \\\n)\n\n# a list of keys from the GO build variables to be used for calling `go env`.\n# keys starting with '-' are excluded because `go env` does not support those keys.\n# $(1): extracted build variables from the binary\nkeys_in_build_vars = $(filter-out -%,$(shell for i in $(1); do echo $${i%%=*}; done))\n\n# a list of GO build variables to build the target binary.\n# $(1): target binary. expecting ENVS_$(2) is set to use the environment variables for the target binary.\n# $(2): key of the GO build variable to be used for calling `go env`.\ngo_build_vars = $(shell \\\n\t$(ENVS_$(1)) $(GO) env $(2) | \\\n\tawk '/ /{print \"\\\"\"$$0\"\\\"\"; next}{print}' | \\\n\tfor k in $(2); do read -r v && echo \"$$k=$${v}\"; done \\\n) $(GO_BUILD_GCFLAGS) $(GO_BUILD_LDFLAGS) $(GO_BUILD_FLAG_TAGS)\n\n# returns the difference between $(1) and $(2).\ndiff = $(filter-out $(2),$(1))$(filter-out $(1),$(2))\n\n# returns diff between the GO build variables in the binary $(1) and the building variables.\n# $(1): target binary\n# $(2): extracted GO build variables from the binary\ncompare_build_vars = $(call diff,$(call go_build_vars,$(1),$(call keys_in_build_vars,$(2))),$(2))\n\n# returns \"force\" if the GO build variables in the binary $(1) is different from the building variables.\n# $(1): target binary. expecting ENVS_$(1) is set to use the environment variables for the target binary.\nforce_build = $(if $(call compare_build_vars,$(1),$(call extract_build_vars,$(1))),force,)\n\n# returns the file name without .gz extension. It also gunzips the file with .gz extension if exists.\n# $(1): target file\ngunzip_if_exists = $(shell f=$(1); f=$${f%.gz}; test -f \"$${f}.gz\" && (set -x; gunzip -f \"$${f}.gz\") ; echo \"$${f}\")\n\n# call force_build with passing output of gunzip_if_exists as an argument.\n# $(1): target file\nforce_build_with_gunzip = $(call force_build,$(call gunzip_if_exists,$(1)))\n\nforce: # placeholder for force build\n\n################################################################################\n# _output/bin/limactl$(exe)\n\n# dependencies for limactl\nLIMACTL_DEPS = $(call dependencies_for_cmd,limactl)\nifeq ($(GOOS),darwin)\nLIMACTL_DEPS += vz.entitlements\nendif\n\n# environment variables for limactl. this variable is used for checking force build.\n#\n# The hostagent must be compiled with CGO_ENABLED=1 so that net.LookupIP() in the DNS server\n# calls the native resolver library and not the simplistic version in the Go library.\nENVS__output/bin/limactl$(exe) = CGO_ENABLED=1 GOOS=\"$(GOOS)\" GOARCH=\"$(GOARCH)\" CC=\"$(CC)\"\n\nLIMACTL_DRIVER_TAGS :=\nifneq (,$(findstring vz,$(ADDITIONAL_DRIVERS)))\nLIMACTL_DRIVER_TAGS += external_vz\nendif\nifneq (,$(findstring qemu,$(ADDITIONAL_DRIVERS)))\nLIMACTL_DRIVER_TAGS += external_qemu\nendif\nifneq (,$(findstring wsl2,$(ADDITIONAL_DRIVERS)))\nLIMACTL_DRIVER_TAGS += external_wsl2\nendif\n\nGO_BUILDTAGS ?=\nGO_BUILDTAGS_LIMACTL := $(strip $(GO_BUILDTAGS) $(LIMACTL_DRIVER_TAGS))\n\n_output/bin/limactl$(exe): $(LIMACTL_DEPS) $$(call force_build,$$@)\nifneq ($(GOOS),windows) #\n\t@rm -rf _output/bin/limactl.exe\nelse\n\t@rm -rf _output/bin/limactl\nendif\n\t$(ENVS_$@) $(GO_BUILD) -tags '$(GO_BUILDTAGS_LIMACTL)' -o $@ ./cmd/limactl\nifeq ($(GOOS),darwin)\n\tcodesign -f -v --entitlements vz.entitlements -s - $@\nendif\n\nLIBEXEC_LIMA := _output/libexec/lima\n\nlimactl-plugins: $(LIBEXEC_LIMA)/limactl-mcp$(exe) $(LIBEXEC_LIMA)/limactl-url-fedora-rawhide\n\n$(LIBEXEC_LIMA)/limactl-mcp$(exe): $(call dependencies_for_cmd,limactl-mcp) $$(call force_build,$$@)\n\t@mkdir -p $(LIBEXEC_LIMA)\n\t$(ENVS_$@) $(GO_BUILD) -o $@ ./cmd/limactl-mcp\n\n$(LIBEXEC_LIMA)/limactl-url-fedora-rawhide: cmd/limactl-url-fedora-rawhide\n\tcp -aL $< $@\n\n.PHONY: additional-drivers\nadditional-drivers:\n\t@mkdir -p $(LIBEXEC_LIMA)\n\t@for drv in $(ADDITIONAL_DRIVERS); do \\\n\t\techo \"Building $$drv as external\"; \\\n\t\tif [ \"$(GOOS)\" = \"windows\" ]; then \\\n\t\t\t$(GO_BUILD) -o $(LIBEXEC_LIMA)/lima-driver-$$drv.exe ./cmd/lima-driver-$$drv; \\\n\t\telse \\\n\t\t\t$(GO_BUILD) -o $(LIBEXEC_LIMA)/lima-driver-$$drv ./cmd/lima-driver-$$drv; \\\n\t\t\tfi; \\\n\t\tif [ \"$$drv\" = \"vz\" ] && [ \"$(GOOS)\" = \"darwin\" ]; then \\\n\t\t\tcodesign -f -v --entitlements vz.entitlements -s - $(LIBEXEC_LIMA)/lima-driver-vz; \\\n\t\tfi; \\\n\tdone\n\nLIMA_CMDS = $(sort lima lima$(bat)) # $(sort ...) deduplicates the list\nLIMA_DEPS = $(addprefix _output/bin/,$(LIMA_CMDS))\nlima: $(LIMA_DEPS)\n\nHELPER_CMDS = nerdctl.lima apptainer.lima docker.lima podman.lima kubectl.lima\nHELPERS_DEPS = $(addprefix _output/bin/,$(HELPER_CMDS))\nhelpers: $(HELPERS_DEPS)\n\n_output/bin/%: ./cmd/% | _output/bin\n\tcp -a $< $@\n\nMKDIR_TARGETS += _output/bin\n\n################################################################################\n# _output/share/lima/lima-guestagent\nLINUX_GUESTAGENT_PATH_COMMON = _output/share/lima/lima-guestagent.Linux-\nDARWIN_GUESTAGENT_PATH_COMMON = _output/share/lima/lima-guestagent.Darwin-\n\n# How to add architecture specific guestagent:\n# 1. Add the architecture to GUESTAGENT_ARCHS\n# 2. Add ENVS_$(*_GUESTAGENT_PATH_COMMON) to set GOOS, GOARCH, and other necessary environment variables\nLINUX_GUESTAGENT_ARCHS = aarch64 armv7l ppc64le riscv64 s390x x86_64\nDARWIN_GUESTAGENT_ARCHS = aarch64\n\nifeq ($(CONFIG_GUESTAGENT_OS_LINUX),y)\nALL_GUESTAGENTS_NOT_COMPRESSED += $(addprefix $(LINUX_GUESTAGENT_PATH_COMMON),$(LINUX_GUESTAGENT_ARCHS))\nendif\nifeq ($(CONFIG_GUESTAGENT_OS_DARWIN),y)\nALL_GUESTAGENTS_NOT_COMPRESSED += $(addprefix $(DARWIN_GUESTAGENT_PATH_COMMON),$(DARWIN_GUESTAGENT_ARCHS))\nendif\nifeq ($(CONFIG_GUESTAGENT_COMPRESS),y)\ngz=.gz\nendif\n\nALL_GUESTAGENTS = $(addsuffix $(gz),$(ALL_GUESTAGENTS_NOT_COMPRESSED))\n\n# guestagent path for the given platform. it may has .gz extension if CONFIG_GUESTAGENT_COMPRESS is enabled.\n# $(1): operating system (os)\n# $(2): list of architectures\nguestagent_path = $(foreach arch,$(2),$($(1)_GUESTAGENT_PATH_COMMON)$(arch)$(gz))\n\nifeq ($(CONFIG_GUESTAGENT_OS_LINUX),y)\nNATIVE_GUESTAGENT_ARCH = $(shell echo $(GOARCH) | sed -e s/arm64/aarch64/ -e s/arm/armv7l/ -e s/amd64/x86_64/)\nNATIVE_GUESTAGENT = $(call guestagent_path,LINUX,$(NATIVE_GUESTAGENT_ARCH))\nADDITIONAL_GUESTAGENT_ARCHS = $(filter-out $(NATIVE_GUESTAGENT_ARCH),$(LINUX_GUESTAGENT_ARCHS))\nADDITIONAL_GUESTAGENTS = $(call guestagent_path,LINUX,$(ADDITIONAL_GUESTAGENT_ARCHS))\nendif\nifeq ($(CONFIG_GUESTAGENT_OS_DARWIN),y)\nifeq ($(GOARCH),arm64)\nNATIVE_GUESTAGENT_ARCH = aarch64\nNATIVE_GUESTAGENT += $(call guestagent_path,DARWIN,$(NATIVE_GUESTAGENT_ARCH))\nendif\nendif\n# No ADDITIONAL_GUESTAGENTS for Darwin, as only one architecture is supported.\n\n# config_guestagent_arch returns expanded value of CONFIG_GUESTAGENT_ARCH_\n# $(1): architecture\n# CONFIG_GUESTAGENT_ARCH_ naming convention: uppercase, remove '_'\nconfig_guestagent_arch = $(filter y,$(CONFIG_GUESTAGENT_ARCH_$(shell echo $(1)|tr -d _|tr a-z A-Z)))\n\n# guestagent_path_enabled_by_config returns the path to the guestagent binary for the given architecture,\n# or an empty string if the CONFIG_GUESTAGENT_ARCH_ is not set.\nguestagent_path_enabled_by_config = $(if $(call config_guestagent_arch,$(2)),$(call guestagent_path,$(1),$(2)))\n\nifeq ($(CONFIG_GUESTAGENT_OS_LINUX),y)\n# apply CONFIG_GUESTAGENT_ARCH_*\nGUESTAGENTS += $(foreach arch,$(LINUX_GUESTAGENT_ARCHS),$(call guestagent_path_enabled_by_config,LINUX,$(arch)))\nendif\nifeq ($(CONFIG_GUESTAGENT_OS_DARWIN),y)\nGUESTAGENTS += $(call guestagent_path,DARWIN,aarch64)\nendif\n\n.PHONY: guestagents native-guestagent additional-guestagents\nguestagents: $(GUESTAGENTS)\nnative-guestagent: $(NATIVE_GUESTAGENT)\nadditional-guestagents: $(ADDITIONAL_GUESTAGENTS)\n%-guestagent:\n\t@[ \"$(findstring $(*),$(LINUX_GUESTAGENT_ARCHS))\" == \"$(*)\" ] && make $(call guestagent_path,LINUX,$*)\n\t@[ \"$(findstring $(*),$(DARWIN_GUESTAGENT_ARCHS))\" == \"$(*)\" ] && make $(call guestagent_path,DARWIN,$*)\n\n# environment variables for linux-guestagent. these variable are used for checking force build.\nENVS_$(LINUX_GUESTAGENT_PATH_COMMON)aarch64 = CGO_ENABLED=0 GOOS=linux GOARCH=arm64\nENVS_$(LINUX_GUESTAGENT_PATH_COMMON)armv7l = CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7\nENVS_$(LINUX_GUESTAGENT_PATH_COMMON)ppc64le = CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le\nENVS_$(LINUX_GUESTAGENT_PATH_COMMON)riscv64 = CGO_ENABLED=0 GOOS=linux GOARCH=riscv64\nENVS_$(LINUX_GUESTAGENT_PATH_COMMON)s390x = CGO_ENABLED=0 GOOS=linux GOARCH=s390x\nENVS_$(LINUX_GUESTAGENT_PATH_COMMON)x86_64 = CGO_ENABLED=0 GOOS=linux GOARCH=amd64\nENVS_$(DARWIN_GUESTAGENT_PATH_COMMON)aarch64 = CGO_ENABLED=0 GOOS=darwin GOARCH=arm64\n$(ALL_GUESTAGENTS_NOT_COMPRESSED): $(call dependencies_for_cmd,lima-guestagent) $$(call force_build_with_gunzip,$$@) | _output/share/lima\n\t$(ENVS_$@) $(GO_BUILD) -o $@ ./cmd/lima-guestagent\n\tchmod 644 $@\n$(LINUX_GUESTAGENT_PATH_COMMON)%.gz: $(LINUX_GUESTAGENT_PATH_COMMON)% $$(call force_build_with_gunzip,$$@)\n\t@set -x; gzip -n $<\n$(DARWIN_GUESTAGENT_PATH_COMMON)%.gz: $(DARWIN_GUESTAGENT_PATH_COMMON)% $$(call force_build_with_gunzip,$$@)\n\t@set -x; gzip -n $<\n\nMKDIR_TARGETS += _output/share/lima\n\n################################################################################\n# _output/share/lima/templates\nTEMPLATES = $(addprefix _output/share/lima/templates/,$(filter-out experimental,$(notdir $(wildcard templates/*))))\nTEMPLATE_DEFAULTS = ${addprefix _output/share/lima/templates/_default/,$(notdir $(wildcard templates/_default/*))}\nTEMPLATE_IMAGES = $(addprefix _output/share/lima/templates/_images/,$(notdir $(wildcard templates/_images/*)))\nTEMPLATE_EXPERIMENTALS = $(addprefix _output/share/lima/templates/experimental/,$(notdir $(wildcard templates/experimental/*)))\n\n.PHONY: default_template templates template_experimentals\ndefault_template: _output/share/lima/templates/default.yaml\ntemplates: $(TEMPLATES) $(TEMPLATE_DEFAULTS) $(TEMPLATE_IMAGES)\ntemplate_experimentals: $(TEMPLATE_EXPERIMENTALS)\n\n$(TEMPLATES): | _output/share/lima/templates\n$(TEMPLATE_DEFAULTS): | _output/share/lima/templates/_default\n$(TEMPLATE_IMAGES): | _output/share/lima/templates/_images\n$(TEMPLATE_EXPERIMENTALS): | _output/share/lima/templates/experimental\nMKDIR_TARGETS += _output/share/lima/templates _output/share/lima/templates/_default _output/share/lima/templates/_images _output/share/lima/templates/experimental\n\n_output/share/lima/templates/%: templates/%\n\tcp -aL $< $@\n\n# returns \"force\" if GOOS==windows, or GOOS!=windows and the file $(1) is not a symlink.\n# $(1): target file\n# On Windows, always copy to ensure the target has the same file as the source.\nforce_link = $(if $(filter windows,$(GOOS)),force,$(shell test ! -L $(1) && echo force))\n\n################################################################################\n# templates/_images\n\n# fedora-N.yaml should not be updated to refer to Fedora N+1 images\nTEMPLATES_TO_BE_UPDATED = $(filter-out $(wildcard templates/_images/fedora*.yaml),$(wildcard templates/_images/*.yaml))\n\n.PHONY: update-templates\nupdate-templates: $(TEMPLATES_TO_BE_UPDATED)\n\t./hack/update-template.sh $^\n\n################################################################################\n# _output/share/doc/lima\nDOCUMENTATION = $(addprefix _output/share/doc/lima/,$(wildcard *.md) LICENSE SECURITY.md VERSION)\n\n.PHONY: documentation\ndocumentation: $(DOCUMENTATION)\n\n_output/share/doc/lima/SECURITY.md: | _output/share/doc/lima\n\techo \"Moved to https://github.com/lima-vm/.github/blob/main/SECURITY.md\" > $@\n\n_output/share/doc/lima/VERSION: | _output/share/doc/lima\n\techo $(VERSION) > $@\n\n_output/share/doc/lima/%: % | _output/share/doc/lima\n\tcp -aL $< $@\n\nMKDIR_TARGETS += _output/share/doc/lima\n\n.PHONY: create-links-in-doc-dir\ncreate-links-in-doc-dir: _output/share/doc/lima/templates\n_output/share/doc/lima/templates: _output/share/lima/templates $$(call force_link,$$@)\n# remove the existing directory or symlink\n\trm -rf $@\nifneq ($(GOOS),windows)\n\tln -sf ../../lima/templates $@\nelse\n# copy from templates built in build process\n\tcp -aL $< $@\nendif\n\n################################################################################\n# returns difference between GOOS GOARCH and GOHOSTOS GOHOSTARCH.\ncross_compiling = $(call diff,$(GOOS) $(GOARCH),$(GOHOSTOS) $(GOHOSTARCH))\n# returns true if cross_compiling is empty.\nnative_compiling = $(if $(cross_compiling),,true)\n\n################################################################################\n# _output/share/man/man1\n.PHONY: manpages\n# Set limactl.1 as explicit dependency.\n# It's uncertain how many manpages will be generated by `make`,\n# because `limactl` generates them without corresponding source code for the manpages.\nmanpages: _output/share/man/man1/limactl.1\n_output/share/man/man1/limactl.1: _output/bin/limactl$(exe)\n\t@mkdir -p _output/share/man/man1\nifeq ($(native_compiling),true)\n# The manpages are generated by limactl, so the limactl binary must be native.\n\t$< generate-doc _output/share/man/man1 \\\n\t\t--output _output --prefix $(PREFIX)\nendif\n\n################################################################################\n.PHONY: docsy\n# Set limactl.md as explicit dependency.\n# It's uncertain how many docsy pages will be generated by `make`,\n# because `limactl` generates them without corresponding source code for the docsy pages.\ndocsy: website/_output/docsy/limactl.md website/_output/docsy-mcp/mcp.md\nwebsite/_output/docsy/limactl.md: _output/bin/limactl$(exe)\n\t@mkdir -p website/_output/docsy\nifeq ($(native_compiling),true)\n# The docs are generated by limactl, so the limactl binary must be native.\n\t$< generate-doc --type docsy website/_output/docsy \\\n\t\t--output _output --prefix $(PREFIX)\nendif\nwebsite/_output/docsy-mcp/mcp.md: _output/libexec/lima/limactl-mcp$(exe)\n\t@mkdir -p website/_output/docsy-mcp\nifeq ($(native_compiling),true)\n\t$< generate-doc website/_output/docsy-mcp\nendif\n\n################################################################################\ndefault-template.yaml: _output/bin/limactl$(exe)\nifeq ($(native_compiling),true)\n\t$< tmpl copy --embed-all templates/default.yaml $@\nendif\n\nschema-limayaml.json: _output/bin/limactl$(exe) templates/default.yaml default-template.yaml\nifeq ($(native_compiling),true)\n\t# validate both the original template (with the \"base\" etc), and the embedded template\n\t$< generate-jsonschema --schemafile $@ templates/default.yaml default-template.yaml\nendif\n\n.PHONY: check-jsonschema\ncheck-jsonschema: schema-limayaml.json templates/default.yaml default-template.yaml\n\tcheck-jsonschema --schemafile schema-limayaml.json templates/default.yaml default-template.yaml\n\n################################################################################\n.PHONY: diagrams\ndiagrams: docs/lima-sequence-diagram.png\ndocs/lima-sequence-diagram.png: docs/images/lima-sequence-diagram.puml\n\t$(PLANTUML) ./docs/images/lima-sequence-diagram.puml\n\n################################################################################\n.PHONY: install\ninstall: uninstall\n\tmkdir -p \"$(DEST)\"\n\t# Use tar rather than cp, for better symlink handling\n\t( cd _output && $(TAR) c * | $(TAR) -xv --no-same-owner -C \"$(DEST)\" )\n\tif [ \"$(shell uname -s )\" != \"Linux\" -a ! -e \"$(DEST)/bin/nerdctl\" ]; then ln -sf nerdctl.lima \"$(DEST)/bin/nerdctl\"; fi\n\tif [ \"$(shell uname -s )\" != \"Linux\" -a ! -e \"$(DEST)/bin/apptainer\" ]; then ln -sf apptainer.lima \"$(DEST)/bin/apptainer\"; fi\n\n.PHONY: uninstall\nuninstall:\n\t@test -f \"$(DEST)/bin/lima\" || echo \"lima not found in $(DEST) prefix\"\n\trm -rf \\\n\t\t\"$(DEST)/bin/lima\" \\\n\t\t\"$(DEST)/bin/lima$(bat)\" \\\n\t\t\"$(DEST)/bin/limactl$(exe)\" \\\n\t\t\"$(DEST)/bin/nerdctl.lima\" \\\n\t\t\"$(DEST)/bin/apptainer.lima\" \\\n\t\t\"$(DEST)/bin/docker.lima\" \\\n\t\t\"$(DEST)/bin/podman.lima\" \\\n\t\t\"$(DEST)/bin/kubectl.lima\" \\\n\t\t\"$(DEST)/share/man/man1/lima.1\" \\\n\t\t\"$(DEST)/share/man/man1/limactl\"*\".1\" \\\n\t\t\"$(DEST)/share/lima\" \\\n\t\t\"$(DEST)/share/doc/lima\" \\\n\t\t\"$(DEST)/libexec/lima/limactl-mcp$(exe)\" \\\n\t\t\"$(DEST)/libexec/lima/limactl-url-fedora-rawhide\" \\\n\t\t\"$(DEST)/libexec/lima/lima-driver-qemu$(exe)\" \\\n\t\t\"$(DEST)/libexec/lima/lima-driver-vz$(exe)\" \\\n\t\t\"$(DEST)/libexec/lima/lima-driver-wsl2$(exe)\" \\\n\t\t\"$(DEST)/libexec/lima/lima-driver-krunkit$(exe)\"\n\tif [ \"$$(readlink \"$(DEST)/bin/nerdctl\")\" = \"nerdctl.lima\" ]; then rm \"$(DEST)/bin/nerdctl\"; fi\n\tif [ \"$$(readlink \"$(DEST)/bin/apptainer\")\" = \"apptainer.lima\" ]; then rm \"$(DEST)/bin/apptainer\"; fi\n\n.PHONY: check-generated\ncheck-generated:\n\tgit diff --exit-code || \\\n\t\t(echo \"Please run 'make generate' when making changes to proto files and check-in the generated file changes\" && false)\n\n.PHONY: bats\nbats: native limactl-plugins\n\tPATH=$$PWD/_output/bin:$$PATH ./hack/bats/lib/bats-core/bin/bats --timing ./hack/bats/tests\n\n.PHONY: lint\nlint: check-generated\n\tnobin --allow-emoji --allow-escape --gitignore --skip-ext pb.desc --skip 'website/static/images/**/*.{gif,png}' --skip 'docs/reports/**/*.pdf'\n\teditorconfig-checker\n\tgolangci-lint run ./...\n\tyamllint .\n\tls-lint\n\tfind . -name '*.sh' ! -path \"./.git/*\" | xargs shellcheck\n\tfind . -name '*.sh' ! -path \"./.git/*\" | xargs shfmt -s -d\n\t# the allow list corresponds to https://github.com/cncf/foundation/blob/e5db022a0009f4db52b89d9875640cf3137153fe/allowed-third-party-license-policy.md\n\t# hashicorp/hcl/v2 is MPL-2.0; covered by the CNCF license exception for hashicorp/hcl\n\t# see also https://github.com/cncf/foundation/issues/1242\n\tgo-licenses check --include_tests --ignore github.com/hashicorp/hcl/v2 ./... --allowed_licenses=$$(cat ./hack/allowed-licenses.txt)\n\tltag -t ./hack/ltag --check -v\n\tprotolint .\n\n.PHONY: clean\nclean:\n\trm -rf _output vendor\n\n.PHONY: install-protoc-tools\ninstall-protoc-tools:\n\tgo install -modfile=./hack/tools/go.mod google.golang.org/protobuf/cmd/protoc-gen-go\n\tgo install -modfile=./hack/tools/go.mod google.golang.org/grpc/cmd/protoc-gen-go-grpc\n\n.PHONY: generate\ngenerate:\n\tgo generate ./...\n\n################################################################################\n# _artifacts/lima-$(VERSION_TRIMMED)-$(ARTIFACT_OS)-$(ARTIFACT_UNAME_M)\n# _artifacts/lima-additional-guestagents-$(VERSION_TRIMMED)-$(ARTIFACT_OS)-$(ARTIFACT_UNAME_M)\n.PHONY: artifact\n\n# returns the capitalized string of $(1).\ncapitalize = $(shell echo \"$(1)\"|awk '{print toupper(substr($$0,1,1)) tolower(substr($$0,2))}')\n\n# returns the architecture name converted from GOARCH to GNU coreutils uname -m.\nto_uname_m = $(foreach arch,$(1),$(shell echo $(arch) | sed 's/amd64/x86_64/' | sed 's/arm64/aarch64/'))\n\nARTIFACT_FILE_EXTENSIONS := .tar.gz\n\nifeq ($(GOOS),darwin)\n# returns the architecture name converted from GOARCH to macOS's uname -m.\nto_uname_m = $(foreach arch,$(1),$(shell echo $(arch) | sed 's/amd64/x86_64/'))\nelse ifeq ($(GOOS),linux)\n# CC is required for cross-compiling on Linux.\n# On Debian, Ubuntu, and related distributions, compilers are named like x86_64-linux-gnu-gcc\n# On Fedora, RHEL, and related distributions, the equivalent is x86_64-redhat-linux-gcc\n# On openSUSE and as a generic fallback, gcc is used\nCC := $(shell \\\n\tif command -v $(call to_uname_m,$(GOARCH))-redhat-linux-gcc >/dev/null 2>&1; then \\\n\t\techo $(call to_uname_m,$(GOARCH))-redhat-linux-gcc; \\\n\telif command -v $(call to_uname_m,$(GOARCH))-linux-gnu-gcc >/dev/null 2>&1; then \\\n\t\techo $(call to_uname_m,$(GOARCH))-linux-gnu-gcc; \\\n\telse \\\n\t\techo gcc; \\\n\tfi)\nelse ifeq ($(GOOS),windows)\n# artifact in zip format also provided for Windows.\nARTIFACT_FILE_EXTENSIONS += .zip\nendif\n\n# artifacts: artifacts-$(GOOS)\nARTIFACT_OS = $(call capitalize,$(GOOS))\nARTIFACT_UNAME_M = $(call to_uname_m,$(GOARCH))\nARTIFACT_PATH_COMMON = _artifacts/lima-$(VERSION_TRIMMED)-$(ARTIFACT_OS)-$(ARTIFACT_UNAME_M)\nARTIFACT_ADDITIONAL_GUESTAGENTS_PATH_COMMON = _artifacts/lima-additional-guestagents-$(VERSION_TRIMMED)-$(ARTIFACT_OS)-$(ARTIFACT_UNAME_M)\n\nartifact: $(addprefix $(ARTIFACT_PATH_COMMON),$(ARTIFACT_FILE_EXTENSIONS)) \\\n\t$(addprefix $(ARTIFACT_ADDITIONAL_GUESTAGENTS_PATH_COMMON),$(ARTIFACT_FILE_EXTENSIONS))\n\nARTIFACT_DES = _output/bin/limactl$(exe) limactl-plugins $(LIMA_DEPS) $(HELPERS_DEPS) \\\n\t$(NATIVE_GUESTAGENT) \\\n\t$(TEMPLATES) $(TEMPLATE_IMAGES) $(TEMPLATE_DEFAULTS) $(TEMPLATE_EXPERIMENTALS) \\\n\tadditional-drivers \\\n\t$(DOCUMENTATION) _output/share/doc/lima/templates \\\n\t_output/share/man/man1/limactl.1\n\n# file targets\n$(ARTIFACT_PATH_COMMON).tar.gz: $(ARTIFACT_DES) | _artifacts\n\t$(TAR) -C _output/ --no-xattrs -czvf $@ ./\n\n$(ARTIFACT_ADDITIONAL_GUESTAGENTS_PATH_COMMON).tar.gz:\n\t# FIXME: do not exec make from make\n\tmake clean additional-guestagents\n\t$(TAR) -C _output/ --no-xattrs -czvf $@ ./\n\n$(ARTIFACT_PATH_COMMON).zip: $(ARTIFACT_DES) | _artifacts\n\tcd _output && $(ZIP) -r ../$@ *\n\n$(ARTIFACT_ADDITIONAL_GUESTAGENTS_PATH_COMMON).zip:\n\tmake clean additional-guestagents\n\tcd _output && $(ZIP) -r ../$@ *\n\n# generate manpages using native limactl.\nmanpages-using-native-limactl: GOOS = $(GOHOSTOS)\nmanpages-using-native-limactl: GOARCH = $(GOHOSTARCH)\nmanpages-using-native-limactl: manpages\n\n# returns \"manpages-using-native-limactl\" if $(1) is not equal to $(GOHOSTOS).\n# $(1): GOOS\ngenerate_manpages_if_needed = $(if $(filter $(if $(1),$(1),$(GOOS)),$(GOHOSTOS)),,manpages-using-native-limactl)\n\n# build native arch first, then build other archs.\nartifact_goarchs = arm64 amd64\ngoarchs_native_and_others = $(GOHOSTARCH) $(filter-out $(GOHOSTARCH),$(artifact_goarchs))\n\n# artifacts is artifact bundles for each OS.\n# if target GOOS is native, build native arch first, generate manpages, then build other archs.\n# if target GOOS is not native, build native limactl, generate manpages, then build the target GOOS with archs.\n.PHONY: artifacts artifacts-darwin artifacts-linux artifacts-windows\nartifacts: $$(addprefix artifact-$$(GOOS)-,$$(goarchs_native_and_others))\nartifacts-darwin: $$(call generate_manpages_if_needed,darwin) $$(addprefix artifact-darwin-,$$(goarchs_native_and_others))\nartifacts-linux: $$(call generate_manpages_if_needed,linux) $$(addprefix artifact-linux-,$$(goarchs_native_and_others))\nartifacts-windows: $$(call generate_manpages_if_needed,windows) $$(addprefix artifact-windows-,$$(goarchs_native_and_others))\n\n# set variables for artifact variant targets.\nartifact-darwin% artifact-darwin: GOOS = darwin\nartifact-linux% artifact-linux: GOOS = linux\nartifact-windows% artifact-windows: GOOS = windows\nartifact-%-amd64 artifact-%-x86_64 artifact-amd64 artifact-x86_64: GOARCH = amd64\nartifact-%-arm64 artifact-%-aarch64 artifact-arm64 artifact-aarch64: GOARCH = arm64\n\n# build cross arch binaries.\nartifact-%: $$(call generate_manpages_if_needed)\n\tmake clean artifact GOOS=$(GOOS) GOARCH=$(GOARCH)\n\n.PHONY: artifacts-misc\nartifacts-misc: | _artifacts\n\tgo mod vendor\n\t$(TAR) --no-xattrs -czf _artifacts/lima-$(VERSION_TRIMMED)-go-mod-vendor.tar.gz go.mod go.sum vendor\n\nMKDIR_TARGETS += _artifacts\n\n################################################################################\n# This target must be placed after any changes to the `MKDIR_TARGETS` variable.\n# It seems that variable expansion in Makefile targets is not done recursively.\n$(MKDIR_TARGETS):\n\tmkdir -p $@\n" }, { "path": "NOTICE", "content": "Lima\nCopyright The Lima Authors.\n\nThis project contains portions of other projects that are licensed under the terms of Apache License 2.0.\nThe NOTICE files of those projects are replicated here for compliance of the section 4(d) of the license.\n\n=== https://github.com/containerd/containerd ===\nhttps://github.com/containerd/containerd/blob/v2.1.1/LICENSE\nhttps://github.com/containerd/containerd/blob/v2.1.1/NOTICE\n\n> Docker\n> Copyright 2012-2015 Docker, Inc.\n>\n> This product includes software developed at Docker, Inc. (https://www.docker.com).\n>\n> The following is courtesy of our legal counsel:\n>\n>\n> Use and transfer of Docker may be subject to certain restrictions by the\n> United States and other governments.\n> It is your responsibility to ensure that your use and/or transfer does not\n> violate applicable laws.\n>\n> For more information, please see https://www.bis.doc.gov\n>\n> See also https://www.apache.org/dev/crypto.html and/or seek legal counsel.\n" }, { "path": "README.md", "content": "[[🌎**Web site**]](https://lima-vm.io/)\n[[📖**Documentation**]](https://lima-vm.io/docs/)\n[[👤**Slack (`#lima`)**]](https://slack.cncf.io)\n\n\n \n \"Shows\n\n\n# Lima: Linux Machines\n\n[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/lima-vm/lima)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/6505/badge)](https://www.bestpractices.dev/projects/6505)\n[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/lima-vm/lima/badge)](https://scorecard.dev/viewer/?uri=github.com/lima-vm/lima)\n\n[Lima](https://lima-vm.io/) launches Linux virtual machines with automatic file sharing and port forwarding (similar to WSL2).\n\nThe original goal of Lima was to promote [containerd](https://containerd.io) including [nerdctl (contaiNERD ctl)](https://github.com/containerd/nerdctl)\nto Mac users, but Lima can be used for non-container applications as well.\n\nLima also supports other container engines (Docker, Podman, Kubernetes, etc.) and non-macOS hosts (Linux, NetBSD, etc.).\n\n## Getting started\nSet up (Homebrew):\n```bash\nbrew install lima\nlimactl start\n```\n\nTo run Linux commands:\n```bash\nlima uname -a\n```\n\nTo run containers with containerd:\n```bash\nlima nerdctl run --rm hello-world\n```\n\nTo run containers with Docker:\n```bash\nlimactl start template:docker\nexport DOCKER_HOST=$(limactl list docker --format 'unix://{{.Dir}}/sock/docker.sock')\ndocker run --rm hello-world\n```\n\nTo run containers with Kubernetes:\n```bash\nlimactl start template:k8s\nexport KUBECONFIG=$(limactl list k8s --format 'unix://{{.Dir}}/copied-from-guest/kubeconfig.yaml')\nkubectl apply -f ...\n```\n\nSee for the further information.\n\n## Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](https://lima-vm.io/docs/community/contributing/) for details on:\n\n- **Developer Certificate of Origin (DCO)**: All commits must be signed off with `git commit -s`\n- Code licensing and pull request guidelines\n- Testing requirements\n\n## Community\n### Adopters\n\nContainer environments:\n- [Rancher Desktop](https://rancherdesktop.io/): Kubernetes and container management to the desktop\n- [Colima](https://github.com/abiosoft/colima): Docker (and Kubernetes) on macOS with minimal setup\n- [Finch](https://github.com/runfinch/finch): Finch is a command line client for local container development\n- [Podman Desktop](https://podman-desktop.io/): Podman Desktop GUI has a plug-in for Lima virtual machines\n\nGUI:\n- [Lima xbar plugin](https://github.com/unixorn/lima-xbar-plugin): [xbar](https://xbarapp.com/) plugin to start/stop VMs from the menu bar and see their running status.\n- [lima-gui](https://github.com/afbjorklund/lima-gui): Qt GUI for Lima\n\n### Communication channels\n\n- [GitHub Discussions](https://github.com/lima-vm/lima/discussions)\n- `#lima` channel in the CNCF Slack\n - New account: \n - Login: \n- Zoom meetings (tentatively monthly)\n - Meeting notes & agenda proposals: https://github.com/lima-vm/lima/discussions/categories/meetings\n - Calendar: https://zoom-lfx.platform.linuxfoundation.org/meetings/lima\n\n### Social media accounts\n\nFollow us for project updates, release announcements, and community news:\n\n- https://x.com/@TheLimaProject\n- https://mastodon.social/@TheLimaProject\n\n### Code of Conduct\nLima follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).\n\n- - -\n**We are a [Cloud Native Computing Foundation](https://cncf.io/) incubating project.**\n\n\n \n \n\n\nThe Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see [Trademark Usage](https://www.linuxfoundation.org/legal/trademark-usage).\n" }, { "path": "ROADMAP.md", "content": "Moved to .\n" }, { "path": "cmd/apptainer.lima", "content": "#!/bin/sh\nset -eu\n: \"${LIMA_INSTANCE:=apptainer}\"\n: \"${APPTAINER_BINDPATH:=}\"\n\nif [ \"$(limactl ls -q \"$LIMA_INSTANCE\" 2>/dev/null)\" != \"$LIMA_INSTANCE\" ]; then\n echo \"instance \\\"$LIMA_INSTANCE\\\" does not exist, run \\`limactl create --name=$LIMA_INSTANCE template:apptainer\\` to create a new instance\" >&2\n exit 1\nelif [ \"$(limactl ls -f '{{ .Status }}' \"$LIMA_INSTANCE\" 2>/dev/null)\" != \"Running\" ]; then\n echo \"instance \\\"$LIMA_INSTANCE\\\" is not running, run \\`limactl start $LIMA_INSTANCE\\` to start the existing instance\" >&2\n exit 1\nfi\nexport LIMA_INSTANCE\nif [ -n \"$APPTAINER_BINDPATH\" ]; then\n APPTAINER_BINDPATH=\"$APPTAINER_BINDPATH,\"\nfi\nAPPTAINER_BINDPATH=\"$APPTAINER_BINDPATH$HOME\"\nexec lima APPTAINER_BINDPATH=\"$APPTAINER_BINDPATH\" apptainer \"$@\"\n" }, { "path": "cmd/docker.lima", "content": "#!/bin/sh\nset -eu\n\n# Environment Variables\n# LIMA_INSTANCE: Specifies the name of the Lima instance to use. Default is \"docker\".\n\n: \"${LIMA_INSTANCE:=docker}\"\n: \"${DOCKER:=docker}\"\n\nif [ \"$(limactl ls -q \"$LIMA_INSTANCE\" 2>/dev/null)\" != \"$LIMA_INSTANCE\" ]; then\n echo \"instance \\\"$LIMA_INSTANCE\\\" does not exist, run \\`limactl create --name=$LIMA_INSTANCE template:docker\\` to create a new instance\" >&2\n exit 1\nelif [ \"$(limactl ls -f '{{ .Status }}' \"$LIMA_INSTANCE\" 2>/dev/null)\" != \"Running\" ]; then\n echo \"instance \\\"$LIMA_INSTANCE\\\" is not running, run \\`limactl start $LIMA_INSTANCE\\` to start the existing instance\" >&2\n exit 1\nfi\nDOCKER=$(command -v \"$DOCKER\" || true)\nif [ -n \"$DOCKER\" ]; then\n DOCKER_HOST=$(limactl list \"$LIMA_INSTANCE\" --format 'unix://{{.Dir}}/sock/docker.sock')\n export DOCKER_HOST\n exec \"$DOCKER\" \"$@\"\nelse\n export LIMA_INSTANCE\n exec lima docker \"$@\"\nfi\n" }, { "path": "cmd/kubectl.lima", "content": "#!/bin/sh\nset -eu\n\n# Environment Variables\n# LIMA_INSTANCE: Specifies the name of the Lima instance to use. Default is empty.\n\n: \"${LIMA_INSTANCE:=}\"\n: \"${KUBECTL:=kubectl}\"\n\nif [ -z \"$LIMA_INSTANCE\" ]; then\n if [ \"$(limactl ls -q k3s 2>/dev/null)\" = \"k3s\" ]; then\n LIMA_INSTANCE=k3s\n elif [ \"$(limactl ls -q k8s 2>/dev/null)\" = \"k8s\" ]; then\n LIMA_INSTANCE=k8s\n else\n echo \"No k3s or k8s existing instances found. Either create one with\" >&2\n echo \"limactl create --name=k3s template:k3s\" >&2\n echo \"limactl create --name=k8s template:k8s\" >&2\n echo \"or set LIMA_INSTANCE to the name of your Kubernetes instance\" >&2\n exit 1\n fi\n if [ \"$(limactl ls -f '{{.Status}}' \"$LIMA_INSTANCE\" 2>/dev/null)\" != \"Running\" ]; then\n echo \"instance \\\"$LIMA_INSTANCE\\\" is not running, run \\`limactl start $LIMA_INSTANCE\\` to start the existing instance\" >&2\n exit 1\n fi\nelif [ \"$(limactl ls -q \"$LIMA_INSTANCE\" 2>/dev/null)\" != \"$LIMA_INSTANCE\" ]; then\n echo \"instance \\\"$LIMA_INSTANCE\\\" does not exist, run \\`limactl create --name=$LIMA_INSTANCE\\` to create a new instance\" >&2\n exit 1\nelif [ \"$(limactl ls -f '{{ .Status }}' \"$LIMA_INSTANCE\" 2>/dev/null)\" != \"Running\" ]; then\n echo \"instance \\\"$LIMA_INSTANCE\\\" is not running, run \\`limactl start $LIMA_INSTANCE\\` to start the existing instance\" >&2\n exit 1\nfi\nKUBECTL=$(command -v \"$KUBECTL\" || true)\nif [ -n \"$KUBECTL\" ]; then\n KUBECONFIG=$(limactl list \"$LIMA_INSTANCE\" --format '{{.Dir}}/copied-from-guest/kubeconfig.yaml')\n export KUBECONFIG\n exec \"$KUBECTL\" \"$@\"\nelse\n export LIMA_INSTANCE\n exec lima sudo kubectl \"$@\"\nfi\n" }, { "path": "cmd/lima", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu\n\n# Environment Variables\n# LIMA_INSTANCE: Specifies the name of the Lima instance to use. Default is \"default\".\n# LIMA_SHELL: Specifies the shell interpreter to use inside the Lima instance. Default is the user's shell configured inside the instance.\n# LIMA_WORKDIR: Specifies the initial working directory inside the Lima instance. Default is the current directory from the host.\n# LIMACTL: Specifies the path to the limactl binary. Default is \"limactl\" in $PATH.\n\n: \"${LIMA_INSTANCE:=default}\"\n: \"${LIMA_SHELL:=}\"\n: \"${LIMA_WORKDIR:=}\"\n: \"${LIMACTL:=limactl}\"\n\nif [ \"$#\" -eq 1 ]; then\n if [ \"$1\" = \"-h\" ] || [ \"$1\" = \"--help\" ]; then\n base=\"$(basename \"$0\")\"\n echo \"Usage: ${base} [COMMAND...]\"\n echo\n echo \"${base} is an alias for \\\"${LIMACTL} shell ${LIMA_INSTANCE}\\\".\"\n echo \"The instance name (\\\"${LIMA_INSTANCE}\\\") can be changed by specifying \\$LIMA_INSTANCE.\"\n echo\n echo \"The shell and initial workdir inside the instance can be specified via \\$LIMA_SHELL\"\n echo \"and \\$LIMA_WORKDIR.\"\n echo\n echo \"See \\`${LIMACTL} shell --help\\` for further information.\"\n exit 0\n elif [ \"$1\" = \"-v\" ] || [ \"$1\" = \"--version\" ]; then\n exec \"$LIMACTL\" \"$@\"\n fi\nfi\n\nset - --instance \"$LIMA_INSTANCE\" \"$@\"\nif [ -n \"${LIMA_SHELL}\" ]; then\n set - --shell \"$LIMA_SHELL\" \"$@\"\nfi\nif [ -n \"${LIMA_WORKDIR}\" ]; then\n set - --workdir \"$LIMA_WORKDIR\" \"$@\"\nfi\n# Avoid converting paths with MSYS2\nMSYS2_ARG_CONV_EXCL=\"*\"\nexport MSYS2_ARG_CONV_EXCL\nexec \"$LIMACTL\" shell \"$@\"\n" }, { "path": "cmd/lima-driver-krunkit/main_darwin_arm64.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/driver/external/server\"\n\t\"github.com/lima-vm/lima/v2/pkg/driver/krunkit\"\n)\n\n// To be used as an external driver for Lima.\nfunc main() {\n\tserver.Serve(context.Background(), krunkit.New())\n}\n" }, { "path": "cmd/lima-driver-qemu/main.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/driver/external/server\"\n\t\"github.com/lima-vm/lima/v2/pkg/driver/qemu\"\n)\n\n// To be used as an external driver for Lima.\nfunc main() {\n\tserver.Serve(context.Background(), qemu.New())\n}\n" }, { "path": "cmd/lima-driver-vz/main_darwin.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/driver/external/server\"\n\t\"github.com/lima-vm/lima/v2/pkg/driver/vz\"\n)\n\n// To be used as an external driver for Lima.\nfunc main() {\n\tserver.Serve(context.Background(), vz.New())\n}\n" }, { "path": "cmd/lima-driver-wsl2/main_windows.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/driver/external/server\"\n\t\"github.com/lima-vm/lima/v2/pkg/driver/wsl2\"\n)\n\n// To be used as an external driver for Lima.\nfunc main() {\n\tserver.Serve(context.Background(), wsl2.New())\n}\n" }, { "path": "cmd/lima-guestagent/daemon_linux.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\t\"net\"\n\t\"os\"\n\t\"os/signal\"\n\t\"syscall\"\n\t\"time\"\n\n\t\"github.com/mdlayher/vsock\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/guestagent\"\n\t\"github.com/lima-vm/lima/v2/pkg/guestagent/api/server\"\n\t\"github.com/lima-vm/lima/v2/pkg/guestagent/serialport\"\n\t\"github.com/lima-vm/lima/v2/pkg/guestagent/ticker\"\n\t\"github.com/lima-vm/lima/v2/pkg/portfwdserver\"\n)\n\nconst hostCID = 2\n\ntype cidFilteredListener struct {\n\t*vsock.Listener\n}\n\nfunc (l *cidFilteredListener) Accept() (net.Conn, error) {\n\tfor {\n\t\tconn, err := l.Listener.Accept()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tif vsockConn, ok := conn.(*vsock.Conn); ok {\n\t\t\tif addr, ok := vsockConn.RemoteAddr().(*vsock.Addr); ok {\n\t\t\t\tif addr.ContextID != hostCID {\n\t\t\t\t\tlogrus.Warnf(\"rejected vsock connection from unauthorized CID %d\", addr.ContextID)\n\t\t\t\t\tconn.Close()\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn conn, nil\n\t}\n}\n\nfunc newDaemonCommand() *cobra.Command {\n\tdaemonCommand := &cobra.Command{\n\t\tUse: \"daemon\",\n\t\tShort: \"Run the daemon\",\n\t\tRunE: daemonAction,\n\t}\n\tdaemonCommand.Flags().String(\"runtime-dir\", \"/run/lima-guestagent\", \"Directory to store runtime state\")\n\tdaemonCommand.Flags().Duration(\"tick\", 3*time.Second, \"Tick for polling events\")\n\tdaemonCommand.Flags().Int(\"vsock-port\", 0, \"Use vsock server instead a UNIX socket\")\n\tdaemonCommand.Flags().String(\"virtio-port\", \"\", \"Use virtio server instead a UNIX socket\")\n\treturn daemonCommand\n}\n\nfunc daemonAction(cmd *cobra.Command, _ []string) error {\n\tctx := cmd.Context()\n\truntimeDir, err := cmd.Flags().GetString(\"runtime-dir\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif err := os.MkdirAll(runtimeDir, 0o755); err != nil {\n\t\treturn err\n\t}\n\tsocket := \"/run/lima-guestagent.sock\"\n\ttick, err := cmd.Flags().GetDuration(\"tick\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tvSockPort, err := cmd.Flags().GetInt(\"vsock-port\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tvirtioPort, err := cmd.Flags().GetString(\"virtio-port\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif tick == 0 {\n\t\treturn errors.New(\"tick must be specified\")\n\t}\n\tif os.Geteuid() != 0 {\n\t\treturn errors.New(\"must run as the root user\")\n\t}\n\n\tlogrus.Infof(\"event tick: %v\", tick)\n\tsimpleTicker := ticker.NewSimpleTicker(time.NewTicker(tick))\n\ttickerInst := simpleTicker\n\t// See /sys/kernel/debug/tracing/available_events for the list of available tracepoints\n\ttracepoints := []string{\"syscalls:sys_exit_bind\"}\n\tif ebpfTicker, err := ticker.NewEbpfTicker(tracepoints); err != nil {\n\t\tlogrus.WithError(err).Warn(\"failed to create eBPF ticker, falling back to simple ticker\")\n\t} else {\n\t\tlogrus.Infof(\"using eBPF ticker with tracepoints: %v\", tracepoints)\n\t\ttickerInst = ticker.NewCompoundTicker(simpleTicker, ebpfTicker)\n\t}\n\n\tctx, stop := signal.NotifyContext(ctx, syscall.SIGTERM)\n\tdefer stop()\n\tgo func() {\n\t\t<-ctx.Done()\n\t\tlogrus.Debug(\"Received SIGTERM, shutting down the guest agent\")\n\t}()\n\tagent, err := guestagent.New(ctx, tickerInst, runtimeDir)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\terr = os.RemoveAll(socket)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tvar l net.Listener\n\tif virtioPort != \"\" {\n\t\tqemuL, err := serialport.Listen(\"/dev/virtio-ports/\" + virtioPort)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tl = qemuL\n\t\tlogrus.Infof(\"serving the guest agent on qemu serial file: %s\", virtioPort)\n\t} else if vSockPort != 0 {\n\t\tvsockL, err := vsock.Listen(uint32(vSockPort), nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tl = &cidFilteredListener{Listener: vsockL}\n\t\tlogrus.Infof(\"serving the guest agent on vsock port: %d (host CID only)\", vSockPort)\n\t} else {\n\t\tvar lc net.ListenConfig\n\t\tsocketL, err := lc.Listen(ctx, \"unix\", socket)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tif err := os.Chmod(socket, 0o777); err != nil {\n\t\t\treturn err\n\t\t}\n\t\tl = socketL\n\t\tlogrus.Infof(\"serving the guest agent on %q\", socket)\n\t}\n\tdefer logrus.Debug(\"exiting lima-guestagent daemon\")\n\treturn server.StartServer(ctx, l, &server.GuestServer{Agent: agent, TunnelS: portfwdserver.NewTunnelServer()})\n}\n" }, { "path": "cmd/lima-guestagent/fake_cloud_init_darwin.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/guestagent/fakecloudinit\"\n)\n\nfunc newFakeCloudInitCommand() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"fake-cloud-init\",\n\t\tShort: \"Run fake cloud-init\",\n\t\tRunE: fakeCloudInitAction,\n\t}\n\treturn cmd\n}\n\nfunc fakeCloudInitAction(cmd *cobra.Command, _ []string) error {\n\tctx := cmd.Context()\n\treturn fakecloudinit.Run(ctx)\n}\n" }, { "path": "cmd/lima-guestagent/install_systemd_linux.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"bytes\"\n\t_ \"embed\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\t\"slices\"\n\t\"strings\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/textutil\"\n)\n\nfunc newInstallSystemdCommand() *cobra.Command {\n\tinstallSystemdCommand := &cobra.Command{\n\t\tUse: \"install-systemd\",\n\t\tShort: \"Install a systemd unit (user)\",\n\t\tRunE: installSystemdAction,\n\t}\n\tinstallSystemdCommand.Flags().Bool(\"guestagent-updated\", false, \"Indicate that the guest agent has been updated\")\n\tinstallSystemdCommand.Flags().Int(\"vsock-port\", 0, \"Use vsock server on specified port\")\n\tinstallSystemdCommand.Flags().String(\"virtio-port\", \"\", \"Use virtio server instead a UNIX socket\")\n\treturn installSystemdCommand\n}\n\nfunc installSystemdAction(cmd *cobra.Command, _ []string) error {\n\tctx := cmd.Context()\n\tguestAgentUpdated, err := cmd.Flags().GetBool(\"guestagent-updated\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tvsockPort, err := cmd.Flags().GetInt(\"vsock-port\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tvirtioPort, err := cmd.Flags().GetString(\"virtio-port\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tdebug, err := cmd.Flags().GetBool(\"debug\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tunit, err := generateSystemdUnit(vsockPort, virtioPort, debug)\n\tif err != nil {\n\t\treturn err\n\t}\n\tunitPath := \"/etc/systemd/system/lima-guestagent.service\"\n\tunitFileChanged := true\n\tif _, err := os.Stat(unitPath); !errors.Is(err, os.ErrNotExist) {\n\t\tif existingUnit, err := os.ReadFile(unitPath); err == nil && bytes.Equal(unit, existingUnit) {\n\t\t\tlogrus.Infof(\"File %q is up-to-date\", unitPath)\n\t\t\tunitFileChanged = false\n\t\t} else {\n\t\t\tlogrus.Infof(\"File %q needs update\", unitPath)\n\t\t}\n\t} else {\n\t\tunitDir := filepath.Dir(unitPath)\n\t\tif err := os.MkdirAll(unitDir, 0o755); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\tif unitFileChanged {\n\t\tif err := os.WriteFile(unitPath, unit, 0o644); err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlogrus.Infof(\"Written file %q\", unitPath)\n\t} else if !guestAgentUpdated {\n\t\tlogrus.Info(\"lima-guestagent.service already up-to-date\")\n\t\treturn nil\n\t}\n\t// unitFileChanged || guestAgentUpdated\n\targs := make([][]string, 0, 4)\n\tif unitFileChanged {\n\t\targs = append(args, []string{\"daemon-reload\"})\n\t}\n\targs = slices.Concat(\n\t\targs,\n\t\t[][]string{\n\t\t\t{\"enable\", \"lima-guestagent.service\"},\n\t\t\t{\"try-restart\", \"lima-guestagent.service\"}, // try-restart: restart if running, otherwise do nothing\n\t\t\t{\"start\", \"lima-guestagent.service\"}, // start: start if not running, otherwise do nothing\n\t\t},\n\t)\n\tfor _, args := range args {\n\t\tcmd := exec.CommandContext(ctx, \"systemctl\", append([]string{\"--system\"}, args...)...)\n\t\tcmd.Stdout = os.Stdout\n\t\tcmd.Stderr = os.Stderr\n\t\tlogrus.Infof(\"Executing: %s\", strings.Join(cmd.Args, \" \"))\n\t\tif err := cmd.Run(); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\tlogrus.Info(\"Done\")\n\treturn nil\n}\n\n//go:embed lima-guestagent.TEMPLATE.service\nvar systemdUnitTemplate string\n\nfunc generateSystemdUnit(vsockPort int, virtioPort string, debug bool) ([]byte, error) {\n\tselfExeAbs, err := os.Executable()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tvar args []string\n\tif vsockPort != 0 {\n\t\targs = append(args, fmt.Sprintf(\"--vsock-port %d\", vsockPort))\n\t}\n\tif virtioPort != \"\" {\n\t\targs = append(args, fmt.Sprintf(\"--virtio-port %s\", virtioPort))\n\t}\n\tif debug {\n\t\targs = append(args, \"--debug\")\n\t}\n\n\tm := map[string]string{\n\t\t\"Binary\": selfExeAbs,\n\t\t\"Args\": strings.Join(args, \" \"),\n\t}\n\treturn textutil.ExecuteTemplate(systemdUnitTemplate, m)\n}\n" }, { "path": "cmd/lima-guestagent/lima-guestagent.TEMPLATE.service", "content": "[Unit]\nDescription=lima-guestagent\n\n[Service]\nExecStart={{.Binary}} daemon {{.Args}} --runtime-dir=\"%t/%N\"\nType=simple\nRestart=on-failure\nOOMPolicy=continue\nOOMScoreAdjust=-500\n\n[Install]\nWantedBy=multi-user.target\n" }, { "path": "cmd/lima-guestagent/main.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"strings\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/cmd/yq\"\n\t\"github.com/lima-vm/lima/v2/pkg/debugutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/osutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/version\"\n)\n\nfunc main() {\n\tyq.MaybeRunYQ()\n\tif err := newApp().Execute(); err != nil {\n\t\tosutil.HandleExitError(err)\n\t\tlogrus.Fatal(err)\n\t}\n}\n\nfunc newApp() *cobra.Command {\n\trootCmd := &cobra.Command{\n\t\tUse: \"lima-guestagent\",\n\t\tShort: \"Do not launch manually\",\n\t\tVersion: strings.TrimPrefix(version.Version, \"v\"),\n\t}\n\trootCmd.PersistentFlags().Bool(\"debug\", false, \"Debug mode\")\n\trootCmd.PersistentPreRunE = func(cmd *cobra.Command, _ []string) error {\n\t\tdebug, _ := cmd.Flags().GetBool(\"debug\")\n\t\tif debug {\n\t\t\tlogrus.SetLevel(logrus.DebugLevel)\n\t\t\tdebugutil.Debug = true\n\t\t}\n\t\treturn nil\n\t}\n\taddRootCommands(rootCmd)\n\treturn rootCmd\n}\n" }, { "path": "cmd/lima-guestagent/root_darwin.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"github.com/spf13/cobra\"\n)\n\nfunc addRootCommands(rootCmd *cobra.Command) {\n\trootCmd.AddCommand(\n\t\tnewFakeCloudInitCommand(),\n\t)\n}\n" }, { "path": "cmd/lima-guestagent/root_linux.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"github.com/spf13/cobra\"\n)\n\nfunc addRootCommands(rootCmd *cobra.Command) {\n\trootCmd.AddCommand(\n\t\tnewDaemonCommand(),\n\t\tnewInstallSystemdCommand(),\n\t)\n}\n" }, { "path": "cmd/lima-guestagent/root_others.go", "content": "//go:build !linux && !darwin\n\n// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"github.com/spf13/cobra\"\n)\n\nfunc addRootCommands(_ *cobra.Command) {\n\t// NOP\n}\n" }, { "path": "cmd/lima.bat", "content": "@echo off\nREM Environment Variables\nREM LIMA_INSTANCE: Specifies the name of the Lima instance to use. Default is \"default\".\nREM LIMACTL: Specifies the path to the limactl binary. Default is \"limactl\" in %PATH%.\n\nIF NOT DEFINED LIMACTL (SET LIMACTL=limactl)\nIF NOT DEFINED LIMA_INSTANCE (SET LIMA_INSTANCE=default)\n%LIMACTL% shell --instance %LIMA_INSTANCE% %*\n" }, { "path": "cmd/limactl/clone.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/cmd/limactl/editflags\"\n\t\"github.com/lima-vm/lima/v2/pkg/driverutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/instance\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/filenames\"\n\t\"github.com/lima-vm/lima/v2/pkg/limayaml\"\n\t\"github.com/lima-vm/lima/v2/pkg/networks/reconcile\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n\t\"github.com/lima-vm/lima/v2/pkg/yqutil\"\n)\n\nfunc newCloneCommand() *cobra.Command {\n\tcloneCommand := &cobra.Command{\n\t\tUse: \"clone OLDINST NEWINST\",\n\t\tShort: \"Clone an instance of Lima\",\n\t\tLong: `Clone an instance of Lima.\n\nNot to be confused with 'limactl copy' ('limactl cp').\n`,\n\t\tArgs: WrapArgsError(cobra.ExactArgs(2)),\n\t\tRunE: cloneOrRenameAction,\n\t\tValidArgsFunction: cloneBashComplete,\n\t\tGroupID: advancedCommand,\n\t}\n\tcloneCommand.Flags().Bool(\"start\", false, \"Start the instance after cloning\")\n\teditflags.RegisterEdit(cloneCommand, \"[limactl edit] \")\n\treturn cloneCommand\n}\n\nfunc newRenameCommand() *cobra.Command {\n\trenameCommand := &cobra.Command{\n\t\tUse: \"rename OLDINST NEWINST\",\n\t\t// No \"mv\" alias, to avoid confusion with a theoretical equivalent of `limactl cp` but s/cp/mv/.\n\t\tShort: \"Rename an instance of Lima\",\n\t\tArgs: WrapArgsError(cobra.ExactArgs(2)),\n\t\tRunE: cloneOrRenameAction,\n\t\tValidArgsFunction: cloneBashComplete,\n\t\tGroupID: advancedCommand,\n\t}\n\trenameCommand.Flags().Bool(\"start\", false, \"Start the instance after renaming\")\n\teditflags.RegisterEdit(renameCommand, \"[limactl edit] \")\n\treturn renameCommand\n}\n\nfunc cloneOrRenameAction(cmd *cobra.Command, args []string) error {\n\trename := cmd.Name() == \"rename\"\n\tctx := cmd.Context()\n\tflags := cmd.Flags()\n\ttty, err := flags.GetBool(\"tty\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\toldInstName, newInstName := args[0], args[1]\n\toldInst, err := store.Inspect(ctx, oldInstName)\n\tif err != nil {\n\t\tif errors.Is(err, os.ErrNotExist) {\n\t\t\treturn fmt.Errorf(\"instance %q not found\", oldInstName)\n\t\t}\n\t\treturn err\n\t}\n\n\tnewInst, err := instance.CloneOrRename(ctx, oldInst, newInstName, rename)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tyqExprs, err := editflags.YQExpressions(flags, false)\n\tif err != nil {\n\t\treturn err\n\t}\n\tif len(yqExprs) > 0 {\n\t\t// TODO: reduce duplicated codes across cloneAction and editAction\n\t\tyq := yqutil.Join(yqExprs)\n\t\tfilePath := filepath.Join(newInst.Dir, filenames.LimaYAML)\n\t\tyContent, err := os.ReadFile(filePath)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tyBytes, err := yqutil.EvaluateExpression(yq, yContent)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ty, err := limayaml.LoadWithWarnings(ctx, yBytes, filePath)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tif err := driverutil.ResolveVMType(ctx, y, filePath); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to resolve vm for %q: %w\", filePath, err)\n\t\t}\n\t\tif err := limayaml.Validate(y, true); err != nil {\n\t\t\treturn saveRejectedYAML(yBytes, err)\n\t\t}\n\t\tif err := limayaml.ValidateAgainstLatestConfig(ctx, yBytes, yContent); err != nil {\n\t\t\treturn saveRejectedYAML(yBytes, err)\n\t\t}\n\t\tif err := os.WriteFile(filePath, yBytes, 0o644); err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnewInst, err = store.Inspect(ctx, newInst.Name)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tstart, err := flags.GetBool(\"start\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif tty && !flags.Changed(\"start\") {\n\t\tstart, err = askWhetherToStart(cmd)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\tif !start {\n\t\treturn nil\n\t}\n\terr = reconcile.Reconcile(ctx, newInst.Name)\n\tif err != nil {\n\t\treturn err\n\t}\n\treturn instance.Start(ctx, newInst, false, false)\n}\n\nfunc cloneBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n" }, { "path": "cmd/limactl/completion.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"maps\"\n\t\"net\"\n\t\"slices\"\n\t\"strings\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/networks\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n\t\"github.com/lima-vm/lima/v2/pkg/templatestore\"\n)\n\nfunc bashCompleteInstanceNames(_ *cobra.Command) ([]string, cobra.ShellCompDirective) {\n\tinstances, err := store.Instances()\n\tif err != nil {\n\t\treturn nil, cobra.ShellCompDirectiveDefault\n\t}\n\treturn instances, cobra.ShellCompDirectiveNoFileComp\n}\n\nfunc bashCompleteTemplateNames(_ *cobra.Command, toComplete string) ([]string, cobra.ShellCompDirective) {\n\tvar comp []string\n\tif templates, err := templatestore.Templates(); err == nil {\n\t\tfor _, f := range templates {\n\t\t\tname := \"template:\" + f.Name\n\t\t\tif !strings.HasPrefix(name, toComplete) {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif len(toComplete) == len(name) {\n\t\t\t\tcomp = append(comp, name)\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// Skip private snippets (beginning with '_') from completion.\n\t\t\tif (name[len(toComplete)-1] == '/') && (name[len(toComplete)] == '_') {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tcomp = append(comp, name)\n\t\t}\n\t}\n\treturn comp, cobra.ShellCompDirectiveDefault\n}\n\nfunc bashCompleteDiskNames(_ *cobra.Command) ([]string, cobra.ShellCompDirective) {\n\tdisks, err := store.Disks()\n\tif err != nil {\n\t\treturn nil, cobra.ShellCompDirectiveDefault\n\t}\n\treturn disks, cobra.ShellCompDirectiveNoFileComp\n}\n\nfunc bashCompleteNetworkNames(_ *cobra.Command) ([]string, cobra.ShellCompDirective) {\n\tconfig, err := networks.LoadConfig()\n\tif err != nil {\n\t\treturn nil, cobra.ShellCompDirectiveDefault\n\t}\n\tnetworks := slices.Sorted(maps.Keys(config.Networks))\n\treturn networks, cobra.ShellCompDirectiveNoFileComp\n}\n\nfunc bashFlagCompleteNetworkInterfaceNames(_ *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\tintf, err := net.Interfaces()\n\tif err != nil {\n\t\treturn nil, cobra.ShellCompDirectiveDefault\n\t}\n\tvar intfNames []string\n\tfor _, f := range intf {\n\t\tintfNames = append(intfNames, f.Name)\n\t}\n\treturn intfNames, cobra.ShellCompDirectiveNoFileComp\n}\n" }, { "path": "cmd/limactl/copy.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/copytool\"\n)\n\nconst copyHelp = `Copy files between host and guest\n\nPrefix guest filenames with the instance name and a colon.\n\nBackends:\n auto - Automatically selects the best available backend (rsync preferred, falls back to scp)\n rsync - Uses rsync for faster transfers with resume capability (requires rsync on both host and guest)\n scp - Uses scp for reliable transfers (always available)\n\nNot to be confused with 'limactl clone'.\n`\n\nconst copyExample = `\n # Copy file from guest to host (auto backend)\n limactl copy default:/etc/os-release .\n\n # Copy file from host to guest with verbose output\n limactl copy -v myfile.txt default:/tmp/\n\n # Copy directory recursively using rsync backend\n limactl copy --backend=rsync -r ./mydir default:/tmp/\n\n # Copy using scp backend specifically\n limactl copy --backend=scp default:/var/log/app.log ./logs/\n\n # Copy multiple files\n limactl copy file1.txt file2.txt default:/tmp/\n`\n\nfunc newCopyCommand() *cobra.Command {\n\tcopyCommand := &cobra.Command{\n\t\tUse: \"copy SOURCE ... TARGET\",\n\t\tAliases: []string{\"cp\"},\n\t\tShort: \"Copy files between host and guest\",\n\t\tLong: copyHelp,\n\t\tExample: copyExample,\n\t\tArgs: WrapArgsError(cobra.MinimumNArgs(2)),\n\t\tRunE: copyAction,\n\t\tGroupID: advancedCommand,\n\t}\n\n\tcopyCommand.Flags().BoolP(\"recursive\", \"r\", false, \"Copy directories recursively\")\n\tcopyCommand.Flags().BoolP(\"verbose\", \"v\", false, \"Enable verbose output\")\n\tcopyCommand.Flags().String(\"backend\", \"auto\", \"Copy backend (scp|rsync|auto)\")\n\n\treturn copyCommand\n}\n\nfunc copyAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\trecursive, err := cmd.Flags().GetBool(\"recursive\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tverbose, err := cmd.Flags().GetBool(\"verbose\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdebug, err := cmd.Flags().GetBool(\"debug\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif debug {\n\t\tverbose = true\n\t}\n\n\tbackend, err := cmd.Flags().GetString(\"backend\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tcpTool, err := copytool.New(ctx, backend, args, ©tool.Options{\n\t\tRecursive: recursive,\n\t\tVerbose: verbose,\n\t})\n\tif err != nil {\n\t\treturn err\n\t}\n\tlogrus.Debugf(\"using copy tool %q\", cpTool.Name())\n\n\tcopyCmd, err := cpTool.Command(ctx, args, nil)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tcopyCmd.Stdin = cmd.InOrStdin()\n\tcopyCmd.Stdout = cmd.OutOrStdout()\n\tcopyCmd.Stderr = cmd.ErrOrStderr()\n\tlogrus.Debugf(\"executing %v (may take a long time)\", copyCmd)\n\n\t// TODO: use syscall.Exec directly (results in losing tty?)\n\treturn copyCmd.Run()\n}\n" }, { "path": "cmd/limactl/debug.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/hostagent/dns\"\n)\n\nfunc newDebugCommand() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"debug\",\n\t\tShort: \"Debug utilities\",\n\t\tLong: \"DO NOT USE! THE COMMAND SYNTAX IS SUBJECT TO CHANGE!\",\n\t\tHidden: true,\n\t}\n\tcmd.AddCommand(newDebugDNSCommand())\n\treturn cmd\n}\n\nfunc newDebugDNSCommand() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"dns UDPPORT [TCPPORT]\",\n\t\tShort: \"Debug built-in DNS\",\n\t\tLong: \"DO NOT USE! THE COMMAND SYNTAX IS SUBJECT TO CHANGE!\",\n\t\tArgs: WrapArgsError(cobra.RangeArgs(1, 2)),\n\t\tRunE: debugDNSAction,\n\t}\n\tcmd.Flags().BoolP(\"ipv6\", \"6\", false, \"Lookup IPv6 addresses too\")\n\treturn cmd\n}\n\nfunc debugDNSAction(cmd *cobra.Command, args []string) error {\n\tipv6, err := cmd.Flags().GetBool(\"ipv6\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tudpLocalPort, err := strconv.Atoi(args[0])\n\tif err != nil {\n\t\treturn err\n\t}\n\ttcpLocalPort := 0\n\tif len(args) > 1 {\n\t\ttcpLocalPort, err = strconv.Atoi(args[1])\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\tsrvOpts := dns.ServerOptions{\n\t\tUDPPort: udpLocalPort,\n\t\tTCPPort: tcpLocalPort,\n\t\tAddress: \"127.0.0.1\",\n\t\tHandlerOptions: dns.HandlerOptions{\n\t\t\tIPv6: ipv6,\n\t\t\tStaticHosts: map[string]string{},\n\t\t},\n\t}\n\tsrv, err := dns.Start(srvOpts)\n\tif err != nil {\n\t\treturn err\n\t}\n\tlogrus.Infof(\"Started srv %+v (UDP %d, TCP %d)\", srv, udpLocalPort, tcpLocalPort)\n\tfor {\n\t\ttime.Sleep(time.Hour)\n\t}\n}\n" }, { "path": "cmd/limactl/delete.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/autostart\"\n\t\"github.com/lima-vm/lima/v2/pkg/instance\"\n\t\"github.com/lima-vm/lima/v2/pkg/networks/reconcile\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n)\n\nfunc newDeleteCommand() *cobra.Command {\n\tdeleteCommand := &cobra.Command{\n\t\tUse: \"delete INSTANCE [INSTANCE, ...]\",\n\t\tAliases: []string{\"remove\", \"rm\"},\n\t\tShort: \"Delete an instance of Lima\",\n\t\tArgs: WrapArgsError(cobra.MinimumNArgs(1)),\n\t\tRunE: deleteAction,\n\t\tValidArgsFunction: deleteBashComplete,\n\t\tGroupID: basicCommand,\n\t}\n\tdeleteCommand.Flags().BoolP(\"force\", \"f\", false, \"Forcibly kill the processes\")\n\treturn deleteCommand\n}\n\nfunc deleteAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tforce, err := cmd.Flags().GetBool(\"force\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tfor _, instName := range args {\n\t\tinst, err := store.Inspect(ctx, instName)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, os.ErrNotExist) {\n\t\t\t\tlogrus.Warnf(\"Ignoring non-existent instance %q\", instName)\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\treturn err\n\t\t}\n\t\tif err := instance.Delete(cmd.Context(), inst, force); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to delete instance %q: %w\", instName, err)\n\t\t}\n\t\tif registered, err := autostart.IsRegistered(ctx, inst); err != nil && !errors.Is(err, autostart.ErrNotSupported) {\n\t\t\tlogrus.WithError(err).Warnf(\"Failed to check if the autostart entry for instance %q is registered\", instName)\n\t\t} else if registered {\n\t\t\tif err := autostart.UnregisterFromStartAtLogin(ctx, inst); err != nil {\n\t\t\t\tlogrus.WithError(err).Warnf(\"Failed to unregister the autostart entry for instance %q\", instName)\n\t\t\t} else {\n\t\t\t\tlogrus.Infof(\"The autostart entry for instance %q has been unregistered\", instName)\n\t\t\t}\n\t\t}\n\t\tlogrus.Infof(\"Deleted %q (%q)\", instName, inst.Dir)\n\t}\n\treturn reconcile.Reconcile(cmd.Context(), \"\")\n}\n\nfunc deleteBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n" }, { "path": "cmd/limactl/disk.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io/fs\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"text/tabwriter\"\n\n\tcontfs \"github.com/containerd/continuity/fs\"\n\t\"github.com/docker/go-units\"\n\t\"github.com/lima-vm/go-qcow2reader\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/imgutil/proxyimgutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/filenames\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n)\n\nfunc newDiskCommand() *cobra.Command {\n\tdiskCommand := &cobra.Command{\n\t\tUse: \"disk\",\n\t\tShort: \"Lima disk management\",\n\t\tExample: ` Create a disk:\n $ limactl disk create DISK --size SIZE [--format qcow2]\n\n List existing disks:\n $ limactl disk ls\n\n Delete a disk:\n $ limactl disk delete DISK\n\n Resize a disk:\n $ limactl disk resize DISK --size SIZE`,\n\t\tSilenceUsage: true,\n\t\tSilenceErrors: true,\n\t\tGroupID: advancedCommand,\n\t}\n\tdiskCommand.AddCommand(\n\t\tnewDiskCreateCommand(),\n\t\tnewDiskListCommand(),\n\t\tnewDiskDeleteCommand(),\n\t\tnewDiskUnlockCommand(),\n\t\tnewDiskResizeCommand(),\n\t\tnewDiskImportCommand(),\n\t)\n\treturn diskCommand\n}\n\nfunc newDiskCreateCommand() *cobra.Command {\n\tdiskCreateCommand := &cobra.Command{\n\t\tUse: \"create DISK\",\n\t\tExample: `\nTo create a new disk:\n$ limactl disk create DISK --size SIZE [--format qcow2]\n`,\n\t\tShort: \"Create a Lima disk\",\n\t\tArgs: WrapArgsError(cobra.ExactArgs(1)),\n\t\tRunE: diskCreateAction,\n\t}\n\tdiskCreateCommand.Flags().String(\"size\", \"\", \"Configure the disk size\")\n\t_ = diskCreateCommand.MarkFlagRequired(\"size\")\n\tdiskCreateCommand.Flags().String(\"format\", \"qcow2\", \"Specify the disk format\")\n\treturn diskCreateCommand\n}\n\nfunc diskCreateAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tsize, err := cmd.Flags().GetString(\"size\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tformat, err := cmd.Flags().GetString(\"format\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdiskSize, err := units.RAMInBytes(size)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tswitch format {\n\tcase \"qcow2\", \"raw\":\n\tdefault:\n\t\treturn fmt.Errorf(`disk format %q not supported, use \"qcow2\" or \"raw\" instead`, format)\n\t}\n\n\t// only exactly one arg is allowed\n\tname := args[0]\n\n\tdiskDir, err := store.DiskDir(name)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif _, err := os.Stat(diskDir); !errors.Is(err, fs.ErrNotExist) {\n\t\treturn fmt.Errorf(\"disk %q already exists (%q)\", name, diskDir)\n\t}\n\n\tlogrus.Infof(\"Creating %s disk %q with size %s\", format, name, units.BytesSize(float64(diskSize)))\n\n\tif err := os.MkdirAll(diskDir, 0o700); err != nil {\n\t\treturn err\n\t}\n\n\t// qemu may not be available, use it only if needed.\n\tdataDisk := filepath.Join(diskDir, filenames.DataDisk)\n\tdiskUtil := proxyimgutil.NewDiskUtil(ctx)\n\terr = diskUtil.CreateDisk(ctx, dataDisk, diskSize)\n\tif err != nil {\n\t\trerr := os.RemoveAll(diskDir)\n\t\tif rerr != nil {\n\t\t\terr = errors.Join(err, fmt.Errorf(\"failed to remove a directory %q: %w\", diskDir, rerr))\n\t\t}\n\t\treturn fmt.Errorf(\"failed to create %s disk in %q: %w\", format, diskDir, err)\n\t}\n\n\treturn nil\n}\n\nfunc newDiskListCommand() *cobra.Command {\n\tdiskListCommand := &cobra.Command{\n\t\tUse: \"list\",\n\t\tExample: `\nTo list existing disks:\n$ limactl disk list\n`,\n\t\tShort: \"List existing Lima disks\",\n\t\tAliases: []string{\"ls\"},\n\t\tArgs: WrapArgsError(cobra.ArbitraryArgs),\n\t\tRunE: diskListAction,\n\t}\n\tdiskListCommand.Flags().Bool(\"json\", false, \"JSONify output\")\n\treturn diskListCommand\n}\n\nfunc nameMatches(nameName string, names []string) []string {\n\tmatches := []string{}\n\tfor _, name := range names {\n\t\tif name == nameName {\n\t\t\tmatches = append(matches, name)\n\t\t}\n\t}\n\treturn matches\n}\n\nfunc diskListAction(cmd *cobra.Command, args []string) error {\n\tjsonFormat, err := cmd.Flags().GetBool(\"json\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tallDisks, err := store.Disks()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdisks := []string{}\n\tif len(args) > 0 {\n\t\tfor _, arg := range args {\n\t\t\tmatches := nameMatches(arg, allDisks)\n\t\t\tif len(matches) > 0 {\n\t\t\t\tdisks = append(disks, matches...)\n\t\t\t} else {\n\t\t\t\tlogrus.Warnf(\"No disk matching %v found.\", arg)\n\t\t\t}\n\t\t}\n\t} else {\n\t\tdisks = allDisks\n\t}\n\n\tif jsonFormat {\n\t\tfor _, diskName := range disks {\n\t\t\tdisk, err := store.InspectDisk(diskName, nil)\n\t\t\tif err != nil {\n\t\t\t\tlogrus.WithError(err).Errorf(\"disk %q does not exist?\", diskName)\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tj, err := json.Marshal(disk)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tfmt.Fprintln(cmd.OutOrStdout(), string(j))\n\t\t}\n\t\treturn nil\n\t}\n\n\tw := tabwriter.NewWriter(cmd.OutOrStdout(), 4, 8, 4, ' ', 0)\n\tfmt.Fprintln(w, \"NAME\\tSIZE\\tFORMAT\\tDIR\\tIN-USE-BY\")\n\n\tif len(disks) == 0 {\n\t\tlogrus.Warn(\"No disk found. Run `limactl disk create DISK --size SIZE` to create a disk.\")\n\t}\n\n\tfor _, diskName := range disks {\n\t\tdisk, err := store.InspectDisk(diskName, nil)\n\t\tif err != nil {\n\t\t\tlogrus.WithError(err).Errorf(\"disk %q does not exist?\", diskName)\n\t\t\tcontinue\n\t\t}\n\t\tfmt.Fprintf(w, \"%s\\t%s\\t%s\\t%s\\t%s\\n\", disk.Name, units.BytesSize(float64(disk.Size)), disk.Format, disk.Dir, disk.Instance)\n\t}\n\n\treturn w.Flush()\n}\n\nfunc newDiskDeleteCommand() *cobra.Command {\n\tdiskDeleteCommand := &cobra.Command{\n\t\tUse: \"delete DISK [DISK, ...]\",\n\t\tExample: `\nTo delete a disk:\n$ limactl disk delete DISK\n\nTo delete multiple disks:\n$ limactl disk delete DISK1 DISK2 ...\n`,\n\t\tAliases: []string{\"remove\", \"rm\"},\n\t\tShort: \"Delete one or more Lima disks\",\n\t\tArgs: WrapArgsError(cobra.MinimumNArgs(1)),\n\t\tRunE: diskDeleteAction,\n\t\tValidArgsFunction: diskBashComplete,\n\t}\n\tdiskDeleteCommand.Flags().BoolP(\"force\", \"f\", false, \"Force delete\")\n\treturn diskDeleteCommand\n}\n\nfunc diskDeleteAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tforce, err := cmd.Flags().GetBool(\"force\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tinstNames, err := store.Instances()\n\tif err != nil {\n\t\treturn err\n\t}\n\tvar instances []*limatype.Instance\n\tfor _, instName := range instNames {\n\t\tinst, err := store.Inspect(ctx, instName)\n\t\tif err != nil {\n\t\t\tcontinue\n\t\t}\n\t\tinstances = append(instances, inst)\n\t}\n\n\tfor _, diskName := range args {\n\t\tdisk, err := store.InspectDisk(diskName, nil)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, fs.ErrNotExist) {\n\t\t\t\tlogrus.Warnf(\"Ignoring non-existent disk %q\", diskName)\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\treturn err\n\t\t}\n\n\t\tif !force {\n\t\t\tif disk.Instance != \"\" {\n\t\t\t\treturn fmt.Errorf(\"cannot delete disk %q in use by instance %q\", disk.Name, disk.Instance)\n\t\t\t}\n\t\t\tvar refInstances []string\n\t\t\tfor _, inst := range instances {\n\t\t\t\tfor _, d := range inst.AdditionalDisks {\n\t\t\t\t\tif d.Name == diskName {\n\t\t\t\t\t\trefInstances = append(refInstances, inst.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tif len(refInstances) > 0 {\n\t\t\t\tlogrus.Warnf(\"Skipping deleting disk %q, disk is referenced by one or more non-running instances: %q\",\n\t\t\t\t\tdiskName, refInstances)\n\t\t\t\tlogrus.Warnf(\"To delete anyway, run %q\", forceDeleteCommand(diskName))\n\t\t\t\tcontinue\n\t\t\t}\n\t\t}\n\n\t\tif err := deleteDisk(disk); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to delete disk %q: %w\", diskName, err)\n\t\t}\n\t\tlogrus.Infof(\"Deleted %q (%q)\", diskName, disk.Dir)\n\t}\n\treturn nil\n}\n\nfunc deleteDisk(disk *store.Disk) error {\n\tif err := os.RemoveAll(disk.Dir); err != nil {\n\t\treturn fmt.Errorf(\"failed to remove %q: %w\", disk.Dir, err)\n\t}\n\treturn nil\n}\n\nfunc forceDeleteCommand(diskName string) string {\n\treturn fmt.Sprintf(\"limactl disk delete --force %v\", diskName)\n}\n\nfunc newDiskUnlockCommand() *cobra.Command {\n\tdiskUnlockCommand := &cobra.Command{\n\t\tUse: \"unlock DISK [DISK, ...]\",\n\t\tExample: `\nEmergency recovery! If an instance is force stopped, it may leave a disk locked while not actually using it.\n\nTo unlock a disk:\n$ limactl disk unlock DISK\n\nTo unlock multiple disks:\n$ limactl disk unlock DISK1 DISK2 ...\n`,\n\t\tShort: \"Unlock one or more Lima disks\",\n\t\tArgs: WrapArgsError(cobra.MinimumNArgs(1)),\n\t\tRunE: diskUnlockAction,\n\t\tValidArgsFunction: diskBashComplete,\n\t}\n\treturn diskUnlockCommand\n}\n\nfunc diskUnlockAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tfor _, diskName := range args {\n\t\tdisk, err := store.InspectDisk(diskName, nil)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, fs.ErrNotExist) {\n\t\t\t\tlogrus.Warnf(\"Ignoring non-existent disk %q\", diskName)\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\treturn err\n\t\t}\n\t\tif disk.Instance == \"\" {\n\t\t\tlogrus.Warnf(\"Ignoring unlocked disk %q\", diskName)\n\t\t\tcontinue\n\t\t}\n\t\t// if store.Inspect throws an error, the instance does not exist, and it is safe to unlock\n\t\tinst, err := store.Inspect(ctx, disk.Instance)\n\t\tif err == nil {\n\t\t\tif len(inst.Errors) > 0 {\n\t\t\t\tlogrus.Warnf(\"Cannot unlock disk %q, attached instance %q has errors: %+v\",\n\t\t\t\t\tdiskName, disk.Instance, inst.Errors)\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif inst.Status == limatype.StatusRunning {\n\t\t\t\tlogrus.Warnf(\"Cannot unlock disk %q used by running instance %q\", diskName, disk.Instance)\n\t\t\t\tcontinue\n\t\t\t}\n\t\t}\n\t\tif err := disk.Unlock(); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to unlock disk %q: %w\", diskName, err)\n\t\t}\n\t\tlogrus.Infof(\"Unlocked disk %q (%q)\", diskName, disk.Dir)\n\t}\n\treturn nil\n}\n\nfunc newDiskResizeCommand() *cobra.Command {\n\tdiskResizeCommand := &cobra.Command{\n\t\tUse: \"resize DISK\",\n\t\tExample: `\nResize a disk:\n$ limactl disk resize DISK --size SIZE`,\n\t\tShort: \"Resize existing Lima disk\",\n\t\tArgs: WrapArgsError(cobra.ExactArgs(1)),\n\t\tRunE: diskResizeAction,\n\t\tValidArgsFunction: diskBashComplete,\n\t}\n\tdiskResizeCommand.Flags().String(\"size\", \"\", \"Disk size\")\n\t_ = diskResizeCommand.MarkFlagRequired(\"size\")\n\treturn diskResizeCommand\n}\n\nfunc diskResizeAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tsize, err := cmd.Flags().GetString(\"size\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdiskSize, err := units.RAMInBytes(size)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdiskName := args[0]\n\tdisk, err := store.InspectDisk(diskName, nil)\n\tif err != nil {\n\t\tif errors.Is(err, fs.ErrNotExist) {\n\t\t\treturn fmt.Errorf(\"disk %q does not exists\", diskName)\n\t\t}\n\t\treturn err\n\t}\n\n\t// Shrinking can cause a disk failure\n\tif diskSize < disk.Size {\n\t\treturn fmt.Errorf(\"specified size %q is less than the current disk size %q. Disk shrinking is currently unavailable\", units.BytesSize(float64(diskSize)), units.BytesSize(float64(disk.Size)))\n\t}\n\n\tif disk.Instance != \"\" {\n\t\tinst, err := store.Inspect(ctx, disk.Instance)\n\t\tif err == nil {\n\t\t\tif inst.Status == limatype.StatusRunning {\n\t\t\t\treturn fmt.Errorf(\"cannot resize disk %q used by running instance %q. Please stop the VM instance\", diskName, disk.Instance)\n\t\t\t}\n\t\t}\n\t}\n\n\t// qemu may not be available, use it only if needed.\n\tdataDisk := filepath.Join(disk.Dir, filenames.DataDisk)\n\tdiskUtil := proxyimgutil.NewDiskUtil(ctx)\n\terr = diskUtil.ResizeDisk(ctx, dataDisk, diskSize)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to resize disk %q: %w\", diskName, err)\n\t}\n\n\tlogrus.Infof(\"Resized disk %q (%q)\", diskName, disk.Dir)\n\treturn nil\n}\n\nfunc diskBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteDiskNames(cmd)\n}\n\nfunc newDiskImportCommand() *cobra.Command {\n\tdiskImportCommand := &cobra.Command{\n\t\tUse: \"import DISK FILE\",\n\t\tExample: `\nImport a disk:\n$ limactl disk import DISK DISKPATH\n`,\n\t\tShort: \"Import an existing disk to Lima\",\n\t\tArgs: WrapArgsError(cobra.ExactArgs(2)),\n\t\tRunE: diskImportAction,\n\t\tValidArgsFunction: diskBashComplete,\n\t}\n\treturn diskImportCommand\n}\n\nfunc diskImportAction(_ *cobra.Command, args []string) error {\n\tdiskName := args[0]\n\tfName := args[1]\n\n\tdiskDir, err := store.DiskDir(diskName)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif _, err := os.Stat(diskDir); !errors.Is(err, fs.ErrNotExist) {\n\t\treturn fmt.Errorf(\"disk %q already exists (%q)\", diskName, diskDir)\n\t}\n\n\tf, err := os.Open(fName)\n\tif err != nil {\n\t\treturn err\n\t}\n\tdefer f.Close()\n\n\timg, err := qcow2reader.Open(f)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tdiskSize := img.Size()\n\tformat := img.Type()\n\n\tswitch format {\n\tcase \"qcow2\", \"raw\":\n\tdefault:\n\t\treturn fmt.Errorf(`disk format %q not supported, use \"qcow2\" or \"raw\" instead`, format)\n\t}\n\n\tif err := os.MkdirAll(diskDir, 0o755); err != nil {\n\t\treturn err\n\t}\n\n\tif err := contfs.CopyFile(filepath.Join(diskDir, filenames.DataDisk), fName); err != nil {\n\t\treturn nil\n\t}\n\n\tlogrus.Infof(\"Imported %s with size %s\", diskName, units.BytesSize(float64(diskSize)))\n\n\treturn nil\n}\n" }, { "path": "cmd/limactl/edit.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"bytes\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/cmd/limactl/editflags\"\n\t\"github.com/lima-vm/lima/v2/pkg/autostart\"\n\t\"github.com/lima-vm/lima/v2/pkg/driverutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/editutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/instance\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/dirnames\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/filenames\"\n\t\"github.com/lima-vm/lima/v2/pkg/limayaml\"\n\t\"github.com/lima-vm/lima/v2/pkg/networks/reconcile\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n\t\"github.com/lima-vm/lima/v2/pkg/uiutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/yqutil\"\n)\n\nfunc newEditCommand() *cobra.Command {\n\teditCommand := &cobra.Command{\n\t\tUse: \"edit INSTANCE|FILE.yaml\",\n\t\tShort: \"Edit an instance of Lima or a template\",\n\t\tArgs: WrapArgsError(cobra.MaximumNArgs(1)),\n\t\tRunE: editAction,\n\t\tValidArgsFunction: editBashComplete,\n\t\tGroupID: basicCommand,\n\t}\n\teditCommand.Flags().Bool(\"start\", false, \"Start the instance after editing\")\n\teditflags.RegisterEdit(editCommand, \"\")\n\treturn editCommand\n}\n\nfunc editAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tvar arg string\n\tif len(args) > 0 {\n\t\targ = args[0]\n\t}\n\n\tvar filePath string\n\tvar err error\n\tvar inst *limatype.Instance\n\n\tif arg == \"\" {\n\t\targ = DefaultInstanceName\n\t}\n\tif err := dirnames.ValidateInstName(arg); err == nil {\n\t\tinst, err = store.Inspect(ctx, arg)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, os.ErrNotExist) {\n\t\t\t\treturn fmt.Errorf(\"instance %q not found\", arg)\n\t\t\t}\n\t\t\treturn err\n\t\t}\n\t\tif inst.Status == limatype.StatusRunning {\n\t\t\treturn errors.New(\"cannot edit a running instance\")\n\t\t}\n\t\tfilePath = filepath.Join(inst.Dir, filenames.LimaYAML)\n\t} else {\n\t\t// absolute path is required for `limayaml.Validate`\n\t\tfilePath, err = filepath.Abs(arg)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tyContent, err := os.ReadFile(filePath)\n\tif err != nil {\n\t\treturn err\n\t}\n\tflags := cmd.Flags()\n\ttty, err := flags.GetBool(\"tty\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tyqExprs, err := editflags.YQExpressions(flags, false)\n\tif err != nil {\n\t\treturn err\n\t}\n\tvar yBytes []byte\n\tif len(yqExprs) > 0 {\n\t\tyq := yqutil.Join(yqExprs)\n\t\tyBytes, err = yqutil.EvaluateExpression(yq, yContent)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t} else if tty {\n\t\tvar hdr string\n\t\tif inst != nil {\n\t\t\thdr = fmt.Sprintf(\"# Please edit the following configuration for Lima instance %q\\n\", inst.Name)\n\t\t} else {\n\t\t\thdr = fmt.Sprintf(\"# Please edit the following configuration %q\\n\", filePath)\n\t\t}\n\t\thdr += \"# and an empty file will abort the edit.\\n\"\n\t\thdr += \"\\n\"\n\t\thdr += editutil.GenerateEditorWarningHeader()\n\t\tyBytes, err = editutil.OpenEditor(ctx, yContent, hdr)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\tif len(yBytes) == 0 {\n\t\tlogrus.Info(\"Aborting, as requested by saving the file with empty content\")\n\t\treturn nil\n\t}\n\tif bytes.Equal(yBytes, yContent) {\n\t\tlogrus.Info(\"Aborting, no changes made to the instance\")\n\t\treturn nil\n\t}\n\ty, err := limayaml.LoadWithWarnings(ctx, yBytes, filePath)\n\tif err != nil {\n\t\treturn err\n\t}\n\tif err := driverutil.ResolveVMType(ctx, y, filePath); err != nil {\n\t\treturn fmt.Errorf(\"failed to resolve vm for %q: %w\", filePath, err)\n\t}\n\tif err := limayaml.Validate(y, true); err != nil {\n\t\treturn saveRejectedYAML(yBytes, err)\n\t}\n\n\tif err := limayaml.ValidateAgainstLatestConfig(ctx, yBytes, yContent); err != nil {\n\t\treturn saveRejectedYAML(yBytes, err)\n\t}\n\n\tif err := os.WriteFile(filePath, yBytes, 0o644); err != nil {\n\t\treturn err\n\t}\n\n\tif inst != nil {\n\t\tlogrus.Infof(\"Instance %q configuration edited\", inst.Name)\n\t}\n\n\tif inst == nil {\n\t\t// edited a limayaml file directly\n\t\treturn nil\n\t}\n\n\tstart, err := flags.GetBool(\"start\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif tty && !flags.Changed(\"start\") {\n\t\tstart, err = askWhetherToStart(cmd)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\tif !start {\n\t\treturn nil\n\t}\n\t// Network reconciliation will be performed by the process launched by the autostart manager\n\tif registered, err := autostart.IsRegistered(ctx, inst); err != nil && !errors.Is(err, autostart.ErrNotSupported) {\n\t\treturn fmt.Errorf(\"failed to check if the autostart entry for instance %q is registered: %w\", inst.Name, err)\n\t} else if !registered {\n\t\terr = reconcile.Reconcile(ctx, inst.Name)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\t// store.Inspect() syncs values between inst.YAML and the store.\n\t// This call applies the validated template to the store.\n\tinst, err = store.Inspect(ctx, inst.Name)\n\tif err != nil {\n\t\treturn err\n\t}\n\treturn instance.Start(ctx, inst, false, false)\n}\n\nfunc askWhetherToStart(cmd *cobra.Command) (bool, error) {\n\tisTTY := uiutil.InputIsTTY(cmd.InOrStdin())\n\tif isTTY {\n\t\tmessage := \"Do you want to start the instance now? \"\n\t\treturn uiutil.Confirm(message, true)\n\t}\n\treturn false, nil\n}\n\nfunc editBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n\n// saveRejectedYAML writes the rejected config and returns an error.\nfunc saveRejectedYAML(y []byte, origErr error) error {\n\trejectedYAML := \"lima.REJECTED.yaml\"\n\tif writeErr := os.WriteFile(rejectedYAML, y, 0o644); writeErr != nil {\n\t\treturn fmt.Errorf(\"the YAML is invalid, attempted to save the buffer as %q but failed: %w\", rejectedYAML, errors.Join(writeErr, origErr))\n\t}\n\t// TODO: may need to support editing the rejected YAML\n\treturn fmt.Errorf(\"the YAML is invalid, saved the buffer as %q: %w\", rejectedYAML, origErr)\n}\n" }, { "path": "cmd/limactl/editflags/editflags.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage editflags\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"math/bits\"\n\t\"runtime\"\n\t\"slices\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"github.com/pbnjay/memory\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\tflag \"github.com/spf13/pflag\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/localpathutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/registry\"\n)\n\n// RegisterEdit registers flags related to in-place YAML modification, for `limactl edit`.\nfunc RegisterEdit(cmd *cobra.Command, commentPrefix string) {\n\tflags := cmd.Flags()\n\n\tflags.Int(\"cpus\", 0, commentPrefix+\"Number of CPUs\") // Similar to colima's --cpu, but the flag name is slightly different (cpu vs cpus)\n\t_ = cmd.RegisterFlagCompletionFunc(\"cpus\", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {\n\t\tvar res []string\n\t\tfor _, f := range completeCPUs(runtime.NumCPU()) {\n\t\t\tres = append(res, strconv.Itoa(f))\n\t\t}\n\t\treturn res, cobra.ShellCompDirectiveNoFileComp\n\t})\n\n\tflags.IPSlice(\"dns\", nil, commentPrefix+\"Specify custom DNS (disable host resolver)\") // colima-compatible\n\n\tflags.Float32(\"memory\", 0, commentPrefix+\"Memory in GiB\") // colima-compatible\n\t_ = cmd.RegisterFlagCompletionFunc(\"memory\", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {\n\t\tvar res []string\n\t\tfor _, f := range completeMemoryGiB(memory.TotalMemory()) {\n\t\t\tres = append(res, fmt.Sprintf(\"%.1f\", f))\n\t\t}\n\t\treturn res, cobra.ShellCompDirectiveNoFileComp\n\t})\n\n\tflags.StringSlice(\"mount\", nil, commentPrefix+\"Directories to mount, suffix ':w' for writable (Do not specify directories that overlap with the existing mounts)\") // colima-compatible\n\tflags.StringSlice(\"mount-only\", nil, commentPrefix+\"Similar to --mount, but overrides the existing mounts\")\n\n\tflags.Bool(\"mount-none\", false, commentPrefix+\"Remove all mounts\")\n\n\tflags.String(\"mount-type\", \"\", commentPrefix+\"Mount type (reverse-sshfs, 9p, virtiofs)\") // Similar to colima's --mount-type=(sshfs|9p|virtiofs), but \"reverse-sshfs\" is Lima is called \"sshfs\" in colima\n\t_ = cmd.RegisterFlagCompletionFunc(\"mount-type\", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {\n\t\treturn []string{\"reverse-sshfs\", \"9p\", \"virtiofs\"}, cobra.ShellCompDirectiveNoFileComp\n\t})\n\n\tflags.Bool(\"mount-writable\", false, commentPrefix+\"Make all mounts writable\")\n\tflags.Bool(\"mount-inotify\", false, commentPrefix+\"Enable inotify for mounts\")\n\n\tflags.StringSlice(\"network\", nil, commentPrefix+\"Additional networks, e.g., \\\"vzNAT\\\" or \\\"lima:shared\\\" to assign vmnet IP\")\n\t_ = cmd.RegisterFlagCompletionFunc(\"network\", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {\n\t\t// TODO: retrieve the lima:* network list from networks.yaml\n\t\treturn []string{\"lima:shared\", \"lima:bridged\", \"lima:host\", \"lima:user-v2\", \"vzNAT\"}, cobra.ShellCompDirectiveNoFileComp\n\t})\n\n\tflags.Bool(\"nested-virt\", false, commentPrefix+\"Enable nested virtualization\")\n\n\tflags.Bool(\"rosetta\", false, commentPrefix+\"Enable Rosetta (for vz instances)\")\n\n\tflags.StringArray(\"set\", []string{}, commentPrefix+\"Modify the template inplace, using yq syntax. Can be passed multiple times.\")\n\n\tflags.Uint16(\"ssh-port\", 0, commentPrefix+\"SSH port (0 for random)\") // colima-compatible\n\t_ = cmd.RegisterFlagCompletionFunc(\"ssh-port\", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {\n\t\t// Until Lima v2.0, 60022 was the default SSH port for the instance named \"default\".\n\t\treturn []string{\"60022\"}, cobra.ShellCompDirectiveNoFileComp\n\t})\n\n\t// negative performance impact: https://gitlab.com/qemu-project/qemu/-/issues/334\n\tflags.Bool(\"video\", false, commentPrefix+\"Enable video output (has negative performance impact for QEMU)\")\n\n\tflags.Float32(\"disk\", 0, commentPrefix+\"Disk size in GiB\") // colima-compatible\n\t_ = cmd.RegisterFlagCompletionFunc(\"disk\", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {\n\t\treturn []string{\"10\", \"30\", \"50\", \"100\", \"200\"}, cobra.ShellCompDirectiveNoFileComp\n\t})\n\n\tflags.String(\"vm-type\", \"\", commentPrefix+\"Virtual machine type\")\n\t_ = cmd.RegisterFlagCompletionFunc(\"vm-type\", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {\n\t\tvar drivers []string\n\t\tfor k := range registry.List() {\n\t\t\tdrivers = append(drivers, k)\n\t\t}\n\t\treturn drivers, cobra.ShellCompDirectiveNoFileComp\n\t})\n}\n\n// RegisterCreate registers flags related to in-place YAML modification, for `limactl create`.\nfunc RegisterCreate(cmd *cobra.Command, commentPrefix string) {\n\tRegisterEdit(cmd, commentPrefix)\n\tflags := cmd.Flags()\n\n\tflags.String(\"arch\", \"\", commentPrefix+\"Machine architecture (x86_64, aarch64, riscv64, armv7l, s390x, ppc64le)\") // colima-compatible\n\t_ = cmd.RegisterFlagCompletionFunc(\"arch\", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {\n\t\treturn []string{\"x86_64\", \"aarch64\", \"riscv64\", \"armv7l\", \"s390x\", \"ppc64le\"}, cobra.ShellCompDirectiveNoFileComp\n\t})\n\n\tflags.String(\"containerd\", \"\", commentPrefix+\"containerd mode (user, system, user+system, none)\")\n\t_ = cmd.RegisterFlagCompletionFunc(\"containerd\", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {\n\t\treturn []string{\"user\", \"system\", \"user+system\", \"none\"}, cobra.ShellCompDirectiveNoFileComp\n\t})\n\n\tflags.Bool(\"plain\", false, commentPrefix+\"Plain mode. Disables mounts, port forwarding, containerd, etc.\")\n\n\tflags.StringArray(\"port-forward\", nil, commentPrefix+\"Port forwards (host:guest), e.g., '8080:80' or '9090:9090,static=true' for static port-forwards\")\n\t_ = cmd.RegisterFlagCompletionFunc(\"port-forward\", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {\n\t\treturn []string{\"8080:80\", \"3000:3000\", \"8080:80,static=true\"}, cobra.ShellCompDirectiveNoFileComp\n\t})\n}\n\nfunc defaultExprFunc(expr string) func(v *flag.Flag) ([]string, error) {\n\treturn func(v *flag.Flag) ([]string, error) {\n\t\treturn []string{fmt.Sprintf(expr, v.Value)}, nil\n\t}\n}\n\nfunc ParsePortForward(spec string) (hostPort, guestPort string, isStatic bool, err error) {\n\tparts := strings.Split(spec, \",\")\n\tif len(parts) > 2 {\n\t\treturn \"\", \"\", false, fmt.Errorf(\"invalid port forward format %q, expected HOST:GUEST or HOST:GUEST,static=true\", spec)\n\t}\n\n\tportParts := strings.Split(strings.TrimSpace(parts[0]), \":\")\n\tif len(portParts) != 2 {\n\t\treturn \"\", \"\", false, fmt.Errorf(\"invalid port forward format %q, expected HOST:GUEST\", parts[0])\n\t}\n\n\thostPort = strings.TrimSpace(portParts[0])\n\tguestPort = strings.TrimSpace(portParts[1])\n\n\tif len(parts) == 2 {\n\t\tstaticPart := strings.TrimSpace(parts[1])\n\t\tif staticValue, ok := strings.CutPrefix(staticPart, \"static=\"); ok {\n\t\t\tisStatic, err = strconv.ParseBool(staticValue)\n\t\t\tif err != nil {\n\t\t\t\treturn \"\", \"\", false, fmt.Errorf(\"invalid value for static parameter: %q\", staticValue)\n\t\t\t}\n\t\t} else {\n\t\t\treturn \"\", \"\", false, fmt.Errorf(\"invalid parameter %q, expected 'static=' followed by a boolean value\", staticPart)\n\t\t}\n\t}\n\n\treturn hostPort, guestPort, isStatic, nil\n}\n\nfunc BuildPortForwardExpression(portForwards []string) (string, error) {\n\tif len(portForwards) == 0 {\n\t\treturn \"\", nil\n\t}\n\n\tports := make([]string, len(portForwards))\n\tfor i, spec := range portForwards {\n\t\thostPort, guestPort, isStatic, err := ParsePortForward(spec)\n\t\tif err != nil {\n\t\t\treturn \"\", err\n\t\t}\n\t\tports[i] = fmt.Sprintf(`{\"guestPort\": %q, \"hostPort\": %q, \"static\": %v}`, guestPort, hostPort, isStatic)\n\t}\n\texpr := fmt.Sprintf(\".portForwards += [%s]\", strings.Join(ports, \",\"))\n\treturn expr, nil\n}\n\nfunc buildMountListExpression(ss []string) (string, error) {\n\tmounts := make([]string, len(ss))\n\tfor i, s := range ss {\n\t\twritable := strings.HasSuffix(s, \":w\")\n\t\tloc, err := localpathutil.Expand(strings.TrimSuffix(s, \":w\"))\n\t\tif err != nil {\n\t\t\treturn \"\", err\n\t\t}\n\t\tmounts[i] = fmt.Sprintf(`{\"location\": %q, \"mountPoint\": %q, \"writable\": %v}`, loc, loc, writable)\n\t}\n\texpr := fmt.Sprintf(\"[%s]\", strings.Join(mounts, \",\"))\n\treturn expr, nil\n}\n\n// YQExpressions returns YQ expressions.\nfunc YQExpressions(flags *flag.FlagSet, newInstance bool) ([]string, error) {\n\ttype def struct {\n\t\tflagName string\n\t\texprFunc func(*flag.Flag) ([]string, error)\n\t\tonlyValidForNewInstances bool\n\t\texperimental bool\n\t}\n\td := defaultExprFunc\n\tdefs := []def{\n\t\t{\n\t\t\t\"cpus\",\n\t\t\tfunc(_ *flag.Flag) ([]string, error) {\n\t\t\t\tnumCpus, err := flags.GetInt(\"cpus\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tif numCpus < 0 {\n\t\t\t\t\treturn nil, errors.New(\"invalid value for number of cpus, must be >= 0\")\n\t\t\t\t}\n\t\t\t\treturn []string{fmt.Sprintf(\".cpus = %d\", numCpus)}, nil\n\t\t\t},\n\t\t\tfalse,\n\t\t\tfalse,\n\t\t},\n\t\t{\n\t\t\t\"dns\",\n\t\t\tfunc(_ *flag.Flag) ([]string, error) {\n\t\t\t\tipSlice, err := flags.GetIPSlice(\"dns\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tips := make([]string, len(ipSlice))\n\t\t\t\tfor i, ip := range ipSlice {\n\t\t\t\t\tips[i] = `\"` + ip.String() + `\"`\n\t\t\t\t}\n\t\t\t\texpr := fmt.Sprintf(\".dns += [%s] | .dns |= unique | .hostResolver.enabled=false\", strings.Join(ips, \",\"))\n\t\t\t\tlogrus.Warnf(\"Disabling HostResolver, as custom DNS addresses (%v) are specified\", ipSlice)\n\t\t\t\treturn []string{expr}, nil\n\t\t\t},\n\t\t\tfalse,\n\t\t\tfalse,\n\t\t},\n\t\t{\"memory\", d(\".memory = \\\"%sGiB\\\"\"), false, false},\n\t\t{\n\t\t\t\"mount\",\n\t\t\tfunc(_ *flag.Flag) ([]string, error) {\n\t\t\t\tss, err := flags.GetStringSlice(\"mount\")\n\t\t\t\tslices.Reverse(ss)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tmountListExpr, err := buildMountListExpression(ss)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\t// mount options take precedence over template settings\n\t\t\t\texpr := fmt.Sprintf(\".mounts = %s + .mounts\", mountListExpr)\n\t\t\t\tmountOnly, err := flags.GetStringSlice(\"mount-only\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tif len(mountOnly) > 0 {\n\t\t\t\t\treturn nil, errors.New(\"flag `--mount` conflicts with `--mount-only`\")\n\t\t\t\t}\n\t\t\t\treturn []string{expr}, nil\n\t\t\t},\n\t\t\tfalse,\n\t\t\tfalse,\n\t\t},\n\t\t{\n\t\t\t\"mount-only\",\n\t\t\tfunc(_ *flag.Flag) ([]string, error) {\n\t\t\t\tss, err := flags.GetStringSlice(\"mount-only\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tmountListExpr, err := buildMountListExpression(ss)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\texpr := `.mounts = ` + mountListExpr\n\t\t\t\treturn []string{expr}, nil\n\t\t\t},\n\t\t\tfalse,\n\t\t\tfalse,\n\t\t},\n\t\t{\n\t\t\t\"mount-none\",\n\t\t\tfunc(_ *flag.Flag) ([]string, error) {\n\t\t\t\tincompatibleFlagNames := []string{\"mount\", \"mount-only\"}\n\t\t\t\tfor _, name := range incompatibleFlagNames {\n\t\t\t\t\tss, err := flags.GetStringSlice(name)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn nil, err\n\t\t\t\t\t}\n\t\t\t\t\tif len(ss) > 0 {\n\t\t\t\t\t\treturn nil, errors.New(\"flag `--mount-none` conflicts with `\" + name + \"`\")\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\treturn []string{\".mounts = null\"}, nil\n\t\t\t},\n\t\t\tfalse,\n\t\t\tfalse,\n\t\t},\n\t\t{\"mount-type\", d(\".mountType = %q\"), false, false},\n\t\t{\"vm-type\", d(\".vmType = %q\"), false, false},\n\t\t{\"mount-inotify\", d(\".mountInotify = %s\"), false, true},\n\t\t{\"mount-writable\", d(\".mounts[].writable = %s\"), false, false},\n\t\t{\n\t\t\t\"network\",\n\t\t\tfunc(_ *flag.Flag) ([]string, error) {\n\t\t\t\tss, err := flags.GetStringSlice(\"network\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tnetworks := make([]string, len(ss))\n\t\t\t\tfor i, s := range ss {\n\t\t\t\t\t// CLI syntax is still experimental (YAML syntax is out of experimental)\n\t\t\t\t\tswitch {\n\t\t\t\t\tcase s == \"vzNAT\":\n\t\t\t\t\t\tnetworks[i] = `{\"vzNAT\": true}`\n\t\t\t\t\tcase strings.HasPrefix(s, \"lima:\"):\n\t\t\t\t\t\tnetwork := strings.TrimPrefix(s, \"lima:\")\n\t\t\t\t\t\tnetworks[i] = fmt.Sprintf(`{\"lima\": %q}`, network)\n\t\t\t\t\tdefault:\n\t\t\t\t\t\treturn nil, fmt.Errorf(`network name must be \"vzNAT\" or \"lima:*\", got %q`, s)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\texpr := fmt.Sprintf(`.networks += [%s] | .networks |= unique_by(.lima)`, strings.Join(networks, \",\"))\n\t\t\t\treturn []string{expr}, nil\n\t\t\t},\n\t\t\tfalse,\n\t\t\tfalse,\n\t\t},\n\n\t\t{\"nested-virt\", d(\".nestedVirtualization = %s\"), false, false},\n\t\t{\n\t\t\t\"rosetta\",\n\t\t\tfunc(_ *flag.Flag) ([]string, error) {\n\t\t\t\tb, err := flags.GetBool(\"rosetta\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\treturn []string{fmt.Sprintf(\".vmOpts.vz.rosetta.enabled = %v | .vmOpts.vz.rosetta.binfmt = %v\", b, b)}, nil\n\t\t\t},\n\t\t\tfalse,\n\t\t\tfalse,\n\t\t},\n\t\t{\"set\", func(v *flag.Flag) ([]string, error) {\n\t\t\treturn v.Value.(flag.SliceValue).GetSlice(), nil\n\t\t}, false, false},\n\t\t{\n\t\t\t\"video\",\n\t\t\tfunc(_ *flag.Flag) ([]string, error) {\n\t\t\t\tb, err := flags.GetBool(\"video\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tif b {\n\t\t\t\t\treturn []string{\".video.display = \\\"default\\\"\"}, nil\n\t\t\t\t}\n\t\t\t\treturn []string{\".video.display = \\\"none\\\"\"}, nil\n\t\t\t},\n\t\t\tfalse,\n\t\t\tfalse,\n\t\t},\n\t\t{\"ssh-port\", d(\".ssh.localPort = %s\"), false, false},\n\t\t{\"arch\", d(\".arch = %q\"), true, false},\n\t\t{\n\t\t\t\"containerd\",\n\t\t\tfunc(_ *flag.Flag) ([]string, error) {\n\t\t\t\ts, err := flags.GetString(\"containerd\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tswitch s {\n\t\t\t\tcase \"user\":\n\t\t\t\t\treturn []string{`.containerd.user = true | .containerd.system = false`}, nil\n\t\t\t\tcase \"system\":\n\t\t\t\t\treturn []string{`.containerd.user = false | .containerd.system = true`}, nil\n\t\t\t\tcase \"user+system\", \"system+user\":\n\t\t\t\t\treturn []string{`.containerd.user = true | .containerd.system = true`}, nil\n\t\t\t\tcase \"none\":\n\t\t\t\t\treturn []string{`.containerd.user = false | .containerd.system = false`}, nil\n\t\t\t\tdefault:\n\t\t\t\t\treturn nil, fmt.Errorf(`expected one of [\"user\", \"system\", \"user+system\", \"none\"], got %q`, s)\n\t\t\t\t}\n\t\t\t},\n\t\t\ttrue,\n\t\t\tfalse,\n\t\t},\n\t\t{\"disk\", d(\".disk= \\\"%sGiB\\\"\"), false, false},\n\t\t{\"plain\", d(\".plain = %s\"), true, false},\n\t\t{\n\t\t\t\"port-forward\",\n\t\t\tfunc(_ *flag.Flag) ([]string, error) {\n\t\t\t\tss, err := flags.GetStringArray(\"port-forward\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\tvalue, err := BuildPortForwardExpression(ss)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t\treturn []string{value}, nil\n\t\t\t},\n\t\t\tfalse,\n\t\t\tfalse,\n\t\t},\n\t}\n\tvar exprs []string\n\tfor _, def := range defs {\n\t\tv := flags.Lookup(def.flagName)\n\t\tif v != nil && v.Changed {\n\t\t\tif def.experimental {\n\t\t\t\tlogrus.Warnf(\"`--%s` is experimental\", def.flagName)\n\t\t\t}\n\t\t\tif def.onlyValidForNewInstances && !newInstance {\n\t\t\t\tlogrus.Warnf(\"`--%s` is not applicable to an existing instance (Hint: create a new instance with `limactl create --%s=%s --name=NAME`)\",\n\t\t\t\t\tdef.flagName, def.flagName, v.Value.String())\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tnewExprs, err := def.exprFunc(v)\n\t\t\tif err != nil {\n\t\t\t\treturn exprs, fmt.Errorf(\"error while processing flag %q: %w\", def.flagName, err)\n\t\t\t}\n\t\t\texprs = append(exprs, newExprs...)\n\t\t}\n\t}\n\treturn exprs, nil\n}\n\nfunc isPowerOfTwo(x int) bool {\n\treturn bits.OnesCount(uint(x)) == 1\n}\n\nfunc completeCPUs(hostCPUs int) []int {\n\tvar res []int\n\tfor i := 1; i <= hostCPUs; i *= 2 {\n\t\tres = append(res, i)\n\t}\n\tif !isPowerOfTwo(hostCPUs) {\n\t\tres = append(res, hostCPUs)\n\t}\n\treturn res\n}\n\nfunc completeMemoryGiB(hostMemory uint64) []float32 {\n\thostMemoryHalfGiB := int(hostMemory / 2 / 1024 / 1024 / 1024)\n\tvar res []float32\n\tif hostMemoryHalfGiB < 1 {\n\t\tres = append(res, 0.5)\n\t}\n\tfor i := 1; i <= hostMemoryHalfGiB; i *= 2 {\n\t\tres = append(res, float32(i))\n\t}\n\tif hostMemoryHalfGiB > 1 && !isPowerOfTwo(hostMemoryHalfGiB) {\n\t\tres = append(res, float32(hostMemoryHalfGiB))\n\t}\n\treturn res\n}\n" }, { "path": "cmd/limactl/editflags/editflags_test.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage editflags\n\nimport (\n\t\"strings\"\n\t\"testing\"\n\n\t\"github.com/spf13/cobra\"\n\t\"gotest.tools/v3/assert\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/localpathutil\"\n)\n\nfunc TestCompleteCPUs(t *testing.T) {\n\tassert.DeepEqual(t, []int{1}, completeCPUs(1))\n\tassert.DeepEqual(t, []int{1, 2}, completeCPUs(2))\n\tassert.DeepEqual(t, []int{1, 2, 4, 8}, completeCPUs(8))\n\tassert.DeepEqual(t, []int{1, 2, 4, 8, 16, 20}, completeCPUs(20))\n}\n\nfunc TestCompleteMemoryGiB(t *testing.T) {\n\tassert.DeepEqual(t, []float32{0.5}, completeMemoryGiB(1<<30))\n\tassert.DeepEqual(t, []float32{1}, completeMemoryGiB(2<<30))\n\tassert.DeepEqual(t, []float32{1, 2}, completeMemoryGiB(4<<30))\n\tassert.DeepEqual(t, []float32{1, 2, 4}, completeMemoryGiB(8<<30))\n\tassert.DeepEqual(t, []float32{1, 2, 4, 8, 10}, completeMemoryGiB(20<<30))\n}\n\nfunc TestBuildPortForwardExpression(t *testing.T) {\n\ttests := []struct {\n\t\tname string\n\t\tportForwards []string\n\t\texpected string\n\t\texpectError bool\n\t}{\n\t\t{\n\t\t\tname: \"empty port forwards\",\n\t\t\tportForwards: []string{},\n\t\t\texpected: \"\",\n\t\t},\n\t\t{\n\t\t\tname: \"single dynamic port forward\",\n\t\t\tportForwards: []string{\"8080:80\"},\n\t\t\texpected: `.portForwards += [{\"guestPort\": \"80\", \"hostPort\": \"8080\", \"static\": false}]`,\n\t\t},\n\t\t{\n\t\t\tname: \"single static port forward\",\n\t\t\tportForwards: []string{\"8080:80,static=true\"},\n\t\t\texpected: `.portForwards += [{\"guestPort\": \"80\", \"hostPort\": \"8080\", \"static\": true}]`,\n\t\t},\n\t\t{\n\t\t\tname: \"multiple mixed port forwards\",\n\t\t\tportForwards: []string{\"8080:80\", \"2222:22,static=true\", \"3000:3000\"},\n\t\t\texpected: `.portForwards += [{\"guestPort\": \"80\", \"hostPort\": \"8080\", \"static\": false},{\"guestPort\": \"22\", \"hostPort\": \"2222\", \"static\": true},{\"guestPort\": \"3000\", \"hostPort\": \"3000\", \"static\": false}]`,\n\t\t},\n\t\t{\n\t\t\tname: \"invalid format - missing colon\",\n\t\t\tportForwards: []string{\"8080\"},\n\t\t\texpectError: true,\n\t\t},\n\t\t{\n\t\t\tname: \"invalid format - too many colons\",\n\t\t\tportForwards: []string{\"8080:80:extra\"},\n\t\t\texpectError: true,\n\t\t},\n\t\t{\n\t\t\tname: \"invalid static parameter\",\n\t\t\tportForwards: []string{\"8080:80,invalid=true\"},\n\t\t\texpectError: true,\n\t\t},\n\t\t{\n\t\t\tname: \"too many parameters\",\n\t\t\tportForwards: []string{\"8080:80,static=true,extra=value\"},\n\t\t\texpectError: true,\n\t\t},\n\t\t{\n\t\t\tname: \"whitespace handling\",\n\t\t\tportForwards: []string{\" 8080 : 80 , static=true \"},\n\t\t\texpected: `.portForwards += [{\"guestPort\": \"80\", \"hostPort\": \"8080\", \"static\": true}]`,\n\t\t},\n\t}\n\n\tfor _, tt := range tests {\n\t\tt.Run(tt.name, func(t *testing.T) {\n\t\t\tresult, err := BuildPortForwardExpression(tt.portForwards)\n\t\t\tif tt.expectError {\n\t\t\t\tassert.Check(t, err != nil)\n\t\t\t} else {\n\t\t\t\tassert.NilError(t, err)\n\t\t\t\tassert.Equal(t, tt.expected, result)\n\t\t\t}\n\t\t})\n\t}\n}\n\nfunc TestParsePortForward(t *testing.T) {\n\ttests := []struct {\n\t\tname string\n\t\tspec string\n\t\thostPort string\n\t\tguestPort string\n\t\tisStatic bool\n\t\texpectError bool\n\t}{\n\t\t{\n\t\t\tname: \"dynamic port forward\",\n\t\t\tspec: \"8080:80\",\n\t\t\thostPort: \"8080\",\n\t\t\tguestPort: \"80\",\n\t\t\tisStatic: false,\n\t\t},\n\t\t{\n\t\t\tname: \"static port forward\",\n\t\t\tspec: \"8080:80,static=true\",\n\t\t\thostPort: \"8080\",\n\t\t\tguestPort: \"80\",\n\t\t\tisStatic: true,\n\t\t},\n\t\t{\n\t\t\tname: \"whitespace handling\",\n\t\t\tspec: \" 8080 : 80 , static=true \",\n\t\t\thostPort: \"8080\",\n\t\t\tguestPort: \"80\",\n\t\t\tisStatic: true,\n\t\t},\n\t\t{\n\t\t\tname: \"invalid format - missing colon\",\n\t\t\tspec: \"8080\",\n\t\t\texpectError: true,\n\t\t},\n\t\t{\n\t\t\tname: \"invalid format - too many colons\",\n\t\t\tspec: \"8080:80:extra\",\n\t\t\texpectError: true,\n\t\t},\n\t\t{\n\t\t\tname: \"invalid parameter\",\n\t\t\tspec: \"8080:80,invalid=true\",\n\t\t\texpectError: true,\n\t\t},\n\t\t{\n\t\t\tname: \"too many parameters\",\n\t\t\tspec: \"8080:80,static=true,extra=value\",\n\t\t\texpectError: true,\n\t\t},\n\t}\n\n\tfor _, tt := range tests {\n\t\tt.Run(tt.name, func(t *testing.T) {\n\t\t\thostPort, guestPort, isStatic, err := ParsePortForward(tt.spec)\n\t\t\tif tt.expectError {\n\t\t\t\tassert.Check(t, err != nil)\n\t\t\t} else {\n\t\t\t\tassert.NilError(t, err)\n\t\t\t\tassert.Equal(t, tt.hostPort, hostPort)\n\t\t\t\tassert.Equal(t, tt.guestPort, guestPort)\n\t\t\t\tassert.Equal(t, tt.isStatic, isStatic)\n\t\t\t}\n\t\t})\n\t}\n}\n\nfunc TestYQExpressions(t *testing.T) {\n\texpand := func(s string) string {\n\t\ts, err := localpathutil.Expand(s)\n\t\tassert.NilError(t, err)\n\t\t// `D:\\foo` -> `D:\\\\foo` (appears in YAML)\n\t\ts = strings.ReplaceAll(s, \"\\\\\", \"\\\\\\\\\")\n\t\treturn s\n\t}\n\ttests := []struct {\n\t\tname string\n\t\targs []string\n\t\tnewInstance bool\n\t\texpected []string\n\t\texpectError string\n\t}{\n\t\t{\n\t\t\tname: \"mount\",\n\t\t\targs: []string{\"--mount\", \"/foo\", \"--mount\", \"./bar:w\"},\n\t\t\tnewInstance: false,\n\t\t\texpected: []string{`.mounts = [{\"location\": \"` + expand(\"./bar\") + `\", \"mountPoint\": \"` + expand(\"./bar\") + `\", \"writable\": true},{\"location\": \"` + expand(\"/foo\") + `\", \"mountPoint\": \"` + expand(\"/foo\") + `\", \"writable\": false}] + .mounts`},\n\t\t},\n\t\t{\n\t\t\tname: \"mount-only\",\n\t\t\targs: []string{\"--mount-only\", \"/foo\", \"--mount-only\", \"/bar:w\"},\n\t\t\tnewInstance: false,\n\t\t\texpected: []string{`.mounts = [{\"location\": \"` + expand(\"/foo\") + `\", \"mountPoint\": \"` + expand(\"/foo\") + `\", \"writable\": false},{\"location\": \"` + expand(\"/bar\") + `\", \"mountPoint\": \"` + expand(\"/bar\") + `\", \"writable\": true}]`},\n\t\t},\n\t\t{\n\t\t\tname: \"mixture of mount and mount-only\",\n\t\t\targs: []string{\"--mount\", \"/foo\", \"--mount-only\", \"/bar:w\"},\n\t\t\tnewInstance: false,\n\t\t\texpectError: \"flag `--mount` conflicts with `--mount-only`\",\n\t\t},\n\t\t{\n\t\t\tname: \"dns\",\n\t\t\targs: []string{\"--dns\", \"8.8.8.8\", \"--dns\", \"8.8.4.4\", \"--dns\", \"1.1.1.1\"},\n\t\t\tnewInstance: false,\n\t\t\texpected: []string{`.dns += [\"8.8.8.8\",\"8.8.4.4\",\"1.1.1.1\"] | .dns |= unique | .hostResolver.enabled=false`},\n\t\t},\n\t\t{\n\t\t\tname: \"network vzNAT\",\n\t\t\targs: []string{\"--network\", \"vzNAT\"},\n\t\t\tnewInstance: true,\n\t\t\texpected: []string{`.networks += [{\"vzNAT\": true}] | .networks |= unique_by(.lima)`},\n\t\t},\n\t\t{\n\t\t\tname: \"network lima:shared\",\n\t\t\targs: []string{\"--network\", \"lima:shared\"},\n\t\t\tnewInstance: true,\n\t\t\texpected: []string{`.networks += [{\"lima\": \"shared\"}] | .networks |= unique_by(.lima)`},\n\t\t},\n\t\t{\n\t\t\tname: \"multiple networks\",\n\t\t\targs: []string{\"--network\", \"vzNAT\", \"--network\", \"lima:shared\", \"--network\", \"lima:bridged\"},\n\t\t\tnewInstance: true,\n\t\t\texpected: []string{`.networks += [{\"vzNAT\": true},{\"lima\": \"shared\"},{\"lima\": \"bridged\"}] | .networks |= unique_by(.lima)`},\n\t\t},\n\t\t{\n\t\t\tname: \"nested-virt\",\n\t\t\targs: []string{\"--nested-virt\"},\n\t\t\tnewInstance: false,\n\t\t\texpected: []string{`.nestedVirtualization = true`},\n\t\t},\n\t\t{\n\t\t\tname: \"invalid network\",\n\t\t\targs: []string{\"--network\", \"invalid\"},\n\t\t\tnewInstance: true,\n\t\t\texpectError: `network name must be \"vzNAT\" or \"lima:*\", got \"invalid\"`,\n\t\t},\n\t}\n\tfor _, tt := range tests {\n\t\tt.Run(tt.name, func(t *testing.T) {\n\t\t\tcmd := &cobra.Command{}\n\t\t\tRegisterEdit(cmd, \"\")\n\t\t\tassert.NilError(t, cmd.ParseFlags(tt.args))\n\t\t\texpr, err := YQExpressions(cmd.Flags(), tt.newInstance)\n\t\t\tif tt.expectError != \"\" {\n\t\t\t\tassert.ErrorContains(t, err, tt.expectError)\n\t\t\t} else {\n\t\t\t\tassert.NilError(t, err)\n\t\t\t\tassert.DeepEqual(t, tt.expected, expr)\n\t\t\t}\n\t\t})\n\t}\n}\n" }, { "path": "cmd/limactl/factory-reset.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/cidata\"\n\t\"github.com/lima-vm/lima/v2/pkg/instance\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/filenames\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n)\n\nfunc newFactoryResetCommand() *cobra.Command {\n\tresetCommand := &cobra.Command{\n\t\tUse: \"factory-reset INSTANCE\",\n\t\tShort: \"Factory reset an instance of Lima\",\n\t\tArgs: WrapArgsError(cobra.MaximumNArgs(1)),\n\t\tRunE: factoryResetAction,\n\t\tValidArgsFunction: factoryResetBashComplete,\n\t\tGroupID: advancedCommand,\n\t}\n\treturn resetCommand\n}\n\nfunc factoryResetAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tinstName := DefaultInstanceName\n\tif len(args) > 0 {\n\t\tinstName = args[0]\n\t}\n\n\tinst, err := store.Inspect(ctx, instName)\n\tif err != nil {\n\t\tif errors.Is(err, os.ErrNotExist) {\n\t\t\tlogrus.Infof(\"Instance %q not found\", instName)\n\t\t\treturn nil\n\t\t}\n\t\treturn err\n\t}\n\tif inst.Protected {\n\t\treturn errors.New(\"instance is protected to prohibit accidental factory-reset (Hint: use `limactl unprotect`)\")\n\t}\n\n\tinstance.StopForcibly(inst)\n\n\tfi, err := os.ReadDir(inst.Dir)\n\tif err != nil {\n\t\treturn err\n\t}\n\tretain := map[string]struct{}{\n\t\tfilenames.LimaVersion: {},\n\t\tfilenames.Protected: {},\n\t\tfilenames.VzIdentifier: {},\n\t}\n\tfor _, f := range fi {\n\t\tpath := filepath.Join(inst.Dir, f.Name())\n\t\tif _, ok := retain[f.Name()]; !ok && !strings.HasSuffix(path, \".yaml\") && !strings.HasSuffix(path, \".yml\") {\n\t\t\tlogrus.Infof(\"Removing %q\", path)\n\t\t\tif err := os.Remove(path); err != nil {\n\t\t\t\tlogrus.Error(err)\n\t\t\t}\n\t\t}\n\t}\n\t// Regenerate the cloud-config.yaml, to reflect any changes to the global _config\n\tif err := cidata.GenerateCloudConfig(ctx, inst.Dir, instName, inst.Config); err != nil {\n\t\tlogrus.Error(err)\n\t}\n\n\tlogrus.Infof(\"Instance %q has been factory reset\", instName)\n\treturn nil\n}\n\nfunc factoryResetBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n" }, { "path": "cmd/limactl/gendoc.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\t\"io/fs\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/cpuguy83/go-md2man/v2/md2man\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\t\"github.com/spf13/cobra/doc\"\n)\n\nfunc newGenDocCommand() *cobra.Command {\n\tgenmanCommand := &cobra.Command{\n\t\tUse: \"generate-doc DIR\",\n\t\tShort: \"Generate cli-reference pages\",\n\t\tArgs: WrapArgsError(cobra.MinimumNArgs(1)),\n\t\tRunE: gendocAction,\n\t\tHidden: true,\n\t}\n\tgenmanCommand.Flags().String(\"type\", \"man\", \"Output type (man, docsy)\")\n\tgenmanCommand.Flags().String(\"output\", \"\", \"Output directory\")\n\tgenmanCommand.Flags().String(\"prefix\", \"\", \"Install prefix\")\n\treturn genmanCommand\n}\n\nfunc gendocAction(cmd *cobra.Command, args []string) error {\n\toutput, err := cmd.Flags().GetString(\"output\")\n\tif err != nil {\n\t\treturn err\n\t}\n\toutput, err = filepath.Abs(output)\n\tif err != nil {\n\t\treturn err\n\t}\n\tprefix, err := cmd.Flags().GetString(\"prefix\")\n\tif err != nil {\n\t\treturn err\n\t}\n\toutputType, err := cmd.Flags().GetString(\"type\")\n\tif err != nil {\n\t\treturn err\n\t}\n\thomeDir, err := os.UserHomeDir()\n\tif err != nil {\n\t\treturn err\n\t}\n\tdir := args[0]\n\tswitch outputType {\n\tcase \"man\":\n\t\tif err := genMan(cmd, dir); err != nil {\n\t\t\treturn err\n\t\t}\n\tcase \"docsy\":\n\t\tif err := genDocsy(cmd, dir); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\tif output != \"\" && prefix != \"\" {\n\t\tif err := replaceAll(dir, output, prefix); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\treturn replaceAll(dir, homeDir, \"~\")\n}\n\nfunc genMan(cmd *cobra.Command, dir string) error {\n\tlogrus.Infof(\"Generating man %q\", dir)\n\t// lima(1)\n\tfilePath := filepath.Join(dir, \"lima.1\")\n\tmd := \"LIMA 1\\n======\" + `\n# NAME\nlima - ` + cmd.Root().Short + `\n# SYNOPSIS\n**lima** [_COMMAND_...]\n# DESCRIPTION\nlima is an alias for \"limactl shell default\".\nThe instance name (\"default\") can be changed by specifying $LIMA_INSTANCE.\n\nThe shell and initial workdir inside the instance can be specified via $LIMA_SHELL\nand $LIMA_WORKDIR.\n# SEE ALSO\n**limactl**(1)\n`\n\tout := md2man.Render([]byte(md))\n\tif err := os.WriteFile(filePath, out, 0o644); err != nil {\n\t\treturn err\n\t}\n\t// limactl(1)\n\theader := &doc.GenManHeader{\n\t\tTitle: \"LIMACTL\",\n\t\tSection: \"1\",\n\t}\n\treturn doc.GenManTree(cmd.Root(), header, dir)\n}\n\nfunc escapeMarkdown(text string) string {\n\tlines := strings.Split(text, \"\\n\")\n\tfor i := range lines {\n\t\t// Need to escape backticks first, before adding more\n\t\tfor c := range strings.SplitSeq(\"\\\\`*_[]()#+-.|\", \"\") {\n\t\t\tlines[i] = strings.ReplaceAll(lines[i], c, \"\\\\\"+c)\n\t\t}\n\t\tif i < len(lines)-1 {\n\t\t\tif lines[i] != \"\" && lines[i+1] != \"\" {\n\t\t\t\tlines[i] += \" \" // line break\n\t\t\t}\n\t\t}\n\t}\n\treturn strings.Join(lines, \"\\n\")\n}\n\nfunc genDocsy(cmd *cobra.Command, dir string) error {\n\tfor _, c := range cmd.Root().Commands() {\n\t\tc.Long = escapeMarkdown(c.Long)\n\t}\n\treturn doc.GenMarkdownTreeCustom(cmd.Root(), dir, func(s string) string {\n\t\t// Replace limactl_completion_bash to completion bash for docsy title\n\t\tname := filepath.Base(s)\n\t\tname = strings.ReplaceAll(name, \"limactl_\", \"\")\n\t\tname = strings.ReplaceAll(name, \"_\", \" \")\n\t\tname = strings.TrimSuffix(name, filepath.Ext(name))\n\t\treturn fmt.Sprintf(`---\ntitle: %s\nweight: 3\n---\n`, name)\n\t}, func(s string) string {\n\t\t// Use ../ for move one folder up for docsy\n\t\treturn \"../\" + strings.TrimSuffix(s, filepath.Ext(s))\n\t})\n}\n\n// replaceAll replaces all occurrences of text with replacement, for all files in dir.\nfunc replaceAll(dir, text, replacement string) error {\n\tlogrus.Infof(\"Replacing %q with %q\", text, replacement)\n\treturn filepath.Walk(dir, func(path string, info fs.FileInfo, err error) error {\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tif path == dir {\n\t\t\treturn nil\n\t\t}\n\t\tif info.IsDir() {\n\t\t\treturn filepath.SkipDir\n\t\t}\n\t\tin, err := os.ReadFile(path)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tout := bytes.ReplaceAll(in, []byte(text), []byte(replacement))\n\t\terr = os.WriteFile(path, out, 0o644)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n" }, { "path": "cmd/limactl/genschema.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/invopop/jsonschema\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\torderedmap \"github.com/wk8/go-ordered-map/v2\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/jsonschemautil\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n)\n\nfunc newGenSchemaCommand() *cobra.Command {\n\tgenschemaCommand := &cobra.Command{\n\t\tUse: \"generate-jsonschema\",\n\t\tShort: \"Generate json-schema document\",\n\t\tArgs: WrapArgsError(cobra.ArbitraryArgs),\n\t\tRunE: genschemaAction,\n\t\tHidden: true,\n\t}\n\tgenschemaCommand.Flags().String(\"schemafile\", \"\", \"Output file\")\n\treturn genschemaCommand\n}\n\nfunc toAny(args []string) []any {\n\tresult := []any{nil}\n\tfor _, arg := range args {\n\t\tresult = append(result, arg)\n\t}\n\treturn result\n}\n\nfunc getProp(props *orderedmap.OrderedMap[string, *jsonschema.Schema], key string) *jsonschema.Schema {\n\tvalue, ok := props.Get(key)\n\tif !ok {\n\t\treturn nil\n\t}\n\treturn value\n}\n\nfunc genschemaAction(cmd *cobra.Command, args []string) error {\n\tfile, err := cmd.Flags().GetString(\"schemafile\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tschema := jsonschema.Reflect(&limatype.LimaYAML{})\n\t// allow Disk to be either string (name) or object (struct)\n\tschema.Definitions[\"Disk\"].Type = \"\" // was: \"object\"\n\tschema.Definitions[\"Disk\"].OneOf = []*jsonschema.Schema{\n\t\t{Type: \"string\"},\n\t\t{Type: \"object\"},\n\t}\n\t// allow BaseTemplates to be either string (url) or array (array)\n\tschema.Definitions[\"BaseTemplates\"].Type = \"\" // was: \"array\"\n\tschema.Definitions[\"BaseTemplates\"].OneOf = []*jsonschema.Schema{\n\t\t{Type: \"string\"},\n\t\t{Type: \"array\"},\n\t}\n\t// allow LocatorWithDigest to be either string (url) or object (struct)\n\tschema.Definitions[\"LocatorWithDigest\"].Type = \"\" // was: \"object\"\n\tschema.Definitions[\"LocatorWithDigest\"].OneOf = []*jsonschema.Schema{\n\t\t{Type: \"string\"},\n\t\t{Type: \"object\"},\n\t}\n\tproperties := schema.Definitions[\"LimaYAML\"].Properties\n\tgetProp(properties, \"os\").Enum = toAny(limatype.OSTypes)\n\tgetProp(properties, \"arch\").Enum = toAny(limatype.ArchTypes)\n\tgetProp(properties, \"mountType\").Enum = toAny(limatype.MountTypes)\n\tgetProp(properties, \"vmType\").Enum = toAny(limatype.VMTypes)\n\tj, err := json.MarshalIndent(schema, \"\", \" \")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif len(args) == 0 {\n\t\t_, err = fmt.Fprintln(cmd.OutOrStdout(), string(j))\n\t\treturn err\n\t}\n\n\tif file == \"\" {\n\t\treturn errors.New(\"need --schemafile to validate\")\n\t}\n\terr = os.WriteFile(file, j, 0o644)\n\tif err != nil {\n\t\treturn err\n\t}\n\tfor _, f := range args {\n\t\terr = jsonschemautil.Validate(file, f)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"%q: %w\", f, err)\n\t\t}\n\t\tlogrus.Infof(\"%q: OK\", f)\n\t}\n\n\treturn err\n}\n" }, { "path": "cmd/limactl/guest-install.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"bytes\"\n\t\"compress/gzip\"\n\t\"context\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/cacheutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/filenames\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n\t\"github.com/lima-vm/lima/v2/pkg/usrlocal\"\n)\n\nfunc newGuestInstallCommand() *cobra.Command {\n\tguestInstallCommand := &cobra.Command{\n\t\tUse: \"guest-install INSTANCE\",\n\t\tShort: \"Install guest components\",\n\t\tArgs: WrapArgsError(cobra.MaximumNArgs(1)),\n\t\tRunE: guestInstallAction,\n\t\tValidArgsFunction: cobra.NoFileCompletions,\n\t\tHidden: true,\n\t}\n\treturn guestInstallCommand\n}\n\nfunc runCmd(ctx context.Context, name string, flags []string, args ...string) error {\n\tcmd := exec.CommandContext(ctx, name, append(flags, args...)...)\n\tcmd.Stdout = os.Stdout\n\tcmd.Stderr = os.Stderr\n\tlogrus.Debugf(\"executing %v\", cmd.Args)\n\treturn cmd.Run()\n}\n\nfunc shell(ctx context.Context, name string, flags []string, args ...string) (string, error) {\n\tcmd := exec.CommandContext(ctx, name, append(flags, args...)...)\n\tout, err := cmd.Output()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\tout = bytes.TrimSuffix(out, []byte{'\\n'})\n\treturn string(out), nil\n}\n\nfunc guestInstallAction(cmd *cobra.Command, args []string) error {\n\tinstName := DefaultInstanceName\n\tif len(args) > 0 {\n\t\tinstName = args[0]\n\t}\n\n\tinst, err := store.Inspect(cmd.Context(), instName)\n\tif err != nil {\n\t\treturn err\n\t}\n\tif inst.Status == limatype.StatusStopped {\n\t\treturn fmt.Errorf(\"instance %q is stopped, run `limactl start %s` to start the instance\", instName, instName)\n\t}\n\n\tctx := cmd.Context()\n\n\tsshExe := \"ssh\"\n\tsshConfig := filepath.Join(inst.Dir, filenames.SSHConfig)\n\tsshFlags := []string{\"-F\", sshConfig}\n\n\tscpExe := \"scp\"\n\tscpFlags := sshFlags\n\n\thostname := fmt.Sprintf(\"lima-%s\", inst.Name)\n\tprefix := *inst.Config.GuestInstallPrefix\n\n\t// lima-guestagent\n\tguestAgentBinary, err := usrlocal.GuestAgentBinary(*inst.Config.OS, *inst.Config.Arch)\n\tif err != nil {\n\t\treturn err\n\t}\n\tguestAgentFilename := filepath.Base(guestAgentBinary)\n\tif filepath.Ext(guestAgentBinary) == \".gz\" {\n\t\tcompressedGuestAgent, err := os.Open(guestAgentBinary)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefer compressedGuestAgent.Close()\n\t\ttmpGuestAgent, err := os.CreateTemp(\"\", \"lima-guestagent-\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlogrus.Debugf(\"Decompressing %s\", guestAgentBinary)\n\t\tguestAgent, err := gzip.NewReader(compressedGuestAgent)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefer guestAgent.Close()\n\t\t_, err = io.Copy(tmpGuestAgent, guestAgent)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpGuestAgent.Close()\n\t\tguestAgentBinary = tmpGuestAgent.Name()\n\t\tdefer os.RemoveAll(guestAgentBinary)\n\t\tguestAgentFilename = strings.TrimSuffix(guestAgentFilename, \".gz\")\n\t}\n\ttmpname := \"lima-guestagent\"\n\ttmp, err := shell(ctx, sshExe, sshFlags, hostname, \"mktemp\", \"-t\", \"lima-guestagent.XXXXXX\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tbin := prefix + \"/bin/lima-guestagent\"\n\tlogrus.Infof(\"Copying %q to %s:%s\", guestAgentFilename, inst.Name, tmpname)\n\tscpArgs := []string{guestAgentBinary, hostname + \":\" + tmp}\n\tif err := runCmd(ctx, scpExe, scpFlags, scpArgs...); err != nil {\n\t\treturn nil\n\t}\n\tlogrus.Infof(\"Installing %s to %s\", tmpname, bin)\n\tsshArgs := []string{hostname, \"sudo\", \"install\", \"-m\", \"755\", tmp, bin}\n\tif err := runCmd(ctx, sshExe, sshFlags, sshArgs...); err != nil {\n\t\treturn nil\n\t}\n\t_, _ = shell(ctx, sshExe, sshFlags, hostname, \"rm\", tmp)\n\n\t// nerdctl-full.tgz\n\tnerdctlFilename := cacheutil.NerdctlArchive(inst.Config)\n\tif nerdctlFilename != \"\" {\n\t\tnerdctlArchive, err := cacheutil.EnsureNerdctlArchiveCache(cmd.Context(), inst.Config, false)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpname := \"nerdctl-full.tgz\"\n\t\ttmp, err := shell(ctx, sshExe, sshFlags, hostname, \"mktemp\", \"-t\", \"nerdctl-full.XXXXXX.tgz\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlogrus.Infof(\"Copying %q to %s:%s\", nerdctlFilename, inst.Name, tmpname)\n\t\tscpArgs := []string{nerdctlArchive, hostname + \":\" + tmp}\n\t\tif err := runCmd(ctx, scpExe, scpFlags, scpArgs...); err != nil {\n\t\t\treturn nil\n\t\t}\n\t\tlogrus.Infof(\"Installing %s in %s\", tmpname, prefix)\n\t\tsshArgs := []string{hostname, \"sudo\", \"tar\", \"Cxzf\", prefix, tmp}\n\t\tif err := runCmd(ctx, sshExe, sshFlags, sshArgs...); err != nil {\n\t\t\treturn nil\n\t\t}\n\t\t_, _ = shell(ctx, sshExe, sshFlags, hostname, \"rm\", tmp)\n\t}\n\n\treturn nil\n}\n" }, { "path": "cmd/limactl/hostagent.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"net\"\n\t\"net/http\"\n\t\"os\"\n\t\"os/signal\"\n\t\"runtime\"\n\t\"strconv\"\n\t\"syscall\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/hostagent\"\n\t\"github.com/lima-vm/lima/v2/pkg/hostagent/api/server\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n)\n\nfunc newHostagentCommand() *cobra.Command {\n\thostagentCommand := &cobra.Command{\n\t\tUse: \"hostagent INSTANCE\",\n\t\tShort: \"Run hostagent\",\n\t\tArgs: WrapArgsError(cobra.ExactArgs(1)),\n\t\tRunE: hostagentAction,\n\t\tHidden: true,\n\t}\n\thostagentCommand.Flags().StringP(\"pidfile\", \"p\", \"\", \"Write PID to file\")\n\thostagentCommand.Flags().String(\"socket\", \"\", \"Path of hostagent socket\")\n\thostagentCommand.Flags().Bool(\"run-gui\", false, \"Run GUI synchronously within hostagent\")\n\thostagentCommand.Flags().String(\"guestagent\", \"\", \"Local file path (not URL) of lima-guestagent.OS-ARCH[.gz]\")\n\thostagentCommand.Flags().String(\"nerdctl-archive\", \"\", \"Local file path (not URL) of nerdctl-full-VERSION-GOOS-GOARCH.tar.gz\")\n\thostagentCommand.Flags().Bool(\"progress\", false, \"Show provision script progress by monitoring cloud-init logs\")\n\treturn hostagentCommand\n}\n\nfunc hostagentAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tpidfile, err := cmd.Flags().GetString(\"pidfile\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif pidfile != \"\" {\n\t\tif existingPID, err := store.ReadPIDFile(pidfile); existingPID != 0 {\n\t\t\treturn fmt.Errorf(\"another hostagent may already be running with pid %d (pidfile %q)\", existingPID, pidfile)\n\t\t} else if err != nil {\n\t\t\treturn fmt.Errorf(\"failed to determine if another hostagent is running: %w\", err)\n\t\t}\n\t\tif err := os.WriteFile(pidfile, []byte(strconv.Itoa(os.Getpid())+\"\\n\"), 0o644); err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefer os.RemoveAll(pidfile)\n\t}\n\tsocket, err := cmd.Flags().GetString(\"socket\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif socket == \"\" {\n\t\treturn errors.New(\"socket must be specified (limactl version mismatch?)\")\n\t}\n\n\tinstName := args[0]\n\n\trunGUI, err := cmd.Flags().GetBool(\"run-gui\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif runGUI {\n\t\t// Without this the call to vz.RunGUI fails. Adding it here, as this has to be called before the vz cgo loads.\n\t\truntime.LockOSThread()\n\t\tdefer runtime.UnlockOSThread()\n\t}\n\n\tsignalCh := make(chan os.Signal, 1)\n\tsignal.Notify(signalCh, os.Interrupt, syscall.SIGTERM)\n\n\tstdout := &syncWriter{w: cmd.OutOrStdout()}\n\tstderr := &syncWriter{w: cmd.ErrOrStderr()}\n\n\tinitLogrus(stderr)\n\tvar opts []hostagent.Opt\n\tguestagentBinary, err := cmd.Flags().GetString(\"guestagent\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif guestagentBinary != \"\" {\n\t\topts = append(opts, hostagent.WithGuestAgentBinary(guestagentBinary))\n\t}\n\tnerdctlArchive, err := cmd.Flags().GetString(\"nerdctl-archive\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif nerdctlArchive != \"\" {\n\t\topts = append(opts, hostagent.WithNerdctlArchive(nerdctlArchive))\n\t}\n\tshowProgress, err := cmd.Flags().GetBool(\"progress\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif showProgress {\n\t\topts = append(opts, hostagent.WithCloudInitProgress(showProgress))\n\t}\n\tha, err := hostagent.New(ctx, instName, stdout, signalCh, opts...)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tbackend := &server.Backend{\n\t\tAgent: ha,\n\t}\n\tr := http.NewServeMux()\n\tserver.AddRoutes(r, backend)\n\tsrv := &http.Server{Handler: r}\n\terr = os.RemoveAll(socket)\n\tif err != nil {\n\t\treturn err\n\t}\n\tvar lc net.ListenConfig\n\tl, err := lc.Listen(ctx, \"unix\", socket)\n\tlogrus.Infof(\"hostagent socket created at %s\", socket)\n\tif err != nil {\n\t\treturn err\n\t}\n\tgo func() {\n\t\tif serveErr := srv.Serve(l); serveErr != http.ErrServerClosed {\n\t\t\tlogrus.WithError(serveErr).Warn(\"hostagent API server exited with an error\")\n\t\t}\n\t}()\n\tdefer srv.Close()\n\treturn ha.Run(cmd.Context())\n}\n\n// syncer is implemented by *os.File.\ntype syncer interface {\n\tSync() error\n}\n\ntype syncWriter struct {\n\tw io.Writer\n}\n\nfunc (w *syncWriter) Write(p []byte) (int, error) {\n\twritten, err := w.w.Write(p)\n\tif err == nil {\n\t\tif s, ok := w.w.(syncer); ok {\n\t\t\t_ = s.Sync()\n\t\t}\n\t}\n\treturn written, err\n}\n\nfunc initLogrus(stderr io.Writer) {\n\tlogrus.SetOutput(stderr)\n\t// JSON logs are parsed in pkg/hostagent/events.Watcher()\n\tlogrus.SetFormatter(new(logrus.JSONFormatter))\n\t// HostAgent logging is one level more verbose than the start command itself\n\tif logrus.GetLevel() == logrus.DebugLevel {\n\t\tlogrus.SetLevel(logrus.TraceLevel)\n\t} else {\n\t\tlogrus.SetLevel(logrus.DebugLevel)\n\t}\n}\n" }, { "path": "cmd/limactl/info.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/mikefarah/yq/v4/pkg/yqlib\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/limainfo\"\n\t\"github.com/lima-vm/lima/v2/pkg/uiutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/yqutil\"\n)\n\nfunc newInfoCommand() *cobra.Command {\n\tinfoCommand := &cobra.Command{\n\t\tUse: \"info\",\n\t\tShort: \"Show diagnostic information\",\n\t\tArgs: WrapArgsError(cobra.NoArgs),\n\t\tRunE: infoAction,\n\t\tGroupID: advancedCommand,\n\t}\n\tinfoCommand.Flags().String(\"yq\", \".\", \"Apply yq expression to output\")\n\n\treturn infoCommand\n}\n\nfunc infoAction(cmd *cobra.Command, _ []string) error {\n\tctx := cmd.Context()\n\n\tyq, err := cmd.Flags().GetString(\"yq\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tinfo, err := limainfo.New(ctx)\n\tif err != nil {\n\t\treturn err\n\t}\n\tj, err := json.MarshalIndent(info, \"\", \" \")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tencoderPrefs := yqlib.ConfiguredJSONPreferences.Copy()\n\tencoderPrefs.Indent = 4\n\tencoderPrefs.ColorsEnabled = uiutil.OutputIsTTY(cmd.OutOrStdout())\n\tencoder := yqlib.NewJSONEncoder(encoderPrefs)\n\tstr, err := yqutil.EvaluateExpressionWithEncoder(yq, string(j), encoder)\n\tif err == nil {\n\t\t_, err = fmt.Fprint(cmd.OutOrStdout(), str)\n\t}\n\treturn err\n}\n" }, { "path": "cmd/limactl/list.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"bufio\"\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"reflect\"\n\t\"slices\"\n\t\"strings\"\n\n\t\"github.com/cheggaaa/pb/v3/termutil\"\n\t\"github.com/mikefarah/yq/v4/pkg/yqlib\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n\t\"github.com/lima-vm/lima/v2/pkg/uiutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/yqutil\"\n)\n\nfunc fieldNames() []string {\n\tnames := []string{}\n\tt := reflect.TypeFor[store.FormatData]()\n\tfor i := range t.NumField() {\n\t\tf := t.Field(i)\n\t\tif f.Anonymous {\n\t\t\tfor j := range f.Type.NumField() {\n\t\t\t\tif tag := f.Tag.Get(\"lima\"); tag != \"deprecated\" {\n\t\t\t\t\tnames = append(names, f.Type.Field(j).Name)\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tif tag := f.Tag.Get(\"lima\"); tag != \"deprecated\" {\n\t\t\t\tnames = append(names, t.Field(i).Name)\n\t\t\t}\n\t\t}\n\t}\n\treturn names\n}\n\nfunc newListCommand() *cobra.Command {\n\tlistCommand := &cobra.Command{\n\t\tUse: \"list [flags] [INSTANCE]...\",\n\t\tAliases: []string{\"ls\"},\n\t\tShort: \"List instances of Lima\",\n\t\tLong: `List instances of Lima.\n\nThe output can be presented in one of several formats, using the --format flag.\n\n --format json - Output in JSON format\n --format yaml - Output in YAML format\n --format table - Output in table format\n --format '{{ }}' - If the format begins and ends with '{{ }}', then it is used as a go template.\n\nFiltering instances:\n --filter EXPR - Filter instances using yq expression (this is equivalent to --yq 'select(EXPR)')\n Can be specified multiple times (combined with AND logic) and it works with all output formats.\n Examples:\n --filter '.status == \"Running\"'\n --filter '.vmType == \"vz\"'\n --filter '.status == \"Running\"' --filter '.vmType == \"vz\"' (Same as AND)\n` + store.FormatHelp + `\nThe following legacy flags continue to function:\n --json - equal to '--format json'`,\n\t\tArgs: WrapArgsError(cobra.ArbitraryArgs),\n\t\tRunE: listAction,\n\t\tValidArgsFunction: listBashComplete,\n\t\tGroupID: basicCommand,\n\t}\n\n\tlistCommand.Flags().StringP(\"format\", \"f\", \"table\", \"Output format, one of: json, yaml, table, go-template\")\n\tlistCommand.Flags().Bool(\"list-fields\", false, \"List fields available for format\")\n\tlistCommand.Flags().Bool(\"json\", false, \"Same as --format=json\")\n\tlistCommand.Flags().BoolP(\"quiet\", \"q\", false, \"Only show names\")\n\tlistCommand.Flags().Bool(\"all-fields\", false, \"Show all fields\")\n\tlistCommand.Flags().StringArray(\"yq\", nil, \"Apply yq expression to each instance\")\n\tlistCommand.Flags().StringArrayP(\"filter\", \"l\", nil, \"Filter instances using yq expression (equivalent to --yq 'select(EXPR)')\")\n\n\treturn listCommand\n}\n\nfunc instanceMatches(arg string, instances []string) []string {\n\tmatches := []string{}\n\tfor _, instance := range instances {\n\t\tif instance == arg {\n\t\t\tmatches = append(matches, instance)\n\t\t}\n\t}\n\treturn matches\n}\n\n// unmatchedInstancesError is created when unmatched instance names found.\ntype unmatchedInstancesError struct{}\n\n// Error implements error.\nfunc (unmatchedInstancesError) Error() string {\n\treturn \"unmatched instances\"\n}\n\n// ExitCode implements ExitCoder.\nfunc (unmatchedInstancesError) ExitCode() int {\n\treturn 1\n}\n\nfunc listAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tquiet, err := cmd.Flags().GetBool(\"quiet\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tformat, err := cmd.Flags().GetString(\"format\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tlistFields, err := cmd.Flags().GetBool(\"list-fields\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tjsonFormat, err := cmd.Flags().GetBool(\"json\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tyq, err := cmd.Flags().GetStringArray(\"yq\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tfilter, err := cmd.Flags().GetStringArray(\"filter\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif jsonFormat {\n\t\tformat = \"json\"\n\t}\n\n\t// conflicts\n\tif jsonFormat && cmd.Flags().Changed(\"format\") {\n\t\treturn errors.New(\"option --json conflicts with option --format\")\n\t}\n\tif listFields && cmd.Flags().Changed(\"format\") {\n\t\treturn errors.New(\"option --list-fields conflicts with option --format\")\n\t}\n\tif len(yq) != 0 {\n\t\tif cmd.Flags().Changed(\"format\") && format != \"json\" && format != \"yaml\" {\n\t\t\treturn errors.New(\"option --yq only works with --format json or yaml\")\n\t\t}\n\t\tif listFields {\n\t\t\treturn errors.New(\"option --list-fields conflicts with option --yq\")\n\t\t}\n\t}\n\tif len(filter) != 0 {\n\t\tif listFields {\n\t\t\treturn errors.New(\"option --list-fields conflicts with option --filter\")\n\t\t}\n\t}\n\n\tif quiet && format != \"table\" {\n\t\treturn errors.New(\"option --quiet can only be used with '--format table'\")\n\t}\n\n\tif listFields {\n\t\tnames := fieldNames()\n\t\tslices.Sort(names)\n\t\tfmt.Fprintln(cmd.OutOrStdout(), strings.Join(names, \"\\n\"))\n\t\treturn nil\n\t}\n\n\tif err := store.Validate(); err != nil {\n\t\tlogrus.Warnf(\"The directory %q does not look like a valid Lima directory: %v\", store.Directory(), err)\n\t}\n\n\tallInstances, err := store.Instances()\n\tif err != nil {\n\t\treturn err\n\t}\n\tif len(args) == 0 && len(allInstances) == 0 {\n\t\tlogrus.Warn(\"No instance found. Run `limactl create` to create an instance.\")\n\t\treturn nil\n\t}\n\n\tinstanceNames := []string{}\n\tunmatchedInstances := false\n\tif len(args) > 0 {\n\t\tfor _, arg := range args {\n\t\t\tmatches := instanceMatches(arg, allInstances)\n\t\t\tif len(matches) > 0 {\n\t\t\t\tinstanceNames = append(instanceNames, matches...)\n\t\t\t} else {\n\t\t\t\tlogrus.Warnf(\"No instance matching %v found.\", arg)\n\t\t\t\tunmatchedInstances = true\n\t\t\t}\n\t\t}\n\t} else {\n\t\tinstanceNames = allInstances\n\t}\n\n\tif quiet && len(yq) == 0 && len(filter) == 0 {\n\t\tfor _, instName := range instanceNames {\n\t\t\tfmt.Fprintln(cmd.OutOrStdout(), instName)\n\t\t}\n\t\tif unmatchedInstances {\n\t\t\treturn unmatchedInstancesError{}\n\t\t}\n\t\treturn nil\n\t}\n\n\t// get the state and config for all the requested instances\n\tvar instances []*limatype.Instance\n\tfor _, instanceName := range instanceNames {\n\t\tinstance, err := store.Inspect(ctx, instanceName)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"unable to load instance %s: %w\", instanceName, err)\n\t\t}\n\t\tinstances = append(instances, instance)\n\t}\n\n\tif len(filter) > 0 {\n\t\tvar filterExprs []string\n\t\tfor _, f := range filter {\n\t\t\tfilterExprs = append(filterExprs, \"select(\"+f+\")\")\n\t\t}\n\t\tinstances, err = filterInstances(instances, filterExprs)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tif quiet && len(yq) == 0 {\n\t\tfor _, instance := range instances {\n\t\t\tfmt.Fprintln(cmd.OutOrStdout(), instance.Name)\n\t\t}\n\t\tif unmatchedInstances {\n\t\t\treturn unmatchedInstancesError{}\n\t\t}\n\t\treturn nil\n\t}\n\n\tfor _, instance := range instances {\n\t\tif len(instance.Errors) > 0 {\n\t\t\tlogrus.WithField(\"errors\", instance.Errors).Warnf(\"instance %q has errors\", instance.Name)\n\t\t}\n\t}\n\n\tallFields, err := cmd.Flags().GetBool(\"all-fields\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\toptions := store.PrintOptions{AllFields: allFields}\n\tisTTY := uiutil.OutputIsTTY(cmd.OutOrStdout())\n\tif isTTY {\n\t\tif w, err := termutil.TerminalWidth(); err == nil {\n\t\t\toptions.TerminalWidth = w\n\t\t}\n\t}\n\n\t// --yq implies --format json unless --format has been explicitly specified\n\tif len(yq) != 0 && !cmd.Flags().Changed(\"format\") {\n\t\tformat = \"json\"\n\t}\n\n\t// Always pipe JSON and YAML through yq to colorize it if isTTY\n\tif len(yq) == 0 && (format == \"json\" || format == \"yaml\") {\n\t\tyq = append(yq, \".\")\n\t}\n\n\tif len(yq) == 0 {\n\t\terr = store.PrintInstances(cmd.OutOrStdout(), instances, format, &options)\n\t\tif err == nil && unmatchedInstances {\n\t\t\treturn unmatchedInstancesError{}\n\t\t}\n\t\treturn err\n\t}\n\n\tif quiet {\n\t\tyq = append(yq, \".name\")\n\t}\n\tyqExpr := strings.Join(yq, \" | \")\n\n\tbuf := new(bytes.Buffer)\n\terr = store.PrintInstances(buf, instances, format, &options)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif format == \"json\" {\n\t\t// The JSON encoder will create empty objects (YAML maps), even when they have the \",omitempty\" tag.\n\t\tdeleteEmptyObjects := `del(.. | select(tag == \"!!map\" and length == 0))`\n\t\tyqExpr += \" | \" + deleteEmptyObjects\n\n\t\tencoderPrefs := yqlib.ConfiguredJSONPreferences.Copy()\n\t\tencoderPrefs.ColorsEnabled = false\n\t\tencoderPrefs.Indent = 0\n\t\tplainEncoder := yqlib.NewJSONEncoder(encoderPrefs)\n\t\t// Using non-0 indent means the instance will be printed over multiple lines,\n\t\t// so is no longer in JSON Lines format. This is a compromise for readability.\n\t\tencoderPrefs.Indent = 4\n\t\tencoderPrefs.ColorsEnabled = true\n\t\tcolorEncoder := yqlib.NewJSONEncoder(encoderPrefs)\n\n\t\t// Each line contains the JSON object for one Lima instance.\n\t\tscanner := bufio.NewScanner(buf)\n\t\tfor scanner.Scan() {\n\t\t\tvar str string\n\t\t\tif str, err = yqutil.EvaluateExpressionWithEncoder(yqExpr, scanner.Text(), plainEncoder); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\t// Repeatedly delete empty objects until there are none left.\n\t\t\tfor {\n\t\t\t\tlength := len(str)\n\t\t\t\tif str, err = yqutil.EvaluateExpressionWithEncoder(deleteEmptyObjects, str, plainEncoder); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t\tif len(str) >= length {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t}\n\t\t\tif isTTY {\n\t\t\t\t// pretty-print and colorize the output\n\t\t\t\tif str, err = yqutil.EvaluateExpressionWithEncoder(\".\", str, colorEncoder); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t}\n\t\t\tif _, err = fmt.Fprint(cmd.OutOrStdout(), str); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\t\terr = scanner.Err()\n\t\tif err == nil && unmatchedInstances {\n\t\t\treturn unmatchedInstancesError{}\n\t\t}\n\t\treturn err\n\t}\n\n\tvar str string\n\tif isTTY {\n\t\t// This branch is trading the better formatting from yamlfmt for colorizing from yqlib.\n\t\tif str, err = yqutil.EvaluateExpressionPlain(yqExpr, buf.String(), true); err != nil {\n\t\t\treturn err\n\t\t}\n\t} else {\n\t\tvar res []byte\n\t\tif res, err = yqutil.EvaluateExpression(yqExpr, buf.Bytes()); err != nil {\n\t\t\treturn err\n\t\t}\n\t\tstr = string(res)\n\t}\n\t_, err = fmt.Fprint(cmd.OutOrStdout(), str)\n\tif err == nil && unmatchedInstances {\n\t\treturn unmatchedInstancesError{}\n\t}\n\treturn err\n}\n\nfunc listBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n\n// filterInstances applies yq expressions to instances and returns the filtered results.\nfunc filterInstances(instances []*limatype.Instance, yqExprs []string) ([]*limatype.Instance, error) {\n\tif len(yqExprs) == 0 {\n\t\treturn instances, nil\n\t}\n\n\t// the yq expression is evaluated with yqutil.EvaluateExpression, which disables environment variable access\n\t// and file operations, mitigating injection attacks like \".name=strenv(SOME_SECRET_ENV)\" which could\n\t// trick Lima into exposing environment variables.\n\tyqExpr := strings.Join(yqExprs, \" | \")\n\n\tvar filteredInstances []*limatype.Instance\n\tfor _, instance := range instances {\n\t\tjsonBytes, err := json.Marshal(instance)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to marshal instance %q: %w\", instance.Name, err)\n\t\t}\n\n\t\tresult, err := yqutil.EvaluateExpression(yqExpr, jsonBytes)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to apply filter %q: %w\", yqExpr, err)\n\t\t}\n\n\t\tif len(bytes.TrimSpace(result)) > 0 {\n\t\t\tfilteredInstances = append(filteredInstances, instance)\n\t\t}\n\t}\n\n\treturn filteredInstances, nil\n}\n" }, { "path": "cmd/limactl/main.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"strings\"\n\n\t\"github.com/mattn/go-isatty\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/cmd/yq\"\n\t\"github.com/lima-vm/lima/v2/pkg/debugutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/driver/external/server\"\n\t\"github.com/lima-vm/lima/v2/pkg/fsutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/dirnames\"\n\t\"github.com/lima-vm/lima/v2/pkg/osutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/plugins\"\n\t\"github.com/lima-vm/lima/v2/pkg/version\"\n)\n\nconst (\n\tDefaultInstanceName = \"default\"\n\tbasicCommand = \"basic\"\n\tadvancedCommand = \"advanced\"\n)\n\nfunc main() {\n\tif os.Geteuid() == 0 && (len(os.Args) < 2 || os.Args[1] != \"generate-doc\") {\n\t\tfmt.Fprint(os.Stderr, \"limactl: must not run as the root user\\n\")\n\t\tos.Exit(1)\n\t}\n\n\tyq.MaybeRunYQ()\n\tif runtime.GOOS == \"windows\" {\n\t\textras, hasExtra := os.LookupEnv(\"_LIMA_WINDOWS_EXTRA_PATH\")\n\t\tif hasExtra && strings.TrimSpace(extras) != \"\" {\n\t\t\tp := os.Getenv(\"PATH\")\n\t\t\terr := os.Setenv(\"PATH\", strings.TrimSpace(extras)+string(filepath.ListSeparator)+p)\n\t\t\tif err != nil {\n\t\t\t\tlogrus.Warning(\"Can't add extras to PATH, relying entirely on system PATH\")\n\t\t\t}\n\t\t}\n\t}\n\terr := newApp().Execute()\n\tserver.StopAllExternalDrivers()\n\tosutil.HandleExitError(err)\n\tif err != nil {\n\t\tlogrus.Fatal(err)\n\t}\n}\n\nfunc processGlobalFlags(rootCmd *cobra.Command) error {\n\t// --log-level will override --debug, but will not reset debugutil.Debug\n\tif debug, _ := rootCmd.Flags().GetBool(\"debug\"); debug {\n\t\tlogrus.SetLevel(logrus.DebugLevel)\n\t\tdebugutil.Debug = true\n\t}\n\n\tl, _ := rootCmd.Flags().GetString(\"log-level\")\n\tif l != \"\" {\n\t\tlvl, err := logrus.ParseLevel(l)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlogrus.SetLevel(lvl)\n\t}\n\n\tlogFormat, _ := rootCmd.Flags().GetString(\"log-format\")\n\tswitch logFormat {\n\tcase \"json\":\n\t\tformatter := new(logrus.JSONFormatter)\n\t\tlogrus.StandardLogger().SetFormatter(formatter)\n\tcase \"text\":\n\t\t// logrus use text format by default.\n\t\tif runtime.GOOS == \"windows\" && isatty.IsCygwinTerminal(os.Stderr.Fd()) {\n\t\t\tformatter := new(logrus.TextFormatter)\n\t\t\t// the default setting does not recognize cygwin on windows\n\t\t\tformatter.ForceColors = true\n\t\t\tlogrus.StandardLogger().SetFormatter(formatter)\n\t\t}\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported log-format: %q\", logFormat)\n\t}\n\treturn nil\n}\n\nfunc newApp() *cobra.Command {\n\ttemplatesDir := \"$PREFIX/share/lima/templates\"\n\tif exe, err := os.Executable(); err == nil {\n\t\tbinDir := filepath.Dir(exe)\n\t\tprefixDir := filepath.Dir(binDir)\n\t\ttemplatesDir = filepath.Join(prefixDir, \"share/lima/templates\")\n\t}\n\n\trootCmd := &cobra.Command{\n\t\tUse: \"limactl\",\n\t\tShort: \"Lima: Linux virtual machines\",\n\t\tVersion: strings.TrimPrefix(version.Version, \"v\"),\n\t\tExample: fmt.Sprintf(` Start the default instance:\n $ limactl start\n\n Open a shell:\n $ lima\n\n Run a container:\n $ lima nerdctl run -d --name nginx -p 8080:80 nginx:alpine\n\n Stop the default instance:\n $ limactl stop\n\n See also template YAMLs: %s`, templatesDir),\n\t\tSilenceUsage: true,\n\t\tSilenceErrors: true,\n\t\tDisableAutoGenTag: true,\n\t}\n\trootCmd.PersistentFlags().String(\"log-level\", \"\", \"Set the logging level [trace, debug, info, warn, error]\")\n\trootCmd.PersistentFlags().String(\"log-format\", \"text\", \"Set the logging format [text, json]\")\n\trootCmd.PersistentFlags().Bool(\"debug\", false, \"Debug mode\")\n\t// TODO: \"survey\" does not support using cygwin terminal on windows yet\n\trootCmd.PersistentFlags().Bool(\"tty\", isatty.IsTerminal(os.Stdout.Fd()), \"Enable TUI interactions such as opening an editor. Defaults to true when stdout is a terminal. Set to false for automation.\")\n\trootCmd.PersistentFlags().BoolP(\"yes\", \"y\", false, \"Alias of --tty=false\")\n\trootCmd.PersistentPreRunE = func(cmd *cobra.Command, _ []string) error {\n\t\tif err := processGlobalFlags(rootCmd); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif osutil.IsBeingRosettaTranslated() && cmd.Parent().Name() != \"completion\" && cmd.Name() != \"generate-doc\" && cmd.Name() != \"validate\" {\n\t\t\t// running under rosetta would provide inappropriate runtime.GOARCH info, see: https://github.com/lima-vm/lima/issues/543\n\t\t\t// allow commands that are used for packaging to run under rosetta to allow cross-architecture builds\n\t\t\treturn errors.New(\"limactl is running under rosetta, please reinstall lima with native arch\")\n\t\t}\n\n\t\t// Make sure either $HOME or $LIMA_HOME is defined, so we don't need\n\t\t// to check for errors later\n\t\tdir, err := dirnames.LimaDir()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnfs, err := fsutil.IsNFS(dir)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tif nfs {\n\t\t\tlogrus.Warn(\"LIMA_HOME should not be on an NFS mount\")\n\t\t}\n\n\t\tif cmd.Flags().Changed(\"yes\") && cmd.Flags().Changed(\"tty\") {\n\t\t\treturn errors.New(\"cannot use both --tty and --yes flags at the same time\")\n\t\t}\n\n\t\tif cmd.Flags().Changed(\"yes\") {\n\t\t\tswitch cmd.Name() {\n\t\t\tcase \"clone\", \"edit\", \"rename\":\n\t\t\t\tlogrus.Warn(\"--yes flag is deprecated (--tty=false is still supported and works in the same way. Also consider using --start)\")\n\t\t\t}\n\n\t\t\t// Sets the value of the yesValue flag by using the yes flag.\n\t\t\tyesValue, _ := cmd.Flags().GetBool(\"yes\")\n\t\t\tif yesValue {\n\t\t\t\t// Sets to the default value false\n\t\t\t\terr := cmd.Flags().Set(\"tty\", \"false\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn nil\n\t}\n\trootCmd.AddGroup(&cobra.Group{ID: \"basic\", Title: \"Basic Commands:\"})\n\trootCmd.AddGroup(&cobra.Group{ID: \"advanced\", Title: \"Advanced Commands:\"})\n\trootCmd.AddGroup(&cobra.Group{ID: \"plugin\", Title: \"Available Plugins (Experimental):\"})\n\n\trootCmd.AddCommand(\n\t\tnewCreateCommand(),\n\t\tnewStartCommand(),\n\t\tnewStopCommand(),\n\t\tnewShellCommand(),\n\t\tnewCopyCommand(),\n\t\tnewListCommand(),\n\t\tnewDeleteCommand(),\n\t\tnewValidateCommand(),\n\t\tnewPruneCommand(),\n\t\tnewHostagentCommand(),\n\t\tnewGuestInstallCommand(),\n\t\tnewInfoCommand(),\n\t\tnewShowSSHCommand(),\n\t\tnewDebugCommand(),\n\t\tnewEditCommand(),\n\t\tnewFactoryResetCommand(),\n\t\tnewDiskCommand(),\n\t\tnewUsernetCommand(),\n\t\tnewGenDocCommand(),\n\t\tnewGenSchemaCommand(),\n\t\tnewSnapshotCommand(),\n\t\tnewProtectCommand(),\n\t\tnewUnprotectCommand(),\n\t\tnewTunnelCommand(),\n\t\tnewTemplateCommand(),\n\t\tnewRestartCommand(),\n\t\tnewSudoersCommand(),\n\t\tnewStartAtLoginCommand(),\n\t\tnewNetworkCommand(),\n\t\tnewCloneCommand(),\n\t\tnewRenameCommand(),\n\t\tnewWatchCommand(),\n\t)\n\taddPluginCommands(rootCmd)\n\n\treturn rootCmd\n}\n\nfunc addPluginCommands(rootCmd *cobra.Command) {\n\t// The global options are only processed when rootCmd.Execute() is called.\n\t// Let's take a sneak peek here to help debug the plugin discovery code.\n\tif len(os.Args) > 1 && os.Args[1] == \"--debug\" {\n\t\tlogrus.SetLevel(logrus.DebugLevel)\n\t}\n\n\tallPlugins, err := plugins.Discover()\n\tif err != nil {\n\t\tlogrus.Warnf(\"Failed to discover plugins: %v\", err)\n\t\treturn\n\t}\n\n\tfor _, plugin := range allPlugins {\n\t\tpluginCmd := &cobra.Command{\n\t\t\tUse: plugin.Name,\n\t\t\tShort: plugin.Description,\n\t\t\tGroupID: \"plugin\",\n\t\t\tDisableFlagParsing: true,\n\t\t\tSilenceErrors: true,\n\t\t\tSilenceUsage: true,\n\t\t\tPreRunE: func(*cobra.Command, []string) error {\n\t\t\t\tfor i, arg := range os.Args {\n\t\t\t\t\tif arg == plugin.Name {\n\t\t\t\t\t\t// parse global options but ignore plugin options\n\t\t\t\t\t\terr := rootCmd.ParseFlags(os.Args[1:i])\n\t\t\t\t\t\tif err == nil {\n\t\t\t\t\t\t\terr = processGlobalFlags(rootCmd)\n\t\t\t\t\t\t}\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t// unreachable\n\t\t\t\treturn nil\n\t\t\t},\n\t\t\tRun: func(cmd *cobra.Command, _ []string) {\n\t\t\t\tfor i, arg := range os.Args {\n\t\t\t\t\tif arg == plugin.Name {\n\t\t\t\t\t\t// ignore global options\n\t\t\t\t\t\tplugin.Run(cmd.Context(), os.Args[i+1:])\n\t\t\t\t\t\t// plugin.Run() never returns because it calls os.Exit()\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t// unreachable\n\t\t\t},\n\t\t}\n\t\t// Don't show the url scheme helper in the help output.\n\t\tif strings.HasPrefix(plugin.Name, \"url-\") {\n\t\t\tpluginCmd.Hidden = true\n\t\t}\n\t\trootCmd.AddCommand(pluginCmd)\n\t}\n}\n\n// WrapArgsError annotates cobra args error with some context, so the error message is more user-friendly.\nfunc WrapArgsError(argFn cobra.PositionalArgs) cobra.PositionalArgs {\n\treturn func(cmd *cobra.Command, args []string) error {\n\t\terr := argFn(cmd, args)\n\t\tif err == nil {\n\t\t\treturn nil\n\t\t}\n\n\t\treturn fmt.Errorf(\"%q %s.\\nSee '%s --help'.\\n\\nUsage: %s\\n\\n%s\",\n\t\t\tcmd.CommandPath(), err.Error(),\n\t\t\tcmd.CommandPath(),\n\t\t\tcmd.UseLine(), cmd.Short,\n\t\t)\n\t}\n}\n" }, { "path": "cmd/limactl/main_darwin.go", "content": "//go:build !external_vz && !no_vz\n\n// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\n// Import vz driver to register it in the registry on darwin.\nimport _ \"github.com/lima-vm/lima/v2/pkg/driver/vz\"\n" }, { "path": "cmd/limactl/main_qemu.go", "content": "//go:build !external_qemu\n\n// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\n// Import qemu driver to register it in the registry on all platforms.\nimport _ \"github.com/lima-vm/lima/v2/pkg/driver/qemu\"\n" }, { "path": "cmd/limactl/main_windows.go", "content": "//go:build !external_wsl2\n\n// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\n// Import wsl2 driver to register it in the registry on windows.\nimport _ \"github.com/lima-vm/lima/v2/pkg/driver/wsl2\"\n" }, { "path": "cmd/limactl/network.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"maps\"\n\t\"net\"\n\t\"os\"\n\t\"slices\"\n\t\"strings\"\n\t\"text/tabwriter\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/networks\"\n\t\"github.com/lima-vm/lima/v2/pkg/yqutil\"\n)\n\nconst networkExample = ` List all networks:\n $ limactl network list\n\n Create a network:\n $ limactl network create foo --gateway 192.168.42.1/24\n\n Connect VM instances to the newly created network:\n $ limactl create --network lima:foo --name vm1\n $ limactl create --network lima:foo --name vm2\n\n Delete a network:\n $ limactl network delete --force foo\n`\n\nconst networkCreateExample = ` Create a network:\n $ limactl network create foo --gateway 192.168.42.1/24\n\n Connect VM instances to the newly created network:\n $ limactl create --network lima:foo --name vm1\n $ limactl create --network lima:foo --name vm2\n`\n\nfunc newNetworkCommand() *cobra.Command {\n\tnetworkCommand := &cobra.Command{\n\t\tUse: \"network\",\n\t\tShort: \"Lima network management\",\n\t\tExample: networkExample,\n\t\tGroupID: advancedCommand,\n\t}\n\tnetworkCommand.AddCommand(\n\t\tnewNetworkListCommand(),\n\t\tnewNetworkCreateCommand(),\n\t\tnewNetworkDeleteCommand(),\n\t)\n\treturn networkCommand\n}\n\nfunc newNetworkListCommand() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"list\",\n\t\tShort: \"List networks\",\n\t\tExample: ` List all networks:\n $ limactl network list\n\n List networks in JSON format:\n $ limactl network list --json\n`,\n\t\tAliases: []string{\"ls\"},\n\t\tArgs: WrapArgsError(cobra.ArbitraryArgs),\n\t\tRunE: networkListAction,\n\t\tValidArgsFunction: networkBashComplete,\n\t}\n\tflags := cmd.Flags()\n\tflags.Bool(\"json\", false, \"JSONify output\")\n\treturn cmd\n}\n\nfunc networkListAction(cmd *cobra.Command, args []string) error {\n\tflags := cmd.Flags()\n\tjsonFormat, err := flags.GetBool(\"json\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tconfig, err := networks.LoadConfig()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tallNetworks := slices.Sorted(maps.Keys(config.Networks))\n\n\tnetworks := []string{}\n\tif len(args) > 0 {\n\t\tfor _, arg := range args {\n\t\t\tmatches := nameMatches(arg, allNetworks)\n\t\t\tif len(matches) > 0 {\n\t\t\t\tnetworks = append(networks, matches...)\n\t\t\t} else {\n\t\t\t\tlogrus.Warnf(\"No network matching %v found.\", arg)\n\t\t\t}\n\t\t}\n\t} else {\n\t\tnetworks = allNetworks\n\t}\n\n\tif jsonFormat {\n\t\tw := cmd.OutOrStdout()\n\t\tfor _, name := range networks {\n\t\t\tnw, ok := config.Networks[name]\n\t\t\tif !ok {\n\t\t\t\tlogrus.Errorf(\"network %q does not exist\", nw)\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tj, err := json.Marshal(nw)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tfmt.Fprintln(w, string(j))\n\t\t}\n\t\treturn nil\n\t}\n\n\tw := tabwriter.NewWriter(cmd.OutOrStdout(), 4, 8, 4, ' ', 0)\n\tfmt.Fprintln(w, \"NAME\\tMODE\\tGATEWAY\\tINTERFACE\")\n\tfor _, name := range networks {\n\t\tnw, ok := config.Networks[name]\n\t\tif !ok {\n\t\t\tlogrus.Errorf(\"network %q does not exist\", nw)\n\t\t\tcontinue\n\t\t}\n\t\tgwStr := \"-\"\n\t\tif nw.Gateway != nil {\n\t\t\tgw := net.IPNet{\n\t\t\t\tIP: nw.Gateway,\n\t\t\t\tMask: net.IPMask(nw.NetMask),\n\t\t\t}\n\t\t\tgwStr = gw.String()\n\t\t}\n\t\tintfStr := \"-\"\n\t\tif nw.Interface != \"\" {\n\t\t\tintfStr = nw.Interface\n\t\t}\n\t\tfmt.Fprintf(w, \"%s\\t%s\\t%s\\t%s\\n\", name, nw.Mode, gwStr, intfStr)\n\t}\n\treturn w.Flush()\n}\n\nfunc newNetworkCreateCommand() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"create NETWORK\",\n\t\tShort: \"Create a Lima network\",\n\t\tExample: networkCreateExample,\n\t\tArgs: WrapArgsError(cobra.ExactArgs(1)),\n\t\tRunE: networkCreateAction,\n\t}\n\tflags := cmd.Flags()\n\tflags.String(\"mode\", networks.ModeUserV2, \"mode\")\n\t_ = cmd.RegisterFlagCompletionFunc(\"mode\", func(*cobra.Command, []string, string) ([]string, cobra.ShellCompDirective) {\n\t\treturn networks.Modes, cobra.ShellCompDirectiveNoFileComp\n\t})\n\tflags.String(\"gateway\", \"\", \"gateway, e.g., \\\"192.168.42.1/24\\\"\")\n\tflags.String(\"interface\", \"\", \"interface for bridged mode\")\n\t_ = cmd.RegisterFlagCompletionFunc(\"interface\", bashFlagCompleteNetworkInterfaceNames)\n\treturn cmd\n}\n\nfunc networkCreateAction(cmd *cobra.Command, args []string) error {\n\tname := args[0]\n\t// LoadConfig ensures existence of networks.yaml\n\tconfig, err := networks.LoadConfig()\n\tif err != nil {\n\t\treturn err\n\t}\n\tif _, ok := config.Networks[name]; ok {\n\t\treturn fmt.Errorf(\"network %q already exists\", name)\n\t}\n\n\tflags := cmd.Flags()\n\tmode, err := flags.GetString(\"mode\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tgateway, err := flags.GetString(\"gateway\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tintf, err := flags.GetString(\"interface\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tswitch mode {\n\tcase networks.ModeBridged:\n\t\tif gateway != \"\" {\n\t\t\treturn fmt.Errorf(\"network mode %q does not support specifying gateway\", mode)\n\t\t}\n\t\tif intf == \"\" {\n\t\t\treturn fmt.Errorf(\"network mode %q requires specifying interface\", mode)\n\t\t}\n\t\tyq := fmt.Sprintf(`.networks.%q = {\"mode\":%q,\"interface\":%q}`, name, mode, intf)\n\t\treturn networkApplyYQ(yq)\n\tdefault:\n\t\tif gateway == \"\" {\n\t\t\treturn fmt.Errorf(\"network mode %q requires specifying gateway\", mode)\n\t\t}\n\t\tif intf != \"\" {\n\t\t\treturn fmt.Errorf(\"network mode %q does not support specifying interface\", mode)\n\t\t}\n\t\tif !strings.Contains(gateway, \"/\") {\n\t\t\tgateway += \"/24\"\n\t\t}\n\t\tgwIP, gwMask, err := net.ParseCIDR(gateway)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to parse CIDR %q: %w\", gateway, err)\n\t\t}\n\t\tif gwIP.IsUnspecified() || gwIP.IsLoopback() {\n\t\t\treturn fmt.Errorf(\"invalid IP address: %v\", gwIP)\n\t\t}\n\t\tgwMaskStr := \"255.255.255.0\"\n\t\tif gwMask != nil {\n\t\t\tgwMaskStr = net.IP(gwMask.Mask).String()\n\t\t}\n\t\t// TODO: check IP range collision\n\n\t\tyq := fmt.Sprintf(`.networks.%q = {\"mode\":%q,\"gateway\":%q,\"netmask\":%q,\"interface\":%q}`, name, mode, gwIP.String(), gwMaskStr, intf)\n\t\treturn networkApplyYQ(yq)\n\t}\n}\n\nfunc networkApplyYQ(yq string) error {\n\tfilePath, err := networks.ConfigFile()\n\tif err != nil {\n\t\treturn err\n\t}\n\tyContent, err := os.ReadFile(filePath)\n\tif err != nil {\n\t\treturn err\n\t}\n\tyBytes, err := yqutil.EvaluateExpression(yq, yContent)\n\tif err != nil {\n\t\treturn err\n\t}\n\tif err := os.WriteFile(filePath, yBytes, 0o644); err != nil {\n\t\treturn err\n\t}\n\treturn nil\n}\n\nfunc newNetworkDeleteCommand() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"delete NETWORK [NETWORK, ...]\",\n\t\tShort: \"Delete one or more Lima networks\",\n\t\tExample: ` Delete a network:\n $ limactl network delete --force foo\n\n Delete multiple networks:\n $ limactl network delete --force foo bar\n`,\n\t\tAliases: []string{\"remove\", \"rm\"},\n\t\tArgs: WrapArgsError(cobra.MinimumNArgs(1)),\n\t\tRunE: networkDeleteAction,\n\t\tValidArgsFunction: networkBashComplete,\n\t}\n\tflags := cmd.Flags()\n\tflags.BoolP(\"force\", \"f\", false, \"Force delete (currently always required)\")\n\treturn cmd\n}\n\nfunc networkDeleteAction(cmd *cobra.Command, args []string) error {\n\tflags := cmd.Flags()\n\tforce, err := flags.GetBool(\"force\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif !force {\n\t\treturn errors.New(\"`limactl network delete` currently always requires `--force`\")\n\t\t// Because the command currently does not check whether the network being removed is in use\n\t}\n\n\tnetworks := make([]string, len(args))\n\tfor i, name := range args {\n\t\tnetworks[i] = fmt.Sprintf(\"del(.networks.%q)\", name)\n\t}\n\tyq := strings.Join(networks, \" | \")\n\treturn networkApplyYQ(yq)\n}\n\nfunc networkBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteNetworkNames(cmd)\n}\n" }, { "path": "cmd/limactl/protect.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n)\n\nfunc newProtectCommand() *cobra.Command {\n\tprotectCommand := &cobra.Command{\n\t\tUse: \"protect INSTANCE [INSTANCE, ...]\",\n\t\tShort: \"Protect an instance to prohibit accidental removal\",\n\t\tLong: `Protect an instance to prohibit accidental removal via the 'limactl delete' command.\nThe instance is not being protected against removal via '/bin/rm', Finder, etc.`,\n\t\tArgs: WrapArgsError(cobra.MinimumNArgs(1)),\n\t\tRunE: protectAction,\n\t\tValidArgsFunction: protectBashComplete,\n\t\tGroupID: advancedCommand,\n\t}\n\treturn protectCommand\n}\n\nfunc protectAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tvar errs []error\n\tfor _, instName := range args {\n\t\tinst, err := store.Inspect(ctx, instName)\n\t\tif err != nil {\n\t\t\terrs = append(errs, fmt.Errorf(\"failed to inspect instance %q: %w\", instName, err))\n\t\t\tcontinue\n\t\t}\n\t\tif inst.Protected {\n\t\t\tlogrus.Warnf(\"Instance %q is already protected. Skipping.\", instName)\n\t\t\tcontinue\n\t\t}\n\t\tif err := inst.Protect(); err != nil {\n\t\t\terrs = append(errs, fmt.Errorf(\"failed to protect instance %q: %w\", instName, err))\n\t\t\tcontinue\n\t\t}\n\t\tlogrus.Infof(\"Protected %q\", instName)\n\t}\n\treturn errors.Join(errs...)\n}\n\nfunc protectBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n" }, { "path": "cmd/limactl/prune.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"maps\"\n\t\"os\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/downloader\"\n\t\"github.com/lima-vm/lima/v2/pkg/driverutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatmpl\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n\t\"github.com/lima-vm/lima/v2/pkg/limayaml\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n\t\"github.com/lima-vm/lima/v2/pkg/templatestore\"\n)\n\nfunc newPruneCommand() *cobra.Command {\n\tpruneCommand := &cobra.Command{\n\t\tUse: \"prune\",\n\t\tShort: \"Prune garbage objects\",\n\t\tArgs: WrapArgsError(cobra.NoArgs),\n\t\tRunE: pruneAction,\n\t\tValidArgsFunction: cobra.NoFileCompletions,\n\t\tGroupID: advancedCommand,\n\t}\n\tpruneCommand.Flags().Bool(\"keep-referred\", false, \"Keep objects that are referred by some instances or templates\")\n\treturn pruneCommand\n}\n\nfunc pruneAction(cmd *cobra.Command, _ []string) error {\n\tctx := cmd.Context()\n\tkeepReferred, err := cmd.Flags().GetBool(\"keep-referred\")\n\tif err != nil {\n\t\treturn err\n\t}\n\topt := downloader.WithCache()\n\tif !keepReferred {\n\t\treturn downloader.RemoveAllCacheDir(opt)\n\t}\n\n\t// Prune downloads that are not used by any instances or templates\n\tcacheEntries, err := downloader.CacheEntries(opt)\n\tif err != nil {\n\t\treturn err\n\t}\n\tknownLocations, err := knownLocations(ctx)\n\tif err != nil {\n\t\treturn err\n\t}\n\tfor cacheKey, cachePath := range cacheEntries {\n\t\tif file, exists := knownLocations[cacheKey]; exists {\n\t\t\tlogrus.Debugf(\"Keep %q caching %q\", cacheKey, file.Location)\n\t\t} else {\n\t\t\tlogrus.Debug(\"Deleting \", cacheKey)\n\t\t\tif err := os.RemoveAll(cachePath); err != nil {\n\t\t\t\tlogrus.Warnf(\"Failed to delete %q: %v\", cacheKey, err)\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\t}\n\treturn nil\n}\n\nfunc knownLocations(ctx context.Context) (map[string]limatype.File, error) {\n\tlocations := make(map[string]limatype.File)\n\n\t// Collect locations from instances\n\tinstances, err := store.Instances()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tfor _, instanceName := range instances {\n\t\tinstance, err := store.Inspect(ctx, instanceName)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tif instance.Errors != nil {\n\t\t\tlogrus.Warnf(\"skipping instance %q because it has errors: %v\", instanceName, instance.Errors)\n\t\t\tcontinue\n\t\t}\n\t\tmaps.Copy(locations, locationsFromLimaYAML(instance.Config))\n\t}\n\n\t// Collect locations from templates\n\ttemplates, err := templatestore.Templates()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tfor _, t := range templates {\n\t\ttmpl, err := limatmpl.Read(ctx, \"\", t.Location)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tif err := tmpl.Embed(ctx, true, true); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\ty, err := limayaml.Load(ctx, tmpl.Bytes, tmpl.Name)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tif err := driverutil.ResolveVMType(ctx, y, t.Name); err != nil {\n\t\t\tlogrus.Warnf(\"failed to resolve vmType for %q: %v\", t.Name, err)\n\t\t}\n\t\tmaps.Copy(locations, locationsFromLimaYAML(y))\n\t}\n\treturn locations, nil\n}\n\nfunc locationsFromLimaYAML(y *limatype.LimaYAML) map[string]limatype.File {\n\tlocations := make(map[string]limatype.File)\n\tfor _, f := range y.Images {\n\t\tlocations[downloader.CacheKey(f.Location)] = f.File\n\t\tif f.Kernel != nil {\n\t\t\tlocations[downloader.CacheKey(f.Kernel.Location)] = f.Kernel.File\n\t\t}\n\t\tif f.Initrd != nil {\n\t\t\tlocations[downloader.CacheKey(f.Initrd.Location)] = *f.Initrd\n\t\t}\n\t}\n\tfor _, f := range y.Containerd.Archives {\n\t\tlocations[downloader.CacheKey(f.Location)] = f\n\t}\n\tfor _, f := range y.Firmware.Images {\n\t\tlocations[downloader.CacheKey(f.Location)] = f.File\n\t}\n\treturn locations\n}\n" }, { "path": "cmd/limactl/restart.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/instance\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n)\n\nfunc newRestartCommand() *cobra.Command {\n\trestartCmd := &cobra.Command{\n\t\tUse: \"restart INSTANCE\",\n\t\tShort: \"Restart a running instance\",\n\t\tArgs: WrapArgsError(cobra.MaximumNArgs(1)),\n\t\tRunE: restartAction,\n\t\tValidArgsFunction: restartBashComplete,\n\t\tGroupID: basicCommand,\n\t}\n\n\trestartCmd.Flags().BoolP(\"force\", \"f\", false, \"Force stop and restart the instance\")\n\trestartCmd.Flags().Bool(\"progress\", false, \"Show provision script progress by tailing cloud-init logs\")\n\treturn restartCmd\n}\n\nfunc restartAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tinstName := DefaultInstanceName\n\tif len(args) > 0 {\n\t\tinstName = args[0]\n\t}\n\n\tinst, err := store.Inspect(ctx, instName)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tforce, err := cmd.Flags().GetBool(\"force\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tprogress, err := cmd.Flags().GetBool(\"progress\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif force {\n\t\treturn instance.RestartForcibly(ctx, inst, progress)\n\t}\n\n\treturn instance.Restart(ctx, inst, progress)\n}\n\nfunc restartBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n" }, { "path": "cmd/limactl/shell.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\t\"regexp\"\n\t\"runtime\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"al.essio.dev/pkg/shellescape\"\n\t\"github.com/coreos/go-semver/semver\"\n\t\"github.com/lima-vm/sshocker/pkg/ssh\"\n\t\"github.com/mattn/go-isatty\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/autostart\"\n\t\"github.com/lima-vm/lima/v2/pkg/copytool\"\n\t\"github.com/lima-vm/lima/v2/pkg/envutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/instance\"\n\t\"github.com/lima-vm/lima/v2/pkg/ioutilx\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n\t\"github.com/lima-vm/lima/v2/pkg/networks/reconcile\"\n\t\"github.com/lima-vm/lima/v2/pkg/sshutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n\t\"github.com/lima-vm/lima/v2/pkg/uiutil\"\n)\n\nconst shellHelp = `Execute shell in Lima\n\nlima command is provided as an alias for limactl shell $LIMA_INSTANCE. $LIMA_INSTANCE defaults to \"` + DefaultInstanceName + `\".\n\nBy default, the first 'ssh' executable found in the host's PATH is used to connect to the Lima instance.\nA custom ssh alias can be used instead by setting the $` + sshutil.EnvShellSSH + ` environment variable.\n\nEnvironment Variables:\n --preserve-env: Propagates host environment variables to the guest instance.\n Use LIMA_SHELLENV_ALLOW to specify which variables to allow.\n Use LIMA_SHELLENV_BLOCK to specify which variables to block (extends default blocklist with +).\n\nHint: try --debug to show the detailed logs, if it seems hanging (mostly due to some SSH issue).\n`\n\nfunc newShellCommand() *cobra.Command {\n\tshellCmd := &cobra.Command{\n\t\tUse: \"shell [flags] INSTANCE [COMMAND...]\",\n\t\tSuggestFor: []string{\"ssh\"},\n\t\tShort: \"Execute shell in Lima\",\n\t\tLong: shellHelp,\n\t\tArgs: WrapArgsError(cobra.ArbitraryArgs),\n\t\tRunE: shellAction,\n\t\tValidArgsFunction: shellBashComplete,\n\t\tSilenceErrors: true,\n\t\tGroupID: basicCommand,\n\t}\n\n\tshellCmd.Flags().SetInterspersed(false)\n\n\tshellCmd.Flags().String(\"instance\", \"\", \"Instance name (used by the lima wrapper script)\")\n\t_ = shellCmd.Flags().MarkHidden(\"instance\")\n\tshellCmd.Flags().String(\"shell\", \"\", \"Shell interpreter, e.g. /bin/bash\")\n\tshellCmd.Flags().String(\"workdir\", \"\", \"Working directory\")\n\tshellCmd.Flags().Bool(\"reconnect\", false, \"Reconnect to the SSH session\")\n\tshellCmd.Flags().Bool(\"preserve-env\", false, \"Propagate environment variables to the shell\")\n\tshellCmd.Flags().Bool(\"start\", false, \"Start the instance if it is not already running\")\n\tshellCmd.Flags().String(\"sync\", \"\", \"Copy a host directory to the guest and vice-versa upon exit\")\n\n\treturn shellCmd\n}\n\nconst (\n\trsyncMinimumSrcDirDepth = 4 // Depth of \"/Users/USER\" is 3.\n\tcolorGray = \"\\033[0;90m\"\n\tcolorNone = \"\\033[0m\"\n)\n\nfunc shellAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tflags := cmd.Flags()\n\ttty, err := flags.GetBool(\"tty\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// When --instance is specified, all positional args are treated as COMMAND.\n\t// Otherwise, the first positional arg is the instance name (backward compatible).\n\tinstName, err := flags.GetString(\"instance\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif instName != \"\" {\n\t\t// All args are COMMAND; prepend a placeholder instance name so the rest of the code works unchanged.\n\t\targs = append([]string{instName}, args...)\n\t} else {\n\t\tif len(args) == 0 {\n\t\t\treturn errors.New(\"requires instance name as first argument\")\n\t\t}\n\t\t// simulate the behavior of double dash\n\t\tnewArg := []string{}\n\t\tif len(args) >= 2 && args[1] == \"--\" {\n\t\t\tnewArg = append(newArg, args[:1]...)\n\t\t\tnewArg = append(newArg, args[2:]...)\n\t\t\targs = newArg\n\t\t}\n\t\tinstName = args[0]\n\t}\n\n\tif len(args) >= 2 {\n\t\tswitch args[1] {\n\t\tcase \"create\", \"start\", \"delete\", \"shell\":\n\t\t\t// `lima start` (alias of `limactl $LIMA_INSTANCE start`) is probably a typo of `limactl start`\n\t\t\tlogrus.Warnf(\"Perhaps you meant `limactl %s`?\", strings.Join(args[1:], \" \"))\n\t\t}\n\t}\n\n\tinst, err := store.Inspect(ctx, instName)\n\tif err != nil {\n\t\tif errors.Is(err, os.ErrNotExist) {\n\t\t\treturn fmt.Errorf(\"instance %q does not exist, run `limactl create %s` to create a new instance\", instName, instName)\n\t\t}\n\t\treturn err\n\t}\n\tif len(inst.Errors) > 0 {\n\t\tlogrus.WithError(errors.Join(inst.Errors...)).Errorf(\"Instance %q has configuration errors\", instName)\n\t}\n\tif inst.Config == nil {\n\t\treturn fmt.Errorf(\"instance %q has no configuration\", instName)\n\t}\n\tif inst.Status == limatype.StatusStopped {\n\t\tstartNow, err := flags.GetBool(\"start\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif tty && !flags.Changed(\"start\") {\n\t\t\tstartNow, err = askWhetherToStart(cmd)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\n\t\tif !startNow {\n\t\t\treturn fmt.Errorf(\"instance %q is stopped, run `limactl start %s` to start the instance\", instName, instName)\n\t\t}\n\n\t\t// Network reconciliation will be performed by the process launched by the autostart manager\n\t\tif registered, err := autostart.IsRegistered(ctx, inst); err != nil && !errors.Is(err, autostart.ErrNotSupported) {\n\t\t\treturn fmt.Errorf(\"failed to check if the autostart entry for instance %q is registered: %w\", inst.Name, err)\n\t\t} else if !registered {\n\t\t\terr = reconcile.Reconcile(ctx, inst.Name)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\n\t\terr = instance.Start(instance.WithLaunchingShell(ctx), inst, false, false)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tinst, err = store.Inspect(ctx, instName)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\trestart, err := cmd.Flags().GetBool(\"reconnect\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif restart && sshutil.IsControlMasterExisting(inst.Dir) {\n\t\tlogrus.Infof(\"Exiting ssh session for the instance %q\", instName)\n\n\t\tsshConfig := &ssh.SSHConfig{\n\t\t\tConfigFile: inst.SSHConfigFile,\n\t\t\tPersist: false,\n\t\t\tAdditionalArgs: []string{},\n\t\t}\n\n\t\tif err := ssh.ExitMaster(inst.Hostname, inst.SSHLocalPort, sshConfig); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tsyncDirVal, err := flags.GetString(\"sync\")\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to get sync flag: %w\", err)\n\t}\n\tsyncHostWorkdir := syncDirVal != \"\"\n\tif syncHostWorkdir && len(inst.Config.Mounts) > 0 {\n\t\treturn errors.New(\"cannot use `--sync` when the instance has host mounts configured, start the instance with `--mount-none` to disable mounts\")\n\t}\n\n\t// When workDir is explicitly set, the shell MUST have workDir as the cwd, or exit with an error.\n\t//\n\t// changeDirCmd := \"cd workDir || exit 1\" if workDir != \"\"\n\t// := \"cd hostCurrentDir || cd hostHomeDir\" if workDir == \"\"\n\tvar changeDirCmd string\n\tvar hostCurrentDir string\n\tif syncDirVal != \"\" {\n\t\thostCurrentDir, err = filepath.Abs(syncDirVal)\n\t\tif err == nil && runtime.GOOS == \"windows\" {\n\t\t\thostCurrentDir, err = mountDirFromWindowsDir(ctx, inst, hostCurrentDir)\n\t\t}\n\t} else {\n\t\thostCurrentDir, err = hostCurrentDirectory(ctx, inst)\n\t}\n\n\tif err != nil {\n\t\tchangeDirCmd = \"false\"\n\t\tlogrus.WithError(err).Warn(\"failed to get the current directory\")\n\t}\n\tif syncHostWorkdir {\n\t\tif _, err := exec.LookPath(string(copytool.BackendRsync)); err != nil {\n\t\t\treturn fmt.Errorf(\"rsync is required for `--sync` but not found: %w\", err)\n\t\t}\n\n\t\tsrcWdDepth := len(strings.Split(hostCurrentDir, string(os.PathSeparator)))\n\t\tif srcWdDepth < rsyncMinimumSrcDirDepth {\n\t\t\treturn fmt.Errorf(\"expected the depth of the host working directory (%q) to be more than %d, only got %d (Hint: %s)\",\n\t\t\t\thostCurrentDir, rsyncMinimumSrcDirDepth, srcWdDepth, \"cd to a deeper directory\")\n\t\t}\n\t}\n\n\tvar destRsyncDir string\n\tworkDir, err := cmd.Flags().GetString(\"workdir\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif workDir != \"\" && syncHostWorkdir {\n\t\treturn errors.New(\"cannot use `--workdir` and `--sync` at the same time\")\n\t}\n\tif syncHostWorkdir {\n\t\tdestRsyncDir = *inst.Config.User.Home + hostCurrentDir\n\t}\n\tswitch {\n\tcase workDir != \"\":\n\t\tchangeDirCmd = fmt.Sprintf(\"cd %s || exit 1\", shellescape.Quote(workDir))\n\t\t// FIXME: check whether y.Mounts contains the home, not just len > 0\n\tcase len(inst.Config.Mounts) > 0 || inst.VMType == limatype.WSL2:\n\t\tchangeDirCmd = fmt.Sprintf(\"cd %s\", shellescape.Quote(hostCurrentDir))\n\t\thostHomeDir, err := os.UserHomeDir()\n\t\tif err == nil && runtime.GOOS == \"windows\" {\n\t\t\thostHomeDir, err = mountDirFromWindowsDir(ctx, inst, hostHomeDir)\n\t\t}\n\t\tif err == nil {\n\t\t\tchangeDirCmd = fmt.Sprintf(\"%s || cd %s\", changeDirCmd, shellescape.Quote(hostHomeDir))\n\t\t} else {\n\t\t\tlogrus.WithError(err).Warn(\"failed to get the home directory\")\n\t\t}\n\tcase syncHostWorkdir:\n\t\tchangeDirCmd = fmt.Sprintf(\"cd %s\", shellescape.Quote(destRsyncDir))\n\tdefault:\n\t\tlogrus.Debug(\"the host home does not seem mounted, so the guest shell will have a different cwd\")\n\t}\n\n\tif changeDirCmd == \"\" {\n\t\tchangeDirCmd = \"false\"\n\t}\n\tlogrus.Debugf(\"changeDirCmd=%q\", changeDirCmd)\n\n\tshell, err := cmd.Flags().GetString(\"shell\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif shell == \"\" {\n\t\tshell = `\"$SHELL\"`\n\t} else {\n\t\tshell = shellescape.Quote(shell)\n\t}\n\t// Handle environment variable propagation\n\tvar envPrefix string\n\tpreserveEnv, err := cmd.Flags().GetBool(\"preserve-env\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif preserveEnv {\n\t\tfilteredEnv := envutil.FilterEnvironment()\n\t\tif len(filteredEnv) > 0 {\n\t\t\tenvPrefix = \"env \"\n\t\t\tfor _, envVar := range filteredEnv {\n\t\t\t\tenvPrefix += shellescape.Quote(envVar) + \" \"\n\t\t\t}\n\t\t}\n\t}\n\n\t// -l is known to be available in bash, zsh, and FreeBSD sh.\n\t// Note that --login is not available in FreeBSD sh.\n\tscript := fmt.Sprintf(\"%s ; exec %s%s -l\", changeDirCmd, envPrefix, shell)\n\tif len(args) > 1 {\n\t\tquotedArgs := make([]string, len(args[1:]))\n\t\tparsingEnv := true\n\t\tfor i, arg := range args[1:] {\n\t\t\tif parsingEnv && isEnv(arg) {\n\t\t\t\tquotedArgs[i] = quoteEnv(arg)\n\t\t\t} else {\n\t\t\t\tparsingEnv = false\n\t\t\t\tquotedArgs[i] = shellescape.Quote(arg)\n\t\t\t}\n\t\t}\n\t\tscript += fmt.Sprintf(\n\t\t\t\" -c %s\",\n\t\t\tshellescape.Quote(strings.Join(quotedArgs, \" \")),\n\t\t)\n\t}\n\n\tsshExe, err := sshutil.NewSSHExe()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tsshOpts, err := sshutil.SSHOpts(\n\t\tctx,\n\t\tsshExe,\n\t\tinst.Dir,\n\t\t*inst.Config.User.Name,\n\t\t*inst.Config.SSH.LoadDotSSHPubKeys,\n\t\t*inst.Config.SSH.ForwardAgent,\n\t\t*inst.Config.SSH.ForwardX11,\n\t\t*inst.Config.SSH.ForwardX11Trusted)\n\tif err != nil {\n\t\treturn err\n\t}\n\tif runtime.GOOS == \"windows\" {\n\t\t// Remove ControlMaster, ControlPath, and ControlPersist options,\n\t\t// because Cygwin-based SSH clients do not support multiplexing when executing commands.\n\t\t// References:\n\t\t// https://inbox.sourceware.org/cygwin/c98988a5-7e65-4282-b2a1-bb8e350d5fab@acm.org/T/\n\t\t// https://stackoverflow.com/questions/20959792/is-ssh-controlmaster-with-cygwin-on-windows-actually-possible\n\t\t// By removing these options:\n\t\t// - Avoids execution failures when the control master is not yet available.\n\t\t// - Prevents error messages such as:\n\t\t// > mux_client_request_session: read from master failed: Connection reset by peer\n\t\t// > ControlSocket ....sock already exists, disabling multiplexing\n\t\t// Only remove these options when writing the SSH config file and executing `limactl shell`, since multiplexing seems to work with port forwarding.\n\t\tsshOpts = sshutil.SSHOptsRemovingControlPath(sshOpts)\n\t}\n\tsshArgs := append([]string{}, sshExe.Args...)\n\tsshArgs = append(sshArgs, sshutil.SSHArgsFromOpts(sshOpts)...)\n\n\tvar (\n\t\tsshExecForRsync *exec.Cmd\n\t\trsync copytool.CopyTool\n\t)\n\tif syncHostWorkdir {\n\t\tlogrus.Infof(\"Syncing host current directory(%s) to guest instance...\", hostCurrentDir)\n\t\tsshExecForRsync = exec.CommandContext(ctx, sshExe.Exe, sshArgs...)\n\n\t\t// Create the destination directory in the guest instance,\n\t\t// we could have done this by using `--rsync-path` but it's more\n\t\t// complex to quote properly.\n\t\tif err := executeSSHForRsync(ctx, *sshExecForRsync, inst.SSHLocalPort, inst.SSHAddress, fmt.Sprintf(\"mkdir -p %s\", shellescape.Quote(destRsyncDir))); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to create the synced workdir in guest instance: %w\", err)\n\t\t}\n\n\t\t// The macOS release of rsync (the latest being 2.6.9) does not support shell escaping of destination path but other versions do.\n\t\trsyncVer, err := rsyncVersion(ctx)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to get rsync version: %w\", err)\n\t\t}\n\t\tif rsyncVer.LessThan(*semver.New(\"3.0.0\")) {\n\t\t\tdestRsyncDir = shellescape.Quote(destRsyncDir)\n\t\t}\n\n\t\tpaths := []string{\n\t\t\thostCurrentDir,\n\t\t\tfmt.Sprintf(\"%s:%s\", inst.Name, destRsyncDir),\n\t\t}\n\t\trsync, err = copytool.New(ctx, string(copytool.BackendRsync), paths, ©tool.Options{\n\t\t\tRecursive: true,\n\t\t\tVerbose: false,\n\t\t\tAdditionalArgs: []string{\n\t\t\t\t\"--delete\",\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlogrus.Debugf(\"using copy tool %q\", rsync.Name())\n\n\t\tif err := rsyncDirectory(ctx, cmd, rsync, paths); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to rsync to the guest %w\", err)\n\t\t}\n\t\tlogrus.Infof(\"Successfully synced host current directory to guest(%s) instance.\", destRsyncDir)\n\t}\n\n\tif isatty.IsTerminal(os.Stdout.Fd()) || isatty.IsCygwinTerminal(os.Stdout.Fd()) {\n\t\t// required for showing the shell prompt: https://stackoverflow.com/a/626574\n\t\tsshArgs = append(sshArgs, \"-t\")\n\t}\n\tif _, present := os.LookupEnv(\"COLORTERM\"); present {\n\t\t// SendEnv config is cumulative, with already existing options in ssh_config\n\t\tsshArgs = append(sshArgs, \"-o\", \"SendEnv=COLORTERM\")\n\t}\n\tlogLevel := \"ERROR\"\n\t// For versions older than OpenSSH 8.9p, LogLevel=QUIET was needed to\n\t// avoid the \"Shared connection to 127.0.0.1 closed.\" message with -t.\n\tolderSSH := sshutil.DetectOpenSSHVersion(ctx, sshExe).LessThan(*semver.New(\"8.9.0\"))\n\tif olderSSH {\n\t\tlogLevel = \"QUIET\"\n\t}\n\tsshArgs = append(sshArgs, []string{\n\t\t\"-o\", fmt.Sprintf(\"LogLevel=%s\", logLevel),\n\t\t\"-p\", strconv.Itoa(inst.SSHLocalPort),\n\t\tinst.SSHAddress,\n\t\t\"--\",\n\t\tscript,\n\t}...)\n\tsshCmd := exec.CommandContext(ctx, sshExe.Exe, sshArgs...)\n\tsshCmd.Stdin = os.Stdin\n\tsshCmd.Stdout = os.Stdout\n\tsshCmd.Stderr = os.Stderr\n\tlogrus.Debugf(\"executing ssh (may take a long)): %+v\", sshCmd.Args)\n\n\t// TODO: use syscall.Exec directly (results in losing tty?)\n\tif err := sshCmd.Run(); err != nil {\n\t\treturn err\n\t}\n\n\t// Once the shell command finishes, rsync back the changes from guest workdir\n\t// to the host and delete the guest synced workdir only if the user\n\t// confirms the changes.\n\tif syncHostWorkdir {\n\t\ttty, err := flags.GetBool(\"tty\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn askUserForRsyncBack(ctx, cmd, inst, sshExecForRsync, hostCurrentDir, destRsyncDir, rsync, tty)\n\t}\n\treturn nil\n}\n\nfunc askUserForRsyncBack(ctx context.Context, cmd *cobra.Command, inst *limatype.Instance, sshCmd *exec.Cmd, hostCurrentDir, destRsyncDir string, rsync copytool.CopyTool, tty bool) error {\n\tremoteSource := fmt.Sprintf(\"%s:%s\", inst.Name, destRsyncDir)\n\tclean := filepath.Clean(hostCurrentDir)\n\tdirForCleanup := shellescape.Quote(filepath.Join(*inst.Config.User.Home, clean))\n\n\trsyncBack := func() error {\n\t\tpaths := []string{\n\t\t\tremoteSource,\n\t\t\thostCurrentDir,\n\t\t}\n\n\t\tif err := rsyncDirectory(ctx, cmd, rsync, paths); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to sync back the changes from guest instance to host: %w\", err)\n\t\t}\n\t\tlogrus.Info(\"Successfully synced back the changes to host.\")\n\t\treturn nil\n\t}\n\n\tdefer func() {\n\t\t// Clean up the guest synced workdir\n\t\tif err := executeSSHForRsync(ctx, *sshCmd, inst.SSHLocalPort, inst.SSHAddress, fmt.Sprintf(\"rm -rf %s\", dirForCleanup)); err != nil {\n\t\t\tlogrus.WithError(err).Warn(\"Failed to clean up guest synced workdir\")\n\t\t}\n\t}()\n\n\tif !tty {\n\t\treturn rsyncBack()\n\t}\n\n\trawOutput, stats, err := getRsyncStats(ctx, remoteSource, filepath.Dir(hostCurrentDir))\n\tif err != nil {\n\t\tlogrus.WithError(err).Warn(\"failed to get rsync stats\")\n\t}\n\tif stats != nil && stats.String() == \"\" {\n\t\tlogrus.Info(\"No changes detected\")\n\t\treturn nil\n\t}\n\tstatsMsg := \"\"\n\tif stats != nil {\n\t\tif s := stats.String(); s != \"\" {\n\t\t\tstatsMsg = fmt.Sprintf(\" (%s)\", s)\n\t\t}\n\t}\n\n\tmessage := fmt.Sprintf(\"⚠️ Accept the changes?%s\", statsMsg)\n\toptions := []string{\n\t\t\"Yes\",\n\t\t\"No\",\n\t\t\"View the changed contents\",\n\t}\n\n\tbaseDir, err := os.MkdirTemp(\"\", \"lima-guest-synced-*\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tdefer func() {\n\t\tif err := os.RemoveAll(baseDir); err != nil {\n\t\t\tlogrus.WithError(err).Warnf(\"Failed to clean up temporary directory %s\", baseDir)\n\t\t}\n\t}()\n\thostTmpDest := filepath.Join(baseDir, filepath.Base(hostCurrentDir))\n\terr = os.MkdirAll(hostTmpDest, 0o755)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\trsyncToTempDir := false\n\n\tfor {\n\t\tans, err := uiutil.Select(message, options)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to open TUI: %w\", err)\n\t\t}\n\n\t\tswitch ans {\n\t\tcase 0: // Yes\n\t\t\treturn rsyncBack()\n\t\tcase 1: // No\n\t\t\tlogrus.Info(\"Skipping syncing back the changes to host.\")\n\t\t\treturn nil\n\t\tcase 2: // View the changed contents\n\t\t\tvar diffCmd *exec.Cmd\n\t\t\tif _, err := exec.LookPath(\"diff\"); err != nil {\n\t\t\t\tlogrus.WithError(err).Warn(\"`diff` not found; showing rsync dry-run output only\")\n\t\t\t} else {\n\t\t\t\tdiffCmd = exec.CommandContext(ctx, \"diff\", \"-ruN\", \"--color=always\", hostCurrentDir, hostTmpDest)\n\t\t\t\tif !rsyncToTempDir {\n\t\t\t\t\tpaths := []string{\n\t\t\t\t\t\tremoteSource,\n\t\t\t\t\t\thostTmpDest,\n\t\t\t\t\t}\n\n\t\t\t\t\tif err := rsyncDirectory(ctx, cmd, rsync, paths); err != nil {\n\t\t\t\t\t\treturn fmt.Errorf(\"failed to sync back the changes from guest instance to host temporary directory: %w\", err)\n\t\t\t\t\t}\n\t\t\t\t\trsyncToTempDir = true\n\t\t\t\t}\n\t\t\t}\n\t\t\tpager := os.Getenv(\"PAGER\")\n\t\t\tpager = strings.TrimSpace(pager)\n\t\t\tif pager == \"\" {\n\t\t\t\tpager = \"less\"\n\t\t\t}\n\t\t\tpagerArgs := strings.Fields(pager)\n\t\t\tlessCmd := exec.CommandContext(ctx, pagerArgs[0], pagerArgs[1:]...)\n\n\t\t\tpipeIn, err := lessCmd.StdinPipe()\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to create pipe for less: %w\", err)\n\t\t\t}\n\t\t\tif diffCmd != nil {\n\t\t\t\tdiffCmd.Stdout = pipeIn\n\t\t\t}\n\t\t\tlessCmd.Stdout = cmd.OutOrStdout()\n\t\t\tlessCmd.Stderr = cmd.OutOrStderr()\n\n\t\t\tif err := lessCmd.Start(); err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to start less: %w\", err)\n\t\t\t}\n\n\t\t\t// Write rsync dry-run output first\n\t\t\tif stats != nil {\n\t\t\t\trsyncHead := fmt.Sprintf(\"%s--- rsync dry-run statistics ---%s\", colorGray, colorNone)\n\t\t\t\tdiffHead := fmt.Sprintf(\"%s--- detailed diff --- %s\", colorGray, colorNone)\n\t\t\t\tif diffCmd == nil {\n\t\t\t\t\tdiffHead = fmt.Sprintf(\"%s--- detailed diff unavailable (`diff` not found) --- %s\", colorGray, colorNone)\n\t\t\t\t}\n\t\t\t\tcombinedOutput := fmt.Sprintf(\n\t\t\t\t\t\"%s\\n%s\\n\\n%s\\n\\n\\n%s\\n\",\n\t\t\t\t\trsyncHead,\n\t\t\t\t\tstats.String(),\n\t\t\t\t\trawOutput,\n\t\t\t\t\tdiffHead,\n\t\t\t\t)\n\n\t\t\t\tif _, err := fmt.Fprint(pipeIn, combinedOutput); err != nil {\n\t\t\t\t\t_ = pipeIn.Close()\n\t\t\t\t\treturn fmt.Errorf(\"failed to write rsync stats to pager: %w\", err)\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif diffCmd != nil {\n\t\t\t\tif err := diffCmd.Run(); err != nil {\n\t\t\t\t\t// Command `diff` returns exit code 1 when files differ.\n\t\t\t\t\tvar exitErr *exec.ExitError\n\t\t\t\t\tif errors.As(err, &exitErr) && exitErr.ExitCode() >= 2 {\n\t\t\t\t\t\t_ = pipeIn.Close()\n\t\t\t\t\t\treturn fmt.Errorf(\"failed to run diff command: %w\", err)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t_ = pipeIn.Close()\n\n\t\t\tif err := lessCmd.Wait(); err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to wait for less command: %w\", err)\n\t\t\t}\n\t\t}\n\t}\n}\n\nfunc executeSSHForRsync(ctx context.Context, sshCmd exec.Cmd, sshLocalPort int, sshAddress, command string) error {\n\tsshCmd.Args = append(sshCmd.Args,\n\t\t\"-p\", strconv.Itoa(sshLocalPort),\n\t\tsshAddress,\n\t)\n\n\t// Skip Args[0] (program name) to avoid duplication\n\tsshRmCmd := exec.CommandContext(ctx, sshCmd.Path, append(sshCmd.Args[1:], command)...)\n\tif err := sshRmCmd.Run(); err != nil {\n\t\treturn err\n\t}\n\treturn nil\n}\n\nfunc hostCurrentDirectory(ctx context.Context, inst *limatype.Instance) (string, error) {\n\thostCurrentDir, err := os.Getwd()\n\tif err == nil && runtime.GOOS == \"windows\" {\n\t\thostCurrentDir, err = mountDirFromWindowsDir(ctx, inst, hostCurrentDir)\n\t}\n\treturn hostCurrentDir, err\n}\n\nfunc rsyncVersion(ctx context.Context) (*semver.Version, error) {\n\tout, err := exec.CommandContext(ctx, string(copytool.BackendRsync), \"--version\").Output()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// `rsync version 3.2.7 protocol version 31`\n\tre := regexp.MustCompile(`version (\\d+\\.\\d+\\.\\d+)`)\n\tmatches := re.FindSubmatch(out)\n\tif len(matches) < 2 {\n\t\treturn nil, errors.New(\"failed to parse rsync version\")\n\t}\n\treturn semver.NewVersion(string(matches[1]))\n}\n\n// Syncs a directory from host to guest and vice-versa. It creates a directory in the guest's home directory and copies the contents of the host's\n// current working directory into it. The guest directory paths should be prefixed with `:` followed by the path.\nfunc rsyncDirectory(ctx context.Context, cmd *cobra.Command, rsync copytool.CopyTool, paths []string) error {\n\trsyncCmd, err := rsync.Command(ctx, paths, nil)\n\tif err != nil {\n\t\treturn err\n\t}\n\trsyncCmd.Stdout = cmd.OutOrStdout()\n\trsyncCmd.Stderr = cmd.OutOrStderr()\n\tlogrus.Debugf(\"executing rsync: %+v\", rsyncCmd.Args)\n\treturn rsyncCmd.Run()\n}\n\nfunc mountDirFromWindowsDir(ctx context.Context, inst *limatype.Instance, dir string) (string, error) {\n\tif inst.VMType == limatype.WSL2 {\n\t\tdistroName := \"lima-\" + inst.Name\n\t\treturn ioutilx.WindowsSubsystemPathForLinux(ctx, dir, distroName)\n\t}\n\treturn ioutilx.WindowsSubsystemPath(ctx, dir)\n}\n\nfunc shellBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n\nfunc isEnv(arg string) bool {\n\treturn len(strings.Split(arg, \"=\")) > 1\n}\n\nfunc quoteEnv(arg string) string {\n\tenv := strings.SplitN(arg, \"=\", 2)\n\tenv[1] = shellescape.Quote(env[1])\n\treturn strings.Join(env, \"=\")\n}\n\ntype rsyncStats struct {\n\tAdded int\n\tDeleted int\n\tModified int\n\tMetadata int\n}\n\nfunc (s *rsyncStats) String() string {\n\tif s.Added == 0 && s.Deleted == 0 && s.Modified == 0 && s.Metadata == 0 {\n\t\treturn \"\"\n\t}\n\treturn fmt.Sprintf(\"added: %d, deleted: %d, modified: %d, metadata: %d\", s.Added, s.Deleted, s.Modified, s.Metadata)\n}\n\nfunc getRsyncStats(ctx context.Context, source, destination string) (string, *rsyncStats, error) {\n\tpaths := []string{source, destination}\n\trsync, err := copytool.New(ctx, string(copytool.BackendRsync), paths, ©tool.Options{\n\t\tVerbose: true,\n\t\tAdditionalArgs: []string{\n\t\t\t\"--dry-run\",\n\t\t\t\"--itemize-changes\",\n\t\t\t\"-ah\",\n\t\t\t\"--delete\",\n\t\t},\n\t})\n\tif err != nil {\n\t\treturn \"\", nil, err\n\t}\n\n\trsyncCmd, err := rsync.Command(ctx, paths, nil)\n\tif err != nil {\n\t\treturn \"\", nil, err\n\t}\n\tlogrus.Debugf(\"executing rsync for stats: %+v\", rsyncCmd.Args)\n\n\tout, err := rsyncCmd.Output()\n\tif err != nil {\n\t\treturn \"\", nil, err\n\t}\n\toutput := string(out)\n\treturn output, parseRsyncStats(output), nil\n}\n\n// parseRsyncStats parses the output of `rsync --itemize-changes` to extract file operation statistics.\n//\n// Rsync itemized format: YXcstpoguax path/to/file\n// Where Y=update type, X=file type, c=checksum status, and positions 3-10 are other attributes.\n//\n// Examples:\n//\n//\t>f+++++++++ file.txt → Added (new file received)\n//\t>f.st...... file.txt → Modified (existing file updated)\n//\t*deleting file.txt → Deleted\n//\n// Logic:\n//\n// - `*deleting`: Count as Deleted.\n// - Update type `<` (sent), `>` (received), or `c` (local change):\n// - If checksum is `+` (created): Count as Added.\n// - Otherwise: Count as Modified.\n//\n// - Update type `.` with non-`.` metadata attributes (positions 3-10):\n// - Count as Metadata.\nfunc parseRsyncStats(output string) *rsyncStats {\n\tvar s rsyncStats\n\tfor line := range strings.SplitSeq(output, \"\\n\") {\n\t\tif len(line) < 12 {\n\t\t\tcontinue\n\t\t}\n\n\t\tif strings.HasPrefix(line, \"*deleting\") {\n\t\t\ts.Deleted++\n\t\t\tcontinue\n\t\t}\n\n\t\tupdateType := line[0]\n\t\tchecksum := line[2]\n\n\t\tif updateType == '<' || updateType == '>' || updateType == 'c' {\n\t\t\tif checksum == '+' {\n\t\t\t\ts.Added++\n\t\t\t} else {\n\t\t\t\ts.Modified++\n\t\t\t}\n\t\t\tcontinue\n\t\t}\n\n\t\tif updateType == '.' && hasMetadataDelta(line[2:11]) {\n\t\t\ts.Metadata++\n\t\t}\n\t}\n\treturn &s\n}\n\nfunc hasMetadataDelta(attrs string) bool {\n\tfor _, ch := range attrs {\n\t\tif ch != '.' {\n\t\t\treturn true\n\t\t}\n\t}\n\treturn false\n}\n" }, { "path": "cmd/limactl/shell_test.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"testing\"\n\n\t\"gotest.tools/v3/assert\"\n)\n\nfunc TestParseRsyncStats(t *testing.T) {\n\ttests := []struct {\n\t\tname string\n\t\toutput string\n\t\texpected *rsyncStats\n\t}{\n\t\t{\n\t\t\tname: \"mixed output\",\n\t\t\toutput: `\n>f+++++++++ new-file.txt\ncd+++++++++ dir/\ncL+++++++++ new-symlink -> target\n*deleting deleted.txt\n`,\n\t\t\texpected: &rsyncStats{\n\t\t\t\tAdded: 3,\n\t\t\t\tDeleted: 1,\n\t\t\t\tModified: 0,\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tname: \"metadata-only changes\",\n\t\t\toutput: `\n.d..t...... ./\n.f...p..... existing.txt\n`,\n\t\t\texpected: &rsyncStats{\n\t\t\t\tAdded: 0,\n\t\t\t\tDeleted: 0,\n\t\t\t\tModified: 0,\n\t\t\t\tMetadata: 2,\n\t\t\t},\n\t\t},\n\t\t{\n\t\t\tname: \"many changes\",\n\t\t\toutput: `\n 1 && fields[1] != \"TAG\" {\n\t\t\t\t// make sure that output matches the expected\n\t\t\t\treturn fmt.Errorf(\"unknown header: %s\", line)\n\t\t\t}\n\t\t\tif i == 0 || line == \"\" {\n\t\t\t\t// skip header and empty line after using split\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\ttag := fields[1]\n\t\t\tfmt.Fprintf(cmd.OutOrStdout(), \"%s\\n\", tag)\n\t\t}\n\t\treturn nil\n\t}\n\tfmt.Fprint(cmd.OutOrStdout(), out)\n\treturn nil\n}\n\nfunc snapshotBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n" }, { "path": "cmd/limactl/start-at-login.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"github.com/spf13/cobra\"\n)\n\nfunc newStartAtLoginCommand() *cobra.Command {\n\tstartAtLoginCommand := &cobra.Command{\n\t\tUse: \"start-at-login INSTANCE\",\n\t\tShort: \"Register/Unregister an autostart file for the instance\",\n\t\tArgs: WrapArgsError(cobra.MaximumNArgs(1)),\n\t\tRunE: startAtLoginAction,\n\t\tValidArgsFunction: startAtLoginComplete,\n\t\tGroupID: advancedCommand,\n\t}\n\n\tstartAtLoginCommand.Flags().Bool(\n\t\t\"enabled\", true,\n\t\t\"Automatically start the instance when the user logs in\",\n\t)\n\n\treturn startAtLoginCommand\n}\n\nfunc startAtLoginComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n" }, { "path": "cmd/limactl/start-at-login_unix.go", "content": "//go:build !windows\n\n// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/autostart\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n)\n\nfunc startAtLoginAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tinstName := DefaultInstanceName\n\tif len(args) > 0 {\n\t\tinstName = args[0]\n\t}\n\n\tinst, err := store.Inspect(ctx, instName)\n\tif err != nil {\n\t\tif errors.Is(err, os.ErrNotExist) {\n\t\t\tlogrus.Infof(\"Instance %q not found\", instName)\n\t\t\treturn nil\n\t\t}\n\t\treturn err\n\t}\n\n\tflags := cmd.Flags()\n\tstartAtLogin, err := flags.GetBool(\"enabled\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif registered, err := autostart.IsRegistered(ctx, inst); err != nil {\n\t\treturn fmt.Errorf(\"failed to check if the autostart entry for instance %q is registered: %w\", inst.Name, err)\n\t} else if startAtLogin {\n\t\tverb := \"create\"\n\t\tif registered {\n\t\t\tverb = \"update\"\n\t\t}\n\t\tif err := autostart.RegisterToStartAtLogin(ctx, inst); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to %s the autostart entry for instance %q: %w\", verb, inst.Name, err)\n\t\t}\n\t\tlogrus.Infof(\"The autostart entry for instance %q has been %sd\", inst.Name, verb)\n\t} else {\n\t\tif !registered {\n\t\t\tlogrus.Infof(\"The autostart entry for instance %q is not registered\", inst.Name)\n\t\t} else if err := autostart.UnregisterFromStartAtLogin(ctx, inst); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to unregister the autostart entry for instance %q: %w\", inst.Name, err)\n\t\t} else {\n\t\t\tlogrus.Infof(\"The autostart entry for instance %q has been unregistered\", inst.Name)\n\t\t}\n\t}\n\n\treturn nil\n}\n" }, { "path": "cmd/limactl/start-at-login_windows.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\n\t\"github.com/spf13/cobra\"\n)\n\nfunc startAtLoginAction(_ *cobra.Command, _ []string) error {\n\treturn errors.New(\"start-at-login command is only supported on macOS and Linux right now\")\n}\n" }, { "path": "cmd/limactl/start.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"strings\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\t\"github.com/spf13/pflag\"\n\n\t\"github.com/lima-vm/lima/v2/cmd/limactl/editflags\"\n\t\"github.com/lima-vm/lima/v2/pkg/autostart\"\n\t\"github.com/lima-vm/lima/v2/pkg/driverutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/editutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/instance\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatmpl\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/dirnames\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/filenames\"\n\t\"github.com/lima-vm/lima/v2/pkg/limayaml\"\n\t\"github.com/lima-vm/lima/v2/pkg/networks/reconcile\"\n\t\"github.com/lima-vm/lima/v2/pkg/registry\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n\t\"github.com/lima-vm/lima/v2/pkg/templatestore\"\n\t\"github.com/lima-vm/lima/v2/pkg/uiutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/yqutil\"\n)\n\nfunc registerCreateFlags(cmd *cobra.Command, commentPrefix string) {\n\tflags := cmd.Flags()\n\tflags.String(\"name\", \"\", commentPrefix+\"Override the instance name\")\n\tflags.Bool(\"list-templates\", false, commentPrefix+\"List available templates and exit\")\n\tflags.Bool(\"list-drivers\", false, commentPrefix+\"List available drivers and exit\")\n\teditflags.RegisterCreate(cmd, commentPrefix)\n}\n\nfunc newCreateCommand() *cobra.Command {\n\tcreateCommand := &cobra.Command{\n\t\tUse: \"create FILE.yaml|URL\",\n\t\tExample: `\n To create an instance \"default\" from the default Ubuntu template:\n $ limactl create\n\n To create an instance \"default\" from a template \"docker\":\n $ limactl create --name=default template:docker\n\n To create an instance \"default\" with modified parameters:\n $ limactl create --cpus=2 --memory=2\n\n To create an instance \"default\" with yq expressions:\n $ limactl create --set='.cpus = 2 | .memory = \"2GiB\"'\n\n To see the template list:\n $ limactl create --list-templates\n\n To create an instance \"default\" from a local file:\n $ limactl create --name=default /usr/local/share/lima/templates/fedora.yaml\n\n To create an instance \"default\" from a remote URL (use carefully, with a trustable source):\n $ limactl create --name=default https://raw.githubusercontent.com/lima-vm/lima/master/templates/alpine.yaml\n\n To create an instance \"local\" from a template passed to stdin (--name parameter is required):\n $ cat template.yaml | limactl create --name=local -\n`,\n\t\tShort: \"Create an instance of Lima\",\n\t\tArgs: WrapArgsError(cobra.MaximumNArgs(1)),\n\t\tValidArgsFunction: createBashComplete,\n\t\tRunE: createAction,\n\t\tGroupID: basicCommand,\n\t}\n\tregisterCreateFlags(createCommand, \"\")\n\treturn createCommand\n}\n\nfunc newStartCommand() *cobra.Command {\n\tstartCommand := &cobra.Command{\n\t\tUse: \"start NAME|FILE.yaml|URL\",\n\t\tExample: `\n To create an instance \"default\" (if not created yet) from the default Ubuntu template, and start it:\n $ limactl start\n\n To create an instance \"default\" from a template \"docker\", and start it:\n $ limactl start --name=default template:docker\n`,\n\t\tShort: \"Start an instance of Lima\",\n\t\tArgs: WrapArgsError(cobra.MaximumNArgs(1)),\n\t\tValidArgsFunction: startBashComplete,\n\t\tRunE: startAction,\n\t\tGroupID: basicCommand,\n\t}\n\tregisterCreateFlags(startCommand, \"[limactl create] \")\n\tif runtime.GOOS != \"windows\" {\n\t\tstartCommand.Flags().Bool(\"foreground\", false, \"Run the hostagent in the foreground\")\n\t}\n\tstartCommand.Flags().Duration(\"timeout\", instance.DefaultWatchHostAgentEventsTimeout, \"Duration to wait for the instance to be running before timing out\")\n\tstartCommand.Flags().Bool(\"progress\", false, \"Show provision script progress by tailing cloud-init logs\")\n\tstartCommand.SetHelpFunc(func(cmd *cobra.Command, _ []string) {\n\t\tprintCommandSummary(cmd)\n\n\t\tallFlags, createFlags := collectFlags(cmd)\n\t\tprintFlags(allFlags, createFlags)\n\n\t\tprintGlobalFlags(cmd)\n\t})\n\n\treturn startCommand\n}\n\nfunc printCommandSummary(cmd *cobra.Command) {\n\tfmt.Fprintf(cmd.OutOrStdout(), \"%s\\n\\n\", cmd.Short)\n\tfmt.Fprintf(cmd.OutOrStdout(), \"Usage:\\n %s\\n\\n\", cmd.UseLine())\n\n\tif cmd.Example != \"\" {\n\t\tfmt.Fprintf(cmd.OutOrStdout(), \"Examples:\\n%s\\n\\n\", cmd.Example)\n\t}\n}\n\nfunc getFlagType(flag *pflag.Flag) string {\n\tswitch flag.Value.Type() {\n\tcase \"bool\":\n\t\treturn \"\"\n\tcase \"string\":\n\t\treturn \"string\"\n\tcase \"int\":\n\t\treturn \"int\"\n\tcase \"duration\":\n\t\treturn \"duration\"\n\tcase \"stringSlice\", \"stringArray\":\n\t\treturn \"strings\"\n\tcase \"ipSlice\":\n\t\treturn \"ipSlice\"\n\tcase \"uint16\":\n\t\treturn \"uint16\"\n\tcase \"float32\":\n\t\treturn \"float32\"\n\tdefault:\n\t\treturn flag.Value.Type()\n\t}\n}\n\nfunc formatFlag(flag *pflag.Flag) (flagName, shorthand string) {\n\tflagName = \"--\" + flag.Name\n\n\tif flag.Shorthand != \"\" {\n\t\tshorthand = \"-\" + flag.Shorthand\n\t}\n\n\tflagType := getFlagType(flag)\n\tif flagType != \"\" {\n\t\tflagName += \" \" + flagType\n\t}\n\n\treturn flagName, shorthand\n}\n\nfunc collectFlags(cmd *cobra.Command) (allFlags, createFlags []string) {\n\tcmd.LocalFlags().VisitAll(func(flag *pflag.Flag) {\n\t\tflagName, shorthand := formatFlag(flag)\n\t\tflagUsage := flag.Usage\n\n\t\tvar formattedFlag string\n\t\tif shorthand != \"\" {\n\t\t\tformattedFlag = fmt.Sprintf(\" %s, %s\", shorthand, flagName)\n\t\t} else {\n\t\t\tformattedFlag = fmt.Sprintf(\" %s\", flagName)\n\t\t}\n\n\t\tif strings.HasPrefix(flagUsage, \"[limactl create]\") {\n\t\t\tcleanUsage := strings.TrimPrefix(flagUsage, \"[limactl create] \")\n\t\t\tcreateFlags = append(createFlags, fmt.Sprintf(\"%-25s %s\", formattedFlag, cleanUsage))\n\t\t} else {\n\t\t\tallFlags = append(allFlags, fmt.Sprintf(\"%-25s %s\", formattedFlag, flagUsage))\n\t\t}\n\t})\n\treturn allFlags, createFlags\n}\n\nfunc printFlags(allFlags, createFlags []string) {\n\tif len(allFlags) > 0 {\n\t\tfmt.Fprint(os.Stdout, \"Flags:\\n\")\n\t\tfor _, flag := range allFlags {\n\t\t\tfmt.Fprintln(os.Stdout, flag)\n\t\t}\n\t\tfmt.Fprint(os.Stdout, \"\\n\")\n\t}\n\n\tif len(createFlags) > 0 {\n\t\tfmt.Fprint(os.Stdout, \"Flags inherited from `limactl create`:\\n\")\n\t\tfor _, flag := range createFlags {\n\t\t\tfmt.Fprintln(os.Stdout, flag)\n\t\t}\n\t\tfmt.Fprint(os.Stdout, \"\\n\")\n\t}\n}\n\nfunc printGlobalFlags(cmd *cobra.Command) {\n\tif cmd.HasAvailableInheritedFlags() {\n\t\tfmt.Fprintf(cmd.OutOrStdout(), \"Global Flags:\\n%s\", cmd.InheritedFlags().FlagUsages())\n\t}\n}\n\nfunc loadOrCreateInstance(cmd *cobra.Command, args []string, createOnly bool) (*limatype.Instance, error) {\n\tctx := cmd.Context()\n\tvar arg string // can be empty\n\tif len(args) > 0 {\n\t\targ = args[0]\n\t}\n\n\tflags := cmd.Flags()\n\n\t// Create an instance, with menu TUI when TTY is available\n\ttty, err := flags.GetBool(\"tty\")\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tname, err := flags.GetString(\"name\")\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tif name != \"\" {\n\t\terr := dirnames.ValidateInstName(name)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\tif isTemplateURL, templateName := limatmpl.SeemsTemplateURL(arg); isTemplateURL {\n\t\tswitch templateName {\n\t\tcase \"experimental/vz\":\n\t\t\tlogrus.Warn(\"template:experimental/vz was merged into the default template in Lima v1.0. See also .\")\n\t\tcase \"experimental/riscv64\":\n\t\t\tlogrus.Warn(\"template:experimental/riscv64 was merged into the default template in Lima v1.0. Use `limactl create --arch=riscv64 template:default` instead.\")\n\t\tcase \"experimental/armv7l\":\n\t\t\tlogrus.Warn(\"template:experimental/armv7l was merged into the default template in Lima v1.0. Use `limactl create --arch=armv7l template:default` instead.\")\n\t\tcase \"vmnet\":\n\t\t\tlogrus.Warn(\"template:vmnet was removed in Lima v1.0. Use `limactl create --network=lima:shared template:default` instead. See also .\")\n\t\tcase \"experimental/net-user-v2\":\n\t\t\tlogrus.Warn(\"template:experimental/net-user-v2 was removed in Lima v1.0. Use `limactl create --network=lima:user-v2 template:default` instead. See also .\")\n\t\tcase \"experimental/9p\":\n\t\t\tlogrus.Warn(\"template:experimental/9p was removed in Lima v1.0. Use `limactl create --vm-type=qemu --mount-type=9p template:default` instead. See also .\")\n\t\tcase \"experimental/virtiofs-linux\":\n\t\t\tlogrus.Warn(\"template:experimental/virtiofs-linux was removed in Lima v1.0. Use `limactl create --mount-type=virtiofs template:default` instead. See also .\")\n\t\t}\n\t}\n\tif arg == \"-\" {\n\t\tif name == \"\" {\n\t\t\treturn nil, errors.New(\"must pass instance name with --name when reading template from stdin\")\n\t\t}\n\t\t// see if the tty was set explicitly or not\n\t\tttySet := cmd.Flags().Changed(\"tty\")\n\t\tif ttySet && tty {\n\t\t\treturn nil, errors.New(\"cannot use --tty=true when reading template from stdin\")\n\t\t}\n\t\ttty = false\n\t}\n\tvar tmpl *limatmpl.Template\n\tif err := dirnames.ValidateInstName(arg); arg == \"\" || err == nil {\n\t\ttmpl = &limatmpl.Template{Name: name}\n\t\tif arg == \"\" {\n\t\t\tif name == \"\" {\n\t\t\t\ttmpl.Name = DefaultInstanceName\n\t\t\t}\n\t\t} else {\n\t\t\tlogrus.Debugf(\"interpreting argument %q as an instance name\", arg)\n\t\t\tif name != \"\" && name != arg {\n\t\t\t\treturn nil, fmt.Errorf(\"instance name %q and CLI flag --name=%q cannot be specified together\", arg, tmpl.Name)\n\t\t\t}\n\t\t\ttmpl.Name = arg\n\t\t}\n\t\t// store.Inspect() will validate the template name (in case it has been set to arg)\n\t\tinst, err := store.Inspect(ctx, tmpl.Name)\n\t\tif err == nil {\n\t\t\tif createOnly {\n\t\t\t\treturn nil, fmt.Errorf(\"instance %q already exists\", tmpl.Name)\n\t\t\t}\n\t\t\tlogrus.Infof(\"Using the existing instance %q\", tmpl.Name)\n\t\t\tyqExprs, err := editflags.YQExpressions(flags, false)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\t\t\tif len(yqExprs) > 0 {\n\t\t\t\tyq := yqutil.Join(yqExprs)\n\t\t\t\tinst, err = applyYQExpressionToExistingInstance(ctx, inst, yq)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, fmt.Errorf(\"failed to apply yq expression %q to instance %q: %w\", yq, tmpl.Name, err)\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn inst, nil\n\t\t}\n\t\tif !errors.Is(err, os.ErrNotExist) {\n\t\t\treturn nil, err\n\t\t}\n\t\tif arg != \"\" && arg != DefaultInstanceName {\n\t\t\tlogrus.Infof(\"Creating an instance %q from template:default (Not from template:%s)\", tmpl.Name, tmpl.Name)\n\t\t\tlogrus.Warnf(\"This form is deprecated. Use `limactl create --name=%s template:default` instead\", tmpl.Name)\n\t\t}\n\t\t// Read the default template for creating a new instance\n\t\ttmpl.Bytes, err = templatestore.Read(templatestore.Default)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t} else {\n\t\ttmpl, err = limatmpl.Read(cmd.Context(), name, arg)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tif createOnly {\n\t\t\t// store.Inspect() will also validate the instance name\n\t\t\tif _, err := store.Inspect(ctx, tmpl.Name); err == nil {\n\t\t\t\treturn nil, fmt.Errorf(\"instance %q already exists\", tmpl.Name)\n\t\t\t}\n\t\t} else if err := dirnames.ValidateInstName(tmpl.Name); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\tif err := tmpl.Embed(cmd.Context(), true, true); err != nil {\n\t\treturn nil, err\n\t}\n\tif err := tmpl.Unmarshal(); err != nil {\n\t\treturn nil, err\n\t}\n\tif tmpl.Config != nil && tmpl.Config.OS != nil && *tmpl.Config.OS != limatype.LINUX {\n\t\tlogrus.Warn(\"Support for non-Linux guests is experimental\")\n\t}\n\tyqExprs, err := editflags.YQExpressions(flags, true)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tyq := yqutil.Join(yqExprs)\n\tif tty {\n\t\tvar err error\n\t\ttmpl, err = chooseNextCreatorState(cmd.Context(), tmpl, yq)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t} else {\n\t\tlogrus.Info(\"Terminal is not available, proceeding without opening an editor\")\n\t\tif err := modifyInPlace(tmpl, yq); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\tsaveBrokenYAML := tty\n\treturn instance.Create(cmd.Context(), tmpl.Name, tmpl.Bytes, saveBrokenYAML)\n}\n\nfunc applyYQExpressionToExistingInstance(ctx context.Context, inst *limatype.Instance, yq string) (*limatype.Instance, error) {\n\tif strings.TrimSpace(yq) == \"\" {\n\t\treturn inst, nil\n\t}\n\tfilePath := filepath.Join(inst.Dir, filenames.LimaYAML)\n\tyContent, err := os.ReadFile(filePath)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tlogrus.Debugf(\"Applying yq expression %q to an existing instance %q\", yq, inst.Name)\n\tyBytes, err := yqutil.EvaluateExpression(yq, yContent)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\ty, err := limayaml.Load(ctx, yBytes, filePath)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tif err := driverutil.ResolveVMType(ctx, y, filePath); err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to resolve vm for %q: %w\", filePath, err)\n\t}\n\tif err := limayaml.Validate(y, true); err != nil {\n\t\trejectedYAML := \"lima.REJECTED.yaml\"\n\t\tif writeErr := os.WriteFile(rejectedYAML, yBytes, 0o644); writeErr != nil {\n\t\t\treturn nil, fmt.Errorf(\"the YAML is invalid, attempted to save the buffer as %q but failed: %w: %w\", rejectedYAML, writeErr, err)\n\t\t}\n\t\t// TODO: may need to support editing the rejected YAML\n\t\treturn nil, fmt.Errorf(\"the YAML is invalid, saved the buffer as %q: %w\", rejectedYAML, err)\n\t}\n\tif err := os.WriteFile(filePath, yBytes, 0o644); err != nil {\n\t\treturn nil, err\n\t}\n\t// Reload\n\treturn store.Inspect(ctx, inst.Name)\n}\n\nfunc modifyInPlace(st *limatmpl.Template, yq string) error {\n\tout, err := yqutil.EvaluateExpression(yq, st.Bytes)\n\tif err != nil {\n\t\treturn err\n\t}\n\tst.Bytes = out\n\treturn nil\n}\n\n// exitSuccessError is an error that indicates a successful exit.\ntype exitSuccessError struct {\n\tMsg string\n}\n\n// Error implements error.\nfunc (e exitSuccessError) Error() string {\n\treturn e.Msg\n}\n\n// ExitCode implements ExitCoder.\nfunc (exitSuccessError) ExitCode() int {\n\treturn 0\n}\n\nfunc chooseNextCreatorState(ctx context.Context, tmpl *limatmpl.Template, yq string) (*limatmpl.Template, error) {\n\tfor {\n\t\tif err := modifyInPlace(tmpl, yq); err != nil {\n\t\t\tlogrus.WithError(err).Warn(\"Failed to evaluate yq expression\")\n\t\t\treturn tmpl, err\n\t\t}\n\t\tmessage := fmt.Sprintf(\"Creating an instance %q\", tmpl.Name)\n\t\toptions := []string{\n\t\t\t\"Proceed with the current configuration\",\n\t\t\t\"Open an editor to review or modify the current configuration\",\n\t\t\t\"Choose another template (docker, podman, archlinux, fedora, ...)\",\n\t\t\t\"Exit\",\n\t\t}\n\t\tans, err := uiutil.Select(message, options)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, uiutil.InterruptErr) {\n\t\t\t\tlogrus.Fatal(\"Interrupted by user\")\n\t\t\t}\n\t\t\tlogrus.WithError(err).Warn(\"Failed to open TUI\")\n\t\t\treturn tmpl, nil\n\t\t}\n\t\tswitch ans {\n\t\tcase 0: // \"Proceed with the current configuration\"\n\t\t\treturn tmpl, nil\n\t\tcase 1: // \"Open an editor ...\"\n\t\t\thdr := fmt.Sprintf(\"# Review and modify the following configuration for Lima instance %q.\\n\", tmpl.Name)\n\t\t\tif tmpl.Name == DefaultInstanceName {\n\t\t\t\thdr += \"# - In most cases, you do not need to modify this file.\\n\"\n\t\t\t}\n\t\t\thdr += \"# - To cancel starting Lima, just save this file as an empty file.\\n\"\n\t\t\thdr += \"\\n\"\n\t\t\thdr += editutil.GenerateEditorWarningHeader()\n\t\t\tvar err error\n\t\t\ttmpl.Bytes, err = editutil.OpenEditor(ctx, tmpl.Bytes, hdr)\n\t\t\ttmpl.Config = nil\n\t\t\tif err != nil {\n\t\t\t\treturn tmpl, err\n\t\t\t}\n\t\t\tif len(tmpl.Bytes) == 0 {\n\t\t\t\tconst msg = \"Aborting, as requested by saving the file with empty content\"\n\t\t\t\tlogrus.Info(msg)\n\t\t\t\treturn nil, exitSuccessError{Msg: msg}\n\t\t\t}\n\t\t\terr = tmpl.Embed(ctx, true, true)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\t\t\treturn tmpl, nil\n\t\tcase 2: // \"Choose another template...\"\n\t\t\ttemplates, err := filterHiddenTemplates()\n\t\t\tif err != nil {\n\t\t\t\treturn tmpl, err\n\t\t\t}\n\t\t\tmessage := \"Choose a template\"\n\t\t\toptions := make([]string, len(templates))\n\t\t\tfor i := range templates {\n\t\t\t\toptions[i] = templates[i].Name\n\t\t\t}\n\t\t\tansEx, err := uiutil.Select(message, options)\n\t\t\tif err != nil {\n\t\t\t\treturn tmpl, err\n\t\t\t}\n\t\t\tif ansEx > len(templates)-1 {\n\t\t\t\treturn tmpl, fmt.Errorf(\"invalid answer %d for %d entries\", ansEx, len(templates))\n\t\t\t}\n\t\t\tyamlPath := templates[ansEx].Location\n\t\t\tif tmpl.Name == \"\" {\n\t\t\t\ttmpl.Name, err = limatmpl.InstNameFromYAMLPath(yamlPath)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\t\t\t}\n\t\t\ttmpl, err = limatmpl.Read(ctx, tmpl.Name, yamlPath)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\t\t\terr = tmpl.Embed(ctx, true, true)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\t\t\tcontinue\n\t\tcase 3: // \"Exit\"\n\t\t\treturn nil, exitSuccessError{Msg: \"Choosing to exit\"}\n\t\tdefault:\n\t\t\treturn tmpl, fmt.Errorf(\"unexpected answer %q\", ans)\n\t\t}\n\t}\n}\n\n// createStartActionCommon is shared by createAction and startAction.\nfunc createStartActionCommon(cmd *cobra.Command, _ []string) (exit bool, err error) {\n\tif listTemplates, err := cmd.Flags().GetBool(\"list-templates\"); err != nil {\n\t\treturn true, err\n\t} else if listTemplates {\n\t\ttemplates, err := filterHiddenTemplates()\n\t\tif err != nil {\n\t\t\treturn true, err\n\t\t}\n\t\tw := cmd.OutOrStdout()\n\t\tfor _, f := range templates {\n\t\t\t_, _ = fmt.Fprintln(w, f.Name)\n\t\t}\n\t\treturn true, nil\n\t} else if listDrivers, err := cmd.Flags().GetBool(\"list-drivers\"); err != nil {\n\t\treturn true, err\n\t} else if listDrivers {\n\t\tw := cmd.OutOrStdout()\n\t\tfor k := range registry.List() {\n\t\t\t_, _ = fmt.Fprintln(w, k)\n\t\t}\n\t\treturn true, nil\n\t}\n\treturn false, nil\n}\n\nfunc filterHiddenTemplates() ([]templatestore.Template, error) {\n\ttemplates, err := templatestore.Templates()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tvar filtered []templatestore.Template\n\tfor _, f := range templates {\n\t\t// Don't show internal base templates like `_default/*` and `_images/*`.\n\t\tif !strings.HasPrefix(f.Name, \"_\") {\n\t\t\tfiltered = append(filtered, f)\n\t\t}\n\t}\n\treturn filtered, nil\n}\n\nfunc createAction(cmd *cobra.Command, args []string) error {\n\tif exit, err := createStartActionCommon(cmd, args); err != nil {\n\t\treturn err\n\t} else if exit {\n\t\treturn nil\n\t}\n\tinst, err := loadOrCreateInstance(cmd, args, true)\n\tif err != nil {\n\t\treturn err\n\t}\n\tif len(inst.Errors) > 0 {\n\t\treturn fmt.Errorf(\"errors inspecting instance: %+v\", inst.Errors)\n\t}\n\tif _, err = instance.Prepare(cmd.Context(), inst, \"\"); err != nil {\n\t\treturn err\n\t}\n\tlogrus.Infof(\"Run `limactl start %s` to start the instance.\", inst.Name)\n\treturn nil\n}\n\nfunc startAction(cmd *cobra.Command, args []string) error {\n\tif exit, err := createStartActionCommon(cmd, args); err != nil {\n\t\treturn err\n\t} else if exit {\n\t\treturn nil\n\t}\n\tinst, err := loadOrCreateInstance(cmd, args, false)\n\tif err != nil {\n\t\treturn err\n\t}\n\tif len(inst.Errors) > 0 {\n\t\treturn fmt.Errorf(\"errors inspecting instance: %+v\", inst.Errors)\n\t}\n\tswitch inst.Status {\n\tcase limatype.StatusRunning:\n\t\tlogrus.Infof(\"The instance %q is already running. Run `%s` to open the shell.\",\n\t\t\tinst.Name, instance.LimactlShellCmd(inst.Name))\n\t\t// Not an error\n\t\treturn nil\n\tcase limatype.StatusStopped:\n\t\t// NOP\n\tdefault:\n\t\tlogrus.Warnf(\"expected status %q, got %q\", limatype.StatusStopped, inst.Status)\n\t}\n\tctx := cmd.Context()\n\t// Network reconciliation will be performed by the process launched by the autostart manager\n\tif registered, err := autostart.IsRegistered(ctx, inst); err != nil && !errors.Is(err, autostart.ErrNotSupported) {\n\t\treturn fmt.Errorf(\"failed to check if the autostart entry for instance %q is registered: %w\", inst.Name, err)\n\t} else if (registered && autostart.AutoStartedIdentifier() != \"\") || !registered {\n\t\terr = reconcile.Reconcile(ctx, inst.Name)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tlaunchHostAgentForeground := false\n\tif runtime.GOOS != \"windows\" {\n\t\tforeground, err := cmd.Flags().GetBool(\"foreground\")\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlaunchHostAgentForeground = foreground\n\t}\n\ttimeout, err := cmd.Flags().GetDuration(\"timeout\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif timeout > 0 {\n\t\tctx = instance.WithWatchHostAgentTimeout(ctx, timeout)\n\t}\n\n\tprogress, err := cmd.Flags().GetBool(\"progress\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn instance.Start(ctx, inst, launchHostAgentForeground, progress)\n}\n\nfunc createBashComplete(cmd *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteTemplateNames(cmd, toComplete)\n}\n\nfunc startBashComplete(cmd *cobra.Command, _ []string, toComplete string) ([]string, cobra.ShellCompDirective) {\n\tcompInst, _ := bashCompleteInstanceNames(cmd)\n\tcompTmpl, _ := bashCompleteTemplateNames(cmd, toComplete)\n\treturn append(compInst, compTmpl...), cobra.ShellCompDirectiveDefault\n}\n" }, { "path": "cmd/limactl/stop.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/instance\"\n\t\"github.com/lima-vm/lima/v2/pkg/networks/reconcile\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n)\n\nfunc newStopCommand() *cobra.Command {\n\tstopCmd := &cobra.Command{\n\t\tUse: \"stop INSTANCE\",\n\t\tShort: \"Stop an instance\",\n\t\tArgs: WrapArgsError(cobra.MaximumNArgs(1)),\n\t\tRunE: stopAction,\n\t\tValidArgsFunction: stopBashComplete,\n\t\tGroupID: basicCommand,\n\t}\n\n\tstopCmd.Flags().BoolP(\"force\", \"f\", false, \"Force stop the instance\")\n\treturn stopCmd\n}\n\nfunc stopAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tinstName := DefaultInstanceName\n\tif len(args) > 0 {\n\t\tinstName = args[0]\n\t}\n\n\tinst, err := store.Inspect(ctx, instName)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tforce, err := cmd.Flags().GetBool(\"force\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif force {\n\t\tinstance.StopForcibly(inst)\n\t} else {\n\t\terr = instance.StopGracefully(ctx, inst, false)\n\t}\n\t// TODO: should we also reconcile networks if graceful stop returned an error?\n\tif err == nil {\n\t\terr = reconcile.Reconcile(ctx, \"\")\n\t}\n\treturn err\n}\n\nfunc stopBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n" }, { "path": "cmd/limactl/sudoers.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/networks\"\n)\n\nconst socketVMNetURL = \"https://lima-vm.io/docs/config/network/vmnet/#socket_vmnet\"\n\n// newSudoersCommand is specific to macOS, but the help message is\n// compiled on Linux too, as depended by `make docsy`.\n// https://github.com/lima-vm/lima/issues/3436\nfunc newSudoersCommand() *cobra.Command {\n\tsudoersCommand := &cobra.Command{\n\t\tUse: \"sudoers [--check [SUDOERSFILE-TO-CHECK]]\",\n\t\tExample: `\nTo generate the /etc/sudoers.d/lima file:\n$ limactl sudoers | sudo tee /etc/sudoers.d/lima\n\nTo validate the existing /etc/sudoers.d/lima file:\n$ limactl sudoers --check /etc/sudoers.d/lima\n`,\n\t\tShort: \"Generate the content of the /etc/sudoers.d/lima file\",\n\t\tLong: fmt.Sprintf(`Generate the content of the /etc/sudoers.d/lima file for enabling vmnet.framework support (socket_vmnet) on macOS.\nThe content is written to stdout, NOT to the file.\nThis command must not run as the root user.\nSee %s for the usage.`, socketVMNetURL),\n\t\tArgs: WrapArgsError(cobra.MaximumNArgs(1)),\n\t\tRunE: sudoersAction,\n\t\tGroupID: advancedCommand,\n\t}\n\tcfgFile, _ := networks.ConfigFile()\n\tsudoersCommand.Flags().Bool(\"check\", false,\n\t\tfmt.Sprintf(\"check that the sudoers file is up-to-date with %q\", cfgFile))\n\treturn sudoersCommand\n}\n" }, { "path": "cmd/limactl/sudoers_darwin.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/networks\"\n)\n\nfunc sudoersAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tnwCfg, err := networks.LoadConfig()\n\tif err != nil {\n\t\treturn err\n\t}\n\t// Make sure the current network configuration is secure\n\tif err := nwCfg.Validate(); err != nil {\n\t\tlogrus.Infof(\"Please check %s for more information.\", socketVMNetURL)\n\t\treturn err\n\t}\n\tcheck, err := cmd.Flags().GetBool(\"check\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif check {\n\t\treturn verifySudoAccess(ctx, nwCfg, args, cmd.OutOrStdout())\n\t}\n\tswitch len(args) {\n\tcase 0:\n\t\t// NOP\n\tcase 1:\n\t\treturn errors.New(\"the file argument can be specified only for --check mode\")\n\tdefault:\n\t\treturn fmt.Errorf(\"unexpected arguments %v\", args)\n\t}\n\tsudoers, err := networks.Sudoers()\n\tif err != nil {\n\t\treturn err\n\t}\n\tfmt.Fprint(cmd.OutOrStdout(), sudoers)\n\treturn nil\n}\n\nfunc verifySudoAccess(ctx context.Context, nwCfg networks.Config, args []string, stdout io.Writer) error {\n\tvar file string\n\tswitch len(args) {\n\tcase 0:\n\t\tfile = nwCfg.Paths.Sudoers\n\t\tif file == \"\" {\n\t\t\tcfgFile, _ := networks.ConfigFile()\n\t\t\treturn fmt.Errorf(\"no sudoers file defined in %q\", cfgFile)\n\t\t}\n\tcase 1:\n\t\tfile = args[0]\n\tdefault:\n\t\treturn errors.New(\"can check only a single sudoers file\")\n\t}\n\tif err := nwCfg.VerifySudoAccess(ctx, file); err != nil {\n\t\treturn err\n\t}\n\tfmt.Fprintf(stdout, \"%q is up-to-date (or sudo doesn't require a password)\\n\", file)\n\treturn nil\n}\n" }, { "path": "cmd/limactl/sudoers_nodarwin.go", "content": "//go:build !darwin\n\n// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\n\t\"github.com/spf13/cobra\"\n)\n\nfunc sudoersAction(_ *cobra.Command, _ []string) error {\n\treturn errors.New(\"sudoers command is only supported on macOS right now\")\n}\n" }, { "path": "cmd/limactl/template.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/driverutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatmpl\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/dirnames\"\n\t\"github.com/lima-vm/lima/v2/pkg/limayaml\"\n\t\"github.com/lima-vm/lima/v2/pkg/uiutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/yqutil\"\n)\n\nfunc newTemplateCommand() *cobra.Command {\n\ttemplateCommand := &cobra.Command{\n\t\tUse: \"template\",\n\t\tAliases: []string{\"tmpl\"},\n\t\tShort: \"Lima template management (EXPERIMENTAL)\",\n\t\tSilenceUsage: true,\n\t\tSilenceErrors: true,\n\t\tGroupID: advancedCommand,\n\t\tPreRun: func(*cobra.Command, []string) {\n\t\t\tlogrus.Warn(\"`limactl template` is experimental\")\n\t\t},\n\t}\n\ttemplateCommand.AddCommand(\n\t\tnewTemplateCopyCommand(),\n\t\tnewTemplateValidateCommand(),\n\t\tnewTemplateYQCommand(),\n\t\tnewTemplateURLCommand(),\n\t)\n\treturn templateCommand\n}\n\n// The validate command exists for backwards compatibility, and because the template command is still hidden.\nfunc newValidateCommand() *cobra.Command {\n\tvalidateCommand := newTemplateValidateCommand()\n\tvalidateCommand.GroupID = advancedCommand\n\treturn validateCommand\n}\n\nvar templateCopyExample = ` Template locators are local files, file://, https://, or template: URLs\n\n # Copy default template to STDOUT\n limactl template copy template:default -\n\n # Copy template from web location to local file and embed all external references\n # (this does not embed template: references)\n limactl template copy --embed https://example.com/lima.yaml mighty-machine.yaml\n`\n\nfunc newTemplateCopyCommand() *cobra.Command {\n\ttemplateCopyCommand := &cobra.Command{\n\t\tUse: \"copy [OPTIONS] TEMPLATE [DEST]\",\n\t\tShort: \"Copy template\",\n\t\tLong: \"Copy a template via locator to a local file or stdout (default)\",\n\t\tExample: templateCopyExample,\n\t\tArgs: WrapArgsError(cobra.RangeArgs(1, 2)),\n\t\tRunE: templateCopyAction,\n\t}\n\ttemplateCopyCommand.Flags().Bool(\"embed\", false, \"Embed external dependencies into template\")\n\ttemplateCopyCommand.Flags().Bool(\"embed-all\", false, \"Embed all dependencies into template\")\n\ttemplateCopyCommand.Flags().Bool(\"fill\", false, \"Fill defaults\")\n\ttemplateCopyCommand.Flags().Bool(\"verbatim\", false, \"Don't make locators absolute\")\n\treturn templateCopyCommand\n}\n\nfunc fillDefaults(ctx context.Context, tmpl *limatmpl.Template) error {\n\tlimaDir, err := dirnames.LimaDir()\n\tif err != nil {\n\t\treturn err\n\t}\n\t// Load() will merge the template with override.yaml and default.yaml via FillDefaults().\n\t// FillDefaults() needs the potential instance directory to validate host templates using {{.Dir}}.\n\tfilePath := filepath.Join(limaDir, tmpl.Name+\".yaml\")\n\ttmpl.Config, err = limayaml.Load(ctx, tmpl.Bytes, filePath)\n\tif err == nil {\n\t\ttmpl.Bytes, err = limayaml.Marshal(tmpl.Config, false)\n\t}\n\tif err := driverutil.ResolveVMType(ctx, tmpl.Config, filePath); err != nil {\n\t\tlogrus.Warnf(\"failed to resolve VM type for %q: %v\", filePath, err)\n\t\treturn nil\n\t}\n\treturn err\n}\n\nfunc templateCopyAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tsource := args[0]\n\ttarget := \"-\"\n\tif len(args) > 1 {\n\t\ttarget = args[1]\n\t}\n\tembed, err := cmd.Flags().GetBool(\"embed\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tembedAll, err := cmd.Flags().GetBool(\"embed-all\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tfill, err := cmd.Flags().GetBool(\"fill\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tverbatim, err := cmd.Flags().GetBool(\"verbatim\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif fill {\n\t\tembedAll = true\n\t}\n\tif embedAll {\n\t\tembed = true\n\t}\n\tif embed && verbatim {\n\t\treturn errors.New(\"--verbatim cannot be used with any of --embed, --embed-all, or --fill\")\n\t}\n\ttmpl, err := limatmpl.Read(cmd.Context(), \"\", source)\n\tif err != nil {\n\t\treturn err\n\t}\n\tif len(tmpl.Bytes) == 0 {\n\t\treturn fmt.Errorf(\"don't know how to interpret %q as a template locator\", source)\n\t}\n\tif !verbatim {\n\t\tif embed {\n\t\t\t// Embed default base.yaml only when fill is true.\n\t\t\tif err := tmpl.Embed(cmd.Context(), embedAll, fill); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t} else {\n\t\t\tif err := tmpl.UseAbsLocators(); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\t}\n\tif fill {\n\t\tif err := fillDefaults(ctx, tmpl); err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\tif target == \"-\" && uiutil.OutputIsTTY(cmd.OutOrStdout()) {\n\t\t// run the output through YQ to colorize it\n\t\tout, err := yqutil.EvaluateExpressionPlain(\".\", string(tmpl.Bytes), true)\n\t\tif err == nil {\n\t\t\t_, err = fmt.Fprint(cmd.OutOrStdout(), out)\n\t\t}\n\t\treturn err\n\t}\n\n\twriter := cmd.OutOrStdout()\n\tif target != \"-\" {\n\t\tfile, err := os.OpenFile(target, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o644)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefer file.Close()\n\t\twriter = file\n\t}\n\t_, err = fmt.Fprint(writer, string(tmpl.Bytes))\n\treturn err\n}\n\nconst templateYQHelp = `Use the builtin YQ evaluator to extract information from a template.\nExternal references are embedded and default values are filled in\nbefore the YQ expression is evaluated.\n\nExample:\n limactl template yq template:default '.images[].location'\n\nThe example command is equivalent to using an external yq command like this:\n limactl template copy --fill template:default - | yq '.images[].location'\n`\n\nfunc newTemplateYQCommand() *cobra.Command {\n\ttemplateYQCommand := &cobra.Command{\n\t\tUse: \"yq TEMPLATE EXPR\",\n\t\tShort: \"Query template expressions\",\n\t\tLong: templateYQHelp,\n\t\tArgs: WrapArgsError(cobra.ExactArgs(2)),\n\t\tRunE: templateYQAction,\n\t}\n\treturn templateYQCommand\n}\n\nfunc templateYQAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tlocator := args[0]\n\texpr := args[1]\n\ttmpl, err := limatmpl.Read(cmd.Context(), \"\", locator)\n\tif err != nil {\n\t\treturn err\n\t}\n\tif len(tmpl.Bytes) == 0 {\n\t\treturn fmt.Errorf(\"don't know how to interpret %q as a template locator\", locator)\n\t}\n\tif err := tmpl.Embed(cmd.Context(), true, true); err != nil {\n\t\treturn err\n\t}\n\tif err := fillDefaults(ctx, tmpl); err != nil {\n\t\treturn err\n\t}\n\tcolorsEnabled := uiutil.OutputIsTTY(cmd.OutOrStdout())\n\tout, err := yqutil.EvaluateExpressionPlain(expr, string(tmpl.Bytes), colorsEnabled)\n\tif err == nil {\n\t\t_, err = fmt.Fprint(cmd.OutOrStdout(), out)\n\t}\n\treturn err\n}\n\nfunc newTemplateValidateCommand() *cobra.Command {\n\ttemplateValidateCommand := &cobra.Command{\n\t\tUse: \"validate TEMPLATE [TEMPLATE, ...]\",\n\t\tShort: \"Validate YAML templates\",\n\t\tArgs: WrapArgsError(cobra.MinimumNArgs(1)),\n\t\tRunE: templateValidateAction,\n\t}\n\ttemplateValidateCommand.Flags().Bool(\"fill\", false, \"Fill defaults\")\n\treturn templateValidateCommand\n}\n\nfunc templateValidateAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tfill, err := cmd.Flags().GetBool(\"fill\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tlimaDir, err := dirnames.LimaDir()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tfor _, arg := range args {\n\t\ttmpl, err := limatmpl.Read(cmd.Context(), \"\", arg)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tif len(tmpl.Bytes) == 0 {\n\t\t\treturn fmt.Errorf(\"don't know how to interpret %q as a template locator\", arg)\n\t\t}\n\t\tif tmpl.Name == \"\" {\n\t\t\treturn fmt.Errorf(\"can't determine instance name from template locator %q\", arg)\n\t\t}\n\t\t// Embed default base.yaml only when fill is true.\n\t\tif err := tmpl.Embed(cmd.Context(), true, fill); err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Load() will merge the template with override.yaml and default.yaml via FillDefaults().\n\t\t// FillDefaults() needs the potential instance directory to validate host templates using {{.Dir}}.\n\t\tfilePath := filepath.Join(limaDir, tmpl.Name+\".yaml\")\n\t\ty, err := limayaml.Load(ctx, tmpl.Bytes, filePath)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tif err := driverutil.ResolveVMType(ctx, y, filePath); err != nil {\n\t\t\tlogrus.Warnf(\"failed to resolve VM type for %q: %v\", filePath, err)\n\t\t}\n\t\tif err := limayaml.Validate(y, false); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to validate YAML file %q: %w\", arg, err)\n\t\t}\n\t\tlogrus.Infof(\"%q: OK\", arg)\n\t\tif fill {\n\t\t\tb, err := limayaml.Marshal(y, len(args) > 1)\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to marshal template %q again after filling defaults: %w\", arg, err)\n\t\t\t}\n\t\t\tfmt.Fprint(cmd.OutOrStdout(), string(b))\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc newTemplateURLCommand() *cobra.Command {\n\ttemplateURLCommand := &cobra.Command{\n\t\tUse: \"url CUSTOM_URL\",\n\t\tShort: \"Transform custom template URLs to regular file or https URLs\",\n\t\tArgs: WrapArgsError(cobra.ExactArgs(1)),\n\t\tRunE: templateURLAction,\n\t}\n\treturn templateURLCommand\n}\n\nfunc templateURLAction(cmd *cobra.Command, args []string) error {\n\turl, err := limatmpl.TransformCustomURL(cmd.Context(), args[0])\n\tif err != nil {\n\t\treturn err\n\t}\n\t_, err = fmt.Fprintln(cmd.OutOrStdout(), url)\n\treturn err\n}\n" }, { "path": "cmd/limactl/tunnel.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/exec\"\n\t\"runtime\"\n\t\"strconv\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/freeport\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n\t\"github.com/lima-vm/lima/v2/pkg/sshutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n)\n\nconst tunnelHelp = `Create a tunnel for Lima\n\nCreate a SOCKS tunnel so that the host can join the guest network.\n`\n\nfunc newTunnelCommand() *cobra.Command {\n\ttunnelCmd := &cobra.Command{\n\t\tUse: \"tunnel [flags] INSTANCE\",\n\t\tShort: \"Create a tunnel for Lima\",\n\t\tPersistentPreRun: func(*cobra.Command, []string) {\n\t\t\tlogrus.Warn(\"`limactl tunnel` is experimental\")\n\t\t},\n\t\tLong: tunnelHelp,\n\t\tArgs: WrapArgsError(cobra.ExactArgs(1)),\n\t\tRunE: tunnelAction,\n\t\tValidArgsFunction: tunnelBashComplete,\n\t\tSilenceErrors: true,\n\t\tGroupID: advancedCommand,\n\t}\n\n\ttunnelCmd.Flags().SetInterspersed(false)\n\t// TODO: implement l2tp, ikev2, masque, ...\n\ttunnelCmd.Flags().String(\"type\", \"socks\", \"Tunnel type, currently only \\\"socks\\\" is implemented\")\n\ttunnelCmd.Flags().Int(\"socks-port\", 0, \"SOCKS port, defaults to a random port\")\n\treturn tunnelCmd\n}\n\nfunc tunnelAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tflags := cmd.Flags()\n\ttunnelType, err := flags.GetString(\"type\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif tunnelType != \"socks\" {\n\t\treturn fmt.Errorf(\"unknown tunnel type: %q\", tunnelType)\n\t}\n\tport, err := flags.GetInt(\"socks-port\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif port != 0 && (port < 1024 || port > 65535) {\n\t\treturn fmt.Errorf(\"invalid socks port %d\", port)\n\t}\n\tstdout, stderr := cmd.OutOrStdout(), cmd.ErrOrStderr()\n\tinstName := args[0]\n\tinst, err := store.Inspect(ctx, instName)\n\tif err != nil {\n\t\tif errors.Is(err, os.ErrNotExist) {\n\t\t\treturn fmt.Errorf(\"instance %q does not exist, run `limactl create %s` to create a new instance\", instName, instName)\n\t\t}\n\t\treturn err\n\t}\n\tif inst.Status == limatype.StatusStopped {\n\t\treturn fmt.Errorf(\"instance %q is stopped, run `limactl start %s` to start the instance\", instName, instName)\n\t}\n\n\tif port == 0 {\n\t\tport, err = freeport.TCP()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tsshExe, err := sshutil.NewSSHExe()\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tsshOpts, err := sshutil.SSHOpts(\n\t\tctx,\n\t\tsshExe,\n\t\tinst.Dir,\n\t\t*inst.Config.User.Name,\n\t\t*inst.Config.SSH.LoadDotSSHPubKeys,\n\t\t*inst.Config.SSH.ForwardAgent,\n\t\t*inst.Config.SSH.ForwardX11,\n\t\t*inst.Config.SSH.ForwardX11Trusted)\n\tif err != nil {\n\t\treturn err\n\t}\n\tsshArgs := append([]string{}, sshExe.Args...)\n\tsshArgs = append(sshArgs, sshutil.SSHArgsFromOpts(sshOpts)...)\n\tsshArgs = append(sshArgs, []string{\n\t\t\"-q\", // quiet\n\t\t\"-f\", // background\n\t\t\"-N\", // no command\n\t\t\"-D\", fmt.Sprintf(\"127.0.0.1:%d\", port),\n\t\t\"-p\", strconv.Itoa(inst.SSHLocalPort),\n\t\tinst.SSHAddress,\n\t}...)\n\tsshCmd := exec.CommandContext(ctx, sshExe.Exe, sshArgs...)\n\tsshCmd.Stdout = stderr\n\tsshCmd.Stderr = stderr\n\tlogrus.Debugf(\"executing ssh (may take a long)): %+v\", sshCmd.Args)\n\n\tif err := sshCmd.Run(); err != nil {\n\t\treturn err\n\t}\n\n\tswitch runtime.GOOS {\n\tcase \"darwin\":\n\t\tfmt.Fprint(stdout, \"Open (or whatever) →
,\\n\")\n\t\tfmt.Fprint(stdout, \"and specify the following configuration:\\n\")\n\t\tfmt.Fprint(stdout, \"- Server: 127.0.0.1\\n\")\n\t\tfmt.Fprintf(stdout, \"- Port: %d\\n\", port)\n\tcase \"windows\":\n\t\tfmt.Fprint(stdout, \"Open ,\\n\")\n\t\tfmt.Fprint(stdout, \"and specify the following configuration:\\n\")\n\t\tfmt.Fprint(stdout, \"- Address: socks=127.0.0.1\\n\")\n\t\tfmt.Fprintf(stdout, \"- Port: %d\\n\", port)\n\tdefault:\n\t\tfmt.Fprintf(stdout, \"Set `ALL_PROXY=socks5h://127.0.0.1:%d`, etc.\\n\", port)\n\t}\n\tfmt.Fprintf(stdout, \"The instance can be connected from the host as via a web browser.\\n\", inst.Hostname)\n\n\t// TODO: show the port in `limactl list --json` ?\n\t// TODO: add `--stop` flag to shut down the tunnel\n\treturn nil\n}\n\nfunc tunnelBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n" }, { "path": "cmd/limactl/unprotect.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n)\n\nfunc newUnprotectCommand() *cobra.Command {\n\tunprotectCommand := &cobra.Command{\n\t\tUse: \"unprotect INSTANCE [INSTANCE, ...]\",\n\t\tShort: \"Unprotect an instance\",\n\t\tArgs: WrapArgsError(cobra.MinimumNArgs(1)),\n\t\tRunE: unprotectAction,\n\t\tValidArgsFunction: unprotectBashComplete,\n\t\tGroupID: advancedCommand,\n\t}\n\treturn unprotectCommand\n}\n\nfunc unprotectAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tvar errs []error\n\tfor _, instName := range args {\n\t\tinst, err := store.Inspect(ctx, instName)\n\t\tif err != nil {\n\t\t\terrs = append(errs, fmt.Errorf(\"failed to inspect instance %q: %w\", instName, err))\n\t\t\tcontinue\n\t\t}\n\t\tif !inst.Protected {\n\t\t\tlogrus.Warnf(\"Instance %q isn't protected. Skipping.\", instName)\n\t\t\tcontinue\n\t\t}\n\t\tif err := inst.Unprotect(); err != nil {\n\t\t\terrs = append(errs, fmt.Errorf(\"failed to unprotect instance %q: %w\", instName, err))\n\t\t\tcontinue\n\t\t}\n\t\tlogrus.Infof(\"Unprotected %q\", instName)\n\t}\n\treturn errors.Join(errs...)\n}\n\nfunc unprotectBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n" }, { "path": "cmd/limactl/usernet.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/signal\"\n\t\"strconv\"\n\t\"syscall\"\n\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/networks/usernet\"\n)\n\nfunc newUsernetCommand() *cobra.Command {\n\thostagentCommand := &cobra.Command{\n\t\tUse: \"usernet\",\n\t\tShort: \"Run usernet\",\n\t\tArgs: cobra.ExactArgs(0),\n\t\tRunE: usernetAction,\n\t\tHidden: true,\n\t}\n\thostagentCommand.Flags().StringP(\"pidfile\", \"p\", \"\", \"Write PID to file\")\n\thostagentCommand.Flags().StringP(\"endpoint\", \"e\", \"\", \"Exposes usernet API(s) on this endpoint\")\n\thostagentCommand.Flags().String(\"listen-qemu\", \"\", \"Listen for QMEU connections\")\n\thostagentCommand.Flags().String(\"listen\", \"\", \"Listen on a Unix socket and receive Bess-compatible FDs as SCM_RIGHTS messages\")\n\thostagentCommand.Flags().String(\"subnet\", \"192.168.5.0/24\", \"Sets subnet value for the usernet network\")\n\thostagentCommand.Flags().Int(\"mtu\", 1500, \"mtu\")\n\thostagentCommand.Flags().StringToString(\"leases\", nil, \"Pass default static leases for startup. Eg: '192.168.104.1=52:55:55:b3:bc:d9,192.168.104.2=5a:94:ef:e4:0c:df' \")\n\treturn hostagentCommand\n}\n\nfunc usernetAction(cmd *cobra.Command, _ []string) error {\n\tpidfile, err := cmd.Flags().GetString(\"pidfile\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tif pidfile != \"\" {\n\t\tif _, err := os.Stat(pidfile); !errors.Is(err, os.ErrNotExist) {\n\t\t\treturn fmt.Errorf(\"pidfile %q already exists\", pidfile)\n\t\t}\n\t\tif err := os.WriteFile(pidfile, []byte(strconv.Itoa(os.Getpid())+\"\\n\"), 0o644); err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefer os.RemoveAll(pidfile)\n\t}\n\tendpoint, err := cmd.Flags().GetString(\"endpoint\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tqemuSocket, err := cmd.Flags().GetString(\"listen-qemu\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tfdSocket, err := cmd.Flags().GetString(\"listen\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tsubnet, err := cmd.Flags().GetString(\"subnet\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tleases, err := cmd.Flags().GetStringToString(\"leases\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tmtu, err := cmd.Flags().GetInt(\"mtu\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tos.RemoveAll(endpoint)\n\tos.RemoveAll(qemuSocket)\n\tos.RemoveAll(fdSocket)\n\n\tctx, cancel := signal.NotifyContext(cmd.Context(), os.Interrupt, syscall.SIGTERM)\n\tdefer cancel()\n\n\t// Environment Variables\n\t// LIMA_USERNET_RESOLVE_IP_ADDRESS_TIMEOUT: Specifies the timeout duration for resolving IP addresses in minutes. Default is 2 minutes.\n\n\treturn usernet.StartGVisorNetstack(ctx, &usernet.GVisorNetstackOpts{\n\t\tMTU: mtu,\n\t\tEndpoint: endpoint,\n\t\tQemuSocket: qemuSocket,\n\t\tFdSocket: fdSocket,\n\t\tSubnet: subnet,\n\t\tDefaultLeases: leases,\n\t})\n}\n" }, { "path": "cmd/limactl/watch.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/rjeczalik/notify\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/hostagent/events\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/filenames\"\n\t\"github.com/lima-vm/lima/v2/pkg/store\"\n)\n\nfunc newWatchCommand() *cobra.Command {\n\twatchCommand := &cobra.Command{\n\t\tUse: \"watch [INSTANCE]...\",\n\t\tShort: \"Watch events from instances\",\n\t\tLong: `Watch events from Lima instances.\n\nEvents include status changes (starting, running, stopping), port forwarding\nevents, and other instance lifecycle events.\n\nIf no instance is specified, events from all instances are watched,\nincluding newly created instances.\n\nThe command will continue watching until interrupted (Ctrl+C).`,\n\t\tExample: ` # Watch events from all instances:\n $ limactl watch\n\n # Watch events from a specific instance:\n $ limactl watch default\n\n # Include historical events:\n $ limactl watch --history default\n\n # Show verbose output (host agent logs, etc.):\n $ limactl watch --verbose\n\n # Watch events in JSON format (for scripting):\n $ limactl watch --json default`,\n\t\tArgs: WrapArgsError(cobra.ArbitraryArgs),\n\t\tRunE: watchAction,\n\t\tValidArgsFunction: watchBashComplete,\n\t\tGroupID: advancedCommand,\n\t}\n\twatchCommand.Flags().Bool(\"json\", false, \"Output events as newline-delimited JSON\")\n\twatchCommand.Flags().Bool(\"history\", false, \"Include historical events from before watch started\")\n\twatchCommand.Flags().Bool(\"verbose\", false, \"Show verbose output\")\n\treturn watchCommand\n}\n\ntype watchEvent struct {\n\tInstance string `json:\"instance\"`\n\tEvent events.Event `json:\"event\"`\n}\n\ntype eventWatcher struct {\n\tctx context.Context\n\tbegin time.Time\n\tpropagateStderr bool\n\teventCh chan watchEvent\n\twatching sync.Map\n}\n\nfunc (w *eventWatcher) startInstance(instName string) {\n\tif _, loaded := w.watching.LoadOrStore(instName, true); loaded {\n\t\treturn\n\t}\n\n\tinst, err := store.Inspect(w.ctx, instName)\n\tif err != nil {\n\t\tlogrus.WithError(err).Warnf(\"Failed to inspect instance %q\", instName)\n\t\tw.watching.Delete(instName)\n\t\treturn\n\t}\n\n\thaStdoutPath := filepath.Join(inst.Dir, filenames.HostAgentStdoutLog)\n\thaStderrPath := filepath.Join(inst.Dir, filenames.HostAgentStderrLog)\n\n\tgo w.watchInstance(instName, haStdoutPath, haStderrPath)\n}\n\nfunc (w *eventWatcher) watchInstance(instName, haStdoutPath, haStderrPath string) {\n\terr := events.Watch(w.ctx, haStdoutPath, haStderrPath, w.begin, w.propagateStderr, func(ev events.Event) bool {\n\t\tselect {\n\t\tcase w.eventCh <- watchEvent{Instance: instName, Event: ev}:\n\t\tcase <-w.ctx.Done():\n\t\t\treturn true\n\t\t}\n\t\treturn false\n\t})\n\tif err != nil && w.ctx.Err() == nil {\n\t\tlogrus.WithError(err).Warnf(\"Watcher for instance %q stopped\", instName)\n\t}\n}\n\nfunc watchAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\n\tjsonFormat, err := cmd.Flags().GetBool(\"json\")\n\tif err != nil {\n\t\treturn err\n\t}\n\thistory, err := cmd.Flags().GetBool(\"history\")\n\tif err != nil {\n\t\treturn err\n\t}\n\tverbose, err := cmd.Flags().GetBool(\"verbose\")\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tif !verbose {\n\t\tlogrus.SetLevel(logrus.WarnLevel)\n\t}\n\n\tvar begin time.Time\n\tif !history {\n\t\tbegin = time.Now()\n\t}\n\n\tstdout := cmd.OutOrStdout()\n\tstderr := cmd.ErrOrStderr()\n\twatchAll := len(args) == 0\n\n\tvar instNames []string\n\tif watchAll {\n\t\tinstNames, err = store.Instances()\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tif len(instNames) == 0 {\n\t\t\tprintStatus(stderr, \"No instances found\")\n\t\t}\n\t} else {\n\t\tinstNames = args\n\t}\n\n\tnewInstanceCh := make(chan string, 16)\n\tw := &eventWatcher{\n\t\tctx: ctx,\n\t\tbegin: begin,\n\t\tpropagateStderr: verbose,\n\t\teventCh: make(chan watchEvent, 64),\n\t}\n\n\tfor _, instName := range instNames {\n\t\tw.startInstance(instName)\n\t}\n\n\tif watchAll {\n\t\tgo watchLimaDir(ctx, newInstanceCh)\n\t}\n\n\tprintStatus(stderr, \"Watching for events...\")\n\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil\n\t\tcase instName := <-newInstanceCh:\n\t\t\tprintStatus(stderr, \"New instance detected: \"+instName)\n\t\t\tw.startInstance(instName)\n\t\tcase ev := <-w.eventCh:\n\t\t\tif jsonFormat {\n\t\t\t\tj, err := json.Marshal(ev)\n\t\t\t\tif err != nil {\n\t\t\t\t\tfmt.Fprintf(stderr, \"error marshaling event: %v\\n\", err)\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t\tfmt.Fprintln(stdout, string(j))\n\t\t\t} else {\n\t\t\t\tprintHumanReadableEvent(stdout, ev.Instance, ev.Event)\n\t\t\t}\n\t\t}\n\t}\n}\n\nfunc watchLimaDir(ctx context.Context, newInstanceCh chan<- string) {\n\tlimaDir := store.Directory()\n\tif limaDir == \"\" {\n\t\tlogrus.Warn(\"Could not determine lima directory\")\n\t\treturn\n\t}\n\n\tfsEvents := make(chan notify.EventInfo, 128)\n\tif err := notify.Watch(limaDir, fsEvents, notify.Create); err != nil {\n\t\tlogrus.WithError(err).Warn(\"Failed to watch lima directory for new instances\")\n\t\treturn\n\t}\n\tdefer notify.Stop(fsEvents)\n\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn\n\t\tcase ev := <-fsEvents:\n\t\t\tname := filepath.Base(ev.Path())\n\t\t\tif !isValidInstanceName(name) {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif !isInstanceDir(ev.Path()) {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tselect {\n\t\t\tcase newInstanceCh <- name:\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn\n\t\t\t}\n\t\t}\n\t}\n}\n\nfunc isValidInstanceName(name string) bool {\n\treturn !strings.HasPrefix(name, \".\") && !strings.HasPrefix(name, \"_\")\n}\n\nfunc isInstanceDir(path string) bool {\n\tinfo, err := os.Stat(path)\n\tif err != nil || !info.IsDir() {\n\t\treturn false\n\t}\n\tyamlPath := filepath.Join(path, filenames.LimaYAML)\n\t_, err = os.Stat(yamlPath)\n\treturn err == nil\n}\n\nfunc printStatus(out io.Writer, msg string) {\n\tfmt.Fprintf(out, \"%s %s\\n\", time.Now().Format(\"2006-01-02 15:04:05\"), msg)\n}\n\nfunc printHumanReadableEvent(out io.Writer, instName string, ev events.Event) {\n\ttimestamp := ev.Time.Format(\"2006-01-02 15:04:05\")\n\n\tprintEvent := func(msg string) {\n\t\tfmt.Fprintf(out, \"%s %s | %s\\n\", timestamp, instName, msg)\n\t}\n\n\tif ev.Status.Running {\n\t\tif ev.Status.Degraded {\n\t\t\tprintEvent(\"running (degraded)\")\n\t\t} else {\n\t\t\tprintEvent(\"running\")\n\t\t}\n\t}\n\tif ev.Status.Exiting {\n\t\tprintEvent(\"exiting\")\n\t}\n\tif ev.Status.SSHLocalPort != 0 {\n\t\tprintEvent(fmt.Sprintf(\"ssh available on port %d\", ev.Status.SSHLocalPort))\n\t}\n\tfor _, e := range ev.Status.Errors {\n\t\tprintEvent(fmt.Sprintf(\"error: %s\", e))\n\t}\n\tif ev.Status.CloudInitProgress != nil {\n\t\tif ev.Status.CloudInitProgress.Completed {\n\t\t\tprintEvent(\"cloud-init completed\")\n\t\t} else if ev.Status.CloudInitProgress.LogLine != \"\" {\n\t\t\tprintEvent(fmt.Sprintf(\"cloud-init: %s\", ev.Status.CloudInitProgress.LogLine))\n\t\t}\n\t}\n\tif ev.Status.PortForward != nil {\n\t\tpf := ev.Status.PortForward\n\t\tswitch pf.Type {\n\t\tcase events.PortForwardEventForwarding:\n\t\t\tprintEvent(fmt.Sprintf(\"forwarding %s %s to %s\", pf.Protocol, pf.GuestAddr, pf.HostAddr))\n\t\tcase events.PortForwardEventNotForwarding:\n\t\t\tprintEvent(fmt.Sprintf(\"not forwarding %s %s\", pf.Protocol, pf.GuestAddr))\n\t\tcase events.PortForwardEventStopping:\n\t\t\tprintEvent(fmt.Sprintf(\"stopping forwarding %s %s\", pf.Protocol, pf.GuestAddr))\n\t\tcase events.PortForwardEventFailed:\n\t\t\tprintEvent(fmt.Sprintf(\"failed to forward %s %s: %s\", pf.Protocol, pf.GuestAddr, pf.Error))\n\t\t}\n\t}\n\tif ev.Status.Vsock != nil {\n\t\tvs := ev.Status.Vsock\n\t\tswitch vs.Type {\n\t\tcase events.VsockEventStarted:\n\t\t\tprintEvent(fmt.Sprintf(\"started vsock forwarder: %s -> vsock:%d\", vs.HostAddr, vs.VsockPort))\n\t\tcase events.VsockEventSkipped:\n\t\t\tprintEvent(fmt.Sprintf(\"skipped vsock forwarder: %s\", vs.Reason))\n\t\tcase events.VsockEventFailed:\n\t\t\tprintEvent(fmt.Sprintf(\"failed to start vsock forwarder: %s\", vs.Reason))\n\t\t}\n\t}\n}\n\nfunc watchBashComplete(cmd *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {\n\treturn bashCompleteInstanceNames(cmd)\n}\n" }, { "path": "cmd/limactl-mcp/main.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage main\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"runtime\"\n\t\"strings\"\n\n\t\"github.com/modelcontextprotocol/go-sdk/mcp\"\n\t\"github.com/sirupsen/logrus\"\n\t\"github.com/spf13/cobra\"\n\t\"golang.org/x/text/cases\"\n\t\"golang.org/x/text/language\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/limactlutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/mcp/toolset\"\n\t\"github.com/lima-vm/lima/v2/pkg/version\"\n)\n\nfunc main() {\n\tif err := newApp().Execute(); err != nil {\n\t\tlogrus.Fatal(err)\n\t}\n}\n\nfunc newApp() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"limactl-mcp\",\n\t\tShort: \"Model Context Protocol plugin for Lima (EXPERIMENTAL)\",\n\t\tVersion: strings.TrimPrefix(version.Version, \"v\"),\n\t\tSilenceUsage: true,\n\t\tSilenceErrors: true,\n\t}\n\tcmd.AddCommand(\n\t\tnewMcpInfoCommand(),\n\t\tnewMcpServeCommand(),\n\t\tnewMcpGenDocCommand(),\n\t\t// TODO: `limactl-mcp configure gemini` ?\n\t)\n\treturn cmd\n}\n\nfunc newServer() *mcp.Server {\n\timpl := &mcp.Implementation{\n\t\tName: \"lima\",\n\t\tTitle: \"Lima VM, for sandboxing local command executions and file I/O operations\",\n\t\tVersion: version.Version,\n\t}\n\tserverOpts := &mcp.ServerOptions{\n\t\tInstructions: `This MCP server provides tools for sandboxing local command executions and file I/O operations,\nby wrapping them in Lima VM (https://lima-vm.io).\n\nUse these tools to avoid accidentally executing malicious codes directly on the host.\n`,\n\t}\n\tif runtime.GOOS != \"linux\" {\n\t\tserverOpts.Instructions += fmt.Sprintf(`\n\nNOTE: the guest OS of the VM is Linux, while the host OS is %s.\n`, cases.Title(language.English).String(runtime.GOOS))\n\t}\n\treturn mcp.NewServer(impl, serverOpts)\n}\n\nfunc newMcpInfoCommand() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"info\",\n\t\tShort: \"Show information about the MCP server\",\n\t\tArgs: cobra.NoArgs,\n\t\tRunE: mcpInfoAction,\n\t}\n\treturn cmd\n}\n\nfunc mcpInfoAction(cmd *cobra.Command, _ []string) error {\n\tctx := cmd.Context()\n\tinfo, err := inspectInfo(ctx)\n\tif err != nil {\n\t\treturn err\n\t}\n\tj, err := json.MarshalIndent(info, \"\", \" \")\n\tif err != nil {\n\t\treturn err\n\t}\n\t_, err = fmt.Fprint(cmd.OutOrStdout(), string(j))\n\treturn err\n}\n\nfunc inspectInfo(ctx context.Context) (*Info, error) {\n\tts, err := toolset.New(\"\")\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tserver := newServer()\n\tif err = ts.RegisterServer(server); err != nil {\n\t\treturn nil, err\n\t}\n\tserverTransport, clientTransport := mcp.NewInMemoryTransports()\n\tserverSession, err := server.Connect(ctx, serverTransport, nil)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tclient := mcp.NewClient(&mcp.Implementation{Name: \"client\"}, nil)\n\tclientSession, err := client.Connect(ctx, clientTransport, nil)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\ttoolsResult, err := clientSession.ListTools(ctx, &mcp.ListToolsParams{})\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tif err = clientSession.Close(); err != nil {\n\t\treturn nil, err\n\t}\n\tif err = serverSession.Wait(); err != nil {\n\t\treturn nil, err\n\t}\n\tinfo := &Info{\n\t\tTools: toolsResult.Tools,\n\t}\n\treturn info, nil\n}\n\ntype Info struct {\n\tTools []*mcp.Tool `json:\"tools\"`\n}\n\nfunc newMcpServeCommand() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"serve INSTANCE\",\n\t\tShort: \"Serve MCP over stdio\",\n\t\tLong: `Serve MCP over stdio.\n\nExpected to be executed via an AI agent, not by a human`,\n\t\tArgs: cobra.MaximumNArgs(1),\n\t\tRunE: mcpServeAction,\n\t}\n\treturn cmd\n}\n\nfunc mcpServeAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tinstName := \"default\"\n\tif len(args) > 0 {\n\t\tinstName = args[0]\n\t}\n\tlimactl, err := limactlutil.Path()\n\tif err != nil {\n\t\treturn err\n\t}\n\t// FIXME: We can not use store.Inspect() here because it requires VM drivers to be compiled in.\n\t// https://github.com/lima-vm/lima/pull/3744#issuecomment-3289274347\n\tinst, err := limactlutil.Inspect(ctx, limactl, instName)\n\tif err != nil {\n\t\treturn err\n\t}\n\tif len(inst.Errors) != 0 {\n\t\treturn errors.Join(inst.Errors...)\n\t}\n\tts, err := toolset.New(limactl)\n\tif err != nil {\n\t\treturn err\n\t}\n\tserver := newServer()\n\tif err = ts.RegisterServer(server); err != nil {\n\t\treturn err\n\t}\n\tif err = ts.RegisterInstance(ctx, inst); err != nil {\n\t\treturn err\n\t}\n\ttransport := &mcp.StdioTransport{}\n\treturn server.Run(ctx, transport)\n}\n\nfunc newMcpGenDocCommand() *cobra.Command {\n\tcmd := &cobra.Command{\n\t\tUse: \"generate-doc DIR\",\n\t\tShort: \"Generate documentation pages\",\n\t\tArgs: cobra.MinimumNArgs(1),\n\t\tRunE: mcpGenDocAction,\n\t\tHidden: true,\n\t}\n\treturn cmd\n}\n\nfunc mcpGenDocAction(cmd *cobra.Command, args []string) error {\n\tctx := cmd.Context()\n\tdir := args[0]\n\tif err := os.MkdirAll(dir, 0o755); err != nil {\n\t\treturn err\n\t}\n\tfName := filepath.Join(dir, \"mcp.md\")\n\tf, err := os.Create(fName)\n\tif err != nil {\n\t\treturn err\n\t}\n\tdefer f.Close()\n\tfmt.Fprint(f, `---\ntitle: MCP tools\nweight: 99\n---\nLima implements the \"MCP Sandbox Interface\" (tentative name):\nhttps://pkg.go.dev/github.com/lima-vm/lima/v2/pkg/mcp/msi\n\nMCP Sandbox Interface defines MCP (Model Context Protocol) tools\nthat can be used for reading, writing, and executing local files\nwith an appropriate sandboxing technology, such as Lima.\n\nThe sandboxing technology can be more secure and/or efficient than\nthe default tools provided by an AI agent.\n\nMCP Sandbox Interface was inspired by\n[Google Gemini CLI's built-in tools](https://github.com/google-gemini/gemini-cli/tree/main/docs/tools).\n\n`)\n\tinfo, err := inspectInfo(ctx)\n\tif err != nil {\n\t\treturn err\n\t}\n\tfor _, tool := range info.Tools {\n\t\tfmt.Fprintf(f, \"## `%s`\\n\\n\", tool.Name)\n\t\tif tool.Title != \"\" {\n\t\t\tfmt.Fprintf(f, \"### Title\\n\\n%s\\n\\n\", tool.Title)\n\t\t}\n\t\tif tool.Description != \"\" {\n\t\t\tfmt.Fprintf(f, \"### Description\\n\\n%s\\n\\n\", tool.Description)\n\t\t}\n\t\tif tool.InputSchema != nil {\n\t\t\tfmt.Fprint(f, \"### Input Schema\\n\\n\")\n\t\t\tschema, err := json.MarshalIndent(tool.InputSchema, \"\", \" \")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tfmt.Fprintf(f, \"```json\\n%s\\n```\\n\\n\", string(schema))\n\t\t}\n\t\tif tool.OutputSchema != nil {\n\t\t\tfmt.Fprint(f, \"### Output Schema\\n\\n\")\n\t\t\tschema, err := json.MarshalIndent(tool.OutputSchema, \"\", \" \")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tfmt.Fprintf(f, \"```json\\n%s\\n```\\n\\n\", string(schema))\n\t\t}\n\t}\n\treturn f.Close()\n}\n" }, { "path": "cmd/limactl-url-fedora-rawhide", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu\n\nif [ \"$#\" -ne 1 ]; then\n\techo >&2 \"Usage: $0 _images/fedora-rawhide\"\n\texit 1\nfi\nif [ \"$1\" != \"_images/fedora-rawhide\" ]; then\n\techo >&2 \"Expected argument to be '_images/fedora-rawhide', but got '$1'\"\n\texit 1\nfi\n\nCACHE_HOME_DEFAULT=\"${HOME}/.cache\"\nif [ \"$(uname -s)\" = \"Darwin\" ]; then\n\tCACHE_HOME_DEFAULT=\"${HOME}/Library/Caches\"\nfi\n: \"${XDG_CACHE_HOME:=${CACHE_HOME_DEFAULT}}\"\nCACHE_DIR=\"${XDG_CACHE_HOME}/lima/limactl-url-fedora-rawhide\"\n\n# COMPOSE_ID is like \"Fedora-Rawhide-20260316.n.0\"\nCOMPOSE_ID=\"$(curl -fsSL https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/COMPOSE_ID)\"\n# COMPOSE_ID_TRIMMED is like \"20260316.n.0\"\nCOMPOSE_ID_TRIMMED=\"${COMPOSE_ID#Fedora-Rawhide-}\"\n\nmkdir -p \"${CACHE_DIR}\"\nFILE=\"${CACHE_DIR}/fedora-rawhide.yaml\"\n\ncat <\"${FILE}\"\nimages:\n- location: \"https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Cloud/x86_64/images/Fedora-Cloud-Base-Generic-Rawhide-${COMPOSE_ID_TRIMMED}.x86_64.qcow2\"\n arch: \"x86_64\"\n- location: \"https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Cloud/aarch64/images/Fedora-Cloud-Base-Generic-Rawhide-${COMPOSE_ID_TRIMMED}.aarch64.qcow2\"\n arch: \"aarch64\"\nEOF\n\necho \"$FILE\"\n" }, { "path": "cmd/nerdctl.lima", "content": "#!/bin/sh\nset -eu\n\n# Environment Variables\n# LIMA_INSTANCE: Specifies the name of the Lima instance to use. Default is \"default\".\n\n: \"${LIMA_INSTANCE:=default}\"\n\n# Use --preserve-env to pass through environment variables from host machine into guest instance\nexec limactl shell --preserve-env \"$LIMA_INSTANCE\" nerdctl \"$@\"\n" }, { "path": "cmd/podman.lima", "content": "#!/bin/sh\nset -eu\n: \"${LIMA_INSTANCE:=podman}\"\n: \"${PODMAN:=podman}\"\n\nif [ \"$(limactl ls -q \"$LIMA_INSTANCE\" 2>/dev/null)\" != \"$LIMA_INSTANCE\" ]; then\n echo \"instance \\\"$LIMA_INSTANCE\\\" does not exist, run \\`limactl create --name=$LIMA_INSTANCE template:podman\\` to create a new instance\" >&2\n exit 1\nelif [ \"$(limactl ls -f '{{ .Status }}' \"$LIMA_INSTANCE\" 2>/dev/null)\" != \"Running\" ]; then\n echo \"instance \\\"$LIMA_INSTANCE\\\" is not running, run \\`limactl start $LIMA_INSTANCE\\` to start the existing instance\" >&2\n exit 1\nfi\nPODMAN=$(command -v \"$PODMAN\" || true)\nif [ -n \"$PODMAN\" ]; then\n CONTAINER_HOST=$(limactl list \"$LIMA_INSTANCE\" --format 'unix://{{.Dir}}/sock/podman.sock')\n export CONTAINER_HOST\n exec \"$PODMAN\" --remote \"$@\"\nelse\n export LIMA_INSTANCE\n exec lima podman \"$@\"\nfi\n" }, { "path": "cmd/yq/yq.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\n// SPDX-FileCopyrightText: Copyright (c) 2017 Mike Farah\n\n// This file has been adapted from https://github.com/mikefarah/yq/blob/v4.47.1/yq.go\n\npackage yq\n\nimport (\n\t\"os\"\n\t\"path/filepath\"\n\t\"strings\"\n\n\tcommand \"github.com/mikefarah/yq/v4/cmd\"\n)\n\nfunc main() {\n\tcmd := command.New()\n\targs := os.Args[1:]\n\t_, _, err := cmd.Find(args)\n\tif err != nil && args[0] != \"__complete\" {\n\t\t// default command when nothing matches...\n\t\tnewArgs := []string{\"eval\"}\n\t\tcmd.SetArgs(append(newArgs, os.Args[1:]...))\n\t}\n\tcode := 0\n\tif err := cmd.Execute(); err != nil {\n\t\tcode = 1\n\t}\n\tos.Exit(code)\n}\n\n// MaybeRunYQ runs as `yq` if the program name or first argument is `yq`.\n// Only returns to caller if os.Args doesn't contain a `yq` command.\nfunc MaybeRunYQ() {\n\tprogName := filepath.Base(os.Args[0])\n\t// remove all extensions, so we match \"yq.lima.exe\"\n\tprogName, _, _ = strings.Cut(progName, \".\")\n\tif progName == \"yq\" {\n\t\tmain()\n\t}\n\tif len(os.Args) > 1 && os.Args[1] == \"yq\" {\n\t\tos.Args = os.Args[1:]\n\t\tmain()\n\t}\n}\n" }, { "path": "docs/README.md", "content": "Moved to \n" }, { "path": "go.mod", "content": "// gomodjail:confined\nmodule github.com/lima-vm/lima/v2\n\ngo 1.25.7\n\nrequire (\n\tal.essio.dev/pkg/shellescape v1.6.0\n\tgithub.com/AlecAivazis/survey/v2 v2.3.7\n\tgithub.com/Code-Hex/vz/v3 v3.7.1 // gomodjail:unconfined\n\tgithub.com/Microsoft/go-winio v0.6.2 // gomodjail:unconfined\n\tgithub.com/apparentlymart/go-cidr v1.1.0\n\tgithub.com/balajiv113/fd v0.0.0-20230330094840-143eec500f3e\n\tgithub.com/cheggaaa/pb/v3 v3.1.7 // gomodjail:unconfined\n\tgithub.com/cilium/ebpf v0.21.0 // gomodjail:unconfined\n\tgithub.com/containerd/continuity v0.4.5\n\tgithub.com/containers/gvisor-tap-vsock v0.8.8 // gomodjail:unconfined\n\tgithub.com/coreos/go-semver v0.3.1\n\tgithub.com/coreos/go-systemd/v22 v22.7.0\n\tgithub.com/cpuguy83/go-md2man/v2 v2.0.7\n\tgithub.com/digitalocean/go-qemu v0.0.0-20221209210016-f035778c97f7\n\tgithub.com/diskfs/go-diskfs v1.8.0 // gomodjail:unconfined\n\tgithub.com/docker/go-units v0.5.0\n\tgithub.com/foxcpp/go-mockdns v1.2.0\n\tgithub.com/goccy/go-yaml v1.19.2\n\tgithub.com/google/go-cmp v0.7.0\n\tgithub.com/google/yamlfmt v0.21.0\n\tgithub.com/inetaf/tcpproxy v0.0.0-20250222171855-c4b9df066048\n\tgithub.com/invopop/jsonschema v0.13.0\n\tgithub.com/lima-vm/go-qcow2reader v0.7.1\n\tgithub.com/lima-vm/sshocker v0.3.9 // gomodjail:unconfined\n\tgithub.com/mattn/go-isatty v0.0.20\n\tgithub.com/mattn/go-shellwords v1.0.12\n\tgithub.com/mdlayher/netlink v1.9.0\n\tgithub.com/mdlayher/vsock v1.2.1 // gomodjail:unconfined\n\tgithub.com/miekg/dns v1.1.72 // gomodjail:unconfined\n\tgithub.com/mikefarah/yq/v4 v4.52.4\n\tgithub.com/modelcontextprotocol/go-sdk v1.4.1\n\tgithub.com/nxadm/tail v1.4.11 // gomodjail:unconfined\n\tgithub.com/opencontainers/go-digest v1.0.0\n\tgithub.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58\n\tgithub.com/pkg/sftp v1.13.10\n\tgithub.com/rjeczalik/notify v0.9.3\n\tgithub.com/santhosh-tekuri/jsonschema/v6 v6.0.2\n\tgithub.com/sethvargo/go-password v0.3.1\n\tgithub.com/sirupsen/logrus v1.9.4\n\tgithub.com/spf13/cobra v1.10.2 // gomodjail:unconfined\n\tgithub.com/spf13/pflag v1.0.10\n\tgithub.com/wk8/go-ordered-map/v2 v2.1.8\n\tgolang.org/x/net v0.52.0\n\tgolang.org/x/sync v0.20.0\n\tgolang.org/x/sys v0.42.0 // gomodjail:unconfined\n\tgolang.org/x/text v0.35.0\n\tgoogle.golang.org/grpc v1.79.3\n\tgoogle.golang.org/protobuf v1.36.11 // gomodjail:unconfined\n\tgopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473\n\tgotest.tools/v3 v3.5.2\n)\n\nrequire (\n\tgithub.com/Code-Hex/go-infinity-channel v1.0.0 // indirect\n\tgithub.com/VividCortex/ewma v1.2.0 // indirect\n\tgithub.com/a8m/envsubst v1.4.3 // indirect\n\tgithub.com/agext/levenshtein v1.2.1 // indirect\n\tgithub.com/alecthomas/participle/v2 v2.1.4 // indirect\n\tgithub.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect\n\tgithub.com/bahlo/generic-list-go v0.2.0 // indirect\n\tgithub.com/bmatcuk/doublestar/v4 v4.7.1 // indirect\n\tgithub.com/buger/jsonparser v1.1.2 // indirect\n\tgithub.com/containerd/log v0.1.0 // indirect\n\tgithub.com/digitalocean/go-libvirt v0.0.0-20220804181439-8648fbde413e // indirect\n\tgithub.com/dimchansky/utfbom v1.1.1 // indirect\n\tgithub.com/djherbis/times v1.6.0 // indirect\n\tgithub.com/elliotchance/orderedmap v1.8.0 // indirect\n\tgithub.com/fatih/color v1.18.0 // indirect\n\t// gomodjail:unconfined\n\tgithub.com/fsnotify/fsnotify v1.8.0 // indirect\n\tgithub.com/go-ini/ini v1.67.0 // indirect\n\tgithub.com/goccy/go-json v0.10.5 // indirect\n\tgithub.com/google/btree v1.1.3 // indirect\n\tgithub.com/google/gopacket v1.1.19 // indirect\n\tgithub.com/google/jsonschema-go v0.4.2 // indirect\n\tgithub.com/hashicorp/hcl/v2 v2.24.0 // indirect\n\tgithub.com/inconshreveable/mousetrap v1.1.0 // indirect\n\t// gomodjail:unconfined\n\tgithub.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9 // indirect\n\tgithub.com/jinzhu/copier v0.4.0 // indirect\n\tgithub.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect\n\tgithub.com/kr/fs v0.1.0 // indirect\n\tgithub.com/linuxkit/virtsock v0.0.0-20220523201153-1a23e78aa7a2 // indirect\n\tgithub.com/magiconair/properties v1.8.10 // indirect\n\tgithub.com/mailru/easyjson v0.9.0 // indirect\n\tgithub.com/mattn/go-colorable v0.1.14 // indirect\n\tgithub.com/mattn/go-runewidth v0.0.16 // indirect\n\tgithub.com/mdlayher/socket v0.5.1 // indirect\n\tgithub.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect\n\tgithub.com/mitchellh/go-wordwrap v1.0.1 // indirect\n\tgithub.com/mitchellh/mapstructure v1.5.0 // indirect\n\tgithub.com/pelletier/go-toml/v2 v2.2.4 // indirect\n\tgithub.com/pierrec/lz4/v4 v4.1.22 // indirect\n\tgithub.com/pkg/errors v0.9.1 // indirect\n\tgithub.com/rivo/uniseg v0.4.7 // indirect\n\tgithub.com/russross/blackfriday/v2 v2.1.0 // indirect\n\tgithub.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect\n\tgithub.com/segmentio/asm v1.1.3 // indirect\n\tgithub.com/segmentio/encoding v0.5.4 // indirect\n\t// gomodjail:unconfined\n\tgithub.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect\n\tgithub.com/yosida95/uritemplate/v3 v3.0.2 // indirect\n\tgithub.com/yuin/gopher-lua v1.1.1 // indirect\n\tgithub.com/zclconf/go-cty v1.17.0 // indirect\n\tgo.yaml.in/yaml/v3 v3.0.4 // indirect\n\tgo.yaml.in/yaml/v4 v4.0.0-rc.3 // indirect\n\tgolang.org/x/crypto v0.49.0 // indirect\n\tgolang.org/x/mod v0.33.0 // indirect\n\tgolang.org/x/oauth2 v0.34.0 // indirect\n\tgolang.org/x/term v0.41.0 // indirect\n\tgolang.org/x/time v0.9.0 // indirect\n\tgolang.org/x/tools v0.42.0 // indirect\n\tgoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect\n\tgopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect\n\tgopkg.in/yaml.v3 v3.0.1 // indirect\n\t// gomodjail:unconfined\n\tgvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f // indirect\n)\n" }, { "path": "go.sum", "content": "al.essio.dev/pkg/shellescape v1.6.0 h1:NxFcEqzFSEVCGN2yq7Huv/9hyCEGVa/TncnOOBBeXHA=\nal.essio.dev/pkg/shellescape v1.6.0/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890=\ngithub.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ=\ngithub.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo=\ngithub.com/Code-Hex/go-infinity-channel v1.0.0 h1:M8BWlfDOxq9or9yvF9+YkceoTkDI1pFAqvnP87Zh0Nw=\ngithub.com/Code-Hex/go-infinity-channel v1.0.0/go.mod h1:5yUVg/Fqao9dAjcpzoQ33WwfdMWmISOrQloDRn3bsvY=\ngithub.com/Code-Hex/vz/v3 v3.7.1 h1:EN1yNiyrbPq+dl388nne2NySo8I94EnPppvqypA65XM=\ngithub.com/Code-Hex/vz/v3 v3.7.1/go.mod h1:1LsW0jqW0r0cQ+IeR4hHbjdqOtSidNCVMWhStMHGho8=\ngithub.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=\ngithub.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=\ngithub.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=\ngithub.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=\ngithub.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=\ngithub.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=\ngithub.com/a8m/envsubst v1.4.3 h1:kDF7paGK8QACWYaQo6KtyYBozY2jhQrTuNNuUxQkhJY=\ngithub.com/a8m/envsubst v1.4.3/go.mod h1:4jjHWQlZoaXPoLQUb7H2qT4iLkZDdmEQiOUogdUmqVU=\ngithub.com/agext/levenshtein v1.2.1 h1:QmvMAjj2aEICytGiWzmxoE0x2KZvE0fvmqMOfy2tjT8=\ngithub.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=\ngithub.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=\ngithub.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=\ngithub.com/alecthomas/participle/v2 v2.1.4 h1:W/H79S8Sat/krZ3el6sQMvMaahJ+XcM9WSI2naI7w2U=\ngithub.com/alecthomas/participle/v2 v2.1.4/go.mod h1:8tqVbpTX20Ru4NfYQgZf4mP18eXPTBViyMWiArNEgGI=\ngithub.com/alecthomas/repr v0.5.2 h1:SU73FTI9D1P5UNtvseffFSGmdNci/O6RsqzeXJtP0Qs=\ngithub.com/alecthomas/repr v0.5.2/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=\ngithub.com/anchore/go-lzo v0.1.0 h1:NgAacnzqPeGH49Ky19QKLBZEuFRqtTG9cdaucc3Vncs=\ngithub.com/anchore/go-lzo v0.1.0/go.mod h1:3kLx0bve2oN1iDwgM1U5zGku1Tfbdb0No5qp1eL1fIk=\ngithub.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU=\ngithub.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=\ngithub.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=\ngithub.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=\ngithub.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU=\ngithub.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=\ngithub.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg=\ngithub.com/balajiv113/fd v0.0.0-20230330094840-143eec500f3e h1:IdMhFPEfTZQU971tIHx3UhY4l+yCeynprnINrDTSrOc=\ngithub.com/balajiv113/fd v0.0.0-20230330094840-143eec500f3e/go.mod h1:aXGMJsd3XrnUFTuyf/pTGg5jG6CY8JMZ5juywvShjgQ=\ngithub.com/bmatcuk/doublestar/v4 v4.7.1 h1:fdDeAqgT47acgwd9bd9HxJRDmc9UAmPpc+2m0CXv75Q=\ngithub.com/bmatcuk/doublestar/v4 v4.7.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=\ngithub.com/buger/jsonparser v1.1.2 h1:frqHqw7otoVbk5M8LlE/L7HTnIq2v9RX6EJ48i9AxJk=\ngithub.com/buger/jsonparser v1.1.2/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=\ngithub.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=\ngithub.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=\ngithub.com/cheggaaa/pb/v3 v3.1.7 h1:2FsIW307kt7A/rz/ZI2lvPO+v3wKazzE4K/0LtTWsOI=\ngithub.com/cheggaaa/pb/v3 v3.1.7/go.mod h1:/Ji89zfVPeC/u5j8ukD0MBPHt2bzTYp74lQ7KlgFWTQ=\ngithub.com/cilium/ebpf v0.21.0 h1:4dpx1J/B/1apeTmWBH5BkVLayHTkFrMovVPnHEk+l3k=\ngithub.com/cilium/ebpf v0.21.0/go.mod h1:1kHKv6Kvh5a6TePP5vvvoMa1bclRyzUXELSs272fmIQ=\ngithub.com/containerd/continuity v0.4.5 h1:ZRoN1sXq9u7V6QoHMcVWGhOwDFqZ4B9i5H6un1Wh0x4=\ngithub.com/containerd/continuity v0.4.5/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE=\ngithub.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=\ngithub.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=\ngithub.com/containers/gvisor-tap-vsock v0.8.8 h1:5FznbOYMIuaCv8B6zQ7M6wjqP63Lasy0A6GpViEnjTg=\ngithub.com/containers/gvisor-tap-vsock v0.8.8/go.mod h1:m/PzhZWAS6T9pCRH1fLkq2OqbEd6QEUZWjm3FS5F+CE=\ngithub.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4=\ngithub.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=\ngithub.com/coreos/go-systemd/v22 v22.7.0 h1:LAEzFkke61DFROc7zNLX/WA2i5J8gYqe0rSj9KI28KA=\ngithub.com/coreos/go-systemd/v22 v22.7.0/go.mod h1:xNUYtjHu2EDXbsxz1i41wouACIwT7Ybq9o0BQhMwD0w=\ngithub.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=\ngithub.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo=\ngithub.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=\ngithub.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=\ngithub.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=\ngithub.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=\ngithub.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/digitalocean/go-libvirt v0.0.0-20220804181439-8648fbde413e h1:SCnqm8SjSa0QqRxXbo5YY//S+OryeJioe17nK+iDZpg=\ngithub.com/digitalocean/go-libvirt v0.0.0-20220804181439-8648fbde413e/go.mod h1:o129ljs6alsIQTc8d6eweihqpmmrbxZ2g1jhgjhPykI=\ngithub.com/digitalocean/go-qemu v0.0.0-20221209210016-f035778c97f7 h1:3OVJAbR131SnAXao7c9w8bFlAGH0oa29DCwsa88MJGk=\ngithub.com/digitalocean/go-qemu v0.0.0-20221209210016-f035778c97f7/go.mod h1:K4+o74YGNjOb9N6yyG+LPj1NjHtk+Qz0IYQPvirbaLs=\ngithub.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=\ngithub.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=\ngithub.com/diskfs/go-diskfs v1.8.0 h1:YynvepHpU7xpl8z2RqiV/x3NPAj3zU0ki0vdjPty0U4=\ngithub.com/diskfs/go-diskfs v1.8.0/go.mod h1:rW9+4MPN1tbMpQqRZlcM3YQsh3Ucc+Q1k1iIqzzmZcg=\ngithub.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c=\ngithub.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0=\ngithub.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=\ngithub.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=\ngithub.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=\ngithub.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=\ngithub.com/elliotchance/orderedmap v1.8.0 h1:TrOREecvh3JbS+NCgwposXG5ZTFHtEsQiCGOhPElnMw=\ngithub.com/elliotchance/orderedmap v1.8.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys=\ngithub.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab h1:h1UgjJdAAhj+uPL68n7XASS6bU+07ZX1WJvVS2eyoeY=\ngithub.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab/go.mod h1:GLo/8fDswSAniFG+BFIaiSPcK610jyzgEhWYPQwuQdw=\ngithub.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=\ngithub.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=\ngithub.com/foxcpp/go-mockdns v1.2.0 h1:omK3OrHRD1IWJz1FuFBCFquhXslXoF17OvBS6JPzZF0=\ngithub.com/foxcpp/go-mockdns v1.2.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk=\ngithub.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=\ngithub.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=\ngithub.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=\ngithub.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=\ngithub.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=\ngithub.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=\ngithub.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=\ngithub.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=\ngithub.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=\ngithub.com/go-quicktest/qt v1.101.1-0.20240301121107-c6c8733fa1e6 h1:teYtXy9B7y5lHTp8V9KPxpYRAVA7dozigQcMiBust1s=\ngithub.com/go-quicktest/qt v1.101.1-0.20240301121107-c6c8733fa1e6/go.mod h1:p4lGIVX+8Wa6ZPNDvqcxq36XpUDLh42FLetFU7odllI=\ngithub.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=\ngithub.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=\ngithub.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=\ngithub.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=\ngithub.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=\ngithub.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=\ngithub.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=\ngithub.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=\ngithub.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=\ngithub.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=\ngithub.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=\ngithub.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=\ngithub.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=\ngithub.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=\ngithub.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=\ngithub.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=\ngithub.com/google/jsonschema-go v0.4.2 h1:tmrUohrwoLZZS/P3x7ex0WAVknEkBZM46iALbcqoRA8=\ngithub.com/google/jsonschema-go v0.4.2/go.mod h1:r5quNTdLOYEz95Ru18zA0ydNbBuYoo9tgaYcxEYhJVE=\ngithub.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=\ngithub.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=\ngithub.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=\ngithub.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=\ngithub.com/google/yamlfmt v0.21.0 h1:9FKApQkDpMKgBjwLFytBHUCgqnQgxaQnci0uiESfbzs=\ngithub.com/google/yamlfmt v0.21.0/go.mod h1:q6FYExB+Ueu7jZDjKECJk+EaeDXJzJ6Ne0dxx69GWfI=\ngithub.com/hashicorp/hcl/v2 v2.24.0 h1:2QJdZ454DSsYGoaE6QheQZjtKZSUs9Nh2izTWiwQxvE=\ngithub.com/hashicorp/hcl/v2 v2.24.0/go.mod h1:oGoO1FIQYfn/AgyOhlg9qLC6/nOJPX3qGbkZpYAcqfM=\ngithub.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=\ngithub.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=\ngithub.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u7lxST/RaJw+cv273q79D81Xbog=\ngithub.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=\ngithub.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=\ngithub.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=\ngithub.com/inetaf/tcpproxy v0.0.0-20250222171855-c4b9df066048 h1:jaqViOFFlZtkAwqvwZN+id37fosQqR5l3Oki9Dk4hz8=\ngithub.com/inetaf/tcpproxy v0.0.0-20250222171855-c4b9df066048/go.mod h1:Di7LXRyUcnvAcLicFhtM9/MlZl/TNgRSDHORM2c6CMI=\ngithub.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9 h1:LZJWucZz7ztCqY6Jsu7N9g124iJ2kt/O62j3+UchZFg=\ngithub.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic=\ngithub.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E=\ngithub.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=\ngithub.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=\ngithub.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=\ngithub.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=\ngithub.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=\ngithub.com/jsimonetti/rtnetlink v1.3.5 h1:hVlNQNRlLDGZz31gBPicsG7Q53rnlsz1l1Ix/9XlpVA=\ngithub.com/jsimonetti/rtnetlink/v2 v2.0.1 h1:xda7qaHDSVOsADNouv7ukSuicKZO7GgVUCXxpaIEIlM=\ngithub.com/jsimonetti/rtnetlink/v2 v2.0.1/go.mod h1:7MoNYNbb3UaDHtF8udiJo/RH6VsTKP1pqKLUTVCvToE=\ngithub.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=\ngithub.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=\ngithub.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=\ngithub.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=\ngithub.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=\ngithub.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=\ngithub.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=\ngithub.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=\ngithub.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=\ngithub.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=\ngithub.com/lima-vm/go-qcow2reader v0.7.1 h1:fZ5u38uaRX3ukuVA6IpeImh9BfRhzRGvTr87yGqENbY=\ngithub.com/lima-vm/go-qcow2reader v0.7.1/go.mod h1:Ai9fcmE2dXF6YFomrSCttveOT1x3+x5eG7AfIUUnSqw=\ngithub.com/lima-vm/sshocker v0.3.9 h1:jA1uLM8GS74ZI6lJ9f/SmQhxuNSQbY44TmrHXrNaVR4=\ngithub.com/lima-vm/sshocker v0.3.9/go.mod h1:YU7BBIy8iCJm5F68qwA+XCLOFJH5cMj8NsRUppKA33Y=\ngithub.com/linuxkit/virtsock v0.0.0-20220523201153-1a23e78aa7a2 h1:DZMFueDbfz6PNc1GwDRA8+6lBx1TB9UnxDQliCqR73Y=\ngithub.com/linuxkit/virtsock v0.0.0-20220523201153-1a23e78aa7a2/go.mod h1:SWzULI85WerrFt3u+nIm5F9l7EvxZTKQvd0InF3nmgM=\ngithub.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=\ngithub.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=\ngithub.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=\ngithub.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=\ngithub.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=\ngithub.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=\ngithub.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=\ngithub.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=\ngithub.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=\ngithub.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=\ngithub.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=\ngithub.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=\ngithub.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=\ngithub.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=\ngithub.com/mdlayher/netlink v1.9.0 h1:G8+GLq2x3v4D4MVIqDdNUhTUC7TKiCy/6MDkmItfKco=\ngithub.com/mdlayher/netlink v1.9.0/go.mod h1:YBnl5BXsCoRuwBjKKlZ+aYmEoq0r12FDA/3JC+94KDg=\ngithub.com/mdlayher/packet v1.1.2 h1:3Up1NG6LZrsgDVn6X4L9Ge/iyRyxFEFD9o6Pr3Q1nQY=\ngithub.com/mdlayher/packet v1.1.2/go.mod h1:GEu1+n9sG5VtiRE4SydOmX5GTwyyYlteZiFU+x0kew4=\ngithub.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos=\ngithub.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ=\ngithub.com/mdlayher/vsock v1.2.1 h1:pC1mTJTvjo1r9n9fbm7S1j04rCgCzhCOS5DY0zqHlnQ=\ngithub.com/mdlayher/vsock v1.2.1/go.mod h1:NRfCibel++DgeMD8z/hP+PPTjlNJsdPOmxcnENvE+SE=\ngithub.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4=\ngithub.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=\ngithub.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk=\ngithub.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI=\ngithub.com/miekg/dns v1.1.72/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=\ngithub.com/mikefarah/yq/v4 v4.52.4 h1:wZlxBMjyKCzzQjL0u6a3zToKuyE7OdJr4OtLBtwph4Q=\ngithub.com/mikefarah/yq/v4 v4.52.4/go.mod h1:8QwgSgDsmt4LCbfwvGUAh5oWSukRRuVJ8Gj98zJ/45o=\ngithub.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=\ngithub.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=\ngithub.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=\ngithub.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=\ngithub.com/modelcontextprotocol/go-sdk v1.4.1 h1:M4x9GyIPj+HoIlHNGpK2hq5o3BFhC+78PkEaldQRphc=\ngithub.com/modelcontextprotocol/go-sdk v1.4.1/go.mod h1:Bo/mS87hPQqHSRkMv4dQq1XCu6zv4INdXnFZabkNU6s=\ngithub.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY=\ngithub.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc=\ngithub.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=\ngithub.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=\ngithub.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28=\ngithub.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg=\ngithub.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=\ngithub.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=\ngithub.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0=\ngithub.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y=\ngithub.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=\ngithub.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=\ngithub.com/pierrec/lz4/v4 v4.1.22 h1:cKFw6uJDK+/gfw5BcDL0JL5aBsAFdsIT18eRtLj7VIU=\ngithub.com/pierrec/lz4/v4 v4.1.22/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=\ngithub.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A=\ngithub.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=\ngithub.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=\ngithub.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=\ngithub.com/pkg/sftp v1.13.10 h1:+5FbKNTe5Z9aspU88DPIKJ9z2KZoaGCu6Sr6kKR/5mU=\ngithub.com/pkg/sftp v1.13.10/go.mod h1:bJ1a7uDhrX/4OII+agvy28lzRvQrmIQuaHrcI1HbeGA=\ngithub.com/pkg/xattr v0.4.12 h1:rRTkSyFNTRElv6pkA3zpjHpQ90p/OdHQC1GmGh1aTjM=\ngithub.com/pkg/xattr v0.4.12/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU=\ngithub.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=\ngithub.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=\ngithub.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=\ngithub.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=\ngithub.com/rjeczalik/notify v0.9.3 h1:6rJAzHTGKXGj76sbRgDiDcYj/HniypXmSJo1SWakZeY=\ngithub.com/rjeczalik/notify v0.9.3/go.mod h1:gF3zSOrafR9DQEWSE8TjfI9NkooDxbyT4UgRGKZA0lc=\ngithub.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=\ngithub.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=\ngithub.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=\ngithub.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=\ngithub.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI=\ngithub.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs=\ngithub.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ=\ngithub.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU=\ngithub.com/segmentio/asm v1.1.3 h1:WM03sfUOENvvKexOLp+pCqgb/WDjsi7EK8gIsICtzhc=\ngithub.com/segmentio/asm v1.1.3/go.mod h1:Ld3L4ZXGNcSLRg4JBsZ3//1+f/TjYl0Mzen/DQy1EJg=\ngithub.com/segmentio/encoding v0.5.4 h1:OW1VRern8Nw6ITAtwSZ7Idrl3MXCFwXHPgqESYfvNt0=\ngithub.com/segmentio/encoding v0.5.4/go.mod h1:HS1ZKa3kSN32ZHVZ7ZLPLXWvOVIiZtyJnO1gPH1sKt0=\ngithub.com/sethvargo/go-password v0.3.1 h1:WqrLTjo7X6AcVYfC6R7GtSyuUQR9hGyAj/f1PYQZCJU=\ngithub.com/sethvargo/go-password v0.3.1/go.mod h1:rXofC1zT54N7R8K/h1WDUdkf9BOx5OptoxrMBcrXzvs=\ngithub.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=\ngithub.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g=\ngithub.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=\ngithub.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=\ngithub.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=\ngithub.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=\ngithub.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=\ngithub.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=\ngithub.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=\ngithub.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=\ngithub.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=\ngithub.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=\ngithub.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 h1:pyC9PaHYZFgEKFdlp3G8RaCKgVpHZnecvArXvPXcFkM=\ngithub.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701/go.mod h1:P3a5rG4X7tI17Nn3aOIAYr5HbIMukwXG0urG0WuL8OA=\ngithub.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=\ngithub.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=\ngithub.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc=\ngithub.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw=\ngithub.com/yosida95/uritemplate/v3 v3.0.2 h1:Ed3Oyj9yrmi9087+NczuL5BwkIc4wvTb5zIM+UJPGz4=\ngithub.com/yosida95/uritemplate/v3 v3.0.2/go.mod h1:ILOh0sOhIJR3+L/8afwt/kE++YT040gmv5BQTMR2HP4=\ngithub.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=\ngithub.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=\ngithub.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=\ngithub.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=\ngithub.com/zclconf/go-cty v1.17.0 h1:seZvECve6XX4tmnvRzWtJNHdscMtYEx5R7bnnVyd/d0=\ngithub.com/zclconf/go-cty v1.17.0/go.mod h1:wqFzcImaLTI6A5HfsRwB0nj5n0MRZFwmey8YoFPPs3U=\ngithub.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo=\ngithub.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM=\ngo.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=\ngo.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=\ngo.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=\ngo.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=\ngo.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=\ngo.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=\ngo.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=\ngo.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=\ngo.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=\ngo.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=\ngo.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=\ngo.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=\ngo.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=\ngo.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=\ngo.yaml.in/yaml/v4 v4.0.0-rc.3 h1:3h1fjsh1CTAPjW7q/EMe+C8shx5d8ctzZTrLcs/j8Go=\ngo.yaml.in/yaml/v4 v4.0.0-rc.3/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0=\ngolang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=\ngolang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\ngolang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=\ngolang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=\ngolang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=\ngolang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=\ngolang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=\ngolang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=\ngolang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=\ngolang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=\ngolang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=\ngolang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=\ngolang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=\ngolang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=\ngolang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=\ngolang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=\ngolang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=\ngolang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=\ngolang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=\ngolang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=\ngolang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=\ngolang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=\ngolang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=\ngolang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=\ngolang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=\ngolang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=\ngolang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=\ngolang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=\ngolang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=\ngolang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=\ngolang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=\ngolang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=\ngolang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=\ngolang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=\ngolang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=\ngolang.org/x/sys v0.0.0-20180926160741-c2ed4eda69e7/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=\ngolang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=\ngolang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=\ngolang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=\ngolang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=\ngolang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=\ngolang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=\ngolang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=\ngolang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=\ngolang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=\ngolang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU=\ngolang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=\ngolang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=\ngolang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=\ngolang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=\ngolang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=\ngolang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=\ngolang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=\ngolang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=\ngolang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=\ngolang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=\ngolang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=\ngolang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=\ngolang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=\ngolang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=\ngolang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=\ngolang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=\ngolang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=\ngolang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=\ngolang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk=\ngolang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=\ngolang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=\ngolang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=\ngonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=\ngoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=\ngoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=\ngoogle.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=\ngoogle.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=\ngoogle.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=\ngoogle.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=\ngopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=\ngopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 h1:6D+BvnJ/j6e222UW8s2qTSe3wGBtvo0MbVQG/c5k8RE=\ngopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473/go.mod h1:N1eN2tsCx0Ydtgjl4cqmbRCsY4/+z4cYDeqwZTk6zog=\ngopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=\ngopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=\ngopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\ngopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=\ngopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\ngotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=\ngotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=\ngvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f h1:O2w2DymsOlM/nv2pLNWCMCYOldgBBMkD7H0/prN5W2k=\ngvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU=\n" }, { "path": "hack/allowed-licenses.txt", "content": "Apache-2.0,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-3-Clause,MIT,ISC,Python-2.0,PostgreSQL,X11,Zlib\n" }, { "path": "hack/ansible-test.yaml", "content": "- hosts: all\n tasks:\n - name: Create test file\n file:\n path: \"/tmp/param-{{ lookup('ansible.builtin.env', 'PARAM_ANSIBLE') }}\"\n state: touch\n" }, { "path": "hack/bats/README.md", "content": "# BATS Integration Tests\n\nSee the [Testing](https://lima-vm.io/docs/dev/testing/) page for how to run these tests\nand the [BATS Style Guide](https://lima-vm.io/docs/dev/testing/bats-style/) for coding conventions.\n" }, { "path": "hack/bats/extras/README.md", "content": "# Extra tests\n\nThe extra tests located in this directory are not automatically executed via `make bats`.\n\nSome tests are executed on the CI, some ones are not.\nRefer to the configuration of the GitHub Actions to see what tests are executed.\n" }, { "path": "hack/bats/extras/colima.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nload \"../helpers/load\"\n\nlocal_setup_file() {\n colima start\n}\n\nlocal_teardown_file() {\n colima stop\n colima delete -f\n}\n\n@test 'Docker' {\n docker run -p 8080:80 -d --name nginx \"${TEST_CONTAINER_IMAGES[nginx]}\"\n sleep 5\n run -0 curl -sSI --retry 5 --retry-all-errors http://localhost:8080\n assert_output --partial \"200 OK\"\n docker rm -f nginx\n}\n" }, { "path": "hack/bats/extras/freebsd.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nload \"../helpers/load\"\n\nlocal_setup_file() {\n limactl start --tty=false template:freebsd\n}\n\nlocal_teardown_file() {\n # \n set -x\n tail -n 100 \"${LIMA_HOME}\"/freebsd/*.log\n limactl shell freebsd -- cat /var/log/messages\n # \n limactl stop freebsd\n limactl rm freebsd\n}\n\n@test 'Smoke test' {\n run -0 limactl shell freebsd -- uname\n # FIXME: the shell always shows freebsd-tips (specified in ~/.login)\n assert_output --partial \"FreeBSD\"\n}\n" }, { "path": "hack/bats/extras/k8s.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# This test verifies that a Kubernetes cluster can be started and that the single node is ready.\n\nload \"../helpers/load\"\n\n: \"${TEMPLATE:=k8s}\"\n\n# Instance names are \"${NAME}-0\", \"${NAME}-1\", ...\nNAME=\"k8s\"\n\nget_num_nodes() {\n local nodes=0\n for tag in \"${BATS_TEST_TAGS[@]}\"; do\n if [[ $tag =~ ^nodes:([0-9]+)$ ]]; then\n nodes=\"${BASH_REMATCH[1]}\"\n fi\n done\n if [[ $nodes -eq 0 ]]; then\n echo >&2 \"nodes:N tag is required\"\n exit 1\n fi\n echo \"$nodes\"\n}\n\nlocal_setup() {\n local nodes=$(get_num_nodes)\n local params=\"\"\n for ((i=0; i<1; i++)); do\n limactl delete --force \"${NAME}-$i\" || :\n local limactl_start_flags=\"--tty=false --name \"${NAME}-$i\"\"\n # Multi-node setup requires user-v2 network for VM-to-VM communication\n if [[ $nodes -gt 1 ]]; then\n limactl_start_flags+=\" --network lima:user-v2\"\n fi\n limactl start ${limactl_start_flags} \"template:${TEMPLATE}\" 3>&- 4>&- &\n done\n wait $(jobs -p)\n # Multi-node setup\n if [[ $nodes -gt 1 ]]; then\n for ((i=0; i&- 4>&- &\n fi\n done\n wait $(jobs -p)\n fi\n for node in $(k get node -o name); do\n\t k wait --timeout=5m --for=condition=ready \"${node}\"\n done\n}\n\nlocal_teardown() {\n local nodes=$(get_num_nodes)\n for ((i=0; i&- 4>&-\n}\n\nlocal_teardown_file() {\n limactl delete --force \"$NAME\"\n}\n\nctrctl() {\n if [[ $(limactl ls \"$NAME\" --yq .config.containerd.user) == true ]]; then\n limactl shell $NAME nerdctl \"$@\"\n else\n limactl shell $NAME docker \"$@\"\n fi\n}\n\nnginx_start() {\n echo \"$COUNTER\" >\"${BATS_TEST_TMPDIR}/index.html\"\n ctrctl run -d --name nginx -p 8080:80 -v \"${BATS_TEST_TMPDIR}:/usr/share/nginx/html:ro\" nginx\n}\n\nnginx_stop() {\n ctrctl stop nginx\n ctrctl rm nginx\n}\n\nverify_port() {\n run curl --silent http://127.0.0.1:8080\n # If nginx is not quite ready and doesn't send any response at all, give it one extra chance\n if [[ $status -eq 52 ]]; then\n sleep 0.5\n run curl --silent http://127.0.0.1:8080\n fi\n assert_success\n assert_output \"$COUNTER\"\n}\n\n@test 'Verify that the container is working' {\n COUNTER=0\n ctrctl pull --quiet nginx\n nginx_start\n verify_port\n}\n\n@test 'Stop and restart the container multiple times' {\n for COUNTER in {1..100}; do\n nginx_stop\n nginx_start\n verify_port\n done\n}\n" }, { "path": "hack/bats/helpers/limactl.bash", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# Create a dummy Lima instance for testing purposes. It cannot be started because it doesn't have an actual image.\n# This function intentionally doesn't use create/editflags, but modifies the template with yq instead.\ncreate_dummy_instance() {\n local name=$1\n local expr=${2:-}\n\n # Template does not validate without an image, and the image must point to a file that exists (for clonefile).\n local template=\"{images: [location: /etc/profile]}\"\n if [[ -n $expr ]]; then\n template=\"$(limactl yq \"$expr\" <<<\"$template\")\"\n fi\n limactl create --name \"$name\" - <<<\"$template\"\n}\n\n# Ensure a Lima instance exists. When LIMA_BATS_REUSE_INSTANCE is set, reuse an\n# existing running instance. Otherwise delete and recreate it.\n# The instance configuration is determined by its name; add a case below for new names.\n# Close file handles 3 and 4 so the host agent doesn't block BATS from exiting.\nensure_instance() {\n local instance=$1\n if [[ -n \"${LIMA_BATS_REUSE_INSTANCE:-}\" ]]; then\n run limactl list --format '{{.Status}}' \"$instance\"\n [[ $status == 0 ]] && [[ $output == \"Running\" ]] && return\n fi\n limactl unprotect \"$instance\" || :\n limactl delete --force \"$instance\" || :\n case \"$instance\" in\n bats) limactl start --yes --name \"$instance\" template:default 3>&- 4>&- ;;\n bats-nomount) limactl start --yes --name \"$instance\" --mount-none template:default 3>&- 4>&- ;;\n bats-dummy) create_dummy_instance \"$instance\" '.disk = \"1M\"' ;;\n *)\n echo \"ensure_instance: unknown instance name '$instance'\" >&2\n return 1\n ;;\n esac\n}\n\n# Delete the given Lima instance unless LIMA_BATS_REUSE_INSTANCE is set.\ndelete_instance() {\n local instance=$1\n if [[ -z \"${LIMA_BATS_REUSE_INSTANCE:-}\" ]]; then\n limactl unprotect \"$instance\" || :\n limactl delete --force \"$instance\" || :\n fi\n}\n" }, { "path": "hack/bats/helpers/load.bash", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -o errexit -o nounset -o pipefail\n\n# Make sure run() will execute all functions with errexit enabled.\n# This enables the functionality from https://github.com/lima-vm/bats-core/commit/507da84de75fa78798d53eceb42e68851ef5c48b\n# The upstream PR https://github.com/bats-core/bats-core/pull/1118 is still open, so our submodule points to the PR commit.\nexport BATS_RUN_ERREXIT=1\n\n# BATS_TEST_RETRIES must be set for the individual test and cannot be imported from the\n# parent environment because the BATS test runner sets it to 0 before running the test.\nBATS_TEST_RETRIES=${LIMA_BATS_ALL_TESTS_RETRIES:-0}\n\n# Known flaky tests should call `flaky` inside the @test to allow retries up to\n# LIMA_BATS_FLAKY_TESTS_RETRIES even when the LIMA_BATS_ALL_TESTS_RETRIES is lower.\nflaky() {\n BATS_TEST_RETRIES=${LIMA_BATS_FLAKY_TESTS_RETRIES:-$BATS_TEST_RETRIES}\n}\n\n# Don't run the tests in ~/.lima because they may destroy _config, _templates etc.\nexport LIMA_HOME=${LIMA_BATS_LIMA_HOME:-$HOME/.lima-bats}\n\nabsolute_path() {\n (\n cd \"$1\"\n pwd\n )\n}\n\nPATH_BATS_HELPERS=$(absolute_path \"$(dirname \"${BASH_SOURCE[0]}\")\")\nPATH_BATS_ROOT=$(absolute_path \"$PATH_BATS_HELPERS/..\")\n\nsource \"$PATH_BATS_ROOT/lib/bats-support/load.bash\"\nsource \"$PATH_BATS_ROOT/lib/bats-assert/load.bash\"\nsource \"$PATH_BATS_ROOT/lib/bats-file/load.bash\"\n\nsource \"$PATH_BATS_HELPERS/limactl.bash\"\nsource \"$PATH_BATS_HELPERS/logs.bash\"\n\nbats_require_minimum_version 1.5.0\n\nrun_e() {\n run --separate-stderr \"$@\"\n}\n\n# If called from foo() this function will call local_foo() if it exist.\ncall_local_function() {\n local func\n func=\"local_${FUNCNAME[1]}\"\n if [ \"$(type -t \"$func\")\" = \"function\" ]; then\n \"$func\"\n fi\n}\n\nsetup_file() {\n if [[ ${CI:-} == true ]]; then\n # Without a terminal the output is using TAP formatting, which does not include the filename\n local TEST_FILENAME=${BATS_TEST_FILENAME#\"$PATH_BATS_ROOT/tests/\"}\n TEST_FILENAME=${TEST_FILENAME%.bats}\n echo \"# ===== ${TEST_FILENAME} =====\" >&3\n fi\n if [[ -n \"${INSTANCE:-}\" ]]; then\n ensure_instance \"$INSTANCE\"\n fi\n call_local_function\n}\nteardown_file() {\n call_local_function\n if [[ -n \"${INSTANCE:-}\" ]]; then\n delete_instance \"$INSTANCE\"\n fi\n}\nsetup() {\n call_local_function\n}\nteardown() {\n call_local_function\n}\n\nassert_output_lines_count() {\n assert_equal \"${#lines[@]}\" \"$1\"\n}\n\n# Use GHCR and ECR to avoid hitting Docker Hub rate limit.\n# NOTE: keep this list in sync with hack/test-templates.sh .\ndeclare -A -g TEST_CONTAINER_IMAGES=(\n [\"nginx\"]=\"ghcr.io/stargz-containers/nginx:1.19-alpine-org\"\n [\"coredns\"]=\"public.ecr.aws/eks-distro/coredns/coredns:v1.12.2-eks-1-31-latest\"\n)\n" }, { "path": "hack/bats/helpers/logs.bash", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# Format the string the way strconv.Quote() would do.\n# If the input ends with an ellipsis then no closing quote will be added (and the … will be removed).\nquote_msg() {\n local quoted\n quoted=$(sed -e 's/\\\\/\\\\\\\\/g' -e 's/\"/\\\\\"/g' -e 's/^/\"/' <<<\"$1\")\n if [[ $quoted == *… ]]; then\n echo \"${quoted%…}\"\n else\n echo \"${quoted}\\\"\"\n fi\n}\n\nassert_fatal() {\n assert_stderr_line --partial \"level=fatal msg=$(quote_msg \"$1\")\"\n}\nassert_error() {\n assert_stderr_line --partial \"level=error msg=$(quote_msg \"$1\")\"\n}\nassert_warning() {\n assert_stderr_line --partial \"level=warning msg=$(quote_msg \"$1\")\"\n}\nassert_info() {\n assert_stderr_line --partial \"level=info msg=$(quote_msg \"$1\")\"\n}\nassert_debug() {\n assert_stderr_line --partial \"level=debug msg=$(quote_msg \"$1\")\"\n}\n" }, { "path": "hack/bats/tests/copy.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nload \"../helpers/load\"\n\nINSTANCE=bats\n\nsetup() {\n limactl shell \"$INSTANCE\" -- mkdir -p /tmp/test_limactl_copy\n}\n\nteardown() {\n limactl shell \"$INSTANCE\" -- rm -rf /tmp/test_limactl_copy\n}\n\ntest_copy_dir_from_host_to_instance() {\n backend=\"$1\"\n mkdir -p \"$BATS_TEST_TMPDIR/foo/bar\"\n\n # SRC DST\n limactl copy --backend=\"$backend\" -r \"$BATS_TEST_TMPDIR/foo\" \"$INSTANCE\":/tmp/test_limactl_copy/foo\n limactl shell \"$INSTANCE\" -- test -d /tmp/test_limactl_copy/foo/bar\n limactl shell \"$INSTANCE\" -- rm -rf /tmp/test_limactl_copy/foo\n\n # SRC/ DST\n limactl shell \"$INSTANCE\" -- mkdir -p /tmp/test_limactl_copy/foo_src_with_slash/\n limactl copy --backend=\"$backend\" -r \"$BATS_TEST_TMPDIR/foo/\" \"$INSTANCE\":/tmp/test_limactl_copy/foo_src_with_slash\n limactl shell \"$INSTANCE\" -- test -d /tmp/test_limactl_copy/foo_src_with_slash/foo\n limactl shell \"$INSTANCE\" -- rm -rf /tmp/test_limactl_copy/foo_src_with_slash\n\n # SRC DST/\n limactl shell \"$INSTANCE\" -- mkdir -p /tmp/test_limactl_copy/foo_dst_with_slash/\n limactl copy --backend=\"$backend\" -r \"$BATS_TEST_TMPDIR/foo\" \"$INSTANCE\":/tmp/test_limactl_copy/foo_dst_with_slash/\n limactl shell \"$INSTANCE\" -- test -d /tmp/test_limactl_copy/foo_dst_with_slash/foo\n limactl shell \"$INSTANCE\" -- rm -rf /tmp/test_limactl_copy/foo_dst_with_slash\n\n # SRC/ DST/\n limactl shell \"$INSTANCE\" -- mkdir -p /tmp/test_limactl_copy/foo_src_dst_with_slash/\n limactl copy --backend=\"$backend\" -r \"$BATS_TEST_TMPDIR/foo/\" \"$INSTANCE\":/tmp/test_limactl_copy/foo_src_dst_with_slash/\n limactl shell \"$INSTANCE\" -- test -d /tmp/test_limactl_copy/foo_src_dst_with_slash/foo\n limactl shell \"$INSTANCE\" -- rm -rf /tmp/test_limactl_copy/foo_src_dst_with_slash\n}\n\n@test \"copy directory from host to Lima instance (scp)\" {\n test_copy_dir_from_host_to_instance scp\n}\n\n# https://github.com/lima-vm/lima/issues/4468\n@test \"copy directory from host to Lima instance (rsync)\" {\n test_copy_dir_from_host_to_instance rsync\n}\n\ntest_copy_dir_from_instance_to_host() {\n backend=\"$1\"\n\n limactl shell \"$INSTANCE\" -- mkdir -p /tmp/test_limactl_copy/foo/bar\n\n # SRC DST\n limactl copy --backend=\"$backend\" -r \"$INSTANCE\":/tmp/test_limactl_copy/foo \"$BATS_TEST_TMPDIR/foo\"\n assert_dir_exists \"$BATS_TEST_TMPDIR/foo/bar\"\n\n # SRC/ DST\n limactl copy --backend=\"$backend\" -r \"$INSTANCE\":/tmp/test_limactl_copy/foo/ \"$BATS_TEST_TMPDIR/foo_src_with_slash\"\n assert_dir_exists \"$BATS_TEST_TMPDIR/foo_src_with_slash/bar\"\n\n # SRC DST/\n limactl copy --backend=\"$backend\" -r \"$INSTANCE\":/tmp/test_limactl_copy/foo \"$BATS_TEST_TMPDIR/foo_dst_with_slash/\"\n assert_dir_exists \"$BATS_TEST_TMPDIR/foo_dst_with_slash/bar\"\n\n # SRC/ DST/\n limactl copy --backend=\"$backend\" -r \"$INSTANCE\":/tmp/test_limactl_copy/foo/ \"$BATS_TEST_TMPDIR/foo_src_dst_with_slash/\"\n assert_dir_exists \"$BATS_TEST_TMPDIR/foo_src_dst_with_slash/bar\"\n}\n\n@test \"copy directory from Lima instance to host (scp)\" {\n test_copy_dir_from_instance_to_host scp\n}\n\n@test \"copy directory from Lima instance to host (rsync)\" {\n test_copy_dir_from_instance_to_host rsync\n}\n\ntest_copy_file_from_host_to_instance() {\n backend=\"$1\"\n echo \"hello\" > \"$BATS_TEST_TMPDIR/hello.txt\"\n\n limactl copy --backend=\"$backend\" \"$BATS_TEST_TMPDIR/hello.txt\" \"$INSTANCE\":/tmp/test_limactl_copy/hello.txt\n\n run -0 limactl shell \"$INSTANCE\" -- cat /tmp/test_limactl_copy/hello.txt\n assert_output \"hello\"\n\n limactl shell \"$INSTANCE\" -- rm -f /tmp/test_limactl_copy/hello.txt\n}\n\n@test \"copy file from host to Lima instance (scp)\" {\n test_copy_file_from_host_to_instance scp\n}\n\n@test \"copy file from host to Lima instance (rsync)\" {\n test_copy_file_from_host_to_instance rsync\n}\n\ntest_copy_file_from_instance_to_host() {\n backend=\"$1\"\n limactl shell \"$INSTANCE\" -- bash -c 'echo \"hello\" > /tmp/test_limactl_copy/hello.txt'\n\n limactl copy --backend=\"$backend\" \"$INSTANCE\":/tmp/test_limactl_copy/hello.txt \"$BATS_TEST_TMPDIR/hello.txt\"\n\n run -0 cat \"$BATS_TEST_TMPDIR/hello.txt\"\n assert_output \"hello\"\n\n limactl shell \"$INSTANCE\" -- rm -f /tmp/hello.txt\n}\n\n@test \"copy file from Lima instance to host (scp)\" {\n test_copy_file_from_instance_to_host scp\n}\n\n@test \"copy file from Lima instance to host (rsync)\" {\n test_copy_file_from_instance_to_host rsync\n}\n" }, { "path": "hack/bats/tests/list.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nload \"../helpers/load\"\n\n# Use a separate LIMA_HOME for this test that we can just wipe because it will never have running instances.\n# We cannot use $BATS_FILE_TMPDIR because `limactl create` will complain about max socket path name length.\nLOCAL_LIMA_HOME=\"${LIMA_HOME:?}/_bats\"\n\nlocal_setup_file() {\n export LIMA_HOME=\"${LOCAL_LIMA_HOME:?}\"\n rm -rf \"${LIMA_HOME:?}\"\n\n run -0 create_dummy_instance \"foo\" '.disk = \"1M\"'\n run -0 create_dummy_instance \"bar\" '.disk = \"2M\"'\n run -0 create_dummy_instance \"baz\" '.disk = \"3M\"'\n}\n\nlocal_setup() {\n export LIMA_HOME=\"${LOCAL_LIMA_HOME:?}\"\n}\n\n@test 'list with no running instances shows a warning and exits without error' {\n export LIMA_HOME=\"$BATS_TEST_TMPDIR\"\n run_e -0 limactl list\n assert_warning 'No instance found. Run `limactl create` to create an instance.'\n}\n\n@test 'check plain list output' {\n # also verifies that `ls` is an alias for `list`\n run -0 limactl ls\n\n # instances will be sorted alphabetically\n assert_line --index 0 --regexp '^NAME +STATUS.+DISK'\n assert_line --index 1 --regexp '^bar +Stopped.+ 2MiB'\n assert_line --index 2 --regexp '^baz +Stopped.+ 3MiB'\n assert_line --index 3 --regexp '^foo +Stopped.+ 1MiB'\n # there is no other output\n assert_output_lines_count 4\n}\n\n@test 'only list selected instances' {\n run -0 limactl ls foo bar\n\n # instances will be sorted in the order they were specified\n assert_line --index 0 --regexp '^NAME'\n assert_line --index 1 --regexp '^foo'\n assert_line --index 2 --regexp '^bar'\n refute_line --partial baz\n assert_output_lines_count 3\n}\n\n@test 'requesting non-existing instance is an error' {\n run_e -1 limactl ls foo foobar bar\n assert_warning 'No instance matching foobar found.'\n assert_fatal 'unmatched instances'\n\n # existing instances are still listed\n assert_line --index 0 --regexp '^NAME'\n assert_line --index 1 --regexp '^foo'\n assert_line --index 2 --regexp '^bar'\n assert_output_lines_count 3\n}\n\n@test '--quiet option shows only names, no header' {\n run -0 limactl list --quiet foo bar\n assert_line --index 0 foo\n assert_line --index 1 bar\n assert_output_lines_count 2\n}\n\n@test '--format json returns JSON output' {\n run -0 limactl ls --format json foo bar\n\n # test may be too strict in expecting \"name\" to be the first key on the line\n assert_line --index 0 --regexp '^\\{\"name\":\"foo\",'\n assert_line --index 1 --regexp '^\\{\"name\":\"bar\",'\n assert_output_lines_count 2\n}\n\n@test '--json is shorthand for --format json' {\n run -0 limactl ls foo bar --format json\n format_json=$output\n\n run -0 limactl ls foo bar --json\n assert_output \"$format_json\"\n}\n\n@test '--format YAML returns YAML documents' {\n # save JSON output for comparison\n run -0 limactl ls foo bar --format json\n json=$output\n\n run -0 limactl ls foo bar --format yaml\n yaml=$output\n\n assert_line --regexp '^name: foo'\n assert_line --regexp '^name: bar'\n refute_line --regexp '^name: baz'\n\n # verify that the output consists of 2 documents\n run -0 limactl yq 'true' <<<\"$yaml\"\n assert_output_lines_count 2\n\n # convert YAML to JSON\n run -0 limactl yq --input-format yaml --output-format json --indent 0 \".\" <<<\"$yaml\"\n assert_output_lines_count 2\n\n # verify it matches the JSON output\n assert_output \"$json\"\n\n}\n\n@test 'JSON output to terminal is colorized, but semantically identical' {\n run -0 limactl ls foo bar --format json\n json=$output\n\n # colorize output even when stdout is not a tty\n export _LIMA_OUTPUT_IS_TTY=1\n run -0 limactl ls foo bar --format json\n colorized=$output\n\n # check if the output contains an ANSI \"reset mode\" sequence (\"ESC[0m\")\n run -0 cat -v <<<\"$output\"\n assert_output --partial \"^[[0m\"\n\n # remove all ANSI formatting codes from the output\n run -0 sed 's/\\x1b\\[[0-9;]*m//g' <<<\"$colorized\"\n\n # Flatten the pretty-printed JSON to a single line per object with no extra whitespace.\n # yq processes JSON objects in sequence (when input format is set to json) and\n # does not require each object to be on a single line.\n run -0 limactl yq --input-format json --output-format json --indent 0 \".\" <<<\"$output\"\n assert_output_lines_count 2\n\n # compare to the plain (uncolorized) json output\n assert_output \"$json\"\n}\n\n@test 'YAML output to terminal is colorized, but semantically identical' {\n # save uncolorized JSON output\n run -0 limactl ls foo bar --format json\n json=$output\n\n # colorize output even when stdout is not a tty\n export _LIMA_OUTPUT_IS_TTY=1\n run -0 limactl ls foo bar --format yaml\n colorized=$output\n\n # check if the output contains an ANSI \"reset mode\" sequence (\"ESC[0m\")\n run -0 cat -v <<<\"$output\"\n assert_output --partial \"^[[0m\"\n\n # remove all ANSI formatting codes from the output\n run -0 sed 's/\\x1b\\[[0-9;]*m//g' <<<\"$colorized\"\n yaml=$output\n\n # Verify that the output consists of 2 documents\n run -0 limactl yq 'true' <<<\"$yaml\"\n assert_output_lines_count 2\n\n # convert the pretty-printed YAML to JSON Lines format with no whitespace\n run -0 limactl yq --indent 0 --input-format yaml --output-format json \".\" <<<\"$yaml\"\n assert_output_lines_count 2\n\n # verify it matches the JSON output\n assert_output \"$json\"\n}\n\n@test '--all-fields includes all fields in the table' {\n skip \"only works with output to a terminal (#3986)\"\n # TODO provide a way to specify the width, e.g. with `--width 120`\n # See https://github.com/lima-vm/lima/issues/3986\n}\n\n@test 'Use field names in Go template format' {\n run -0 limactl ls foo bar --format '{{.Name}} {{.Disk}}'\n assert_line --index 0 \"foo 1048576\"\n assert_line --index 1 \"bar 2097152\"\n}\n\n@test '--list-fields list all available fields' {\n run -0 limactl ls --list-fields\n assert_line Name\n assert_line CPUs\n assert_line Memory\n # All field names start with an uppercase letter and don't contain any spaces\n refute_line --regexp '^[^A-Z]'\n refute_line --partial ' '\n }\n\n @test '--list-fields does not list deprecated field, but they are still available' {\n run -0 limactl ls --list-fields\n\n # no deprecated fields are listed\n refute_line \"HostArch\"\n refute_line \"HostOS\"\n refute_line \"IdentityFile\"\n refute_line \"LimaHome\"\n\n # all deprecated fields exist and produce output\n run -0 limactl ls foo --format '{{.HostArch}}'\n assert_output\n run -0 limactl ls foo --format '{{.HostOS}}'\n assert_output\n run -0 limactl ls foo --format '{{.IdentityFile}}'\n assert_output\n run -0 limactl ls foo --format '{{.LimaHome}}'\n assert_output \"$LIMA_HOME\"\n\n # verify that a non-existing field throws an error and produces no output\n # TODO the error message is not really end-user friendly, not sure if we can do something about it\n run_e -1 limactl ls foo --format '{{.Unknown}}'\n assert_stderr --regexp \"level=fatal.*can't evaluate field Unknown\"\n refute_output\n}\n\n@test '--quiet option can only be used with format --table' {\n # TODO the error message is incorrect, it can be used with --yq\n run_e -1 limactl list --quiet --format json\n assert_fatal \"option --quiet can only be used with '--format table'\"\n\n run_e -1 limactl list --quiet --format yaml\n assert_fatal \"option --quiet can only be used with '--format table'\"\n\n run_e -1 limactl list --quiet --format '{{.Name}} {{.Disk}}'\n assert_fatal \"option --quiet can only be used with '--format table'\"\n}\n\n@test '--yq option implies --format json' {\n run -0 limactl ls baz --yq '.config'\n assert_output --regexp '^\\{\"'\n\n run -0 limactl yq '.disk' <<<\"$output\"\n assert_output \"3M\"\n}\n\n@test '--yq option can be used with --format yaml' {\n run -0 limactl ls baz --yq '.config' --format yaml\n assert_line \"disk: 3M\"\n}\n\n@test '--yq option can be specified multiple times' {\n run -0 limactl ls foo --yq '.config' --yq '.user' --yq '.uid'\n assert_output \"$UID\"\n\n run -0 limactl ls --yq 'select(.disk > 1024*1024)' --yq 'select(.name | test(\"z\"))' --yq '.name'\n assert_output \"baz\"\n}\n\n@test '--yq option is incompatible with --format table or Go templates' {\n run_e -1 limactl ls --yq '.name' --format table\n assert_fatal \"option --yq only works with --format json or yaml\"\n\n run_e -1 limactl ls --yq '.name' --format '{{.Name}} {{.Disk}}'\n assert_fatal \"option --yq only works with --format json or yaml\"\n}\n\n@test '--quiet option can be used with --yq' {\n run -0 limactl ls --quiet\n assert_line --index 0 \"bar\"\n assert_output_lines_count 3\n\n run -0 limactl ls --quiet --yq 'select(.name == \"foo\")'\n assert_output \"foo\"\n}\n\n@test '--yq cannot access environment variables' {\n run_e -1 limactl ls --yq 'env(HOME)'\n assert_fatal \"env operations have been disabled\"\n}\n\n@test '--yq cannot load files' {\n run_e -1 limactl ls --yq \"load(\\\"${BASH_SOURCE[0]}\\\")\"\n assert_fatal \"file operations have been disabled\"\n}\n\n@test '--filter option filters instances' {\n run -0 limactl ls --filter '.name == \"foo\"'\n assert_line --index 0 --regexp '^NAME'\n assert_line --index 1 --regexp '^foo'\n assert_output_lines_count 2\n}\n\n@test '--filter option works with all output formats' {\n run -0 limactl ls --filter '.name == \"foo\"'\n assert_line --index 1 --regexp '^foo'\n\n run -0 limactl ls --filter '.name == \"foo\"' --format json\n assert_line --index 0 --regexp '^\\{\"name\":\"foo\",'\n\n run -0 limactl ls --filter '.name == \"foo\"' --format '{{.Name}}'\n assert_output \"foo\"\n}\n\n@test '--filter option is compatible with --yq' {\n run -0 limactl ls --filter '.name == \"foo\"' --yq '.name'\n assert_output \"foo\"\n}\n\n@test '--quiet option can be used with --filter' {\n run -0 limactl ls --quiet --filter '.name == \"foo\"'\n assert_output \"foo\"\n}\n\n@test '--filter option with no matching instances returns empty output' {\n run -0 limactl ls -q --filter '.name == \"kcp\"'\n assert_output \"\"\n}\n\n@test 'multiple --filter options are combined with AND logic' {\n run -0 limactl ls -q --filter '.name == \"foo\"' --filter '.disk == \"1M\"'\n assert_output \"\"\n\n run -0 limactl ls --filter '.name == \"foo\"' --filter '.disk == \"1048576\"'\n assert_line --index 1 --regexp '^foo'\n}\n" }, { "path": "hack/bats/tests/mcp.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nload \"../helpers/load\"\n\nINSTANCE=bats\n\n# TODO Move helper functions to shared location\nrun_yq() {\n run -0 --separate-stderr limactl yq \"$@\"\n}\n\njson_edit() {\n limactl yq --input-format json --output-format json --indent 0 \"$@\"\n}\n\nlocal_setup() {\n cd \"$PATH_BATS_ROOT\"\n coproc MCP { limactl mcp serve \"$INSTANCE\"; }\n\n ID=0\n mcp initialize '{\"protocolVersion\":\"2025-06-18\"}'\n\n # Each mcp request should increment the ID\n [[ $ID -eq 1 ]]\n\n run_yq .serverInfo.name <<<\"$output\"\n assert_output \"lima\"\n}\n\nlocal_teardown() {\n kill \"${MCP_PID:?}\" 2>&1 >/dev/null || :\n}\n\nmcp() {\n local method=$1\n local params=${2:-}\n\n local request\n printf -v request '{\"jsonrpc\":\"2.0\",\"id\":%d,\"method\":\"%s\"}' \"$((++ID))\" \"$method\"\n if [[ -n $params ]]; then\n request=$(json_edit \".params=${params}\" <<<\"$request\")\n fi\n\n # send request to MCP server stdin\n echo \"$request\" >&\"${MCP[1]}\"\n\n # read response from MCP server stdout with 5s timeout\n local json\n while true; do\n if ! read -t 5 -r json <&\"${MCP[0]}\"; then\n break\n fi\n # If it has no \"method\" field, it's a response, not a notification\n if ! jq -e 'has(\"method\")' <<<\"$json\" >/dev/null 2>&1; then\n break\n fi\n done\n\n # verify that the response matches the request; also validates the output is valid JSON\n run_yq .id <<<\"$json\"\n assert_output \"$ID\"\n\n # there must be no error object in the response\n run_yq .error <<<\"$json\"\n assert_output \"null\"\n\n # set $output to .result\n run_yq .result <<<\"$json\"\n}\n\ntools_call() {\n local name=$1\n local args=${2:-}\n\n local params\n printf -v params '{\"name\":\"%s\"}' \"$name\"\n if [[ -n $args ]]; then\n params=$(json_edit \".arguments=${args}\" <<<\"$params\")\n fi\n mcp tools/call \"$params\"\n}\n\n@test 'list tools' {\n mcp tools/list\n run_yq '.tools[].name' <<<\"$output\"\n assert_line glob\n assert_line list_directory\n assert_line read_file\n assert_line run_shell_command\n assert_line search_file_content\n assert_line write_file\n}\n\n@test 'verify that tools descriptions include input and output schema' {\n mcp tools/list\n run_yq '.tools[] | select(.name == \"run_shell_command\")' <<<\"$output\"\n json=$output\n\n run_yq '.inputSchema.required[]' <<<\"$json\"\n assert_line command\n assert_line directory\n assert_output_lines_count 2\n\n run_yq '.inputSchema.properties | keys[]' <<<\"$json\"\n assert_line command\n assert_line description\n assert_line directory\n assert_output_lines_count 3\n\n run_yq '.outputSchema.required[]' <<<\"$json\"\n assert_line stdout\n assert_line stderr\n assert_output_lines_count 2\n\n run_yq '.outputSchema.properties | keys[]' <<<\"$json\"\n assert_line error\n assert_line exit_code\n assert_line stdout\n assert_line stderr\n assert_output_lines_count 4\n}\n\n@test 'run shell command returns command output' {\n run -0 limactl shell \"$INSTANCE\" cat /etc/os-release\n assert_output\n expected=$output\n\n tools_call run_shell_command '{\"directory\":\"/etc\",\"command\":[\"cat\",\"os-release\"]}'\n json=$output\n\n run_yq '.structuredContent.exit_code' <<<\"$json\"\n assert_output 0\n\n run_yq '.structuredContent.stdout' <<<\"$json\"\n assert_output \"$expected\"\n\n run_yq '.structuredContent.stderr' <<<\"$json\"\n refute_output\n\n # The same data is also available as encoded JSON\n run_yq '.content[0].type' <<<\"$json\"\n assert_output \"text\"\n\n run_yq '.content[0].text' <<<\"$json\"\n text=$output\n\n run_yq '.exit_code' <<<\"$text\"\n assert_output 0\n\n run_yq '.stdout' <<<\"$text\"\n assert_output \"$expected\"\n\n run_yq '.stderr' <<<\"$text\"\n refute_output\n}\n\n@test 'run shell command returns stderr and exit code' {\n tools_call run_shell_command '{\"directory\":\"/\",\"command\":[\"bash\",\"-c\",\"echo NO>&2; exit 13\"]}'\n json=$output\n\n run_yq '.structuredContent.exit_code' <<<\"$json\"\n assert_output 13\n\n run_yq '.structuredContent.error' <<<\"$json\"\n assert_output \"exit status 13\"\n\n run_yq '.structuredContent.stdout' <<<\"$json\"\n refute_output\n\n run_yq '.structuredContent.stderr' <<<\"$json\"\n assert_output \"NO\"\n}\n\n@test 'run shell command fails if the directory does not exist' {\n tools_call run_shell_command '{\"directory\":\"/etcetera\",\"command\":[\"cat\",\"os-release\"]}'\n json=$output\n\n run_yq '.structuredContent.exit_code' <<<\"$json\"\n assert_output 1\n\n run_yq '.structuredContent.stderr' <<<\"$json\"\n assert_output --partial \"No such file or directory\"\n}\n\n@test 'read_file reads a file' {\n run -0 limactl shell \"$INSTANCE\" cat /etc/os-release\n assert_output\n expected=$output\n\n tools_call read_file '{\"path\":\"/etc/os-release\"}'\n json=$output\n\n run_yq '.content[0].text' <<<\"$json\"\n run_yq '.content' <<<\"$output\"\n assert_output \"$expected\"\n\n run_yq '.structuredContent.content' <<<\"$json\"\n assert_output \"$expected\"\n}\n\n@test 'read_file returns an error when path does not exist' {\n tools_call read_file '{\"path\":\"/etc/os-release-info\"}'\n json=$output\n\n run_yq '.isError' <<<\"$json\"\n assert_output \"true\"\n\n run_yq '.content[0].text' <<<\"$json\"\n assert_output \"file does not exist\"\n}\n\n@test 'read_file returns an error when path is not absolute' {\n tools_call read_file '{\"path\":\"os-release\"}'\n json=$output\n\n run_yq '.isError' <<<\"$json\"\n assert_output \"true\"\n\n run_yq '.content[0].text' <<<\"$json\"\n assert_output --partial \"expected an absolute path\"\n}\n\n@test 'write_file creates new file and overwrites existing file' {\n limactl shell \"$INSTANCE\" rm -f /tmp/mcp.test\n tools_call write_file '{\"path\":\"/tmp/mcp.test\",\"content\":\"foo\"}'\n\n run_yq '.content[0].text' <<<\"$output\"\n assert_output \"{}\"\n\n run -0 limactl shell \"$INSTANCE\" cat /tmp/mcp.test\n assert_output \"foo\"\n\n tools_call write_file '{\"path\":\"/tmp/mcp.test\",\"content\":\"bar\"}'\n\n run_yq '.content[0].text' <<<\"$output\"\n assert_output \"{}\"\n\n run -0 limactl shell \"$INSTANCE\" cat /tmp/mcp.test\n assert_output \"bar\"\n}\n\n@test 'write_file creates the directory if it does not yet exist' {\n # Make sure /tmp/tmp is deletable even if we run the tests multiple times against the same Lima instance\n limactl shell \"$INSTANCE\" chmod -R 777 /tmp/tmp || true\n limactl shell \"$INSTANCE\" rm -rf /tmp/tmp\n tools_call write_file '{\"path\":\"/tmp/tmp/tmp\",\"content\":\"tmp\"}'\n json=$output\n\n run_yq '.isError' <<<\"$json\"\n assert_output \"null\"\n\n run -0 limactl shell \"$INSTANCE\" cat /tmp/tmp/tmp\n assert_output \"tmp\"\n}\n\n@test 'write_file returns an error when the directory is not writable' {\n limactl shell \"$INSTANCE\" mkdir -p /tmp/tmp\n limactl shell \"$INSTANCE\" chmod 444 /tmp/tmp\n tools_call write_file '{\"path\":\"/tmp/tmp/tmp\",\"content\":\"tmp\"}'\n json=$output\n\n run_yq '.isError' <<<\"$json\"\n assert_output \"true\"\n\n run_yq '.content[0].text' <<<\"$json\"\n assert_output \"permission denied\"\n}\n\n@test 'write_file returns an error when path is not absolute' {\n tools_call write_file '{\"path\":\"tmp/mcp.test\",\"content\":\"baz\"}'\n json=$output\n\n run_yq '.isError' <<<\"$json\"\n assert_output \"true\"\n\n run_yq '.content[0].text' <<<\"$json\"\n assert_output --partial \"expected an absolute path\"\n}\n\n@test 'glob finds files by wildcard' {\n tools_call glob '{\"pattern\":\"*/*p.bats\"}'\n\n run_yq '.structuredContent.matches[]' <<<\"$output\"\n assert_line --regexp '/tests/mcp.bats$'\n}\n\n@test 'glob returns an empty list when the pattern does not match' {\n\n tools_call glob '{\"pattern\":\"nothing.to.see\"}'\n\n run_yq '.structuredContent.matches[]' <<<\"$output\"\n assert_output_lines_count 0\n}\n\n@test 'search_file_content finds text inside files' {\n tools_call search_file_content '{\"pattern\":\"needle in a haystack\"}'\n\n run_yq '.structuredContent.git_grep_output' <<<\"$output\"\n assert_line --regexp '^tests/mcp.bats:[0-9]+: +tools_call'\n}\n\n@test 'search_file_content can find unicode characters above U+FFFF' {\n # The light bulb emoji 💡 (U+1F4A1)\n tools_call search_file_content '{\"pattern\":\"💡\"}'\n\n run_yq '.structuredContent.git_grep_output' <<<\"$output\"\n assert_line --regexp '^tests/mcp.bats:[0-9]+: +# The light bulb'\n assert_line --regexp '^tests/mcp.bats:[0-9]+: +tools_call'\n}\n\n@test 'search_file_content returns an empty string if it cannot find the pattern' {\n tools_call search_file_content \"$(printf '{\"pattern\":\"\\U0001f4a1 not found\"}')\"\n\n run_yq '.structuredContent.git_grep_output' <<<\"$output\"\n refute_output\n}\n\n" }, { "path": "hack/bats/tests/path.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nload \"../helpers/load\"\n\nINSTANCE=bats\n\n@test \"The guest home is accessible via both .guest and .linux paths\" {\n limactl shell \"$INSTANCE\" -- ls -ld /home/\"${USER}.guest/.ssh\"\n limactl shell \"$INSTANCE\" -- ls -ld /home/\"${USER}.linux/.ssh\"\n}\n" }, { "path": "hack/bats/tests/preserve-env.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nload \"../helpers/load\"\n\nINSTANCE=bats\n\nlocal_setup_file() {\n unset LIMA_SHELLENV_ALLOW\n unset LIMA_SHELLENV_BLOCK\n}\n\nlocal_setup() {\n # make sure changes from previous tests are removed\n limactl shell \"$INSTANCE\" sh -c '[ ! -f ~/.bash_profile ] || sed -i -E \"/^export (FOO|BAR|SSH_)/d\" ~/.bash_profile'\n}\n\n@test 'there are no FOO*, BAR*, or SSH_FOO* variables defined in the VM' {\n # just to confirm because the other tests depend on these being unused\n run -0 limactl shell \"$INSTANCE\" printenv\n refute_line --regexp '^FOO'\n refute_line --regexp '^BAR'\n refute_line --regexp '^SSH_FOO'\n}\n\n@test 'environment is not preserved by default' {\n export FOO=foo\n run -0 limactl shell \"$INSTANCE\" printenv\n refute_line --regexp '^FOO='\n}\n\n@test 'environment is preserved with --preserve-env' {\n export FOO=foo\n run -0 limactl shell --preserve-env \"$INSTANCE\" printenv\n assert_line FOO=foo\n}\n\n@test 'profile settings inside the VM take precedence over preserved variables' {\n limactl shell \"$INSTANCE\" sh -c 'echo \"export FOO=bar\" >>~/.bash_profile'\n export FOO=foo\n run -0 limactl shell --preserve-env \"$INSTANCE\" printenv\n assert_line FOO=bar\n}\n\n@test 'builtin block list is used when LIMA_SHELLENV_BLOCK is not set' {\n # default block list includes SSH_*\n export SSH_FOO=ssh_foo\n run -0 limactl shell --preserve-env \"$INSTANCE\" printenv\n refute_line --regexp '^SSH_FOO='\n}\n\n@test 'custom block list replaces builtin block list' {\n export LIMA_SHELLENV_BLOCK=FOO\n export FOO=foo\n export SSH_FOO=foo\n run -0 limactl shell --preserve-env \"$INSTANCE\" printenv\n refute_line --regexp '^FOO='\n assert_line SSH_FOO=foo\n}\n\n@test 'custom block list starting with + appends to builtin block list' {\n export LIMA_SHELLENV_BLOCK=+FOO\n export FOO=foo\n export SSH_FOO=foo\n run -0 limactl shell --preserve-env \"$INSTANCE\" printenv\n refute_line --regexp '^FOO='\n refute_line --regexp '^SSH_FOO='\n}\n\n@test 'block list entries can use * wildcard at the end' {\n export LIMA_SHELLENV_BLOCK=\"FOO*\"\n export FOO=foo\n export FOOBAR=foobar\n export BAR=bar\n run -0 limactl shell --preserve-env \"$INSTANCE\" printenv\n refute_line --regexp '^FOO'\n assert_line BAR=bar\n}\n\n@test 'wildcard works at the start of the pattern' {\n export LIMA_SHELLENV_BLOCK=\"*FOO\"\n export FOO=foo\n export BARFOO=barfoo\n run -0 limactl shell --preserve-env \"$INSTANCE\" printenv\n refute_line --regexp '^BARFOO='\n refute_line --regexp '^FOO='\n}\n\n@test 'block list can use a , separated list with whitespace ignored' {\n export LIMA_SHELLENV_BLOCK=\"FOO*, , BAR\"\n export FOO=foo\n export FOOBAR=foobar\n export BAR=bar\n export BARBAZ=barbaz\n run -0 limactl shell --preserve-env \"$INSTANCE\" printenv\n refute_line --regexp '^FOO'\n refute_line --regexp '^BAR='\n assert_line BARBAZ=barbaz\n}\n\n@test 'allow list can use a , separated list with whitespace ignored' {\n export LIMA_SHELLENV_ALLOW=\"SSH_FOO, , BAR*, LD_UID\"\n export SSH_FOO=ssh_foo\n export SSH_BAR=ssh_bar\n export SSH_BLOCK=ssh_block\n export BAR=bar\n export BARBAZ=barbaz\n export LD_UID=randomuid\n run -0 limactl shell --preserve-env \"$INSTANCE\" printenv\n\n assert_line SSH_FOO=ssh_foo\n assert_line BAR=bar\n assert_line BARBAZ=barbaz\n assert_line LD_UID=randomuid\n\n refute_line --regexp '^SSH_BAR='\n refute_line --regexp '^SSH_BLOCK='\n}\n\n@test 'wildcard patterns work in all positions' {\n export LIMA_SHELLENV_BLOCK=\"*FOO*BAR*\"\n export FOO=foo\n export FOOBAR=foobar\n export FOOXYZBAR=fooxyzbar\n export FOOBAZ=foobaz\n export BAZBAR=bazbar\n export BAR=bar\n export XFOOYBARZDOTCOM=xfooybarzdotcom\n export NORMAL_VAR=normal_var\n export UNRELATED=unrelated\n run -0 limactl shell --preserve-env \"$INSTANCE\" printenv\n\n refute_line --regexp '^FOOBAR='\n refute_line --regexp '^FOOXYZBAR='\n refute_line --regexp '^XFOOYBARZDOTCOM='\n\n assert_line FOOBAZ=foobaz\n assert_line NORMAL_VAR=normal_var\n assert_line UNRELATED=unrelated\n assert_line BAZBAR=bazbar\n assert_line BAR=bar\n assert_line FOO=foo\n}\n\n@test 'allowlist overrides default blocklist with wildcards' {\n export LIMA_SHELLENV_ALLOW=\"SSH_*,CUSTOM*\"\n export LIMA_SHELLENV_BLOCK=\"+*TOKEN\"\n export SSH_AUTH_SOCK=ssh_auth_sock\n export SSH_CONNECTION=ssh_connection\n export CUSTOM_VAR=custom_var\n export MY_TOKEN=my_token\n export UNRELATED=unrelated\n run -0 limactl shell --preserve-env \"$INSTANCE\" printenv\n\n assert_line SSH_AUTH_SOCK=ssh_auth_sock\n assert_line SSH_CONNECTION=ssh_connection\n assert_line CUSTOM_VAR=custom_var\n refute_line --regexp '^MY_TOKEN='\n assert_line UNRELATED=unrelated\n}\n\n@test 'invalid characters in patterns cause fatal errors' {\n export LIMA_SHELLENV_BLOCK=\"FOO-BAR\"\n run ! limactl shell --preserve-env \"$INSTANCE\" printenv\n assert_output --partial \"Invalid LIMA_SHELLENV_BLOCK pattern\"\n assert_output --partial \"contains invalid character\"\n}\n\n@test 'limactl info includes the default block list' {\n run -0 limactl info\n run -0 limactl yq '.shellEnvBlock[]' <<<\"$output\"\n assert_line PATH\n assert_line \"SSH_*\"\n assert_line USER\n}\n" }, { "path": "hack/bats/tests/protect.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nload \"../helpers/load\"\n\nINSTANCE=bats-dummy\nCLONE=clone\nNOTEXIST=notexist\n\nlocal_setup_file() {\n local inst\n for inst in \"$CLONE\" \"$NOTEXIST\"; do\n limactl unprotect \"$inst\" || :\n limactl delete --force \"$inst\" || :\n done\n}\n\n@test 'protecting a non-existing instance fails' {\n run_e -1 limactl protect \"${NOTEXIST}\"\n assert_fatal \"failed to inspect instance \\\"${NOTEXIST}\\\"…\"\n}\n\n@test 'protecting the dummy instance succeeds' {\n run_e -0 limactl protect \"$INSTANCE\"\n assert_info \"Protected \\\"${INSTANCE}\\\"\"\n assert_file_exists \"${LIMA_HOME}/${INSTANCE}/protected\"\n}\n\n@test 'protecting it again shows a warning, but succeeds' {\n run_e -0 limactl protect \"$INSTANCE\"\n assert_warning \"Instance \\\"${INSTANCE}\\\" is already protected. Skipping.\"\n assert_file_exists \"${LIMA_HOME}/${INSTANCE}/protected\"\n}\n\n@test 'cloning a protected instance creates an unprotected clone' {\n run_e -0 limactl clone --yes \"$INSTANCE\" \"$CLONE\"\n # TODO there is currently no output from the clone command, which feels wrong\n refute_output\n assert_file_not_exists \"${LIMA_HOME}/${CLONE}/protected\"\n}\n\n@test 'deleting the unprotected clone instance succeeds' {\n run_e -0 limactl delete --force \"$CLONE\"\n assert_info \"Deleted \\\"${CLONE}\\\"…\"\n}\n\n@test 'deleting protected dummy instance fails' {\n run_e -1 limactl delete --force \"$INSTANCE\"\n assert_fatal \"failed to delete instance \\\"${INSTANCE}\\\": instance is protected…\"\n assert_file_exists \"$LIMA_HOME/$INSTANCE/protected\"\n}\n\n@test 'unprotecting the dummy instance succeeds' {\n run_e -0 limactl unprotect \"$INSTANCE\"\n assert_info \"Unprotected \\\"${INSTANCE}\\\"\"\n assert_file_not_exists \"$LIMA_HOME/$INSTANCE/protected\"\n}\n\n@test 'unprotecting it again shows a warning, but succeeds' {\n run_e -0 limactl unprotect \"$INSTANCE\"\n assert_warning \"Instance \\\"${INSTANCE}\\\" isn't protected. Skipping.\"\n assert_file_not_exists \"$LIMA_HOME/$INSTANCE/protected\"\n}\n\n@test 'deleting unprotected dummy instance succeeds' {\n run_e -0 limactl delete --force \"$INSTANCE\"\n assert_info \"Deleted \\\"${INSTANCE}\\\"…\"\n}\n" }, { "path": "hack/bats/tests/shell-sync.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nload \"../helpers/load\"\n\nINSTANCE=bats-nomount\n\nsetup() {\n # Create a temporary test directory and files\n TEST_SYNC_DIR=\"$BATS_TEST_TMPDIR/sync-test\"\n mkdir -p \"$TEST_SYNC_DIR\"\n touch \"$TEST_SYNC_DIR/foo.txt\"\n touch \"$TEST_SYNC_DIR/bar.txt\"\n\n # Create a simple script that makes changes to these files\n cat > \"$TEST_SYNC_DIR/modify.sh\" << 'EOF'\n#!/bin/sh\nset -eu\necho \"modified foo\" > foo.txt\necho \"modified bar\" > bar.txt\nEOF\n chmod +x \"$TEST_SYNC_DIR/modify.sh\"\n}\n\nteardown() {\n # Clean up test directory\n if [[ -d \"$TEST_SYNC_DIR\" ]]; then\n rm -rf \"$TEST_SYNC_DIR\"\n fi\n}\n\n@test 'shell --sync preserves working directory path from host to guest' {\n cd \"$TEST_SYNC_DIR\"\n\n # Get path of the TEST_SYNC_DIR for verification\n local path_test_dir\n path_test_dir=\"$PWD\"\n\n run -0 bash -c \"limactl shell --sync . --yes '$INSTANCE' pwd && ./modify.sh\"\n\n # Verify the guest working directory matches the host path structure\n assert_output --regexp \".*${path_test_dir#/}\"\n\n # Verify files were modified\n run cat \"$TEST_SYNC_DIR/foo.txt\"\n assert_output \"modified foo\"\n run cat \"$TEST_SYNC_DIR/bar.txt\"\n assert_output \"modified bar\"\n}\n\n@test 'shell --sync with directory path containing spaces and quotes' {\n # Create directory with spaces and quotes in name and move test directory to it\n local special_dir=\"$BATS_TEST_TMPDIR/sync test 'with' \\\"quotes\\\"\"\n mkdir -p \"$special_dir\"\n mv \"$TEST_SYNC_DIR\" \"$special_dir\"\n cd \"$special_dir/sync-test\"\n\n # Count files before sync\n local files_before\n files_before=$(find . -type f | wc -l)\n\n run -0 bash -c \"limactl shell --sync . --yes '$INSTANCE' ./modify.sh\"\n\n # Verify files were modified\n run cat \"$special_dir/sync-test/foo.txt\"\n assert_output \"modified foo\"\n run cat \"$special_dir/sync-test/bar.txt\"\n assert_output \"modified bar\"\n\n # Count files after sync\n local files_after\n files_after=$(find \"$special_dir/sync-test\" -type f | wc -l)\n [[ $files_after -eq $files_before ]]\n\n # Cleanup\n rm -rf \"$special_dir\"\n}\n\n@test 'shell --sync reflects file deletion from guest to host' {\n cd \"$TEST_SYNC_DIR\"\n\n run -0 bash -c \"limactl shell --sync . --yes '$INSTANCE' rm -f foo.txt\"\n\n assert_file_not_exists \"$TEST_SYNC_DIR/foo.txt\"\n}\n\n@test 'shell --sync reflects new directory and file creation from guest to host' {\n cd \"$TEST_SYNC_DIR\"\n\n # Create a script that creates a new directory with a file\n cat > \"$TEST_SYNC_DIR/create_new.sh\" << 'EOF'\n#!/bin/sh\nset -eu\nmkdir -p new_directory\necho \"foo bar baz\" > new_directory/new_file.txt\nEOF\n chmod +x \"$TEST_SYNC_DIR/create_new.sh\"\n\n run -0 bash -c \"limactl shell --sync . --yes '$INSTANCE' ./create_new.sh && ./modify.sh\"\n\n # Verify new directory was created on host\n assert_dir_exists \"$TEST_SYNC_DIR/new_directory\"\n assert_file_exists \"$TEST_SYNC_DIR/new_directory/new_file.txt\"\n\n # Verify file content\n run cat \"$TEST_SYNC_DIR/new_directory/new_file.txt\"\n assert_output \"foo bar baz\"\n run cat \"$TEST_SYNC_DIR/foo.txt\"\n assert_output \"modified foo\"\n run cat \"$TEST_SYNC_DIR/bar.txt\"\n assert_output \"modified bar\"\n}\n\n@test 'shell --sync preserves file permissions' {\n cd \"$TEST_SYNC_DIR\"\n\n # Create a file with specific permissions\n touch \"$TEST_SYNC_DIR/executable.sh\"\n chmod 755 \"$TEST_SYNC_DIR/executable.sh\"\n\n # Modify the file in guest\n run -0 bash -c \"limactl shell --sync . --yes '$INSTANCE' ./modify.sh\"\n\n # Verify file is still executable on host\n if [[ \"$OSTYPE\" == darwin* ]]; then\n run stat -f '%A' \"$TEST_SYNC_DIR/executable.sh\"\n else\n run stat -c '%a' \"$TEST_SYNC_DIR/executable.sh\"\n fi\n assert_output \"755\"\n\n # Verify files were modified\n run cat \"$TEST_SYNC_DIR/foo.txt\"\n assert_output \"modified foo\"\n run cat \"$TEST_SYNC_DIR/bar.txt\"\n assert_output \"modified bar\"\n}\n\n@test 'shell --sync works without existing ControlMaster socket' {\n cd \"$TEST_SYNC_DIR\"\n\n # Remove the ControlMaster socket\n local sock_path=\"$LIMA_HOME/$INSTANCE/ssh.sock\"\n if [[ -S \"$sock_path\" ]]; then\n rm \"$sock_path\"\n fi\n\n run -0 bash -c \"limactl shell --sync . --yes '$INSTANCE' ./modify.sh\"\n\n # Verify files were modified\n run cat \"$TEST_SYNC_DIR/foo.txt\"\n assert_output \"modified foo\"\n run cat \"$TEST_SYNC_DIR/bar.txt\"\n assert_output \"modified bar\"\n}\n\n@test 'shell --sync should preserve top-level subtree after clean up' {\n local foo_dir=\"$TEST_SYNC_DIR/foo\"\n mkdir -p \"$foo_dir\"\n\n cd \"$foo_dir\"\n run -0 bash -c \"limactl shell --sync . --yes '$INSTANCE' sh -c 'pwd > pwd.txt'\"\n assert_file_exists \"$foo_dir/pwd.txt\"\n\n local guest_pwd\n guest_pwd=$(cat \"$foo_dir/pwd.txt\")\n\n run -0 bash -c \"limactl shell '$INSTANCE' test -d ${guest_pwd%/*}\"\n}\n" }, { "path": "hack/bats/tests/shell.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nload \"../helpers/load\"\n\nINSTANCE=bats-dummy\n\n@test 'lima stopped lima instance' {\n # check that the \"tty\" flag is used, also for stdin\n run_e -1 limactl shell --tty=false \"$INSTANCE\" true templates/demo.yaml\n# ├── back\n# │ └── .lima.yaml -> github:jandubois//loop/\n# ├── docs\n# │ └── .lima.yaml -> ../templates/demo.yaml\n# ├── example.yaml -> templates/demo.yaml\n# ├── invalid\n# │ ├── org\n# │ │ └── .lima.yaml -> github:lima-vm\n# │ └── tag\n# │ └── .lima.yaml -> github:jandubois//@v0.0.0\n# ├── loop\n# │ └── .lima.yaml -> github:jandubois//back/\n# ├── redirect\n# │ └── .lima.yaml -> github:jandubois/lima/templates/default\n# ├── templates\n# │ └── demo.yaml \"base: template:default\"\n# └── yaml\n# └── .lima.yaml \"{}\"\n#\n# Both the `main` branch and the `v0.0.0` tag have this layout.\n#\n# All these URLs should redirect to the same template URL (either on \"main\" or at \"v0.0.0\"):\n# \"https://raw.githubusercontent.com/jandubois/jandubois/${tag}/templates/demo.yaml\"\n#\n# Additional tests rely on jandubois/lima existing and containing the v1.2.1 tag.\n\nURLS=(\n\tgithub:jandubois/jandubois/templates/demo.yaml@main\n\tgithub:jandubois/jandubois/templates/demo.yaml\n\tgithub:jandubois/jandubois/templates/demo\n\tgithub:jandubois/jandubois/.lima.yaml\n\tgithub:jandubois/jandubois/@v0.0.0\n\tgithub:jandubois/jandubois\n\tgithub:jandubois//templates/demo.yaml@main\n\tgithub:jandubois//templates/demo.yaml\n\tgithub:jandubois//templates/demo\n\tgithub:jandubois//.lima.yaml\n\tgithub:jandubois//@v0.0.0\n\tgithub:jandubois//\n\tgithub:jandubois/\n\tgithub:jandubois@v0.0.0\n\tgithub:jandubois\n\tgithub:jandubois/jandubois/example.yaml\n\tgithub:jandubois/jandubois/example@main\n\tgithub:jandubois//example.yaml@v0.0.0\n\tgithub:jandubois//example\n\tgithub:jandubois/jandubois/docs/.lima.yaml@main\n\tgithub:jandubois/jandubois/docs/.lima.yaml\n\tgithub:jandubois/jandubois/docs/.lima\n\tgithub:jandubois/jandubois/docs/\n\tgithub:jandubois//docs/.lima.yaml@v0.0.0\n\tgithub:jandubois//docs/.lima.yaml\n\tgithub:jandubois//docs/.lima\n\tgithub:jandubois//docs/@v0.0.0\n\tgithub:jandubois//docs/\n)\n\nurl() {\n\trun_e \"$1\" limactl --debug template url \"$2\"\n}\n\ntest_jandubois_url() {\n\tlocal url=$1\n\tlocal tag=\"main\"\n\tif [[ $url == *v0.0.0* ]]; then\n\t\ttag=\"v0.0.0\"\n\tfi\n\n\turl -0 \"$url\"\n\tassert_output \"https://raw.githubusercontent.com/jandubois/jandubois/${tag}/templates/demo.yaml\"\n}\n\n# Dynamically register a @test for each URL in the list\nfor url in \"${URLS[@]}\"; do\n\tbats_test_function --description \"$url\" -- test_jandubois_url \"$url\"\ndone\n\n@test '.lima.yaml is retained when it exits and is not a symlink' {\n\turl -0 'github:jandubois//yaml/'\n\tassert_output 'https://raw.githubusercontent.com/jandubois/jandubois/main/yaml/.lima.yaml'\n}\n\n@test 'non-existing .lima.yaml returns an error' {\n\turl -1 'github:jandubois//missing/'\n\tassert_fatal 'file \"https://raw.githubusercontent.com/jandubois/jandubois/main/missing/.lima.yaml\" not found or inaccessible: status 404'\n}\n\n@test 'hidden files without an extension get a .yaml extension' {\n\turl -1 'github:jandubois//test/.hidden'\n\tassert_fatal 'file \"https://raw.githubusercontent.com/jandubois/jandubois/main/test/.hidden.yaml\" not found or inaccessible: status 404'\n}\n\n@test 'files that have an extension do not get a .yaml extension' {\n\t# This command doesn't fail because only *.yaml files are checked for redirects/symlinks, and therefore fail right away if they don't exist.\n\turl -0 'github:jandubois//test/.script.sh'\n\tassert_output 'https://raw.githubusercontent.com/jandubois/jandubois/main/test/.script.sh'\n}\n\n@test 'github: URLs are EXPERIMENTAL' {\n\turl -0 'github:jandubois'\n\tassert_warning \"The github: scheme is still EXPERIMENTAL\"\n}\n\n# Invalid URLs\n@test 'empty github: url returns an error' {\n\turl -1 'github:'\n\tassert_fatal 'github: URL must contain at least an ORG, got \"\"'\n}\n\n@test 'missing org returns an error' {\n\turl -1 'github:/jandubois'\n\tassert_fatal 'github: URL must contain at least an ORG, got \"\"'\n}\n\n# github: redirects in github:ORG// repos\n@test 'org redirects can point to different repo and may switch the branch name' {\n\turl -0 'github:jandubois//redirect/'\n\t# Note that the default branch in jandubois/jandubois is main, but in jandubois/lima it is master\n\tassert_debug 'Locator \"github:jandubois//redirect/\" replaced with \"github:jandubois/lima/templates/default\"'\n\tassert_debug 'Locator \"github:jandubois/lima/templates/default\" replaced with \"https://raw.githubusercontent.com/jandubois/lima/master/templates/default.yaml\"'\n\tassert_output 'https://raw.githubusercontent.com/jandubois/lima/master/templates/default.yaml'\n}\n\n@test 'org redirects propagate an explicit branch/tag to the other repo' {\n\turl -0 'github:jandubois//redirect/@v1.2.1'\n\tassert_debug 'Locator \"github:jandubois//redirect/@v1.2.1\" replaced with \"github:jandubois/lima/templates/default@v1.2.1\"'\n\tassert_debug 'Locator \"github:jandubois/lima/templates/default@v1.2.1\" replaced with \"https://raw.githubusercontent.com/jandubois/lima/v1.2.1/templates/default.yaml\"'\n\tassert_output 'https://raw.githubusercontent.com/jandubois/lima/v1.2.1/templates/default.yaml'\n}\n\n@test 'org redirects cannot point to another org' {\n\turl -1 'github:jandubois//invalid/org/'\n\tassert_fatal 'redirect \"github:lima-vm\" is not a \"github:jandubois\" URL…'\n}\n\n@test 'org redirects with branch cannot point to another org' {\n\turl -1 'github:jandubois//invalid/org/@main'\n\tassert_fatal 'redirect \"github:lima-vm\" is not a \"github:jandubois\" URL…'\n}\n\n@test 'org redirects cannot include a branch or tag' {\n\turl -1 'github:jandubois//invalid/tag/'\n\tassert_fatal 'redirect \"github:jandubois//@v0.0.0\" must not include a branch/tag/sha…'\n}\n\n@test 'org redirects with tag cannot include a branch or tag' {\n\turl -1 'github:jandubois//invalid/tag/@v0.0.0'\n\tassert_fatal 'redirect \"github:jandubois//@v0.0.0\" must not include a branch/tag/sha…'\n}\n\n@test 'org redirects must not create circular redirects' {\n\turl -1 'github:jandubois//loop/'\n\tassert_fatal 'custom locator \"github:jandubois//loop/\" has a redirect loop'\n}\n\n@test 'org redirects with branch must not create circular redirects' {\n\turl -1 'github:jandubois//back/@main'\n\tassert_fatal 'custom locator \"github:jandubois//back/@main\" has a redirect loop'\n}\n" }, { "path": "hack/bats/tests/yq.bats", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nload \"../helpers/load\"\n\n@test 'make sure the yq subcommand exists' {\n run -0 limactl yq --version\n assert_output --regexp '^yq .*mikefarah.* version v'\n}\n\n@test 'yq can evaluate yq expressions' {\n run -0 limactl yq -n .foo=42\n assert_output 'foo: 42'\n}\n\n@test 'yq command understand yq options' {\n run -0 limactl yq -n -o json -I 0 .foo=42\n assert_output '{\"foo\":42}'\n}\n\n@test 'yq errors set non-zero exit code' {\n run -1 limactl yq -n foo\n assert_output --partial \"invalid input\"\n}\n\n@test 'yq works as a multi-call binary' {\n # multi-call command detection strips all extensions\n YQ=\"yq.lima.exe\"\n ln -sf \"$(which limactl)\" \"${BATS_TEST_TMPDIR}/${YQ}\"\n export PATH=\"$BATS_TEST_TMPDIR:$PATH\"\n\n run -0 \"$YQ\" --version\n assert_output --regexp '^yq .*mikefarah.* version v'\n\n run -0 \"$YQ\" -n -o json -I 0 .foo=42\n assert_output '{\"foo\":42}'\n}\n\n@test 'yq multi-call command has support for env access' {\n export FOO=bar\n run -0 limactl yq -n 'env(FOO)'\n assert_output \"bar\"\n}\n\n@test 'yq multi-call command has support for --security-disable-env-ops' {\n export FOO=bar\n run_e -1 limactl yq -n --security-disable-env-ops 'env(FOO)'\n assert_stderr \"Error: env operations have been disabled\"\n}\n" }, { "path": "hack/brew-install-version.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# This script only works for formulas in the homebrew-core.\n# It assumes the homebrew-core has been checked out into ./homebrew-core.\n# It only needs commit messages, so the checkout can be filtered with tree:0.\n\nset -eu -o pipefail\n\nFORMULA=$1\nVERSION=$2\n\nexport HOMEBREW_NO_AUTO_UPDATE=1\nexport HOMEBREW_NO_INSTALL_UPGRADE=1\nexport HOMEBREW_NO_INSTALL_CLEANUP=1\n\nTAP=lima/tap\nif ! brew tap | grep -q \"^${TAP}\\$\"; then\n\tbrew tap-new \"$TAP\"\nfi\n\n# Get the latest commit id for the commit that updated this bottle\nSHA=$(git -C homebrew-core log --max-count 1 --grep \"^${FORMULA}: update ${VERSION} bottle\" --format=\"%H\")\nif [[ -z $SHA ]]; then\n\techo \"${FORMULA} ${VERSION} not found\"\n\texit 1\nfi\n\nOUTPUT=\"$(brew --repo \"$TAP\")/Formula/${FORMULA}.rb\"\nRAW=\"https://raw.githubusercontent.com/Homebrew/homebrew-core\"\ncurl -s \"${RAW}/${SHA}/Formula/${FORMULA::1}/${FORMULA}.rb\" -o \"$OUTPUT\"\n\nif brew ls -1 | grep -q \"^${FORMULA}\\$\"; then\n\tbrew uninstall \"$FORMULA\" --ignore-dependencies\nfi\nbrew install \"${TAP}/${FORMULA}\"\n" }, { "path": "hack/cache-common-inc.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# print the error message and exit with status 1\nfunction error_exit() {\n\techo \"Error: $*\" >&2\n\texit 1\n}\n\n# e.g.\n# ```console\n# $ download_template_if_needed templates/default.yaml\n# templates/default.yaml\n# $ download_template_if_needed https://raw.githubusercontent.com/lima-vm/lima/v0.15.1/examples/ubuntu-lts.yaml\n# /tmp/tmp.1J9Q6Q/template.yaml\n# ```\nfunction download_template_if_needed() {\n\tlocal template=\"$1\"\n\ttmp_yaml=\"$(mktemp -d)/template.yaml\"\n\t# The upgrade test doesn't have limactl installed first. The old version wouldn't support `limactl tmpl` anyways.\n\tif command -v limactl >/dev/null; then\n\t\tlimactl tmpl copy --embed-all \"${template}\" \"${tmp_yaml}\" || return\n\telse\n\t\tif [[ $template == https://* ]]; then\n\t\t\tcurl -sSLf \"${template}\" >\"${tmp_yaml}\" || return\n\t\telse\n\t\t\tcp \"${template}\" \"${tmp_yaml}\"\n\t\tfi\n\tfi\n\techo \"${tmp_yaml}\"\n}\n\n# e.g.\n# ```console\n# $ print_image_locations_for_arch_from_template templates/default.yaml\n# https://cloud-images.ubuntu.com/releases/24.04/release-20240809/ubuntu-24.04-server-cloudimg-arm64.img sha256:2e0c90562af1970ffff220a5073a7830f4acc2aad55b31593003e8c363381e7a\n# https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-arm64.img null\n# ```\nfunction print_image_locations_for_arch_from_template() {\n\tlocal template arch\n\ttemplate=$(download_template_if_needed \"$1\") || return\n\tlocal -r template=${template}\n\tarch=$(detect_arch \"${template}\" \"${2:-}\") || return\n\tlocal -r arch=${arch}\n\n\t# extract digest, location and size by parsing template using arch\n\tlocal -r yq_filter=\"[.images | map(select(.arch == \\\"${arch}\\\")) | .[].location] | .[]\"\n\tyq eval \"${yq_filter}\" \"${template}\"\n}\n\n# e.g.\n# ```console\n# $ detect_arch templates/default.yaml\n# x86_64\n# $ detect_arch templates/default.yaml arm64\n# aarch64\n# ```\nfunction detect_arch() {\n\tlocal template arch\n\ttemplate=$(download_template_if_needed \"$1\") || return\n\tlocal -r template=${template}\n\n\tarch=\"${2:-$(yq '.arch // \"\"' \"${template}\")}\"\n\tarch=\"${arch:-$(uname -m)}\"\n\t# normalize arch. amd64 -> x86_64, arm64 -> aarch64\n\tcase \"${arch}\" in\n\tamd64 | x86_64) arch=x86_64 ;;\n\taarch64 | arm64) arch=aarch64 ;;\n\t*) ;;\n\tesac\n\techo \"${arch}\"\n}\n\n# e.g.\n# ```console\n# $ print_image_locations_for_arch_from_template templates/default.yaml|print_valid_image_index\n# 0\n# ```\nfunction print_valid_image_index() {\n\tlocal index=0\n\twhile read -r location; do\n\t\t[[ ${location} != \"null\" ]] || continue\n\t\thttp_code_and_size=$(check_location_with_cache \"${location}\")\n\t\tread -r http_code _size <<<\"${http_code_and_size}\"\n\t\tif [[ ${http_code} -eq 200 ]]; then\n\t\t\techo \"${index}\"\n\t\t\treturn\n\t\tfi\n\t\tindex=$((index + 1))\n\tdone\n\techo \"Failed to get the valid image location\" >&2\n\treturn 1\n}\n\n# e.g.\n# ```console\n# $ size_from_location \"https://cloud-images.ubuntu.com/releases/24.04/release-20240725/ubuntu-24.04-server-cloudimg-amd64.img\"\n# 585498624\n# ```\nfunction size_from_location() {\n\t(\n\t\tset -o pipefail\n\t\tlocal location=$1\n\t\tcheck_location \"${location}\" | cut -d' ' -f2\n\t)\n}\n\n# Check the remote location and print the http code and size.\n# If GITHUB_ACTIONS is true, the result is not cached.\n# e.g.\n# ```console\n# $ check_location \"https://cloud-images.ubuntu.com/releases/24.04/release-20240725/ubuntu-24.04-server-cloudimg-amd64.img\"\n# 200 585498624\n# ```\nfunction check_location() {\n\t# shellcheck disable=SC2154\n\tif [[ ${GITHUB_ACTIONS:-false} == true ]]; then\n\t\tcheck_location_without_cache \"$1\"\n\telse\n\t\tcheck_location_with_cache \"$1\"\n\tfi\n}\n\n# Check the remote location and print the http code and size.\n# The result is cached in .check_location-response-cache.yaml\n# e.g.\n# ```console\n# $ check_location_with_cache \"https://cloud-images.ubuntu.com/releases/24.04/release-20240725/ubuntu-24.04-server-cloudimg-amd64.img\"\n# 200 585498624\n# ```\nfunction check_location_with_cache() {\n\tlocal -r location=\"$1\" cache_file=\".check_location-response-cache.yaml\"\n\t# check ${cache_file} for the cache\n\tif [[ -f ${cache_file} ]]; then\n\t\tcached=$(yq -e eval \".[\\\"${location}\\\"]\" \"${cache_file}\" 2>/dev/null) && echo \"${cached}\" && return\n\telse\n\t\ttouch \"${cache_file}\"\n\tfi\n\thttp_code_and_size=$(check_location_without_cache \"${location}\") || return\n\tyq eval \".[\\\"${location}\\\"] = \\\"${http_code_and_size}\\\"\" -i \"${cache_file}\" || return\n\techo \"${http_code_and_size}\"\n}\n\n# e.g.\n# ```console\n# $ check_location \"https://cloud-images.ubuntu.com/releases/24.04/release-20240725/ubuntu-24.04-server-cloudimg-amd64.img\"\n# 200 585498624\n# ```\nfunction check_location_without_cache() {\n\tlocal -r location=\"$1\"\n\tcurl -sIL -w \"%{http_code} %header{Content-Length}\" \"${location}\" -o /dev/null\n}\n\n# e.g.\n# ```console\n# $ print_image_kernel_initrd_locations_with_digest_for_arch_from_template_at_index templates/default.yaml 0\n# https://cloud-images.ubuntu.com/releases/24.04/release-20240809/ubuntu-24.04-server-cloudimg-arm64.img\n# sha256:2e0c90562af1970ffff220a5073a7830f4acc2aad55b31593003e8c363381e7a\n# null\n# null\n# null\n# null\n# ```\nfunction print_image_kernel_initrd_locations_with_digest_for_arch_from_template_at_index() {\n\tlocal template index=\"${2:-}\" arch\n\ttemplate=$(download_template_if_needed \"$1\") || return\n\tlocal -r template=${template}\n\tarch=$(detect_arch \"${template}\" \"${3:-}\") || return\n\tlocal -r arch=${arch}\n\n\tlocal -r yq_filter=\"[(.images[] | select(.arch == \\\"${arch}\\\"))].[${index}]|[\n\t\t.location,\n\t\t.digest,\n\t\t.kernel.location,\n\t\t.kernel.digest,\n\t\t.initrd.location,\n\t\t.initrd.digest\n\t]\"\n\tyq -o=t eval \"${yq_filter}\" \"${template}\"\n}\n\n# e.g.\n# ```console\n# $ print_containerd_config_for_arch_from_template templates/default.yaml\n# true\n# https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-full-1.7.6-linux-arm64.tar.gz\n# sha256:77c747f09853ee3d229d77e8de0dd3c85622537d82be57433dc1fca4493bab95\n# ```\nfunction print_containerd_config_for_arch_from_template() {\n\tlocal template arch\n\ttemplate=$(download_template_if_needed \"$1\") || return\n\tlocal -r template=${template}\n\tarch=$(detect_arch \"${template}\" \"${2:-}\") || return\n\tlocal -r arch=${arch}\n\n\tlocal -r yq_filter=\"\n\t\t[.containerd|[.system or .user],\n\t\t.containerd.archives | map(select(.arch == \\\"${arch}\\\")) | [.[0].location, .[0].digest]]|flatten\n\t\"\n\tvalidated_template=\"$(\n\t\tlimactl validate \"${template}\" --fill 2>/dev/null || echo \"{.containerd: {system: false, user: false, archives: []}}\"\n\t)\"\n\tyq -o=t eval \"${yq_filter}\" <<<\"${validated_template}\"\n}\n\n# e.g.\n# ```console\n# $ location_to_sha256 \"https://cloud-images.ubuntu.com/releases/24.04/release-20240809/ubuntu-24.04-server-cloudimg-arm64.img\"\n# ae988d797c6de06b9c8a81a2b814904151135ccfd4616c22948057f6280477e8\n# ```\nfunction location_to_sha256() {\n\t(\n\t\tset -o pipefail\n\t\tlocal -r location=\"$1\"\n\t\tif command -v sha256sum >/dev/null; then\n\t\t\tsha256=\"$(echo -n \"${location}\" | sha256sum | cut -d' ' -f1)\"\n\t\telif command -v shasum >/dev/null; then\n\t\t\tsha256=\"$(echo -n \"${location}\" | shasum -a 256 | cut -d' ' -f1)\"\n\t\telse\n\t\t\terror_exit \"sha256sum or shasum not found\"\n\t\tfi\n\t\techo \"${sha256}\"\n\t)\n}\n\n# e.g.\n# ```console\n# $ cache_download_dir\n# .download # on GitHub Actions\n# /home/user/.cache/lima/download # on Linux\n# /Users/user/Library/Caches/lima/download # on macOS\n# /home/user/.cache/lima/download # on others\n# ```\nfunction cache_download_dir() {\n\tif [[ ${GITHUB_ACTIONS:-false} == true ]]; then\n\t\techo \".download\"\n\telse\n\t\tcase \"$(uname -s)\" in\n\t\tLinux) echo \"${XDG_CACHE_HOME:-${HOME}/.cache}/lima/download\" ;;\n\t\tDarwin) echo \"${HOME}/Library/Caches/lima/download\" ;;\n\t\t*) echo \"${HOME}/.cache/lima/download\" ;;\n\t\tesac\n\tfi\n}\n\n# e.g.\n# ```console\n# $ location_to_cache_path \"https://cloud-images.ubuntu.com/releases/24.04/release-20240809/ubuntu-24.04-server-cloudimg-arm64.img\"\n# .download/by-url-sha256/ae988d797c6de06b9c8a81a2b814904151135ccfd4616c22948057f6280477e8\n# ```\nfunction location_to_cache_path() {\n\tlocal location=$1\n\t[[ ${location} != \"null\" ]] || return\n\tsha256=$(location_to_sha256 \"${location}\") && download_dir=$(cache_download_dir) && echo \"${download_dir}/by-url-sha256/${sha256}\"\n}\n\n# e.g.\n# ```console\n# $ cache_key_from_prefix_location_and_digest image \"https://cloud-images.ubuntu.com/releases/24.04/release-20240809/ubuntu-24.04-server-cloudimg-arm64.img\" \"sha256:2e0c90562af1970ffff220a5073a7830f4acc2aad55b31593003e8c363381e7a\"\n# image:ubuntu-24.04-server-cloudimg-arm64.img-sha256:2e0c90562af1970ffff220a5073a7830f4acc2aad55b31593003e8c363381e7a\n# $ cache_key_from_prefix_location_and_digest image \"https://cloud-images.ubuntu.com/releases/24.04/release-20240809/ubuntu-24.04-server-cloudimg-arm64.img\" \"null\"\n# image:ubuntu-24.04-server-cloudimg-arm64.img-url-sha256:ae988d797c6de06b9c8a81a2b814904151135ccfd4616c22948057f6280477e8\n# ```\nfunction cache_key_from_prefix_location_and_digest() {\n\tlocal prefix=$1 location=$2 digest=$3 location_basename\n\t[[ ${location} != \"null\" ]] || return\n\tlocation_basename=$(basename \"${location}\")\n\tif [[ ${digest} != \"null\" ]]; then\n\t\techo \"${prefix}:${location_basename}-${digest}\"\n\telse\n\t\t# use sha256 of location as key if digest is not available\n\t\techo \"${prefix}:${location_basename}-url-sha256:$(location_to_sha256 \"${location}\")\"\n\tfi\n}\n\n# e.g.\n# ```console\n# $ print_path_and_key_for_cache image \"https://cloud-images.ubuntu.com/releases/24.04/release-20240809/ubuntu-24.04-server-cloudimg-arm64.img\" \"sha256:2e0c90562af1970ffff220a5073a7830f4acc2aad55b31593003e8c363381e7a\"\n# image-path=.download/by-url-sha256/ae988d797c6de06b9c8a81a2b814904151135ccfd4616c22948057f6280477e8\n# image-key=image:ubuntu-24.04-server-cloudimg-arm64.img-sha256:2e0c90562af1970ffff220a5073a7830f4acc2aad55b31593003e8c363381e7a\n# ```\nfunction print_path_and_key_for_cache() {\n\tlocal -r prefix=$1 location=$2 digest=$3\n\tcache_path=$(location_to_cache_path \"${location}\" || true)\n\tcache_key=$(cache_key_from_prefix_location_and_digest \"${prefix}\" \"${location}\" \"${digest}\" || true)\n\techo \"${prefix}-path=${cache_path}\"\n\techo \"${prefix}-key=${cache_key}\"\n}\n\n# e.g.\n# ```console\n# $ print_cache_informations_from_template templates/default.yaml\n# image-path=.download/by-url-sha256/ae988d797c6de06b9c8a81a2b814904151135ccfd4616c22948057f6280477e8\n# image-key=image:ubuntu-24.04-server-cloudimg-arm64.img-sha256:2e0c90562af1970ffff220a5073a7830f4acc2aad55b31593003e8c363381e7a\n# kernel-path=\n# kernel-key=\n# initrd-path=\n# initrd-key=\n# containerd-path=.download/by-url-sha256/21cc8dfa548ea8a678135bd6984c9feb9f8a01901d10b11bb491f6f4e7537158\n# containerd-key=containerd:nerdctl-full-1.7.6-linux-arm64.tar.gz-sha256:77c747f09853ee3d229d77e8de0dd3c85622537d82be57433dc1fca4493bab95\n# $ print_cache_informations_from_template templates/experimental/riscv64.yaml\n# image-path=.download/by-url-sha256/760b6ec69c801177bdaea06d7ee25bcd6ab72a331b9d3bf38376578164eb8f01\n# image-key=image:ubuntu-24.04-server-cloudimg-riscv64.img-sha256:361d72c5ed9781b097ab2dfb1a489c64e51936be648bbc5badee762ebdc50c31\n# kernel-path=.download/by-url-sha256/4568026693dc0f31a551b6741839979c607ee6bb0bf7209c89f3348321c52c61\n# kernel-key=kernel:qemu-riscv64_smode_uboot.elf-sha256:d4b3a10c3ef04219641802a586dca905e768805f5a5164fb68520887df54f33c\n# initrd-path=\n# initrd-key=\n# ```\nfunction print_cache_informations_from_template() {\n\t(\n\t\tset -o pipefail\n\t\tlocal template index image_kernel_initrd_info location digest containerd_info\n\t\ttemplate=$(download_template_if_needed \"$1\") || return\n\t\tlocal -r template=\"${template}\"\n\t\tindex=$(print_image_locations_for_arch_from_template \"${template}\" \"${@:2}\" | print_valid_image_index) || return\n\t\tlocal -r index=\"${index}\"\n\t\timage_kernel_initrd_info=$(print_image_kernel_initrd_locations_with_digest_for_arch_from_template_at_index \"${template}\" \"${index}\" \"${@:2}\") || return\n\t\t# shellcheck disable=SC2034\n\t\tread -r image_location image_digest kernel_location kernel_digest initrd_location initrd_digest <<<\"${image_kernel_initrd_info}\"\n\t\tfor prefix in image kernel initrd; do\n\t\t\tlocation=${prefix}_location\n\t\t\tdigest=${prefix}_digest\n\t\t\tprint_path_and_key_for_cache \"${prefix}\" \"${!location}\" \"${!digest}\"\n\t\tdone\n\t\tif command -v limactl >/dev/null; then\n\t\t\tcontainerd_info=$(print_containerd_config_for_arch_from_template \"${template}\" \"${@:2}\") || return\n\t\t\tread -r containerd_enabled containerd_location containerd_digest <<<\"${containerd_info}\"\n\t\t\tif [[ ${containerd_enabled} == \"true\" ]]; then\n\t\t\t\tprint_path_and_key_for_cache \"containerd\" \"${containerd_location}\" \"${containerd_digest}\"\n\t\t\tfi\n\t\tfi\n\t)\n}\n\n# Compatible with hashFile() in GitHub Actions\n# e.g.\n# ```console\n# $ hash_file templates/default.yaml\n# ceec5ba3dc8872c083b2eb7f44e3e3f295d5dcdeccf0961ee153be6586525e5e\n# ```\nfunction hash_file() {\n\t(\n\t\tset -o pipefail\n\t\tlocal hash=\"\"\n\t\tfor file in \"$@\"; do\n\t\t\thash=\"${hash}$(sha256sum \"${file}\" | cut -d' ' -f1)\" || return\n\t\tdone\n\t\techo \"${hash}\" | xxd -r -p | sha256sum | cut -d' ' -f1\n\t)\n}\n\n# Download the file to the cache directory and print the path.\n# e.g.\n# ```console\n# $ download_to_cache \"https://cloud-images.ubuntu.com/releases/24.04/release-20240821/ubuntu-24.04-server-cloudimg-arm64.img\"\n# .download/by-url-sha256/346ee1ff9e381b78ba08e2a29445960b5cd31c51f896fc346b82e26e345a5b9a/data # on GitHub Actions\n# /home/user/.cache/lima/download/by-url-sha256/346ee1ff9e381b78ba08e2a29445960b5cd31c51f896fc346b82e26e345a5b9a/data # on Linux\n# /Users/user/Library/Caches/lima/download/by-url-sha256/346ee1ff9e381b78ba08e2a29445960b5cd31c51f896fc346b82e26e345a5b9a/data # on macOS\n# /home/user/.cache/lima/download/by-url-sha256/346ee1ff9e381b78ba08e2a29445960b5cd31c51f896fc346b82e26e345a5b9a/data # on others\nfunction download_to_cache() {\n\tlocal cache_path use_redirected_location=${2:-YES}\n\tcache_path=$(location_to_cache_path \"$1\")\n\t# before checking remote location, check if the data file is already downloaded and the time file is updated within 10 minutes\n\tif [[ -f ${cache_path}/data && -n \"$(find \"${cache_path}/time\" -mmin -10 || true)\" ]]; then\n\t\techo \"${cache_path}/data\"\n\t\treturn\n\tfi\n\n\t# check the remote location\n\tlocal curl_info_json write_out\n\twrite_out='{\n\t\t\"json\":%{json},\n\t\t\"header\":%{header_json}\n\t}'\n\tcurl_info_json=$(curl -sSLI -w \"${write_out}\" \"$1\" -o /dev/null)\n\n\tlocal code time type url\n\tcode=$(jq -r '.json.http_code' <<<\"${curl_info_json}\")\n\ttime=$(jq -r '(.header[\"last-modified\"]|first) // (.header[\"date\"]|first) // empty' <<<\"${curl_info_json}\")\n\ttype=$(jq -r '.json.content_type' <<<\"${curl_info_json}\")\n\tif [[ ${use_redirected_location} == \"YES\" ]]; then\n\t\turl=$(jq -r '.json.url_effective' <<<\"${curl_info_json}\")\n\telse\n\t\turl=$1\n\tfi\n\t[[ ${code} == 200 ]] || error_exit \"Failed to download $1\"\n\n\tcache_path=$(location_to_cache_path \"${url}\")\n\t[[ -d ${cache_path} ]] || mkdir -p \"${cache_path}\"\n\n\tlocal needs_download=0\n\t[[ -f ${cache_path}/data ]] || needs_download=1\n\t[[ -f ${cache_path}/time && \"$(<\"${cache_path}/time\")\" == \"${time}\" ]] || needs_download=1\n\t[[ -f ${cache_path}/type && \"$(<\"${cache_path}/type\")\" == \"${type}\" ]] || needs_download=1\n\tif [[ ${needs_download} -eq 1 ]]; then\n\t\tcurl_info_json=$(\n\t\t\techo \"downloading ${url}\" >&2\n\t\t\tcurl -SL -w \"${write_out}\" --no-clobber -o \"${cache_path}/data\" \"${url}\"\n\t\t)\n\t\tlocal filename\n\t\tcode=$(jq -r '.json.http_code' <<<\"${curl_info_json}\")\n\t\ttime=$(jq -r '(.header[\"last-modified\"]|first) // (.header[\"date\"]|first) // empty' <<<\"${curl_info_json}\")\n\t\ttype=$(jq -r '.json.content_type' <<<\"${curl_info_json}\")\n\t\turl=$(jq -r '.json.url_effective' <<<\"${curl_info_json}\")\n\t\tfilename=$(jq -r '.json.filename_effective' <<<\"${curl_info_json}\")\n\t\t[[ ${code} == 200 ]] || error_exit \"Failed to download ${url}\"\n\t\t[[ \"${cache_path}/data\" == \"${filename}\" ]] || mv \"${filename}\" \"${cache_path}/data\"\n\t\t# sha256.digest seems existing if expected digest is available. so, not creating it here.\n\t\t# sha256sum \"${cache_path}/data\" | awk '{print \"sha256:\"$1}' >\"${cache_path}/sha256.digest\"\n\t\techo -n \"${time}\" >\"${cache_path}/time\"\n\telse\n\t\ttouch \"${cache_path}/time\"\n\tfi\n\t[[ -f ${cache_path}/type ]] || echo -n \"${type}\" >\"${cache_path}/type\"\n\t[[ -f ${cache_path}/url ]] || echo -n \"${url}\" >\"${cache_path}/url\"\n\techo \"${cache_path}/data\"\n}\n\n# Download the file to the cache directory without redirect and print the path.\nfunction download_to_cache_without_redirect() {\n\tdownload_to_cache \"$1\" \"NO\"\n}\n" }, { "path": "hack/calculate-cache.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# This script calculates the expected content size, actual cached size, and cache-keys used in caching method before and after\n# implementation in https://github.com/lima-vm/lima/pull/2508\n#\n# Answer to the question in https://github.com/lima-vm/lima/pull/2508#discussion_r1699798651\n\nscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n# shellcheck source=./common.inc.sh\n. \"${scriptdir}/cache-common-inc.sh\"\n\n# usage: [DEBUG=1] ./hack/calculate-cache.sh\n# DEBUG=1 will save the collected information in .calculate-cache-collected-info-{before,after}.yaml\n#\n# This script does:\n# 1. extracts `runs_on` and `template` from workflow file (.github/workflows/test.yml)\n# 2. check each template for image, kernel, initrd, and nerdctl\n# 3. detect size of image, kernel, initrd, and nerdctl (responses from remote are cached for faster iteration)\n# save the response in .check_location-response-cache.yaml\n# 4. print content size, actual cache size (if available), by cache key\n#\n# The major differences for reducing cache usage are as follows:\n# - it is now cached `~/.cache/lima/download/by-url-sha256/$sha256` instead of caching `~/.cache/lima/download`\n# - the cache keys are now based on the image, kernel, initrd, and nerdctl digest instead of the template file's hash\n# - enables the use of cache regardless of the operating system used to execute CI.\n#\n# The script requires the following commands:\n# - gh: GitHub CLI.\n# Using to get the cache information\n# - jq: Command-line JSON processor\n# Parse the workflow file and print runs-on and template.\n# Parse output from gh cache list\n# Calculate the expected content size, actual cached size, and cache-keys used.\n# - limactl: lima CLI.\n# Using to validate the template file for getting nerdctl location and digest.\n# - sha256sum: Print or check SHA256 (256-bit) checksums\n# - xxd: make a hexdump or do the reverse.\n# Using to simulate the 'hashFile()' function in the workflow.\n# - yq: Command-line YAML processor.\n# Parse the template file for image and nerdctl location, digest, and size.\n# Parse the cache response file for the cache.\n# Convert the collected information to JSON.\n\nset -u -o pipefail\n\nrequired_commands=(gh jq limactl sha256sum xxd yq)\nfor cmd in \"${required_commands[@]}\"; do\n\tif ! command -v \"${cmd}\" &>/dev/null; then\n\t\techo \"${cmd} is required. Please install it\" >&2\n\t\texit 1\n\tfi\ndone\n\n# current workflow uses x86_64 only\narch=x86_64\n\nLIMA_HOME=$(mktemp -d)\nexport LIMA_HOME\n\n# parse the workflow file and print runs-on and template\n# e.g.\n# ```console\n# $ print_runs_on_template_from_workflow .github/workflows/test.yml\n# macos-12 templates/default.yaml\n# ubuntu-24.04 templates/alpine.yaml\n# ubuntu-24.04 templates/debian.yaml\n# ubuntu-24.04 templates/fedora.yaml\n# ubuntu-24.04 templates/archlinux.yaml\n# ubuntu-24.04 templates/opensuse.yaml\n# ubuntu-24.04 templates/experimental/net-user-v2.yaml\n# ubuntu-24.04 templates/experimental/9p.yaml\n# ubuntu-24.04 templates/docker.yaml\n# ubuntu-24.04 templates/../hack/test-templates/alpine-iso-9p-writable.yaml\n# ubuntu-24.04 templates/../hack/test-templates/test-misc.yaml\n# macos-12 templates/vmnet.yaml\n# macos-12 https://raw.githubusercontent.com/lima-vm/lima/v0.15.1/examples/ubuntu-lts.yaml\n# macos-13 templates/experimental/vz.yaml\n# macos-13 templates/fedora.yaml\n# ```\nfunction print_runs_on_template_from_workflow() {\n\tyq -o=j \"$1\" | jq -r '\n\t\t\"./.github/actions/setup_cache_for_template\" as $action |\n\t\t\"\\\\$\\\\{\\\\{\\\\s*(?\\\\S*)\\\\s*\\\\}\\\\}\" as $pattern |\n\t\t.jobs | map_values(select(.steps)|\n\t\t\t.\"runs-on\" as $runs_on |\n\t\t\t{\n\t\t\t\ttemplate: .steps | map_values(select(.uses == $action)) | first |.with.template,\n\t\t\t\tmatrix: .strategy.matrix\n\t\t\t} | select(.template) |\n\t\t\t. + { path: .template | (if test($pattern) then sub(\".*\\($pattern).*\";\"\\(.path)\")|split(\".\") else null end) } |\n\t\t\t(\n\t\t\t\t.template as $template|\n\t\t\t\tif .path then\n\t\t\t\t\tgetpath(.path)|map(. as $item|$template|sub($pattern;$item))\n\t\t\t\telse\n\t\t\t\t\t[$template]\n\t\t\t\tend\n\t\t\t) | map(\"\\($runs_on)\\t\\(.)\")\n\n\t\t) | flatten |.[]\n\t'\n}\n\n# returns the OS name from the runner equivalent to the expression `${{ runner.os }}` in the workflow\n# e.g.\n# ```console\n# $ runner_os_from_runner \"macos-12\"\n# macOS\n# $ runner_os_from_runner \"ubuntu-24.04\"\n# Linux\n# ```\nfunction runner_os_from_runner() {\n\t# shellcheck disable=SC2249\n\tcase \"$1\" in\n\tmacos*)\n\t\techo macOS\n\t\t;;\n\tubuntu*)\n\t\techo Linux\n\t\t;;\n\tesac\n}\n\n# format first column to MiB\n# e.g.\n# ```console\n# $ echo 585498624 | size_to_mib\n# 558.38 MiB\n# ```\nfunction size_to_mib() {\n\tawk '\n\t\tfunction mib(size) { return sprintf(\"%7.2f MiB\", size / 1024 / 1024) }\n\t\tint($1)>0{ $1=\" \"mib($1) }\n\t\tint($2)>0{ $2=mib($2) }\n\t\tint($2)==0 && NF>1{ $2=\"<>\" }\n\t\t{ print }\n\t'\n}\n\n# actual_cache_sizes=$(gh cache list --json key,createdAt,sizeInBytes|jq '[.[]|{\"key\":.key,\"value\":.sizeInBytes}]|from_entries')\n# e.g.\n# ```console\n# $ echo \"${actual_cache_sizes}\"\n# {\n# \"Linux-1c3b2791d52735d916dc44767c745c2319eb7cae74af71bbf45ddb268f42fc1d\": 810758533,\n# \"Linux-231c66957fc2cdb18ea10e63f60770049026e29051ecd6598fc390b60d6a4fa6\": 633036717,\n# \"Linux-3b906d46fa532e3bc348c35fc8e7ede6c69f0b27032046ee2cbb56d4022d1146\": 574242367,\n# \"Linux-69a547b760dbf1650007ed541408474237bc611704077214adcac292de556444\": 70310855,\n# \"Linux-7782f8b4ff8cd378377eb79f8d61c9559b94bbd0c11d19eb380ee7bda19af04e\": 494141177,\n# \"Linux-8812aedfe81b4456d421645928b493b1f2f88aff04b7f3171207492fd44cd189\": 812730766,\n# \"Linux-caa7d8af214d55ad8902e82d5918e61573f3d6795d2b5ad9a35305e26fa0e6a9\": 754723892,\n# \"Linux-colima-v0.6.5\": 226350335,\n# \"Linux-de83bce0608d787e3c68c7a31c5fab2b6d054320fd7bf633a031845e2ee03414\": 810691197,\n# \"Linux-eb88a19dfcf2fb98278e7c7e941c143737c6d7cd8950a88f58e04b4ee7cef1bc\": 570625794,\n# \"Linux-f88f0b3b678ff6432386a42bdd27661133c84a36ad29f393da407c871b0143eb\": 68490954,\n# \"golangci-lint.cache-Linux-2850-74615231540133417fd618c72e37be92c5d3b3ad\": 2434144,\n# \"macOS-231c66957fc2cdb18ea10e63f60770049026e29051ecd6598fc390b60d6a4fa6\": 633020464,\n# \"macOS-49aa50a4872ded07ebf657c0eaf9e44ecc0c174d033a97c537ecd270f35b462f\": 813179462,\n# \"macOS-8f37f663956af5f743f0f99ab973729b6a02f200ebfac7a3a036eff296550732\": 810756770,\n# \"macOS-ef5509b5d4495c8c3590442ee912ad1c9a33f872dc4a29421c524fc1e2103b59\": 813179476,\n# \"macOS-upgrade-v0.15.1\": 1157814690,\n# \"setup-go-Linux-ubuntu20-go-1.23.0-02756877dbcc9669bb904e42e894c63aa9801138db94426a90a2d554f2705c52\": 1015518352,\n# \"setup-go-Linux-ubuntu20-go-1.23.0-6bce2eefc6111ace836de8bb322432c072805737d5f3c5a3d47d2207a05f50df\": 936433302,\n# \"setup-go-Linux-ubuntu24-go-1.22.6-02756877dbcc9669bb904e42e894c63aa9801138db94426a90a2d554f2705c52\": 1090001859,\n# \"setup-go-Linux-ubuntu24-go-1.23.0-02756877dbcc9669bb904e42e894c63aa9801138db94426a90a2d554f2705c52\": 526146768,\n# \"setup-go-Windows-go-1.23.0-02756877dbcc9669bb904e42e894c63aa9801138db94426a90a2d554f2705c52\": 1155374040,\n# \"setup-go-Windows-go-1.23.0-6bce2eefc6111ace836de8bb322432c072805737d5f3c5a3d47d2207a05f50df\": 1056433137,\n# \"setup-go-macOS-go-1.23.0-02756877dbcc9669bb904e42e894c63aa9801138db94426a90a2d554f2705c52\": 1060919942,\n# \"setup-go-macOS-go-1.23.0-6bce2eefc6111ace836de8bb322432c072805737d5f3c5a3d47d2207a05f50df\": 982139209\n# }\nactual_cache_sizes=$(\n\tgh cache list --json key,createdAt,sizeInBytes \\\n\t\t--jq 'sort_by(.createdAt)|reverse|unique_by(.key)|sort_by(.key)|map({\"key\":.key,\"value\":.sizeInBytes})|from_entries'\n)\n\nworkflows=(\n\t.github/workflows/test.yml\n)\n\n# shellcheck disable=SC2016\necho \"=> compare expected content size, actual cached size, and cache-keys used before and after the change in https://github.com/lima-vm/lima/pull/2508\"\n# iterate over before and after\nfor cache_method in before after; do\n\techo \"==> ${cache_method}\"\n\techo \"content-size actual-size cache-key\"\n\toutput_yaml=$(\n\t\tfor workflow in \"${workflows[@]}\"; do\n\t\t\tprint_runs_on_template_from_workflow \"${workflow}\"\n\t\tdone | while IFS=$'\\t' read -r runner template; do\n\t\t\ttemplate=$(download_template_if_needed \"${template}\") || continue\n\t\t\tarch=$(detect_arch \"${template}\" \"${arch}\") || continue\n\t\t\tindex=$(print_image_locations_for_arch_from_template \"${template}\" \"${arch}\" | print_valid_image_index) || continue\n\t\t\timage_kernel_initrd_info=$(print_image_kernel_initrd_locations_with_digest_for_arch_from_template_at_index \"${template}\" \"${index}\" \"${arch}\") || continue\n\t\t\t# shellcheck disable=SC2034 # shellcheck does not detect dynamic variables usage\n\t\t\tread -r image_location image_digest kernel_location kernel_digest initrd_location initrd_digest <<<\"${image_kernel_initrd_info}\"\n\t\t\tcontainerd_info=$(print_containerd_config_for_arch_from_template \"${template}\" \"${@:2}\") || continue\n\t\t\t# shellcheck disable=SC2034 # shellcheck does not detect dynamic variables usage\n\t\t\tread -r _containerd_enabled containerd_location containerd_digest <<<\"${containerd_info}\"\n\n\t\t\tif [[ ${cache_method} != after ]]; then\n\t\t\t\tkey=$(runner_os_from_runner \"${runner}\" || true)-$(hash_file \"${template}\")\n\t\t\telse\n\t\t\t\tkey=$(cache_key_from_prefix_location_and_digest image \"${image_location}\" \"${image_digest}\")\n\t\t\tfi\n\t\t\tsize=$(size_from_location \"${image_location}\")\n\t\t\tfor prefix in containerd kernel initrd; do\n\t\t\t\tlocation=\"${prefix}_location\"\n\t\t\t\tdigest=\"${prefix}_digest\"\n\t\t\t\t[[ ${!location} != null ]] || continue\n\t\t\t\tif [[ ${cache_method} != after ]]; then\n\t\t\t\t\t# previous caching method packages all files in download to a single cache key\n\t\t\t\t\tsize=$((size + $(size_from_location \"${!location}\")))\n\t\t\t\telse\n\t\t\t\t\t# new caching method caches each file separately\n\t\t\t\t\tkey_for_prefix=$(cache_key_from_prefix_location_and_digest \"${prefix}\" \"${!location}\" \"${!digest}\")\n\t\t\t\t\tsize_for_prefix=$(size_from_location \"${!location}\")\n\t\t\t\t\tprintf -- \"- key: %s\\n template: %s\\n location: %s\\n digest: %s\\n size: %s\\n\" \\\n\t\t\t\t\t\t\"${key_for_prefix}\" \"${template}\" \"${!location}\" \"${!digest}\" \"${size_for_prefix}\"\n\t\t\t\tfi\n\t\t\tdone\n\t\t\tprintf -- \"- key: %s\\n template: %s\\n location: %s\\n digest: %s\\n size: %s\\n\" \\\n\t\t\t\t\"${key}\" \"${template}\" \"${image_location}\" \"${image_digest}\" \"${size}\"\n\t\tdone\n\t)\n\toutput_json=$(yq -o=j . <<<\"${output_yaml}\")\n\n\t# print size key\n\tjq --argjson actual_size \"${actual_cache_sizes}\" -r 'unique_by(.key)|sort_by(.key)|.[]|[.size, $actual_size[.key] // 0, .key]|@tsv' <<<\"${output_json}\" | size_to_mib\n\t# total\n\techo \"------------\"\n\tjq '[unique_by(.key)|.[]|.size]|add' <<<\"${output_json}\" | size_to_mib\n\t# save the collected information as yaml if DEBUG is set\n\tif [[ -n ${DEBUG:+1} ]]; then\n\t\tcat <<<\"${output_yaml}\" >\".calculate-cache-collected-info-${cache_method}.yaml\"\n\t\techo \"Saved the collected information in .calculate-cache-collected-info-${cache_method}.yaml\"\n\tfi\n\techo \"\"\ndone\n" }, { "path": "hack/codesign/debugserver", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# # `hack/codesign/debugserver`\n#\n# This script wraps the LLDB `debugserver` to `codesign` the target executable.\n# This is needed for [Delve](https://github.com/go-delve/delve) to work properly\n# on macOS with the virtualization framework.\n#\n# ## How to use this script with Delve\n#\n# ### Use `DELVE_DEBUGSERVER_PATH` environment variable\n#\n# Override `debugserver` by setting the `DELVE_DEBUGSERVER_PATH` environment variable.\n# Ref: [Environment variables - Using Delve](https://github.com/go-delve/delve/blob/master/Documentation/usage/README.md#environment-variables)\n#\n# e.g. in `.vscode/launch.json`:\n# ```jsonc\n# {\n# \"version\": \"0.2.0\",\n# \"configurations\": [\n# {\n# \"name\": \"hostagent for input instance\",\n# \"type\": \"go\",\n# \"request\": \"launch\",\n# \"mode\": \"debug\",\n# // Use integratedTerminal to stop using ctrl+C\n# \"console\": \"integratedTerminal\",\n# \"program\": \"${workspaceFolder}/cmd/limactl\",\n# \"buildFlags\": [\n# \"-ldflags=-X github.com/lima-vm/lima/pkg/version.Version=2.0.0-alpha.0\",\n# ],\n# \"env\": {\n# \"CGO_ENABLED\": \"1\",\n# \"DELVE_DEBUGSERVER_PATH\": \"${workspaceFolder}/hack/codesign/debugserver\",\n# \"LIMA_SSH_PORT_FORWARDER\": \"true\",\n# },\n# \"cwd\": \"${userHome}/.lima/${input:targetInstance}\",\n# \"args\": [\n# \"--debug\",\n# \"hostagent\",\n# \"--pidfile\", \"ha.pid\",\n# \"--socket\", \"ha.sock\",\n# \"--guestagent\", \"${workspaceFolder}/_output/share/lima/lima-guestagent.Linux-aarch64\",\n# \"${input:targetInstance}\"\n# ],\n# \t\t},\n# ],\n# \"inputs\": [\n# {\n# \"id\": \"targetInstance\",\n# \"type\": \"promptString\",\n# \"description\": \"Input target instance parameter for `limactl` command\",\n# }\n# ]\n# }\n# ```\n#\n# ### Override `debugserver` in the PATH\n#\n# You can also override the `debugserver` in the PATH environment variable.\n#\n# e.g. in `.vscode/launch.json`:\n# ```diff\n# \"env\": {\n# \"CGO_ENABLED\": \"1\",\n# - \"DELVE_DEBUGSERVER_PATH\": \"${workspaceFolder}/hack/codesign/debugserver\",\n# + \"PATH\": \"${workspaceFolder}/hack/codesign:${env:PATH}\",\n# },\n# ```\n\nset -eu -o pipefail\n\nscript_dir=\"$(dirname \"$0\")\"\n\n# Codesign the target executable if vz.entitlements exists\nentitlements=\"${script_dir}/../../vz.entitlements\"\nif [ -f \"${entitlements}\" ]; then\n\tprev_arg=\n\tfor arg in \"$@\"; do\n\t\t# find the target executable in the args next to \"--\"\n\t\tif [ \"${prev_arg}\" = \"--\" ]; then\n\t\t\tcodesign --entitlements \"${entitlements}\" --force -s - -v \"${arg}\" || {\n\t\t\t\techo \"error: codesign failed\" >&2\n\t\t\t\texit 1\n\t\t\t}\n\t\t\tbreak\n\t\tfi\n\t\tprev_arg=\"${arg}\"\n\tdone\nfi\n\n# Simulate how Delve locates debugserver\n# https://github.com/go-delve/delve/blob/65a6830eb7f0b882e0c52df0ef9585945ed55470/pkg/proc/gdbserial/gdbserver.go#L103-L129\n# 1. PATH (in this script, excluding the directory of this script to avoid recursion)\ncandidate_paths=\"$(echo \"${PATH}\" | tr ':' '\\n' | grep --fixed-strings --invert-match --line-regexp \"${script_dir}\" | paste -sd: -)\"\n# 2. CommandLineTools LLDB path\nCLT_path=\"/Library/Developer/CommandLineTools\"\ncandidate_paths=\"${candidate_paths}:${CLT_path}/Library/PrivateFrameworks/LLDB.framework/Versions/A/Resources/\"\n# 3. Xcode LLDB path (if Xcode is installed)\nif developer_dir=$(xcode-select --print-path 2>/dev/null) && [ \"${developer_dir}\" != \"${CLT_path}\" ]; then\n\t# Xcode is installed\n\tcandidate_paths=\"${candidate_paths}:${developer_dir}/../SharedFrameworks/LLDB.framework/Versions/A/Resources/\"\nfi\n# Find debugserver in the candidate paths\ndebugserver=$(PATH=\"${candidate_paths}\" command -v debugserver) || {\n\techo \"error: debugserver not found\" >&2\n\texit 1\n}\n# Execute debugserver with the original arguments\nexec \"${debugserver}\" \"$@\"\n" }, { "path": "hack/common.inc.sh", "content": "# shellcheck shell=bash\ncleanup_cmd=\"\"\ntrap 'eval ${cleanup_cmd}' EXIT\nfunction defer {\n\t[ -n \"${cleanup_cmd}\" ] && cleanup_cmd=\"${cleanup_cmd}; \"\n\tcleanup_cmd=\"${cleanup_cmd}$1\"\n}\n\nfunction INFO() {\n\techo \"TEST| [INFO] $*\"\n}\n\nfunction WARNING() {\n\techo >&2 \"TEST| [WARNING] $*\"\n}\n\nfunction ERROR() {\n\techo >&2 \"TEST| [ERROR] $*\"\n}\n\nif [[ ${BASH_VERSINFO:-0} -lt 4 ]]; then\n\tERROR \"Bash version is too old: ${BASH_VERSION}\"\n\texit 1\nfi\n\n: \"${LIMA_HOME:=${HOME_HOST:-$HOME}/.lima}\"\n_IPERF3=iperf3\n# iperf3-darwin does some magic on macOS to avoid \"No route on host\" on macOS 15\n# https://github.com/lima-vm/socket_vmnet/issues/85\n[ \"$(uname -s)\" = \"Darwin\" ] && _IPERF3=\"iperf3-darwin\"\n: \"${IPERF3:=$_IPERF3}\"\n\n# Setup LIMA_TEMPLATES_PATH because the templates are not installed, but reference base templates\n# via template:_images/* and template:_default/*.\ntemplates_dir=\"$(cd \"$(dirname \"${BASH_SOURCE[0]}\")/../templates\" && pwd)\"\n: \"${LIMA_TEMPLATES_PATH:-$templates_dir}\"\nexport LIMA_TEMPLATES_PATH\n" }, { "path": "hack/debug-cache.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\ncache_dir=\"${HOME}/Library/Caches\"\nif [ \"$(uname -s)\" != \"Darwin\" ]; then\n\tcache_dir=\"${HOME}/.cache\"\nfi\nif [ ! -e \"${cache_dir}/lima/download/by-url-sha256\" ]; then\n\techo \"No cache\"\n\texit 0\nfi\nfor f in \"${cache_dir}/lima/download/by-url-sha256/\"*; do\n\techo \"$f\"\n\tls -l \"$f\"\n\tcat \"${f}/url\"\n\techo\n\techo ---\ndone\n" }, { "path": "hack/gogenerate/protoc.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# Generate Go code from a .proto file.\n# Expected to be called from `//go:generate` directive.\n\nset -eu\nif [ \"$#\" -ne 1 ]; then\n\techo >&2 \"Usage: $0 FILE\"\n\texit 1\nfi\n\nPROTO=\"$1\" ## a.proto\nBASE=\"$(basename \"$PROTO\" .proto)\" ## a\nPB_DESC=\"${BASE}.pb.desc\" ## a.pb.desc\nPB_GO=\"${BASE}.pb.go\" ## a.pb.go\nGRPC_PB_GO=\"${BASE}_grpc.pb.go\" ## a_grpc.pb.go\n\nset -x\n\nprotoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative \"$PROTO\" --descriptor_set_out=\"$PB_DESC\"\n\n# -// - protoc v6.32.0\n# +// - protoc version [omitted for reproducibility]\n#\n# perl is used because `sed -i` is not portable across BSD (macOS) and GNU.\nperl -pi -E 's@(^//.*protoc.*)[[:blank:]]+v[[:digit:]]+\\.[[:digit:]]+\\.[[:digit:]]+@\\1 [version omitted for reproducibility]@g' \"$PB_GO\" \"$GRPC_PB_GO\"\n" }, { "path": "hack/inject-cmdline-to-template.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n#\n# This script does\n# 1. detect arch from template if not provided\n# 2. extract location by parsing template using arch\n# 3. get the image location\n# 4. check the image location is supported\n# 5. build the kernel and initrd location, digest, and cmdline\n# 6. inject the kernel and initrd location, digest, and cmdline to the template\n# 7. output kernel_location, kernel_digest, cmdline, initrd_location, initrd_digest\n\nset -eu -o pipefail\n\ntemplate=\"$1\"\nappending_options=\"$2\"\n# 1. detect arch from template if not provided\narch=\"${3:-$(yq '.arch // \"\"' \"${template}\")}\"\narch=\"${arch:-$(uname -m)}\"\n\n# normalize arch. amd64 -> x86_64, arm64 -> aarch64\ncase \"${arch}\" in\namd64 | x86_64) arch=x86_64 ;;\naarch64 | arm64) arch=aarch64 ;;\narmv7l | armhf) arch=armv7l ;;\nppc64el | ppc64le) arch=ppc64le ;;\ns390x) arch=s390x ;;\nriscv64) arch=riscv64 ;;\n*)\n\techo \"Unsupported arch: ${arch}\" >&2\n\texit 1\n\t;;\nesac\n\n# 2. extract location by parsing template using arch\nreadonly yq_filter=\"\n .images[]|select(.arch == \\\"${arch}\\\")|.location\n\"\nparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n# 3. get the image location\nfunction check_location() {\n\tlocal location=$1 http_code\n\thttp_code=$(curl -sIL -w \"%{http_code}\" \"${location}\" -o /dev/null)\n\t[[ ${http_code} -eq 200 ]]\n}\nwhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\nreadonly locations=(\"${arr[@]}\")\nfor ((i = 0; i < ${#locations[@]}; i++)); do\n\t[[ ${locations[i]} != \"null\" ]] || continue\n\t# shellcheck disable=SC2310\n\tif check_location \"${locations[i]}\"; then\n\t\tlocation=${locations[i]}\n\t\tindex=${i}\n\t\tbreak\n\tfi\ndone\n\n# 4. check the image location is supported\ncase \"${location:-}\" in\nhttps://cloud-images.ubuntu.com/minimal/* | https://cloud-images.ubuntu.com/daily/server/minimal/*)\n\treadonly default_cmdline=\"root=/dev/vda1 ro console=tty1 console=ttyAMA0\"\n\t;;\nhttps://cloud-images.ubuntu.com/*)\n\treadonly default_cmdline=\"root=LABEL=cloudimg-rootfs ro console=tty1 console=ttyAMA0\"\n\t;;\n*)\n\techo \"Unsupported image location: ${location}\" >&2\n\texit 1\n\t;;\nesac\n\n# 5. build the kernel and initrd location, digest, and cmdline\nlocation_dirname=$(dirname \"${location}\")/unpacked\nsha256sums=$(curl -sSLf \"${location_dirname}/SHA256SUMS\")\nlocation_basename=$(basename \"${location}\")\n\n# cmdline\ncmdline=\"${default_cmdline} ${appending_options}\"\n\n# kernel\nkernel_basename=\"${location_basename/.img/-vmlinuz-generic}\"\nkernel_digest=$(awk \"/${kernel_basename}/{print \\\"sha256:\\\"\\$1}\" <<<\"${sha256sums}\")\nkernel_location=\"${location_dirname}/${kernel_basename}\"\n\n# initrd\ninitrd_basename=\"${location_basename/.img/-initrd-generic}\"\ninitrd_digest=$(awk \"/${initrd_basename}/{print \\\"sha256:\\\"\\$1}\" <<<\"${sha256sums}\")\ninitrd_location=\"${location_dirname}/${initrd_basename}\"\n\n# 6. inject the kernel and initrd location, digest, and cmdline to the template\nfunction inject_to() {\n\t# shellcheck disable=SC2034\n\tlocal template=$1 arch=$2 index=$3 key=$4 location=$5 digest=$6 cmdline=${7:-} fields=() IFS=,\n\t# shellcheck disable=SC2310\n\tcheck_location \"${location}\" || return 0\n\tfor field_name in location digest cmdline; do\n\t\t[[ -z ${!field_name} ]] || fields+=(\"\\\"${field_name}\\\": \\\"${!field_name}\\\"\")\n\tdone\n\tlimactl edit --log-level error --set \"setpath([(.images[] | select(.arch == \\\"${arch}\\\") | path)].[${index}] + \\\"${key}\\\"; { ${fields[*]}})\" \"${template}\"\n}\ninject_to \"${template}\" \"${arch}\" \"${index}\" \"kernel\" \"${kernel_location}\" \"${kernel_digest}\" \"${cmdline}\"\ninject_to \"${template}\" \"${arch}\" \"${index}\" \"initrd\" \"${initrd_location}\" \"${initrd_digest}\"\n\n# 7. output kernel_location, kernel_digest, cmdline, initrd_location, initrd_digest\nreadonly outputs=(kernel_location kernel_digest cmdline initrd_location initrd_digest)\nfor output in \"${outputs[@]}\"; do\n\techo \"${output}=${!output}\"\ndone\n" }, { "path": "hack/install-qemu.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# Install qemu on GitHub Actions runner.\n# Not expected to be used outside GitHub Actions.\n\nset -eux\n\n# apt-get update has to be run beforehand\napt-get install -y --no-install-recommends ovmf qemu-system-x86 qemu-utils\nmodprobe kvm\n# `usermod -aG kvm ${SUDO_USER}` does not take an effect on GHA\nchown \"${SUDO_USER}\" /dev/kvm\nqemu-system-x86_64 --version\n" }, { "path": "hack/ltag/bash.txt", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n" }, { "path": "hack/ltag/dockerfile.txt", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n" }, { "path": "hack/ltag/go.txt", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\n" }, { "path": "hack/ltag/makefile.txt", "content": "# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n" }, { "path": "hack/oss-fuzz-build.sh", "content": "#!/bin/bash -eu\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# This script is used by OSS-Fuzz to build and run Limas fuzz tests continuously.\n# Limas OSS-Fuzz integration can be found here: https://github.com/google/oss-fuzz/tree/master/projects/lima\n# Modify https://github.com/google/oss-fuzz/blob/master/projects/lima/project.yaml for access management to Limas OSS-Fuzz crashes.\nprintf \"package store\\nimport _ \\\"github.com/AdamKorcz/go-118-fuzz-build/testing\\\"\\n\" >\"$SRC\"/lima/pkg/store/register.go\ngo mod tidy\ncompile_native_go_fuzzer github.com/lima-vm/lima/v2/pkg/store FuzzLoadYAMLByFilePath FuzzLoadYAMLByFilePath\ncompile_native_go_fuzzer github.com/lima-vm/lima/v2/pkg/store FuzzInspect FuzzInspect\ncompile_native_go_fuzzer github.com/lima-vm/lima/v2/pkg/nativeimgutil FuzzConvertToRaw FuzzConvertToRaw\ncompile_native_go_fuzzer github.com/lima-vm/lima/v2/pkg/cidata FuzzSetupEnv FuzzSetupEnv\ncompile_native_go_fuzzer github.com/lima-vm/lima/v2/pkg/iso9660util FuzzIsISO9660 FuzzIsISO9660\ncompile_native_go_fuzzer github.com/lima-vm/lima/v2/pkg/guestagent/procnettcp FuzzParse FuzzParse\ncompile_native_go_fuzzer github.com/lima-vm/lima/v2/pkg/yqutil FuzzEvaluateExpression FuzzEvaluateExpression\ncompile_native_go_fuzzer github.com/lima-vm/lima/v2/pkg/downloader FuzzDownload FuzzDownload\n" }, { "path": "hack/test-mount-home.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\nscriptdir=\"$(cd \"$(dirname \"${BASH_SOURCE[0]}\")\" && pwd)\"\n# shellcheck source=common.inc.sh\nsource \"${scriptdir}/common.inc.sh\"\n\nif [ \"$#\" -ne 1 ]; then\n\tERROR \"Usage: $0 NAME\"\n\texit 1\nfi\n\nNAME=\"$1\"\nhometmp=\"${HOME_HOST:-$HOME}/lima-test-tmp\"\nhometmpguest=\"${HOME_GUEST:-$HOME}/lima-test-tmp\"\nINFO \"Testing home access (\\\"$hometmp\\\")\"\nrm -rf \"$hometmp\"\nmkdir -p \"$hometmp\"\ndefer \"rm -rf \\\"$hometmp\\\"\"\necho \"random-content-${RANDOM}\" >\"$hometmp/random\"\nexpected=\"$(cat \"$hometmp/random\")\"\ngot=\"$(limactl shell \"$NAME\" cat \"$hometmpguest/random\")\"\nINFO \"$hometmp/random: expected=${expected}, got=${got}\"\nif [ \"$got\" != \"$expected\" ]; then\n\tERROR \"Home directory is not shared?\"\n\texit 1\nfi\n" }, { "path": "hack/test-nonplain-static-port-forward.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -euxo pipefail\n\nINSTANCE=nonplain-static-port-forward\nTEMPLATE=\"$(dirname \"$0\")/test-templates/test-misc.yaml\"\n\nlimactl delete -f \"$INSTANCE\" || true\n\nlimactl start --name=\"$INSTANCE\" --tty=false \"$TEMPLATE\"\n\nlimactl shell \"$INSTANCE\" -- bash -c 'until systemctl is-active --quiet nginx; do sleep 1; done'\nlimactl shell \"$INSTANCE\" -- bash -c 'until systemctl is-active --quiet test-server-9080; do sleep 1; done'\nlimactl shell \"$INSTANCE\" -- bash -c 'until systemctl is-active --quiet test-server-9070; do sleep 1; done'\n\ncurl -sSf http://127.0.0.1:9090 | grep -i 'nginx' && echo 'Static port forwarding (9090) works in normal mode!'\ncurl -sSf http://127.0.0.1:29080 | grep -i 'Dynamic port 9080' && echo 'Dynamic port forwarding (29080) works in normal mode!'\ncurl -sSf http://127.0.0.1:29070 | grep -i 'Dynamic port 9070' && echo 'Dynamic port forwarding (29070) works in normal mode!'\n\nlimactl delete -f \"$INSTANCE\"\necho \"All tests passed for normal mode - both static and dynamic ports work!\"\n# EOF\n" }, { "path": "hack/test-plain-static-port-forward.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -euxo pipefail\n\nINSTANCE=plain-static-port-forward\nTEMPLATE=\"$(dirname \"$0\")/test-templates/test-misc.yaml\"\n\nlimactl delete -f \"$INSTANCE\" || true\n\nlimactl start --name=\"$INSTANCE\" --plain=true --tty=false \"$TEMPLATE\"\n\nlimactl shell \"$INSTANCE\" -- bash -c 'until systemctl is-active --quiet nginx; do sleep 1; done'\n\nif ! curl -sSf http://127.0.0.1:9090 | grep -i 'nginx'; then\n\techo 'ERROR: Static port forwarding (9090) does not work in plain mode!'\n\texit 1\nfi\necho 'Static port forwarding (9090) works in plain mode!'\n\nif curl -sSf http://127.0.0.1:29080 2>/dev/null; then\n\techo 'ERROR: Dynamic port 29080 should not be forwarded in plain mode!'\n\texit 1\nelse\n\techo 'Dynamic port 29080 is correctly NOT forwarded in plain mode.'\nfi\n\nif curl -sSf http://127.0.0.1:29070 2>/dev/null; then\n\techo 'ERROR: Dynamic port 29070 should not be forwarded in plain mode!'\n\texit 1\nelse\n\techo 'Dynamic port 29070 is correctly NOT forwarded in plain mode.'\nfi\n\nlimactl delete -f \"$INSTANCE\"\necho \"All tests passed for plain mode - only static ports work!\"\n# EOF\n" }, { "path": "hack/test-port-forwarding.pl", "content": "#!/usr/bin/env perl\n\n# This script tests the port forwarding settings of lima. It has to be run\n# twice: once to update the instance yaml file with the port forwarding\n# rules (before the instance is started). And once when the instance is\n# running to perform the tests:\n#\n# ./hack/test-port-forwarding.pl templates/default.yaml\n# limactl --tty=false start templates/default.yaml\n# git restore templates/default.yaml\n# ./hack/test-port-forwarding.pl default [nc|socat [nc|socat]] [timeout]\n#\n# TODO: support for ipv6 host addresses\n\nuse strict;\nuse warnings;\n\nuse Config qw(%Config);\nuse File::Spec::Functions qw(catfile);\nuse IO::Handle qw();\nuse JSON::PP;\nuse Socket qw(inet_ntoa);\nuse Sys::Hostname qw(hostname);\n\nmy $connectionTimeout = 1; # seconds\n\nmy $instance = shift;\nmy $listener;\nmy $writer;\nwhile (my $arg = shift) {\n if ($arg eq \"nc\" || $arg eq \"socat\") {\n $listener = $arg unless defined $listener;\n $writer = $arg if defined $listener && !defined $writer;\n } elsif ($arg =~ /^\\d+$/) {\n $connectionTimeout = $arg;\n } else {\n die \"Usage: $0 [instance|yaml-file] [nc|socat [nc|socat]] [timeout]\\n\";\n }\n}\n$listener ||= \"nc\";\n$writer ||= $listener;\n\nmy $addr = scalar gethostbyname(hostname());\n# If hostname address cannot be determines, use localhost to trigger fallback to system_profiler lookup\nmy $ipv4 = length $addr ? inet_ntoa($addr) : \"127.0.0.1\";\nmy $ipv6 = \"\"; # todo\n\n# macOS GitHub runners seem to use \"localhost\" as the hostname\nif ($ipv4 eq \"127.0.0.1\" && $Config{osname} eq \"darwin\") {\n $ipv4 = qx(system_profiler SPNetworkDataType -json | jq -r 'first(.SPNetworkDataType[] | select(.ip_address) | .ip_address) | first');\n chomp $ipv4;\n}\n\nmy $instDir = qx(limactl list \"$instance\" --yq .dir);\nchomp $instDir;\n# platform independent way to add trailing path separator\nmy $sockDir = catfile($instDir, \"sock\", \"\");\n\n# If $instance is a filename, add our portForwards to it to enable testing\nif (-f $instance) {\n open(my $fh, \"+< $instance\") or die \"Can't open $instance for read/write: $!\";\n my @yaml;\n while (<$fh>) {\n # Remove existing \"portForwards:\" section from the config file\n my $seq = /^portForwards:/ ... /^[a-z]/;\n next if $seq && $seq !~ /E0$/;\n push @yaml, $_;\n }\n seek($fh, 0, 0);\n truncate($fh, 0);\n print $fh $_ for @yaml;\n while () {\n s/ipv4/$ipv4/g;\n s/ipv6/$ipv6/g;\n print $fh $_;\n }\n exit;\n}\n\n# Check if netcat is available before running tests\nmy $nc_path = `command -v nc 2>/dev/null`;\nchomp $nc_path;\nunless ($nc_path) {\n die \"Error: 'nc' (netcat) is not installed on the host system.\\n\" .\n \"Please install netcat to run this test script:\\n\" .\n \" - On macOS: brew install netcat\\n\" .\n \" - On Ubuntu/Debian: sudo apt-get install netcat\\n\" .\n \" - On RHEL/CentOS: sudo yum install nmap-ncat\\n\";\n}\n\n# Otherwise $instance must be the name of an already running instance that has been\n# configured with our portForwards settings.\n\nmy $instanceType = qx(limactl ls --json \"$instance\" | jq -r '.vmType' | sed s/x/x/);\nchomp $instanceType;\n\n# Get sshLocalPort for lima instance\nmy $sshLocalPort;\nopen(my $ls, \"limactl ls --json |\") or die;\nwhile (<$ls>) {\n next unless /\"name\":\"$instance\"/;\n ($sshLocalPort) = /\"sshLocalPort\":(\\d+)/ or die;\n last;\n}\ndie \"Cannot determine sshLocalPort\" unless $sshLocalPort;\n\n# Extract forwarding tests from the \"portForwards\" section\nmy @test;\nwhile () {\n chomp;\n s/^\\s+#\\s*//;\n next unless /^(forward|ignore)/;\n if (/ipv6/ && !$ipv6) {\n printf \"🚧 Not yet: # $_\\n\";\n next;\n }\n s/sshLocalPort/$sshLocalPort/g;\n s/ipv4/$ipv4/g;\n s/ipv6/$ipv6/g;\n s/sockDir\\//$sockDir/g;\n # forward: 127.0.0.1 899 → 127.0.0.1 799\n # ignore: 127.0.0.2 8888\n /^(forward|ignore):\\s+([0-9.:]+)\\s+(\\d+)(?:\\s+→)?(?:\\s+(?:([0-9.:]+)(?:\\s+(\\d+))|(\\S+))?)?/;\n die \"Cannot parse test '$_'\" unless $1;\n my %test; @test{qw(mode guest_ip guest_port host_ip host_port host_socket)} = ($1, $2, $3, $4, $5, $6);\n\n $test{host_ip} ||= \"127.0.0.1\";\n $test{host_port} ||= $test{guest_port};\n $test{host_socket} ||= \"\";\n if ($test{mode} eq \"forward\" && $test{host_socket} eq \"\" && $test{host_port} < 1024 && $Config{osname} ne \"darwin\") {\n printf \"🚧 Not supported on $Config{osname}: # $_\\n\";\n next;\n }\n if ($test{mode} eq \"ignore\" && ($test{guest_ip} eq \"0.0.0.0\" || $test{guest_ip} eq \"127.0.0.1\") && \"$instanceType\" eq \"wsl2\") {\n printf \"🚧 Not supported for $instanceType machines: # $_\\n\";\n next;\n }\n if ($test{guest_ip} eq \"192.168.5.15\" && \"$instanceType\" eq \"wsl2\") {\n printf \"🚧 Not supported for $instanceType machines: # $_\\n\";\n next;\n }\n if ($test{host_socket} ne \"\" && $Config{osname} eq \"cygwin\") {\n printf \"🚧 Not supported on $Config{osname}: # $_\\n\";\n next;\n }\n\n my $remote = JoinHostPort($test{guest_ip},$test{guest_port});\n my $local = $test{host_socket} eq \"\" ? JoinHostPort($test{host_ip},$test{host_port}) : $test{host_socket};\n if ($test{mode} eq \"ignore\") {\n $test{log_msg} = \"Not forwarding TCP $remote\";\n }\n else {\n $test{log_msg} = \"Forwarding TCP from $remote to $local\";\n }\n push @test, \\%test;\n}\n\nopen(my $lima, \"| limactl shell --workdir / $instance\")\n or die \"Can't run lima shell on $instance: $!\";\n$lima->autoflush;\n\nprint $lima <<'EOF';\nset -e\ncd $HOME\nsudo pkill -x nc || true\nsudo pkill -x socat || true\nrm -f nc.* socat.*\nEOF\n\n# Give the hostagent some time to remove any port forwards from a previous (crashed?) test run\nsleep 5;\n\n# Record current log size, so we can skip prior output\n$ENV{HOME_HOST} ||= \"$ENV{HOME}\";\n$ENV{LIMA_HOME} ||= \"$ENV{HOME_HOST}/.lima\";\nmy $ha_stdout_log = \"$ENV{LIMA_HOME}/$instance/ha.stdout.log\";\nmy $ha_stderr_log = \"$ENV{LIMA_HOME}/$instance/ha.stderr.log\";\nmy $ha_stdout_log_size = -s $ha_stdout_log or die;\nmy $ha_stderr_log_size = -s $ha_stderr_log or die;\n\n# Setup a netcat listener on the guest for each test\nforeach my $id (0..@test-1) {\n my $test = $test[$id];\n my $cmd;\n if ($listener eq \"nc\") {\n $cmd = \"nc -l $test->{guest_ip} $test->{guest_port}\";\n if ($instance =~ /^alpine/) {\n $cmd = \"nc -l -s $test->{guest_ip} -p $test->{guest_port}\";\n }\n } elsif ($listener eq \"socat\") {\n my $proto = $test->{guest_ip} =~ /:/ ? \"TCP6\" : \"TCP\";\n $cmd = \"socat -u $proto-LISTEN:$test->{guest_port},bind=$test->{guest_ip} STDOUT\";\n }\n\n my $sudo = $test->{guest_port} < 1024 ? \"sudo \" : \"\";\n print $lima \"${sudo}${cmd} >$listener.${id} 2>/dev/null &\\n\";\n}\n\n# Make sure the guest- and hostagents had enough time to set up the forwards\nsleep 5;\n\n# Try to reach each listener from the host\nforeach my $test (@test) {\n next if $test->{host_port} == $sshLocalPort;\n my $cmd;\n if ($writer eq \"nc\") {\n if ($Config{osname} eq \"darwin\") {\n # macOS nc doesn't support -w for connection timeout, so use -G instead\n $cmd = $test->{host_socket} eq \"\" ? \"nc -G $connectionTimeout $test->{host_ip} $test->{host_port}\" : \"nc -G $connectionTimeout -U $test->{host_socket}\";\n } else {\n $cmd = $test->{host_socket} eq \"\" ? \"nc -w $connectionTimeout $test->{host_ip} $test->{host_port}\" : \"nc -w $connectionTimeout -U $test->{host_socket}\";\n }\n } elsif ($writer eq \"socat\") {\n my $tcp_dest = $test->{host_ip} =~ /:/ ? \"TCP6:[$test->{host_ip}]:$test->{host_port}\" : \"TCP:$test->{host_ip}:$test->{host_port}\";\n $cmd = $test->{host_socket} eq \"\" ? \"socat -u STDIN $tcp_dest,connect-timeout=$connectionTimeout\" : \"socat -u STDIN UNIX-CONNECT:$test->{host_socket}\";\n }\n print \"Running: $cmd\\n\";\n open(my $netcat, \"| $cmd\") or die \"Can't run '$cmd': $!\";\n print $netcat \"$test->{log_msg}\\n\";\n # Don't check for errors on close; macOS nc seems to return non-zero exit code even on success\n close($netcat);\n}\n\n# Extract forwarding log messages from hostagent JSON event log\nmy $json_parser = JSON::PP->new->utf8->relaxed;\n\nopen(my $log, \"< $ha_stdout_log\") or die \"Can't read $ha_stdout_log: $!\";\nseek($log, $ha_stdout_log_size, 0) or die \"Can't seek $ha_stdout_log to $ha_stdout_log_size: $!\";\nmy %seen;\nmy %failed_to_listen_tcp;\n\nwhile (<$log>) {\n chomp;\n next unless /^\\s*\\{/; # Skip non-JSON lines\n\n my $event = eval { $json_parser->decode($_) };\n next unless $event;\n\n my $pf = $event->{status}{portForward};\n next unless $pf && $pf->{type};\n\n my $type = $pf->{type};\n my $protocol = uc($pf->{protocol} || \"tcp\");\n my $guest_addr = $pf->{guestAddr} || \"\";\n my $host_addr = $pf->{hostAddr} || \"\";\n my $error = $pf->{error} || \"\";\n\n if ($type eq \"forwarding\") {\n my $msg = \"Forwarding $protocol from $guest_addr to $host_addr\";\n $seen{$msg}++;\n } elsif ($type eq \"not-forwarding\") {\n my $msg = \"Not forwarding $protocol $guest_addr\";\n $seen{$msg}++;\n } elsif ($type eq \"failed\" && $error =~ /listen tcp/) {\n # Extract the address from the error message\n if ($error =~ /listen tcp (.*?:\\d+):/) {\n my $addr = $1;\n $failed_to_listen_tcp{$addr} = \"failed to listen tcp: $error\";\n }\n }\n}\nclose $log or die;\n\n# Also check stderr log for failed_to_listen_tcp messages (these may not be in JSON events)\nopen(my $stderr_log, \"< $ha_stderr_log\") or die \"Can't read $ha_stderr_log: $!\";\nseek($stderr_log, $ha_stderr_log_size, 0) or die \"Can't seek $ha_stderr_log to $ha_stderr_log_size: $!\";\nwhile (<$stderr_log>) {\n $failed_to_listen_tcp{$2}=$1 if /(failed to listen tcp: listen tcp (.*?:\\d+):[^\"]+)/;\n}\nclose $stderr_log or die;\n\nmy $rc = 0;\nmy %expected;\nforeach my $id (0..@test-1) {\n my $test = $test[$id];\n my $err = \"\";\n $expected{$test->{log_msg}}++;\n unless ($seen{$test->{log_msg}}) {\n $err .= \"\\n Message missing from ha.stdout.log (JSON events)\";\n }\n my $log = qx(limactl shell --workdir / $instance sh -c \"cd; cat $listener.$id\");\n chomp $log;\n if ($test->{mode} eq \"forward\" && $test->{log_msg} ne $log) {\n $err .= \"\\n Guest received: '$log'\";\n }\n if ($test->{mode} eq \"ignore\" && $log) {\n $err .= \"\\n Guest received: '$log' (instead of nothing)\";\n }\n printf \"%s %s%s\\n\", ($err ? \"❌\" : \"✅\"), $test->{log_msg}, $err;\n $rc = 1 if $err;\n}\n\nforeach (keys %seen) {\n next if $expected{$_};\n # Should this be an error? Really should only happen if something else failed as well.\n print \"😕 Unexpected log message: $_\\n\";\n}\n\nif (%failed_to_listen_tcp) {\n foreach (keys %failed_to_listen_tcp) {\n print \"⚠️ $failed_to_listen_tcp{$_}\\n\";\n }\n my @tcp_list = keys %failed_to_listen_tcp;\n if ($Config{osname} eq \"darwin\") {\n my @lsof_args = map { \"-iTCP\\@$_\" } @tcp_list;\n print `lsof -P @lsof_args`;\n } elsif ($Config{osname} eq \"linux\") {\n my @lss_args = map { \"src = $_\" } @tcp_list;\n my $ss_expression = join(\" or \", @lss_args);\n print `sudo ss -lnpt \"$ss_expression\"`;\n } elsif ($Config{osname} eq \"cygwin\") {\n my @awk_args = map { \"-e'/$_/'\" } @tcp_list;\n print `netstat -aon | awk -e'/^ +Proto/' @awk_args`;\n }\n}\n\n# Cleanup remaining netcat instances (and port forwards)\nprint $lima \"sudo pkill -x $listener\";\n\nexit $rc;\n\nsub JoinHostPort {\n my($host,$port) = @_;\n $host = \"[$host]\" if $host =~ /:/;\n return \"$host:$port\";\n}\n\n# This YAML section includes port forwarding `rules` for the guest- and hostagents,\n# with interleaved `tests` (in comments) that are executed by this script. The strings\n# \"ipv4\" and \"ipv6\" will be replaced by the actual host ipv4 and ipv6 addresses.\n__DATA__\nportForwards:\n# We can't test that port 22 will be blocked because the guestagent has\n# been ignoring it since startup, so the log message is in the part of\n# the log we skipped.\n# skip: 127.0.0.1 22 → 127.0.0.1 2222\n# ignore: 127.0.0.1 sshLocalPort\n\n- guestIP: 127.0.0.2\n guestPortRange: [3000, 3009]\n hostPortRange: [2000, 2009]\n ignore: true\n\n- guestIP: 0.0.0.0\n guestIPMustBeZero: false\n guestPortRange: [3010, 3019]\n hostPortRange: [2010, 2019]\n ignore: true\n\n- guestIP: 0.0.0.0\n guestIPMustBeZero: false\n guestPortRange: [3000, 3029]\n hostPortRange: [2000, 2029]\n\n# The following rule is completely shadowed by the previous one and has no effect\n- guestIP: 0.0.0.0\n guestIPMustBeZero: false\n guestPortRange: [3020, 3029]\n hostPortRange: [2020, 2029]\n ignore: true\n\n # ignore: 127.0.0.2 3000\n # forward: 127.0.0.3 3001 → 127.0.0.1 2001\n\n # Blocking 127.0.0.2 cannot block forwarding from 0.0.0.0\n # forward: 0.0.0.0 3002 → 127.0.0.1 2002\n\n # Blocking 0.0.0.0 will block forwarding from any interface because guestIPMustBeZero is false\n # ignore: 0.0.0.0 3010\n # ignore: 127.0.0.1 3011\n\n # Forwarding from 0.0.0.0 works for any interface (including IPv6)\n # The \"ignore\" rule above has no effect because the previous rule already matched.\n # forward: 127.0.0.2 3020 → 127.0.0.1 2020\n # forward: 127.0.0.1 3021 → 127.0.0.1 2021\n # forward: 0.0.0.0 3022 → 127.0.0.1 2022\n # forward: :: 3023 → 127.0.0.1 2023\n # forward: ::1 3024 → 127.0.0.1 2024\n\n- guestPortRange: [3030, 3039]\n hostPortRange: [2030, 2039]\n hostIP: ipv4\n\n # forward: 127.0.0.1 3030 → ipv4 2030\n # forward: 0.0.0.0 3031 → ipv4 2031\n # forward: :: 3032 → ipv4 2032\n # forward: ::1 3033 → ipv4 2033\n\n- guestPortRange: [300, 304]\n\n # forward: 127.0.0.1 300 → 127.0.0.1 300\n # forward: 0.0.0.0 301 → 127.0.0.1 301\n # forward: :: 302 → 127.0.0.1 302\n # forward: ::1 303 → 127.0.0.1 303\n # ignore: 192.168.5.15 304 → 127.0.0.1 304\n\n- guestPortRange: [305, 309]\n guestIPMustBeZero: false\n\n # forward: 127.0.0.1 325 → 127.0.0.1 325\n # forward: 0.0.0.0 326 → 127.0.0.1 326\n # forward: :: 327 → 127.0.0.1 327\n # forward: ::1 328 → 127.0.0.1 328\n # ignore: 192.168.5.15 329 → 127.0.0.1 329\n\n- guestPortRange: [310, 314]\n hostIP: 0.0.0.0\n\n # forward: 127.0.0.1 310 → 0.0.0.0 310\n # forward: 0.0.0.0 311 → 0.0.0.0 311\n # forward: :: 312 → 0.0.0.0 312\n # forward: ::1 313 → 0.0.0.0 313\n # ignore: 192.168.5.15 314 → 0.0.0.0 314\n\n- guestPortRange: [315, 319]\n guestIPMustBeZero: false\n hostIP: 0.0.0.0\n\n # forward: 127.0.0.1 315 → 0.0.0.0 315\n # forward: 0.0.0.0 316 → 0.0.0.0 316\n # forward: :: 317 → 0.0.0.0 317\n # forward: ::1 318 → 0.0.0.0 318\n # ignore: 192.168.5.15 319 → 0.0.0.0 319\n\n # Things we can't test:\n # - Accessing a forward from a different interface (e.g. connect to ipv4 to connect to 0.0.0.0)\n # - failed forward to privileged port\n\n\n- guestIP: \"192.168.5.15\"\n guestPortRange: [4000, 4009]\n hostIP: \"ipv4\"\n\n # forward: 192.168.5.15 4000 → ipv4 4000\n\n- guestIP: \"::1\"\n guestPortRange: [4010, 4019]\n hostIP: \"::\"\n\n # forward: ::1 4010 → :: 4010\n\n- guestIP: \"::\"\n guestPortRange: [4020, 4029]\n hostIP: \"ipv4\"\n\n # forward: 127.0.0.1 4020 → ipv4 4020\n # forward: 127.0.0.2 4021 → ipv4 4021\n # forward: 192.168.5.15 4022 → ipv4 4022\n # forward: 0.0.0.0 4023 → ipv4 4023\n # forward: :: 4024 → ipv4 4024\n # forward: ::1 4025 → ipv4 4025\n\n- guestIP: \"0.0.0.0\"\n guestIPMustBeZero: false\n guestPortRange: [4030, 4039]\n hostIP: \"ipv4\"\n\n # forward: 127.0.0.1 4030 → ipv4 4030\n # forward: 127.0.0.2 4031 → ipv4 4031\n # forward: 192.168.5.15 4032 → ipv4 4032\n # forward: 0.0.0.0 4033 → ipv4 4033\n # forward: :: 4034 → ipv4 4034\n # forward: ::1 4035 → ipv4 4035\n\n- guestIPMustBeZero: true\n guestPortRange: [4040, 4049]\n\n- guestIP: \"0.0.0.0\"\n guestIPMustBeZero: false\n guestPortRange: [4040, 4049]\n ignore: true\n\n # forward: 0.0.0.0 4040 → 127.0.0.1 4040\n # forward: :: 4041 → 127.0.0.1 4041\n # ignore: 127.0.0.1 4043 → 127.0.0.1 4043\n # ignore: 192.168.5.15 4044 → 127.0.0.1 4044\n\n# This rule exist to test `nerdctl run` binding to 0.0.0.0 by default,\n# and making sure it gets forwarded to the external host IP.\n# The actual test code is in test-example.sh in the \"port-forwarding\" block.\n- guestIPMustBeZero: true\n guestPort: 8888\n hostIP: 0.0.0.0\n\n- guestPort: 5000\n hostSocket: port5000.sock\n\n # forward: 127.0.0.1 5000 → sockDir/port5000.sock\n\n- guestPort: 5001\n hostSocket: port5001.sock\n\n # ignore: 192.168.5.15 5001 → sockDir/port5001.sock\n\n- guestPort: 5002\n guestIPMustBeZero: false\n hostSocket: port5002.sock\n\n # forward: 127.0.0.1 5002 → sockDir/port5002.sock\n\n- guestPort: 5003\n guestIPMustBeZero: false\n hostSocket: port5003.sock\n\n # ignore: 192.168.5.15 5003 → sockDir/port5003.sock\n" }, { "path": "hack/test-selinux.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\nscriptdir=\"$(cd \"$(dirname \"${BASH_SOURCE[0]}\")\" && pwd)\"\n# shellcheck source=common.inc.sh\nsource \"${scriptdir}/common.inc.sh\"\n\nif [ \"$#\" -ne 1 ]; then\n\tERROR \"Usage: $0 NAME\"\n\texit 1\nfi\n\nNAME=\"$1\"\n##########################################################################################\n## When using vz & virtiofs, initially container_file_t selinux label\n## was considered which works perfectly for container work loads\n## but it might break for other work loads if the process is running with\n## different label. Also these are the remote mounts from the host machine,\n## so keeping the label as nfs_t fits right. Package container-selinux by\n## default adds rules for nfs_t context which allows container workloads to work as well.\n## https://github.com/lima-vm/lima/pull/1965\n##\n## With integration[https://github.com/lima-vm/lima/pull/2474] with systemd-binfmt,\n## the existing \"nfs_t\" selinux label for Rosetta is causing issues while registering it.\n## This behaviour needs to be fixed by setting the label as \"bin_t\"\n## https://github.com/lima-vm/lima/pull/2630\n##########################################################################################\nINFO \"Testing secontext is set for rosetta\"\nexpected=\"context=system_u:object_r:bin_t:s0\"\n#Skip Rosetta checks for x86 GHA mac runners\nif [[ \"$(uname)\" == \"Darwin\" && \"$(arch)\" == \"arm64\" ]]; then\n\tINFO \"Testing secontext is set for rosetta mounts\"\n\tgot=$(limactl shell \"$NAME\" mount | grep \"rosetta\" | awk '{print $6}')\n\tINFO \"secontext rosetta: expected=${expected}, got=${got}\"\n\tif [[ $got != *$expected* ]]; then\n\t\tERROR \"secontext for rosetta mount is not set or Invalid\"\n\t\texit 1\n\tfi\nfi\nINFO \"Testing secontext is set for bind mounts\"\nexpected=\"context=system_u:object_r:nfs_t:s0\"\nINFO \"Checking in mounts\"\ngot=$(limactl shell \"$NAME\" mount | grep \"$HOME\" | awk '{print $6}')\nINFO \"secontext ${HOME}: expected=${expected}, got=${got}\"\nif [[ $got != *$expected* ]]; then\n\tERROR \"secontext for \\\"$HOME\\\" dir is not set or Invalid\"\n\texit 1\nfi\ngot=$(limactl shell \"$NAME\" mount | grep \"/tmp/lima\" | awk '{print $6}')\nINFO \"secontext /tmp/lima: expected=${expected}, got=${got}\"\nif [[ $got != *$expected* ]]; then\n\tERROR 'secontext for \"/tmp/lima\" dir is not set or Invalid'\n\texit 1\nfi\nINFO \"Checking in fstab file\"\nexpected='context=\"system_u:object_r:nfs_t:s0\"'\ngot=$(limactl shell \"$NAME\" cat /etc/fstab | grep \"$HOME\" | awk '{print $4}')\nINFO \"secontext ${HOME}: expected=${expected}, got=${got}\"\nif [[ $got != *$expected* ]]; then\n\tERROR \"secontext for \\\"$HOME\\\" dir is not set or Invalid\"\n\texit 1\nfi\ngot=$(limactl shell \"$NAME\" cat /etc/fstab | grep \"/tmp/lima\" | awk '{print $4}')\nINFO \"secontext /tmp/lima: expected=${expected}, got=${got}\"\nif [[ $got != *$expected* ]]; then\n\tERROR 'secontext for \"/tmp/lima\" dir is not set or Invalid'\n\texit 1\nfi\n" }, { "path": "hack/test-templates/alpine-iso-9p-writable.yaml", "content": "# Background: https://github.com/lima-vm/lima/pull/2234\n# Should be tested on a Linux host\nimages:\n- location: \"https://github.com/lima-vm/alpine-lima/releases/download/v0.2.37/alpine-lima-std-3.19.0-x86_64.iso\"\n arch: \"x86_64\"\n digest: \"sha512:568852df405e6b9858e678171a9894c058f483df0b0570c22cf33fc75f349ba6cc5bb3d50188180d8c31faaf53400fe884ca3e5f949961b03b2bf53e65de88d7\"\n- location: \"https://github.com/lima-vm/alpine-lima/releases/download/v0.2.37/alpine-lima-std-3.19.0-aarch64.iso\"\n arch: \"aarch64\"\n digest: \"sha512:3a4bd5ad0201f503e9bb9f3b812aa0df292e2e099148c0323d23244046ad199a2946ef9e0619fec28726bfdcc528233f43c3b4b036c9e06e92ac730d579f0ca3\"\n\nmountType: \"9p\"\nmounts:\n- location: \"~\"\n writable: true\n- location: \"/tmp/lima test dir with spaces\"\n writable: true\n- location: \"/tmp/lima\"\n writable: true\n\ncontainerd:\n system: false\n user: false\n" }, { "path": "hack/test-templates/net-user-v2.yaml", "content": "# A template to run lima instance with experimental user-v2 network enabled\n# This template requires Lima v0.16.0 or later.\nimages:\n- location: \"https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img\"\n arch: \"x86_64\"\n- location: \"https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-arm64.img\"\n arch: \"aarch64\"\n\nhostResolver:\n hosts:\n host.docker.internal: host.lima.internal\nmounts:\n- location: \"~\"\n- location: \"/tmp/lima\"\n writable: true\nnetworks:\n- lima: user-v2\n" }, { "path": "hack/test-templates/test-misc.yaml", "content": "# The test template for testing misc configurations:\n# - disk\n# - snapshots\n# - (More to come)\n#\nbase: template:ubuntu-22.04\n\n# 9p is not compatible with `limactl snapshot`\nmountTypesUnsupported: [\"9p\"]\nmounts:\n- location: \"~\"\n writable: true\n- location: \"/tmp/lima test dir with spaces\"\n writable: true\n\nparam:\n ANSIBLE: ansible\n BOOT: boot\n DEPENDENCY: dependency\n PROBE: probe\n SYSTEM: system\n USER: user\n YQ: yq\n\nprovision:\n- mode: ansible\n playbook: ./hack/ansible-test.yaml\n- mode: boot\n script: \"touch /tmp/param-$PARAM_BOOT\"\n- mode: dependency\n script: \"touch /tmp/param-$PARAM_DEPENDENCY\"\n- mode: system\n script: |\n touch /tmp/param-$PARAM_SYSTEM\n\n # port forwarding test setup\n apt-get update\n apt-get install -y nginx python3\n systemctl enable nginx\n systemctl start nginx\n\n cat > /etc/systemd/system/test-server-9080.service << 'EOF'\n [Unit]\n Description=Test Server on Port 9080\n After=network.target\n\n [Service]\n Type=simple\n User=root\n ExecStart=/usr/bin/python3 -m http.server 9080 --bind 127.0.0.1\n Restart=always\n\n [Install]\n WantedBy=multi-user.target\n EOF\n\n cat > /etc/systemd/system/test-server-9070.service << 'EOF'\n [Unit]\n Description=Test Server on Port 9070\n After=network.target\n\n [Service]\n Type=simple\n User=root\n ExecStart=/usr/bin/python3 -m http.server 9070 --bind 127.0.0.1\n Restart=always\n\n [Install]\n WantedBy=multi-user.target\n EOF\n\n mkdir -p /var/www/html-9080\n mkdir -p /var/www/html-9070\n\n echo '

Dynamic port 9080

' > /var/www/html-9080/index.html\n echo '

Dynamic port 9070

' > /var/www/html-9070/index.html\n\n systemctl daemon-reload\n systemctl enable test-server-9080\n systemctl enable test-server-9070\n systemctl start test-server-9080\n systemctl start test-server-9070\n\n- mode: user\n script: \"touch /tmp/param-$PARAM_USER\"\n- mode: data\n path: /etc/sysctl.d/99-inotify.conf\n content: |\n fs.inotify.max_user_watches = 524288\n fs.inotify.max_user_instances = 512\n- mode: yq\n path: \"/tmp/param-{{.Param.YQ}}.json\"\n expression: .YQ = \"{{.Param.YQ}}\"\n\nprobes:\n- mode: readiness\n script: |\n #!/bin/sh\n touch /tmp/param-$PARAM_PROBE\n\n# in order to use this example, you must first create the disks. run:\n# $ limactl disk create data --size 10G\n# $ limactl disk create swap --size 2G\nadditionalDisks:\n- \"data\"\n- name: \"swap\"\n format: true\n fsType: swap\n\nuser:\n name: john\n comment: John Doe\n home: \"/home/{{.User}}-{{.User}}\"\n uid: 4711\n # Ubuntu has identical /bin/bash and /usr/bin/bash\n shell: /usr/bin/bash\n\nportForwards:\n- guestPort: 80\n hostPort: 9090\n static: true\n- guestPort: 9080\n hostPort: 29080\n static: false\n- guestPort: 9070\n hostPort: 29070\n static: false\n" }, { "path": "hack/test-templates.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# will prevent msys2 converting Linux path arguments into Windows paths before passing to limactl\nexport MSYS2_ARG_CONV_EXCL='*'\n\nscriptdir=\"$(cd \"$(dirname \"${BASH_SOURCE[0]}\")\" && pwd)\"\n# shellcheck source=common.inc.sh\nsource \"${scriptdir}/common.inc.sh\"\n\nif [ \"$#\" -ne 1 ]; then\n\tERROR \"Usage: $0 FILE.yaml\"\n\texit 1\nfi\n\n# Resolve any ../ fragments in the filename because they are invalid in relative template locators\nFILE=\"$(cd \"$(dirname \"$1\")\" && pwd)/$(basename \"$1\")\"\nNAME=\"$(basename -s .yaml \"$FILE\")\"\nOS_HOST=\"$(uname -o)\"\n\n# On Windows $HOME of the bash runner, %USERPROFILE% of the host machine and mounting point in the guest machine\n# are all different folders. This will handle path differences, when values are explicitly set.\nHOME_HOST=${HOME_HOST:-$HOME}\nHOME_GUEST=${HOME_GUEST:-$HOME}\nFILE_HOST=$FILE\nif [ \"${OS_HOST}\" = \"Msys\" ]; then\n\tFILE_HOST=\"$(cygpath -w \"$FILE\")\"\nfi\n\nINFO \"Validating \\\"$FILE_HOST\\\"\"\nlimactl validate \"$FILE_HOST\"\n\nLIMACTL_CREATE=(limactl --tty=false create)\n\nCONTAINER_ENGINE=\"nerdctl\"\n\ndeclare -A CHECKS=(\n\t[\"proxy-settings\"]=\"1\"\n\t[\"systemd\"]=\"1\"\n\t[\"mount-home\"]=\"1\"\n\t[\"container-engine\"]=\"1\"\n\t[\"restart\"]=\"1\"\n\t# snapshot tests are too flaky (especially with archlinux)\n\t[\"snapshot-online\"]=\"\"\n\t[\"snapshot-offline\"]=\"\"\n\t[\"clone\"]=\"\"\n\t[\"port-forwards\"]=\"1\"\n\t[\"vmnet\"]=\"\"\n\t[\"disk\"]=\"\"\n\t[\"user-v2\"]=\"\"\n\t[\"mount-path-with-spaces\"]=\"\"\n\t[\"provision-data\"]=\"\"\n\t[\"provision-yq\"]=\"\"\n\t[\"param-env-variables\"]=\"\"\n\t[\"set-user\"]=\"\"\n\t[\"preserve-env\"]=\"1\"\n\t[\"static-port-forwards\"]=\"\"\n\t[\"ssh-over-vsock\"]=\"\"\n)\n\ncase \"$NAME\" in\n\"default\")\n\t# CI failure:\n\t# \"[hostagent] failed to confirm whether /c/Users/runneradmin [remote] is successfully mounted\"\n\t[ \"${OS_HOST}\" = \"Msys\" ] && CHECKS[\"mount-home\"]=\n\t[ \"${OS_HOST}\" = \"Darwin\" ] && CHECKS[\"ssh-over-vsock\"]=\"1\"\n\t;;\n\"alpine\"*)\n\tWARNING \"Alpine does not support systemd\"\n\tCHECKS[\"systemd\"]=\n\tCHECKS[\"container-engine\"]=\n\t[ \"$NAME\" = \"alpine-iso-9p-writable\" ] && CHECKS[\"mount-path-with-spaces\"]=\"1\"\n\t;;\n\"k3s\")\n\tERROR \"File \\\"$FILE\\\" is not testable with this script\"\n\texit 1\n\t;;\n\"test-misc\")\n\tCHECKS[\"disk\"]=1\n\tCHECKS[\"snapshot-online\"]=\"1\"\n\tCHECKS[\"snapshot-offline\"]=\"1\"\n\tCHECKS[\"clone\"]=\"1\"\n\tCHECKS[\"mount-path-with-spaces\"]=\"1\"\n\tCHECKS[\"provision-data\"]=\"1\"\n\tCHECKS[\"provision-yq\"]=\"1\"\n\tCHECKS[\"param-env-variables\"]=\"1\"\n\tCHECKS[\"set-user\"]=\"1\"\n\tCHECKS[\"static-port-forwards\"]=\"1\"\n\t;;\n\"docker\")\n\tCONTAINER_ENGINE=\"docker\"\n\t;;\n\"wsl2\")\n\t# TODO https://github.com/lima-vm/lima/issues/3268\n\tCHECKS[\"proxy-settings\"]=\n\t;;\nesac\n\nif limactl ls -q \"$NAME\" 2>/dev/null; then\n\tERROR \"Instance $NAME already exists\"\n\texit 1\nfi\n\ncase \"$(limactl tmpl yq \"$FILE_HOST\" '.networks[].lima')\" in\n\"shared\")\n\tCHECKS[\"vmnet\"]=1\n\t;;\n\"user-v2\")\n\tCHECKS[\"port-forwards\"]=\"\"\n\tCHECKS[\"user-v2\"]=1\n\t;;\nesac\n\nif [[ -n ${CHECKS[\"port-forwards\"]} ]]; then\n\ttmpconfig=\"$HOME_HOST/lima-config-tmp\"\n\tmkdir -p \"${tmpconfig}\"\n\tdefer \"rm -rf \\\"$tmpconfig\\\"\"\n\ttmpfile=\"${tmpconfig}/${NAME}.yaml\"\n\tcp \"$FILE\" \"${tmpfile}\"\n\tFILE=\"${tmpfile}\"\n\tFILE_HOST=$FILE\n\tif [ \"${OS_HOST}\" = \"Msys\" ]; then\n\t\tFILE_HOST=\"$(cygpath -w \"$FILE\")\"\n\tfi\n\n\tINFO \"Setup port forwarding rules for testing in \\\"${FILE}\\\"\"\n\t\"${scriptdir}/test-port-forwarding.pl\" \"${FILE}\"\n\tINFO \"Validating \\\"$FILE_HOST\\\"\"\n\tlimactl validate \"$FILE_HOST\"\nfi\n\nINFO \"Make sure template embedding copies \\\"$FILE_HOST\\\" exactly\"\ndiff -u <(echo -n \"base: $FILE_HOST\" | limactl tmpl copy --embed - -) \"$FILE_HOST\"\n\nfunction diagnose() {\n\tNAME=\"$1\"\n\tset -x +e\n\ttail \"$HOME_HOST/.lima/${NAME}\"/*.log\n\tlimactl shell \"$NAME\" systemctl --no-pager status\n\tlimactl shell \"$NAME\" systemctl --no-pager\n\tmkdir -p failure-logs\n\tcp -pf \"$HOME_HOST/.lima/${NAME}\"/*.log failure-logs/\n\tlimactl shell \"$NAME\" sudo cat /var/log/cloud-init-output.log | tee failure-logs/cloud-init-output.log\n\tlimactl shell \"$NAME\" sh -c \"command -v journalctl >/dev/null && sudo journalctl --no-pager\" >failure-logs/journal.log\n\tset +x -e\n}\n\nexport ftp_proxy=http://localhost:2121\n\nINFO \"Creating \\\"$NAME\\\" from \\\"$FILE_HOST\\\"\"\ndefer \"limactl delete -f \\\"$NAME\\\"\"\n\nif [[ -n ${CHECKS[\"disk\"]} ]]; then\n\tif [[ -z \"$(limactl disk ls data --json 2>/dev/null)\" ]]; then\n\t\tdefer \"limactl disk delete data\"\n\t\tlimactl disk create data --size 10G\n\tfi\n\tif ! limactl disk ls | grep -q \"^swap\\s\"; then\n\t\tdefer \"limactl disk delete swap\"\n\t\tlimactl disk create swap --size 2G\n\tfi\nfi\n\nset -x\n# shellcheck disable=SC2086\n\"${LIMACTL_CREATE[@]}\" ${LIMACTL_CREATE_ARGS:-} \"$FILE_HOST\"\nset +x\n\nif [[ -n ${CHECKS[\"mount-path-with-spaces\"]} ]]; then\n\tmkdir -p \"/tmp/lima test dir with spaces\"\n\techo \"test file content\" >\"/tmp/lima test dir with spaces/test file\"\nfi\n\nINFO \"Starting \\\"$NAME\\\"\"\nset -x\nif ! limactl start \"$NAME\"; then\n\tERROR \"Failed to start \\\"$NAME\\\"\"\n\tdiagnose \"$NAME\"\n\texit 1\nfi\n\nlimactl shell \"$NAME\" uname -a\n\nlimactl shell \"$NAME\" cat /etc/os-release\nset +x\n\nINFO \"Testing that host home is not wiped out\"\n[ -e \"$HOME_HOST/.lima\" ]\n\nif [[ -n ${CHECKS[\"mount-path-with-spaces\"]} ]]; then\n\tINFO 'Testing that \"/tmp/lima test dir with spaces\" is not wiped out'\n\t[ \"$(cat \"/tmp/lima test dir with spaces/test file\")\" = \"test file content\" ]\n\t[ \"$(limactl shell \"$NAME\" cat \"/tmp/lima test dir with spaces/test file\")\" = \"test file content\" ]\nfi\n\nif [[ -n ${CHECKS[\"provision-data\"]} ]]; then\n\tINFO 'Testing that /etc/sysctl.d/99-inotify.conf was created successfully on provision'\n\tlimactl shell \"$NAME\" grep -q fs.inotify.max_user_watches /etc/sysctl.d/99-inotify.conf\nfi\n\nif [[ -n ${CHECKS[\"provision-yq\"]} ]]; then\n\tINFO 'Testing that /tmp/param-yq.json was created successfully on provision'\n\tlimactl shell \"$NAME\" grep -q '\"YQ\": \"yq\"' /tmp/param-yq.json\nfi\n\nif [[ -n ${CHECKS[\"param-env-variables\"]} ]]; then\n\tINFO 'Testing that PARAM env variables are exported to all types of provisioning scripts and probes'\n\tlimactl shell \"$NAME\" test -e /tmp/param-ansible\n\tlimactl shell \"$NAME\" test -e /tmp/param-boot\n\tlimactl shell \"$NAME\" test -e /tmp/param-dependency\n\tlimactl shell \"$NAME\" test -e /tmp/param-probe\n\tlimactl shell \"$NAME\" test -e /tmp/param-system\n\tlimactl shell \"$NAME\" test -e /tmp/param-user\nfi\n\nif [[ -n ${CHECKS[\"set-user\"]} ]]; then\n\tINFO 'Testing that user settings can be provided by lima.yaml'\n\tlimactl shell \"$NAME\" grep \"^john:x:4711:4711:John Doe:/home/john-john:/usr/bin/bash\" /etc/passwd\nfi\n\nif [[ -n ${CHECKS[\"proxy-settings\"]} ]]; then\n\tINFO \"Testing proxy settings are imported\"\n\tgot=$(limactl shell \"$NAME\" env | grep FTP_PROXY)\n\t# Expected: FTP_PROXY is set in addition to ftp_proxy, localhost is replaced\n\t# by the gateway address, and the value is set immediately without a restart\n\tgatewayIp=$(limactl shell \"$NAME\" ip route show 0.0.0.0/0 dev eth0 | cut -d\\ -f3)\n\texpected=\"FTP_PROXY=http://${gatewayIp}:2121\"\n\tINFO \"FTP_PROXY: expected=${expected} got=${got}\"\n\tif [ \"$got\" != \"$expected\" ]; then\n\t\tERROR \"proxy environment variable not set to correct value\"\n\t\texit 1\n\tfi\nfi\n\nINFO \"Testing limactl copy command\"\ntmpdir=\"$(mktemp -d \"${TMPDIR:-/tmp}\"/lima-test-templates.XXXXXX)\"\ndefer \"rm -rf \\\"$tmpdir\\\"\"\ntmpfile=\"$tmpdir/lima-hostname\"\nrm -f \"$tmpfile\"\ntmpfile_host=$tmpfile\nif [ \"${OS_HOST}\" = \"Msys\" ]; then\n\ttmpfile_host=\"$(cygpath -w \"$tmpfile\")\"\nfi\nlimactl cp \"$NAME\":/etc/hostname \"$tmpfile_host\"\nexpected=\"$(limactl shell \"$NAME\" cat /etc/hostname)\"\ngot=\"$(cat \"$tmpfile\")\"\nINFO \"/etc/hostname: expected=${expected}, got=${got}\"\nif [ \"$got\" != \"$expected\" ]; then\n\tERROR \"copy command did not fetch the file\"\n\texit 1\nfi\n\nINFO \"Testing limactl copy command with scp backend\"\ntmpfile_scp=\"$tmpdir/lima-hostname-scp\"\nrm -f \"$tmpfile_scp\"\ntmpfile_scp_host=$tmpfile_scp\nif [ \"${OS_HOST}\" = \"Msys\" ]; then\n\ttmpfile_scp_host=\"$(cygpath -w \"$tmpfile_scp\")\"\nfi\nlimactl cp --backend=scp \"$NAME\":/etc/hostname \"$tmpfile_scp_host\"\nexpected=\"$(limactl shell \"$NAME\" cat /etc/hostname)\"\ngot=\"$(cat \"$tmpfile_scp\")\"\nINFO \"/etc/hostname (scp): expected=${expected}, got=${got}\"\nif [ \"$got\" != \"$expected\" ]; then\n\tERROR \"copy command with scp backend did not fetch the file\"\n\texit 1\nfi\n\nif command -v rsync >/dev/null && limactl shell \"$NAME\" command -v rsync >/dev/null 2>&1; then\n\tINFO \"Testing limactl copy command with rsync backend\"\n\ttmpfile_rsync=\"$tmpdir/lima-hostname-rsync\"\n\trm -f \"$tmpfile_rsync\"\n\ttmpfile_rsync_host=$tmpfile_rsync\n\tif [ \"${OS_HOST}\" = \"Msys\" ]; then\n\t\ttmpfile_rsync_host=\"$(cygpath -w \"$tmpfile_rsync\")\"\n\tfi\n\tlimactl cp --backend=rsync \"$NAME\":/etc/hostname \"$tmpfile_rsync_host\"\n\texpected=\"$(limactl shell \"$NAME\" cat /etc/hostname)\"\n\tgot=\"$(cat \"$tmpfile_rsync\")\"\n\tINFO \"/etc/hostname (rsync): expected=${expected}, got=${got}\"\n\tif [ \"$got\" != \"$expected\" ]; then\n\t\tERROR \"copy command with rsync backend did not fetch the file\"\n\t\texit 1\n\tfi\n\n\tINFO \"Testing limactl copy command with rsync backend (verbose, recursive)\"\n\ttestdir=\"$tmpdir/test-rsync-dir\"\n\tmkdir -p \"$testdir\"\n\techo \"test content\" >\"$testdir/testfile.txt\"\n\tlimactl cp --backend=rsync -r -v \"$testdir\" \"$NAME\":/tmp/\n\tif ! limactl shell \"$NAME\" test -f /tmp/test-rsync-dir/testfile.txt; then\n\t\tERROR \"rsync recursive copy failed\"\n\t\texit 1\n\tfi\n\trsync_content=\"$(limactl shell \"$NAME\" cat /tmp/test-rsync-dir/testfile.txt)\"\n\tif [ \"$rsync_content\" != \"test content\" ]; then\n\t\tERROR \"rsync file content mismatch\"\n\t\texit 1\n\tfi\nelse\n\tINFO \"Skipping rsync backend test (rsync not available on host or guest)\"\nfi\n\nINFO \"Testing limactl command with escaped characters\"\nlimactl shell \"$NAME\" bash -c \"$(echo -e '\\n\\techo foo\\n\\techo bar')\"\n\nINFO \"Testing limactl command with quotes\"\nlimactl shell \"$NAME\" bash -c \"echo 'foo \\\"bar\\\"'\"\n\nif [[ -n ${CHECKS[\"systemd\"]} ]]; then\n\tset -x\n\tif ! limactl shell \"$NAME\" systemctl is-system-running --wait; then\n\t\tERROR '\"systemctl is-system-running\" failed'\n\t\tdiagnose \"$NAME\"\n\t\texit 1\n\tfi\n\tset +x\nfi\n\nif [[ -n ${CHECKS[\"mount-home\"]} ]]; then\n\t\"${scriptdir}\"/test-mount-home.sh \"$NAME\"\nfi\n\nif [[ -n ${CHECKS[\"ssh-over-vsock\"]} ]]; then\n\tif [[ \"$(limactl ls \"${NAME}\" --yq .vmType)\" == \"vz\" ]]; then\n\t\tINFO \"Testing SSH over vsock\"\n\t\tset -x\n\t\tlog_file=\"$HOME_HOST/.lima/${NAME}/ha.stdout.log\"\n\n\t\t# Helper function to check vsock events in the log file\n\t\t# $1: event_type to check for\n\t\tcheck_vsock_event() {\n\t\t\tlocal event_type=\"$1\"\n\t\t\tif jq -e --arg type \"$event_type\" 'select(.status.vsock.type == $type)' \"$log_file\" >/dev/null 2>&1; then\n\t\t\t\treturn 0\n\t\t\tfi\n\t\t\treturn 1\n\t\t}\n\n\t\tINFO \"Testing .ssh.overVsock=true configuration\"\n\t\tlimactl stop \"${NAME}\"\n\t\t# Detection of the SSH server on VSOCK may fail; however, a failing log indicates that controlling detection via the environment variable works as expected.\n\t\tlimactl start --set '.ssh.overVsock=true' \"${NAME}\"\n\t\tif ! check_vsock_event \"started\" && ! check_vsock_event \"failed\"; then\n\t\t\tset +x\n\t\t\tdiagnose \"${NAME}\"\n\t\t\tERROR \".ssh.overVsock=true did not enable vsock forwarder\"\n\t\t\texit 1\n\t\tfi\n\t\tINFO 'Testing .ssh.overVsock=null configuration'\n\t\tlimactl stop \"${NAME}\"\n\t\t# Detection of the SSH server on VSOCK may fail; however, a failing log indicates that controlling detection via the environment variable works as expected.\n\t\tlimactl start --set '.ssh.overVsock=null' \"${NAME}\"\n\t\tif ! check_vsock_event \"started\" && ! check_vsock_event \"failed\"; then\n\t\t\tset +x\n\t\t\tdiagnose \"${NAME}\"\n\t\t\tERROR \".ssh.overVsock=null did not enable vsock forwarder\"\n\t\t\texit 1\n\t\tfi\n\t\tINFO \"Testing .ssh.overVsock=false configuration\"\n\t\tlimactl stop \"${NAME}\"\n\t\tlimactl start --set '.ssh.overVsock=false' \"${NAME}\"\n\t\tif ! check_vsock_event \"skipped\"; then\n\t\t\tset +x\n\t\t\tdiagnose \"${NAME}\"\n\t\t\tERROR \".ssh.overVsock=false did not disable vsock forwarder\"\n\t\t\texit 1\n\t\tfi\n\t\tset +x\n\tfi\nfi\n\n# Use GHCR and ECR to avoid hitting Docker Hub rate limit\nnginx_image=\"ghcr.io/stargz-containers/nginx:1.19-alpine-org\"\nalpine_image=\"ghcr.io/containerd/alpine:3.14.0\"\ncoredns_image=\"public.ecr.aws/eks-distro/coredns/coredns:v1.12.2-eks-1-31-latest\"\n\nif [[ -n ${CHECKS[\"container-engine\"]} ]]; then\n\tsudo=\"\"\n\t# Currently WSL2 machines only support privileged engine. This requirement might be lifted in the future.\n\tif [[ \"$(limactl ls \"${NAME}\" --yq .vmType)\" == \"wsl2\" ]]; then\n\t\tsudo=\"sudo\"\n\tfi\n\tINFO \"Run a nginx container with port forwarding 127.0.0.1:8080\"\n\tset -x\n\tif ! limactl shell \"$NAME\" $sudo $CONTAINER_ENGINE info; then\n\t\tlimactl shell \"$NAME\" cat /var/log/cloud-init-output.log\n\t\tERROR \"\\\"${CONTAINER_ENGINE} info\\\" failed\"\n\t\texit 1\n\tfi\n\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE pull --quiet ${nginx_image}\n\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE run -d --name nginx -p 127.0.0.1:8080:80 ${nginx_image}\n\n\ttimeout 3m bash -euxc \"until curl -f --retry 30 --retry-connrefused http://127.0.0.1:8080; do sleep 3; done\"\n\n\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE rm -f nginx\n\n\tif [ \"${OS_HOST}\" != \"Msys\" ]; then\n\t\t# TODO: support UDP on Windows\n\t\tINFO \"Run a coredns container with port forwarding 127.0.0.1:10053/udp\"\n\t\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE pull --quiet ${coredns_image}\n\t\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE run -d --name coredns -p 127.0.0.1:10053:53/udp ${coredns_image}\n\t\tdig @127.0.0.1 -p 10053 lima-vm.io\n\t\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE rm -f coredns\n\tfi\n\n\tset +x\n\tif [[ -n ${CHECKS[\"mount-home\"]} ]]; then\n\t\thometmp=\"$HOME_HOST/lima-container-engine-test-tmp\"\n\t\thometmpguest=\"$HOME_GUEST/lima-container-engine-test-tmp\"\n\t\t# test for https://github.com/lima-vm/lima/issues/187\n\t\tINFO \"Testing home bind mount (\\\"$hometmp\\\")\"\n\t\trm -rf \"$hometmp\"\n\t\tmkdir -p \"$hometmp\"\n\t\tdefer \"rm -rf \\\"$hometmp\\\"\"\n\t\tset -x\n\t\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE pull --quiet ${alpine_image}\n\t\techo \"random-content-${RANDOM}\" >\"$hometmp/random\"\n\t\texpected=\"$(cat \"$hometmp/random\")\"\n\t\tgot=\"$(limactl shell \"$NAME\" $sudo $CONTAINER_ENGINE run --rm -v \"$hometmpguest/random\":/mnt/foo ${alpine_image} cat /mnt/foo)\"\n\t\tINFO \"$hometmp/random: expected=${expected}, got=${got}\"\n\t\tif [ \"$got\" != \"$expected\" ]; then\n\t\t\tERROR \"Home directory is not shared?\"\n\t\t\texit 1\n\t\tfi\n\t\tset +x\n\tfi\nfi\n\nif [[ -n ${CHECKS[\"port-forwards\"]} ]]; then\n\tPORT_FORWARDING_CONNECTION_TIMEOUT=1\n\tINFO \"Testing port forwarding rules using netcat and socat with connection timeout ${PORT_FORWARDING_CONNECTION_TIMEOUT}s\"\n\tset -x\n\tif [[ ${NAME} == \"alpine\"* ]]; then\n\t\tlimactl shell \"${NAME}\" sudo apk add socat\n\tfi\n\tif [[ ${NAME} == \"archlinux\" ]]; then\n\t\tlimactl shell \"${NAME}\" sudo pacman -Syu --noconfirm openbsd-netcat socat\n\tfi\n\tif [[ ${NAME} == \"debian\" || ${NAME} == \"default\" || ${NAME} == \"docker\" || ${NAME} == \"test-misc\" ]]; then\n\t\tlimactl shell \"${NAME}\" sudo apt-get install -y netcat-openbsd socat\n\tfi\n\tif [[ ${NAME} == \"fedora\" || ${NAME} == \"wsl2\" ]]; then\n\t\tlimactl shell \"${NAME}\" sudo dnf install -y nc socat\n\tfi\n\tif [[ ${NAME} == \"opensuse\" ]]; then\n\t\tlimactl shell \"${NAME}\" sudo zypper in -y netcat-openbsd socat\n\tfi\n\tif limactl shell \"${NAME}\" command -v dnf; then\n\t\tlimactl shell \"${NAME}\" sudo dnf install -y nc socat\n\tfi\n\tif \"${scriptdir}/test-port-forwarding.pl\" \"${NAME}\" socat $PORT_FORWARDING_CONNECTION_TIMEOUT; then\n\t\tINFO \"Port forwarding rules work\"\n\telse\n\t\tERROR \"Port forwarding rules do not work with socat\"\n\t\tdiagnose \"$NAME\"\n\t\texit 1\n\tfi\n\n\tif [[ -n ${CHECKS[\"container-engine\"]} || ${NAME} == \"alpine\"* ]]; then\n\t\tINFO \"Testing that \\\"${CONTAINER_ENGINE} run\\\" binds to 0.0.0.0 and is forwarded to the host (non-default behavior, configured via test-port-forwarding.pl)\"\n\t\tif [ \"$(uname)\" = \"Darwin\" ]; then\n\t\t\t# macOS runners seem to use `localhost` as the hostname, so the perl lookup just returns `127.0.0.1`\n\t\t\thostip=$(system_profiler SPNetworkDataType -json | jq -r 'first(.SPNetworkDataType[] | select(.ip_address) | .ip_address) | first')\n\t\telse\n\t\t\thostip=$(perl -MSocket -MSys::Hostname -E 'say inet_ntoa(scalar gethostbyname(hostname()))')\n\t\tfi\n\t\tif [ -n \"${hostip}\" ]; then\n\t\t\tsudo=\"\"\n\t\t\tif [[ ${NAME} == \"alpine\"* ]]; then\n\t\t\t\tarch=$(limactl info | jq -r .defaultTemplate.arch)\n\t\t\t\tnerdctl=$(limactl info | jq -r \".defaultTemplate.containerd.archives[] | select(.arch==\\\"$arch\\\").location\")\n\t\t\t\tcurl -Lso nerdctl-full.tgz \"${nerdctl}\"\n\t\t\t\tlimactl shell \"$NAME\" sudo apk add containerd\n\t\t\t\tlimactl shell \"$NAME\" sudo rc-service containerd start\n\t\t\t\tlimactl shell \"$NAME\" sudo tar xzf \"${PWD}/nerdctl-full.tgz\" -C /usr/local\n\t\t\t\trm nerdctl-full.tgz\n\t\t\t\tsudo=\"sudo\"\n\t\t\tfi\n\t\t\t# Currently WSL2 machines only support privileged engine. This requirement might be lifted in the future.\n\t\t\tif [[ \"$(limactl ls \"${NAME}\" --yq .vmType)\" == \"wsl2\" ]]; then\n\t\t\t\tsudo=\"sudo\"\n\t\t\tfi\n\t\t\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE info\n\t\t\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE pull --quiet ${nginx_image}\n\n\t\t\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE run -d --name nginx -p 8888:80 ${nginx_image}\n\t\t\ttimeout 3m bash -euxc \"until curl -f --retry 30 --retry-connrefused http://${hostip}:8888; do sleep 3; done\"\n\t\t\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE rm -f nginx\n\n\t\t\tif [ \"$(uname)\" = \"Darwin\" ]; then\n\t\t\t\t# Only macOS can bind to port 80 without root\n\t\t\t\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE run -d --name nginx -p 127.0.0.1:80:80 ${nginx_image}\n\t\t\t\ttimeout 3m bash -euxc \"until curl -f --retry 30 --retry-connrefused http://localhost:80; do sleep 3; done\"\n\t\t\t\tlimactl shell \"$NAME\" $sudo $CONTAINER_ENGINE rm -f nginx\n\t\t\tfi\n\t\tfi\n\t\tif [[ ${NAME} != \"alpine\"* ]] && command -v w3m >/dev/null; then\n\t\t\tINFO \"Testing https://github.com/lima-vm/lima/issues/3685 ([gRPC portfwd] client connection is not closed immediately when server closed the connection)\"\n\t\t\t# Skip the test on Alpine, as systemd-run is missing\n\t\t\t# Skip the test on WSL2, as port forwarding is half broken https://github.com/lima-vm/lima/pull/3686#issuecomment-3034842616\n\t\t\tlimactl shell \"$NAME\" systemd-run --user python3 -m http.server 3685\n\t\t\t# curl is not enough to reproduce https://github.com/lima-vm/lima/issues/3685\n\t\t\t# `w3m -dump` exits with status code 0 even on \"Can't load\" error.\n\t\t\ttimeout 30s bash -euxc \"until w3m -dump http://localhost:3685 | grep -v \\\"w3m: Can't load\\\"; do sleep 3; done\"\n\t\tfi\n\tfi\n\tset +x\nfi\n\nif [[ -n ${CHECKS[\"vmnet\"]} ]]; then\n\tINFO \"Testing vmnet functionality\"\n\tguestip=\"$(limactl shell \"$NAME\" ip -4 -j addr show dev lima0 | jq -r '.[0].addr_info[0].local')\"\n\tINFO \"Pinging the guest IP ${guestip}\"\n\tset -x\n\tping -c 3 \"$guestip\"\n\tset +x\n\tINFO \"Benchmarking with iperf3\"\n\tset -x\n\tlimactl shell \"$NAME\" sudo DEBIAN_FRONTEND=noninteractive apt-get install -y iperf3\n\tlimactl shell \"$NAME\" iperf3 -s -1 -D\n\t${IPERF3} -c \"$guestip\"\n\tset +x\n\t# NOTE: we only test the shared interface here, as the bridged interface cannot be used on GHA (and systemd-networkd-wait-online.service will fail)\nfi\n\nif [[ -n ${CHECKS[\"disk\"]} ]]; then\n\tINFO \"Testing disk is attached\"\n\tset -x\n\tif ! limactl shell \"$NAME\" lsblk --output NAME,MOUNTPOINT | grep -q \"/mnt/lima-data\"; then\n\t\tERROR \"Disk is not mounted\"\n\t\texit 1\n\tfi\n\tif ! limactl shell \"$NAME\" lsblk --output NAME,MOUNTPOINT | grep -q \"\\[SWAP\\]\"; then\n\t\tERROR \"Disk is not mounted\"\n\t\texit 1\n\tfi\n\tset +x\nfi\n\nif [[ -n ${CHECKS[\"restart\"]} ]]; then\n\tINFO \"Create file in the guest home directory and verify that it still exists after a restart\"\n\t# shellcheck disable=SC2016\n\tlimactl shell \"$NAME\" sh -c 'touch $HOME/sweet-home'\n\tif [[ -n ${CHECKS[\"disk\"]} ]]; then\n\t\tINFO \"Create file in disk and verify that it still exists when it is reattached\"\n\t\tlimactl shell \"$NAME\" sudo sh -c 'touch /mnt/lima-data/sweet-disk'\n\tfi\n\n\tINFO \"Stopping \\\"$NAME\\\"\"\n\tlimactl stop \"$NAME\"\n\tsleep 3\n\n\tif [[ -n ${CHECKS[\"disk\"]} ]]; then\n\t\tINFO \"Resize disk and verify that partition and fs size are increased\"\n\t\tlimactl disk resize data --size 11G\n\tfi\n\n\texport ftp_proxy=my.proxy:8021\n\tINFO \"Restarting \\\"$NAME\\\"\"\n\tif ! limactl start \"$NAME\"; then\n\t\tERROR \"Failed to start \\\"$NAME\\\"\"\n\t\tdiagnose \"$NAME\"\n\t\texit 1\n\tfi\n\n\tINFO \"Make sure proxy setting is updated\"\n\tgot=$(limactl shell \"$NAME\" env | grep FTP_PROXY)\n\texpected=\"FTP_PROXY=my.proxy:8021\"\n\tINFO \"FTP_PROXY: expected=${expected} got=${got}\"\n\tif [ \"$got\" != \"$expected\" ]; then\n\t\tERROR \"proxy environment variable not set to correct value\"\n\t\texit 1\n\tfi\n\n\t# shellcheck disable=SC2016\n\tif ! limactl shell \"$NAME\" sh -c 'test -f $HOME/sweet-home'; then\n\t\tERROR \"Guest home directory does not persist across restarts\"\n\t\texit 1\n\tfi\n\n\tif [[ -n ${CHECKS[\"disk\"]} ]]; then\n\t\tif ! limactl shell \"$NAME\" sh -c 'test -f /mnt/lima-data/sweet-disk'; then\n\t\t\tERROR \"Disk does not persist across restarts\"\n\t\t\texit 1\n\t\tfi\n\t\tif ! limactl shell \"$NAME\" sh -c 'df -h /mnt/lima-data/ --output=size | grep -q 11G'; then\n\t\t\tERROR \"Disk FS does not resized after restart\"\n\t\t\texit 1\n\t\tfi\n\tfi\nfi\n\nif [[ -n ${CHECKS[\"user-v2\"]} ]]; then\n\tINFO \"Testing user-v2 network\"\n\tsecondvm=\"$NAME-1\"\n\t\"${LIMACTL_CREATE[@]}\" --set \".additionalDisks=null\" \"$FILE_HOST\" --name \"$secondvm\"\n\tif ! limactl start \"$secondvm\"; then\n\t\tERROR \"Failed to start \\\"$secondvm\\\"\"\n\t\tdiagnose \"$secondvm\"\n\t\texit 1\n\tfi\n\tsecondvmDNS=\"lima-$secondvm.internal\"\n\tINFO \"DNS of $secondvm is $secondvmDNS\"\n\tset -x\n\tif ! limactl shell \"$NAME\" ping -c 1 \"$secondvmDNS\"; then\n\t\tERROR \"Failed to do vm->vm communication via user-v2\"\n\t\tINFO \"Stopping \\\"$secondvm\\\"\"\n\t\tlimactl stop \"$secondvm\"\n\t\tINFO \"Deleting \\\"$secondvm\\\"\"\n\t\tlimactl delete \"$secondvm\"\n\t\texit 1\n\tfi\n\tINFO \"Stopping \\\"$secondvm\\\"\"\n\tlimactl stop \"$secondvm\"\n\tINFO \"Deleting \\\"$secondvm\\\"\"\n\tlimactl delete \"$secondvm\"\n\tset +x\nfi\nif [[ -n ${CHECKS[\"snapshot-online\"]} ]]; then\n\tINFO \"Testing online snapshots\"\n\tlimactl shell \"$NAME\" sh -c 'echo foo > /tmp/test'\n\tlimactl snapshot create \"$NAME\" --tag snap1\n\tgot=$(limactl snapshot list \"$NAME\" --quiet)\n\texpected=\"snap1\"\n\tINFO \"snapshot list: expected=${expected} got=${got}\"\n\tif [ \"$got\" != \"$expected\" ]; then\n\t\tERROR \"snapshot list did not return expected value\"\n\t\texit 1\n\tfi\n\tlimactl shell \"$NAME\" sh -c 'echo bar > /tmp/test'\n\tlimactl snapshot apply \"$NAME\" --tag snap1\n\tgot=$(limactl shell \"$NAME\" cat /tmp/test)\n\texpected=\"foo\"\n\tINFO \"snapshot apply: expected=${expected} got=${got}\"\n\tif [ \"$got\" != \"$expected\" ]; then\n\t\tERROR \"snapshot apply did not restore snapshot\"\n\t\texit 1\n\tfi\n\tlimactl snapshot delete \"$NAME\" --tag snap1\n\tlimactl shell \"$NAME\" rm /tmp/test\nfi\nif [[ -n ${CHECKS[\"snapshot-offline\"]} ]]; then\n\tINFO \"Testing offline snapshots\"\n\tlimactl stop \"$NAME\"\n\tsleep 3\n\tlimactl snapshot create \"$NAME\" --tag snap2\n\tgot=$(limactl snapshot list \"$NAME\" --quiet)\n\texpected=\"snap2\"\n\tINFO \"snapshot list: expected=${expected} got=${got}\"\n\tif [ \"$got\" != \"$expected\" ]; then\n\t\tERROR \"snapshot list did not return expected value\"\n\t\texit 1\n\tfi\n\tlimactl snapshot apply \"$NAME\" --tag snap2\n\tlimactl snapshot delete \"$NAME\" --tag snap2\n\tlimactl start \"$NAME\"\nfi\nif [[ -n ${CHECKS[\"clone\"]} ]]; then\n\tINFO \"Testing cloning\"\n\tlimactl stop \"$NAME\"\n\tsleep 3\n\t# [hostagent] could not attach disk \\\"data\\\", in use by instance \\\"test-misc-clone\\\"\n\tlimactl clone --set '.additionalDisks = null' \"$NAME\" \"${NAME}-clone\"\n\tlimactl start \"${NAME}-clone\"\n\t[ \"$(limactl shell \"${NAME}-clone\" hostname)\" = \"lima-${NAME}-clone\" ]\n\tlimactl start \"$NAME\"\nfi\n\nif [[ $NAME == \"fedora\" && \"$(limactl ls \"${NAME}\" --yq .vmType)\" == \"vz\" ]]; then\n\t\"${scriptdir}\"/test-selinux.sh \"$NAME\"\nfi\n\nINFO \"Stopping \\\"$NAME\\\"\"\nlimactl stop \"$NAME\"\nsleep 3\n\nINFO \"Deleting \\\"$NAME\\\"\"\nlimactl delete \"$NAME\"\n\nif [[ -n ${CHECKS[\"mount-path-with-spaces\"]} ]]; then\n\trm -rf \"/tmp/lima test dir with spaces\"\nfi\n\nif [[ -n ${CHECKS[\"static-port-forwards\"]} ]]; then\n\tINFO \"Testing static port forwarding functionality\"\n\t\"${scriptdir}/test-plain-static-port-forward.sh\" \"$NAME\"\n\t\"${scriptdir}/test-nonplain-static-port-forward.sh\" \"$NAME\"\n\tINFO \"All static port forwarding tests passed!\"\nfi\n" }, { "path": "hack/test-upgrade.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\nscriptdir=\"$(cd \"$(dirname \"${BASH_SOURCE[0]}\")\" && pwd)\"\n# shellcheck source=common.inc.sh\nsource \"${scriptdir}/common.inc.sh\"\ncd \"${scriptdir}/..\"\n\nif [ \"$#\" -ne 2 ]; then\n\tERROR \"Usage: $0 OLDVER NEWVER\"\n\texit 1\nfi\n\nOLDVER=\"$1\"\nNEWVER=\"$2\"\n\nPREFIX=\"/usr/local\"\nfunction install_lima() {\n\tver=\"$1\"\n\tgit checkout \"${ver}\"\n\tmake clean\n\tmake\n\tif [ -w \"${PREFIX}/bin\" ] && [ -w \"${PREFIX}/share\" ] && [ -w \"${PREFIX}/libexec\" ]; then\n\t\tmake install\n\telse\n\t\tsudo make install\n\tfi\n}\n\nfunction install_lima_binary() {\n\tver=\"$1\"\n\ttar=\"tar\"\n\tif [ ! -w \"${PREFIX}/bin\" ] || [ ! -w \"${PREFIX}/share\" ] || [ ! -w \"${PREFIX}/libexec\" ]; then\n\t\ttar=\"sudo ${tar}\"\n\tfi\n\tcurl -fsSL \"https://github.com/lima-vm/lima/releases/download/${ver}/lima-${ver:1}-$(uname -s)-$(uname -m).tar.gz\" | ${tar} Cxzvm \"${PREFIX}\"\n}\n\nfunction uninstall_lima() {\n\tfiles=\"${PREFIX}/bin/lima ${PREFIX}/bin/limactl ${PREFIX}/share/lima ${PREFIX}/share/doc/lima ${PREFIX}/libexec/lima\"\n\tif [ -w \"${PREFIX}/bin\" ] && [ -w \"${PREFIX}/share\" ] && [ -w \"${PREFIX}/libexec\" ]; then\n\t\t# shellcheck disable=SC2086\n\t\trm -rf $files\n\telse\n\t\t# shellcheck disable=SC2086\n\t\tsudo rm -rf $files\n\tfi\n}\n\nfunction show_lima_log() {\n\ttail -n 100 ~/.lima/\"${LIMA_INSTANCE}\"/*.log || true\n\tmkdir -p failure-logs\n\tcp -pf ~/.lima/\"${LIMA_INSTANCE}\"/*.log failure-logs/ || true\n\tlimactl shell \"${LIMA_INSTANCE}\" sudo cat /var/log/cloud-init-output.log | tee failure-logs/cloud-init-output.log || true\n}\n\nINFO \"Uninstalling lima\"\nuninstall_lima\n\nINFO \"Installing the old Lima ${OLDVER}\"\ninstall_lima_binary \"${OLDVER}\" || install_lima \"${OLDVER}\"\n\nexport LIMA_INSTANCE=\"test-upgrade\"\n\nINFO \"Creating an instance \\\"${LIMA_INSTANCE}\\\" with the old Lima\"\ndefer \"show_lima_log;limactl delete -f \\\"${LIMA_INSTANCE}\\\"\"\nlimactl start --tty=false --name=\"${LIMA_INSTANCE}\" template://ubuntu-lts || (\n\tshow_lima_log\n\texit 1\n)\nlima nerdctl info\n\nimage_name=\"lima-test-upgrade-containerd-${RANDOM}\"\nimage_context=\"${HOME}/${image_name}\"\nINFO \"Building containerd image \\\"${image_name}\\\" from \\\"${image_context}\\\"\"\ndefer \"rm -rf \\\"${image_context}\\\"\"\nmkdir -p \"${image_context}\"\ncat <\"${image_context}\"/Dockerfile\n# Use GHCR to avoid hitting Docker Hub rate limit\nFROM ghcr.io/containerd/alpine:3.14.0\nCMD [\"echo\", \"Built with Lima ${OLDVER}\"]\nEOF\nlima nerdctl build -t \"${image_name}\" \"${image_context}\"\nlima nerdctl run --rm \"${image_name}\"\n\nINFO \"Stopping the instance\"\nlimactl stop \"${LIMA_INSTANCE}\"\n\nINFO \"==============================================================================\"\n\nINFO \"Installing the new Lima ${NEWVER}\"\ninstall_lima \"${NEWVER}\"\n\nINFO \"Editing the instance to specify vm-type as qemu explicitly\"\nlimactl edit --vm-type=qemu \"${LIMA_INSTANCE}\"\n\nINFO \"Restarting the instance\"\nlimactl start --tty=false --vm-type=qemu \"${LIMA_INSTANCE}\" || show_lima_log\nlima nerdctl info\n\nINFO \"Confirming that the host filesystem is still mounted\"\n\"${scriptdir}\"/test-mount-home.sh \"${LIMA_INSTANCE}\"\n\nINFO \"Confirming that the image \\\"${image_name}\\\" still exists\"\nlima nerdctl run --rm \"${image_name}\"\n" }, { "path": "hack/toolexec-for-codesign.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# This script is used to wrap the compiler and linker commands in the build\n# process. It captures the output of the command and logs it to a file.\n# The script's primary purpose is codesigning the output of the linker command\n# with the entitlements file if it exists.\n# If the OS is macOS, the result of the command is 0, the entitlements file\n# exists, and codesign is available, sign the output of the linker command with\n# the entitlements file.\n#\n# Usage:\n# go build -toolexec hack/toolexec-to-codesign.sh\n\nrepository_root=\"$(dirname \"$(dirname \"$0\")\")\"\nlogfile=\"${repository_root}/.toolexec-to-codesign.log\"\n\necho $$: cmd: \"$@\" >>\"${logfile}\"\n\noutput=\"$(\"$@\")\"\nresult=$?\n\necho $$: output: \"${output}\" >>\"${logfile}\"\n\nentitlements=\"${repository_root}/vz.entitlements\"\n\n# If the OS is macOS, the result of the command is 0, the entitlements file\n# exists, and codesign is available, sign the output of the linker command.\nif OS=$(uname -s) && [ \"${OS}\" = \"Darwin\" ] && [ \"${result}\" -eq 0 ] && [ -f \"${entitlements}\" ] && command -v codesign >/dev/null 2>&1; then\n\t# Check if the command is a linker command.\n\tcase \"$1\" in\n\t*link)\n\t\tshift\n\t\t# Find a parameter that is a output file.\n\t\twhile [ $# -gt 1 ]; do\n\t\t\tcase \"$1\" in\n\t\t\t-o)\n\t\t\t\t# If the output file is a executable, sign it with the entitlements file.\n\t\t\t\tif [ -x \"$2\" ]; then\n\t\t\t\t\tcodesign_output=\"$(codesign -v --entitlements \"${entitlements}\" -s - \"$2\" 2>&1)\"\n\t\t\t\t\techo \"$$: ${codesign_output}\" >>\"${logfile}\"\n\t\t\t\tfi\n\t\t\t\tbreak\n\t\t\t\t;;\n\t\t\t*) shift ;;\n\t\t\tesac\n\t\tdone\n\t\t;;\n\t*) ;;\n\tesac\nfi\n\n# Print the output of the command and exit with the result of the command.\necho \"${output}\"\nexit \"${result}\"\n" }, { "path": "hack/tools/go.mod", "content": "module tools\n\ngo 1.25.0\n\n// Should be in sync with pinversion.go\ntool (\n\tgithub.com/containerd/ltag\n\tgithub.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker\n\tgithub.com/golangci/golangci-lint/v2/cmd/golangci-lint\n\tgithub.com/jandubois/nobin\n\tgithub.com/yoheimuta/protolint/cmd/protolint\n\tgoogle.golang.org/grpc/cmd/protoc-gen-go-grpc\n\tgoogle.golang.org/protobuf/cmd/protoc-gen-go\n\tmvdan.cc/sh/v3/cmd/shfmt\n)\n\nrequire (\n\tgithub.com/containerd/ltag v0.3.0\n\tgithub.com/golangci/golangci-lint/v2 v2.11.3\n\tgithub.com/jandubois/nobin v0.8.0\n\tgithub.com/yoheimuta/protolint v0.56.4\n\tgoogle.golang.org/grpc v1.79.3\n\tgoogle.golang.org/protobuf v1.36.11\n\tmvdan.cc/sh/v3 v3.13.0\n)\n\nrequire (\n\t4d63.com/gocheckcompilerdirectives v1.3.0 // indirect\n\t4d63.com/gochecknoglobals v0.2.2 // indirect\n\tcodeberg.org/chavacava/garif v0.2.0 // indirect\n\tcodeberg.org/polyfloyd/go-errorlint v1.9.0 // indirect\n\tdev.gaijin.team/go/exhaustruct/v4 v4.0.0 // indirect\n\tdev.gaijin.team/go/golib v0.6.0 // indirect\n\tgithub.com/4meepo/tagalign v1.4.3 // indirect\n\tgithub.com/Abirdcfly/dupword v0.1.7 // indirect\n\tgithub.com/AdminBenni/iota-mixing v1.0.0 // indirect\n\tgithub.com/AlwxSin/noinlineerr v1.0.5 // indirect\n\tgithub.com/Antonboom/errname v1.1.1 // indirect\n\tgithub.com/Antonboom/nilnil v1.1.1 // indirect\n\tgithub.com/Antonboom/testifylint v1.6.4 // indirect\n\tgithub.com/BurntSushi/toml v1.6.0 // indirect\n\tgithub.com/Djarvur/go-err113 v0.1.1 // indirect\n\tgithub.com/Masterminds/semver/v3 v3.4.0 // indirect\n\tgithub.com/MirrexOne/unqueryvet v1.5.4 // indirect\n\tgithub.com/OpenPeeDeeP/depguard/v2 v2.2.1 // indirect\n\tgithub.com/alecthomas/chroma/v2 v2.23.1 // indirect\n\tgithub.com/alecthomas/go-check-sumtype v0.3.1 // indirect\n\tgithub.com/alexkohler/nakedret/v2 v2.0.6 // indirect\n\tgithub.com/alexkohler/prealloc v1.1.0 // indirect\n\tgithub.com/alfatraining/structtag v1.0.0 // indirect\n\tgithub.com/alingse/asasalint v0.0.11 // indirect\n\tgithub.com/alingse/nilnesserr v0.2.0 // indirect\n\tgithub.com/ashanbrown/forbidigo/v2 v2.3.0 // indirect\n\tgithub.com/ashanbrown/makezero/v2 v2.1.0 // indirect\n\tgithub.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect\n\tgithub.com/beorn7/perks v1.0.1 // indirect\n\tgithub.com/bkielbasa/cyclop v1.2.3 // indirect\n\tgithub.com/blizzy78/varnamelen v0.8.0 // indirect\n\tgithub.com/bmatcuk/doublestar/v4 v4.10.0 // indirect\n\tgithub.com/bombsimon/wsl/v4 v4.7.0 // indirect\n\tgithub.com/bombsimon/wsl/v5 v5.6.0 // indirect\n\tgithub.com/breml/bidichk v0.3.3 // indirect\n\tgithub.com/breml/errchkjson v0.4.1 // indirect\n\tgithub.com/butuzov/ireturn v0.4.0 // indirect\n\tgithub.com/butuzov/mirror v1.3.0 // indirect\n\tgithub.com/catenacyber/perfsprint v0.10.1 // indirect\n\tgithub.com/ccojocar/zxcvbn-go v1.0.4 // indirect\n\tgithub.com/cespare/xxhash/v2 v2.3.0 // indirect\n\tgithub.com/charithe/durationcheck v0.0.11 // indirect\n\tgithub.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect\n\tgithub.com/charmbracelet/lipgloss v1.1.0 // indirect\n\tgithub.com/charmbracelet/x/ansi v0.10.1 // indirect\n\tgithub.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd // indirect\n\tgithub.com/charmbracelet/x/term v0.2.1 // indirect\n\tgithub.com/chavacava/garif v0.1.0 // indirect\n\tgithub.com/ckaznocha/intrange v0.3.1 // indirect\n\tgithub.com/curioswitch/go-reassign v0.3.0 // indirect\n\tgithub.com/daixiang0/gci v0.13.7 // indirect\n\tgithub.com/dave/dst v0.27.3 // indirect\n\tgithub.com/davecgh/go-spew v1.1.1 // indirect\n\tgithub.com/denis-tingaikin/go-header v0.5.0 // indirect\n\tgithub.com/dlclark/regexp2 v1.11.5 // indirect\n\tgithub.com/editorconfig-checker/editorconfig-checker/v3 v3.6.1 // indirect\n\tgithub.com/editorconfig/editorconfig-core-go/v2 v2.6.4 // indirect\n\tgithub.com/ettle/strcase v0.2.0 // indirect\n\tgithub.com/fatih/color v1.18.0 // indirect\n\tgithub.com/fatih/structtag v1.2.0 // indirect\n\tgithub.com/firefart/nonamedreturns v1.0.6 // indirect\n\tgithub.com/fsnotify/fsnotify v1.5.4 // indirect\n\tgithub.com/fzipp/gocyclo v0.6.0 // indirect\n\tgithub.com/gabriel-vasile/mimetype v1.4.12 // indirect\n\tgithub.com/gertd/go-pluralize v0.2.1 // indirect\n\tgithub.com/ghostiam/protogetter v0.3.20 // indirect\n\tgithub.com/go-critic/go-critic v0.14.3 // indirect\n\tgithub.com/go-toolsmith/astcast v1.1.0 // indirect\n\tgithub.com/go-toolsmith/astcopy v1.1.0 // indirect\n\tgithub.com/go-toolsmith/astequal v1.2.0 // indirect\n\tgithub.com/go-toolsmith/astfmt v1.1.0 // indirect\n\tgithub.com/go-toolsmith/astp v1.1.0 // indirect\n\tgithub.com/go-toolsmith/strparse v1.1.0 // indirect\n\tgithub.com/go-toolsmith/typep v1.1.0 // indirect\n\tgithub.com/go-viper/mapstructure/v2 v2.5.0 // indirect\n\tgithub.com/go-xmlfmt/xmlfmt v1.1.3 // indirect\n\tgithub.com/gobwas/glob v0.2.3 // indirect\n\tgithub.com/godoc-lint/godoc-lint v0.11.2 // indirect\n\tgithub.com/gofrs/flock v0.13.0 // indirect\n\tgithub.com/golang/protobuf v1.5.4 // indirect\n\tgithub.com/golangci/asciicheck v0.5.0 // indirect\n\tgithub.com/golangci/dupl v0.0.0-20250308024227-f665c8d69b32 // indirect\n\tgithub.com/golangci/go-printf-func-name v0.1.1 // indirect\n\tgithub.com/golangci/gofmt v0.0.0-20250106114630-d62b90e6713d // indirect\n\tgithub.com/golangci/golines v0.15.0 // indirect\n\tgithub.com/golangci/misspell v0.8.0 // indirect\n\tgithub.com/golangci/plugin-module-register v0.1.2 // indirect\n\tgithub.com/golangci/revgrep v0.8.0 // indirect\n\tgithub.com/golangci/swaggoswag v0.0.0-20250504205917-77f2aca3143e // indirect\n\tgithub.com/golangci/unconvert v0.0.0-20250410112200-a129a6e6413e // indirect\n\tgithub.com/google/go-cmp v0.7.0 // indirect\n\tgithub.com/google/renameio/v2 v2.0.2 // indirect\n\tgithub.com/gordonklaus/ineffassign v0.2.0 // indirect\n\tgithub.com/gostaticanalysis/analysisutil v0.7.1 // indirect\n\tgithub.com/gostaticanalysis/comment v1.5.0 // indirect\n\tgithub.com/gostaticanalysis/forcetypeassert v0.2.0 // indirect\n\tgithub.com/gostaticanalysis/nilerr v0.1.2 // indirect\n\tgithub.com/hashicorp/go-hclog v1.6.3 // indirect\n\tgithub.com/hashicorp/go-immutable-radix/v2 v2.1.0 // indirect\n\tgithub.com/hashicorp/go-plugin v1.6.3 // indirect\n\tgithub.com/hashicorp/go-version v1.8.0 // indirect\n\tgithub.com/hashicorp/golang-lru/v2 v2.0.7 // indirect\n\tgithub.com/hashicorp/hcl v1.0.0 // indirect\n\tgithub.com/hashicorp/yamux v0.1.2 // indirect\n\tgithub.com/hexops/gotextdiff v1.0.3 // indirect\n\tgithub.com/inconshreveable/mousetrap v1.1.0 // indirect\n\tgithub.com/jgautheron/goconst v1.8.2 // indirect\n\tgithub.com/jingyugao/rowserrcheck v1.1.1 // indirect\n\tgithub.com/jjti/go-spancheck v0.6.5 // indirect\n\tgithub.com/julz/importas v0.2.0 // indirect\n\tgithub.com/karamaru-alpha/copyloopvar v1.2.2 // indirect\n\tgithub.com/kisielk/errcheck v1.10.0 // indirect\n\tgithub.com/kkHAIKE/contextcheck v1.1.6 // indirect\n\tgithub.com/kulti/thelper v0.7.1 // indirect\n\tgithub.com/kunwardeep/paralleltest v1.0.15 // indirect\n\tgithub.com/lasiar/canonicalheader v1.1.2 // indirect\n\tgithub.com/ldez/exptostd v0.4.5 // indirect\n\tgithub.com/ldez/gomoddirectives v0.8.0 // indirect\n\tgithub.com/ldez/grignotin v0.10.1 // indirect\n\tgithub.com/ldez/structtags v0.6.1 // indirect\n\tgithub.com/ldez/tagliatelle v0.7.2 // indirect\n\tgithub.com/ldez/usetesting v0.5.0 // indirect\n\tgithub.com/leonklingele/grouper v1.1.2 // indirect\n\tgithub.com/lucasb-eyer/go-colorful v1.2.0 // indirect\n\tgithub.com/macabu/inamedparam v0.2.0 // indirect\n\tgithub.com/magiconair/properties v1.8.6 // indirect\n\tgithub.com/manuelarte/embeddedstructfieldcheck v0.4.0 // indirect\n\tgithub.com/manuelarte/funcorder v0.5.0 // indirect\n\tgithub.com/maratori/testableexamples v1.0.1 // indirect\n\tgithub.com/maratori/testpackage v1.1.2 // indirect\n\tgithub.com/matoous/godox v1.1.0 // indirect\n\tgithub.com/mattn/go-colorable v0.1.14 // indirect\n\tgithub.com/mattn/go-isatty v0.0.20 // indirect\n\tgithub.com/mattn/go-runewidth v0.0.16 // indirect\n\tgithub.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect\n\tgithub.com/mgechev/revive v1.15.0 // indirect\n\tgithub.com/mitchellh/go-homedir v1.1.0 // indirect\n\tgithub.com/mitchellh/mapstructure v1.5.0 // indirect\n\tgithub.com/moricho/tparallel v0.3.2 // indirect\n\tgithub.com/muesli/termenv v0.16.0 // indirect\n\tgithub.com/nakabonne/nestif v0.3.1 // indirect\n\tgithub.com/nishanths/exhaustive v0.12.0 // indirect\n\tgithub.com/nishanths/predeclared v0.2.2 // indirect\n\tgithub.com/nunnatsa/ginkgolinter v0.23.0 // indirect\n\tgithub.com/oklog/run v1.2.0 // indirect\n\tgithub.com/pelletier/go-toml v1.9.5 // indirect\n\tgithub.com/pelletier/go-toml/v2 v2.2.4 // indirect\n\tgithub.com/pmezard/go-difflib v1.0.0 // indirect\n\tgithub.com/prometheus/client_golang v1.12.1 // indirect\n\tgithub.com/prometheus/client_model v0.2.0 // indirect\n\tgithub.com/prometheus/common v0.32.1 // indirect\n\tgithub.com/prometheus/procfs v0.7.3 // indirect\n\tgithub.com/quasilyte/go-ruleguard v0.4.5 // indirect\n\tgithub.com/quasilyte/go-ruleguard/dsl v0.3.23 // indirect\n\tgithub.com/quasilyte/gogrep v0.5.0 // indirect\n\tgithub.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect\n\tgithub.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect\n\tgithub.com/raeperd/recvcheck v0.2.0 // indirect\n\tgithub.com/rivo/uniseg v0.4.7 // indirect\n\tgithub.com/rogpeppe/go-internal v1.14.1 // indirect\n\tgithub.com/ryancurrah/gomodguard v1.4.1 // indirect\n\tgithub.com/ryanrolds/sqlclosecheck v0.5.1 // indirect\n\tgithub.com/sanposhiho/wastedassign/v2 v2.1.0 // indirect\n\tgithub.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect\n\tgithub.com/sashamelentyev/interfacebloat v1.1.0 // indirect\n\tgithub.com/sashamelentyev/usestdlibvars v1.29.0 // indirect\n\tgithub.com/securego/gosec/v2 v2.24.8-0.20260309165252-619ce2117e08 // indirect\n\tgithub.com/sirupsen/logrus v1.9.4 // indirect\n\tgithub.com/sivchari/containedctx v1.0.3 // indirect\n\tgithub.com/sonatard/noctx v0.5.0 // indirect\n\tgithub.com/sourcegraph/go-diff v0.7.0 // indirect\n\tgithub.com/spf13/afero v1.15.0 // indirect\n\tgithub.com/spf13/cast v1.5.0 // indirect\n\tgithub.com/spf13/cobra v1.10.2 // indirect\n\tgithub.com/spf13/jwalterweatherman v1.1.0 // indirect\n\tgithub.com/spf13/pflag v1.0.10 // indirect\n\tgithub.com/spf13/viper v1.12.0 // indirect\n\tgithub.com/ssgreg/nlreturn/v2 v2.2.1 // indirect\n\tgithub.com/stbenjam/no-sprintf-host-port v0.3.1 // indirect\n\tgithub.com/stretchr/objx v0.5.2 // indirect\n\tgithub.com/stretchr/testify v1.11.1 // indirect\n\tgithub.com/subosito/gotenv v1.4.1 // indirect\n\tgithub.com/tetafro/godot v1.5.4 // indirect\n\tgithub.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67 // indirect\n\tgithub.com/timonwong/loggercheck v0.11.0 // indirect\n\tgithub.com/tomarrell/wrapcheck/v2 v2.12.0 // indirect\n\tgithub.com/tommy-muehle/go-mnd/v2 v2.5.1 // indirect\n\tgithub.com/ultraware/funlen v0.2.0 // indirect\n\tgithub.com/ultraware/whitespace v0.2.0 // indirect\n\tgithub.com/uudashr/gocognit v1.2.1 // indirect\n\tgithub.com/uudashr/iface v1.4.1 // indirect\n\tgithub.com/wlynxg/chardet v1.0.4 // indirect\n\tgithub.com/xen0n/gosmopolitan v1.3.0 // indirect\n\tgithub.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect\n\tgithub.com/yagipy/maintidx v1.0.0 // indirect\n\tgithub.com/yeya24/promlinter v0.3.0 // indirect\n\tgithub.com/ykadowak/zerologlint v0.1.5 // indirect\n\tgithub.com/yoheimuta/go-protoparser/v4 v4.14.2 // indirect\n\tgitlab.com/bosi/decorder v0.4.2 // indirect\n\tgo-simpler.org/musttag v0.14.0 // indirect\n\tgo-simpler.org/sloglint v0.11.1 // indirect\n\tgo.augendre.info/arangolint v0.4.0 // indirect\n\tgo.augendre.info/fatcontext v0.9.0 // indirect\n\tgo.uber.org/multierr v1.10.0 // indirect\n\tgo.uber.org/zap v1.27.0 // indirect\n\tgo.yaml.in/yaml/v3 v3.0.4 // indirect\n\tgolang.org/x/exp/typeparams v0.0.0-20260209203927-2842357ff358 // indirect\n\tgolang.org/x/mod v0.33.0 // indirect\n\tgolang.org/x/net v0.52.0 // indirect\n\tgolang.org/x/sync v0.20.0 // indirect\n\tgolang.org/x/sys v0.42.0 // indirect\n\tgolang.org/x/term v0.41.0 // indirect\n\tgolang.org/x/text v0.35.0 // indirect\n\tgolang.org/x/tools v0.42.0 // indirect\n\tgoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect\n\tgoogle.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 // indirect\n\tgopkg.in/ini.v1 v1.67.0 // indirect\n\tgopkg.in/yaml.v2 v2.4.0 // indirect\n\tgopkg.in/yaml.v3 v3.0.1 // indirect\n\thonnef.co/go/tools v0.7.0 // indirect\n\tmvdan.cc/editorconfig v0.3.0 // indirect\n\tmvdan.cc/gofumpt v0.9.2 // indirect\n\tmvdan.cc/unparam v0.0.0-20251027182757-5beb8c8f8f15 // indirect\n)\n" }, { "path": "hack/tools/go.sum", "content": "4d63.com/gocheckcompilerdirectives v1.3.0 h1:Ew5y5CtcAAQeTVKUVFrE7EwHMrTO6BggtEj8BZSjZ3A=\n4d63.com/gocheckcompilerdirectives v1.3.0/go.mod h1:ofsJ4zx2QAuIP/NO/NAh1ig6R1Fb18/GI7RVMwz7kAY=\n4d63.com/gochecknoglobals v0.2.2 h1:H1vdnwnMaZdQW/N+NrkT1SZMTBmcwHe9Vq8lJcYYTtU=\n4d63.com/gochecknoglobals v0.2.2/go.mod h1:lLxwTQjL5eIesRbvnzIP3jZtG140FnTdz+AlMa+ogt0=\ncloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=\ncloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=\ncloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=\ncloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=\ncloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=\ncloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=\ncloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=\ncloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=\ncloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=\ncloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=\ncloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=\ncloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=\ncloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=\ncloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=\ncloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=\ncloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=\ncloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=\ncloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=\ncloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=\ncloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=\ncloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=\ncloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=\ncloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=\ncloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=\ncloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=\ncloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=\ncloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=\ncloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=\ncloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=\ncloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=\ncloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=\ncloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=\ncodeberg.org/chavacava/garif v0.2.0 h1:F0tVjhYbuOCnvNcU3YSpO6b3Waw6Bimy4K0mM8y6MfY=\ncodeberg.org/chavacava/garif v0.2.0/go.mod h1:P2BPbVbT4QcvLZrORc2T29szK3xEOlnl0GiPTJmEqBQ=\ncodeberg.org/polyfloyd/go-errorlint v1.9.0 h1:VkdEEmA1VBpH6ecQoMR4LdphVI3fA4RrCh2an7YmodI=\ncodeberg.org/polyfloyd/go-errorlint v1.9.0/go.mod h1:GPRRu2LzVijNn4YkrZYJfatQIdS+TrcK8rL5Xs24qw8=\ndev.gaijin.team/go/exhaustruct/v4 v4.0.0 h1:873r7aNneqoBB3IaFIzhvt2RFYTuHgmMjoKfwODoI1Y=\ndev.gaijin.team/go/exhaustruct/v4 v4.0.0/go.mod h1:aZ/k2o4Y05aMJtiux15x8iXaumE88YdiB0Ai4fXOzPI=\ndev.gaijin.team/go/golib v0.6.0 h1:v6nnznFTs4bppib/NyU1PQxobwDHwCXXl15P7DV5Zgo=\ndev.gaijin.team/go/golib v0.6.0/go.mod h1:uY1mShx8Z/aNHWDyAkZTkX+uCi5PdX7KsG1eDQa2AVE=\ndmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=\ngithub.com/4meepo/tagalign v1.4.3 h1:Bnu7jGWwbfpAie2vyl63Zup5KuRv21olsPIha53BJr8=\ngithub.com/4meepo/tagalign v1.4.3/go.mod h1:00WwRjiuSbrRJnSVeGWPLp2epS5Q/l4UEy0apLLS37c=\ngithub.com/Abirdcfly/dupword v0.1.7 h1:2j8sInznrje4I0CMisSL6ipEBkeJUJAmK1/lfoNGWrQ=\ngithub.com/Abirdcfly/dupword v0.1.7/go.mod h1:K0DkBeOebJ4VyOICFdppB23Q0YMOgVafM0zYW0n9lF4=\ngithub.com/AdminBenni/iota-mixing v1.0.0 h1:Os6lpjG2dp/AE5fYBPAA1zfa2qMdCAWwPMCgpwKq7wo=\ngithub.com/AdminBenni/iota-mixing v1.0.0/go.mod h1:i4+tpAaB+qMVIV9OK3m4/DAynOd5bQFaOu+2AhtBCNY=\ngithub.com/AlwxSin/noinlineerr v1.0.5 h1:RUjt63wk1AYWTXtVXbSqemlbVTb23JOSRiNsshj7TbY=\ngithub.com/AlwxSin/noinlineerr v1.0.5/go.mod h1:+QgkkoYrMH7RHvcdxdlI7vYYEdgeoFOVjU9sUhw/rQc=\ngithub.com/Antonboom/errname v1.1.1 h1:bllB7mlIbTVzO9jmSWVWLjxTEbGBVQ1Ff/ClQgtPw9Q=\ngithub.com/Antonboom/errname v1.1.1/go.mod h1:gjhe24xoxXp0ScLtHzjiXp0Exi1RFLKJb0bVBtWKCWQ=\ngithub.com/Antonboom/nilnil v1.1.1 h1:9Mdr6BYd8WHCDngQnNVV0b554xyisFioEKi30sksufQ=\ngithub.com/Antonboom/nilnil v1.1.1/go.mod h1:yCyAmSw3doopbOWhJlVci+HuyNRuHJKIv6V2oYQa8II=\ngithub.com/Antonboom/testifylint v1.6.4 h1:gs9fUEy+egzxkEbq9P4cpcMB6/G0DYdMeiFS87UiqmQ=\ngithub.com/Antonboom/testifylint v1.6.4/go.mod h1:YO33FROXX2OoUfwjz8g+gUxQXio5i9qpVy7nXGbxDD4=\ngithub.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=\ngithub.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk=\ngithub.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=\ngithub.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=\ngithub.com/Djarvur/go-err113 v0.1.1 h1:eHfopDqXRwAi+YmCUas75ZE0+hoBHJ2GQNLYRSxao4g=\ngithub.com/Djarvur/go-err113 v0.1.1/go.mod h1:IaWJdYFLg76t2ihfflPZnM1LIQszWOsFDh2hhhAVF6k=\ngithub.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=\ngithub.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=\ngithub.com/MirrexOne/unqueryvet v1.5.4 h1:38QOxShO7JmMWT+eCdDMbcUgGCOeJphVkzzRgyLJgsQ=\ngithub.com/MirrexOne/unqueryvet v1.5.4/go.mod h1:fs9Zq6eh1LRIhsDIsxf9PONVUjYdFHdtkHIgZdJnyPU=\ngithub.com/OpenPeeDeeP/depguard/v2 v2.2.1 h1:vckeWVESWp6Qog7UZSARNqfu/cZqvki8zsuj3piCMx4=\ngithub.com/OpenPeeDeeP/depguard/v2 v2.2.1/go.mod h1:q4DKzC4UcVaAvcfd41CZh0PWpGgzrVxUYBlgKNGquUo=\ngithub.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=\ngithub.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=\ngithub.com/alecthomas/chroma/v2 v2.23.1 h1:nv2AVZdTyClGbVQkIzlDm/rnhk1E9bU9nXwmZ/Vk/iY=\ngithub.com/alecthomas/chroma/v2 v2.23.1/go.mod h1:NqVhfBR0lte5Ouh3DcthuUCTUpDC9cxBOfyMbMQPs3o=\ngithub.com/alecthomas/go-check-sumtype v0.3.1 h1:u9aUvbGINJxLVXiFvHUlPEaD7VDULsrxJb4Aq31NLkU=\ngithub.com/alecthomas/go-check-sumtype v0.3.1/go.mod h1:A8TSiN3UPRw3laIgWEUOHHLPa6/r9MtoigdlP5h3K/E=\ngithub.com/alecthomas/repr v0.5.2 h1:SU73FTI9D1P5UNtvseffFSGmdNci/O6RsqzeXJtP0Qs=\ngithub.com/alecthomas/repr v0.5.2/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=\ngithub.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=\ngithub.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=\ngithub.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=\ngithub.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=\ngithub.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=\ngithub.com/alexkohler/nakedret/v2 v2.0.6 h1:ME3Qef1/KIKr3kWX3nti3hhgNxw6aqN5pZmQiFSsuzQ=\ngithub.com/alexkohler/nakedret/v2 v2.0.6/go.mod h1:l3RKju/IzOMQHmsEvXwkqMDzHHvurNQfAgE1eVmT40Q=\ngithub.com/alexkohler/prealloc v1.1.0 h1:cKGRBqlXw5iyQGLYhrXrDlcHxugXpTq4tQ5c91wkf8M=\ngithub.com/alexkohler/prealloc v1.1.0/go.mod h1:fT39Jge3bQrfA7nPMDngUfvUbQGQeJyGQnR+913SCig=\ngithub.com/alfatraining/structtag v1.0.0 h1:2qmcUqNcCoyVJ0up879K614L9PazjBSFruTB0GOFjCc=\ngithub.com/alfatraining/structtag v1.0.0/go.mod h1:p3Xi5SwzTi+Ryj64DqjLWz7XurHxbGsq6y3ubePJPus=\ngithub.com/alingse/asasalint v0.0.11 h1:SFwnQXJ49Kx/1GghOFz1XGqHYKp21Kq1nHad/0WQRnw=\ngithub.com/alingse/asasalint v0.0.11/go.mod h1:nCaoMhw7a9kSJObvQyVzNTPBDbNpdocqrSP7t/cW5+I=\ngithub.com/alingse/nilnesserr v0.2.0 h1:raLem5KG7EFVb4UIDAXgrv3N2JIaffeKNtcEXkEWd/w=\ngithub.com/alingse/nilnesserr v0.2.0/go.mod h1:1xJPrXonEtX7wyTq8Dytns5P2hNzoWymVUIaKm4HNFg=\ngithub.com/ashanbrown/forbidigo/v2 v2.3.0 h1:OZZDOchCgsX5gvToVtEBoV2UWbFfI6RKQTir2UZzSxo=\ngithub.com/ashanbrown/forbidigo/v2 v2.3.0/go.mod h1:5p6VmsG5/1xx3E785W9fouMxIOkvY2rRV9nMdWadd6c=\ngithub.com/ashanbrown/makezero/v2 v2.1.0 h1:snuKYMbqosNokUKm+R6/+vOPs8yVAi46La7Ck6QYSaE=\ngithub.com/ashanbrown/makezero/v2 v2.1.0/go.mod h1:aEGT/9q3S8DHeE57C88z2a6xydvgx8J5hgXIGWgo0MY=\ngithub.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=\ngithub.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=\ngithub.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=\ngithub.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=\ngithub.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=\ngithub.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=\ngithub.com/bkielbasa/cyclop v1.2.3 h1:faIVMIGDIANuGPWH031CZJTi2ymOQBULs9H21HSMa5w=\ngithub.com/bkielbasa/cyclop v1.2.3/go.mod h1:kHTwA9Q0uZqOADdupvcFJQtp/ksSnytRMe8ztxG8Fuo=\ngithub.com/blizzy78/varnamelen v0.8.0 h1:oqSblyuQvFsW1hbBHh1zfwrKe3kcSj0rnXkKzsQ089M=\ngithub.com/blizzy78/varnamelen v0.8.0/go.mod h1:V9TzQZ4fLJ1DSrjVDfl89H7aMnTvKkApdHeyESmyR7k=\ngithub.com/bmatcuk/doublestar/v4 v4.10.0 h1:zU9WiOla1YA122oLM6i4EXvGW62DvKZVxIe6TYWexEs=\ngithub.com/bmatcuk/doublestar/v4 v4.10.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=\ngithub.com/bombsimon/wsl/v4 v4.7.0 h1:1Ilm9JBPRczjyUs6hvOPKvd7VL1Q++PL8M0SXBDf+jQ=\ngithub.com/bombsimon/wsl/v4 v4.7.0/go.mod h1:uV/+6BkffuzSAVYD+yGyld1AChO7/EuLrCF/8xTiapg=\ngithub.com/bombsimon/wsl/v5 v5.6.0 h1:4z+/sBqC5vUmSp1O0mS+czxwH9+LKXtCWtHH9rZGQL8=\ngithub.com/bombsimon/wsl/v5 v5.6.0/go.mod h1:Uqt2EfrMj2NV8UGoN1f1Y3m0NpUVCsUdrNCdet+8LvU=\ngithub.com/breml/bidichk v0.3.3 h1:WSM67ztRusf1sMoqH6/c4OBCUlRVTKq+CbSeo0R17sE=\ngithub.com/breml/bidichk v0.3.3/go.mod h1:ISbsut8OnjB367j5NseXEGGgO/th206dVa427kR8YTE=\ngithub.com/breml/errchkjson v0.4.1 h1:keFSS8D7A2T0haP9kzZTi7o26r7kE3vymjZNeNDRDwg=\ngithub.com/breml/errchkjson v0.4.1/go.mod h1:a23OvR6Qvcl7DG/Z4o0el6BRAjKnaReoPQFciAl9U3s=\ngithub.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA=\ngithub.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8=\ngithub.com/butuzov/ireturn v0.4.0 h1:+s76bF/PfeKEdbG8b54aCocxXmi0wvYdOVsWxVO7n8E=\ngithub.com/butuzov/ireturn v0.4.0/go.mod h1:ghI0FrCmap8pDWZwfPisFD1vEc56VKH4NpQUxDHta70=\ngithub.com/butuzov/mirror v1.3.0 h1:HdWCXzmwlQHdVhwvsfBb2Au0r3HyINry3bDWLYXiKoc=\ngithub.com/butuzov/mirror v1.3.0/go.mod h1:AEij0Z8YMALaq4yQj9CPPVYOyJQyiexpQEQgihajRfI=\ngithub.com/catenacyber/perfsprint v0.10.1 h1:u7Riei30bk46XsG8nknMhKLXG9BcXz3+3tl/WpKm0PQ=\ngithub.com/catenacyber/perfsprint v0.10.1/go.mod h1:DJTGsi/Zufpuus6XPGJyKOTMELe347o6akPvWG9Zcsc=\ngithub.com/ccojocar/zxcvbn-go v1.0.4 h1:FWnCIRMXPj43ukfX000kvBZvV6raSxakYr1nzyNrUcc=\ngithub.com/ccojocar/zxcvbn-go v1.0.4/go.mod h1:3GxGX+rHmueTUMvm5ium7irpyjmm7ikxYFOSJB21Das=\ngithub.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=\ngithub.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=\ngithub.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=\ngithub.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=\ngithub.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=\ngithub.com/charithe/durationcheck v0.0.11 h1:g1/EX1eIiKS57NTWsYtHDZ/APfeXKhye1DidBcABctk=\ngithub.com/charithe/durationcheck v0.0.11/go.mod h1:x5iZaixRNl8ctbM+3B2RrPG5t856TxRyVQEnbIEM2X4=\ngithub.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc h1:4pZI35227imm7yK2bGPcfpFEmuY1gc2YSTShr4iJBfs=\ngithub.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc/go.mod h1:X4/0JoqgTIPSFcRA/P6INZzIuyqdFY5rm8tb41s9okk=\ngithub.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY=\ngithub.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30=\ngithub.com/charmbracelet/x/ansi v0.10.1 h1:rL3Koar5XvX0pHGfovN03f5cxLbCF2YvLeyz7D2jVDQ=\ngithub.com/charmbracelet/x/ansi v0.10.1/go.mod h1:3RQDQ6lDnROptfpWuUVIUG64bD2g2BgntdxH0Ya5TeE=\ngithub.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd h1:vy0GVL4jeHEwG5YOXDmi86oYw2yuYUGqz6a8sLwg0X8=\ngithub.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd/go.mod h1:xe0nKWGd3eJgtqZRaN9RjMtK7xUYchjzPr7q6kcvCCs=\ngithub.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ=\ngithub.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg=\ngithub.com/chavacava/garif v0.1.0 h1:2JHa3hbYf5D9dsgseMKAmc/MZ109otzgNFk5s87H9Pc=\ngithub.com/chavacava/garif v0.1.0/go.mod h1:XMyYCkEL58DF0oyW4qDjjnPWONs2HBqYKI+UIPD+Gww=\ngithub.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=\ngithub.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=\ngithub.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=\ngithub.com/ckaznocha/intrange v0.3.1 h1:j1onQyXvHUsPWujDH6WIjhyH26gkRt/txNlV7LspvJs=\ngithub.com/ckaznocha/intrange v0.3.1/go.mod h1:QVepyz1AkUoFQkpEqksSYpNpUo3c5W7nWh/s6SHIJJk=\ngithub.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=\ngithub.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=\ngithub.com/containerd/ltag v0.3.0 h1:AbeBQAGLwWxWVkgtLblT5Zd5fFW1+45On3+RvuZO+Go=\ngithub.com/containerd/ltag v0.3.0/go.mod h1:VEpXtwQK+FDdhegH7NLRJM5gzdHtHWDztP1YoZxWJlQ=\ngithub.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=\ngithub.com/curioswitch/go-reassign v0.3.0 h1:dh3kpQHuADL3cobV/sSGETA8DOv457dwl+fbBAhrQPs=\ngithub.com/curioswitch/go-reassign v0.3.0/go.mod h1:nApPCCTtqLJN/s8HfItCcKV0jIPwluBOvZP+dsJGA88=\ngithub.com/daixiang0/gci v0.13.7 h1:+0bG5eK9vlI08J+J/NWGbWPTNiXPG4WhNLJOkSxWITQ=\ngithub.com/daixiang0/gci v0.13.7/go.mod h1:812WVN6JLFY9S6Tv76twqmNqevN0pa3SX3nih0brVzQ=\ngithub.com/dave/dst v0.27.3 h1:P1HPoMza3cMEquVf9kKy8yXsFirry4zEnWOdYPOoIzY=\ngithub.com/dave/dst v0.27.3/go.mod h1:jHh6EOibnHgcUW3WjKHisiooEkYwqpHLBSX1iOBhEyc=\ngithub.com/dave/jennifer v1.7.1 h1:B4jJJDHelWcDhlRQxWeo0Npa/pYKBLrirAQoTN45txo=\ngithub.com/dave/jennifer v1.7.1/go.mod h1:nXbxhEmQfOZhWml3D1cDK5M1FLnMSozpbFN/m3RmGZc=\ngithub.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=\ngithub.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=\ngithub.com/denis-tingaikin/go-header v0.5.0 h1:SRdnP5ZKvcO9KKRP1KJrhFR3RrlGuD+42t4429eC9k8=\ngithub.com/denis-tingaikin/go-header v0.5.0/go.mod h1:mMenU5bWrok6Wl2UsZjy+1okegmwQ3UgWl4V1D8gjlY=\ngithub.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ=\ngithub.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=\ngithub.com/editorconfig-checker/editorconfig-checker/v3 v3.6.1 h1:jdfYul8o1YpAb0tjNBcfJsVFwTn1s4qis4ec5Feuhhs=\ngithub.com/editorconfig-checker/editorconfig-checker/v3 v3.6.1/go.mod h1:3M/pJVyyr63yWjRWOFpPqKNAzj6JaE/I/+dNDfgN+3I=\ngithub.com/editorconfig/editorconfig-core-go/v2 v2.6.4 h1:CHwUbBVVyKWRX9kt5A/OtwhYUJB32DrFp9xzmjR6cac=\ngithub.com/editorconfig/editorconfig-core-go/v2 v2.6.4/go.mod h1:JWRVKHdVW+dkv6F8p+xGCa6a+TyMrqsFbFkSs/aQkrQ=\ngithub.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=\ngithub.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=\ngithub.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=\ngithub.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=\ngithub.com/ettle/strcase v0.2.0 h1:fGNiVF21fHXpX1niBgk0aROov1LagYsOwV/xqKDKR/Q=\ngithub.com/ettle/strcase v0.2.0/go.mod h1:DajmHElDSaX76ITe3/VHVyMin4LWSJN5Z909Wp+ED1A=\ngithub.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=\ngithub.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=\ngithub.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=\ngithub.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4=\ngithub.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=\ngithub.com/firefart/nonamedreturns v1.0.6 h1:vmiBcKV/3EqKY3ZiPxCINmpS431OcE1S47AQUwhrg8E=\ngithub.com/firefart/nonamedreturns v1.0.6/go.mod h1:R8NisJnSIpvPWheCq0mNRXJok6D8h7fagJTF8EMEwCo=\ngithub.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=\ngithub.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps=\ngithub.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=\ngithub.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=\ngithub.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo=\ngithub.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA=\ngithub.com/gabriel-vasile/mimetype v1.4.12 h1:e9hWvmLYvtp846tLHam2o++qitpguFiYCKbn0w9jyqw=\ngithub.com/gabriel-vasile/mimetype v1.4.12/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=\ngithub.com/gertd/go-pluralize v0.2.1 h1:M3uASbVjMnTsPb0PNqg+E/24Vwigyo/tvyMTtAlLgiA=\ngithub.com/gertd/go-pluralize v0.2.1/go.mod h1:rbYaKDbsXxmRfr8uygAEKhOWsjyrrqrkHVpZvoOp8zk=\ngithub.com/ghostiam/protogetter v0.3.20 h1:oW7OPFit2FxZOpmMRPP9FffU4uUpfeE/rEdE1f+MzD0=\ngithub.com/ghostiam/protogetter v0.3.20/go.mod h1:FjIu5Yfs6FT391m+Fjp3fbAYJ6rkL/J6ySpZBfnODuI=\ngithub.com/gkampitakis/ciinfo v0.3.2 h1:JcuOPk8ZU7nZQjdUhctuhQofk7BGHuIy0c9Ez8BNhXs=\ngithub.com/gkampitakis/ciinfo v0.3.2/go.mod h1:1NIwaOcFChN4fa/B0hEBdAb6npDlFL8Bwx4dfRLRqAo=\ngithub.com/gkampitakis/go-snaps v0.5.19 h1:hUJlCQOpTt1M+kSisMwioDWZDWpDtdAvUhvWCx1YGW0=\ngithub.com/gkampitakis/go-snaps v0.5.19/go.mod h1:gC3YqxQTPyIXvQrw/Vpt3a8VqR1MO8sVpZFWN4DGwNs=\ngithub.com/go-critic/go-critic v0.14.3 h1:5R1qH2iFeo4I/RJU8vTezdqs08Egi4u5p6vOESA0pog=\ngithub.com/go-critic/go-critic v0.14.3/go.mod h1:xwntfW6SYAd7h1OqDzmN6hBX/JxsEKl5up/Y2bsxgVQ=\ngithub.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=\ngithub.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=\ngithub.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=\ngithub.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=\ngithub.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=\ngithub.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=\ngithub.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=\ngithub.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=\ngithub.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=\ngithub.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=\ngithub.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=\ngithub.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=\ngithub.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=\ngithub.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=\ngithub.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=\ngithub.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=\ngithub.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=\ngithub.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=\ngithub.com/go-toolsmith/astcast v1.1.0 h1:+JN9xZV1A+Re+95pgnMgDboWNVnIMMQXwfBwLRPgSC8=\ngithub.com/go-toolsmith/astcast v1.1.0/go.mod h1:qdcuFWeGGS2xX5bLM/c3U9lewg7+Zu4mr+xPwZIB4ZU=\ngithub.com/go-toolsmith/astcopy v1.1.0 h1:YGwBN0WM+ekI/6SS6+52zLDEf8Yvp3n2seZITCUBt5s=\ngithub.com/go-toolsmith/astcopy v1.1.0/go.mod h1:hXM6gan18VA1T/daUEHCFcYiW8Ai1tIwIzHY6srfEAw=\ngithub.com/go-toolsmith/astequal v1.0.3/go.mod h1:9Ai4UglvtR+4up+bAD4+hCj7iTo4m/OXVTSLnCyTAx4=\ngithub.com/go-toolsmith/astequal v1.1.0/go.mod h1:sedf7VIdCL22LD8qIvv7Nn9MuWJruQA/ysswh64lffQ=\ngithub.com/go-toolsmith/astequal v1.2.0 h1:3Fs3CYZ1k9Vo4FzFhwwewC3CHISHDnVUPC4x0bI2+Cw=\ngithub.com/go-toolsmith/astequal v1.2.0/go.mod h1:c8NZ3+kSFtFY/8lPso4v8LuJjdJiUFVnSuU3s0qrrDY=\ngithub.com/go-toolsmith/astfmt v1.1.0 h1:iJVPDPp6/7AaeLJEruMsBUlOYCmvg0MoCfJprsOmcco=\ngithub.com/go-toolsmith/astfmt v1.1.0/go.mod h1:OrcLlRwu0CuiIBp/8b5PYF9ktGVZUjlNMV634mhwuQ4=\ngithub.com/go-toolsmith/astp v1.1.0 h1:dXPuCl6u2llURjdPLLDxJeZInAeZ0/eZwFJmqZMnpQA=\ngithub.com/go-toolsmith/astp v1.1.0/go.mod h1:0T1xFGz9hicKs8Z5MfAqSUitoUYS30pDMsRVIDHs8CA=\ngithub.com/go-toolsmith/pkgload v1.2.2 h1:0CtmHq/02QhxcF7E9N5LIFcYFsMR5rdovfqTtRKkgIk=\ngithub.com/go-toolsmith/pkgload v1.2.2/go.mod h1:R2hxLNRKuAsiXCo2i5J6ZQPhnPMOVtU+f0arbFPWCus=\ngithub.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8=\ngithub.com/go-toolsmith/strparse v1.1.0 h1:GAioeZUK9TGxnLS+qfdqNbA4z0SSm5zVNtCQiyP2Bvw=\ngithub.com/go-toolsmith/strparse v1.1.0/go.mod h1:7ksGy58fsaQkGQlY8WVoBFNyEPMGuJin1rfoPS4lBSQ=\ngithub.com/go-toolsmith/typep v1.1.0 h1:fIRYDyF+JywLfqzyhdiHzRop/GQDxxNhLGQ6gFUNHus=\ngithub.com/go-toolsmith/typep v1.1.0/go.mod h1:fVIw+7zjdsMxDA3ITWnH1yOiw1rnTQKCsF/sk2H/qig=\ngithub.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPEgAXnvj1Ro=\ngithub.com/go-viper/mapstructure/v2 v2.5.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=\ngithub.com/go-xmlfmt/xmlfmt v1.1.3 h1:t8Ey3Uy7jDSEisW2K3somuMKIpzktkWptA0iFCnRUWY=\ngithub.com/go-xmlfmt/xmlfmt v1.1.3/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=\ngithub.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=\ngithub.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=\ngithub.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=\ngithub.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=\ngithub.com/godoc-lint/godoc-lint v0.11.2 h1:Bp0FkJWoSdNsBikdNgIcgtaoo+xz6I/Y9s5WSBQUeeM=\ngithub.com/godoc-lint/godoc-lint v0.11.2/go.mod h1:iVpGdL1JCikNH2gGeAn3Hh+AgN5Gx/I/cxV+91L41jo=\ngithub.com/gofrs/flock v0.13.0 h1:95JolYOvGMqeH31+FC7D2+uULf6mG61mEZ/A8dRYMzw=\ngithub.com/gofrs/flock v0.13.0/go.mod h1:jxeyy9R1auM5S6JYDBhDt+E2TCo7DkratH4Pgi8P+Z0=\ngithub.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=\ngithub.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=\ngithub.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=\ngithub.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=\ngithub.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=\ngithub.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=\ngithub.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=\ngithub.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=\ngithub.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=\ngithub.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=\ngithub.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=\ngithub.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=\ngithub.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=\ngithub.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=\ngithub.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=\ngithub.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=\ngithub.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=\ngithub.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=\ngithub.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=\ngithub.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=\ngithub.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=\ngithub.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=\ngithub.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=\ngithub.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=\ngithub.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=\ngithub.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=\ngithub.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=\ngithub.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=\ngithub.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=\ngithub.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=\ngithub.com/golangci/asciicheck v0.5.0 h1:jczN/BorERZwK8oiFBOGvlGPknhvq0bjnysTj4nUfo0=\ngithub.com/golangci/asciicheck v0.5.0/go.mod h1:5RMNAInbNFw2krqN6ibBxN/zfRFa9S6tA1nPdM0l8qQ=\ngithub.com/golangci/dupl v0.0.0-20250308024227-f665c8d69b32 h1:WUvBfQL6EW/40l6OmeSBYQJNSif4O11+bmWEz+C7FYw=\ngithub.com/golangci/dupl v0.0.0-20250308024227-f665c8d69b32/go.mod h1:NUw9Zr2Sy7+HxzdjIULge71wI6yEg1lWQr7Evcu8K0E=\ngithub.com/golangci/go-printf-func-name v0.1.1 h1:hIYTFJqAGp1iwoIfsNTpoq1xZAarogrvjO9AfiW3B4U=\ngithub.com/golangci/go-printf-func-name v0.1.1/go.mod h1:Es64MpWEZbh0UBtTAICOZiB+miW53w/K9Or/4QogJss=\ngithub.com/golangci/gofmt v0.0.0-20250106114630-d62b90e6713d h1:viFft9sS/dxoYY0aiOTsLKO2aZQAPT4nlQCsimGcSGE=\ngithub.com/golangci/gofmt v0.0.0-20250106114630-d62b90e6713d/go.mod h1:ivJ9QDg0XucIkmwhzCDsqcnxxlDStoTl89jDMIoNxKY=\ngithub.com/golangci/golangci-lint/v2 v2.11.3 h1:ySX1GtLwlwOEzcLKJifI/aIVesrcHDno+5mrro8rWes=\ngithub.com/golangci/golangci-lint/v2 v2.11.3/go.mod h1:HmDEVZuxz77cNLumPfNNHAFyMX/b7IbA0tpmAbwiVfo=\ngithub.com/golangci/golines v0.15.0 h1:Qnph25g8Y1c5fdo1X7GaRDGgnMHgnxh4Gk4VfPTtRx0=\ngithub.com/golangci/golines v0.15.0/go.mod h1:AZjXd23tbHMpowhtnGlj9KCNsysj72aeZVVHnVcZx10=\ngithub.com/golangci/misspell v0.8.0 h1:qvxQhiE2/5z+BVRo1kwYA8yGz+lOlu5Jfvtx2b04Jbg=\ngithub.com/golangci/misspell v0.8.0/go.mod h1:WZyyI2P3hxPY2UVHs3cS8YcllAeyfquQcKfdeE9AFVg=\ngithub.com/golangci/plugin-module-register v0.1.2 h1:e5WM6PO6NIAEcij3B053CohVp3HIYbzSuP53UAYgOpg=\ngithub.com/golangci/plugin-module-register v0.1.2/go.mod h1:1+QGTsKBvAIvPvoY/os+G5eoqxWn70HYDm2uvUyGuVw=\ngithub.com/golangci/revgrep v0.8.0 h1:EZBctwbVd0aMeRnNUsFogoyayvKHyxlV3CdUA46FX2s=\ngithub.com/golangci/revgrep v0.8.0/go.mod h1:U4R/s9dlXZsg8uJmaR1GrloUr14D7qDl8gi2iPXJH8k=\ngithub.com/golangci/swaggoswag v0.0.0-20250504205917-77f2aca3143e h1:ai0EfmVYE2bRA5htgAG9r7s3tHsfjIhN98WshBTJ9jM=\ngithub.com/golangci/swaggoswag v0.0.0-20250504205917-77f2aca3143e/go.mod h1:Vrn4B5oR9qRwM+f54koyeH3yzphlecwERs0el27Fr/s=\ngithub.com/golangci/unconvert v0.0.0-20250410112200-a129a6e6413e h1:gD6P7NEo7Eqtt0ssnqSJNNndxe69DOQ24A5h7+i3KpM=\ngithub.com/golangci/unconvert v0.0.0-20250410112200-a129a6e6413e/go.mod h1:h+wZwLjUTJnm/P2rwlbJdRPZXOzaT36/FwnPnY2inzc=\ngithub.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=\ngithub.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=\ngithub.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=\ngithub.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=\ngithub.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=\ngithub.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=\ngithub.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=\ngithub.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=\ngithub.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=\ngithub.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=\ngithub.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=\ngithub.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=\ngithub.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=\ngithub.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=\ngithub.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=\ngithub.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=\ngithub.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=\ngithub.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=\ngithub.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=\ngithub.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc=\ngithub.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=\ngithub.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=\ngithub.com/google/renameio/v2 v2.0.2 h1:qKZs+tfn+arruZZhQ7TKC/ergJunuJicWS6gLDt/dGw=\ngithub.com/google/renameio/v2 v2.0.2/go.mod h1:OX+G6WHHpHq3NVj7cAOleLOwJfcQ1s3uUJQCrr78SWo=\ngithub.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=\ngithub.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=\ngithub.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=\ngithub.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=\ngithub.com/gordonklaus/ineffassign v0.2.0 h1:Uths4KnmwxNJNzq87fwQQDDnbNb7De00VOk9Nu0TySs=\ngithub.com/gordonklaus/ineffassign v0.2.0/go.mod h1:TIpymnagPSexySzs7F9FnO1XFTy8IT3a59vmZp5Y9Lw=\ngithub.com/gostaticanalysis/analysisutil v0.7.1 h1:ZMCjoue3DtDWQ5WyU16YbjbQEQ3VuzwxALrpYd+HeKk=\ngithub.com/gostaticanalysis/analysisutil v0.7.1/go.mod h1:v21E3hY37WKMGSnbsw2S/ojApNWb6C1//mXO48CXbVc=\ngithub.com/gostaticanalysis/comment v1.4.2/go.mod h1:KLUTGDv6HOCotCH8h2erHKmpci2ZoR8VPu34YA2uzdM=\ngithub.com/gostaticanalysis/comment v1.5.0 h1:X82FLl+TswsUMpMh17srGRuKaaXprTaytmEpgnKIDu8=\ngithub.com/gostaticanalysis/comment v1.5.0/go.mod h1:V6eb3gpCv9GNVqb6amXzEUX3jXLVK/AdA+IrAMSqvEc=\ngithub.com/gostaticanalysis/forcetypeassert v0.2.0 h1:uSnWrrUEYDr86OCxWa4/Tp2jeYDlogZiZHzGkWFefTk=\ngithub.com/gostaticanalysis/forcetypeassert v0.2.0/go.mod h1:M5iPavzE9pPqWyeiVXSFghQjljW1+l/Uke3PXHS6ILY=\ngithub.com/gostaticanalysis/nilerr v0.1.2 h1:S6nk8a9N8g062nsx63kUkF6AzbHGw7zzyHMcpu52xQU=\ngithub.com/gostaticanalysis/nilerr v0.1.2/go.mod h1:A19UHhoY3y8ahoL7YKz6sdjDtduwTSI4CsymaC2htPA=\ngithub.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod h1:D+FIZ+7OahH3ePw/izIEeH5I06eKs1IKI4Xr64/Am3M=\ngithub.com/gostaticanalysis/testutil v0.5.0 h1:Dq4wT1DdTwTGCQQv3rl3IvD5Ld0E6HiY+3Zh0sUGqw8=\ngithub.com/gostaticanalysis/testutil v0.5.0/go.mod h1:OLQSbuM6zw2EvCcXTz1lVq5unyoNft372msDY0nY5Hs=\ngithub.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=\ngithub.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=\ngithub.com/hashicorp/go-immutable-radix/v2 v2.1.0 h1:CUW5RYIcysz+D3B+l1mDeXrQ7fUvGGCwJfdASSzbrfo=\ngithub.com/hashicorp/go-immutable-radix/v2 v2.1.0/go.mod h1:hgdqLXA4f6NIjRVisM1TJ9aOJVNRqKZj+xDGF6m7PBw=\ngithub.com/hashicorp/go-plugin v1.6.3 h1:xgHB+ZUSYeuJi96WtxEjzi23uh7YQpznjGh0U0UUrwg=\ngithub.com/hashicorp/go-plugin v1.6.3/go.mod h1:MRobyh+Wc/nYy1V4KAXUiYfzxoYhs7V1mlH1Z7iY2h0=\ngithub.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=\ngithub.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=\ngithub.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=\ngithub.com/hashicorp/go-version v1.8.0 h1:KAkNb1HAiZd1ukkxDFGmokVZe1Xy9HG6NUp+bPle2i4=\ngithub.com/hashicorp/go-version v1.8.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=\ngithub.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=\ngithub.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=\ngithub.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=\ngithub.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=\ngithub.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=\ngithub.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=\ngithub.com/hashicorp/yamux v0.1.2 h1:XtB8kyFOyHXYVFnwT5C3+Bdo8gArse7j2AQ0DA0Uey8=\ngithub.com/hashicorp/yamux v0.1.2/go.mod h1:C+zze2n6e/7wshOZep2A70/aQU6QBRWJO/G6FT1wIns=\ngithub.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=\ngithub.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=\ngithub.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=\ngithub.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=\ngithub.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=\ngithub.com/jandubois/nobin v0.8.0 h1:nJ4UDkh14goFC19EqayuH5DtdqjWI0QugZss262HXus=\ngithub.com/jandubois/nobin v0.8.0/go.mod h1:qRcr5FDrIKDLCS6TFd7LzH6j+SDRjElpmmhVQeZLTWM=\ngithub.com/jgautheron/goconst v1.8.2 h1:y0XF7X8CikZ93fSNT6WBTb/NElBu9IjaY7CCYQrCMX4=\ngithub.com/jgautheron/goconst v1.8.2/go.mod h1:A0oxgBCHy55NQn6sYpO7UdnA9p+h7cPtoOZUmvNIako=\ngithub.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c=\ngithub.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo=\ngithub.com/jingyugao/rowserrcheck v1.1.1 h1:zibz55j/MJtLsjP1OF4bSdgXxwL1b+Vn7Tjzq7gFzUs=\ngithub.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=\ngithub.com/jjti/go-spancheck v0.6.5 h1:lmi7pKxa37oKYIMScialXUK6hP3iY5F1gu+mLBPgYB8=\ngithub.com/jjti/go-spancheck v0.6.5/go.mod h1:aEogkeatBrbYsyW6y5TgDfihCulDYciL1B7rG2vSsrU=\ngithub.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=\ngithub.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=\ngithub.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=\ngithub.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=\ngithub.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=\ngithub.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=\ngithub.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=\ngithub.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=\ngithub.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=\ngithub.com/julz/importas v0.2.0 h1:y+MJN/UdL63QbFJHws9BVC5RpA2iq0kpjrFajTGivjQ=\ngithub.com/julz/importas v0.2.0/go.mod h1:pThlt589EnCYtMnmhmRYY/qn9lCf/frPOK+WMx3xiJY=\ngithub.com/karamaru-alpha/copyloopvar v1.2.2 h1:yfNQvP9YaGQR7VaWLYcfZUlRP2eo2vhExWKxD/fP6q0=\ngithub.com/karamaru-alpha/copyloopvar v1.2.2/go.mod h1:oY4rGZqZ879JkJMtX3RRkcXRkmUvH0x35ykgaKgsgJY=\ngithub.com/kisielk/errcheck v1.10.0 h1:Lvs/YAHP24YKg08LA8oDw2z9fJVme090RAXd90S+rrw=\ngithub.com/kisielk/errcheck v1.10.0/go.mod h1:kQxWMMVZgIkDq7U8xtG/n2juOjbLgZtedi0D+/VL/i8=\ngithub.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=\ngithub.com/kkHAIKE/contextcheck v1.1.6 h1:7HIyRcnyzxL9Lz06NGhiKvenXq7Zw6Q0UQu/ttjfJCE=\ngithub.com/kkHAIKE/contextcheck v1.1.6/go.mod h1:3dDbMRNBFaq8HFXWC1JyvDSPm43CmE6IuHam8Wr0rkg=\ngithub.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=\ngithub.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=\ngithub.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=\ngithub.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=\ngithub.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=\ngithub.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=\ngithub.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=\ngithub.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=\ngithub.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=\ngithub.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=\ngithub.com/kulti/thelper v0.7.1 h1:fI8QITAoFVLx+y+vSyuLBP+rcVIB8jKooNSCT2EiI98=\ngithub.com/kulti/thelper v0.7.1/go.mod h1:NsMjfQEy6sd+9Kfw8kCP61W1I0nerGSYSFnGaxQkcbs=\ngithub.com/kunwardeep/paralleltest v1.0.15 h1:ZMk4Qt306tHIgKISHWFJAO1IDQJLc6uDyJMLyncOb6w=\ngithub.com/kunwardeep/paralleltest v1.0.15/go.mod h1:di4moFqtfz3ToSKxhNjhOZL+696QtJGCFe132CbBLGk=\ngithub.com/lasiar/canonicalheader v1.1.2 h1:vZ5uqwvDbyJCnMhmFYimgMZnJMjwljN5VGY0VKbMXb4=\ngithub.com/lasiar/canonicalheader v1.1.2/go.mod h1:qJCeLFS0G/QlLQ506T+Fk/fWMa2VmBUiEI2cuMK4djI=\ngithub.com/ldez/exptostd v0.4.5 h1:kv2ZGUVI6VwRfp/+bcQ6Nbx0ghFWcGIKInkG/oFn1aQ=\ngithub.com/ldez/exptostd v0.4.5/go.mod h1:QRjHRMXJrCTIm9WxVNH6VW7oN7KrGSht69bIRwvdFsM=\ngithub.com/ldez/gomoddirectives v0.8.0 h1:JqIuTtgvFC2RdH1s357vrE23WJF2cpDCPFgA/TWDGpk=\ngithub.com/ldez/gomoddirectives v0.8.0/go.mod h1:jutzamvZR4XYJLr0d5Honycp4Gy6GEg2mS9+2YX3F1Q=\ngithub.com/ldez/grignotin v0.10.1 h1:keYi9rYsgbvqAZGI1liek5c+jv9UUjbvdj3Tbn5fn4o=\ngithub.com/ldez/grignotin v0.10.1/go.mod h1:UlDbXFCARrXbWGNGP3S5vsysNXAPhnSuBufpTEbwOas=\ngithub.com/ldez/structtags v0.6.1 h1:bUooFLbXx41tW8SvkfwfFkkjPYvFFs59AAMgVg6DUBk=\ngithub.com/ldez/structtags v0.6.1/go.mod h1:YDxVSgDy/MON6ariaxLF2X09bh19qL7MtGBN5MrvbdY=\ngithub.com/ldez/tagliatelle v0.7.2 h1:KuOlL70/fu9paxuxbeqlicJnCspCRjH0x8FW+NfgYUk=\ngithub.com/ldez/tagliatelle v0.7.2/go.mod h1:PtGgm163ZplJfZMZ2sf5nhUT170rSuPgBimoyYtdaSI=\ngithub.com/ldez/usetesting v0.5.0 h1:3/QtzZObBKLy1F4F8jLuKJiKBjjVFi1IavpoWbmqLwc=\ngithub.com/ldez/usetesting v0.5.0/go.mod h1:Spnb4Qppf8JTuRgblLrEWb7IE6rDmUpGvxY3iRrzvDQ=\ngithub.com/leonklingele/grouper v1.1.2 h1:o1ARBDLOmmasUaNDesWqWCIFH3u7hoFlM84YrjT3mIY=\ngithub.com/leonklingele/grouper v1.1.2/go.mod h1:6D0M/HVkhs2yRKRFZUoGjeDy7EZTfFBE9gl4kjmIGkA=\ngithub.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=\ngithub.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=\ngithub.com/macabu/inamedparam v0.2.0 h1:VyPYpOc10nkhI2qeNUdh3Zket4fcZjEWe35poddBCpE=\ngithub.com/macabu/inamedparam v0.2.0/go.mod h1:+Pee9/YfGe5LJ62pYXqB89lJ+0k5bsR8Wgz/C0Zlq3U=\ngithub.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=\ngithub.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=\ngithub.com/manuelarte/embeddedstructfieldcheck v0.4.0 h1:3mAIyaGRtjK6EO9E73JlXLtiy7ha80b2ZVGyacxgfww=\ngithub.com/manuelarte/embeddedstructfieldcheck v0.4.0/go.mod h1:z8dFSyXqp+fC6NLDSljRJeNQJJDWnY7RoWFzV3PC6UM=\ngithub.com/manuelarte/funcorder v0.5.0 h1:llMuHXXbg7tD0i/LNw8vGnkDTHFpTnWqKPI85Rknc+8=\ngithub.com/manuelarte/funcorder v0.5.0/go.mod h1:Yt3CiUQthSBMBxjShjdXMexmzpP8YGvGLjrxJNkO2hA=\ngithub.com/maratori/testableexamples v1.0.1 h1:HfOQXs+XgfeRBJ+Wz0XfH+FHnoY9TVqL6Fcevpzy4q8=\ngithub.com/maratori/testableexamples v1.0.1/go.mod h1:XE2F/nQs7B9N08JgyRmdGjYVGqxWwClLPCGSQhXQSrQ=\ngithub.com/maratori/testpackage v1.1.2 h1:ffDSh+AgqluCLMXhM19f/cpvQAKygKAJXFl9aUjmbqs=\ngithub.com/maratori/testpackage v1.1.2/go.mod h1:8F24GdVDFW5Ew43Et02jamrVMNXLUNaOynhDssITGfc=\ngithub.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo=\ngithub.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg=\ngithub.com/matoous/godox v1.1.0 h1:W5mqwbyWrwZv6OQ5Z1a/DHGMOvXYCBP3+Ht7KMoJhq4=\ngithub.com/matoous/godox v1.1.0/go.mod h1:jgE/3fUXiTurkdHOLT5WEkThTSuE7yxHv5iWPa80afs=\ngithub.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=\ngithub.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=\ngithub.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=\ngithub.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=\ngithub.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=\ngithub.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=\ngithub.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=\ngithub.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=\ngithub.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=\ngithub.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=\ngithub.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=\ngithub.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=\ngithub.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=\ngithub.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=\ngithub.com/mgechev/revive v1.15.0 h1:vJ0HzSBzfNyPbHKolgiFjHxLek9KUijhqh42yGoqZ8Q=\ngithub.com/mgechev/revive v1.15.0/go.mod h1:LlAKO3QQe9OJ0pVZzI2GPa8CbXGZ/9lNpCGvK4T/a8A=\ngithub.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=\ngithub.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=\ngithub.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=\ngithub.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=\ngithub.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=\ngithub.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=\ngithub.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=\ngithub.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=\ngithub.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=\ngithub.com/moricho/tparallel v0.3.2 h1:odr8aZVFA3NZrNybggMkYO3rgPRcqjeQUlBBFVxKHTI=\ngithub.com/moricho/tparallel v0.3.2/go.mod h1:OQ+K3b4Ln3l2TZveGCywybl68glfLEwFGqvnjok8b+U=\ngithub.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=\ngithub.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=\ngithub.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=\ngithub.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=\ngithub.com/nakabonne/nestif v0.3.1 h1:wm28nZjhQY5HyYPx+weN3Q65k6ilSBxDb8v5S81B81U=\ngithub.com/nakabonne/nestif v0.3.1/go.mod h1:9EtoZochLn5iUprVDmDjqGKPofoUEBL8U4Ngq6aY7OE=\ngithub.com/nishanths/exhaustive v0.12.0 h1:vIY9sALmw6T/yxiASewa4TQcFsVYZQQRUQJhKRf3Swg=\ngithub.com/nishanths/exhaustive v0.12.0/go.mod h1:mEZ95wPIZW+x8kC4TgC+9YCUgiST7ecevsVDTgc2obs=\ngithub.com/nishanths/predeclared v0.2.2 h1:V2EPdZPliZymNAn79T8RkNApBjMmVKh5XRpLm/w98Vk=\ngithub.com/nishanths/predeclared v0.2.2/go.mod h1:RROzoN6TnGQupbC+lqggsOlcgysk3LMK/HI84Mp280c=\ngithub.com/nunnatsa/ginkgolinter v0.23.0 h1:x3o4DGYOWbBMP/VdNQKgSj+25aJKx2Pe6lHr8gBcgf8=\ngithub.com/nunnatsa/ginkgolinter v0.23.0/go.mod h1:9qN1+0akwXEccwV1CAcCDfcoBlWXHB+ML9884pL4SZ4=\ngithub.com/oklog/run v1.2.0 h1:O8x3yXwah4A73hJdlrwo/2X6J62gE5qTMusH0dvz60E=\ngithub.com/oklog/run v1.2.0/go.mod h1:mgDbKRSwPhJfesJ4PntqFUbKQRZ50NgmZTSPlFA0YFk=\ngithub.com/onsi/ginkgo/v2 v2.28.1 h1:S4hj+HbZp40fNKuLUQOYLDgZLwNUVn19N3Atb98NCyI=\ngithub.com/onsi/ginkgo/v2 v2.28.1/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE=\ngithub.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28=\ngithub.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg=\ngithub.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=\ngithub.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=\ngithub.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=\ngithub.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=\ngithub.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=\ngithub.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=\ngithub.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=\ngithub.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=\ngithub.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=\ngithub.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=\ngithub.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=\ngithub.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=\ngithub.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=\ngithub.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=\ngithub.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=\ngithub.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=\ngithub.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=\ngithub.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=\ngithub.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=\ngithub.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=\ngithub.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=\ngithub.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=\ngithub.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=\ngithub.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=\ngithub.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=\ngithub.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=\ngithub.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=\ngithub.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=\ngithub.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=\ngithub.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=\ngithub.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=\ngithub.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=\ngithub.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=\ngithub.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=\ngithub.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=\ngithub.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=\ngithub.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=\ngithub.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=\ngithub.com/quasilyte/go-ruleguard v0.4.5 h1:AGY0tiOT5hJX9BTdx/xBdoCubQUAE2grkqY2lSwvZcA=\ngithub.com/quasilyte/go-ruleguard v0.4.5/go.mod h1:Vl05zJ538vcEEwu16V/Hdu7IYZWyKSwIy4c88Ro1kRE=\ngithub.com/quasilyte/go-ruleguard/dsl v0.3.23 h1:lxjt5B6ZCiBeeNO8/oQsegE6fLeCzuMRoVWSkXC4uvY=\ngithub.com/quasilyte/go-ruleguard/dsl v0.3.23/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU=\ngithub.com/quasilyte/gogrep v0.5.0 h1:eTKODPXbI8ffJMN+W2aE0+oL0z/nh8/5eNdiO34SOAo=\ngithub.com/quasilyte/gogrep v0.5.0/go.mod h1:Cm9lpz9NZjEoL1tgZ2OgeUKPIxL1meE7eo60Z6Sk+Ng=\ngithub.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 h1:TCg2WBOl980XxGFEZSS6KlBGIV0diGdySzxATTWoqaU=\ngithub.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0=\ngithub.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 h1:M8mH9eK4OUR4lu7Gd+PU1fV2/qnDNfzT635KRSObncs=\ngithub.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567/go.mod h1:DWNGW8A4Y+GyBgPuaQJuWiy0XYftx4Xm/y5Jqk9I6VQ=\ngithub.com/raeperd/recvcheck v0.2.0 h1:GnU+NsbiCqdC2XX5+vMZzP+jAJC5fht7rcVTAhX74UI=\ngithub.com/raeperd/recvcheck v0.2.0/go.mod h1:n04eYkwIR0JbgD73wT8wL4JjPC3wm0nFtzBnWNocnYU=\ngithub.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=\ngithub.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=\ngithub.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=\ngithub.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=\ngithub.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=\ngithub.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=\ngithub.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=\ngithub.com/ryancurrah/gomodguard v1.4.1 h1:eWC8eUMNZ/wM/PWuZBv7JxxqT5fiIKSIyTvjb7Elr+g=\ngithub.com/ryancurrah/gomodguard v1.4.1/go.mod h1:qnMJwV1hX9m+YJseXEBhd2s90+1Xn6x9dLz11ualI1I=\ngithub.com/ryanrolds/sqlclosecheck v0.5.1 h1:dibWW826u0P8jNLsLN+En7+RqWWTYrjCB9fJfSfdyCU=\ngithub.com/ryanrolds/sqlclosecheck v0.5.1/go.mod h1:2g3dUjoS6AL4huFdv6wn55WpLIDjY7ZgUR4J8HOO/XQ=\ngithub.com/sanposhiho/wastedassign/v2 v2.1.0 h1:crurBF7fJKIORrV85u9UUpePDYGWnwvv3+A96WvwXT0=\ngithub.com/sanposhiho/wastedassign/v2 v2.1.0/go.mod h1:+oSmSC+9bQ+VUAxA66nBb0Z7N8CK7mscKTDYC6aIek4=\ngithub.com/santhosh-tekuri/jsonschema/v6 v6.0.2 h1:KRzFb2m7YtdldCEkzs6KqmJw4nqEVZGK7IN2kJkjTuQ=\ngithub.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU=\ngithub.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tMEOsumirXcOJqAw=\ngithub.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ=\ngithub.com/sashamelentyev/usestdlibvars v1.29.0 h1:8J0MoRrw4/NAXtjQqTHrbW9NN+3iMf7Knkq057v4XOQ=\ngithub.com/sashamelentyev/usestdlibvars v1.29.0/go.mod h1:8PpnjHMk5VdeWlVb4wCdrB8PNbLqZ3wBZTZWkrpZZL8=\ngithub.com/securego/gosec/v2 v2.24.8-0.20260309165252-619ce2117e08 h1:AoLtJX4WUtZkhhUUMFy3GgecAALp/Mb4S1iyQOA2s0U=\ngithub.com/securego/gosec/v2 v2.24.8-0.20260309165252-619ce2117e08/go.mod h1:+XLCJiRE95ga77XInNELh2M6zQP+PdqiT9Zpm0D9Wpk=\ngithub.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=\ngithub.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=\ngithub.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=\ngithub.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=\ngithub.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=\ngithub.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=\ngithub.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=\ngithub.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=\ngithub.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g=\ngithub.com/sivchari/containedctx v1.0.3 h1:x+etemjbsh2fB5ewm5FeLNi5bUjK0V8n0RB+Wwfd0XE=\ngithub.com/sivchari/containedctx v1.0.3/go.mod h1:c1RDvCbnJLtH4lLcYD/GqwiBSSf4F5Qk0xld2rBqzJ4=\ngithub.com/sonatard/noctx v0.5.0 h1:e/jdaqAsuWVOKQ0P6NWiIdDNHmHT5SwuuSfojFjzwrw=\ngithub.com/sonatard/noctx v0.5.0/go.mod h1:64XdbzFb18XL4LporKXp8poqZtPKbCrqQ402CV+kJas=\ngithub.com/sourcegraph/go-diff v0.7.0 h1:9uLlrd5T46OXs5qpp8L/MTltk0zikUGi0sNNyCpA8G0=\ngithub.com/sourcegraph/go-diff v0.7.0/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs=\ngithub.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=\ngithub.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=\ngithub.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=\ngithub.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=\ngithub.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=\ngithub.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=\ngithub.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=\ngithub.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=\ngithub.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=\ngithub.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=\ngithub.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=\ngithub.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=\ngithub.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=\ngithub.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI=\ngithub.com/ssgreg/nlreturn/v2 v2.2.1 h1:X4XDI7jstt3ySqGU86YGAURbxw3oTDPK9sPEi6YEwQ0=\ngithub.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=\ngithub.com/stbenjam/no-sprintf-host-port v0.3.1 h1:AyX7+dxI4IdLBPtDbsGAyqiTSLpCP9hWRrXQDU4Cm/g=\ngithub.com/stbenjam/no-sprintf-host-port v0.3.1/go.mod h1:ODbZesTCHMVKthBHskvUUexdcNHAQRXk9NpSsL8p/HQ=\ngithub.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=\ngithub.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=\ngithub.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=\ngithub.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=\ngithub.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=\ngithub.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=\ngithub.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=\ngithub.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=\ngithub.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=\ngithub.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=\ngithub.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=\ngithub.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=\ngithub.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=\ngithub.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=\ngithub.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=\ngithub.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs=\ngithub.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=\ngithub.com/tenntenn/modver v1.0.1 h1:2klLppGhDgzJrScMpkj9Ujy3rXPUspSjAcev9tSEBgA=\ngithub.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0=\ngithub.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3 h1:f+jULpRQGxTSkNYKJ51yaw6ChIqO+Je8UqsTKN/cDag=\ngithub.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY=\ngithub.com/tetafro/godot v1.5.4 h1:u1ww+gqpRLiIA16yF2PV1CV1n/X3zhyezbNXC3E14Sg=\ngithub.com/tetafro/godot v1.5.4/go.mod h1:eOkMrVQurDui411nBY2FA05EYH01r14LuWY/NrVDVcU=\ngithub.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=\ngithub.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=\ngithub.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=\ngithub.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=\ngithub.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=\ngithub.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=\ngithub.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=\ngithub.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=\ngithub.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67 h1:9LPGD+jzxMlnk5r6+hJnar67cgpDIz/iyD+rfl5r2Vk=\ngithub.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67/go.mod h1:mkjARE7Yr8qU23YcGMSALbIxTQ9r9QBVahQOBRfU460=\ngithub.com/timonwong/loggercheck v0.11.0 h1:jdaMpYBl+Uq9mWPXv1r8jc5fC3gyXx4/WGwTnnNKn4M=\ngithub.com/timonwong/loggercheck v0.11.0/go.mod h1:HEAWU8djynujaAVX7QI65Myb8qgfcZ1uKbdpg3ZzKl8=\ngithub.com/tomarrell/wrapcheck/v2 v2.12.0 h1:H/qQ1aNWz/eeIhxKAFvkfIA+N7YDvq6TWVFL27Of9is=\ngithub.com/tomarrell/wrapcheck/v2 v2.12.0/go.mod h1:AQhQuZd0p7b6rfW+vUwHm5OMCGgp63moQ9Qr/0BpIWo=\ngithub.com/tommy-muehle/go-mnd/v2 v2.5.1 h1:NowYhSdyE/1zwK9QCLeRb6USWdoif80Ie+v+yU8u1Zw=\ngithub.com/tommy-muehle/go-mnd/v2 v2.5.1/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw=\ngithub.com/ultraware/funlen v0.2.0 h1:gCHmCn+d2/1SemTdYMiKLAHFYxTYz7z9VIDRaTGyLkI=\ngithub.com/ultraware/funlen v0.2.0/go.mod h1:ZE0q4TsJ8T1SQcjmkhN/w+MceuatI6pBFSxxyteHIJA=\ngithub.com/ultraware/whitespace v0.2.0 h1:TYowo2m9Nfj1baEQBjuHzvMRbp19i+RCcRYrSWoFa+g=\ngithub.com/ultraware/whitespace v0.2.0/go.mod h1:XcP1RLD81eV4BW8UhQlpaR+SDc2givTvyI8a586WjW8=\ngithub.com/uudashr/gocognit v1.2.1 h1:CSJynt5txTnORn/DkhiB4mZjwPuifyASC8/6Q0I/QS4=\ngithub.com/uudashr/gocognit v1.2.1/go.mod h1:acaubQc6xYlXFEMb9nWX2dYBzJ/bIjEkc1zzvyIZg5Q=\ngithub.com/uudashr/iface v1.4.1 h1:J16Xl1wyNX9ofhpHmQ9h9gk5rnv2A6lX/2+APLTo0zU=\ngithub.com/uudashr/iface v1.4.1/go.mod h1:pbeBPlbuU2qkNDn0mmfrxP2X+wjPMIQAy+r1MBXSXtg=\ngithub.com/wlynxg/chardet v1.0.4 h1:hkI71Dx8v3RiAz3XKV5lJEh9QfKo7xXKUmYJQeIMlpo=\ngithub.com/wlynxg/chardet v1.0.4/go.mod h1:HLQMNsa0w4MkH2e7waQaFD+Yh85riFFTLhFtP8fsdbQ=\ngithub.com/xen0n/gosmopolitan v1.3.0 h1:zAZI1zefvo7gcpbCOrPSHJZJYA9ZgLfJqtKzZ5pHqQM=\ngithub.com/xen0n/gosmopolitan v1.3.0/go.mod h1:rckfr5T6o4lBtM1ga7mLGKZmLxswUoH1zxHgNXOsEt4=\ngithub.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=\ngithub.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=\ngithub.com/yagipy/maintidx v1.0.0 h1:h5NvIsCz+nRDapQ0exNv4aJ0yXSI0420omVANTv3GJM=\ngithub.com/yagipy/maintidx v1.0.0/go.mod h1:0qNf/I/CCZXSMhsRsrEPDZ+DkekpKLXAJfsTACwgXLk=\ngithub.com/yeya24/promlinter v0.3.0 h1:JVDbMp08lVCP7Y6NP3qHroGAO6z2yGKQtS5JsjqtoFs=\ngithub.com/yeya24/promlinter v0.3.0/go.mod h1:cDfJQQYv9uYciW60QT0eeHlFodotkYZlL+YcPQN+mW4=\ngithub.com/ykadowak/zerologlint v0.1.5 h1:Gy/fMz1dFQN9JZTPjv1hxEk+sRWm05row04Yoolgdiw=\ngithub.com/ykadowak/zerologlint v0.1.5/go.mod h1:KaUskqF3e/v59oPmdq1U1DnKcuHokl2/K1U4pmIELKg=\ngithub.com/yoheimuta/go-protoparser/v4 v4.14.2 h1:/P/LlX1CF9NaTWEltGcIZVvNlPbhABuAnBtAWpb3+74=\ngithub.com/yoheimuta/go-protoparser/v4 v4.14.2/go.mod h1:AHNNnSWnb0UoL4QgHPiOAg2BniQceFscPI5X/BZNHl8=\ngithub.com/yoheimuta/protolint v0.56.4 h1:FWvXjVNRaKJWJFxsnilRZhfQ4tc3KS8VVGWecxnLXLo=\ngithub.com/yoheimuta/protolint v0.56.4/go.mod h1:XrnOc0O5mckLR1GAOjqMPdb3R3ZEfLkMpLoq5RxxoG0=\ngithub.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=\ngithub.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=\ngithub.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=\ngithub.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=\ngithub.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=\ngithub.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=\ngithub.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=\ngitlab.com/bosi/decorder v0.4.2 h1:qbQaV3zgwnBZ4zPMhGLW4KZe7A7NwxEhJx39R3shffo=\ngitlab.com/bosi/decorder v0.4.2/go.mod h1:muuhHoaJkA9QLcYHq4Mj8FJUwDZ+EirSHRiaTcTf6T8=\ngo-simpler.org/assert v0.9.0 h1:PfpmcSvL7yAnWyChSjOz6Sp6m9j5lyK8Ok9pEL31YkQ=\ngo-simpler.org/assert v0.9.0/go.mod h1:74Eqh5eI6vCK6Y5l3PI8ZYFXG4Sa+tkr70OIPJAUr28=\ngo-simpler.org/musttag v0.14.0 h1:XGySZATqQYSEV3/YTy+iX+aofbZZllJaqwFWs+RTtSo=\ngo-simpler.org/musttag v0.14.0/go.mod h1:uP8EymctQjJ4Z1kUnjX0u2l60WfUdQxCwSNKzE1JEOE=\ngo-simpler.org/sloglint v0.11.1 h1:xRbPepLT/MHPTCA6TS/wNfZrDzkGvCCqUv4Bdwc3H7s=\ngo-simpler.org/sloglint v0.11.1/go.mod h1:2PowwiCOK8mjiF+0KGifVOT8ZsCNiFzvfyJeJOIt8MQ=\ngo.augendre.info/arangolint v0.4.0 h1:xSCZjRoS93nXazBSg5d0OGCi9APPLNMmmLrC995tR50=\ngo.augendre.info/arangolint v0.4.0/go.mod h1:l+f/b4plABuFISuKnTGD4RioXiCCgghv2xqst/xOvAA=\ngo.augendre.info/fatcontext v0.9.0 h1:Gt5jGD4Zcj8CDMVzjOJITlSb9cEch54hjRRlN3qDojE=\ngo.augendre.info/fatcontext v0.9.0/go.mod h1:L94brOAT1OOUNue6ph/2HnwxoNlds9aXDF2FcUntbNw=\ngo.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=\ngo.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=\ngo.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=\ngo.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=\ngo.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=\ngo.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=\ngo.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=\ngo.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=\ngo.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=\ngo.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=\ngo.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=\ngo.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=\ngo.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=\ngo.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=\ngo.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=\ngo.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=\ngo.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=\ngo.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=\ngo.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=\ngo.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=\ngo.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=\ngo.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=\ngo.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=\ngo.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=\ngo.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=\ngolang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=\ngolang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=\ngolang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\ngolang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\ngolang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=\ngolang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=\ngolang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=\ngolang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=\ngolang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=\ngolang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=\ngolang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=\ngolang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=\ngolang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=\ngolang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=\ngolang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=\ngolang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=\ngolang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=\ngolang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=\ngolang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=\ngolang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=\ngolang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=\ngolang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=\ngolang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=\ngolang.org/x/exp/typeparams v0.0.0-20260209203927-2842357ff358 h1:qWFG1Dj7TBjOjOvhEOkmyGPVoquqUKnIU0lEVLp8xyk=\ngolang.org/x/exp/typeparams v0.0.0-20260209203927-2842357ff358/go.mod h1:4Mzdyp/6jzw9auFDJ3OMF5qksa7UvPnzKqTVGcb04ms=\ngolang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=\ngolang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=\ngolang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=\ngolang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=\ngolang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=\ngolang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=\ngolang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=\ngolang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=\ngolang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=\ngolang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=\ngolang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=\ngolang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=\ngolang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=\ngolang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=\ngolang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=\ngolang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=\ngolang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=\ngolang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=\ngolang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=\ngolang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=\ngolang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=\ngolang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=\ngolang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=\ngolang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=\ngolang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=\ngolang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=\ngolang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=\ngolang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=\ngolang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=\ngolang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=\ngolang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=\ngolang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=\ngolang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=\ngolang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=\ngolang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=\ngolang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=\ngolang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=\ngolang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=\ngolang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=\ngolang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=\ngolang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=\ngolang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=\ngolang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=\ngolang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=\ngolang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=\ngolang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=\ngolang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=\ngolang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=\ngolang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=\ngolang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=\ngolang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=\ngolang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=\ngolang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=\ngolang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=\ngolang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=\ngolang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=\ngolang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=\ngolang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=\ngolang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=\ngolang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=\ngolang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=\ngolang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=\ngolang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=\ngolang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=\ngolang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=\ngolang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=\ngolang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=\ngolang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=\ngolang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=\ngolang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=\ngolang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=\ngolang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=\ngolang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=\ngolang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20211105183446-c75c47738b0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=\ngolang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=\ngolang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=\ngolang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=\ngolang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=\ngolang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=\ngolang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=\ngolang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=\ngolang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=\ngolang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU=\ngolang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=\ngolang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=\ngolang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=\ngolang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=\ngolang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=\ngolang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=\ngolang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=\ngolang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=\ngolang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=\ngolang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=\ngolang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=\ngolang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=\ngolang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=\ngolang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=\ngolang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=\ngolang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=\ngolang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=\ngolang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=\ngolang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=\ngolang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=\ngolang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=\ngolang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=\ngolang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=\ngolang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=\ngolang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=\ngolang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=\ngolang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=\ngolang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=\ngolang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=\ngolang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=\ngolang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=\ngolang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=\ngolang.org/x/tools v0.0.0-20200329025819-fd4102a86c65/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=\ngolang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=\ngolang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=\ngolang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=\ngolang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=\ngolang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=\ngolang.org/x/tools v0.0.0-20200724022722-7017fd6b1305/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=\ngolang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=\ngolang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=\ngolang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=\ngolang.org/x/tools v0.1.1-0.20210205202024-ef80cdb6ec6d/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU=\ngolang.org/x/tools v0.1.1-0.20210302220138-2ac05c832e1a/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU=\ngolang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=\ngolang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=\ngolang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=\ngolang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=\ngolang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=\ngolang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=\ngolang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=\ngolang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=\ngolang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM=\ngolang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY=\ngolang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM=\ngolang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8=\ngolang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngolang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=\ngonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=\ngonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=\ngoogle.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=\ngoogle.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=\ngoogle.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=\ngoogle.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=\ngoogle.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=\ngoogle.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=\ngoogle.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=\ngoogle.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=\ngoogle.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=\ngoogle.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=\ngoogle.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=\ngoogle.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=\ngoogle.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=\ngoogle.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=\ngoogle.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=\ngoogle.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=\ngoogle.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=\ngoogle.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=\ngoogle.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=\ngoogle.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=\ngoogle.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=\ngoogle.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=\ngoogle.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=\ngoogle.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=\ngoogle.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=\ngoogle.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=\ngoogle.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=\ngoogle.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=\ngoogle.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=\ngoogle.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=\ngoogle.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=\ngoogle.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=\ngoogle.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=\ngoogle.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=\ngoogle.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=\ngoogle.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=\ngoogle.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=\ngoogle.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=\ngoogle.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=\ngoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=\ngoogle.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=\ngoogle.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=\ngoogle.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=\ngoogle.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=\ngoogle.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=\ngoogle.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=\ngoogle.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=\ngoogle.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=\ngoogle.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=\ngoogle.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=\ngoogle.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=\ngoogle.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=\ngoogle.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=\ngoogle.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=\ngoogle.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=\ngoogle.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 h1:F29+wU6Ee6qgu9TddPgooOdaqsxTMunOoj8KA5yuS5A=\ngoogle.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1/go.mod h1:5KF+wpkbTSbGcR9zteSqZV6fqFOWBl4Yde8En8MryZA=\ngoogle.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=\ngoogle.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=\ngoogle.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=\ngoogle.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=\ngoogle.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=\ngoogle.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=\ngoogle.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=\ngoogle.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=\ngoogle.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=\ngoogle.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=\ngoogle.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=\ngoogle.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=\ngoogle.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=\ngoogle.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=\ngopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=\ngopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=\ngopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=\ngopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=\ngopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=\ngopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=\ngopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=\ngopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=\ngopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=\ngopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=\ngopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\ngopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=\ngopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=\nhonnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=\nhonnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=\nhonnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=\nhonnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=\nhonnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=\nhonnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=\nhonnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=\nhonnef.co/go/tools v0.7.0 h1:w6WUp1VbkqPEgLz4rkBzH/CSU6HkoqNLp6GstyTx3lU=\nhonnef.co/go/tools v0.7.0/go.mod h1:pm29oPxeP3P82ISxZDgIYeOaf9ta6Pi0EWvCFoLG2vc=\nmvdan.cc/editorconfig v0.3.0 h1:D1D2wLYEYGpawWT5SpM5pRivgEgXjtEXwC9MWhEY0gQ=\nmvdan.cc/editorconfig v0.3.0/go.mod h1:NcJHuDtNOTEJ6251indKiWuzK6+VcrMuLzGMLKBFupQ=\nmvdan.cc/gofumpt v0.9.2 h1:zsEMWL8SVKGHNztrx6uZrXdp7AX8r421Vvp23sz7ik4=\nmvdan.cc/gofumpt v0.9.2/go.mod h1:iB7Hn+ai8lPvofHd9ZFGVg2GOr8sBUw1QUWjNbmIL/s=\nmvdan.cc/sh/v3 v3.13.0 h1:dSfq/MVsY4w0Vsi6Lbs0IcQquMVqLdKLESAOZjuHdLg=\nmvdan.cc/sh/v3 v3.13.0/go.mod h1:KV1GByGPc/Ho0X1E6Uz9euhsIQEj4hwyKnodLlFLoDM=\nmvdan.cc/unparam v0.0.0-20251027182757-5beb8c8f8f15 h1:ssMzja7PDPJV8FStj7hq9IKiuiKhgz9ErWw+m68e7DI=\nmvdan.cc/unparam v0.0.0-20251027182757-5beb8c8f8f15/go.mod h1:4M5MMXl2kW6fivUT6yRGpLLPNfuGtU2Z0cPvFquGDYU=\nrsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=\nrsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=\nrsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=\n" }, { "path": "hack/tools/pinversion.go", "content": "//go:build tools\n\n// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\n// Package tools is used to explicitly pin tool versions.\n// It's needed to work around @dependabot's lack of upgrading indirect dependencies.\npackage tools\n\nimport (\n\t_ \"github.com/containerd/ltag\"\n\t_ \"github.com/golangci/golangci-lint/v2/pkg/exitcodes\"\n\t_ \"github.com/jandubois/nobin/version\"\n\t_ \"github.com/yoheimuta/protolint/lib\"\n\t_ \"google.golang.org/grpc\"\n\t_ \"google.golang.org/protobuf/proto\"\n\t_ \"mvdan.cc/sh/v3/pattern\"\n)\n" }, { "path": "hack/update-template-almalinux-kitten.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction almalinux_kitten_print_help() {\n\tcat <] ...\n\nDescription:\n This script updates the AlmaLinux Kitten image location in the specified templates.\n If the image location in the template contains a minor version and release date in the URL,\n the script replaces it with the latest available minor version and date.\n\n Image location basename format:\n\n\tAlmaLinux-Kitten-GenericCloud--[latest|.]..qcow2\n\n Published AlmaLinux Kitten image information is fetched from the following URLs:\n\n https://kitten.repo.almalinux.org/-kitten/cloud//images/\n\n To parsing html, this script requires 'htmlq' or 'pup' command.\n The downloaded files will be cached in the Lima cache directory.\n\nExamples:\n Update the AlmaLinux Kitten image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the AlmaLinux Kitten image location in ~/.lima/almalinux-kitten/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") ~/.lima/almalinux-kitten/lima.yaml\n $ limactl factory-reset almalinux-kitten\n\n Update the AlmaLinux Kitten image location to major version 10 in ~/.lima/almalinux-kitten/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --version-major 10 ~/.lima/almalinux-kitten/lima.yaml\n $ limactl factory-reset almalinux-kitten\n\nFlags:\n --version-major Use the specified version. The version must be 10 or later.\n -h, --help Print this help message\nHELP\n}\n\n# print the URL spec for the given location\nfunction almalinux_kitten_url_spec_from_location() {\n\tlocal location=$1 jq_filter url_spec\n\tjq_filter='capture(\n\t\t\"^https://kitten\\\\.repo\\\\.almalinux\\\\.org/(?\\\\d+)-kitten/cloud/(?[^/]+)/images/\" +\n\t\t\"AlmaLinux-Kitten-(?.*)-(?\\\\d+)-\" +\n\t\t\"(latest|(?\\\\d{8}(\\\\\\\\d+)?))\\\\.(?\\\\d+)\\\\.(?[^.]+).(?.*)$\"\n\t;\"x\")\n\t'\n\turl_spec=$(jq -e -r \"${jq_filter}\" <<<\"\\\"${location}\\\"\")\n\n\tjq -e '.path_arch == .arch' <<<\"${url_spec}\" >/dev/null ||\n\t\terror_exit \"Validation failed: .path_arch != .arch: ${location}\"\n\techo \"${url_spec}\"\n}\n\nreadonly almalinux_kitten_jq_filter_directory='\"https://kitten.repo.almalinux.org/\\(.path_version)-kitten/cloud/\\(.path_arch)/images/\"'\nreadonly almalinux_kitten_jq_filter_filename='\"AlmaLinux-Kitten-\\(.target_vendor)-\\(.major_version)-\\(if .date then .date + \".0\" else \"latest\" end).\\(.arch).\\(.file_extension)\"'\n\n# print the location for the given URL spec\nfunction almalinux_kitten_location_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${almalinux_kitten_jq_filter_directory} + ${almalinux_kitten_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the location for ${url_spec}\"\n}\n\nfunction almalinux_kitten_image_directory_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${almalinux_kitten_jq_filter_directory}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image directory for ${url_spec}\"\n}\n\nfunction almalinux_kitten_image_filename_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${almalinux_kitten_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image filename for ${url_spec}\"\n}\n\n#\nfunction almalinux_kitten_latest_image_entry_for_url_spec() {\n\tlocal url_spec=$1 arch major_version_url_spec major_version_image_directory downloaded_page links_in_page latest_minor_version_info\n\tarch=$(jq -r '.arch' <<<\"${url_spec}\")\n\t# to detect minor version updates, we need to get the major version URL\n\tmajor_version_url_spec=$(jq -e -r '.path_version = .major_version' <<<\"${url_spec}\")\n\tmajor_version_image_directory=$(almalinux_kitten_image_directory_from_url_spec \"${major_version_url_spec}\")\n\tdownloaded_page=$(download_to_cache \"${major_version_image_directory}\")\n\tif command -v htmlq >/dev/null; then\n\t\tlinks_in_page=$(htmlq 'pre a' --attribute href <\"${downloaded_page}\")\n\telif command -v pup >/dev/null; then\n\t\tlinks_in_page=$(pup 'pre a attr{href}' <\"${downloaded_page}\")\n\telse\n\t\terror_exit \"Please install 'htmlq' or 'pup' to list images from ${major_version_image_directory}\"\n\tfi\n\tlatest_minor_version_info=$(jq -e -Rrs --argjson spec \"${url_spec}\" '\n\t\t[\n\t\t\tsplit(\"\\n\").[] |\n\t\t\tcapture(\n\t\t\t\t\"^AlmaLinux-Kitten-\\($spec.target_vendor)-\" +\n\t\t\t\t\"(?\\($spec.major_version))-\" +\n\t\t\t\t\"(?\\\\d{8})\\\\.(?\\\\d)+\\\\.\\($spec.arch)\\\\.\\($spec.file_extension)$\"\n\t\t\t\t;\"x\"\n\t\t\t) |\n\t\t\t.version_number_array = ([.major_minor_version | scan(\"\\\\d+\") | tonumber])\n\t\t] | sort_by(.version_number_array, .date_and_ci_job_id) | last\n\t' <<<\"${links_in_page}\")\n\t[[ -n ${latest_minor_version_info} ]] || return\n\tlocal newer_url_spec location directory checksum_location downloaded_sha256sum filename digest\n\t# prefer the major_minor_version in the path\n\tnewer_url_spec=$(jq -e -r \". + ${latest_minor_version_info} | .path_version = .major_minor_version\" <<<\"${url_spec}\")\n\tlocation=$(almalinux_kitten_location_from_url_spec \"${newer_url_spec}\")\n\tdirectory=$(almalinux_kitten_image_directory_from_url_spec \"${newer_url_spec}\")\n\tchecksum_location=\"${directory}CHECKSUM\"\n\tdownloaded_sha256sum=$(download_to_cache \"${checksum_location}\")\n\tfilename=$(almalinux_kitten_image_filename_from_url_spec \"${newer_url_spec}\")\n\tdigest=$(awk \"/${filename}/{print \\\"sha256:\\\"\\$1}\" \"${downloaded_sha256sum}\")\n\t[[ -n ${digest} ]] || error_exit \"Failed to get the SHA256 digest for ${filename}\"\n\tjson_vars location arch digest\n}\n\nfunction almalinux_kitten_cache_key_for_image_kernel() {\n\tlocal location=$1 url_spec\n\turl_spec=$(almalinux_kitten_url_spec_from_location \"${location}\")\n\tjq -r '[\"almalinux-kitten\", .major_minor_version // .major_version, .target_vendor,\n\t\tif .date then \"timestamped\" else \"latest\" end,\n\t\t.arch, .file_extension] | join(\":\")' <<<\"${url_spec}\"\n}\n\nfunction almalinux_kitten_image_entry_for_image_kernel() {\n\tlocal location=$1 kernel_is_not_supported=$2 overriding=${3:-\"{}\"} url_spec image_entry=''\n\t[[ ${kernel_is_not_supported} == \"null\" ]] || echo \"Updating kernel information is not supported on AlmaLinux Kitten\" >&2\n\turl_spec=$(almalinux_kitten_url_spec_from_location \"${location}\" | jq -r \". + ${overriding}\")\n\tif jq -e '.date' <<<\"${url_spec}\" >/dev/null; then\n\t\timage_entry=$(almalinux_kitten_latest_image_entry_for_url_spec \"${url_spec}\")\n\telse\n\t\timage_entry=$(\n\t\t\t# shellcheck disable=SC2030\n\t\t\tlocation=$(almalinux_kitten_location_from_url_spec \"${url_spec}\")\n\t\t\tlocation=$(validate_url_without_redirect \"${location}\")\n\t\t\tarch=$(jq -r '.path_arch' <<<\"${url_spec}\")\n\t\t\tjson_vars location arch\n\t\t)\n\tfi\n\t# shellcheck disable=SC2031\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\tif ! command -v htmlq >/dev/null && ! command -v pup >/dev/null; then\n\t\terror_exit \"Please install 'htmlq' or 'pup' to list images from https://kitten.repo.almalinux.org/-kitten/cloud//images/\"\n\tfi\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif ! command -v htmlq >/dev/null && ! command -v pup >/dev/null; then\n\t\techo \"Please install 'htmlq' or 'pup' to list images from https://kitten.repo.almalinux.org/-kitten/cloud//images/\" >&2\n\telif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"almalinux_kitten\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"almalinux_kitten\")\n\tfi\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding=\"{}\"\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\talmalinux_kitten_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t--version-major)\n\t\tif [[ -n $2 && $2 != -* ]]; then\n\t\t\toverriding=$(\n\t\t\t\tmajor_version=\"${2%%.*}\"\n\t\t\t\t[[ ${major_version} -ge 10 ]] || error_exit \"AlmaLinux Kitten major version must be 8 or later\"\n\t\t\t\t# shellcheck disable=2034\n\t\t\t\tpath_version=\"${major_version}\"\n\t\t\t\tjson_vars path_version major_version <<<\"${overriding}\"\n\t\t\t)\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version-major requires a value\"\n\t\tfi\n\t\t;;\n\t--version-major=*)\n\t\toverriding=$(\n\t\t\tmajor_version=\"${1#*=}\"\n\t\t\tmajor_version=\"${major_version%%.*}\"\n\t\t\t[[ ${major_version} -ge 10 ]] || error_exit \"AlmaLinux Kitten major version must be 8 or later\"\n\t\t\t# shellcheck disable=2034\n\t\t\tpath_version=\"${major_version}\"\n\t\t\tjson_vars path_version major_version <<<\"${overriding}\"\n\t\t)\n\t\t;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\n\t[[ -z ${overriding} ]] && overriding=\"{}\"\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\talmalinux_kitten_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\talmalinux_kitten_cache_key_for_image_kernel \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\talmalinux_kitten_image_entry_for_image_kernel \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-almalinux.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction almalinux_print_help() {\n\tcat <] ...\n\nDescription:\n This script updates the AlmaLinux image location in the specified templates.\n If the image location in the template contains a minor version and release date in the URL,\n the script replaces it with the latest available minor version and date.\n\n Image location basename format:\n\n\tAlmaLinux--GenericCloud-[latest|.-]..qcow2\n\n Published AlmaLinux image information is fetched from the following URLs:\n\n https://repo.almalinux.org/almalinux//cloud//images/\n\n To parsing html, this script requires 'htmlq' or 'pup' command.\n The downloaded files will be cached in the Lima cache directory.\n\nExamples:\n Update the AlmaLinux image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the AlmaLinux image location in ~/.lima/almalinux/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") ~/.lima/almalinux/lima.yaml\n $ limactl factory-reset almalinux\n\n Update the AlmaLinux image location to major version 9 in ~/.lima/almalinux/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --version-major 9 ~/.lima/almalinux/lima.yaml\n $ limactl factory-reset almalinux\n\nFlags:\n --version-major Use the specified version. The version must be 8 or later.\n -h, --help Print this help message\nHELP\n}\n\n# print the URL spec for the given location\nfunction almalinux_url_spec_from_location() {\n\tlocal location=$1 jq_filter url_spec\n\tjq_filter='capture(\n\t\t\"^https://repo\\\\.almalinux\\\\.org/almalinux/(?\\\\d+(\\\\.\\\\d+)?)/cloud/(?[^/]+)/images/\" +\n\t\t\"AlmaLinux-(?\\\\d+)-(?.*)-\" +\n\t\t\"(latest|(?\\\\d+\\\\.\\\\d+)-(?\\\\d{8})(?:\\\\.\\\\d+)?)\\\\.(?[^.]+).(?.*)$\"\n\t;\"x\")\n\t'\n\turl_spec=$(jq -e -r \"${jq_filter}\" <<<\"\\\"${location}\\\"\")\n\n\tjq -e '.path_arch == .arch' <<<\"${url_spec}\" >/dev/null ||\n\t\terror_exit \"Validation failed: .path_arch != .arch: ${location}\"\n\techo \"${url_spec}\"\n}\n\nreadonly almalinux_jq_filter_directory='\"https://repo.almalinux.org/almalinux/\\(.path_version)/cloud/\\(.path_arch)/images/\"'\nreadonly almalinux_jq_filter_filename='\"AlmaLinux-\\(.major_version)-\\(.target_vendor)-\\(if .date then .major_minor_version + \"-\" + .date else \"latest\" end).\\(.arch).\\(.file_extension)\"'\n\n# print the location for the given URL spec\nfunction almalinux_location_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${almalinux_jq_filter_directory} + ${almalinux_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the location for ${url_spec}\"\n}\n\nfunction almalinux_image_directory_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${almalinux_jq_filter_directory}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image directory for ${url_spec}\"\n}\n\nfunction almalinux_image_filename_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${almalinux_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image filename for ${url_spec}\"\n}\n\n#\nfunction almalinux_latest_image_entry_for_url_spec() {\n\tlocal url_spec=$1 arch major_version_url_spec major_version_image_directory downloaded_page links_in_page latest_minor_version_info\n\tarch=$(jq -r '.arch' <<<\"${url_spec}\")\n\t# to detect minor version updates, we need to get the major version URL\n\tmajor_version_url_spec=$(jq -e -r '.path_version = .major_version' <<<\"${url_spec}\")\n\tmajor_version_image_directory=$(almalinux_image_directory_from_url_spec \"${major_version_url_spec}\")\n\tdownloaded_page=$(download_to_cache \"${major_version_image_directory}\")\n\tif command -v htmlq >/dev/null; then\n\t\tlinks_in_page=$(htmlq 'pre a' --attribute href <\"${downloaded_page}\")\n\telif command -v pup >/dev/null; then\n\t\tlinks_in_page=$(pup 'pre a attr{href}' <\"${downloaded_page}\")\n\telse\n\t\terror_exit \"Please install 'htmlq' or 'pup' to list images from ${major_version_image_directory}\"\n\tfi\n\tlatest_minor_version_info=$(jq -e -Rrs --argjson spec \"${url_spec}\" '\n\t\t[\n\t\t\tsplit(\"\\n\").[] |\n\t\t\tcapture(\n\t\t\t\t\"^AlmaLinux-\\($spec.major_version)-\\($spec.target_vendor)-\" +\n\t\t\t\t\"(?\\($spec.major_version)\\\\.\\\\d+)-\" +\n\t\t\t\t\"(?\\\\d{8}(?:\\\\.\\\\d)?)\\\\.\\($spec.arch)\\\\.\\($spec.file_extension)$\"\n\t\t\t\t;\"x\"\n\t\t\t) |\n\t\t\t.version_number_array = ([.major_minor_version | scan(\"\\\\d+\") | tonumber])\n\t\t] | sort_by(.version_number_array, .date_and_ci_job_id) | last\n\t' <<<\"${links_in_page}\")\n\t[[ -n ${latest_minor_version_info} ]] || return\n\tlocal newer_url_spec location directory checksum_location downloaded_sha256sum filename digest\n\t# prefer the major_minor_version in the path\n\tnewer_url_spec=$(jq -e -r \". + ${latest_minor_version_info} | .path_version = .major_minor_version\" <<<\"${url_spec}\")\n\tlocation=$(almalinux_location_from_url_spec \"${newer_url_spec}\")\n\tdirectory=$(almalinux_image_directory_from_url_spec \"${newer_url_spec}\")\n\tchecksum_location=\"${directory}CHECKSUM\"\n\tdownloaded_sha256sum=$(download_to_cache \"${checksum_location}\")\n\tfilename=$(almalinux_image_filename_from_url_spec \"${newer_url_spec}\")\n\tdigest=$(awk \"/${filename}/{print \\\"sha256:\\\"\\$1}\" \"${downloaded_sha256sum}\")\n\t[[ -n ${digest} ]] || error_exit \"Failed to get the SHA256 digest for ${filename}\"\n\tjson_vars location arch digest\n}\n\nfunction almalinux_cache_key_for_image_kernel() {\n\tlocal location=$1 url_spec\n\turl_spec=$(almalinux_url_spec_from_location \"${location}\")\n\tjq -r '[\"almalinux\", .major_minor_version // .major_version, .target_vendor,\n\t\tif .date then \"timestamped\" else \"latest\" end,\n\t\t.arch, .file_extension] | join(\":\")' <<<\"${url_spec}\"\n}\n\nfunction almalinux_image_entry_for_image_kernel() {\n\tlocal location=$1 kernel_is_not_supported=$2 overriding=${3:-\"{}\"} url_spec image_entry=''\n\t[[ ${kernel_is_not_supported} == \"null\" ]] || echo \"Updating kernel information is not supported on AlmaLinux\" >&2\n\turl_spec=$(almalinux_url_spec_from_location \"${location}\" | jq -r \". + ${overriding}\")\n\tif jq -e '.date' <<<\"${url_spec}\" >/dev/null; then\n\t\timage_entry=$(almalinux_latest_image_entry_for_url_spec \"${url_spec}\")\n\telse\n\t\timage_entry=$(\n\t\t\t# shellcheck disable=SC2030\n\t\t\tlocation=$(almalinux_location_from_url_spec \"${url_spec}\")\n\t\t\tlocation=$(validate_url_without_redirect \"${location}\")\n\t\t\tarch=$(jq -r '.path_arch' <<<\"${url_spec}\")\n\t\t\tjson_vars location arch\n\t\t)\n\tfi\n\t# shellcheck disable=SC2031\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\tif ! command -v htmlq >/dev/null && ! command -v pup >/dev/null; then\n\t\terror_exit \"Please install 'htmlq' or 'pup' to list images from https://repo.almalinux.org/almalinux//cloud//images/\"\n\tfi\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif ! command -v htmlq >/dev/null && ! command -v pup >/dev/null; then\n\t\techo \"Please install 'htmlq' or 'pup' to list images from https://repo.almalinux.org/almalinux//cloud//images/\" >&2\n\telif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"almalinux\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"almalinux\")\n\tfi\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding=\"{}\"\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\talmalinux_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t--version-major)\n\t\tif [[ -n $2 && $2 != -* ]]; then\n\t\t\toverriding=$(\n\t\t\t\tmajor_version=\"${2%%.*}\"\n\t\t\t\t[[ ${major_version} -ge 8 ]] || error_exit \"AlmaLinux major version must be 8 or later\"\n\t\t\t\t# shellcheck disable=2034\n\t\t\t\tpath_version=\"${major_version}\"\n\t\t\t\tjson_vars path_version major_version <<<\"${overriding}\"\n\t\t\t)\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version-major requires a value\"\n\t\tfi\n\t\t;;\n\t--version-major=*)\n\t\toverriding=$(\n\t\t\tmajor_version=\"${1#*=}\"\n\t\t\tmajor_version=\"${major_version%%.*}\"\n\t\t\t[[ ${major_version} -ge 8 ]] || error_exit \"AlmaLinux major version must be 8 or later\"\n\t\t\t# shellcheck disable=2034\n\t\t\tpath_version=\"${major_version}\"\n\t\t\tjson_vars path_version major_version <<<\"${overriding}\"\n\t\t)\n\t\t;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\n\t[[ -z ${overriding} ]] && overriding=\"{}\"\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\talmalinux_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\talmalinux_cache_key_for_image_kernel \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\talmalinux_image_entry_for_image_kernel \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-alpine.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction alpine_print_help() {\n\tcat <.|latest-stable)|--version-major --version-minor ] ...\n\nDescription:\n This script updates the Alpine Linux image location in the specified templates.\n Image location basename format:\n\n _alpine----[-]-.qcow2\n\n Published Alpine Linux image information is fetched from the following URLs:\n\n latest-stable: https://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/cloud\n .: https://dl-cdn.alpinelinux.org/alpine/v./releases/cloud\n\n To parsing html, this script requires 'htmlq' or 'pup' command.\n The downloaded files will be cached in the Lima cache directory.\n\nExamples:\n Update the Alpine Linux image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the Alpine Linux image location to version 3.18 in ~/.lima/alpine/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --version-major-minor 3.18 ~/.lima/alpine/lima.yaml\n $ limactl factory-reset alpine\n\nFlags:\n --version-major-minor (.|latest-stable) Use the specified . version or alias \"latest-stable\".\n The . version must be 3.18 or later.\n --version-major --version-minor Use the specified and version.\n -h, --help Print this help message\nHELP\n}\n\n# print the URL spec for the given location\nfunction alpine_url_spec_from_location() {\n\tlocal location=$1 jq_filter url_spec\n\tjq_filter='capture(\"\n\t\t^https://dl-cdn\\\\.alpinelinux\\\\.org/alpine/(?v\\\\d+\\\\.\\\\d+|latest-stable)/releases/cloud/\n\t\t(?[^_]+)_alpine-(?\\\\d+\\\\.\\\\d+\\\\.\\\\d+)-(?[^-]+)-\n\t\t(?[^-]+)-(?[^-]+)(-(?metal|vm))?-(?r\\\\d+)\\\\.(?.*)$\n\t\";\"x\")\n\t'\n\turl_spec=$(jq -e -r \"${jq_filter}\" <<<\"\\\"${location}\\\"\")\n\techo \"${url_spec}\"\n}\n\nreadonly alpine_jq_filter_directory='\"https://dl-cdn.alpinelinux.org/alpine/\\(.path_version)/releases/cloud/\"'\nreadonly alpine_jq_filter_filename='\n\t\"\\(.target_vendor)_alpine-\\(.version)-\\(.arch)-\\(.firmware)-\\(.bootstrap)\" +\n\t\"\\(if .machine then \"-\" + .machine else \"\" end)-\\(.image_revision).\\(.file_extension)\"\n'\n\n# print the location for the given URL spec\nfunction alpine_location_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${alpine_jq_filter_directory} + ${alpine_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the location for ${url_spec}\"\n}\n\nfunction alpine_image_directory_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${alpine_jq_filter_directory}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image directory for ${url_spec}\"\n}\n\nfunction alpine_image_filename_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${alpine_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image filename for ${url_spec}\"\n}\n\n#\nfunction alpine_latest_image_entry_for_url_spec() {\n\tlocal url_spec=$1 arch image_directory downloaded_page links_in_page latest_version_info\n\t# shellcheck disable=SC2034\n\tarch=$(jq -r '.arch' <<<\"${url_spec}\")\n\timage_directory=$(alpine_image_directory_from_url_spec \"${url_spec}\")\n\tdownloaded_page=$(download_to_cache \"${image_directory}\")\n\tif command -v htmlq >/dev/null; then\n\t\tlinks_in_page=$(htmlq 'pre a' --attribute href <\"${downloaded_page}\")\n\telif command -v pup >/dev/null; then\n\t\tlinks_in_page=$(pup 'pre a attr{href}' <\"${downloaded_page}\")\n\telse\n\t\terror_exit \"Please install 'htmlq' or 'pup' to list images from ${image_directory}\"\n\tfi\n\tlatest_version_info=$(jq -e -Rrs --argjson spec \"${url_spec}\" '\n\t\t[\n\t\t\tsplit(\"\\n\").[] |\n\t\t\tcapture(\n\t\t\t\t\"^\\($spec.target_vendor)_alpine-(?\\\\d+\\\\.\\\\d+\\\\.\\\\d+)-\\($spec.arch)-\" +\n\t\t\t\t\"\\($spec.firmware)-\\($spec.bootstrap)\\(if $spec.machine then \"-\" + $spec.machine else \"\" end)-\" +\n\t\t\t\t\"(?r\\\\d+)\\\\.\\($spec.file_extension)\"\n\t\t\t\t;\"x\"\n\t\t\t) |\n\t\t\t.version_number_array = ([.version | scan(\"\\\\d+\") | tonumber])\n\t\t] | sort_by(.version_number_array, .image_revision) | last\n\t' <<<\"${links_in_page}\")\n\t[[ -n ${latest_version_info} ]] || return\n\tlocal newer_url_spec location sha512sum_location downloaded_sha256sum filename digest\n\t# prefer the v. in the path\n\tnewer_url_spec=$(jq -e -r \". + ${latest_version_info} | .path_version = \\\"v\\\" + (.version_number_array[:2]|map(tostring)|join(\\\".\\\"))\" <<<\"${url_spec}\")\n\tlocation=$(alpine_location_from_url_spec \"${newer_url_spec}\")\n\tlocation=$(validate_url_without_redirect \"${location}\")\n\tsha512sum_location=\"${location}.sha512\"\n\tdownloaded_sha256sum=$(download_to_cache \"${sha512sum_location}\")\n\tfilename=$(alpine_image_filename_from_url_spec \"${newer_url_spec}\")\n\tdigest=\"sha512:$(<\"${downloaded_sha256sum}\")\"\n\t[[ -n ${digest} ]] || error_exit \"Failed to get the digest for ${filename}\"\n\tjson_vars location arch digest\n}\n\nfunction alpine_cache_key_for_image_kernel() {\n\tlocal location=$1 url_spec\n\turl_spec=$(alpine_url_spec_from_location \"${location}\")\n\tjq -r '[\"alpine\", .path_version, .target_vendor, .arch, .file_extension] | join(\":\")' <<<\"${url_spec}\"\n}\n\nfunction alpine_image_entry_for_image_kernel() {\n\tlocal location=$1 kernel_is_not_supported=$2 overriding=${3:-'{\"path_version\":\"latest-stable\"}'} url_spec image_entry=''\n\t[[ ${kernel_is_not_supported} == \"null\" ]] || echo \"Updating kernel information is not supported on Alpine Linux\" >&2\n\turl_spec=$(alpine_url_spec_from_location \"${location}\" | jq -r \". + ${overriding}\")\n\timage_entry=$(alpine_latest_image_entry_for_url_spec \"${url_spec}\")\n\t# shellcheck disable=SC2031\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\tif ! command -v htmlq >/dev/null && ! command -v pup >/dev/null; then\n\t\terror_exit \"Please install 'htmlq' or 'pup' to list images from https://dl-cdn.alpinelinux.org/alpine//releases/cloud/\"\n\tfi\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif ! command -v htmlq >/dev/null && ! command -v pup >/dev/null; then\n\t\techo \"Please install 'htmlq' or 'pup' to list images from https://dl-cdn.alpinelinux.org/alpine//releases/cloud/\" >&2\n\telif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"alpine\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"alpine\")\n\tfi\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding='{}'\ndeclare version_major='' version_minor=''\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\talpine_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t--version-major-minor)\n\t\tif [[ -n ${2:-} && $2 != -* ]]; then\n\t\t\tversion=\"$2\"\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version-major-minor requires a value\"\n\t\tfi\n\t\t;&\n\t--version-major-minor=*)\n\t\tversion=${version:-${1#*=}}\n\t\toverriding=$(\n\t\t\tversion=\"${version#v}\"\n\t\t\tif [[ ${version} =~ ^v?[0-9]+.[0-9]+ ]]; then\n\t\t\t\tversion=\"$(echo \"${version}\" | cut -d. -f1-2)\"\n\t\t\t\t[[ ${version%%.*} -gt 3 || (${version%%.*} -eq 3 && ${version#*.} -ge 18) ]] || error_exit \"Alpine Linux version must be 3.18 or later\"\n\t\t\t\tpath_version=\"v${version}\"\n\t\t\telif [[ ${version} == \"latest-stable\" ]]; then\n\t\t\t\tpath_version=\"latest-stable\"\n\t\t\telse\n\t\t\t\terror_exit \"--version-major-minor requires a value in the format . or latest-stable\"\n\t\t\tfi\n\t\t\tjson_vars path_version <<<\"${overriding}\"\n\t\t)\n\t\t;;\n\t--version-major)\n\t\tif [[ -n ${2:-} && $2 != -* ]]; then\n\t\t\tversion_major=\"$2\"\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version-major requires a value\"\n\t\tfi\n\t\t;&\n\t--version-major=*)\n\t\tversion_major=${version_major:-${1#*=}}\n\t\t[[ ${version_major} =~ ^[0-9]+$ ]] || error_exit \"Please specify --version-major in numbers\"\n\t\t;;\n\t--version-minor)\n\t\tif [[ -n ${2:-} && $2 != -* ]]; then\n\t\t\tversion_minor=\"$2\"\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version-minor requires a value\"\n\t\tfi\n\t\t;&\n\t--version-minor=*)\n\t\tversion_minor=${version_minor:-${1#*=}}\n\t\t[[ ${version_minor} =~ ^[0-9]+$ ]] || error_exit \"Please specify --version-minor in numbers\"\n\t\t;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\n\t[[ -z ${overriding} ]] && overriding=\"{}\"\ndone\n\nif ! jq -e '.path_version' <<<\"${overriding}\" >/dev/null; then # --version-major-minor is not specified\n\tif [[ -n ${version_major} && -n ${version_minor} ]]; then\n\t\t[[ ${version_major} -gt 3 || (${version_major} -eq 3 && ${version_minor} -ge 18) ]] || error_exit \"Alpine Linux version must be 3.18 or later\"\n\t\t# shellcheck disable=2034\n\t\tpath_version=\"v${version_major}.${version_minor}\"\n\t\toverriding=$(json_vars path_version <<<\"${overriding}\")\n\telif [[ -n ${version_major} ]]; then\n\t\terror_exit \"--version-minor is required when --version-major is specified\"\n\telif [[ -n ${version_minor} ]]; then\n\t\terror_exit \"--version-major is required when --version-minor is specified\"\n\tfi\nelif [[ -n ${version_major} || -n ${version_minor} ]]; then # --version-major-minor is specified\n\techo \"Ignoring --version-major and --version-minor because --version-major-minor is specified\" >&2\nfi\n[[ ${overriding} == \"{}\" ]] && overriding='{\"path_version\":\"latest-stable\"}'\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\talpine_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\talpine_cache_key_for_image_kernel \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\talpine_image_entry_for_image_kernel \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-archlinux.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction archlinux_print_help() {\n\tcat <...\n\nDescription:\n This script updates the Arch-Linux image location in the specified templates.\n If the image location in the template contains a release date in the URL, the script replaces it with the latest available date.\n\n Image location basename format: Arch-Linux--cloudimg[-.].qcow2\n\n Published Arch-Linux image information is fetched from the following URLs:\n\n x86_64:\n listing: https://gitlab.archlinux.org/api/v4/projects/archlinux%2Farch-boxes/packages\n details: https://gitlab.archlinux.org/api/v4/projects/archlinux%2Farch-boxes/packages/:package_id/package_files\n\n aarch64:\n https://github.com/mcginty/arch-boxes-arm/releases/\n\n Using 'gh' CLI tool for fetching the latest release from GitHub.\n\nExamples:\n Update the Arch-Linux image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the Arch-Linux image location in ~/.lima/archlinux/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") ~/.lima/archlinux/lima.yaml\n $ limactl factory-reset archlinux\n\nFlags:\n -h, --help Print this help message\nHELP\n}\n\n# print the URL spec for the given location\n# shellcheck disable=SC2034\nfunction archlinux_url_spec_from_location() {\n\tlocal location=$1 location_basename arch flavor source date_and_ci_job_id='' file_extension\n\tlocation_basename=$(basename \"${location}\")\n\tarch=$(echo \"${location_basename}\" | cut -d- -f3)\n\tflavor=$(echo \"${location_basename}\" | cut -d- -f4 | cut -d. -f1)\n\tcase \"${location}\" in\n\thttps://geo.mirror.pkgbuild.com/images/*)\n\t\tsource=\"geo.mirror.pkgbuild.com\"\n\t\tlocal -r date_and_ci_job_id_pattern='[0-9]{8}\\.[0-9]+'\n\t\tif [[ ${location} =~ ${date_and_ci_job_id_pattern} ]]; then\n\t\t\tdate_and_ci_job_id=\"${BASH_REMATCH[0]}\"\n\t\tfi\n\t\tif [[ ${location_basename} =~ ${date_and_ci_job_id_pattern} ]]; then\n\t\t\tfile_extension=${location_basename##*\"${BASH_REMATCH[0]}\".}\n\t\telse\n\t\t\tfile_extension=${location_basename#*.}\n\t\tfi\n\t\t;;\n\thttps://github.com/mcginty/arch-boxes-arm/releases/download/*)\n\t\tsource=\"github.com/mcginty/arch-boxes-arm\"\n\t\tlocal -r date_pattern='[0-9]{8}'\n\t\tif [[ ${location} =~ ${date_pattern} ]]; then\n\t\t\tdate_and_ci_job_id=\"${BASH_REMATCH[0]}\"\n\t\t\tfile_extension=${location_basename#*\"${date_and_ci_job_id}\".*.}\n\t\telse\n\t\t\terror_exit \"Failed to extract date from ${location}\"\n\t\tfi\n\t\t;;\n\t*)\n\t\t# Unsupported location\n\t\treturn 1\n\t\t;;\n\tesac\n\tjson_vars source arch flavor date_and_ci_job_id file_extension\n}\n\n# print the location for the given URL spec\nfunction archlinux_location_from_url_spec() {\n\tlocal url_spec=$1 source arch flavor date_and_ci_job_id file_extension location=''\n\tsource=$(jq -r '.source' <<<\"${url_spec}\")\n\tarch=$(jq -r '.arch' <<<\"${url_spec}\")\n\tflavor=$(jq -r '.flavor' <<<\"${url_spec}\")\n\tdate_and_ci_job_id=$(jq -r '.date_and_ci_job_id' <<<\"${url_spec}\")\n\n\tfile_extension=$(jq -r '.file_extension' <<<\"${url_spec}\")\n\tcase \"${source}\" in\n\tgeo.mirror.pkgbuild.com)\n\t\tlocation=\"https://geo.mirror.pkgbuild.com/images/\"\n\t\tif [[ -n ${date_and_ci_job_id} ]]; then\n\t\t\tlocation+=\"v${date_and_ci_job_id}/Arch-Linux-${arch}-${flavor}-${date_and_ci_job_id}.${file_extension}\"\n\t\telse\n\t\t\tlocation+=\"latest/Arch-Linux-${arch}-${flavor}.${file_extension}\"\n\t\tfi\n\t\t;;\n\tgithub.com/mcginty/arch-boxes-arm) ;;\n\t*)\n\t\terror_exit \"Unsupported source: ${source}\"\n\t\t;;\n\tesac\n\techo \"${location}\"\n}\n\n# returns the image entry for the latest image in the gitlab mirror\nfunction archlinux_image_entry_for_image_kernel_gitlab_mirror() {\n\tlocal location=$1 url_spec=$2 arch flavor date_and_ci_job_id gitlab_package_api_base latest_package_id jq_filter latest_package_file file_name digest updated_url_spec\n\tarch=$(jq -r '.arch' <<<\"${url_spec}\")\n\tif ! jq -e '.date_and_ci_job_id' <<<\"${url_spec}\" >/dev/null; then\n\t\tjson_vars location arch\n\t\treturn 1\n\tfi\n\tflavor=$(jq -r '.flavor' <<<\"${url_spec}\")\n\tdate_and_ci_job_id=$(jq -r '.date_and_ci_job_id' <<<\"${url_spec}\")\n\tfile_extension=$(jq -r '.file_extension' <<<\"${url_spec}\")\n\tgitlab_package_api_base=\"https://gitlab.archlinux.org/api/v4/projects/archlinux%2Farch-boxes/packages\"\n\tlatest_package_id=$(curl --silent --show-error \"${gitlab_package_api_base}\" | jq -r 'last|.id') || error_exit \"Failed to fetch latest package_id\"\n\tjq_filter=\"\n .[]|select(.file_name|test(\\\"^Arch-Linux-${arch}-${flavor}-.*\\\\\\.${file_extension}\\$\\\"))\n \"\n\tlatest_package_file=$(curl -s \"${gitlab_package_api_base}/${latest_package_id}/package_files\" | jq -r \"${jq_filter}\") ||\n\t\terror_exit \"Failed to fetch latest package_file\"\n\tfile_name=$(jq -r '.file_name' <<<\"${latest_package_file}\")\n\tdigest=\"sha256:$(jq -r '.file_sha256' <<<\"${latest_package_file}\")\"\n\tlocal -r date_and_ci_job_id_pattern='[0-9]{8}\\.[0-9]+'\n\t[[ ${file_name} =~ ${date_and_ci_job_id_pattern} ]] || error_exit \"Failed to extract date_and_ci_job_id from ${file_name}\"\n\tdate_and_ci_job_id=\"${BASH_REMATCH[0]}\"\n\tupdated_url_spec=$(json_vars date_and_ci_job_id <<<\"${url_spec}\")\n\tlocation=$(archlinux_location_from_url_spec \"${updated_url_spec}\")\n\tlocation=$(validate_url_without_redirect \"${location}\")\n\tjson_vars location arch digest\n}\n\n# returns the image entry for the latest image in the GitHub repo\nfunction archlinux_image_entry_for_image_kernel_github_com() {\n\tlocal location=$1 url_spec=$2 arch flavor file_extension repo jq_filter latest_location downloaded_img digest\n\tarch=$(jq -r '.arch' <<<\"${url_spec}\")\n\tif ! jq -e '.date_and_ci_job_id' <<<\"${url_spec}\" >/dev/null; then\n\t\tjson_vars location arch\n\t\treturn 1\n\tfi\n\tflavor=$(jq -r '.flavor' <<<\"${url_spec}\")\n\tfile_extension=$(jq -r '.file_extension' <<<\"${url_spec}\")\n\tcommand -v gh >/dev/null || error_exit \"gh is required for fetching the latest release from GitHub, but it's not installed\"\n\tlocal -r repo_pattern='github.com/(.*)/releases/download/(.*)'\n\tif [[ ${location} =~ ${repo_pattern} ]]; then\n\t\trepo=\"${BASH_REMATCH[1]}\"\n\telse\n\t\terror_exit \"Failed to extract repo and release from ${location}\"\n\tfi\n\tjq_filter=\".assets[]|select(.name|test(\\\"^Arch-Linux-${arch}-${flavor}-.*\\\\\\.${file_extension}\\$\\\"))|.url\"\n\tlatest_location=$(gh release view --repo \"${repo}\" --json assets --jq \"${jq_filter}\")\n\t[[ -n ${latest_location} ]] || error_exit \"Failed to fetch the latest release URL from ${repo}\"\n\tif [[ ${location} == \"${latest_location}\" ]]; then\n\t\tjson_vars location arch\n\t\treturn\n\tfi\n\tlocation=${latest_location}\n\tdownloaded_img=$(download_to_cache_without_redirect \"${latest_location}\")\n\t# shellcheck disable=SC2034\n\tdigest=\"sha512:$(sha512sum \"${downloaded_img}\" | cut -d' ' -f1)\"\n\tjson_vars location arch digest\n}\n\nfunction archlinux_cache_key_for_image_kernel() {\n\tlocal location=$1 url_spec\n\turl_spec=$(archlinux_url_spec_from_location \"${location}\")\n\tjq -r '[\"archlinux\", .source, .arch, .date_and_ci_job_id // empty]|join(\":\")' <<<\"${url_spec}\"\n}\n\nfunction archlinux_image_entry_for_image_kernel() {\n\tlocal location=$1 url_spec source image_entry=''\n\turl_spec=$(archlinux_url_spec_from_location \"${location}\")\n\tsource=$(jq -r '.source' <<<\"${url_spec}\")\n\tcase \"${source}\" in\n\tgeo.mirror.pkgbuild.com)\n\t\timage_entry=$(archlinux_image_entry_for_image_kernel_gitlab_mirror \"${location}\" \"${url_spec}\")\n\t\t;;\n\tgithub.com/mcginty/arch-boxes-arm)\n\t\timage_entry=$(archlinux_image_entry_for_image_kernel_github_com \"${location}\" \"${url_spec}\")\n\t\t;;\n\t*) error_exit \"Unsupported source: ${source}\" ;;\n\tesac\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"archlinux\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"archlinux\")\n\tfi\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding=\"{}\"\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\tarchlinux_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\n\t[[ -z ${overriding} ]] && overriding=\"{}\"\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\tarchlinux_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tarchlinux_cache_key_for_image_kernel \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\tarchlinux_image_entry_for_image_kernel \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-centos-stream.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction centos_print_help() {\n\tcat <] ...\n\nDescription:\n This script updates the CentOS Stream image location in the specified templates.\n If the image location in the template contains a release date in the URL, the script replaces it with the latest available date.\n\n Image location basename format: CentOS-Stream-GenericCloud--[latest|.0]..qcow2\n\n Published CentOS Stream image information is fetched from the following URLs:\n\n https://cloud.centos.org/centos/-stream//images/\n\n To parsing html, this script requires 'htmlq' or 'pup' command.\n The downloaded files will be cached in the Lima cache directory.\n\nExamples:\n Update the CentOS Stream image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the CentOS Stream image location in ~/.lima/centos/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") ~/.lima/centos/lima.yaml\n $ limactl factory-reset centos\n\n Update the CentOS Stream image location to 9-Stream in ~/.lima/centos/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --version 9-stream ~/.lima/centos/lima.yaml\n $ limactl factory-reset centos\n\nFlags:\n --version Use the specified version. The version must be 8 or later.\n -h, --help Print this help message\nHELP\n}\n\n# print the URL spec for the given location\nfunction centos_url_spec_from_location() {\n\tlocal location=$1 jq_filter url_spec\n\tjq_filter='capture(\n\t\t\"^https://cloud\\\\.centos\\\\.org/centos/(?\\\\d+)-stream/(?[^/]+)/images/\" +\n\t\t\"CentOS-Stream-(?.*)-(?\\\\d+(\\\\.[.\\\\d]+)?)-\" +\n\t\t\"(latest|(?\\\\d{8}\\\\.\\\\d+))\\\\.(?[^.]+).(?.*)$\"\n\t;\"x\")'\n\turl_spec=$(jq -e -r \"${jq_filter}\" <<<\"\\\"${location}\\\"\")\n\tjq -e '.path_version == .version' <<<\"${url_spec}\" >/dev/null ||\n\t\terror_exit \"Validation failed: .path_version != .version: ${location}\"\n\tjq -e '.path_arch == .arch' <<<\"${url_spec}\" >/dev/null ||\n\t\terror_exit \"Validation failed: .path_arch != .arch: ${location}\"\n\techo \"${url_spec}\"\n}\n\nreadonly centos_jq_filter_directory='\"https://cloud.centos.org/centos/\\(.version)-stream/\\(.path_arch)/images/\"'\nreadonly centos_jq_filter_filename='\"CentOS-Stream-\\(.target_vendor)-\\(.version)-\\(.date_and_ci_job_id // \"latest\").\\(.arch).\\(.file_extension)\"'\n\n# print the location for the given URL spec\nfunction centos_location_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${centos_jq_filter_directory} + ${centos_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the location for ${url_spec}\"\n}\n\nfunction centos_image_directory_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${centos_jq_filter_directory}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image directory for ${url_spec}\"\n}\n\nfunction centos_image_filename_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${centos_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image filename for ${url_spec}\"\n}\n\n#\nfunction centos_latest_image_entry_for_url_spec() {\n\tlocal url_spec=$1 version arch image_directory downloaded_page links_in_page latest_info\n\tversion=$(jq -r '.version' <<<\"${url_spec}\")\n\tarch=$(jq -r '.arch' <<<\"${url_spec}\")\n\timage_directory=$(centos_image_directory_from_url_spec \"${url_spec}\")\n\tdownloaded_page=$(download_to_cache \"${image_directory}\")\n\tif command -v htmlq >/dev/null; then\n\t\tlinks_in_page=$(htmlq 'td.indexcolname a' --attribute href <\"${downloaded_page}\")\n\telif command -v pup >/dev/null; then\n\t\tlinks_in_page=$(pup 'td[class=indexcolname] a attr{href}' <\"${downloaded_page}\")\n\telse\n\t\terror_exit \"Please install 'htmlq' or 'pup' to list images from https://cloud.centos.org/centos/${version}/${arch}/images/\"\n\tfi\n\tlatest_info=$(jq -e -Rrs --argjson spec \"${url_spec}\" '\n\t\t[\n\t\t\tsplit(\"\\n\").[] |\n\t\t\tcapture(\n\t\t\t\t\"^CentOS-Stream-\\($spec.target_vendor)-\\($spec.version)-(?\\\\d{8}\\\\.\\\\d+)\\\\.\\($spec.arch)\\\\.\\($spec.file_extension)$\"\n\t\t\t\t;\"x\"\n\t\t\t)\n\t\t] | sort_by(.date_and_ci_job_id) | last\n\t' <<<\"${links_in_page}\")\n\t[[ -n ${latest_info} ]] || return\n\tlocal newer_url_spec location sha256sum_location downloaded_sha256sum filename digest\n\tnewer_url_spec=$(jq -e -r \". + ${latest_info}\" <<<\"${url_spec}\")\n\tlocation=$(centos_location_from_url_spec \"${newer_url_spec}\")\n\tsha256sum_location=\"${location}.SHA256SUM\"\n\tdownloaded_sha256sum=$(download_to_cache \"${sha256sum_location}\")\n\tfilename=$(centos_image_filename_from_url_spec \"${newer_url_spec}\")\n\tdigest=\"sha256:$(awk \"/SHA256 \\(${filename}\\) =/{print \\$4}\" \"${downloaded_sha256sum}\")\"\n\t[[ -n ${digest} ]] || error_exit \"Failed to get the SHA256 digest for ${filename}\"\n\tjson_vars location arch digest\n}\n\nfunction centos_cache_key_for_image_kernel() {\n\tlocal location=$1 url_spec\n\turl_spec=$(centos_url_spec_from_location \"${location}\")\n\tjq -r '[\"centos\", .version, .target_vendor,\n\t\tif .date_and_ci_job_id then \"timestamped\" else \"latest\" end,\n\t\t.arch, .file_extension] | join(\":\")' <<<\"${url_spec}\"\n}\n\nfunction centos_image_entry_for_image_kernel() {\n\tlocal location=$1 kernel_is_not_supported=$2 overriding=${3:-\"{}\"} url_spec image_entry=''\n\t[[ ${kernel_is_not_supported} == \"null\" ]] || echo \"Updating kernel information is not supported on CentOS Stream\" >&2\n\turl_spec=$(centos_url_spec_from_location \"${location}\" | jq -r \". + ${overriding}\")\n\tif jq -e '.date_and_ci_job_id' <<<\"${url_spec}\" >/dev/null; then\n\t\timage_entry=$(centos_latest_image_entry_for_url_spec \"${url_spec}\")\n\telse\n\t\timage_entry=$(\n\t\t\t# shellcheck disable=SC2030\n\t\t\tlocation=$(centos_location_from_url_spec \"${url_spec}\")\n\t\t\tlocation=$(validate_url_without_redirect \"${location}\")\n\t\t\tarch=$(jq -r '.path_arch' <<<\"${url_spec}\")\n\t\t\tjson_vars location arch\n\t\t)\n\tfi\n\t# shellcheck disable=SC2031\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\tif ! command -v htmlq >/dev/null && ! command -v pup >/dev/null; then\n\t\terror_exit \"Please install 'htmlq' or 'pup' to list images from https://cloud.centos.org/centos///images/\"\n\tfi\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif ! command -v htmlq >/dev/null && ! command -v pup >/dev/null; then\n\t\techo \"Please install 'htmlq' or 'pup' to list images from https://cloud.centos.org/centos///images/\" >&2\n\telif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"centos\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"centos\")\n\tfi\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding=\"{}\"\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\tcentos_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t--version)\n\t\tif [[ -n $2 && $2 != -* ]]; then\n\t\t\toverriding=$(\n\t\t\t\tversion=\"${2%%-*}\"\n\t\t\t\t[[ ${version} -ge 8 ]] || error_exit \"CentOS Stream version must be 8 or later\"\n\t\t\t\tjson_vars version <<<\"${overriding}\"\n\t\t\t)\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version requires a value\"\n\t\tfi\n\t\t;;\n\t--version=*)\n\t\toverriding=$(\n\t\t\tversion=\"${1#*=}\"\n\t\t\tversion=\"${version%%-*}\"\n\t\t\t[[ ${version} -ge 8 ]] || error_exit \"CentOS Stream version must be 8 or later\"\n\t\t\tjson_vars version <<<\"${overriding}\"\n\t\t)\n\t\t;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\n\t[[ -z ${overriding} ]] && overriding=\"{}\"\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\tcentos_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tcentos_cache_key_for_image_kernel \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\tcentos_image_entry_for_image_kernel \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-debian.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction debian_print_help() {\n\tcat <]] [--daily[=]] [--timestamped[=]] [--version ] ...\n\nDescription:\n This script updates the Debian image location in the specified templates.\n If the image location in the template contains a release date in the URL, the script replaces it with the latest available date.\n If no flags are specified, the script uses the version from the image location basename in the template.\n\n Image location basename format: debian-[-backports]-genericcloud-[-daily][-].qcow2\n\n Published Debian image information is fetched from the following URLs:\n\n https://cloud.debian.org/images/cloud/[-backports]/[daily/](latest|)/debian-[-backports]-genericcloud-[-daily][-].json\n\n The downloaded JSON file will be cached in the Lima cache directory.\n\nExamples:\n Update the Debian image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the Debian image location in ~/.lima/debian/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") ~/.lima/debian/lima.yaml\n $ limactl factory-reset debian\n\n Update the Debian image location to debian-13-genericcloud-.qcow2 in ~/.lima/debian/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --version trixie ~/.lima/debian/lima.yaml\n $ limactl factory-reset debian\n\nFlags:\n --backports[=] Use the backports image\n The boolean value can be true, false, 1, or 0\n --daily[=] Use the daily image\n --timestamped[=] Use the timestamped image\n --version Use the specified version\n The version can be a codename, version number, or alias (testing, stable, oldstable)\n -h, --help Print this help message\nHELP\n}\n\nreadonly debian_base_url=https://cloud.debian.org/images/cloud/\n\nreadonly debian_target_vendor=genericcloud\n\nreadonly -A debian_version_to_codename=(\n\t[10]=buster\n\t[11]=bullseye\n\t[12]=bookworm\n\t[13]=trixie\n\t[14]=forky\n)\n\ndeclare -A debian_codename_to_version\nfunction debian_setup_codename_to_version() {\n\tlocal version codename\n\tfor version in \"${!debian_version_to_codename[@]}\"; do\n\t\tcodename=${debian_version_to_codename[${version}]}\n\t\tdebian_codename_to_version[${codename}]=\"${version}\"\n\tdone\n\treadonly -A debian_codename_to_version\n}\ndebian_setup_codename_to_version\n\nreadonly -A debian_alias_to_codename=(\n\t[testing]=trixie\n\t[stable]=bookworm\n\t[oldstable]=bullseye\n)\n\n# debian_downloaded_json downloads the JSON file for the given url_spec(JSON) and caches it\n# e.g.\n# ```console\n# debian_downloaded_json '{\"backports\":false,\"daily\":false,\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\"}'\n#\n# ```\nfunction debian_downloaded_json() {\n\tlocal url_spec=$1 json_url_spec json_url\n\tjson_url_spec=$(jq -r '. | del(.timestamp) | .file_extension = \"json\"' <<<\"${url_spec}\") || error_exit \"Failed to create JSON URL spec\"\n\tjson_url=$(debian_location_from_url_spec \"${json_url_spec}\")\n\tdownload_to_cache \"${json_url}\"\n}\n\nfunction debian_digest_from_upload_entry() {\n\tlocal upload_entry=$1 debian_digest digest\n\tdebian_digest=$(jq -e -r '.metadata.annotations.\"cloud.debian.org/digest\"' <<<\"${upload_entry}\") ||\n\t\terror_exit \"Failed to get the digest from ${upload_entry}\"\n\tcase \"${debian_digest%:*}\" in\n\tsha512) digest=$(echo \"${debian_digest#*:}==\" | base64 -d | xxd -p -c -) ||\n\t\terror_exit \"Failed to decode the digest from ${debian_digest}\" ;;\n\t*) error_exit \"Unsupported digest type: ${debian_digest%:*}\" ;;\n\tesac\n\techo \"${debian_digest/:*/:}${digest}\"\n}\n\n# debian_image_url_timestamped prints the latest image URL and its digest for the given flavor, version, arch, and path suffix.\nfunction debian_image_url_timestamped() {\n\tlocal url_spec=$1 debian_downloaded_json jq_filter upload_entry timestamp timestamped_url_spec location arch digest\n\tdebian_downloaded_json=$(debian_downloaded_json \"${url_spec}\")\n\t# shellcheck disable=SC2016\n\tjq_filter='\n\t\t[.items[]|select(.kind == \"Upload\")|\n\t\tselect(.metadata.labels.\"upload.cloud.debian.org/image-format\" == $ARGS.named.url_spec.image_format)]|first\n\t'\n\tupload_entry=$(jq -e -r --argjson url_spec \"${url_spec}\" \"${jq_filter}\" \"${debian_downloaded_json}\") ||\n\t\terror_exit \"Failed to find the upload entry from ${debian_downloaded_json}\"\n\ttimestamp=$(jq -e -r '.metadata.labels.\"cloud.debian.org/version\"' <<<\"${upload_entry}\") ||\n\t\terror_exit \"Failed to get the timestamp from ${upload_entry}\"\n\ttimestamped_url_spec=$(json_vars timestamp <<<\"${url_spec}\")\n\tlocation=$(debian_location_from_url_spec \"${timestamped_url_spec}\")\n\tlocation=$(validate_url_without_redirect \"${location}\")\n\tarch=$(jq -e -r '.arch' <<<\"${url_spec}\") || error_exit \"missing arch in ${url_spec}\"\n\tarch=$(limayaml_arch \"${arch}\")\n\tdigest=$(debian_digest_from_upload_entry \"${upload_entry}\")\n\tjson_vars location arch digest\n}\n\n# debian_image_url_not_timestamped prints the release image URL for the given url_spec(JSON)\nfunction debian_image_url_not_timestamped() {\n\tlocal url_spec=$1 location arch\n\tlocation=$(debian_location_from_url_spec \"${url_spec}\")\n\tlocation=$(validate_url_without_redirect \"${location}\")\n\tarch=$(jq -e -r '.arch' <<<\"${url_spec}\") || error_exit \"missing arch in ${url_spec}\"\n\tarch=$(limayaml_arch \"${arch}\")\n\tjson_vars location arch\n}\n\n# debian_version_resolve_aliases resolves the version aliases.\n# e.g.\n# ```console\n# debian_version_resolve_aliases testing\n# 13\n# debian_version_resolve_aliases stable\n# 12\n# debian_version_resolve_aliases oldstable\n# 11\n# debian_version_resolve_aliases bookworm\n# 12\n# debian_version_resolve_aliases 10\n# 10\n# debian_version_resolve_aliases ''\n#\n# ```\nfunction debian_version_resolve_aliases() {\n\tlocal version=$1\n\t[[ -v debian_alias_to_codename[${version}] ]] && version=${debian_alias_to_codename[${version}]}\n\t[[ -v debian_codename_to_version[${version}] ]] && version=${debian_codename_to_version[${version}]}\n\t[[ -v debian_version_to_codename[${version}] ]] || error_exit \"Unsupported version: ${version}\"\n\t[[ -z ${version} ]] || echo \"${version}\"\n}\n\nfunction debian_arch_from_location_basename() {\n\tlocal location=$1 location_basename arch\n\tlocation_basename=$(basename \"${location}\")\n\tlocation_basename=${location_basename/-backports/}\n\tarch=$(echo \"${location_basename}\" | cut -d- -f4 | cut -d. -f1)\n\t[[ -n ${arch} ]] || error_exit \"Failed to get arch from ${location}\"\n\techo \"${arch}\"\n}\n\nfunction debian_file_extension_from_location_basename() {\n\tlocal location=$1 location_basename file_extension\n\tlocation_basename=$(basename \"${location}\")\n\tfile_extension=$(echo \"${location_basename}\" | cut -d. -f2-) # remove the first field\n\t[[ -n ${file_extension} ]] || error_exit \"Failed to get file extension from ${location}\"\n\techo \"${file_extension}\"\n}\n\nfunction debian_image_format_from_file_extension() {\n\tlocal file_extension=$1\n\tcase \"${file_extension}\" in\n\tjson) echo \"json\" ;;\n\tqcow2) echo \"qcow2\" ;;\n\traw) echo \"raw\" ;;\n\ttar.xz) echo \"internal\" ;;\n\t*) error_exit \"Unsupported file extension: ${file_extension}\" ;;\n\tesac\n}\n\n# debian_url_spec_from_location returns the URL spec for the given location.\n# If the location is not supported, it returns 1.\n# e.g.\n# ```console\n# debian_url_spec_from_location https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-amd64.qcow2\n# {\"backports\":false,\"daily\":false,\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\",\"image_format\":\"qcow2\"}\n# debian_url_spec_from_location https://cloud.debian.org/images/cloud/bookworm/20241004-1890/debian-12-generic-amd64-20241004-1890.qcow2\n# {\"backports\":false,\"daily\":false,\"timestamp\":\"20241019-1905\",\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\",\"image_format\":\"qcow2\"}\n# debian_url_spec_from_location https://cloud.debian.org/images/cloud/bookworm/daily/latest/debian-12-genericcloud-amd64-daily.qcow2\n# {\"backports\":false,\"daily\":true,\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\",\"image_format\":\"qcow2\"}\n# debian_url_spec_from_location https://cloud.debian.org/images/cloud/bookworm/daily/20241019-1905/debian-12-genericcloud-amd64-daily-20241019-1905.qcow2\n# {\"backports\":false,\"daily\":true,\"timestamp\":\"20241019-1905\",\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\",\"image_format\":\"qcow2\"}\n# debian_url_spec_from_location https://cloud.debian.org/images/cloud/bookworm-backports/latest/debian-12-backports-genericcloud-amd64.qcow2\n# {\"backports\":true,\"daily\":false,\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\",\"image_format\":\"qcow2\"}\n# debian_url_spec_from_location https://cloud.debian.org/images/cloud/bookworm-backports/20241004-1890/debian-12-backports-genericcloud-amd64-20241004-1890.qcow2\n# {\"backports\":true,\"daily\":false,\"timestamp\":\"20241019-1905\",\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\",\"image_format\":\"qcow2\"}\n# debian_url_spec_from_location https://cloud.debian.org/images/cloud/bookworm-backports/daily/latest/debian-12-backports-genericcloud-amd64-daily.qcow2\n# {\"backports\":true,\"daily\":true,\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\",\"image_format\":\"qcow2\"}\n# debian_url_spec_from_location https://cloud.debian.org/images/cloud/bookworm-backports/daily/20241019-1905/debian-12-backports-genericcloud-amd64-daily-20241019-1905.qcow2\n# {\"backports\":true,\"daily\":true,\"timestamp\":\"20241019-1905\",\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\",\"image_format\":\"qcow2\"}\n# ```\n# shellcheck disable=SC2034\nfunction debian_url_spec_from_location() {\n\tlocal location=$1 backports=false daily=false timestamp='' codename version='' arch file_extension image_format\n\tlocal -r timestamp_pattern='[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]'\n\tcase \"${location}\" in\n\t${debian_base_url}*-backports/*) backports=true ;;&\n\t${debian_base_url}*/daily/*) daily=true ;;&\n\t${debian_base_url}*/${timestamp_pattern}/*) [[ ${location} =~ ${timestamp_pattern} ]] && timestamp=${BASH_REMATCH[0]} ;;\n\t${debian_base_url}*/latest/*) timestamp='' ;;\n\t*)\n\t\t# echo \"Unsupported image location: ${location}\" >&2\n\t\treturn 1\n\t\t;;\n\tesac\n\tcodename=$(echo \"${location#\"${debian_base_url}\"}\" | cut -d/ -f1 | cut -d- -f1)\n\t[[ -v debian_codename_to_version[${codename}] ]] || error_exit \"Unknown codename: ${codename}\"\n\tversion=${debian_codename_to_version[${codename}]}\n\tarch=$(debian_arch_from_location_basename \"${location}\")\n\tfile_extension=$(debian_file_extension_from_location_basename \"${location}\")\n\timage_format=$(debian_image_format_from_file_extension \"${file_extension}\")\n\tjson_vars backports daily timestamp version arch file_extension image_format\n}\n\n# debian_location_from_url_spec returns the location for the given URL spec.\n# e.g.\n# ```console\n# debian_location_from_url_spec '{\"backports\":false,\"daily\":false,\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\"}'\n# https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-amd64.qcow2\n# debian_location_from_url_spec '{\"backports\":false,\"daily\":false,\"timestamp\":\"20241019-1905\",\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\"}'\n# https://cloud.debian.org/images/cloud/bookworm/20241019-1905/debian-12-generic-amd64-20241019-1905.qcow2\n# debian_location_from_url_spec '{\"backports\":false,\"daily\":true,\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\"}'\n# https://cloud.debian.org/images/cloud/bookworm/daily/latest/debian-12-genericcloud-amd64-daily.qcow2\n# debian_location_from_url_spec '{\"backports\":false,\"daily\":true,\"timestamp\":\"20241019-1905\",\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\"}'\n# https://cloud.debian.org/images/cloud/bookworm/daily/20241019-1905/debian-12-generic-amd64-daily-20241019-1905.qcow2\n# debian_location_from_url_spec '{\"backports\":true,\"daily\":false,\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\"}'\n# https://cloud.debian.org/images/cloud/bookworm-backports/latest/debian-12-backports-genericcloud-amd64.qcow2\n# debian_location_from_url_spec '{\"backports\":true,\"daily\":false,\"timestamp\":\"20241019-1905\",\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\"}'\n# https://cloud.debian.org/images/cloud/bookworm-backports/20241019-1905/debian-12-backports-genericcloud-amd64-20241019-1905.qcow2\n# debian_location_from_url_spec '{\"backports\":true,\"daily\":true,\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\"}'\n# https://cloud.debian.org/images/cloud/bookworm-backports/daily/latest/debian-12-backports-genericcloud-amd64-daily.qcow2\n# debian_location_from_url_spec '{\"backports\":true,\"daily\":true,\"timestamp\":\"20241019-1905\",\"version\":12,\"arch\":\"amd64\",\"file_extension\":\"qcow2\"}'\n# https://cloud.debian.org/images/cloud/bookworm-backports/daily/20241019-1905/debian-12-backports-genericcloud-amd64-daily-20241019-1905.qcow2\n# ```\nfunction debian_location_from_url_spec() {\n\tlocal url_spec=$1 base_url version backports daily timestamp arch file_extension\n\tbase_url=${debian_base_url}\n\tversion=$(jq -e -r '.version' <<<\"${url_spec}\")\n\t[[ -v debian_version_to_codename[${version}] ]] || error_exit \"Unsupported version: ${version}\"\n\tbase_url+=${debian_version_to_codename[${version}]}\n\tbackports=$(jq -r 'if .backports then \"-backports\" else empty end' <<<\"${url_spec}\")\n\tbase_url+=${backports}/\n\tdaily=$(jq -r 'if .daily then \"daily\" else empty end' <<<\"${url_spec}\")\n\tbase_url+=${daily:+${daily}/}\n\ttimestamp=$(jq -r 'if .timestamp then .timestamp else empty end' <<<\"${url_spec}\")\n\tbase_url+=${timestamp:-latest}/\n\tarch=$(jq -e -r '.arch' <<<\"${url_spec}\")\n\tfile_extension=$(jq -e -r '.file_extension' <<<\"${url_spec}\")\n\tbase_url+=debian-${version}${backports}-${debian_target_vendor}-${arch}${daily:+-${daily}}${timestamp:+-${timestamp}}.${file_extension}\n\techo \"${base_url}\"\n}\n\n# debian_cache_key_for_image_kernel_overriding returns the cache key for the given location, kernel_location, flavor, and version.\n# If the image location is not supported, it returns 1.\n# kernel_location is not validated.\n# e.g.\n# ```console\n# debian_cache_key_for_image_kernel_overriding https://cloud-images.debian.com/minimal/releases/24.04/release-20210914/debian-24.04-minimal-cloudimg-amd64.img\n# debian_latest_24.04-minimal-amd64-release-.img\n# debian_cache_key_for_image_kernel_overriding https://cloud-images.debian.com/minimal/releases/24.04/release-20210914/debian-24.04-minimal-cloudimg-amd64.img https://...\n# debian_latest_with_kernel_24.04-minimal-amd64-release-.img\n# debian_cache_key_for_image_kernel_overriding https://cloud-images.debian.com/releases/24.04/release/debian-24.04-server-cloudimg-amd64.img null\n# debian_release_24.04-server-amd64-.img\n# ```\nfunction debian_cache_key_for_image_kernel_overriding() {\n\tlocal location=$1 kernel_location=${2:-null} url_spec with_kernel='' version backports arch daily timestamped file_extension\n\turl_spec=$(debian_url_spec_from_location \"${location}\")\n\t[[ ${kernel_location} != \"null\" ]] && with_kernel=_with_kernel\n\tversion=$(jq -r '.version|if . then \"-\\(.)\" else empty end' <<<\"${url_spec}\")\n\tbackports=$(jq -r 'if .backports then \"-backports\" else empty end' <<<\"${url_spec}\")\n\tarch=$(jq -e -r '.arch' <<<\"${url_spec}\")\n\tdaily=$(jq -r 'if .daily then \"-daily\" else empty end' <<<\"${url_spec}\")\n\ttimestamped=$(jq -r 'if .timestamp then \"-timestamped\" else empty end' <<<\"${url_spec}\")\n\tfile_extension=$(jq -e -r '.file_extension' <<<\"${url_spec}\")\n\techo \"debian${with_kernel}${version}${backports}-${debian_target_vendor}-${arch}${daily}${timestamped}.${file_extension}\"\n}\n\nfunction debian_image_entry_for_image_kernel_overriding() {\n\tlocal location=$1 kernel_location=$2 overriding=${3:-\"{}\"} url_spec timestamped\n\t[[ ${kernel_location} == \"null\" ]] || error_exit \"Updating image with kernel is not supported\"\n\turl_spec=$(debian_url_spec_from_location \"${location}\" | jq -r \". + ${overriding}\")\n\ttimestamped=$(jq -r 'if .timestamp then \"timestamped\" else \"not_timestamped\" end' <<<\"${url_spec}\")\n\n\tlocal image_entry\n\timage_entry=$(debian_image_url_\"${timestamped}\" \"${url_spec}\")\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"debian\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"debian\")\n\tfi\n\t# required functions for Debian\n\tfunction debian_cache_key_for_image_kernel() { debian_cache_key_for_image_kernel_overriding \"$@\"; }\n\tfunction debian_image_entry_for_image_kernel() { debian_image_entry_for_image_kernel_overriding \"$@\"; }\n\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding=\"{}\"\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\tdebian_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t--backports | --daily | --timestamped)\n\t\toverriding=$(json \"${1#--}\" true <<<\"${overriding}\")\n\t\t;;\n\t--backports=* | --daily=* | --timestamped=*)\n\t\toverriding=$(\n\t\t\tkey=${1#--} value=$(validate_boolean \"${1#*=}\")\n\t\t\tjson \"${key%%=*}\" \"${value}\" <<<\"${overriding}\"\n\t\t)\n\t\t;;\n\t--version)\n\t\tif [[ -n $2 && $2 != -* ]]; then\n\t\t\toverriding=$(\n\t\t\t\tversion=$(debian_version_resolve_aliases \"$2\")\n\t\t\t\tjson_vars version <<<\"${overriding}\"\n\t\t\t)\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version requires a value\"\n\t\tfi\n\t\t;;\n\t--version=*)\n\t\toverriding=$(\n\t\t\tversion=$(debian_version_resolve_aliases \"${1#*=}\")\n\t\t\tjson_vars version <<<\"${overriding}\"\n\t\t)\n\t\t;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\n\t[[ -z ${overriding} ]] && overriding=\"{}\"\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\tdebian_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tdebian_cache_key_for_image_kernel_overriding \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\tdebian_image_entry_for_image_kernel_overriding \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-fedora.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction fedora_print_help() {\n\tcat <|release|development[/]|rawhide)] ...\n\nDescription:\n This script updates the Fedora Linux image location in the specified templates.\n Image location basename format:\n\n Fedora-Cloud-Base[-]--..qcow2\n Fedora-Cloud-Base[-].--.qcow2\n\n Published Fedora Linux image information is fetched from the following URL:\n\n ${fedora_image_list_url}\n\n The downloaded files will be cached in the Lima cache directory.\n\nExamples:\n Update the Fedora Linux image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the Fedora Linux image location to version 41 in ~/.lima/fedora/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --version 41 ~/.lima/fedora/lima.yaml\n $ limactl factory-reset fedora\n\nFlags:\n --version Use the specified version.\n The version must be , 'release', 'development[/]', or 'rawhide'.\n -h, --help Print this help message\nHELP\n}\n\n# print the URL spec for the given location\nfunction fedora_url_spec_from_location() {\n\tlocal location=$1 jq_filter url_spec\n\tjq_filter='capture(\"\n\t\t\t^https://download\\\\.fedoraproject\\\\.org/pub/fedora/linux/(?(releases|development)/(\\\\d+|rawhide))/Cloud/(?[^/]+)/images/\n\t\t\tFedora-Cloud-Base(?-Generic)?(\n\t\t\t\t(-(?\\\\d+|Rawhide)-(?[^-]+)(?\\\\.[^.]+))|\n\t\t\t\t((?\\\\.[^-]+)-(?\\\\d+|Rawhide)-(?[^-]+))\n\t\t\t)\\\\.(?.*)$\n\t\t\";\"x\") |\n\t\t.version = (.version_before_arch // .version_after_arch) |\n\t\t.build_info = (.build_info_before_arch // .build_info_after_arch ) |\n\t\tmap_values(. // empty) # remove null values\n\t'\n\turl_spec=$(jq -e -r \"${jq_filter}\" <<<\"\\\"${location}\\\"\")\n\techo \"${url_spec}\"\n}\n\nreadonly fedora_jq_filter_directory='\"https://download.fedoraproject.org/pub/fedora/linux/\\(.path_version)/Cloud/\\(.path_arch)/images/\"'\nreadonly fedora_jq_filter_filename='\n\t\"Fedora-Cloud-Base\\(.target_vendor // \"\")\\(.arch_prefix // \"\")-\\(.version)-\\(.build_info)\\(.arch_postfix // \"\").\\(.file_extension)\"\n'\n\nreadonly fedora_jq_filter_checksum_filename='\n\t\"Fedora-Cloud-\\(\n\t\tif .path_version|startswith(\"development/\") then\n\t\t\t\"images-\\(.version)-\\(.path_arch)-\\(.build_info)\"\n\t\telse\n\t\t\t\"\\(.version)-\\(.build_info)-\\(.path_arch)\"\n\t\tend\n\t)-CHECKSUM\"\n'\n\n# print the location for the given URL spec\nfunction fedora_location_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${fedora_jq_filter_directory} + ${fedora_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the location for ${url_spec}\"\n}\n\nfunction fedora_image_directory_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${fedora_jq_filter_directory}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image directory for ${url_spec}\"\n}\n\nfunction fedora_image_filename_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${fedora_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image filename for ${url_spec}\"\n}\n\nfunction fedora_image_checksum_filename_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${fedora_jq_filter_checksum_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the checksum filename for ${url_spec}\"\n}\n\nreadonly fedora_image_list_url='https://dl.fedoraproject.org/pub/fedora/imagelist-fedora'\n#\nfunction fedora_latest_image_entry_for_url_spec() {\n\tlocal url_spec=$1 arch image_list spec_for_query latest_version_info\n\t# shellcheck disable=SC2034\n\tarch=$(jq -r '.path_arch' <<<\"${url_spec}\")\n\timage_list=$(download_to_cache \"${fedora_image_list_url}\")\n\tspec_for_query=$(jq -r '. | {path_version, path_arch, file_extension}' <<<\"${url_spec}\")\n\tlatest_version_info=$(jq -e -Rrs --argjson spec \"${spec_for_query}\" '\n\t\t[\n\t\t\tsplit(\"\\n\").[] |\n\t\t\tcapture(\"\n\t\t\t\t^\\\\./linux/(?\\($spec.path_version))/Cloud/\\($spec.path_arch)/images/\n\t\t\t\tFedora-Cloud-Base(?-Generic)?(\n\t\t\t\t\t-(?\\\\d+|Rawhide)-(?[^-]+)(?\\\\.\\($spec.path_arch))|\n\t\t\t\t\t(?\\\\.\\($spec.path_arch))-(?\\\\d+|Rawhide)-(?[^-]+)\n\t\t\t\t)\\\\.\\($spec.file_extension)$\n\t\t\t\";\"x\") |\n\t\t\t.version = (.version_before_arch // .version_after_arch) |\n\t\t\t.build_info = (.build_info_before_arch // .build_info_after_arch) |\n\t\t\t# do not remove null values. we need them for creating newer_url_spec\n\t\t\t# map_values(. // empty) |\n\t\t\t.version_number_array = ([(if (.version|test(\"\\\\d+\")) then (.version|tonumber) else .version end)] + [.build_info | scan(\"\\\\d+\") | tonumber])\n\t\t] | sort_by(.version_number_array) | last\n\t' <\"${image_list}\" || error_exit \"Failed to get the latest version info for ${spec_for_query}\")\n\t[[ -n ${latest_version_info} ]] || return\n\tlocal newer_url_spec directory filename location sha512sum_location downloaded_sha256sum digest\n\t# prefer the v. in the path\n\tnewer_url_spec=$(jq -e -r \". + ${latest_version_info}\" <<<\"${url_spec}\")\n\tdirectory=$(fedora_image_directory_from_url_spec \"${newer_url_spec}\")\n\tfilename=$(fedora_image_filename_from_url_spec \"${newer_url_spec}\")\n\tlocation=\"${directory}${filename}\"\n\t# validate the location. use original url since the location may be redirected to some mirror\n\tlocation=$(validate_url_without_redirect \"${location}\")\n\tsha512sum_location=\"${directory}$(fedora_image_checksum_filename_from_url_spec \"${newer_url_spec}\")\"\n\t# download the checksum file and get the sha256sum\n\t# cache original url since the checksum file may be redirected to some mirror\n\tdownloaded_sha256sum=$(download_to_cache_without_redirect \"${sha512sum_location}\")\n\tdigest=\"sha256:$(awk \"/SHA256 \\(${filename}\\) =/{print \\$4}\" \"${downloaded_sha256sum}\")\"\n\t[[ -n ${digest} ]] || error_exit \"Failed to get the digest for ${filename}\"\n\tjson_vars location arch digest\n}\n\nfunction fedora_cache_key_for_image_kernel() {\n\tlocal location=$1 url_spec\n\turl_spec=$(fedora_url_spec_from_location \"${location}\")\n\tjq -r '[\"fedora\", .path_version, .target_vendor, .path_arch, .file_extension] | join(\":\")' <<<\"${url_spec}\"\n}\n\nfunction fedora_image_entry_for_image_kernel() {\n\tlocal location=$1 kernel_is_not_supported=$2 overriding=${3:-'{}'} url_spec image_entry=''\n\t[[ ${kernel_is_not_supported} == \"null\" ]] || echo \"Updating kernel information is not supported on Fedora Linux\" >&2\n\turl_spec=$(fedora_url_spec_from_location \"${location}\" | jq -r \". + ${overriding}\")\n\timage_entry=$(fedora_latest_image_entry_for_url_spec \"${url_spec}\")\n\t# shellcheck disable=SC2031\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"fedora\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"fedora\")\n\tfi\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding='{}'\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\tfedora_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t--version)\n\t\tif [[ -n ${2:-} && $2 != -* ]]; then\n\t\t\tversion=\"$2\"\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version requires a value\"\n\t\tfi\n\t\t;&\n\t--version=*)\n\t\tversion=${version:-${1#*=}}\n\t\toverriding=$(\n\t\t\t[[ ${version} =~ ^[0-9]+$ ]] && path_version=\"releases/${version}\"\n\t\t\t[[ ${version} =~ ^releases?$ ]] && path_version=\"releases/\\d+\"\n\t\t\t[[ ${version} == \"development\" ]] && path_version=\"development/\\d+\"\n\t\t\t[[ ${version} =~ ^(releases|development)/([0-9]+)$ ]] && path_version=\"${version}\"\n\t\t\t[[ ${version} =~ ^(development/)?rawhide$ ]] && path_version=\"development/rawhide\"\n\t\t\t[[ -n ${path_version:-} ]] ||\n\t\t\t\terror_exit \"The version must be , 'release', 'development[/'], or 'rawhide'.\"\n\t\t\tjson_vars path_version <<<\"${overriding}\"\n\t\t)\n\t\t;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\n\t[[ -z ${overriding} ]] && overriding=\"{}\"\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\tfedora_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tfedora_cache_key_for_image_kernel \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\tfedora_image_entry_for_image_kernel \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-freebsd.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction freebsd_print_help() {\n\tcat <.] ...\n\nDescription:\n This script updates the FreeBSD image location in the specified templates.\n Image location basename format:\n\n FreeBSD--RELEASE-[-BASIC-CLOUDINIT]-..xz\n\n Published FreeBSD image information is fetched from the following URL:\n\n ${freebsd_archive_url}\n\n The downloaded files will be cached in the Lima cache directory.\n\nExamples:\n Update the FreeBSD image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the FreeBSD image location to version 14.3 in ~/.lima/freebsd/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --version 14.3 ~/.lima/freebsd/lima.yaml\n $ limactl factory-reset freebsd\n\nFlags:\n --version . Use the specified . version.\n -h, --help Print this help message\nHELP\n}\n\n# ftp-archive.freebsd.org doesn't seem to support HTTPS\nreadonly freebsd_archive_url='http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/VM-IMAGES/'\n\n# freebsd_url_spec_from_location prints the URL spec for the given location.\n# If the location is not supported, it returns 1.\n# e.g.\n# ```console\n# freebsd_url_spec_from_location http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/VM-IMAGES/15.0-RELEASE/amd64/Latest/FreeBSD-15.0-RELEASE-amd64-BASIC-CLOUDINIT-zfs.raw.xz\n# {\"version\":\"15.0\",\"dir_arch\":\"amd64\",\"filename_arch\":\"amd64\",\"cloudinit\":true,\"fs\":\"zfs\",\"format\":\"raw\"}\n# freebsd_url_spec_from_location http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/VM-IMAGES/15.0-RELEASE/aarch64/Latest/FreeBSD-15.0-RELEASE-arm64-aarch64-BASIC-CLOUDINIT-zfs.raw.xz\n# {\"version\":\"15.0\",\"dir_arch\":\"aarch64\",\"filename_arch\":\"arm64-aarch64\",\"cloudinit\":true,\"fs\":\"zfs\",\"format\":\"raw\"}\n# ```\nfunction freebsd_url_spec_from_location() {\n\tlocal location=$1 jq_filter url_spec\n\tjq_filter='capture(\"\n\t\t^http://ftp-archive\\\\.freebsd\\\\.org/pub/FreeBSD-Archive/old-releases/VM-IMAGES/\n\t\t(?\\\\d+\\\\.\\\\d+)-RELEASE/(?[^/]+)/Latest/\n\t\tFreeBSD-\\\\d+\\\\.\\\\d+-RELEASE-(?arm64-aarch64|riscv-riscv64|amd64)\n\t\t(?-BASIC-CLOUDINIT)?-(?zfs|ufs)\\\\.(?raw|qcow2)\\\\.xz$\n\t\";\"x\") | .cloudinit = (.cloudinit != null)\n\t'\n\turl_spec=$(jq -e -r \"${jq_filter}\" <<<\"\\\"${location}\\\"\")\n\techo \"${url_spec}\"\n}\n\nreadonly freebsd_jq_filter_directory='\"http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/VM-IMAGES/\\(.version)-RELEASE/\\(.dir_arch)/Latest/\"'\nreadonly freebsd_jq_filter_filename='\n\t\"FreeBSD-\\(.version)-RELEASE-\\(.filename_arch)\\(if .cloudinit then \"-BASIC-CLOUDINIT\" else \"\" end)-\\(.fs).\\(.format).xz\"\n'\n\n# freebsd_location_from_url_spec prints the location for the given URL spec.\nfunction freebsd_location_from_url_spec() {\n\tlocal url_spec=$1\n\tjq -e -r \"${freebsd_jq_filter_directory} + ${freebsd_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the location for ${url_spec}\"\n}\n\nfunction freebsd_directory_from_url_spec() {\n\tlocal url_spec=$1\n\tjq -e -r \"${freebsd_jq_filter_directory}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the directory for ${url_spec}\"\n}\n\nfunction freebsd_filename_from_url_spec() {\n\tlocal url_spec=$1\n\tjq -e -r \"${freebsd_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the filename for ${url_spec}\"\n}\n\nfunction freebsd_latest_image_entry_for_url_spec() {\n\tlocal url_spec=$1 releases_page latest_version newer_url_spec location filename checksum_url downloaded_checksum digest arch\n\treleases_page=$(download_to_cache \"${freebsd_archive_url}\")\n\n\t# Find the latest RELEASE version with the same major version as in url_spec\n\tlatest_version=$(jq -e -Rrs --argjson spec \"${url_spec}\" '\n\t\t[\n\t\t\tsplit(\"\\n\").[] |\n\t\t\tselect(test(\"href=\\\"\\\\d+\\\\.\\\\d+-RELEASE/\\\"\")) |\n\t\t\tcapture(\"href=\\\"(?\\\\d+\\\\.\\\\d+)-RELEASE/\\\"\") |\n\t\t\t.ver |\n\t\t\tselect((split(\".\")[0] | tonumber) == ($spec.version | split(\".\")[0] | tonumber))\n\t\t] |\n\t\tsort_by(split(\".\") | map(tonumber)) |\n\t\tlast\n\t' <\"${releases_page}\") ||\n\t\terror_exit \"No RELEASE found for FreeBSD $(jq -r '.version | split(\".\")[0]' <<<\"${url_spec}\").x in ${freebsd_archive_url}\"\n\t[[ -n ${latest_version} ]] || return\n\tnewer_url_spec=$(jq -e -r \". + {version: \\\"${latest_version}\\\"}\" <<<\"${url_spec}\")\n\tfilename=$(freebsd_filename_from_url_spec \"${newer_url_spec}\")\n\tchecksum_url=\"$(freebsd_directory_from_url_spec \"${newer_url_spec}\")CHECKSUM.SHA256\"\n\tdownloaded_checksum=$(download_to_cache \"${checksum_url}\")\n\tdigest=\"sha256:$(awk \"/SHA256 \\\\(${filename}\\\\) =/{print \\$4}\" \"${downloaded_checksum}\")\"\n\t[[ -n ${digest} ]] || error_exit \"Failed to get the digest for ${filename}\"\n\tlocation=$(freebsd_location_from_url_spec \"${newer_url_spec}\")\n\tlocation=$(validate_url \"${location}\")\n\tarch=$(jq -e -r '.dir_arch' <<<\"${newer_url_spec}\")\n\tarch=$(limayaml_arch \"${arch}\")\n\tjson_vars location arch digest\n}\n\nfunction freebsd_cache_key_for_image_kernel() {\n\tlocal location=$1 url_spec\n\turl_spec=$(freebsd_url_spec_from_location \"${location}\")\n\tjq -r '[\"freebsd\", (.version | split(\".\")[0]), .dir_arch, (if .cloudinit then \"cloudinit\" else \"\" end), .fs, .format] | join(\":\")' <<<\"${url_spec}\"\n}\n\nfunction freebsd_image_entry_for_image_kernel() {\n\tlocal location=$1 kernel_is_not_supported=$2 overriding=${3:-'{}'} url_spec image_entry=''\n\t[[ ${kernel_is_not_supported} == \"null\" ]] || echo \"Updating kernel information is not supported on FreeBSD\" >&2\n\turl_spec=$(freebsd_url_spec_from_location \"${location}\" | jq -r \". + ${overriding}\")\n\timage_entry=$(freebsd_latest_image_entry_for_url_spec \"${url_spec}\")\n\t# shellcheck disable=SC2031\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"freebsd\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"freebsd\")\n\tfi\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding='{}'\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\tfreebsd_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t--version)\n\t\tif [[ -n ${2:-} && $2 != -* ]]; then\n\t\t\tversion=\"$2\"\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version requires a value\"\n\t\tfi\n\t\t;&\n\t--version=*)\n\t\tversion=${version:-${1#*=}}\n\t\toverriding=$(\n\t\t\t[[ ${version} =~ ^[0-9]+\\.[0-9]+$ ]] ||\n\t\t\t\terror_exit \"The version must be in the format .\"\n\t\t\tjson_vars version <<<\"${overriding}\"\n\t\t)\n\t\t;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\n\t[[ -z ${overriding} ]] && overriding=\"{}\"\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\tfreebsd_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tfreebsd_cache_key_for_image_kernel \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\tfreebsd_image_entry_for_image_kernel \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-macos.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction macos_print_help() {\n\tcat <...\n\nDescription:\n This script updates the macOS image location in the specified templates.\n Image location format:\n\n https://updates.cdn-apple.com/.../UniversalMac___Restore.ipsw\n\n Published macOS image information (URL and SHA256 digest) is fetched from\n the ipsw.me API:\n\n https://api.ipsw.me/v4/device/VirtualMac2,1\n\n The downloaded JSON will be cached in the Lima cache directory.\n\nExamples:\n Update the macOS image location in templates/_images/macos-*.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/_images/macos-*.yaml\n\nFlags:\n -h, --help Print this help message\nHELP\n}\n\n# URL of the ipsw.me device API endpoint for Apple Virtual Machine 1 (VirtualMac2,1).\n# This returns all available macOS IPSW firmwares with URL and SHA256 digest.\nreadonly macos_ipsw_me_device_url=\"https://api.ipsw.me/v4/device/VirtualMac2,1\"\n\n# macos_url_spec_from_location prints the URL spec for the given location.\n# If the location is not a macOS IPSW URL from Apple's CDN, it returns 1.\n# e.g.\n# ```console\n# macos_url_spec_from_location https://updates.cdn-apple.com/2025SummerFCS/fullrestores/082-08674/51294E4D-A273-44BE-A280-A69FC347FB87/UniversalMac_15.6_24G84_Restore.ipsw\n# {\"version\":\"15.6\",\"major_version\":\"15\",\"build\":\"24G84\"}\n# macos_url_spec_from_location https://updates.cdn-apple.com/2025SummerFCS/fullrestores/093-10809/CFD6DD38-DAF0-40DA-854F-31AAD1294C6F/UniversalMac_15.6.1_24G90_Restore.ipsw\n# {\"version\":\"15.6.1\",\"major_version\":\"15\",\"build\":\"24G90\"}\n# ```\nfunction macos_url_spec_from_location() {\n\tlocal location=$1 jq_filter url_spec\n\tjq_filter='capture(\"\n\t\t^https://updates\\\\.cdn-apple\\\\.com/[^/]+/fullrestores/[^/]+/[^/]+/\n\t\tUniversalMac_(?(?\\\\d+)(?:\\\\.\\\\d+)+)_(?[^_]+)_Restore\\\\.ipsw$\n\t\";\"x\")\n\t'\n\turl_spec=$(jq -e -r \"${jq_filter}\" <<<\"\\\"${location}\\\"\")\n\techo \"${url_spec}\"\n}\n\n# macos_latest_image_entry_for_url_spec prints the latest image entry for the given URL spec.\n# e.g.\n# ```console\n# macos_latest_image_entry_for_url_spec '{\"major_version\":\"15\"}'\n# {\"location\":\"https://updates.cdn-apple.com/.../UniversalMac_15.6.1_24G90_Restore.ipsw\",\"arch\":\"aarch64\",\"digest\":\"sha256:...\"}\n# ```\nfunction macos_latest_image_entry_for_url_spec() {\n\tlocal url_spec=$1 major_version ipsw_me_file latest_entry location digest arch=\"aarch64\"\n\tmajor_version=$(jq -r '.major_version' <<<\"${url_spec}\")\n\tipsw_me_file=$(download_to_cache \"${macos_ipsw_me_device_url}\")\n\tlatest_entry=$(jq -e -r --arg major \"${major_version}\" '\n\t\t.firmwares |\n\t\t[.[] | select(.version | test(\"^\" + $major + \"\\\\.\"))] |\n\t\tsort_by(.releasedate) |\n\t\tlast\n\t' \"${ipsw_me_file}\")\n\t[[ -n ${latest_entry} && ${latest_entry} != \"null\" ]] ||\n\t\terror_exit \"Failed to get the latest macOS ${major_version} image from ${macos_ipsw_me_device_url}\"\n\tlocation=$(jq -r '.url' <<<\"${latest_entry}\")\n\tdigest=$(jq -r '.sha256sum // \"\" | if . != \"\" then \"sha256:\" + . else \"\" end' <<<\"${latest_entry}\")\n\tjson_vars location arch digest\n}\n\nfunction macos_cache_key_for_image_kernel() {\n\tlocal location=$1 url_spec\n\turl_spec=$(macos_url_spec_from_location \"${location}\")\n\tjq -r '[\"macos\", .major_version] | join(\":\")' <<<\"${url_spec}\"\n}\n\nfunction macos_image_entry_for_image_kernel() {\n\tlocal location=$1 kernel_is_not_supported=$2 url_spec image_entry=''\n\t[[ ${kernel_is_not_supported} == \"null\" ]] || echo \"Updating kernel information is not supported on macOS\" >&2\n\turl_spec=$(macos_url_spec_from_location \"${location}\")\n\timage_entry=$(macos_latest_image_entry_for_url_spec \"${url_spec}\")\n\t# shellcheck disable=SC2031\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"macos\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"macos\")\n\tfi\n\treturn 0\nfi\n\ndeclare -a templates=()\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\tmacos_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\tmacos_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tmacos_cache_key_for_image_kernel \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\tmacos_image_entry_for_image_kernel \"${location}\" \"${kernel_location}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-opensuse.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction opensuse_print_help() {\n\tcat <.|current|stable|tumbleweed)|--version-major --version-minor ] ...\n\nDescription:\n This script updates the openSUSE Linux image location in the specified templates.\n Image location basename format:\n\n openSUSE-(Leap-|Tumbleweed)-Minimal-VM.-Cloud.qcow2\n\n Published openSUSE Linux image information is fetched from the following URLs:\n\n Leap:\n\t .: https://download.opensuse.org/distribution/leap/./appliances/?jsontable\n\t current: https://download.opensuse.org/distribution/openSUSE-current/appliances/?jsontable\n\t stable: https://download.opensuse.org/distribution/openSUSE-stable/appliances/?jsontable\n\n Tumbleweed:\n x86_64: https://download.opensuse.org/tumbleweed/appliances/?jsontable\n\t not x86_64: https://download.opensuse.org/ports//tumbleweed/appliances/?jsontable\n\n The downloaded files will be cached in the Lima cache directory.\n\nExamples:\n Update the openSUSE Linux image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the openSUSE Linux image location to version 15.6 in ~/.lima/opensuse/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --version-major-minor 15.6 ~/.lima/opensuse/lima.yaml\n $ limactl factory-reset opensuse\n\n Update the openSUSE Linux image location to tumbleweed in ~/.lima/opensuse/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --version-major-minor tumbleweed ~/.lima/opensuse/lima.yaml\n $ limactl factory-reset opensuse\n\nFlags:\n --version-major-minor (.|current|stable|tumbleweed) Use the specified . version or\n aliases \"current\", \"stable\", or \"tumbleweed\".\n The . version must be 15.0 or later.\n --version-major --version-minor Use the specified and version.\n -h, --help Print this help message\nHELP\n}\n\n# print the URL spec for the given location\nfunction opensuse_url_spec_from_location() {\n\tlocal location=$1 jq_filter url_spec\n\tjq_filter='capture(\"\n\t\t^https://download\\\\.opensuse\\\\.org/(?:\n\t\t\tdistribution/(?:\n\t\t\t\tleap/(?\\\\d+\\\\.\\\\d+)|\n\t\t\t\topenSUSE-(?current|stable)\n\t\t\t)|\n\t\t\t(?:ports/aarch64/)?(?tumbleweed)\n\t\t)/appliances/\n\t\topenSUSE-(?Leap-\\\\d+\\\\.\\\\d+|Tumbleweed)-Minimal-VM\n\t\t\\\\.(?[^-]+)(?-\\\\d+\\\\.\\\\d+\\\\.\\\\d+)?-(?.*)(?-Build\\\\d+\\\\.\\\\d+)?\\\\.(?.*)$\n\t\";\"x\") |\n\t.path_version = (.path_version_leap // .path_version_leap_alias // .path_version_tumbleweed)\n\t'\n\turl_spec=$(jq -e -r \"${jq_filter}\" <<<\"\\\"${location}\\\"\")\n\techo \"${url_spec}\"\n}\n\nreadonly opensuse_jq_filter_directory='\"https://download.opensuse.org/\\(\n\tif .path_version == \"tumbleweed\" then\n\t\tif .arch != \"x86_64\" then\n\t\t\t\"ports/\\(.arch)/\"\n\t\telse\n\t\t\t\"\"\n\t\tend + \"tumbleweed\"\n\telse\n\t\t\"distribution/\" +\n\t\tif .path_version == \"current\" or .path_version == \"stable\" then\n\t\t\t\"openSUSE-\\(.path_version)\"\n\t\telse\n\t\t\t\"leap/\\(.path_version)\"\n\t\tend\n\tend\n)/appliances/\"'\nreadonly opensuse_jq_filter_filename='\n\t\"openSUSE-\\(\n\t\tif .version == \"tumbleweed\" then \"Tumbleweed\" else \"Leap-\\(.version)\" end\n\t)-Minimal-VM.\\(.arch)\\(\n\t\tif .major_minor_patch then .major_minor_patch else \"\" end\n\t)-\\(.target_vendor)\\(\n\t\tif .build_info then .build_info else \"\" end\n\t).\\(.file_extension)\"\n'\n\n# print the location for the given URL spec\nfunction opensuse_location_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${opensuse_jq_filter_directory} + ${opensuse_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the location for ${url_spec}\"\n}\n\nfunction opensuse_image_directory_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${opensuse_jq_filter_directory}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image directory for ${url_spec}\"\n}\n\nfunction opensuse_image_filename_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${opensuse_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image filename for ${url_spec}\"\n}\n\nfunction opensuse_json_url_from_url_spec() {\n\tlocal -r url_spec=$1\n\tlocal json_url\n\tjson_url=\"$(opensuse_image_directory_from_url_spec \"${url_spec}\")?jsontable\"\n\techo \"${json_url}\"\n}\n\n#\nfunction opensuse_latest_image_entry_for_url_spec() {\n\tlocal url_spec=$1 arch json_url downloaded_json latest_version_info\n\t# shellcheck disable=SC2034\n\tarch=$(jq -r '.arch' <<<\"${url_spec}\")\n\tjson_url=\"$(opensuse_image_directory_from_url_spec \"${url_spec}\")?jsontable\"\n\tdownloaded_json=$(download_to_cache \"${json_url}\")\n\tlatest_version_info=$(jq -e -r --argjson spec \"${url_spec}\" '\n\t\t[\n\t\t\t.data |sort_by(.mtime)|.[].name|\n\t\t\tif $spec.major_minor_patch then\n\t\t\t\tcapture(\n\t\t\t\t\t\"^openSUSE-(?:Leap-(?\\\\d+\\\\.\\\\d+)|(?Tumbleweed))-Minimal-VM\n\t\t\t\t\t\\\\.\\($spec.arch)(?-\\\\d+\\\\.\\\\d+\\\\.\\\\d+)?-\\($spec.target_vendor)(?-Build\\\\d+\\\\.\\\\d+)?\\\\.\\($spec.file_extension)$\"\n\t\t\t\t\t;\"x\"\n\t\t\t\t)\n\t\t\telse\n\t\t\t\tcapture(\n\t\t\t\t\t\"^openSUSE-(?:Leap-(?\\\\d+\\\\.\\\\d+)|(?Tumbleweed))-Minimal-VM\n\t\t\t\t\t\\\\.\\($spec.arch)-\\($spec.target_vendor)\\\\.\\($spec.file_extension)$\"\n\t\t\t\t\t;\"x\"\n\t\t\t\t)\n\t\t\tend |\n\t\t\t.version = (.version_leap // (.version_tumbleweed|ascii_downcase)) |\n\t\t\t.version_number_array = ([.version | scan(\"\\\\d+\") | tonumber])\n\t\t] | sort_by(.version_number_array, .image_revision) | last\n\t' <\"${downloaded_json}\")\n\t[[ -n ${latest_version_info} ]] || return\n\tlocal newer_url_spec location\n\t# prefer the . in the path\n\tnewer_url_spec=$(jq -e -r \". + ${latest_version_info} | .path_version = .version\" <<<\"${url_spec}\")\n\tlocation=$(opensuse_location_from_url_spec \"${newer_url_spec}\")\n\tlocation=$(validate_url_without_redirect \"${location}\")\n\n\t# Digest is not used here because URLs containing dates are not retained long-term.\n\t# Instead, URLs without dates must be used, and their content is often updated without a URL change,\n\t# resulting in only the digest being updated. Therefore, recording the digest is not meaningful.\n\t#\n\t# local sha256sum_location downloaded_sha256sum filename digest\n\t# sha256sum_location=\"${location}.sha256\"\n\t# downloaded_sha256sum=$(download_to_cache \"${sha256sum_location}\")\n\t# filename=$(opensuse_image_filename_from_url_spec \"${newer_url_spec}\")\n\t# digest=\"sha256:$(awk '{print $1}' <\"${downloaded_sha256sum}\")\"\n\t# [[ -n ${digest} ]] || error_exit \"Failed to get the digest for ${filename}\"\n\tjson_vars location arch # digest\n}\n\nfunction opensuse_cache_key_for_image_kernel() {\n\tlocal location=$1 url_spec\n\turl_spec=$(opensuse_url_spec_from_location \"${location}\")\n\tjq -r '[\"opensuse\", .path_version, .target_vendor, .arch, .file_extension] | join(\":\")' <<<\"${url_spec}\"\n}\n\nfunction opensuse_image_entry_for_image_kernel() {\n\tlocal location=$1 kernel_is_not_supported=$2 url_spec path_version overriding image_entry=''\n\t[[ ${kernel_is_not_supported} == \"null\" ]] || echo \"Updating kernel information is not supported on openSUSE Linux\" >&2\n\turl_spec=$(opensuse_url_spec_from_location \"${location}\")\n\tpath_version=$(jq -r '.path_version' <<<\"${url_spec}\")\n\tif [[ ${path_version} == \"tumbleweed\" ]]; then\n\t\toverriding=${3:-'{\"path_version\":\"tumbleweed\"}'}\n\telse\n\t\toverriding=${3:-'{\"path_version\":\"stable\"}'}\n\tfi\n\turl_spec=$(jq -r '. + '\"${overriding}\" <<<\"${url_spec}\")\n\timage_entry=$(opensuse_latest_image_entry_for_url_spec \"${url_spec}\")\n\t# shellcheck disable=SC2031\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"opensuse\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"opensuse\")\n\tfi\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding='{}'\ndeclare version_major='' version_minor=''\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\topensuse_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t--version-major-minor)\n\t\tif [[ -n ${2:-} && $2 != -* ]]; then\n\t\t\tversion=\"$2\"\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version-major-minor requires a value\"\n\t\tfi\n\t\t;&\n\t--version-major-minor=*)\n\t\tversion=${version:-${1#*=}}\n\t\toverriding=$(\n\t\t\tversion=\"${version#v}\"\n\t\t\tif [[ ${version} =~ ^v?[0-9]+.[0-9]+ ]]; then\n\t\t\t\tversion=\"$(echo \"${version}\" | cut -d. -f1-2)\"\n\t\t\t\t[[ ${version%%.*} -ge 15 ]] || error_exit \"openSUSE Linux version must be 15.0 or later\"\n\t\t\t\tpath_version=\"${version}\"\n\t\t\telif [[ ${version} == \"current\" || ${version} == \"stable\" || ${version} == \"tumbleweed\" ]]; then\n\t\t\t\tpath_version=${version}\n\t\t\telse\n\t\t\t\terror_exit \"--version-major-minor requires a value in the format ., current, stable, or tumbleweed\"\n\t\t\tfi\n\t\t\tjson_vars path_version <<<\"${overriding}\"\n\t\t)\n\t\t;;\n\t--version-major)\n\t\tif [[ -n ${2:-} && $2 != -* ]]; then\n\t\t\tversion_major=\"$2\"\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version-major requires a value\"\n\t\tfi\n\t\t;&\n\t--version-major=*)\n\t\tversion_major=${version_major:-${1#*=}}\n\t\t[[ ${version_major} =~ ^[0-9]+$ ]] || error_exit \"Please specify --version-major in numbers\"\n\t\t;;\n\t--version-minor)\n\t\tif [[ -n ${2:-} && $2 != -* ]]; then\n\t\t\tversion_minor=\"$2\"\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version-minor requires a value\"\n\t\tfi\n\t\t;&\n\t--version-minor=*)\n\t\tversion_minor=${version_minor:-${1#*=}}\n\t\t[[ ${version_minor} =~ ^[0-9]+$ ]] || error_exit \"Please specify --version-minor in numbers\"\n\t\t;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\n\t[[ -z ${overriding} ]] && overriding=\"{}\"\ndone\n\nif ! jq -e '.path_version' <<<\"${overriding}\" >/dev/null; then # --version-major-minor is not specified\n\tif [[ -n ${version_major} && -n ${version_minor} ]]; then\n\t\t[[ ${version_major} -ge 15 ]] || error_exit \"openSUSE Linux version must be 15.0 or later\"\n\t\t# shellcheck disable=2034\n\t\tpath_version=\"${version_major}.${version_minor}\"\n\t\toverriding=$(json_vars path_version <<<\"${overriding}\")\n\telif [[ -n ${version_major} ]]; then\n\t\terror_exit \"--version-minor is required when --version-major is specified\"\n\telif [[ -n ${version_minor} ]]; then\n\t\terror_exit \"--version-major is required when --version-minor is specified\"\n\tfi\nelif [[ -n ${version_major} || -n ${version_minor} ]]; then # --version-major-minor is specified\n\techo \"Ignoring --version-major and --version-minor because --version-major-minor is specified\" >&2\nfi\n[[ ${overriding} == \"{}\" ]] && overriding=''\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\topensuse_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\topensuse_cache_key_for_image_kernel \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\topensuse_image_entry_for_image_kernel \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-oraclelinux.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction oraclelinux_print_help() {\n\tcat <] ...\n\nDescription:\n This script updates the Oracle Linux image location in the specified templates.\n Image location basename format:\n\n\tOLU_-kvm[-cloud]-b.qcow2\n\n Published Oracle Linux image information is fetched from the following URLs:\n\n\tOL8:\n\t x86_64: https://yum.oracle.com/templates/OracleLinux/ol8-template.json\n\t aarch64: https://yum.oracle.com/templates/OracleLinux/ol8_aarch64-cloud-template.json\n\n\tOL9:\n\t x86_64: https://yum.oracle.com/templates/OracleLinux/ol9-template.json\n\t aarch64: https://yum.oracle.com/templates/OracleLinux/ol9_aarch64-cloud-template.json\n\n\tOL10:\n\t x86_64: https://yum.oracle.com/templates/OracleLinux/ol10-template.json\n\t aarch64: https://yum.oracle.com/templates/OracleLinux/ol10_aarch64-cloud-template.json\n\n The downloaded files will be cached in the Lima cache directory.\n\nExamples:\n Update the Oracle Linux image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the Oracle Linux image location to major version 9 in ~/.lima/oraclelinux/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --version-major 9 ~/.lima/oraclelinux/lima.yaml\n $ limactl factory-reset oraclelinux\n\nFlags:\n --version-major Use the specified Oracle Linux .\n The major version must be 7+ for x86_64 or 8+ for aarch64.\n -h, --help Print this help message\nHELP\n}\n\n# print the URL spec for the given location\nfunction oraclelinux_url_spec_from_location() {\n\tlocal location=$1 jq_filter url_spec\n\tjq_filter='capture(\"\n\t\t^https://yum\\\\.oracle\\\\.com/templates/OracleLinux/OL(?\\\\d+)/u(?\\\\d+)/(?[^/]+)/\n\t\tOL(?\\\\d+)U(?\\\\d+)_(?[^-]+)-(?[^-]+)(?-cloud)?-b(?\\\\d+)\\\\.(?.*)$\n\t\";\"x\")\n\t'\n\turl_spec=$(jq -e -r \"${jq_filter}\" <<<\"\\\"${location}\\\"\")\n\techo \"${url_spec}\"\n}\n\nreadonly oraclelinux_jq_filter_json_url='\n\t\"https://yum.oracle.com/templates/OracleLinux/\" +\n\t\"ol\\(.path_major_version)\\(if .path_arch != \"x86_64\" then \"_\" + .path_arch else \"\" end)\\(.cloud // \"\")-template.json\"\n'\n\nfunction oraclelinux_json_url_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${oraclelinux_jq_filter_json_url}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the JSON url for ${url_spec}\"\n}\n\nfunction oraclelinux_latest_image_entry_for_url_spec() {\n\tlocal url_spec=$1 arch json_url downloaded_json latest_version_info\n\t# shellcheck disable=SC2034\n\tarch=$(jq -r '.arch' <<<\"${url_spec}\")\n\tjson_url=$(oraclelinux_json_url_from_url_spec \"${url_spec}\")\n\tdownloaded_json=$(download_to_cache \"${json_url}\")\n\tlatest_version_info=\"$(jq -e -r --argjson spec \"${url_spec}\" '{\n\t\tlocation: (\"https://yum.oracle.com\" + .base_url + \"/\" + .[$spec.type].image),\n\t\tsha256: (\"sha256:\" + .[$spec.type].sha256)\n\t}' <\"${downloaded_json}\")\"\n\t[[ -n ${latest_version_info} ]] || return\n\tlocal location digest\n\t# prefer the v. in the path\n\tlocation=$(jq -e -r '.location' <<<\"${latest_version_info}\")\n\tlocation=$(validate_url_without_redirect \"${location}\")\n\t# shellcheck disable=SC2034\n\tdigest=$(jq -e -r '.sha256' <<<\"${latest_version_info}\")\n\tjson_vars location arch digest\n}\n\nfunction oraclelinux_cache_key_for_image_kernel() {\n\tlocal location=$1 overriding=${3:-\"{}\"} url_spec\n\turl_spec=$(oraclelinux_url_spec_from_location \"${location}\" | jq -r \". + ${overriding}\")\n\tjq -r '[\"oraclelinux\", .path_major_version, .type, .cloud // empty, .arch, .file_extension] | join(\":\")' <<<\"${url_spec}\"\n}\n\nfunction oraclelinux_image_entry_for_image_kernel() {\n\tlocal location=$1 kernel_is_not_supported=$2 overriding=${3:-\"{}\"} url_spec image_entry=''\n\t[[ ${kernel_is_not_supported} == \"null\" ]] || echo \"Updating kernel information is not supported on Oracle Linux\" >&2\n\turl_spec=$(oraclelinux_url_spec_from_location \"${location}\" | jq -r \". + ${overriding}\")\n\timage_entry=$(oraclelinux_latest_image_entry_for_url_spec \"${url_spec}\")\n\t# shellcheck disable=SC2031\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"oraclelinux\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"oraclelinux\")\n\tfi\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding='{}'\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\toraclelinux_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t--version-major)\n\t\tif [[ -n $2 && $2 != -* ]]; then\n\t\t\toverriding=$(\n\t\t\t\tpath_major_version=\"${2}\"\n\t\t\t\t[[ ${path_major_version} =~ ^[0-9]+$ ]] || error_exit \"Oracle Linux major version must be a number\"\n\t\t\t\t[[ ${path_major_version} -eq 7 ]] && echo 'Oracle Linux major version 7 exists only for x86_64. It may fail for aarch64.' >&2\n\t\t\t\t[[ ${path_major_version} -gt 7 ]] || error_exit \"Oracle Linux major version must be 7+ for x86_64 or 8+ for aarch64\"\n\t\t\t\tjson_vars path_major_version <<<\"${overriding}\"\n\t\t\t)\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version-major requires a value\"\n\t\tfi\n\t\t;;\n\t--version-major=*)\n\t\toverriding=$(\n\t\t\tpath_major_version=\"${1#*=}\"\n\t\t\t[[ ${path_major_version} =~ ^[0-9]+$ ]] || error_exit \"Oracle Linux major version must be a number\"\n\t\t\t[[ ${path_major_version} -eq 7 ]] && echo 'Oracle Linux major version 7 exists only for x86_64. It may fail for aarch64.' >&2\n\t\t\t[[ ${path_major_version} -gt 7 ]] || error_exit \"Oracle Linux major version must be 7+ for x86_64 or 8+ for aarch64\"\n\t\t\tjson_vars path_major_version <<<\"${overriding}\"\n\t\t)\n\t\t;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\n\t[[ -z ${overriding} ]] && overriding=\"{}\"\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\toraclelinux_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\toraclelinux_cache_key_for_image_kernel \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\toraclelinux_image_entry_for_image_kernel \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-rocky.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction rocky_print_help() {\n\tcat <] ...\n\nDescription:\n This script updates the Rocky Linux image location in the specified templates.\n If the image location in the template contains a minor version, release date, and job id in the URL,\n the script replaces it with the latest available minor version, release date, and job id.\n\n Image location basename format:\n\n Rocky--GenericCloud[.latest|-.latest|-.-.]..qcow2\n\n Published Rocky Linux image information is fetched from the following URLs:\n\n https://dl.rockylinux.org/pub/rocky//images//\n\n To parsing html, this script requires 'htmlq' or 'pup' command.\n The downloaded files will be cached in the Lima cache directory.\n\nExamples:\n Update the Rocky Linux image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the Rocky Linux image location in ~/.lima/rocky/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") ~/.lima/rocky/lima.yaml\n $ limactl factory-reset rocky\n\n Update the Rocky Linux image location to major version 9 in ~/.lima/rocky/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --version-major 9 ~/.lima/rocky/lima.yaml\n $ limactl factory-reset rocky\n\nFlags:\n --version-major Use the specified version. The version must be 8 or later.\n -h, --help Print this help message\nHELP\n}\n\n# print the URL spec for the given location\nfunction rocky_url_spec_from_location() {\n\tlocal location=$1 jq_filter url_spec\n\tjq_filter='capture(\"\n\t\t^https://dl\\\\.rockylinux\\\\.org/pub/rocky/(?\\\\d+(\\\\.\\\\d+)?)/images/(?[^/]+)/\n\t\tRocky-(?\\\\d+)-(?.*)\n\t\t(\n\t\t\t-(?.*)-(?\\\\d+\\\\.\\\\d+)-(?\\\\d{8}\\\\.\\\\d+)|\n\t\t\t-(?.*)\\\\.latest|\n\t\t\t\\\\.latest\n\t\t)\\\\.(?[^.]+).(?.*)$\n\t\";\"x\")\n\t'\n\turl_spec=$(jq -e -r \"${jq_filter}\" <<<\"\\\"${location}\\\"\")\n\n\tjq -e '.path_arch == .arch' <<<\"${url_spec}\" >/dev/null ||\n\t\terror_exit \"Validation failed: .path_arch != .arch: ${location}\"\n\techo \"${url_spec}\"\n}\n\nreadonly rocky_jq_filter_directory='\"https://dl.rockylinux.org/pub/rocky/\\(.path_version)/images/\\(.path_arch)/\"'\nreadonly rocky_jq_filter_filename='\n\t\"Rocky-\\(.major_version)-\\(.target_vendor)\\(\n\t\tif .date_and_ci_job_id then\n\t\t\t\"-\\(.type)-\\(.major_minor_version)-\\(.date_and_ci_job_id)\"\n\t\telse\n\t\t\tif .type then\n\t\t\t\t\"-\\(.type_latest).latest\"\n\t\t\telse\n\t\t\t\t\".latest\"\n\t\t\tend\n\t\tend\n\t).\\(.arch).\\(.file_extension)\"\n'\n\n# print the location for the given URL spec\nfunction rocky_location_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${rocky_jq_filter_directory} + ${rocky_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the location for ${url_spec}\"\n}\n\nfunction rocky_image_directory_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${rocky_jq_filter_directory}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image directory for ${url_spec}\"\n}\n\nfunction rocky_image_filename_from_url_spec() {\n\tlocal -r url_spec=$1\n\tjq -e -r \"${rocky_jq_filter_filename}\" <<<\"${url_spec}\" ||\n\t\terror_exit \"Failed to get the image filename for ${url_spec}\"\n}\n\n#\nfunction rocky_latest_image_entry_for_url_spec() {\n\tlocal url_spec=$1 arch major_version_url_spec major_version_image_directory downloaded_page links_in_page latest_minor_version_info\n\tarch=$(jq -r '.arch' <<<\"${url_spec}\")\n\t# to detect minor version updates, we need to get the major version URL\n\tmajor_version_url_spec=$(jq -e -r '.path_version = .major_version' <<<\"${url_spec}\")\n\tmajor_version_image_directory=$(rocky_image_directory_from_url_spec \"${major_version_url_spec}\")\n\tdownloaded_page=$(download_to_cache \"${major_version_image_directory}\")\n\tif command -v htmlq >/dev/null; then\n\t\tlinks_in_page=$(htmlq 'pre a' --attribute href <\"${downloaded_page}\")\n\telif command -v pup >/dev/null; then\n\t\tlinks_in_page=$(pup 'pre a attr{href}' <\"${downloaded_page}\")\n\telse\n\t\terror_exit \"Please install 'htmlq' or 'pup' to list images from ${major_version_image_directory}\"\n\tfi\n\tlatest_minor_version_info=$(jq -e -Rrs --argjson spec \"${url_spec}\" '\n\t\t[\n\t\t\tsplit(\"\\n\").[] |\n\t\t\tcapture(\n\t\t\t\t\"^Rocky-\\($spec.major_version)-\\($spec.target_vendor)-\\($spec.type)\" +\n\t\t\t\t\"-(?\\($spec.major_version)\\\\.\\\\d+)\" +\n\t\t\t\t\"-(?\\\\d{8}\\\\.\\\\d+)\\\\.\\($spec.arch)\\\\.\\($spec.file_extension)$\"\n\t\t\t\t;\"x\"\n\t\t\t) |\n\t\t\t.version_number_array = ([.major_minor_version | scan(\"\\\\d+\") | tonumber])\n\t\t] | sort_by(.version_number_array, .date_and_ci_job_id) | last\n\t' <<<\"${links_in_page}\")\n\t[[ -n ${latest_minor_version_info} ]] || return\n\tlocal newer_url_spec location sha256sum_location downloaded_sha256sum filename digest\n\t# prefer the major_minor_version in the path\n\tnewer_url_spec=$(jq -e -r \". + ${latest_minor_version_info} | .path_version = .major_minor_version\" <<<\"${url_spec}\")\n\tlocation=$(rocky_location_from_url_spec \"${newer_url_spec}\")\n\tsha256sum_location=\"${location}.CHECKSUM\"\n\tdownloaded_sha256sum=$(download_to_cache \"${sha256sum_location}\")\n\tfilename=$(rocky_image_filename_from_url_spec \"${newer_url_spec}\")\n\tdigest=\"sha256:$(awk \"/SHA256 \\(${filename}\\) =/{print \\$4}\" \"${downloaded_sha256sum}\")\"\n\t[[ -n ${digest} ]] || error_exit \"Failed to get the SHA256 digest for ${filename}\"\n\tjson_vars location arch digest\n}\n\nfunction rocky_cache_key_for_image_kernel() {\n\tlocal location=$1 url_spec\n\turl_spec=$(rocky_url_spec_from_location \"${location}\")\n\tjq -r '[\"rocky\", .major_minor_version // .major_version, .target_vendor,\n\t\tif .date_and_ci_job_id then \"timestamped\" else \"latest\" end,\n\t\t.arch, .file_extension] | join(\":\")' <<<\"${url_spec}\"\n}\n\nfunction rocky_image_entry_for_image_kernel() {\n\tlocal location=$1 kernel_is_not_supported=$2 overriding=${3:-\"{}\"} url_spec image_entry=''\n\t[[ ${kernel_is_not_supported} == \"null\" ]] || echo \"Updating kernel information is not supported on Rocky Linux\" >&2\n\turl_spec=$(rocky_url_spec_from_location \"${location}\" | jq -r \". + ${overriding}\")\n\tif jq -e '.date_and_ci_job_id' <<<\"${url_spec}\" >/dev/null; then\n\t\timage_entry=$(rocky_latest_image_entry_for_url_spec \"${url_spec}\")\n\telse\n\t\timage_entry=$(\n\t\t\t# shellcheck disable=SC2030\n\t\t\tlocation=$(rocky_location_from_url_spec \"${url_spec}\")\n\t\t\tlocation=$(validate_url_without_redirect \"${location}\")\n\t\t\tarch=$(jq -r '.path_arch' <<<\"${url_spec}\")\n\t\t\tjson_vars location arch\n\t\t)\n\tfi\n\t# shellcheck disable=SC2031\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\tif ! command -v htmlq >/dev/null && ! command -v pup >/dev/null; then\n\t\terror_exit \"Please install 'htmlq' or 'pup' to list images from https://dl.rockylinux.org/pub/rocky//images//\"\n\tfi\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif ! command -v htmlq >/dev/null && ! command -v pup >/dev/null; then\n\t\techo \"Please install 'htmlq' or 'pup' to list images from https://dl.rockylinux.org/pub/rocky//images//\" >&2\n\telif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"rocky\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"rocky\")\n\tfi\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding=\"{}\"\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\trocky_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t--version-major)\n\t\tif [[ -n $2 && $2 != -* ]]; then\n\t\t\toverriding=$(\n\t\t\t\tmajor_version=\"${2%%.*}\"\n\t\t\t\t[[ ${major_version} -ge 8 ]] || error_exit \"Rocky Linux major version must be 8 or later\"\n\t\t\t\t# shellcheck disable=2034\n\t\t\t\tpath_version=\"${major_version}\"\n\t\t\t\tjson_vars path_version major_version <<<\"${overriding}\"\n\t\t\t)\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version-major requires a value\"\n\t\tfi\n\t\t;;\n\t--version-major=*)\n\t\toverriding=$(\n\t\t\tmajor_version=\"${1#*=}\"\n\t\t\tmajor_version=\"${major_version%%.*}\"\n\t\t\t[[ ${major_version} -ge 8 ]] || error_exit \"Rocky Linux major version must be 8 or later\"\n\t\t\t# shellcheck disable=2034\n\t\t\tpath_version=\"${major_version}\"\n\t\t\tjson_vars path_version major_version <<<\"${overriding}\"\n\t\t)\n\t\t;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\n\t[[ -z ${overriding} ]] && overriding=\"{}\"\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\trocky_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\trocky_cache_key_for_image_kernel \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\trocky_image_entry_for_image_kernel \"${location}\" \"${kernel_location}\" \"${overriding}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template-ubuntu.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction ubuntu_print_help() {\n\tcat <|--minimal|--server] [--version ] ...\n\nDescription:\n This script updates the Ubuntu image location in the specified templates.\n If the image location in the template contains a release date in the URL, the script replaces it with the latest available date.\n If no flags are specified, the script uses the flavor and version from the image location basename in the template.\n\n Image location basename format: ubuntu---cloudimg-.img\n\n Released Ubuntu image information is fetched from the following URLs:\n\n Server: https://cloud-images.ubuntu.com/releases/stream/v1/com.ubuntu.cloud:released:download.json\n Minimal: https://cloud-images.ubuntu.com/minimal/releases/stream/v1/com.ubuntu.cloud:released:download.json\n\n The downloaded JSON file will be cached in the Lima cache directory.\n\nExamples:\n Update the Ubuntu image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the Ubuntu image location in ~/.lima/ubuntu/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") ~/.lima/ubuntu/lima.yaml\n $ limactl factory-reset ubuntu\n\n Update the Ubuntu image location to ubuntu-24.04-minimal-cloudimg-.img in ~/.lima/docker/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") --minimal --version 24.04 ~/.lima/docker/lima.yaml\n $ limactl factory-reset docker\n\nFlags:\n --flavor Use the specified flavor image\n --server Shortcut for --flavor server\n --minimal Shortcut for --flavor minimal\n --version Use the specified version\n The version can be an alias: latest, latest_lts, or lts.\n -h, --help Print this help message\nHELP\n}\n\nreadonly -A ubuntu_base_urls=(\n\t[\"minimal\"]=https://cloud-images.ubuntu.com/minimal/releases/\n\t[\"server\"]=https://cloud-images.ubuntu.com/releases/\n\t[\"daily\"]=https://cloud-images.ubuntu.com/daily/\n\t[\"daily:minimal\"]=https://cloud-images.ubuntu.com/daily/server/minimal/daily/\n)\n\n# ubuntu_base_url prints the base URL for the given flavor.\n# e.g.\n# ```console\n# ubuntu_base_url minimal\n# https://cloud-images.ubuntu.com/minimal/releases/\n# ```\nfunction ubuntu_base_url() {\n\t[[ -v ubuntu_base_urls[$1] ]] || error_exit \"Unsupported flavor: $1\"\n\techo \"${ubuntu_base_urls[$1]}\"\n}\n\n# ubuntu_downloaded_json downloads the JSON file for the given flavor and prints the path.\n# e.g.\n# ```console\n# ubuntu_downloaded_json server\n# /Users/user/Library/Caches/lima/download/by-url-sha256/255f982f5bbda07f5377369093e21c506d7240f5ba901479bdadfa205ddafb01/data\n# ```\nfunction ubuntu_downloaded_json() {\n\tlocal flavor=$1 base_url json_url\n\tcase \"${flavor}\" in\n\tdaily*)\n\t\tjson_url=$(ubuntu_base_url \"${flavor}\")streams/v1/com.ubuntu.cloud:daily:download.json\n\t\t;;\n\t*)\n\t\tjson_url=$(ubuntu_base_url \"${flavor}\")streams/v1/com.ubuntu.cloud:released:download.json\n\t\t;;\n\tesac\n\tdownload_to_cache \"${json_url}\"\n}\n# ubuntu_image_url_try_replace_release_with_version tries to replace the release with the version in the URL.\n# If the URL is valid, it prints the URL with the version.\nfunction ubuntu_image_url_try_replace_release_with_version() {\n\tlocal location=$1 release=$2 version=$3 location_using_version\n\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\tlocation_using_version=$(\n\t\tset -e\n\t\tvalidate_url \"${location/\\/${release}\\//\\/${version}\\/}\" 2>/dev/null\n\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t# shellcheck disable=2181\n\tif [[ $? -eq 0 ]]; then\n\t\techo \"${location_using_version}\"\n\telse\n\t\techo \"${location}\"\n\tfi\n\tset -e\n}\n\n# ubuntu_image_url_latest prints the latest image URL and its digest for the given flavor, version, arch, and path suffix.\nfunction ubuntu_image_url_latest() {\n\tlocal flavor=$1 version=$2 arch=$3 path_suffix=$4 base_url ubuntu_downloaded_json jq_filter location_digest_release\n\tbase_url=$(ubuntu_base_url \"${flavor}\")\n\tubuntu_downloaded_json=$(ubuntu_downloaded_json \"${flavor}\")\n\tjq_filter=\"\n [\n .products[\\\"com.ubuntu.cloud:${flavor}:${version}:${arch}\\\"] |\n .release as \\$release |\n .versions[]?.items[] | select(.path | endswith(\\\"${path_suffix}\\\")) |\n [\\\"${base_url}\\\"+.path, \\\"sha256:\\\"+.sha256, \\$release] | @tsv\n ] | last\n \"\n\tlocation_digest_release=$(jq -r \"${jq_filter}\" \"${ubuntu_downloaded_json}\")\n\t[[ ${location_digest_release} != \"null\" ]] ||\n\t\terror_exit \"The URL for ubuntu-${version}-${flavor}-cloudimg-${arch}${path_suffix} is not provided at ${ubuntu_base_urls[${flavor}]}.\"\n\tlocal location digest release location_using_version\n\tread -r location digest release <<<\"${location_digest_release}\"\n\tlocation=$(validate_url \"${location}\")\n\tlocation=$(ubuntu_image_url_try_replace_release_with_version \"${location}\" \"${release}\" \"${version}\")\n\tarch=$(limayaml_arch \"${arch}\")\n\tjson_vars location arch digest\n}\n\n# ubuntu_image_url_release prints the release image URL for the given flavor, version, arch, and path suffix.\nfunction ubuntu_image_url_release() {\n\tlocal flavor=$1 version=$2 arch=$3 path_suffix=$4 base_url ubuntu_downloaded_json\n\tbase_url=$(ubuntu_base_url \"${flavor}\")\n\tubuntu_downloaded_json=$(ubuntu_downloaded_json \"${flavor}\")\n\tlocal jq_filter release location\n\tjq_filter=\"\n\t\t[\n .products | to_entries[] as \\$product_entry |\n \\$product_entry.value| select(.version == \\\"${version}\\\") |\n .release\n\t\t] | first\n \"\n\trelease=$(jq -r \"${jq_filter}\" \"${ubuntu_downloaded_json}\")\n\t[[ ${release} != \"null\" ]] ||\n\t\terror_exit \"The URL for ubuntu-${version}-${flavor}-cloudimg-${arch}${path_suffix} is not provided at ${ubuntu_base_urls[${flavor}]}.\"\n\tlocation=$(validate_url \"${base_url}${release}/release/ubuntu-${version}-${flavor}-cloudimg-${arch}${path_suffix}\")\n\tlocation=$(ubuntu_image_url_try_replace_release_with_version \"${location}\" \"${release}\" \"${version}\")\n\tarch=$(limayaml_arch \"${arch}\")\n\tjson_vars location arch\n}\n\n# ubuntu_image_url_daily prints the daily image URL and its digest for the given flavor, codename, arch, and path suffix.\nfunction ubuntu_image_url_daily() {\n\tlocal flavor=$1 codename=$2 arch=$3 path_suffix=$4 base_url ubuntu_downloaded_json products_flavor jq_filter location_digest_version\n\tbase_url=$(ubuntu_base_url \"${flavor}\")\n\tubuntu_downloaded_json=$(ubuntu_downloaded_json \"${flavor}\")\n\tcase \"${flavor}\" in\n\tdaily:minimal) products_flavor=\"minimal\" ;;\n\t*) products_flavor=\"server\" ;;\n\tesac\n\tjq_filter=\"\n [\n .products | to_entries[] as \\$product_entry |\n \\$product_entry.value| select(.release == \\\"${codename}\\\" and .arch == \\\"${arch}\\\") |\n .version as \\$version |\n .versions[]?.items[] | select(.path | endswith(\\\"${path_suffix}\\\")) |\n [\\\"${base_url}\\\"+.path, \\\"sha256:\\\"+.sha256, \\$version] | @tsv\n ] | last\n \"\n\tlocation_digest_version=$(jq -r \"${jq_filter}\" \"${ubuntu_downloaded_json}\")\n\t[[ ${location_digest_version} != \"null\" ]] ||\n\t\terror_exit \"The URL for ${codename}-${products_flavor}-cloudimg-${arch}${path_suffix} is not provided at ${ubuntu_base_urls[${flavor}]}.\"\n\tlocal location digest version location_using_version\n\tread -r location digest version <<<\"${location_digest_version}\"\n\tlocation=$(validate_url \"${location}\")\n\tlocation=$(ubuntu_image_url_try_replace_release_with_version \"${location}\" \"${codename}\" \"${version}\")\n\tarch=$(limayaml_arch \"${arch}\")\n\tjson_vars location arch digest\n}\n\n# ubuntu_image_url_current prints the daily current image URL for the given flavor, codename, arch, and path suffix.\nfunction ubuntu_image_url_current() {\n\tlocal flavor=$1 codename=$2 arch=$3 path_suffix=$4 base_url ubuntu_downloaded_json path_prefix products_flavor\n\tbase_url=$(ubuntu_base_url \"${flavor}\")\n\tubuntu_downloaded_json=$(ubuntu_downloaded_json \"${flavor}\")\n\tcase \"${flavor}\" in\n\tdaily:minimal)\n\t\tpath_prefix=\"\"\n\t\tproducts_flavor=\"minimal\"\n\t\t;;\n\t*)\n\t\tpath_prefix=\"server/\"\n\t\tproducts_flavor=\"server\"\n\t\t;;\n\tesac\n\tlocal jq_filter version location\n\tjq_filter=\"\n\t\t[\n .products | to_entries[] as \\$product_entry |\n \\$product_entry.value| select(.release == \\\"${codename}\\\" and .arch == \\\"${arch}\\\") |\n .version\n\t\t] | first\n \"\n\tversion=$(jq -r \"${jq_filter}\" \"${ubuntu_downloaded_json}\")\n\t[[ ${version} != \"null\" ]] ||\n\t\terror_exit \"The URL for ubuntu-${version}-${products_flavor}-cloudimg-${arch}${path_suffix} is not provided at ${ubuntu_base_urls[${flavor}]}.\"\n\tlocation=$(validate_url \"${base_url}${path_prefix}${codename}/current/${codename}-${products_flavor}-cloudimg-${arch}${path_suffix}\")\n\tlocation=$(ubuntu_image_url_try_replace_release_with_version \"${location}\" \"${codename}\" \"${version}\")\n\tarch=$(limayaml_arch \"${arch}\")\n\tjson_vars location arch\n}\n\nfunction ubuntu_file_info() {\n\tlocal location=$1 location_dirname sha256sums location_basename digest\n\tlocation=$(validate_url \"${location}\")\n\tlocation_dirname=$(dirname \"${location}\")\n\tsha256sums=$(download_to_cache \"${location_dirname}/SHA256SUMS\")\n\tlocation_basename=$(basename \"${location}\")\n\t# shellcheck disable=SC2034\n\tdigest=${location+$(awk \"/${location_basename}/{print \\\"sha256:\\\"\\$1}\" \"${sha256sums}\")}\n\tjson_vars location digest\n}\n\n# ubuntu_image_entry_with_kernel_info prints image entry with kernel and initrd info.\n# $1: image_entry\n# e.g.\n# ```console\n# ubuntu_image_entry_with_kernel_info '{\"location\":\"https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img\"}'\n# {\"location\":\"https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img\",\"kernel\":{\"location\":\"https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-vmlinuz-generic\",\"digest\":\"sha256:...\"}}\n# ```\n# shellcheck disable=SC2034\nfunction ubuntu_image_entry_with_kernel_info() {\n\tlocal image_entry=$1 location\n\tlocation=$(jq -e -r '.location' <<<\"${image_entry}\")\n\tlocal location_dirname location_basename location_prefix\n\tlocation_dirname=$(dirname \"${location}\")/unpacked\n\tlocation_basename=$(basename \"${location}\")\n\tcase \"${location_basename}\" in\n\tubuntu*) location_prefix=\"${location_dirname}/$(echo \"${location_basename}\" | cut -d- -f1-5 | cut -d. -f1-2)\" ;;\n\t*) location_prefix=\"${location_dirname}/$(echo \"${location_basename}\" | cut -d- -f1-4 | cut -d. -f1)\" ;;\n\tesac\n\n\tlocal kernel initrd\n\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\tkernel=$(\n\t\tset -e\n\t\tubuntu_file_info \"${location_prefix}-vmlinuz-generic\"\n\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t# shellcheck disable=2181\n\t[[ $? -eq 0 ]] || error_exit \"kernel image not found at ${location_prefix}-vmlinuz-generic\"\n\tinitrd=$(\n\t\tset -e\n\t\tubuntu_file_info \"${location_prefix}-initrd-generic\" 2>/dev/null\n\t) # may not exist\n\tset -e\n\tjson_vars kernel initrd <<<\"${image_entry}\"\n}\n\nfunction ubuntu_flavor_from_location_basename() {\n\tlocal location=$1 location_basename flavor\n\tlocation_basename=$(basename \"${location}\")\n\tcase \"${location_basename}\" in\n\tubuntu*) flavor=$(echo \"${location_basename}\" | cut -d- -f3) ;;\n\t*)\n\t\tflavor=$(echo \"${location_basename}\" | cut -d- -f2)\n\t\tcase \"${flavor}\" in\n\t\tminimal) flavor=\"daily:minimal\" ;;\n\t\t*) flavor=\"daily\" ;;\n\t\tesac\n\t\t;;\n\tesac\n\t[[ -n ${flavor} ]] || error_exit \"Failed to get flavor from ${location}\"\n\techo \"${flavor}\"\n}\n\n# ubuntu_version_from_location_basename prints the version from the location basename.\n# On daily images, it prints the codename.\nfunction ubuntu_version_from_location_basename() {\n\tlocal location=$1 location_basename version\n\tlocation_basename=$(basename \"${location}\")\n\tcase \"${location_basename}\" in\n\tubuntu*) version=$(echo \"${location_basename}\" | cut -d- -f2) ;;\n\t*) version=$(echo \"${location_basename}\" | cut -d- -f1) ;;\n\tesac\n\t[[ -n ${version} ]] || error_exit \"Failed to get version from ${location}\"\n\techo \"${version}\"\n}\n\n# ubuntu_version_latest_lts prints the latest LTS version for the given flavor.\n# e.g.\n# ```console\n# ubuntu_version_latest_lts minimal\n# 24.04\n# ```\nfunction ubuntu_version_latest_lts() {\n\tlocal flavor=${1:-server}\n\tubuntu_downloaded_json=$(ubuntu_downloaded_json \"${flavor}\")\n\tjq -e -r '[.products[]|.version|select(endswith(\".04\"))]|last // empty' \"${ubuntu_downloaded_json}\"\n}\n\n# ubuntu_version_latest prints the latest version for the given flavor.\n# e.g.\n# ```console\n# ubuntu_version_latest minimal\n# 24.10\n# ```\nfunction ubuntu_version_latest() {\n\tlocal flavor=${1:-server}\n\tubuntu_downloaded_json=$(ubuntu_downloaded_json \"${flavor}\")\n\tjq -e -r '[.products[]|.version]|last // empty' \"${ubuntu_downloaded_json}\"\n}\n\n# ubuntu_version_resolve_aliases resolves the version aliases.\n# e.g.\n# ```console\n# ubuntu_version_resolve_aliases https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img minimal latest\n# 24.10\n# ubuntu_version_resolve_aliases https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img minimal latest_lts\n# 24.04\n# ubuntu_version_resolve_aliases https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img\n#\n# ```\nfunction ubuntu_version_resolve_aliases() {\n\tlocal location=$1 flavor version\n\tflavor=${2:-$(ubuntu_flavor_from_location_basename \"${location}\")}\n\tversion=${3:-}\n\tcase \"${version}\" in\n\tlatest_lts | lts) ubuntu_version_latest_lts \"${flavor}\" ;;\n\tlatest) ubuntu_version_latest \"${flavor}\" ;;\n\t*) echo \"${version}\" ;;\n\tesac\n}\n\nfunction ubuntu_arch_from_location_basename() {\n\tlocal location=$1 location_basename arch\n\tlocation_basename=$(basename \"${location}\")\n\tcase \"${location_basename}\" in\n\tubuntu*) arch=$(echo \"${location_basename}\" | cut -d- -f5 | cut -d. -f1) ;;\n\t*) arch=$(echo \"${location_basename}\" | cut -d- -f4 | cut -d. -f1) ;;\n\tesac\n\t[[ -n ${arch} ]] || error_exit \"Failed to get arch from ${location}\"\n\techo \"${arch}\"\n}\n\nfunction ubuntu_path_suffix_from_location_basename() {\n\tlocal location=$1 arch path_suffix\n\tarch=$(ubuntu_arch_from_location_basename \"${location}\")\n\tpath_suffix=\"${location##*\"${arch}\"}\"\n\t[[ -n ${path_suffix} ]] || error_exit \"Failed to get path suffix from ${location}\"\n\techo \"${path_suffix}\"\n}\n\n# ubuntu_location_url_spec prints the URL spec for the given location.\n# If the location is not supported, it returns 1.\n# e.g.\n# ```console\n# ubuntu_location_url_spec https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img\n# latest\n# ubuntu_location_url_spec https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img\n# release\n# ```\nfunction ubuntu_location_url_spec() {\n\tlocal location=$1 url_spec\n\tcase \"${location}\" in\n\thttps://cloud-images.ubuntu.com/minimal/releases/*/release/*) url_spec=release ;;\n\thttps://cloud-images.ubuntu.com/minimal/releases/*/release-*/*) url_spec=latest ;;\n\thttps://cloud-images.ubuntu.com/releases/*/release/*) url_spec=release ;;\n\thttps://cloud-images.ubuntu.com/releases/*/release-*/*) url_spec=latest ;;\n\thttps://cloud-images.ubuntu.com/daily/server/minimal/daily/*/current/*) url_spec=current ;;\n\thttps://cloud-images.ubuntu.com/daily/server/minimal/daily/*/*/*) url_spec=daily ;;\n\thttps://cloud-images.ubuntu.com/daily/server/*/current/*) url_spec=current ;;\n\thttps://cloud-images.ubuntu.com/daily/server/*/*/*) url_spec=daily ;;\n\t*)\n\t\t# echo \"Unsupported image location: ${location}\" >&2\n\t\treturn 1\n\t\t;;\n\tesac\n\techo \"${url_spec}\"\n}\n\n# ubuntu_cache_key_for_image_kernel_flavor_version prints the cache key for the given location, kernel_location, flavor, and version.\n# If the image location is not supported, it returns 1.\n# kernel_location is not validated.\n# e.g.\n# ```console\n# ubuntu_cache_key_for_image_kernel_flavor_version https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img\n# ubuntu_latest_24.04-minimal-amd64-release-.img\n# ubuntu_cache_key_for_image_kernel_flavor_version https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img https://...\n# ubuntu_latest_with_kernel_24.04-minimal-amd64-release-.img\n# ubuntu_cache_key_for_image_kernel_flavor_version https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img null\n# ubuntu_release_24.04-server-amd64-.img\n# ```\nfunction ubuntu_cache_key_for_image_kernel_flavor_version() {\n\tlocal location=$1 kernel_location=${2:-null} url_spec with_kernel='' flavor version arch path_suffix\n\turl_spec=$(ubuntu_location_url_spec \"${location}\")\n\t[[ ${kernel_location} != \"null\" ]] && with_kernel=_with_kernel\n\tflavor=$(ubuntu_flavor_from_location_basename \"${location}\")\n\tversion=$(ubuntu_version_from_location_basename \"${location}\")\n\tarch=$(ubuntu_arch_from_location_basename \"${location}\")\n\tpath_suffix=$(ubuntu_path_suffix_from_location_basename \"${location}\")\n\techo \"ubuntu_${url_spec}${with_kernel}_${version}-${flavor}-${arch}-${path_suffix}\"\n}\n\nfunction ubuntu_image_entry_for_image_kernel_flavor_version() {\n\tlocal location=$1 kernel_location=$2 url_spec\n\turl_spec=$(ubuntu_location_url_spec \"${location}\")\n\n\tlocal flavor version arch path_suffix\n\tflavor=${3:-$(ubuntu_flavor_from_location_basename \"${location}\")}\n\tversion=${4:-$(ubuntu_version_from_location_basename \"${location}\")}\n\tarch=$(ubuntu_arch_from_location_basename \"${location}\")\n\tpath_suffix=$(ubuntu_path_suffix_from_location_basename \"${location}\")\n\n\tlocal image_entry\n\timage_entry=$(ubuntu_image_url_\"${url_spec}\" \"${flavor}\" \"${version}\" \"${arch}\" \"${path_suffix}\")\n\tif [[ -z ${image_entry} ]]; then\n\t\terror_exit \"Failed to get the ${url_spec} image location for ${location}\"\n\telif jq -e \".location == \\\"${location}\\\"\" <<<\"${image_entry}\" >/dev/null; then\n\t\techo \"Image location is up-to-date: ${location}\" >&2\n\telif [[ ${kernel_location} != \"null\" ]]; then\n\t\tubuntu_image_entry_with_kernel_info \"${image_entry}\"\n\telse\n\t\techo \"${image_entry}\"\n\tfi\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\t# shellcheck source=/dev/null # avoid shellcheck hangs on source looping\n\t. \"${scriptdir}/update-template.sh\"\nelse\n\t# this script is sourced\n\tif [[ -v SUPPORTED_DISTRIBUTIONS ]]; then\n\t\tSUPPORTED_DISTRIBUTIONS+=(\"ubuntu\")\n\telse\n\t\tdeclare -a SUPPORTED_DISTRIBUTIONS=(\"ubuntu\")\n\tfi\n\t# required functions for Ubuntu\n\tfunction ubuntu_cache_key_for_image_kernel() { ubuntu_cache_key_for_image_kernel_flavor_version \"$@\"; }\n\tfunction ubuntu_image_entry_for_image_kernel() { ubuntu_image_entry_for_image_kernel_flavor_version \"$@\"; }\n\n\treturn 0\nfi\n\ndeclare -a templates=()\ndeclare overriding_flavor=\ndeclare overriding_version=\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\tubuntu_print_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t--flavor)\n\t\tif [[ -n $2 && $2 != -* ]]; then\n\t\t\toverriding_flavor=\"$2\"\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--flavor requires a value\"\n\t\tfi\n\t\t;;\n\t--flavor=*) overriding_flavor=\"${1#*=}\" ;;\n\t--minimal) overriding_flavor=\"minimal\" ;;\n\t--server) overriding_flavor=\"server\" ;;\n\t--version)\n\t\tif [[ -n $2 && $2 != -* ]]; then\n\t\t\toverriding_version=\"$2\"\n\t\t\tshift\n\t\telse\n\t\t\terror_exit \"--version requires a value\"\n\t\tfi\n\t\t;;\n\t--version=*) overriding_version=\"${1#*=}\" ;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\tubuntu_print_help\n\texit 0\nfi\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\toverriding_version=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tubuntu_version_resolve_aliases \"${location}\" \"${overriding_flavor}\" \"${overriding_version}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tcache_key=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tubuntu_cache_key_for_image_kernel_flavor_version \"${location}\" \"${kernel_location}\"\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\timage_entry=$(\n\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\telse\n\t\t\t\tubuntu_image_entry_for_image_kernel_flavor_version \"${location}\" \"${kernel_location}\" \"${overriding_flavor}\" \"${overriding_version}\"\n\t\t\tfi\n\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t# shellcheck disable=2181\n\t\t[[ $? -eq 0 ]] || continue\n\t\tset -e\n\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\techo \"${image_entry}\" | jq\n\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\" \"${template}\"\n\t\tfi\n\tdone\ndone\n" }, { "path": "hack/update-template.sh", "content": "#!/usr/bin/env bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu -o pipefail\n\n# Functions in this script assume error handling with 'set -e'.\n# To ensure 'set -e' works correctly:\n# - Use 'set +e' before assignments and '$(set -e; )' to capture output without exiting on errors.\n# - Avoid calling functions directly in conditions to prevent disabling 'set -e'.\n# - Use 'shopt -s inherit_errexit' (Bash 4.4+) to avoid repeated 'set -e' in all '$(...)'.\nshopt -s inherit_errexit || error_exit \"inherit_errexit not supported. Please use bash 4.4 or later.\"\n\nfunction print_help() {\n\tcat <...\n\nDescription:\n This script updates the image location in the specified templates.\n If the image location in the template contains a release date in the URL, the script replaces it with the latest available date.\n\nExamples:\n Update the Ubuntu image location in templates/**.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") templates/**.yaml\n\n Update the Ubuntu image location in ~/.lima/ubuntu/lima.yaml:\n $ $(basename \"${BASH_SOURCE[0]}\") ~/.lima/ubuntu/lima.yaml\n $ limactl factory-reset ubuntu\n\nFlags:\n -h, --help Print this help message\nHELP\n}\n\n# json prints the JSON object with the given arguments.\n# json [key value ...]\n# if the value is empty, both key and value are omitted.\n# e.g.\n# ```console\n# json location https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img arch amd64 digest sha256:...\n# {\"location\":\"https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img\",\"arch\":\"amd64\",\"digest\":\"sha256:...\"}\n# ```\nfunction json() {\n\tlocal args=() pattern='^(\\[.*\\]|\\{.*\\}|true|false|[0-9]+)$' value\n\t[[ ! -p /dev/stdin ]] && args+=(--null-input)\n\twhile [[ $# -gt 0 ]]; do\n\t\tvalue=\"${2-}\"\n\t\tif [[ ${value} =~ ${pattern} ]]; then\n\t\t\targs+=(--argjson \"${1}\" \"${value}\")\n\t\telif [[ -n ${value} ]]; then\n\t\t\targs+=(--arg \"${1}\" \"${value}\")\n\t\tfi # omit empty values\n\t\tshift\n\t\tshift # shift 2 does not work when $# is 1\n\tdone\n\tjq -c \"${args[@]}\" '. + $ARGS.named | if . == {} then empty else . end'\n}\n\n# json_vars prints the JSON object with the given variable names.\n# e.g.\n# ```console\n# location=https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img\n# arch=amd64\n# digest=sha256:...\n# json_vars location arch digest\n# {\"location\":\"https://cloud-images.ubuntu.com/minimal/releases/24.04/release-20210914/ubuntu-24.04-minimal-cloudimg-amd64.img\",\"arch\":\"amd64\",\"digest\":\"sha256:...\"}\n# ```\nfunction json_vars() {\n\tlocal args=() var\n\tfor var in \"$@\"; do\n\t\t[[ -v ${var} ]] || error_exit \"${var} is not set\"\n\t\targs+=(\"${var}\" \"${!var}\")\n\tdone\n\tjson \"${args[@]}\"\n}\n\n# limayaml_arch prints the arch in the lima.yaml format\nfunction limayaml_arch() {\n\tlocal arch=$1\n\tarch=${arch/amd64/x86_64}\n\tarch=${arch/arm64/aarch64}\n\tarch=${arch/armhf/armv7l}\n\tarch=${arch/ppc64el/ppc64le}\n\techo \"${arch}\"\n}\n\nfunction validate_boolean() {\n\tlocal value=$1\n\tcase \"${value}\" in\n\t'') ;;\n\ttrue | 1) echo true ;;\n\tfalse | 0) echo false ;;\n\t*) error_exit \"Invalid boolean value: ${value}\" ;;\n\tesac\n}\n\n# validate_url checks if the URL is valid and prints the location if it is.\n# If the URL is redirected, it prints the redirected location.\n# e.g.\n# ```console\n# validate_url https://cloud-images.ubuntu.com/server/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img\n# https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img\n# ```\nfunction validate_url() {\n\tlocal url=$1\n\tcode_location=$(curl -sSL -o /dev/null -I -w \"%{http_code}\\t%{url_effective}\" \"${url}\")\n\tread -r code location <<<\"${code_location}\"\n\t[[ ${code} -eq 200 ]] || error_exit \"[${code}]: The image is not available for download from ${location}\"\n\techo \"${location}\"\n}\n\n# validate_url_without_redirect checks if the URL is valid and prints the location if it is.\n# If the URL is redirected, it prints the URL before the redirection.\n# e.g.\n# ```console\n# validate_url_without_redirect https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-arm64.qcow2\n# https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-arm64.qcow2\n# ```\n# cloud.debian.org may be redirected to other domains(e.g. chuangtzu.ftp.acc.umu.se), but we want to use the original URL.\nfunction validate_url_without_redirect() {\n\tlocal url=$1 location\n\tlocation=$(validate_url \"${url}\")\n\t[[ -n ${location} ]] || error_exit \"The image is not available for download from ${url}\"\n\techo \"${url}\"\n}\n\n# check if the script is executed or sourced\n# shellcheck disable=SC1091\nif [[ ${BASH_SOURCE[0]} == \"${0}\" ]]; then\n\tscriptdir=$(dirname \"${BASH_SOURCE[0]}\")\n\t# shellcheck source=./cache-common-inc.sh\n\t. \"${scriptdir}/cache-common-inc.sh\"\n\n\t# Scripts for each distribution are expected to:\n\t# - Add their identifier to the SUPPORTED_DISTRIBUTIONS array.\n\t# - Register the following functions:\n\t# - ${distribution}_cache_key_for_image_kernel\n\t# - Arguments: location, kernel_location\n\t# - Returns: cache_key (string)\n\t# - Exits with an error if the image location is not supported.\n\t# - ${distribution}_image_entry_for_image_kernel\n\t# - Arguments: location, kernel_location\n\t# - Returns: image_entry (JSON object)\n\t#\t - Exits with an error if the image location is not supported.\n\tdeclare -a SUPPORTED_DISTRIBUTIONS=()\n\n\t# shellcheck source=./update-template-ubuntu.sh\n\t. \"${scriptdir}/update-template-ubuntu.sh\"\n\t# shellcheck source=./update-template-debian.sh\n\t. \"${scriptdir}/update-template-debian.sh\"\n\t# shellcheck source=./update-template-archlinux.sh\n\t. \"${scriptdir}/update-template-archlinux.sh\"\n\t# shellcheck source=./update-template-centos-stream.sh\n\t. \"${scriptdir}/update-template-centos-stream.sh\"\n\t# shellcheck source=./update-template-almalinux.sh\n\t. \"${scriptdir}/update-template-almalinux.sh\"\n\t# shellcheck source=./update-template-almalinux-kitten.sh\n\t. \"${scriptdir}/update-template-almalinux-kitten.sh\"\n\t# shellcheck source=./update-template-rocky.sh\n\t. \"${scriptdir}/update-template-rocky.sh\"\n\t# shellcheck source=./update-template-alpine.sh\n\t. \"${scriptdir}/update-template-alpine.sh\"\n\t# shellcheck source=./update-template-oraclelinux.sh\n\t. \"${scriptdir}/update-template-oraclelinux.sh\"\n\t# shellcheck source=./update-template-fedora.sh\n\t. \"${scriptdir}/update-template-fedora.sh\"\n\t# shellcheck source=./update-template-opensuse.sh\n\t. \"${scriptdir}/update-template-opensuse.sh\"\n\t# shellcheck source=./update-template-freebsd.sh\n\t. \"${scriptdir}/update-template-freebsd.sh\"\n\t# shellcheck source=./update-template-macos.sh\n\t. \"${scriptdir}/update-template-macos.sh\"\nelse\n\t# this script is sourced\n\treturn 0\nfi\n\ndeclare -a templates=()\nwhile [[ $# -gt 0 ]]; do\n\tcase \"$1\" in\n\t-h | --help)\n\t\tprint_help\n\t\texit 0\n\t\t;;\n\t-d | --debug) set -x ;;\n\t*.yaml) templates+=(\"$1\") ;;\n\t*)\n\t\terror_exit \"Unknown argument: $1\"\n\t\t;;\n\tesac\n\tshift\ndone\n\nif [[ ${#templates[@]} -eq 0 ]]; then\n\tprint_help\n\texit 0\nfi\n\ndeclare -a distributions=()\n# Check if the distribution has the required functions\nfor distribution in \"${SUPPORTED_DISTRIBUTIONS[@]}\"; do\n\tif declare -f \"${distribution}_cache_key_for_image_kernel\" >/dev/null &&\n\t\tdeclare -f \"${distribution}_image_entry_for_image_kernel\" >/dev/null; then\n\t\tdistributions+=(\"${distribution}\")\n\tfi\ndone\n[[ ${#distributions[@]} -gt 0 ]] || error_exit \"No supported distributions found\"\n\ndeclare -A image_entry_cache=()\n\nfor template in \"${templates[@]}\"; do\n\techo \"Processing ${template}\"\n\t# 1. extract location by parsing template using arch\n\tyq_filter=\"\n\t\t.images[] | [.location, .kernel.location, .kernel.cmdline] | @tsv\n\t\"\n\tparsed=$(yq eval \"${yq_filter}\" \"${template}\")\n\n\t# 3. get the image location\n\tarr=()\n\twhile IFS= read -r line; do arr+=(\"${line}\"); done <<<\"${parsed}\"\n\tlocations=(\"${arr[@]}\")\n\tfor ((index = 0; index < ${#locations[@]}; index++)); do\n\t\t[[ ${locations[index]} != \"null\" ]] || continue\n\t\tset -e\n\t\tIFS=$'\\t' read -r location kernel_location kernel_cmdline <<<\"${locations[index]}\"\n\t\tfor distribution in \"${distributions[@]}\"; do\n\t\t\tset +e # Disable 'set -e' to avoid exiting on error for the next assignment.\n\t\t\tcache_key=$(\n\t\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\t\t\"${distribution}_cache_key_for_image_kernel\" \"${location}\" \"${kernel_location}\"\n\t\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t\t# shellcheck disable=2181\n\t\t\t[[ $? -eq 0 ]] || continue\n\t\t\timage_entry=$(\n\t\t\t\tset -e # Enable 'set -e' for the next command.\n\t\t\t\tif [[ -v image_entry_cache[${cache_key}] ]]; then\n\t\t\t\t\techo \"${image_entry_cache[${cache_key}]}\"\n\t\t\t\telse\n\t\t\t\t\t\"${distribution}_image_entry_for_image_kernel\" \"${location}\" \"${kernel_location}\"\n\t\t\t\tfi\n\t\t\t) # Check exit status separately to prevent disabling 'set -e' by using the function call in the condition.\n\t\t\t# shellcheck disable=2181\n\t\t\t[[ $? -eq 0 ]] || continue\n\t\t\tset -e\n\t\t\timage_entry_cache[${cache_key}]=\"${image_entry}\"\n\t\t\tif [[ -n ${image_entry} ]]; then\n\t\t\t\t[[ ${kernel_cmdline} != \"null\" ]] &&\n\t\t\t\t\tjq -e 'has(\"kernel\")' <<<\"${image_entry}\" >/dev/null &&\n\t\t\t\t\timage_entry=$(jq \".kernel.cmdline = \\\"${kernel_cmdline}\\\"\" <<<\"${image_entry}\")\n\t\t\t\techo \"${image_entry}\" | jq\n\t\t\t\tlimactl edit --log-level error --set \"\n\t\t\t\t\t.images[${index}] = ${image_entry}|\n\t\t\t\t\t(.images[${index}] | ..) style = \\\"double\\\"\n\t\t\t\t\" \"${template}\"\n\t\t\tfi\n\t\tdone\n\tdone\ndone\n" }, { "path": "hack/validate-artifact.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n#\n# This script validates that lima--Darwin-arm64.tar.gz\n# contains lima-guestagent.Linux-aarch64\n# but does not contain share/lima/lima-guestagent.Linux-x86_64\n\nset -eu -o pipefail\n\nmust_contain() {\n\ttmp=\"$(mktemp)\"\n\ttar tzf \"$1\" >\"$tmp\"\n\tif ! grep -q \"$2\" \"$tmp\"; then\n\t\techo >&2 \"ERROR: $1 must contain $2\"\n\t\tcat \"$tmp\"\n\t\trm -f \"$tmp\"\n\t\texit 1\n\tfi\n\trm -f \"$tmp\"\n}\n\nmust_not_contain() {\n\ttmp=\"$(mktemp)\"\n\ttar tzf \"$1\" >\"$tmp\"\n\tif grep -q \"$2\" \"$tmp\"; then\n\t\techo >&2 \"ERROR: $1 must not contain $2\"\n\t\tcat \"$tmp\"\n\t\trm -f \"$tmp\"\n\t\texit 1\n\tfi\n\trm -f \"$tmp\"\n}\n\nvalidate_artifact() {\n\tFILE=\"$1\"\n\tMYARCH=\"x86_64\"\n\tOTHERARCH=\"aarch64\"\n\tif [[ $FILE == *\"aarch64\"* || $FILE == *\"arm64\"* ]]; then\n\t\tMYARCH=\"aarch64\"\n\t\tOTHERARCH=\"x86_64\"\n\tfi\n\tif [[ $FILE == *\"go-mod-vendor.tar.gz\" ]]; then\n\t\t: NOP\n\telif [[ $FILE == *\"lima-additional-guestagents\"*\".tar.gz\" ]]; then\n\t\tmust_not_contain \"$FILE\" \"lima-guestagent.Linux-$MYARCH\"\n\t\tmust_contain \"$FILE\" \"lima-guestagent.Linux-$OTHERARCH\"\n\telif [[ $FILE == *\"lima-\"*\".tar.gz\" ]]; then\n\t\tmust_not_contain \"$FILE\" \"lima-guestagent.Linux-$OTHERARCH\"\n\t\tmust_contain \"$FILE\" \"lima-guestagent.Linux-$MYARCH\"\n\telse\n\t\techo >&2 \"ERROR: Unexpected file: $FILE\"\n\t\texit 1\n\tfi\n}\n\nfor FILE in \"$@\"; do\n\tvalidate_artifact \"$FILE\"\ndone\n" }, { "path": "pkg/apfs/chown.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage apfs\n\nimport (\n\t\"encoding/binary\"\n\t\"errors\"\n\t\"fmt\"\n\t\"hash/crc32\"\n\t\"os\"\n\t\"strings\"\n)\n\nvar le = binary.LittleEndian\n\n// Chown sets the owner and group of files on an unmounted APFS disk image.\n// volumeRole selects the target volume (e.g., VolRoleData).\n// Paths are relative to the volume root (e.g., \"Library/LaunchDaemons/foo.plist\").\nfunc Chown(diskPath string, volumeRole uint16, uid, gid uint32, paths ...string) error {\n\tc, err := openContainer(diskPath)\n\tif err != nil {\n\t\treturn err\n\t}\n\tdefer c.close()\n\n\tvol, err := c.findVolume(volumeRole)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tfsRootPhys, err := c.omapLookup(vol.omapTreeAddr, vol.rootTreeOID, vol.latestXID)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"resolving filesystem root tree OID %d: %w\", vol.rootTreeOID, err)\n\t}\n\n\tfor _, path := range paths {\n\t\tinodeNum, err := c.resolvePath(fsRootPhys, vol.omapTreeAddr, vol.latestXID, path)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"resolving path %q: %w\", path, err)\n\t\t}\n\t\tif err := c.chownInode(fsRootPhys, vol.omapTreeAddr, vol.latestXID, inodeNum, uid, gid); err != nil {\n\t\t\treturn fmt.Errorf(\"chown inode %d (%q): %w\", inodeNum, path, err)\n\t\t}\n\t}\n\treturn nil\n}\n\n// container holds the open disk image file, the byte offset where\n// the APFS container starts (nonzero for GPT-partitioned disks),\n// and the APFS block size.\ntype container struct {\n\tf *os.File\n\tbaseOffset int64 // byte offset of APFS container within file\n\tblockSize uint32\n}\n\n// volumeInfo holds resolved volume information.\ntype volumeInfo struct {\n\tomapTreeAddr uint64 // physical address of volume omap B-tree root\n\trootTreeOID uint64 // virtual OID of filesystem B-tree root\n\tlatestXID uint64 // transaction ID of the volume superblock\n}\n\nfunc openContainer(path string) (*container, error) {\n\tf, err := os.OpenFile(path, os.O_RDWR, 0)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"open disk: %w\", err)\n\t}\n\tc := &container{f: f}\n\n\thdr := make([]byte, 4096) // minimum APFS block size\n\tif _, err := f.ReadAt(hdr, 0); err != nil {\n\t\tf.Close()\n\t\treturn nil, fmt.Errorf(\"read block 0: %w\", err)\n\t}\n\n\tif le.Uint32(hdr[nxMagicOff:]) == nxMagic {\n\t\t// Raw APFS container (no partition table).\n\t\tc.blockSize = le.Uint32(hdr[nxBlockSizeOff:])\n\t} else {\n\t\t// Look for a GPT partition table and find the APFS partition.\n\t\toffset, err := findAPFSPartitionGPT(f)\n\t\tif err != nil {\n\t\t\tf.Close()\n\t\t\treturn nil, fmt.Errorf(\"finding APFS partition: %w\", err)\n\t\t}\n\t\tc.baseOffset = offset\n\t\tif _, err := f.ReadAt(hdr, offset); err != nil {\n\t\t\tf.Close()\n\t\t\treturn nil, fmt.Errorf(\"read APFS superblock at offset %d: %w\", offset, err)\n\t\t}\n\t\tif le.Uint32(hdr[nxMagicOff:]) != nxMagic {\n\t\t\tf.Close()\n\t\t\treturn nil, fmt.Errorf(\"APFS partition at offset %d has bad magic\", offset)\n\t\t}\n\t\tc.blockSize = le.Uint32(hdr[nxBlockSizeOff:])\n\t}\n\n\tif c.blockSize < 4096 {\n\t\tf.Close()\n\t\treturn nil, fmt.Errorf(\"invalid block size %d\", c.blockSize)\n\t}\n\treturn c, nil\n}\n\n// GPT constants.\nconst (\n\tgptHeaderSignature = \"EFI PART\"\n\tgptLBASectorSize = 512\n)\n\n// apfsPartTypeGUID is the APFS Container partition type GUID as stored\n// on disk (mixed-endian encoding per GPT spec).\n// 7C3457EF-0000-11AA-AA11-00306543ECAC.\nvar apfsPartTypeGUID = [16]byte{\n\t0xEF, 0x57, 0x34, 0x7C, // time_low (LE)\n\t0x00, 0x00, // time_mid (LE)\n\t0xAA, 0x11, // time_hi_and_version (LE)\n\t0xAA, 0x11, // clock_seq\n\t0x00, 0x30, 0x65, 0x43, 0xEC, 0xAC, // node\n}\n\n// findAPFSPartitionGPT reads a GPT partition table and returns the\n// byte offset of the first APFS Container partition.\nfunc findAPFSPartitionGPT(f *os.File) (int64, error) {\n\t// Read GPT header at LBA 1.\n\tgptHdr := make([]byte, gptLBASectorSize)\n\tif _, err := f.ReadAt(gptHdr, gptLBASectorSize); err != nil {\n\t\treturn 0, fmt.Errorf(\"reading GPT header: %w\", err)\n\t}\n\tif string(gptHdr[0:8]) != gptHeaderSignature {\n\t\treturn 0, fmt.Errorf(\"no GPT header found (expected %q)\", gptHeaderSignature)\n\t}\n\n\tpartEntryLBA := le.Uint64(gptHdr[72:])\n\tnumEntries := le.Uint32(gptHdr[80:])\n\tentrySize := le.Uint32(gptHdr[84:])\n\n\tentryBuf := make([]byte, entrySize)\n\tfor i := range numEntries {\n\t\toff := int64(partEntryLBA)*gptLBASectorSize + int64(i)*int64(entrySize)\n\t\tif _, err := f.ReadAt(entryBuf, off); err != nil {\n\t\t\treturn 0, fmt.Errorf(\"reading GPT entry %d: %w\", i, err)\n\t\t}\n\n\t\tvar typeGUID [16]byte\n\t\tcopy(typeGUID[:], entryBuf[0:16])\n\t\tif typeGUID == apfsPartTypeGUID {\n\t\t\tfirstLBA := le.Uint64(entryBuf[32:])\n\t\t\treturn int64(firstLBA) * gptLBASectorSize, nil\n\t\t}\n\n\t\t// Stop at empty entries.\n\t\tallZero := true\n\t\tfor _, b := range typeGUID {\n\t\t\tif b != 0 {\n\t\t\t\tallZero = false\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\t\tif allZero {\n\t\t\tbreak\n\t\t}\n\t}\n\treturn 0, errors.New(\"no APFS partition found in GPT\")\n}\n\nfunc (c *container) close() {\n\tc.f.Close()\n}\n\nfunc (c *container) readBlock(addr uint64) ([]byte, error) {\n\tbuf := make([]byte, c.blockSize)\n\t_, err := c.f.ReadAt(buf, c.baseOffset+int64(addr)*int64(c.blockSize))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"read block %d: %w\", addr, err)\n\t}\n\treturn buf, nil\n}\n\nfunc (c *container) writeBlock(addr uint64, data []byte) error {\n\t_, err := c.f.WriteAt(data, c.baseOffset+int64(addr)*int64(c.blockSize))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"write block %d: %w\", addr, err)\n\t}\n\treturn nil\n}\n\n// latestSuperblock scans the checkpoint descriptor area for the\n// superblock with the highest valid transaction ID.\nfunc (c *container) latestSuperblock() ([]byte, error) {\n\t// Read block 0 at full block size to get checkpoint descriptor area info.\n\tblock0, err := c.readBlock(0)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tif err := verifyChecksum(block0); err != nil {\n\t\treturn nil, fmt.Errorf(\"block 0 checksum: %w\", err)\n\t}\n\n\tdescBase := le.Uint64(block0[nxXPDescBaseOff:])\n\tdescBlocks := le.Uint32(block0[nxXPDescBlocksOff:]) & nxXPDescBlocksMask\n\n\tvar bestBlock []byte\n\tvar bestXID uint64\n\n\tfor i := range descBlocks {\n\t\tblk, err := c.readBlock(descBase + uint64(i))\n\t\tif err != nil {\n\t\t\tcontinue\n\t\t}\n\t\tif verifyChecksum(blk) != nil {\n\t\t\tcontinue\n\t\t}\n\t\toType := le.Uint32(blk[objTypeOff:]) & objTypeMask\n\t\tif oType != objectTypeNXSuperblock {\n\t\t\tcontinue\n\t\t}\n\t\tif le.Uint32(blk[nxMagicOff:]) != nxMagic {\n\t\t\tcontinue\n\t\t}\n\t\txid := le.Uint64(blk[objXIDOff:])\n\t\tif xid > bestXID {\n\t\t\tbestXID = xid\n\t\t\tbestBlock = blk\n\t\t}\n\t}\n\tif bestBlock == nil {\n\t\treturn nil, errors.New(\"no valid container superblock found in checkpoint area\")\n\t}\n\treturn bestBlock, nil\n}\n\n// findVolume locates the volume with the given role.\nfunc (c *container) findVolume(role uint16) (*volumeInfo, error) {\n\tsb, err := c.latestSuperblock()\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"reading container superblock: %w\", err)\n\t}\n\n\t// Read the container omap to resolve volume virtual OIDs.\n\tcontainerOmapAddr := le.Uint64(sb[nxOmapOIDOff:])\n\tcontainerOmap, err := c.readBlock(containerOmapAddr)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"reading container omap at %d: %w\", containerOmapAddr, err)\n\t}\n\tcontainerOmapTreeAddr := le.Uint64(containerOmap[omapTreeOIDOff:])\n\n\tcontainerXID := le.Uint64(sb[objXIDOff:])\n\n\tfor i := range nxMaxFileSystems {\n\t\toff := nxFSOIDOff + i*8\n\t\tvolOID := le.Uint64(sb[off:])\n\t\tif volOID == 0 {\n\t\t\tcontinue\n\t\t}\n\t\t// Resolve virtual OID through container omap.\n\t\tvolPhysAddr, err := c.omapLookup(containerOmapTreeAddr, volOID, containerXID)\n\t\tif err != nil {\n\t\t\tcontinue // skip volumes we can't resolve\n\t\t}\n\t\tvolBlock, err := c.readBlock(volPhysAddr)\n\t\tif err != nil {\n\t\t\tcontinue\n\t\t}\n\t\tif verifyChecksum(volBlock) != nil {\n\t\t\tcontinue\n\t\t}\n\t\tif le.Uint32(volBlock[apfsMagicOff:]) != apfsMagic {\n\t\t\tcontinue\n\t\t}\n\t\tvolRole := le.Uint16(volBlock[apfsRoleOff:])\n\t\tif volRole == role {\n\t\t\tomapAddr := le.Uint64(volBlock[apfsOmapOIDOff:])\n\t\t\tomapBlock, err := c.readBlock(omapAddr)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"reading volume omap: %w\", err)\n\t\t\t}\n\t\t\treturn &volumeInfo{\n\t\t\t\tomapTreeAddr: le.Uint64(omapBlock[omapTreeOIDOff:]),\n\t\t\t\trootTreeOID: le.Uint64(volBlock[apfsRootTreeOIDOff:]),\n\t\t\t\tlatestXID: le.Uint64(volBlock[objXIDOff:]),\n\t\t\t}, nil\n\t\t}\n\t}\n\treturn nil, fmt.Errorf(\"no volume with role %#x found\", role)\n}\n\n// omapLookup searches the omap B-tree for a virtual OID, returning\n// the physical address from the entry with the highest xid <= maxXID.\nfunc (c *container) omapLookup(omapTreeAddr, oid, maxXID uint64) (uint64, error) {\n\tblk, err := c.readBlock(omapTreeAddr)\n\tif err != nil {\n\t\treturn 0, err\n\t}\n\n\tfor {\n\t\tif verifyChecksum(blk) != nil {\n\t\t\treturn 0, errors.New(\"omap node checksum failed\")\n\t\t}\n\t\tif err := verifyBTreeNodeType(blk); err != nil {\n\t\t\treturn 0, fmt.Errorf(\"omap node: %w\", err)\n\t\t}\n\t\tflags := le.Uint16(blk[btnFlagsOff:])\n\t\tnkeys := le.Uint32(blk[btnNKeysOff:])\n\t\ttspOff := le.Uint16(blk[btnTableSpaceOff:])\n\t\ttspLen := le.Uint16(blk[btnTableSpaceOff+2:])\n\n\t\ttocStart := btnDataOff + uint32(tspOff)\n\t\tkeyAreaStart := tocStart + uint32(tspLen)\n\n\t\tisLeaf := flags&btnodeLeaf != 0\n\t\tisFixedKV := flags&btnodeFixedKVSize != 0\n\t\tisRoot := flags&btnodeRoot != 0\n\n\t\tvalueAreaEnd := c.blockSize\n\t\tif isRoot {\n\t\t\tvalueAreaEnd -= btreeInfoSize\n\t\t}\n\n\t\tif isLeaf {\n\t\t\t// Search for matching oid with highest xid <= maxXID.\n\t\t\tvar bestPhysAddr uint64\n\t\t\tvar bestXID uint64\n\t\t\tfound := false\n\n\t\t\tfor i := range nkeys {\n\t\t\t\tkOff, vOff := c.readTocEntry(blk, tocStart, i, isFixedKV)\n\t\t\t\tkeyStart := keyAreaStart + kOff\n\t\t\t\tentryOID := le.Uint64(blk[keyStart:])\n\t\t\t\tentryXID := le.Uint64(blk[keyStart+8:])\n\n\t\t\t\tif entryOID == oid && entryXID <= maxXID {\n\t\t\t\t\t// Value: ov_flags(4) + ov_size(4) + ov_paddr(8).\n\t\t\t\t\tvalStart := valueAreaEnd - vOff\n\t\t\t\t\tphysAddr := le.Uint64(blk[valStart+8:])\n\t\t\t\t\tif !found || entryXID > bestXID {\n\t\t\t\t\t\tbestPhysAddr = physAddr\n\t\t\t\t\t\tbestXID = entryXID\n\t\t\t\t\t\tfound = true\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tif !found {\n\t\t\t\treturn 0, fmt.Errorf(\"omap entry for OID %d not found\", oid)\n\t\t\t}\n\t\t\treturn bestPhysAddr, nil\n\t\t}\n\n\t\t// Internal node: find the last key <= (oid, maxXID) and descend.\n\t\tchildIdx := uint32(0)\n\t\tfor i := range nkeys {\n\t\t\tkOff, _ := c.readTocEntry(blk, tocStart, i, isFixedKV)\n\t\t\tkeyStart := keyAreaStart + kOff\n\t\t\tentryOID := le.Uint64(blk[keyStart:])\n\t\t\tentryXID := le.Uint64(blk[keyStart+8:])\n\n\t\t\tcmp := compareOmapKey(entryOID, entryXID, oid, maxXID)\n\t\t\tif cmp <= 0 {\n\t\t\t\tchildIdx = i\n\t\t\t} else {\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\n\t\t// Read child pointer (physical address, 8 bytes).\n\t\t_, vOff := c.readTocEntry(blk, tocStart, childIdx, isFixedKV)\n\t\tchildAddr := le.Uint64(blk[valueAreaEnd-vOff:])\n\n\t\tblk, err = c.readBlock(childAddr)\n\t\tif err != nil {\n\t\t\treturn 0, fmt.Errorf(\"reading omap child node: %w\", err)\n\t\t}\n\t}\n}\n\n// readTocEntry reads the key and value offsets from a ToC entry.\n// For fixed-KV nodes (kvoff_t): 4 bytes per entry (k_off u16, v_off u16).\n// For variable-KV nodes (kvloc_t): 8 bytes per entry (k.off u16, k.len u16, v.off u16, v.len u16).\n// Returns keyOffset and valueOffset (both relative to their respective areas).\nfunc (c *container) readTocEntry(blk []byte, tocStart, index uint32, fixedKV bool) (keyOff, valOff uint32) {\n\tif fixedKV {\n\t\toff := tocStart + index*4\n\t\treturn uint32(le.Uint16(blk[off:])), uint32(le.Uint16(blk[off+2:]))\n\t}\n\toff := tocStart + index*8\n\treturn uint32(le.Uint16(blk[off:])), uint32(le.Uint16(blk[off+4:]))\n}\n\n// verifyBTreeNodeType checks that a block's object type indicates a\n// B-tree node: OBJECT_TYPE_BTREE (0x02, root) or OBJECT_TYPE_BTREE_NODE\n// (0x03, non-root).\nfunc verifyBTreeNodeType(blk []byte) error {\n\toType := le.Uint32(blk[objTypeOff:]) & objTypeMask\n\tif oType != 0x02 && oType != 0x03 {\n\t\treturn fmt.Errorf(\"expected B-tree node type (2 or 3), got %#x\", oType)\n\t}\n\treturn nil\n}\n\nfunc compareOmapKey(oid1, xid1, oid2, xid2 uint64) int {\n\tif oid1 < oid2 {\n\t\treturn -1\n\t}\n\tif oid1 > oid2 {\n\t\treturn 1\n\t}\n\tif xid1 < xid2 {\n\t\treturn -1\n\t}\n\tif xid1 > xid2 {\n\t\treturn 1\n\t}\n\treturn 0\n}\n\n// compareFSKeyHeader compares two filesystem B-tree key headers.\n// APFS sorts filesystem keys by (obj_id, type), not by the raw uint64.\nfunc compareFSKeyHeader(a, b uint64) int {\n\taID := a & objIDMask\n\tbID := b & objIDMask\n\tif aID < bID {\n\t\treturn -1\n\t}\n\tif aID > bID {\n\t\treturn 1\n\t}\n\taType := a >> objTypeShift\n\tbType := b >> objTypeShift\n\tif aType < bType {\n\t\treturn -1\n\t}\n\tif aType > bType {\n\t\treturn 1\n\t}\n\treturn 0\n}\n\nvar crc32cTable = crc32.MakeTable(crc32.Castagnoli)\n\n// drecNameHash computes the 22-bit directory record name hash as stored\n// in the upper bits of j_drec_hashed_key_t.name_len_and_hash.\n//\n// Per the Apple APFS Reference: NFD-normalize the name, encode as UTF-32LE\n// (without null terminator), compute CRC-32C, complement, keep low 22 bits.\n// The complement cancels with the CRC's standard finalization XOR, so we\n// use ^crc32.Checksum to get the raw CRC.\nfunc drecNameHash(name string) uint32 {\n\trunes := []rune(strings.ToLower(name))\n\tbuf := make([]byte, len(runes)*4)\n\tfor i, r := range runes {\n\t\tle.PutUint32(buf[i*4:], uint32(r))\n\t}\n\treturn ^crc32.Checksum(buf, crc32cTable) & 0x3FFFFF\n}\n\n// compareDrecKey compares a directory record key from a B-tree node\n// against a target (parentCNID, name). Returns <0, 0, or >0.\nfunc (c *container) compareDrecKey(blk []byte, keyStart uint32, targetKeyHeader uint64, targetName string, targetHash uint32) int {\n\tkeyHeader := le.Uint64(blk[keyStart:])\n\tcmp := compareFSKeyHeader(keyHeader, targetKeyHeader)\n\tif cmp != 0 {\n\t\treturn cmp\n\t}\n\t// Headers match (same parent CNID and type DIR_REC).\n\t// Compare name hash for hashed keys, or name directly for non-hashed.\n\tval32 := le.Uint32(blk[keyStart+8:])\n\tif val32&0xFFFFFC00 != 0 {\n\t\t// Hashed key: compare hash values (upper 22 bits).\n\t\tentryHash := (val32 >> 10) & 0x3FFFFF\n\t\tif entryHash < targetHash {\n\t\t\treturn -1\n\t\t}\n\t\tif entryHash > targetHash {\n\t\t\treturn 1\n\t\t}\n\t\t// Hash collision: compare actual names.\n\t\tentryName := c.readDrecName(blk, keyStart+8)\n\t\treturn strings.Compare(strings.ToLower(entryName), strings.ToLower(targetName))\n\t}\n\t// Non-hashed key: compare names directly.\n\tentryName := c.readDrecName(blk, keyStart+8)\n\treturn strings.Compare(entryName, targetName)\n}\n\n// resolvePath walks path components from the volume root, returning\n// the inode number of the final path element.\nfunc (c *container) resolvePath(fsRootPhys, omapTreeAddr, maxXID uint64, path string) (uint64, error) {\n\tparts := strings.Split(strings.Trim(path, \"/\"), \"/\")\n\tcnid := uint64(rootDirInodeNum)\n\n\tfor _, name := range parts {\n\t\tif name == \"\" {\n\t\t\tcontinue\n\t\t}\n\t\tfileID, err := c.lookupDirEntry(fsRootPhys, omapTreeAddr, maxXID, cnid, name)\n\t\tif err != nil {\n\t\t\treturn 0, fmt.Errorf(\"looking up %q in directory (cnid %d): %w\", name, cnid, err)\n\t\t}\n\t\tcnid = fileID\n\t}\n\treturn cnid, nil\n}\n\n// lookupDirEntry searches the filesystem B-tree for a directory record\n// matching parentCNID and name, returning the file_id from j_drec_val_t.\nfunc (c *container) lookupDirEntry(fsRootPhys, omapTreeAddr, maxXID, parentCNID uint64, name string) (uint64, error) {\n\ttargetKeyHeader := (uint64(apfsTypeDirRec) << objTypeShift) | (parentCNID & objIDMask)\n\ttargetHash := drecNameHash(name)\n\n\tblk, err := c.readBlock(fsRootPhys)\n\tif err != nil {\n\t\treturn 0, err\n\t}\n\n\tfor {\n\t\tif verifyChecksum(blk) != nil {\n\t\t\treturn 0, errors.New(\"filesystem B-tree node checksum failed\")\n\t\t}\n\t\tif err := verifyBTreeNodeType(blk); err != nil {\n\t\t\treturn 0, fmt.Errorf(\"filesystem B-tree node: %w\", err)\n\t\t}\n\t\tflags := le.Uint16(blk[btnFlagsOff:])\n\t\tnkeys := le.Uint32(blk[btnNKeysOff:])\n\t\ttspOff := le.Uint16(blk[btnTableSpaceOff:])\n\t\ttspLen := le.Uint16(blk[btnTableSpaceOff+2:])\n\n\t\ttocStart := btnDataOff + uint32(tspOff)\n\t\tkeyAreaStart := tocStart + uint32(tspLen)\n\n\t\tisLeaf := flags&btnodeLeaf != 0\n\t\tisFixedKV := flags&btnodeFixedKVSize != 0\n\t\tisRoot := flags&btnodeRoot != 0\n\n\t\tvalueAreaEnd := c.blockSize\n\t\tif isRoot {\n\t\t\tvalueAreaEnd -= btreeInfoSize\n\t\t}\n\n\t\tif isLeaf {\n\t\t\tfor i := range nkeys {\n\t\t\t\tkOff, vOff := c.readTocEntry(blk, tocStart, i, isFixedKV)\n\t\t\t\tkeyStart := keyAreaStart + kOff\n\t\t\t\tkeyHeader := le.Uint64(blk[keyStart:])\n\n\t\t\t\tif keyHeader != targetKeyHeader {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\t// Parse the directory record key name.\n\t\t\t\tentryName := c.readDrecName(blk, keyStart+8)\n\t\t\t\tif entryName != name {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\t// Read file_id from j_drec_val_t (first 8 bytes of value).\n\t\t\t\tvalStart := valueAreaEnd - vOff\n\t\t\t\treturn le.Uint64(blk[valStart:]), nil\n\t\t\t}\n\t\t\treturn 0, fmt.Errorf(\"directory entry %q not found\", name)\n\t\t}\n\n\t\t// Internal node: find the child to descend into.\n\t\t// The last key <= our target determines the child.\n\t\t// For DIR_REC keys with matching headers, we also compare the\n\t\t// name hash to find the correct subtree.\n\t\tchildIdx := uint32(0)\n\t\tfor i := range nkeys {\n\t\t\tkOff, _ := c.readTocEntry(blk, tocStart, i, isFixedKV)\n\t\t\tkeyStart := keyAreaStart + kOff\n\t\t\tcmp := c.compareDrecKey(blk, keyStart, targetKeyHeader, name, targetHash)\n\t\t\tif cmp <= 0 {\n\t\t\t\tchildIdx = i\n\t\t\t} else {\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\n\t\t// Read child OID (virtual) and resolve through omap.\n\t\t_, vOff := c.readTocEntry(blk, tocStart, childIdx, isFixedKV)\n\t\tchildOID := le.Uint64(blk[valueAreaEnd-vOff:])\n\t\tchildPhys, err := c.omapLookup(omapTreeAddr, childOID, maxXID)\n\t\tif err != nil {\n\t\t\treturn 0, fmt.Errorf(\"resolving child OID %d: %w\", childOID, err)\n\t\t}\n\t\tblk, err = c.readBlock(childPhys)\n\t\tif err != nil {\n\t\t\treturn 0, err\n\t\t}\n\t}\n}\n\n// readDrecName reads a directory record name from the key data\n// starting at nameFieldOff. Handles both hashed (j_drec_hashed_key_t,\n// 4-byte name_len_and_hash) and non-hashed (j_drec_key_t, 2-byte\n// name_len) formats.\nfunc (c *container) readDrecName(blk []byte, nameFieldOff uint32) string {\n\t// Heuristic: if the 4-byte field at nameFieldOff has its upper\n\t// bits set (hash), it's a hashed key. For non-hashed keys, the\n\t// 2-byte name_len is followed by the name bytes.\n\t//\n\t// In j_drec_hashed_key_t: name_len_and_hash (uint32) where\n\t// lower 10 bits = name length including null terminator.\n\t// In j_drec_key_t: name_len (uint16) = name length including\n\t// null terminator.\n\t//\n\t// We distinguish them by checking: if the upper 22 bits of the\n\t// first uint32 are nonzero, it's hashed.\n\tval32 := le.Uint32(blk[nameFieldOff:])\n\tif val32&0xFFFFFC00 != 0 {\n\t\t// Hashed: lower 10 bits = length (including null terminator).\n\t\tnameLen := int(val32 & 0x3FF)\n\t\tnameStart := nameFieldOff + 4\n\t\tif nameLen > 1 {\n\t\t\treturn string(blk[nameStart : nameStart+uint32(nameLen-1)])\n\t\t}\n\t\treturn \"\"\n\t}\n\t// Non-hashed: 2-byte name_len.\n\tnameLen := int(le.Uint16(blk[nameFieldOff:]))\n\tnameStart := nameFieldOff + 2\n\tif nameLen > 1 {\n\t\treturn string(blk[nameStart : nameStart+uint32(nameLen-1)])\n\t}\n\treturn \"\"\n}\n\n// chownInode finds an inode in the filesystem B-tree and modifies\n// its owner and group fields.\nfunc (c *container) chownInode(fsRootPhys, omapTreeAddr, maxXID, inodeNum uint64, uid, gid uint32) error {\n\ttargetKeyHeader := (uint64(apfsTypeInode) << objTypeShift) | (inodeNum & objIDMask)\n\n\tblkAddr := fsRootPhys\n\tblk, err := c.readBlock(blkAddr)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// Walk down to the leaf containing the inode.\n\tfor {\n\t\tif verifyChecksum(blk) != nil {\n\t\t\treturn errors.New(\"filesystem B-tree node checksum failed\")\n\t\t}\n\t\tif err := verifyBTreeNodeType(blk); err != nil {\n\t\t\treturn fmt.Errorf(\"filesystem B-tree node: %w\", err)\n\t\t}\n\t\tflags := le.Uint16(blk[btnFlagsOff:])\n\t\tnkeys := le.Uint32(blk[btnNKeysOff:])\n\t\ttspOff := le.Uint16(blk[btnTableSpaceOff:])\n\t\ttspLen := le.Uint16(blk[btnTableSpaceOff+2:])\n\n\t\ttocStart := btnDataOff + uint32(tspOff)\n\t\tkeyAreaStart := tocStart + uint32(tspLen)\n\n\t\tisLeaf := flags&btnodeLeaf != 0\n\t\tisFixedKV := flags&btnodeFixedKVSize != 0\n\t\tisRoot := flags&btnodeRoot != 0\n\n\t\tvalueAreaEnd := c.blockSize\n\t\tif isRoot {\n\t\t\tvalueAreaEnd -= btreeInfoSize\n\t\t}\n\n\t\tif isLeaf {\n\t\t\tfor i := range nkeys {\n\t\t\t\tkOff, vOff := c.readTocEntry(blk, tocStart, i, isFixedKV)\n\t\t\t\tkeyStart := keyAreaStart + kOff\n\t\t\t\tkeyHeader := le.Uint64(blk[keyStart:])\n\n\t\t\t\tif keyHeader != targetKeyHeader {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\t// Found the inode. Validate before writing.\n\t\t\t\tvalStart := valueAreaEnd - vOff\n\n\t\t\t\tif valStart+inodeGroupOff+4 > c.blockSize {\n\t\t\t\t\treturn fmt.Errorf(\"inode %d value exceeds block boundary\", inodeNum)\n\t\t\t\t}\n\n\t\t\t\tif privateID := le.Uint64(blk[valStart+inodePrivateIDOff:]); privateID != inodeNum {\n\t\t\t\t\treturn fmt.Errorf(\"inode %d has mismatched private_id %d\", inodeNum, privateID)\n\t\t\t\t}\n\n\t\t\t\tcurrentUID := le.Uint32(blk[valStart+inodeOwnerOff:])\n\t\t\t\tcurrentGID := le.Uint32(blk[valStart+inodeGroupOff:])\n\t\t\t\tif currentUID != noownersPlaceholderID || currentGID != noownersPlaceholderID {\n\t\t\t\t\treturn fmt.Errorf(\"inode %d has ownership %d:%d, expected %d:%d from noowners mount\",\n\t\t\t\t\t\tinodeNum, currentUID, currentGID, noownersPlaceholderID, noownersPlaceholderID)\n\t\t\t\t}\n\n\t\t\t\tle.PutUint32(blk[valStart+inodeOwnerOff:], uid)\n\t\t\t\tle.PutUint32(blk[valStart+inodeGroupOff:], gid)\n\t\t\t\tupdateChecksum(blk)\n\t\t\t\treturn c.writeBlock(blkAddr, blk)\n\t\t\t}\n\t\t\treturn fmt.Errorf(\"inode %d not found in filesystem B-tree\", inodeNum)\n\t\t}\n\n\t\t// Internal node: descend.\n\t\tchildIdx := uint32(0)\n\t\tfor i := range nkeys {\n\t\t\tkOff, _ := c.readTocEntry(blk, tocStart, i, isFixedKV)\n\t\t\tkeyStart := keyAreaStart + kOff\n\t\t\tkeyHeader := le.Uint64(blk[keyStart:])\n\n\t\t\tif compareFSKeyHeader(keyHeader, targetKeyHeader) <= 0 {\n\t\t\t\tchildIdx = i\n\t\t\t} else {\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\n\t\t_, vOff := c.readTocEntry(blk, tocStart, childIdx, isFixedKV)\n\t\tchildOID := le.Uint64(blk[valueAreaEnd-vOff:])\n\t\tchildPhys, err := c.omapLookup(omapTreeAddr, childOID, maxXID)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"resolving child OID %d: %w\", childOID, err)\n\t\t}\n\t\tblkAddr = childPhys\n\t\tblk, err = c.readBlock(blkAddr)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n}\n" }, { "path": "pkg/apfs/chown_darwin_test.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage apfs\n\nimport (\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\t\"strings\"\n\t\"syscall\"\n\t\"testing\"\n\n\t\"gotest.tools/v3/assert\"\n)\n\n// TestChownIntegration creates a real APFS disk image with hdiutil,\n// writes a test file, runs Chown on the raw image, and verifies\n// ownership via os.Stat after remounting with ownership enabled.\n// No root required.\nfunc TestChownIntegration(t *testing.T) {\n\ttmpDir := t.TempDir()\n\timgPath := filepath.Join(tmpDir, \"test.dmg\")\n\n\t// Create a 64MB APFS disk image (GPT + APFS container).\n\tctx := t.Context()\n\tcmd := exec.CommandContext(ctx, \"hdiutil\", \"create\",\n\t\t\"-size\", \"64m\",\n\t\t\"-fs\", \"APFS\",\n\t\t\"-volname\", \"TestVol\",\n\t\timgPath,\n\t)\n\tout, err := cmd.CombinedOutput()\n\tassert.NilError(t, err, \"hdiutil create failed: %s\", out)\n\n\t// Attach, write a test file, and detach. Default mount uses\n\t// noowners, so the on-disk UID will be 99 (nobody).\n\tmntDir := filepath.Join(tmpDir, \"mnt\")\n\tcmd = exec.CommandContext(ctx, \"hdiutil\", \"attach\", imgPath, \"-mountpoint\", mntDir)\n\tout, err = cmd.CombinedOutput()\n\tassert.NilError(t, err, \"hdiutil attach failed: %s\", out)\n\n\tassert.NilError(t, os.WriteFile(filepath.Join(mntDir, \"testfile.txt\"), []byte(\"hello\"), 0o644))\n\n\tcmd = exec.CommandContext(ctx, \"hdiutil\", \"detach\", mntDir)\n\tout, err = cmd.CombinedOutput()\n\tassert.NilError(t, err, \"hdiutil detach failed: %s\", out)\n\n\t// Change ownership to root:wheel via raw APFS modification.\n\t// hdiutil creates a single volume with role=0 (APFS_VOL_ROLE_NONE).\n\tassert.NilError(t, Chown(imgPath, 0, 0, 0, \"testfile.txt\"))\n\n\t// Verify filesystem integrity after raw block modification.\n\tcmd = exec.CommandContext(ctx, \"hdiutil\", \"attach\", imgPath, \"-nomount\")\n\tout, err = cmd.CombinedOutput()\n\tassert.NilError(t, err, \"hdiutil attach -nomount failed: %s\", out)\n\tdev := strings.Fields(string(out))[0]\n\tcmd = exec.CommandContext(ctx, \"fsck_apfs\", \"-n\", dev)\n\tout, err = cmd.CombinedOutput()\n\tassert.NilError(t, err, \"fsck_apfs failed: %s\", out)\n\tcmd = exec.CommandContext(ctx, \"hdiutil\", \"detach\", dev)\n\tout, err = cmd.CombinedOutput()\n\tassert.NilError(t, err, \"hdiutil detach failed: %s\", out)\n\n\t// Re-attach with ownership enabled so os.Stat reflects on-disk UIDs.\n\tcmd = exec.CommandContext(ctx, \"hdiutil\", \"attach\", imgPath,\n\t\t\"-mountpoint\", mntDir, \"-owners\", \"on\")\n\tout, err = cmd.CombinedOutput()\n\tassert.NilError(t, err, \"hdiutil re-attach failed: %s\", out)\n\tdefer func() {\n\t\t_ = exec.CommandContext(ctx, \"hdiutil\", \"detach\", mntDir, \"-force\").Run()\n\t}()\n\n\tfi, err := os.Stat(filepath.Join(mntDir, \"testfile.txt\"))\n\tassert.NilError(t, err)\n\tstat := fi.Sys().(*syscall.Stat_t)\n\tassert.Equal(t, stat.Uid, uint32(0), \"expected uid=0, got uid=%d\", stat.Uid)\n\tassert.Equal(t, stat.Gid, uint32(0), \"expected gid=0, got gid=%d\", stat.Gid)\n}\n" }, { "path": "pkg/apfs/fletcher64.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage apfs\n\nimport (\n\t\"encoding/binary\"\n\t\"fmt\"\n)\n\nconst fletcher64Mod = 0xFFFFFFFF\n\n// fletcher64 computes the APFS Fletcher-64 checksum over block[8:].\nfunc fletcher64(block []byte) uint64 {\n\tvar sum1, sum2 uint64\n\tfor i := 8; i+3 < len(block); i += 4 {\n\t\tsum1 = (sum1 + uint64(binary.LittleEndian.Uint32(block[i:]))) % fletcher64Mod\n\t\tsum2 = (sum2 + sum1) % fletcher64Mod\n\t}\n\tckLow := fletcher64Mod - ((sum1 + sum2) % fletcher64Mod)\n\tckHigh := fletcher64Mod - ((sum1 + ckLow) % fletcher64Mod)\n\treturn (ckHigh << 32) | ckLow\n}\n\n// verifyChecksum returns an error if the stored checksum does not match.\nfunc verifyChecksum(block []byte) error {\n\tstored := binary.LittleEndian.Uint64(block[objChecksumOff:])\n\tcomputed := fletcher64(block)\n\tif stored != computed {\n\t\treturn fmt.Errorf(\"checksum mismatch: stored %#x, computed %#x\", stored, computed)\n\t}\n\treturn nil\n}\n\n// updateChecksum recomputes and stores the Fletcher-64 checksum.\nfunc updateChecksum(block []byte) {\n\tbinary.LittleEndian.PutUint64(block[objChecksumOff:], fletcher64(block))\n}\n" }, { "path": "pkg/apfs/fletcher64_test.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage apfs\n\nimport (\n\t\"encoding/binary\"\n\t\"testing\"\n\n\t\"gotest.tools/v3/assert\"\n)\n\nfunc TestFletcher64(t *testing.T) {\n\t// Construct a minimal 4096-byte block and verify the checksum\n\t// round-trips: compute -> store -> verify.\n\tblock := make([]byte, 4096)\n\tfor i := 8; i < len(block); i++ {\n\t\tblock[i] = byte(i % 251)\n\t}\n\tupdateChecksum(block)\n\tassert.NilError(t, verifyChecksum(block))\n\n\t// Corrupt one byte and verify detection.\n\tblock[100]++\n\tassert.Assert(t, verifyChecksum(block) != nil, \"verifyChecksum should have failed after corruption\")\n}\n\nfunc TestFletcher64KnownVector(t *testing.T) {\n\t// A block of all zeros (except checksum) should produce a\n\t// deterministic checksum. Verify consistency.\n\tblock := make([]byte, 4096)\n\tck := fletcher64(block)\n\tupdateChecksum(block)\n\tstored := binary.LittleEndian.Uint64(block[0:])\n\tassert.Equal(t, stored, ck)\n\tassert.NilError(t, verifyChecksum(block))\n}\n" }, { "path": "pkg/apfs/types.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\n// Package apfs provides minimal APFS disk image manipulation.\n// It reads on-disk structures at known byte offsets per the Apple APFS\n// Reference and modifies inode UID/GID fields directly, bypassing\n// the kernel VFS.\npackage apfs\n\n// Magic numbers.\nconst (\n\tnxMagic = 0x4253584E // \"NXSB\"\n\tapfsMagic = 0x42535041 // \"APSB\"\n)\n\n// Object types (lower 16 bits of o_type).\nconst (\n\tobjectTypeNXSuperblock = 0x01\n\tobjectTypeCheckpointMap = 0x0C\n\tobjectTypeOmap = 0x0B\n\tobjectTypeBTreeNode = 0x02\n\tobjectTypeFS = 0x0D\n\tobjectTypeFSTree = 0x0E\n\tobjectTypeBlockRefTree = 0x0F\n\tobjectTypeOmapSnapshot = 0x10\n\tobjectTypeNXReaperFS = 0x12\n\tobjectTypeNXReaperListKey = 0x13\n)\n\n// Object storage classes (upper 16 bits of o_type, shifted).\nconst (\n\tobjPhysical = 0x00000000\n\tobjEphemeral = 0x80000000\n\tobjVirtual = 0x00000000\n\tobjTypeMask = 0x0000FFFF\n\tobjFlagsMask = 0xFFFF0000\n)\n\n// B-tree node flags.\nconst (\n\tbtnodeRoot = 0x0001\n\tbtnodeLeaf = 0x0002\n\tbtnodeFixedKVSize = 0x0004\n)\n\n// Filesystem object types (upper 4 bits of j_key_t.obj_id_and_type).\nconst (\n\tapfsTypeInode = 3\n\tapfsTypeDirRec = 9\n)\n\n// Filesystem key masks.\nconst (\n\tobjIDMask = 0x0FFFFFFFFFFFFFFF\n\tobjTypeShift = 60\n)\n\n// Well-known inode numbers.\nconst (\n\trootDirInodeNum = 2\n)\n\n// noownersPlaceholderID is the on-disk UID and GID that APFS stores\n// for files on volumes mounted with the noowners option.\nconst noownersPlaceholderID = 99\n\n// VolRoleData is the APFS volume role for \"Data\" volumes.\nconst VolRoleData = 0x0040 // APFS_VOL_ROLE_DATA (shifted representation: (1 << 2) << 4)\n\n// Container superblock (nx_superblock_t) field offsets from block start.\nconst (\n\tnxMagicOff = 32 // uint32\n\tnxBlockSizeOff = 36 // uint32\n\tnxXPDescBlocksOff = 104 // uint32 (mask 0x7FFFFFFF for count)\n\tnxXPDescBaseOff = 112 // uint64 (physical block address)\n\tnxXPDescIndexOff = 136 // uint32\n\tnxXPDescLenOff = 140 // uint32\n\tnxOmapOIDOff = 160 // uint64 (physical)\n\tnxFSOIDOff = 184 // uint64[100] (virtual OIDs)\n\tnxMaxFileSystems = 100\n\tnxXPDescBlocksMask = 0x7FFFFFFF\n)\n\n// Object header (obj_phys_t) field offsets.\nconst (\n\tobjChecksumOff = 0 // uint64\n\tobjOIDOff = 8 // uint64\n\tobjXIDOff = 16 // uint64\n\tobjTypeOff = 24 // uint32\n\tobjSubtypeOff = 28 // uint32\n\tobjHeaderSize = 32\n)\n\n// Volume superblock (apfs_superblock_t) field offsets from block start.\nconst (\n\tapfsMagicOff = 32 // uint32\n\tapfsOmapOIDOff = 128 // uint64 (physical)\n\tapfsRootTreeOIDOff = 136 // uint64 (virtual)\n\tapfsVolNameOff = 704 // 256 bytes UTF-8\n\tapfsRoleOff = 964 // uint16\n)\n\n// Object map (omap_phys_t) field offsets from block start.\nconst (\n\tomapTreeOIDOff = 48 // uint64 (physical)\n)\n\n// B-tree node (btree_node_phys_t) field offsets from block start.\nconst (\n\tbtnFlagsOff = 32 // uint16\n\tbtnLevelOff = 34 // uint16\n\tbtnNKeysOff = 36 // uint32\n\tbtnTableSpaceOff = 40 // nloc_t: off uint16 + len uint16\n\tbtnDataOff = 56 // start of btn_data[]\n)\n\n// btree_info_t size (sits at end of root node block).\nconst btreeInfoSize = 40\n\n// j_inode_val_t field offsets (from start of value data).\nconst (\n\tinodeParentIDOff = 0 // uint64\n\tinodePrivateIDOff = 8 // uint64\n\tinodeOwnerOff = 72 // uint32\n\tinodeGroupOff = 76 // uint32\n)\n" }, { "path": "pkg/autostart/autostart.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\n// Package autostart manage start at login unit files for darwin/linux\npackage autostart\n\nimport (\n\t\"context\"\n\t\"sync\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n)\n\n// IsRegistered checks if the instance is registered to start at login.\nfunc IsRegistered(ctx context.Context, inst *limatype.Instance) (bool, error) {\n\treturn manager().IsRegistered(ctx, inst)\n}\n\n// RegisterToStartAtLogin creates a start-at-login entry for the instance.\nfunc RegisterToStartAtLogin(ctx context.Context, inst *limatype.Instance) error {\n\treturn manager().RegisterToStartAtLogin(ctx, inst)\n}\n\n// UnregisterFromStartAtLogin deletes the start-at-login entry for the instance.\nfunc UnregisterFromStartAtLogin(ctx context.Context, inst *limatype.Instance) error {\n\treturn manager().UnregisterFromStartAtLogin(ctx, inst)\n}\n\n// AutoStartedIdentifier returns the identifier if the current process was started by the autostart manager.\nfunc AutoStartedIdentifier() string {\n\treturn manager().AutoStartedIdentifier()\n}\n\n// RequestStart requests to start the instance by identifier.\nfunc RequestStart(ctx context.Context, inst *limatype.Instance) error {\n\treturn manager().RequestStart(ctx, inst)\n}\n\n// RequestStop requests to stop the instance by identifier.\nfunc RequestStop(ctx context.Context, inst *limatype.Instance) (bool, error) {\n\treturn manager().RequestStop(ctx, inst)\n}\n\ntype autoStartManager interface {\n\t// Registration\n\tIsRegistered(ctx context.Context, inst *limatype.Instance) (bool, error)\n\tRegisterToStartAtLogin(ctx context.Context, inst *limatype.Instance) error\n\tUnregisterFromStartAtLogin(ctx context.Context, inst *limatype.Instance) error\n\n\t// Status\n\tAutoStartedIdentifier() string\n\n\t// Operation\n\t// RequestStart requests to start the instance by identifier.\n\tRequestStart(ctx context.Context, inst *limatype.Instance) error\n\t// RequestStop requests to stop the instance by identifier.\n\tRequestStop(ctx context.Context, inst *limatype.Instance) (bool, error)\n}\n\nvar manager = sync.OnceValue(Manager)\n" }, { "path": "pkg/autostart/autostart_test.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage autostart\n\nimport (\n\t\"runtime\"\n\t\"testing\"\n\n\t\"gotest.tools/v3/assert\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/autostart/launchd\"\n\t\"github.com/lima-vm/lima/v2/pkg/autostart/systemd\"\n)\n\nvar (\n\tLaunchd = &TemplateFileBasedManager{\n\t\tfilePath: launchd.GetPlistPath,\n\t\ttemplate: launchd.Template,\n\t\tenabler: launchd.EnableDisableService,\n\t\tautoStartedIdentifier: launchd.AutoStartedServiceName,\n\t\trequestStart: launchd.RequestStart,\n\t\trequestStop: launchd.RequestStop,\n\t}\n\tSystemd = &TemplateFileBasedManager{\n\t\tfilePath: systemd.GetUnitPath,\n\t\ttemplate: systemd.Template,\n\t\tenabler: systemd.EnableDisableUnit,\n\t\tautoStartedIdentifier: systemd.AutoStartedUnitName,\n\t\trequestStart: systemd.RequestStart,\n\t\trequestStop: systemd.RequestStop,\n\t}\n)\n\nfunc TestRenderTemplate(t *testing.T) {\n\tif runtime.GOOS == \"windows\" {\n\t\tt.Skip(\"skipping testing on windows host\")\n\t}\n\ttests := []struct {\n\t\tManager *TemplateFileBasedManager\n\t\tName string\n\t\tInstanceName string\n\t\tExpected string\n\t\tWorkDir string\n\t\tGetExecutable func() (string, error)\n\t}{\n\t\t{\n\t\t\tManager: Launchd,\n\t\t\tName: \"render darwin launchd plist\",\n\t\t\tInstanceName: \"default\",\n\t\t\tExpected: `\n\n\n\n\tLabel\n\tio.lima-vm.autostart.default\n\tProgramArguments\n\t\n\t\t/limactl\n\t\tstart\n\t\tdefault\n\t\t--foreground\n\t\n\tRunAtLoad\n\t\n\tStandardErrorPath\n\tlaunchd.stderr.log\n\tStandardOutPath\n\tlaunchd.stdout.log\n\tWorkingDirectory\n\t/some/path\n\tProcessType\n\tBackground\n\n\n`,\n\t\t\tGetExecutable: func() (string, error) {\n\t\t\t\treturn \"/limactl\", nil\n\t\t\t},\n\t\t\tWorkDir: \"/some/path\",\n\t\t},\n\t\t{\n\t\t\tManager: Systemd,\n\t\t\tName: \"render linux systemd service\",\n\t\t\tInstanceName: \"default\",\n\t\t\tExpected: `[Unit]\nDescription=Lima - Linux virtual machines, with a focus on running containers.\nDocumentation=man:lima(1)\n\n[Service]\nExecStart=/limactl start %i --foreground\nWorkingDirectory=%h\nType=simple\nTimeoutSec=10\nRestart=on-failure\n\n[Install]\nWantedBy=default.target\n`,\n\t\t\tGetExecutable: func() (string, error) {\n\t\t\t\treturn \"/limactl\", nil\n\t\t\t},\n\t\t\tWorkDir: \"/some/path\",\n\t\t},\n\t}\n\tfor _, tt := range tests {\n\t\tt.Run(tt.Name, func(t *testing.T) {\n\t\t\ttmpl, err := tt.Manager.renderTemplate(tt.InstanceName, tt.WorkDir, tt.GetExecutable)\n\t\t\tassert.NilError(t, err)\n\t\t\tassert.Equal(t, string(tmpl), tt.Expected)\n\t\t})\n\t}\n}\n" }, { "path": "pkg/autostart/launchd/io.lima-vm.autostart.INSTANCE.plist", "content": "\n\n\n\n\tLabel\n\tio.lima-vm.autostart.{{ .Instance }}\n\tProgramArguments\n\t\n\t\t{{ .Binary }}\n\t\tstart\n\t\t{{ .Instance }}\n\t\t--foreground\n\t\n\tRunAtLoad\n\t\n\tStandardErrorPath\n\tlaunchd.stderr.log\n\tStandardOutPath\n\tlaunchd.stdout.log\n\tWorkingDirectory\n\t{{ .WorkDir }}\n\tProcessType\n\tBackground\n\n\n" }, { "path": "pkg/autostart/launchd/launchd.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage launchd\n\nimport (\n\t\"context\"\n\t_ \"embed\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/exec\"\n\t\"sync\"\n\n\t\"github.com/sirupsen/logrus\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n)\n\n//go:embed io.lima-vm.autostart.INSTANCE.plist\nvar Template string\n\n// GetPlistPath returns the path to the launchd plist file for the given instance name.\nfunc GetPlistPath(instName string) string {\n\treturn fmt.Sprintf(\"%s/Library/LaunchAgents/%s.plist\", os.Getenv(\"HOME\"), ServiceNameFrom(instName))\n}\n\n// ServiceNameFrom returns the launchd service name for the given instance name.\nfunc ServiceNameFrom(instName string) string {\n\treturn fmt.Sprintf(\"io.lima-vm.autostart.%s\", instName)\n}\n\n// EnableDisableService enables or disables the launchd service for the given instance name.\nfunc EnableDisableService(ctx context.Context, enable bool, instName string) error {\n\taction := \"enable\"\n\tif !enable {\n\t\taction = \"disable\"\n\t}\n\treturn launchctl(ctx, action, serviceTarget(instName))\n}\n\nfunc launchctl(ctx context.Context, args ...string) error {\n\tcmd := exec.CommandContext(ctx, \"launchctl\", args...)\n\tcmd.Stdout = os.Stdout\n\tcmd.Stderr = os.Stderr\n\tlogrus.Debugf(\"running command: %v\", cmd.Args)\n\treturn cmd.Run()\n}\n\nfunc launchctlWithoutOutput(ctx context.Context, args ...string) error {\n\tcmd := exec.CommandContext(ctx, \"launchctl\", args...)\n\tlogrus.Debugf(\"running command without output: %v\", cmd.Args)\n\treturn cmd.Run()\n}\n\n// AutoStartedServiceName returns the launchd service name if the instance is started by launchd.\nfunc AutoStartedServiceName() string {\n\t// Assume the instance is started by launchd if XPC_SERVICE_NAME is set and not \"0\".\n\t// To confirm it is actually started by launchd, it needs to use `launch_activate_socket`.\n\t// But that requires actual socket activation setup in the plist file.\n\t// So we just check XPC_SERVICE_NAME here.\n\tif xpcServiceName := os.Getenv(\"XPC_SERVICE_NAME\"); xpcServiceName != \"0\" {\n\t\treturn xpcServiceName\n\t}\n\treturn \"\"\n}\n\nvar domainTarget = sync.OnceValue(func() string {\n\treturn fmt.Sprintf(\"gui/%d\", os.Getuid())\n})\n\nfunc serviceTarget(instName string) string {\n\treturn fmt.Sprintf(\"%s/%s\", domainTarget(), ServiceNameFrom(instName))\n}\n\nfunc RequestStart(ctx context.Context, inst *limatype.Instance) error {\n\t// Call `launchctl bootout` first, because instance may be stopped without unloading the plist file.\n\t// If the plist file is not unloaded, `launchctl bootstrap` will fail.\n\t_ = launchctlWithoutOutput(ctx, \"bootout\", serviceTarget(inst.Name))\n\t// If disabled, `launchctl bootstrap` will fail.\n\t_ = EnableDisableService(ctx, true, inst.Name)\n\tif err := launchctl(ctx, \"bootstrap\", domainTarget(), GetPlistPath(inst.Name)); err != nil {\n\t\treturn fmt.Errorf(\"failed to start the instance %q via launchctl: %w\", inst.Name, err)\n\t}\n\treturn nil\n}\n\nfunc RequestStop(ctx context.Context, inst *limatype.Instance) (bool, error) {\n\tlogrus.Debugf(\"AutoStartedIdentifier=%q, ServiceNameFrom=%q\", inst.AutoStartedIdentifier, ServiceNameFrom(inst.Name))\n\tif inst.AutoStartedIdentifier == ServiceNameFrom(inst.Name) {\n\t\tlogrus.Infof(\"Stopping the instance %q started by launchd\", inst.Name)\n\t\tif err := launchctl(ctx, \"bootout\", serviceTarget(inst.Name)); err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to stop the instance %q via launchctl: %w\", inst.Name, err)\n\t\t}\n\t\treturn true, nil\n\t}\n\treturn false, nil\n}\n" }, { "path": "pkg/autostart/launchd/launchd_test.go", "content": "//go:build !windows\n\n// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage launchd\n\nimport (\n\t\"strings\"\n\t\"testing\"\n\n\t\"gotest.tools/v3/assert\"\n)\n\nfunc TestGetPlistPath(t *testing.T) {\n\ttests := []struct {\n\t\tName string\n\t\tInstanceName string\n\t\tExpected string\n\t}{\n\t\t{\n\t\t\tName: \"darwin with docker instance name\",\n\t\t\tInstanceName: \"docker\",\n\t\t\tExpected: \"Library/LaunchAgents/io.lima-vm.autostart.docker.plist\",\n\t\t},\n\t}\n\tfor _, tt := range tests {\n\t\tt.Run(tt.Name, func(t *testing.T) {\n\t\t\tassert.Check(t, strings.HasSuffix(GetPlistPath(tt.InstanceName), tt.Expected))\n\t\t})\n\t}\n}\n" }, { "path": "pkg/autostart/managers.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\n// Package autostart manage start at login unit files for darwin/linux\npackage autostart\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"runtime\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n\t\"github.com/lima-vm/lima/v2/pkg/textutil\"\n)\n\ntype notSupportedManager struct{}\n\nvar _ autoStartManager = (*notSupportedManager)(nil)\n\nvar ErrNotSupported = fmt.Errorf(\"autostart is not supported on %s\", runtime.GOOS)\n\nfunc (*notSupportedManager) IsRegistered(_ context.Context, _ *limatype.Instance) (bool, error) {\n\treturn false, ErrNotSupported\n}\n\nfunc (*notSupportedManager) RegisterToStartAtLogin(_ context.Context, _ *limatype.Instance) error {\n\treturn ErrNotSupported\n}\n\nfunc (*notSupportedManager) UnregisterFromStartAtLogin(_ context.Context, _ *limatype.Instance) error {\n\treturn ErrNotSupported\n}\n\nfunc (*notSupportedManager) AutoStartedIdentifier() string {\n\treturn \"\"\n}\n\nfunc (*notSupportedManager) RequestStart(_ context.Context, _ *limatype.Instance) error {\n\treturn ErrNotSupported\n}\n\nfunc (*notSupportedManager) RequestStop(_ context.Context, _ *limatype.Instance) (bool, error) {\n\treturn false, ErrNotSupported\n}\n\n// TemplateFileBasedManager is an autostart manager that uses a template file to create the autostart entry.\ntype TemplateFileBasedManager struct {\n\tenabler func(ctx context.Context, enable bool, instName string) error\n\tfilePath func(instName string) string\n\ttemplate string\n\tautoStartedIdentifier func() string\n\trequestStart func(ctx context.Context, inst *limatype.Instance) error\n\trequestStop func(ctx context.Context, inst *limatype.Instance) (bool, error)\n}\n\nvar _ autoStartManager = (*TemplateFileBasedManager)(nil)\n\nfunc (t *TemplateFileBasedManager) IsRegistered(_ context.Context, inst *limatype.Instance) (bool, error) {\n\tif t.filePath == nil {\n\t\treturn false, errors.New(\"no filePath function available\")\n\t}\n\tautostartFilePath := t.filePath(inst.Name)\n\tif _, err := os.Stat(autostartFilePath); err != nil {\n\t\tif os.IsNotExist(err) {\n\t\t\treturn false, nil\n\t\t}\n\t\treturn false, err\n\t}\n\treturn true, nil\n}\n\nfunc (t *TemplateFileBasedManager) RegisterToStartAtLogin(ctx context.Context, inst *limatype.Instance) error {\n\tif _, err := t.IsRegistered(ctx, inst); err != nil {\n\t\treturn fmt.Errorf(\"failed to check if the autostart entry for instance %q is registered: %w\", inst.Name, err)\n\t}\n\tcontent, err := t.renderTemplate(inst.Name, inst.Dir, os.Executable)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to render the autostart entry for instance %q: %w\", inst.Name, err)\n\t}\n\tentryFilePath := t.filePath(inst.Name)\n\tif err := os.MkdirAll(filepath.Dir(entryFilePath), os.ModePerm); err != nil {\n\t\treturn fmt.Errorf(\"failed to create the directory for the autostart entry for instance %q: %w\", inst.Name, err)\n\t}\n\tif err := os.WriteFile(entryFilePath, content, 0o644); err != nil {\n\t\treturn fmt.Errorf(\"failed to write the autostart entry for instance %q: %w\", inst.Name, err)\n\t}\n\tif t.enabler != nil {\n\t\treturn t.enabler(ctx, true, inst.Name)\n\t}\n\treturn nil\n}\n\nfunc (t *TemplateFileBasedManager) UnregisterFromStartAtLogin(ctx context.Context, inst *limatype.Instance) error {\n\tif registered, err := t.IsRegistered(ctx, inst); err != nil {\n\t\treturn fmt.Errorf(\"failed to check if the autostart entry for instance %q is registered: %w\", inst.Name, err)\n\t} else if !registered {\n\t\treturn nil\n\t}\n\tif t.enabler != nil {\n\t\tif err := t.enabler(ctx, false, inst.Name); err != nil {\n\t\t\treturn fmt.Errorf(\"failed to disable the autostart entry for instance %q: %w\", inst.Name, err)\n\t\t}\n\t}\n\tif err := os.Remove(t.filePath(inst.Name)); err != nil {\n\t\treturn fmt.Errorf(\"failed to remove the autostart entry for instance %q: %w\", inst.Name, err)\n\t}\n\treturn nil\n}\n\nfunc (t *TemplateFileBasedManager) renderTemplate(instName, workDir string, getExecutable func() (string, error)) ([]byte, error) {\n\tif t.template == \"\" {\n\t\treturn nil, errors.New(\"no template available\")\n\t}\n\tselfExeAbs, err := getExecutable()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn textutil.ExecuteTemplate(\n\t\tt.template,\n\t\tmap[string]string{\n\t\t\t\"Binary\": selfExeAbs,\n\t\t\t\"Instance\": instName,\n\t\t\t\"WorkDir\": workDir,\n\t\t})\n}\n\nfunc (t *TemplateFileBasedManager) AutoStartedIdentifier() string {\n\tif t.autoStartedIdentifier != nil {\n\t\treturn t.autoStartedIdentifier()\n\t}\n\treturn \"\"\n}\n\nfunc (t *TemplateFileBasedManager) RequestStart(ctx context.Context, inst *limatype.Instance) error {\n\tif t.requestStart == nil {\n\t\treturn errors.New(\"no RequestStart function available\")\n\t}\n\treturn t.requestStart(ctx, inst)\n}\n\nfunc (t *TemplateFileBasedManager) RequestStop(ctx context.Context, inst *limatype.Instance) (bool, error) {\n\tif t.requestStop == nil {\n\t\treturn false, errors.New(\"no RequestStop function available\")\n\t}\n\treturn t.requestStop(ctx, inst)\n}\n" }, { "path": "pkg/autostart/managers_darwin.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage autostart\n\nimport \"github.com/lima-vm/lima/v2/pkg/autostart/launchd\"\n\n// Manager returns the autostart manager for Darwin.\nfunc Manager() autoStartManager {\n\treturn &TemplateFileBasedManager{\n\t\tfilePath: launchd.GetPlistPath,\n\t\ttemplate: launchd.Template,\n\t\tenabler: launchd.EnableDisableService,\n\t\tautoStartedIdentifier: launchd.AutoStartedServiceName,\n\t\trequestStart: launchd.RequestStart,\n\t\trequestStop: launchd.RequestStop,\n\t}\n}\n" }, { "path": "pkg/autostart/managers_linux.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage autostart\n\nimport \"github.com/lima-vm/lima/v2/pkg/autostart/systemd\"\n\n// Manager returns the autostart manager for Linux.\nfunc Manager() autoStartManager {\n\tif systemd.IsRunningSystemd() {\n\t\treturn &TemplateFileBasedManager{\n\t\t\tfilePath: systemd.GetUnitPath,\n\t\t\ttemplate: systemd.Template,\n\t\t\tenabler: systemd.EnableDisableUnit,\n\t\t\tautoStartedIdentifier: systemd.AutoStartedUnitName,\n\t\t\trequestStart: systemd.RequestStart,\n\t\t\trequestStop: systemd.RequestStop,\n\t\t}\n\t}\n\t// TODO: add support for non-systemd Linux distros\n\treturn ¬SupportedManager{}\n}\n" }, { "path": "pkg/autostart/managers_others.go", "content": "//go:build !darwin && !linux\n\n// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage autostart\n\n// Manager returns a notSupportedManager for unsupported OSes.\nfunc Manager() autoStartManager {\n\treturn ¬SupportedManager{}\n}\n" }, { "path": "pkg/autostart/systemd/lima-vm@INSTANCE.service", "content": "[Unit]\nDescription=Lima - Linux virtual machines, with a focus on running containers.\nDocumentation=man:lima(1)\n\n[Service]\nExecStart={{.Binary}} start %i --foreground\nWorkingDirectory=%h\nType=simple\nTimeoutSec=10\nRestart=on-failure\n\n[Install]\nWantedBy=default.target\n" }, { "path": "pkg/autostart/systemd/systemd.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage systemd\n\nimport (\n\t\"context\"\n\t_ \"embed\"\n\t\"fmt\"\n\t\"os\"\n\t\"os/exec\"\n\t\"path/filepath\"\n\n\t\"github.com/sirupsen/logrus\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n)\n\n//go:embed lima-vm@INSTANCE.service\nvar Template string\n\n// GetUnitPath returns the path to the systemd unit file for the given instance name.\nfunc GetUnitPath(instName string) string {\n\t// Use instance name as argument to systemd service\n\t// Instance name available in unit file as %i\n\txdgConfigHome := os.Getenv(\"XDG_CONFIG_HOME\")\n\tif xdgConfigHome == \"\" {\n\t\txdgConfigHome = filepath.Join(os.Getenv(\"HOME\"), \".config\")\n\t}\n\treturn fmt.Sprintf(\"%s/systemd/user/%s\", xdgConfigHome, UnitNameFrom(instName))\n}\n\n// UnitNameFrom returns the systemd service name for the given instance name.\nfunc UnitNameFrom(instName string) string {\n\treturn fmt.Sprintf(\"lima-vm@%s.service\", instName)\n}\n\n// EnableDisableUnit enables or disables the systemd service for the given instance name.\nfunc EnableDisableUnit(ctx context.Context, enable bool, instName string) error {\n\taction := \"enable\"\n\tif !enable {\n\t\taction = \"disable\"\n\t}\n\treturn systemctl(ctx, \"--user\", action, UnitNameFrom(instName))\n}\n\nfunc systemctl(ctx context.Context, args ...string) error {\n\tcmd := exec.CommandContext(ctx, \"systemctl\", args...)\n\tcmd.Stdout = os.Stdout\n\tcmd.Stderr = os.Stderr\n\tlogrus.Debugf(\"running command: %v\", cmd.Args)\n\treturn cmd.Run()\n}\n\n// AutoStartedUnitName returns the systemd service name if the instance is started by systemd.\nfunc AutoStartedUnitName() string {\n\treturn CurrentUnitName()\n}\n\nfunc RequestStart(ctx context.Context, inst *limatype.Instance) error {\n\tif err := systemctl(ctx, \"--user\", \"start\", UnitNameFrom(inst.Name)); err != nil {\n\t\treturn fmt.Errorf(\"failed to start the instance %q via systemctl: %w\", inst.Name, err)\n\t}\n\treturn nil\n}\n\nfunc RequestStop(ctx context.Context, inst *limatype.Instance) (bool, error) {\n\tif inst.AutoStartedIdentifier == UnitNameFrom(inst.Name) {\n\t\tlogrus.Infof(\"Stopping the instance %q started by systemd\", inst.Name)\n\t\tif err := systemctl(ctx, \"--user\", \"stop\", inst.AutoStartedIdentifier); err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to stop the instance %q via systemctl: %w\", inst.Name, err)\n\t\t}\n\t\treturn true, nil\n\t}\n\treturn false, nil\n}\n" }, { "path": "pkg/autostart/systemd/systemd_linux.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage systemd\n\nimport (\n\t\"github.com/coreos/go-systemd/v22/util\"\n\t\"github.com/sirupsen/logrus\"\n)\n\nfunc CurrentUnitName() string {\n\tunit, err := util.CurrentUnitName()\n\tif err != nil {\n\t\tlogrus.WithError(err).Debug(\"cannot determine current systemd unit name\")\n\t}\n\treturn unit\n}\n\nfunc IsRunningSystemd() bool {\n\treturn util.IsRunningSystemd()\n}\n" }, { "path": "pkg/autostart/systemd/systemd_others.go", "content": "//go:build !linux\n\n// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage systemd\n\nfunc CurrentUnitName() string {\n\treturn \"\"\n}\n\nfunc IsRunningSystemd() bool {\n\treturn false\n}\n" }, { "path": "pkg/autostart/systemd/systemd_test.go", "content": "//go:build !windows\n\n// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage systemd\n\nimport (\n\t\"strings\"\n\t\"testing\"\n\n\t\"gotest.tools/v3/assert\"\n)\n\nfunc TestGetUnitPath(t *testing.T) {\n\ttests := []struct {\n\t\tName string\n\t\tInstanceName string\n\t\tExpected string\n\t}{\n\t\t{\n\t\t\tName: \"linux with docker instance name\",\n\t\t\tInstanceName: \"docker\",\n\t\t\tExpected: \".config/systemd/user/lima-vm@docker.service\",\n\t\t},\n\t}\n\tfor _, tt := range tests {\n\t\tt.Run(tt.Name, func(t *testing.T) {\n\t\t\tassert.Check(t, strings.HasSuffix(GetUnitPath(tt.InstanceName), tt.Expected))\n\t\t})\n\t}\n}\n" }, { "path": "pkg/bicopy/bicopy.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\n// From https://raw.githubusercontent.com/norouter/norouter/v0.6.5/pkg/agent/bicopy/bicopy.go\n/*\n Copyright (C) NoRouter authors.\n\n Copyright (C) libnetwork authors.\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n*/\n\npackage bicopy\n\nimport (\n\t\"io\"\n\t\"sync\"\n\n\t\"github.com/sirupsen/logrus\"\n)\n\n// Bicopy is from https://github.com/rootless-containers/rootlesskit/blob/v0.10.1/pkg/port/builtin/parent/tcp/tcp.go#L73-L104\n// (originally from libnetwork, Apache License 2.0).\nfunc Bicopy(x, y io.ReadWriter, quit <-chan struct{}) {\n\ttype closeReader interface {\n\t\tCloseRead() error\n\t}\n\ttype closeWriter interface {\n\t\tCloseWrite() error\n\t}\n\tvar wg sync.WaitGroup\n\tbroker := func(to, from io.ReadWriter) {\n\t\tif _, err := io.Copy(to, from); err != nil {\n\t\t\tlogrus.WithError(err).Debug(\"failed to call io.Copy\")\n\t\t}\n\t\tif fromCR, ok := from.(closeReader); ok {\n\t\t\tif err := fromCR.CloseRead(); err != nil {\n\t\t\t\tlogrus.WithError(err).Debug(\"failed to call CloseRead\")\n\t\t\t}\n\t\t}\n\t\tif toCW, ok := to.(closeWriter); ok {\n\t\t\tif err := toCW.CloseWrite(); err != nil {\n\t\t\t\tlogrus.WithError(err).Debug(\"failed to call CloseWrite\")\n\t\t\t}\n\t\t}\n\t\twg.Done()\n\t}\n\n\twg.Add(2)\n\tgo broker(x, y)\n\tgo broker(y, x)\n\tfinish := make(chan struct{})\n\tgo func() {\n\t\twg.Wait()\n\t\tclose(finish)\n\t}()\n\n\tselect {\n\tcase <-quit:\n\tcase <-finish:\n\t}\n\tif xCloser, ok := x.(io.Closer); ok {\n\t\tif err := xCloser.Close(); err != nil {\n\t\t\tlogrus.WithError(err).Debug(\"failed to call xCloser.Close\")\n\t\t}\n\t}\n\tif yCloser, ok := y.(io.Closer); ok {\n\t\tif err := yCloser.Close(); err != nil {\n\t\t\tlogrus.WithError(err).Debug(\"failed to call yCloser.Close\")\n\t\t}\n\t}\n\t<-finish\n\t// TODO: return copied bytes\n}\n" }, { "path": "pkg/cacheutil/cacheutil.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage cacheutil\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"path\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/downloader\"\n\t\"github.com/lima-vm/lima/v2/pkg/fileutils\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n)\n\n// NerdctlArchive returns the basename of the archive.\nfunc NerdctlArchive(y *limatype.LimaYAML) string {\n\tif *y.Containerd.System || *y.Containerd.User {\n\t\tfor _, f := range y.Containerd.Archives {\n\t\t\tif f.Arch == *y.Arch {\n\t\t\t\treturn path.Base(f.Location)\n\t\t\t}\n\t\t}\n\t}\n\treturn \"\"\n}\n\n// EnsureNerdctlArchiveCache prefetches the nerdctl-full-VERSION-GOOS-GOARCH.tar.gz archive\n// into the cache before launching the hostagent process, so that we can show the progress in tty.\n// https://github.com/lima-vm/lima/issues/326\nfunc EnsureNerdctlArchiveCache(ctx context.Context, y *limatype.LimaYAML, created bool) (string, error) {\n\tif !*y.Containerd.System && !*y.Containerd.User {\n\t\t// nerdctl archive is not needed\n\t\treturn \"\", nil\n\t}\n\n\terrs := make([]error, len(y.Containerd.Archives))\n\tfor i, f := range y.Containerd.Archives {\n\t\t// Skip downloading again if the file is already in the cache\n\t\tif created && f.Arch == *y.Arch && !downloader.IsLocal(f.Location) {\n\t\t\tpath, err := fileutils.CachedFile(f)\n\t\t\tif err == nil {\n\t\t\t\treturn path, nil\n\t\t\t}\n\t\t}\n\t\tpath, err := fileutils.DownloadFile(ctx, \"\", f, false, \"the nerdctl archive\", *y.Arch)\n\t\tif err != nil {\n\t\t\terrs[i] = err\n\t\t\tcontinue\n\t\t}\n\t\tif path == \"\" {\n\t\t\tif downloader.IsLocal(f.Location) {\n\t\t\t\treturn f.Location, nil\n\t\t\t}\n\t\t\treturn \"\", fmt.Errorf(\"cache did not contain %q\", f.Location)\n\t\t}\n\t\treturn path, nil\n\t}\n\n\treturn \"\", fileutils.Errors(errs)\n}\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.FreeBSD/05-lima-mounts.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# Populate mounts from the cidata.\n# This script is a workaround until nuageinit supports mounts.\n\nset -eux\n\nif ! grep -q '#LIMA-START' /etc/fstab; then\n\t\"${LIMA_CIDATA_MNT}\"/util.FreeBSD/print_cidata_fstab.lua >/etc/fstab.lima.tmp\n\tif [ -s /etc/fstab.lima.tmp ]; then\n\t\t{\n\t\t\techo \"#LIMA-START\"\n\t\t\tcat /etc/fstab.lima.tmp\n\t\t\techo \"#LIMA-END\"\n\t\t} >>/etc/fstab\n\tfi\n\trm -f /etc/fstab.lima.tmp\nfi\n\n# Run mkdir on every boot, as the mount points may be on tmpfs\nawk '/^[^#]/ && $2 != \"none\" {print $2}' /etc/fstab | while IFS= read -r line; do\n\tmkdir -p \"${line}\"\ndone\nmount -a\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/00-alpine-user-group.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\ntest -f /etc/alpine-release || exit 0\n\n# Make sure that root is in the sudoers file.\n# This is needed to run the user provisioning scripts.\nSUDOERS=/etc/sudoers.d/00-root-user\nif [ ! -f $SUDOERS ]; then\n\techo \"root ALL=(ALL) NOPASSWD:ALL\" >$SUDOERS\n\tchmod 660 $SUDOERS\nfi\n\n# Remove the user embedded in the image,\n# and use cloud-init for users and groups.\nif [ \"$LIMA_CIDATA_USER\" != \"alpine\" ]; then\n\tif [ \"$(id -u alpine 2>&1)\" = \"1000\" ]; then\n\t\tuserdel alpine\n\t\trmdir /home/alpine\n\t\tcloud-init clean --logs\n\t\treboot\n\tfi\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/00-check-rtc-and-wait-ntp.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu\n\n# In vz, the VM lacks an RTC when booting with a kernel image (see: https://developer.apple.com/forums/thread/760344).\n# This causes incorrect system time until NTP synchronizes it, leading to TLS errors.\n# To avoid TLS errors, this script waits for NTP synchronization if RTC is unavailable.\ntest ! -c /dev/rtc0 || exit 0\n\n# This script is intended for services running with systemd.\ncommand -v systemctl >/dev/null 2>&1 || exit 0\n\necho_with_time_usec() {\n\ttime_usec=$(timedatectl show --property=TimeUSec)\n\techo \"${time_usec}, ${1}\"\n}\n\n# For the first boot, where the above setting is not yet active, wait for NTP synchronization here.\nmax_retry=60 retry=0\nuntil ntp_synchronized=$(timedatectl show --property=NTPSynchronized --value) && [ \"${ntp_synchronized}\" = \"yes\" ] ||\n\t[ \"${retry}\" -gt \"${max_retry}\" ]; do\n\tif [ \"${retry}\" -eq 0 ]; then\n\t\t# If /dev/rtc is not available, the system time set during the Linux kernel build is used.\n\t\t# The larger the difference between this system time and the NTP server time, the longer the NTP synchronization will take.\n\t\t# By setting the system time to the modification time of the reference file, which is likely to be closer to the actual time,\n\t\treference_file=\"${LIMA_CIDATA_MNT:-/mnt/lima-cidata}/user-data\"\n\t\t[ -f \"${reference_file}\" ] || reference_file=\"${0}\"\n\n\t\t# the NTP synchronization time can be shortened.\n\t\techo_with_time_usec \"Setting the system time to the modification time of ${reference_file}.\"\n\n\t\t# To set the time to a specified time, it is necessary to stop systemd-timesyncd.\n\t\tsystemctl stop systemd-timesyncd\n\n\t\t# Since `timedatectl set-time` fails if systemd-timesyncd is not stopped,\n\t\t# ensure that it is completely stopped before proceeding.\n\t\tuntil pid_of_timesyncd=$(systemctl show systemd-timesyncd --property=MainPID --value) && [ \"${pid_of_timesyncd}\" -eq 0 ]; do\n\t\t\techo_with_time_usec \"Waiting for systemd-timesyncd to stop...\"\n\t\t\tsleep 1\n\t\tdone\n\n\t\t# Set the system time to the modification time of the reference file.\n\t\tmodification_time=$(stat -c %y \"${reference_file}\")\n\t\techo_with_time_usec \"Setting the system time to ${modification_time}.\"\n\t\ttimedatectl set-time \"${modification_time}\"\n\n\t\t# Restart systemd-timesyncd\n\t\tsystemctl start systemd-timesyncd\n\telse\n\t\techo_with_time_usec \"Waiting for NTP synchronization...\"\n\tfi\n\tretry=$((retry + 1))\n\tsleep 1\ndone\n# Print the result of NTP synchronization\nntp_message=$(timedatectl show-timesync --property=NTPMessage)\nif [ \"${ntp_synchronized}\" = \"yes\" ]; then\n\techo_with_time_usec \"NTP synchronization complete.\"\n\techo \"${ntp_message}\"\nelse\n\techo_with_time_usec \"NTP synchronization timed out.\"\n\techo \"${ntp_message}\"\n\texit 1\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/00-guest-home.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu\n\n# The default guest home directory is \"/home/${LIMA_CIDATA_USER}.guest\" since Lima 2.1.0.\n# The path was previously \"/home/${LIMA_CIDATA_USER}.linux\".\nif [ -d \"/home/${LIMA_CIDATA_USER}.guest\" ] && [ ! -e \"/home/${LIMA_CIDATA_USER}.linux\" ]; then\n\tln -s \"${LIMA_CIDATA_USER}.guest\" \"/home/${LIMA_CIDATA_USER}.linux\"\nfi\nif [ -d \"/home/${LIMA_CIDATA_USER}.linux\" ] && [ ! -e \"/home/${LIMA_CIDATA_USER}.guest\" ]; then\n\tln -s \"${LIMA_CIDATA_USER}.linux\" \"/home/${LIMA_CIDATA_USER}.guest\"\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/00-modprobe.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# Load modules as soon as the cloud-init starts up.\n# Because Arch Linux removes kernel module files when the kernel package was updated during running cloud-init :(\n\nset -eu\n\ncommand -v modprobe >/dev/null 2>&1 || exit 0\n\nfor f in \\\n\tfuse \\\n\ttun tap \\\n\tbridge veth \\\n\tip_tables ip6_tables iptable_nat ip6table_nat iptable_filter ip6table_filter \\\n\tnf_tables \\\n\tx_tables xt_MASQUERADE xt_addrtype xt_comment xt_conntrack xt_mark xt_multiport xt_nat xt_tcpudp \\\n\toverlay; do\n\techo \"Loading kernel module \\\"$f\\\"\"\n\tif ! modprobe \"$f\"; then\n\t\techo >&2 \"Failed to load \\\"$f\\\" (negligible if it is built-in the kernel)\"\n\tfi\ndone\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/00-reboot-if-required.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux\n\n[ \"$LIMA_CIDATA_UPGRADE_PACKAGES\" = \"1\" ] || exit 0\n\n# Check if cloud-init forgot to reboot_if_required\n# (only implemented for apt at the moment, not dnf)\n\nif command -v dnf >/dev/null 2>&1; then\n\t# dnf-utils needs to be installed, for needs-restarting\n\tif dnf -h needs-restarting >/dev/null 2>&1; then\n\t\t# check-update returns \"false\" (100) if updates (!)\n\t\tset +e\n\t\tdnf check-update >/dev/null\n\t\tif [ \"$?\" != \"1\" ]; then\n\t\t\t# needs-restarting messages are translated _()\n\t\t\texport LC_ALL=C.UTF-8\n\t\t\tlogfile=$(mktemp)\n\t\t\t# needs-restarting returns \"false\" if needed (!)\n\t\t\tset -o pipefail\n\t\t\tdnf needs-restarting -r | tee \"$logfile\"\n\t\t\tif [ \"$?\" = \"1\" ]; then\n\t\t\t\tif grep -q \"Reboot is required\" \"$logfile\"; then\n\t\t\t\t\tsystemctl reboot\n\t\t\t\tfi\n\t\t\tfi\n\t\t\trm \"$logfile\"\n\t\tfi\n\tfi\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/01-alpine-ash-as-bash.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# This script pretends that /bin/ash can be used as /bin/bash, so all following\n# cloud-init scripts can use `#!/bin/bash` and `set -o pipefail`.\ntest -f /etc/alpine-release || exit 0\n\n# If bash already exists, do nothing.\ntest -x /bin/bash && exit 0\n\n# Redirect bash to ash (built with CONFIG_ASH_BASH_COMPAT) and hope for the best :)\n# It does support `set -o pipefail`, but not `[[`.\n# /bin/bash can't be a symlink because /bin/ash is a symlink to /bin/busybox\ncat >/bin/bash <<'EOF'\n#!/bin/sh\nexec /bin/ash \"$@\"\nEOF\nchmod +x /bin/bash\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/04-persistent-data-volume.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# bash is used for enabling `set -o pipefail`.\n# NOTE: On Alpine, /bin/bash is ash with ASH_BASH_COMPAT, not GNU bash\nset -eux -o pipefail\n\n# Restrict the rest of this script to Alpine until it has been tested with other distros\ntest -f /etc/alpine-release || exit 0\n\n# Nothing to do unless we are running from a ramdisk\n[ \"$(awk '$2 == \"/\" {print $3}' /proc/mounts)\" != \"tmpfs\" ] && exit 0\n\n# Data directories that should be persisted across reboots\nDATADIRS=\"/etc /home /root /tmp /usr/local /var/lib\"\n\n# Prepare mnt.sh (used for restoring mounts later)\necho \"#!/bin/sh\" >/mnt.sh\necho \"set -eux\" >>/mnt.sh\nfor DIR in ${DATADIRS}; do\n\twhile IFS= read -r LINE; do\n\t\t[ -z \"$LINE\" ] && continue\n\t\tMNTDEV=\"$(echo \"${LINE}\" | awk '{print $1}')\"\n\t\t# unmangle \" \\t\\n\\\\#\"\n\t\t# https://github.com/torvalds/linux/blob/v6.6/fs/proc_namespace.c#L89\n\t\tMNTPNT=\"$(echo \"${LINE}\" | awk '{print $2}' | sed -e 's/\\\\040/ /g; s/\\\\011/\\t/g; s/\\\\012/\\n/g; s/\\\\134/\\\\/g; s/\\\\043/#/g')\"\n\t\t# Ignore if MNTPNT is neither DIR nor a parent directory of DIR.\n\t\t# It is not a parent if MNTPNT doesn't start with DIR, or the first\n\t\t# character after DIR isn't a slash.\n\t\tWITHOUT_DIR=\"${MNTPNT#\"$DIR\"}\"\n\t\t# shellcheck disable=SC2166\n\t\t[ \"$MNTPNT\" != \"$DIR\" ] && [ \"$MNTPNT\" == \"$WITHOUT_DIR\" -o \"${WITHOUT_DIR::1}\" != \"/\" ] && continue\n\t\tMNTTYPE=\"$(echo \"${LINE}\" | awk '{print $3}')\"\n\t\t[ \"${MNTTYPE}\" = \"ext4\" ] && continue\n\t\t[ \"${MNTTYPE}\" = \"tmpfs\" ] && continue\n\t\tMNTOPTS=\"$(echo \"${LINE}\" | awk '{print $4}')\"\n\t\tif [ \"${MNTTYPE}\" = \"9p\" ]; then\n\t\t\t# https://github.com/torvalds/linux/blob/v6.6/fs/9p/v9fs.h#L61\n\t\t\tMNTOPTS=\"$(echo \"${MNTOPTS}\" | sed -e 's/cache=8f,/cache=fscache,/; s/cache=f,/cache=loose,/; s/cache=5,/cache=mmap,/; s/cache=1,/cache=readahead,/; s/cache=0,/cache=none,/')\"\n\t\tfi\n\t\t# Before mv, unmount filesystems (virtiofs, 9p, etc.) below \"${DIR}\", otherwise host mounts will be wiped out\n\t\t# https://github.com/rancher-sandbox/rancher-desktop/issues/6582\n\t\tumount \"${MNTPNT}\" || exit 1\n\t\tMNTPNT=${MNTPNT//\\\\/\\\\\\\\}\n\t\tMNTPNT=${MNTPNT//\\\"/\\\\\\\"}\n\t\techo \"mount -t \\\"${MNTTYPE}\\\" -o \\\"${MNTOPTS}\\\" \\\"${MNTDEV}\\\" \\\"${MNTPNT}\\\"\" >>/mnt.sh\n\tdone /dev/null 2>&1 && command -v resize2fs >/dev/null 2>&1; then\n\t\t# Automatically expand the data volume filesystem\n\t\tgrowpart \"$DATA_DISK\" 1 || true\n\t\t# Only resize when filesystem is in a healthy state\n\t\tif e2fsck -f -p /dev/disk/by-label/data-volume; then\n\t\t\tresize2fs /dev/disk/by-label/data-volume || true\n\t\tfi\n\tfi\n\t# Mount data volume\n\tmount -t ext4 /dev/disk/by-label/data-volume /mnt/data\n\t# Update /etc files that might have changed during this boot\n\tcp /etc/network/interfaces /mnt/data/etc/network/\n\tcp /etc/resolv.conf /mnt/data/etc/\n\tif [ -f /etc/localtime ]; then\n\t\t# Preserve symlink\n\t\tcp -d /etc/localtime /mnt/data/etc/\n\t\t# setup-timezone copies the single zoneinfo file into /etc/zoneinfo and targets the symlink there\n\t\tif [ -d /etc/zoneinfo ]; then\n\t\t\trm -rf /mnt/data/etc/zoneinfo\n\t\t\tcp -r /etc/zoneinfo /mnt/data/etc\n\t\tfi\n\tfi\n\tif [ -f /etc/timezone ]; then\n\t\tcp /etc/timezone /mnt/data/etc/\n\tfi\n\t# TODO there are probably others that should be updated as well\nelse\n\t# Find an unpartitioned disk and create data-volume\n\tDISKS=$(lsblk --list --noheadings --output name,type | awk '$2 == \"disk\" {print $1}')\n\tfor DISK in ${DISKS}; do\n\t\tIN_USE=false\n\t\t# Looking for a disk that is not mounted or partitioned\n\t\t# shellcheck disable=SC2013\n\t\tfor PART in $(awk '/^\\/dev\\// {gsub(\"/dev/\", \"\"); print $1}' /proc/mounts); do\n\t\t\tif [ \"${DISK}\" == \"${PART}\" ] || [ -e /sys/block/\"${DISK}\"/\"${PART}\" ]; then\n\t\t\t\tIN_USE=true\n\t\t\t\tbreak\n\t\t\tfi\n\t\tdone\n\t\tif [ \"${IN_USE}\" == \"false\" ]; then\n\t\t\techo 'type=83' | sfdisk --label dos /dev/\"${DISK}\"\n\t\t\tPART=$(lsblk --list /dev/\"${DISK}\" --noheadings --output name,type | awk '$2 == \"part\" {print $1}')\n\t\t\tmkfs.ext4 -L data-volume /dev/\"${PART}\"\n\t\t\tmount -t ext4 /dev/disk/by-label/data-volume /mnt/data\n\t\t\t# setup apk package cache\n\t\t\tmkdir -p /mnt/data/apk/cache\n\t\t\tmkdir -p /etc/apk\n\t\t\tln -s /mnt/data/apk/cache /etc/apk/cache\n\t\t\t# Move all persisted directories to the data volume\n\t\t\tfor DIR in ${DATADIRS}; do\n\t\t\t\tDEST=\"/mnt/data$(dirname \"${DIR}\")\"\n\t\t\t\tmkdir -p \"${DIR}\" \"${DEST}\"\n\t\t\t\tmv \"${DIR}\" \"${DEST}\"\n\t\t\tdone\n\t\t\t# Make sure all data moved to the persistent volume has been committed to disk\n\t\t\tsync\n\t\t\tbreak\n\t\tfi\n\tdone\nfi\nfor DIR in ${DATADIRS}; do\n\tif [ -d /mnt/data\"${DIR}\" ]; then\n\t\tmkdir -p \"${DIR}\"\n\t\tmount --bind /mnt/data\"${DIR}\" \"${DIR}\"\n\tfi\ndone\n# Remount submounts on top of the new ${DIR}\n/mnt.sh\n# Reinstall packages from /mnt/data/apk/cache into the RAM disk\napk fix --no-network\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/05-lima-disks.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux -o pipefail\n\ntest \"$LIMA_CIDATA_DISKS\" -gt 0 || exit 0\n\nget_disk_var() {\n\tdiskvarname=\"LIMA_CIDATA_DISK_${1}_${2}\"\n\teval echo \\$\"$diskvarname\"\n}\n\nfor i in $(seq 0 $((LIMA_CIDATA_DISKS - 1))); do\n\tDISK_NAME=\"$(get_disk_var \"$i\" \"NAME\")\"\n\tDEVICE_NAME=\"$(get_disk_var \"$i\" \"DEVICE\")\"\n\tFORMAT_DISK=\"$(get_disk_var \"$i\" \"FORMAT\")\"\n\tFORMAT_FSTYPE=\"$(get_disk_var \"$i\" \"FSTYPE\")\"\n\tFORMAT_FSARGS=\"$(get_disk_var \"$i\" \"FSARGS\")\"\n\n\ttest -n \"$FORMAT_DISK\" || FORMAT_DISK=true\n\ttest -n \"$FORMAT_FSTYPE\" || FORMAT_FSTYPE=ext4\n\n\t# first time setup\n\tif [[ ! -b \"/dev/disk/by-label/lima-${DISK_NAME}\" ]]; then\n\t\tif $FORMAT_DISK; then\n\t\t\tif [ \"$FORMAT_FSTYPE\" == \"swap\" ]; then\n\t\t\t\techo 'type=swap' | sfdisk --label gpt \"/dev/${DEVICE_NAME}\"\n\t\t\t\t# shellcheck disable=SC2086\n\t\t\t\tmkswap $FORMAT_FSARGS -L \"lima-${DISK_NAME}\" \"/dev/${DEVICE_NAME}1\"\n\t\t\telse\n\t\t\t\techo 'type=linux' | sfdisk --label gpt \"/dev/${DEVICE_NAME}\"\n\t\t\t\t# shellcheck disable=SC2086\n\t\t\t\tmkfs.$FORMAT_FSTYPE $FORMAT_FSARGS -L \"lima-${DISK_NAME}\" \"/dev/${DEVICE_NAME}1\"\n\t\t\tfi\n\t\tfi\n\tfi\n\n\tif [ \"$FORMAT_FSTYPE\" == \"swap\" ]; then\n\t\tswapon \"/dev/${DEVICE_NAME}1\"\n\telse\n\t\tmkdir -p \"/mnt/lima-${DISK_NAME}\"\n\t\tmount -t \"$FORMAT_FSTYPE\" \"/dev/${DEVICE_NAME}1\" \"/mnt/lima-${DISK_NAME}\"\n\tfi\n\tif command -v growpart >/dev/null 2>&1 && command -v resize2fs >/dev/null 2>&1; then\n\t\tgrowpart \"/dev/${DEVICE_NAME}\" 1 || true\n\t\t# Only resize when filesystem is in a healthy state\n\t\tif command -v \"fsck.$FORMAT_FSTYPE\" -f -p \"/dev/disk/by-label/lima-${DISK_NAME}\"; then\n\t\t\tif [[ $FORMAT_FSTYPE == \"ext2\" || $FORMAT_FSTYPE == \"ext3\" || $FORMAT_FSTYPE == \"ext4\" ]]; then\n\t\t\t\tresize2fs \"/dev/disk/by-label/lima-${DISK_NAME}\" || true\n\t\t\telif [ \"$FORMAT_FSTYPE\" == \"xfs\" ]; then\n\t\t\t\txfs_growfs \"/dev/disk/by-label/lima-${DISK_NAME}\" || true\n\t\t\telse\n\t\t\t\techo >&2 \"WARNING: unknown fs '$FORMAT_FSTYPE'. FS will not be grew up automatically\"\n\t\t\tfi\n\t\tfi\n\tfi\ndone\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/05-lima-mounts.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux -o pipefail\n\n# Check if mount type is virtiofs and vm type as vz\nif ! [[ ${LIMA_CIDATA_VMTYPE} == \"vz\" && ${LIMA_CIDATA_MOUNTTYPE} == \"virtiofs\" ]]; then\n\texit 0\nfi\n\n# Update fstab entries and unmount/remount the volumes with secontext options\n# when selinux is enabled in kernel\nif [ -d /sys/fs/selinux ]; then\n\tLABEL_BIN=\"system_u:object_r:bin_t:s0\"\n\tLABEL_NFS=\"system_u:object_r:nfs_t:s0\"\n\t# shellcheck disable=SC2013\n\tfor line in $(grep -n virtiofs /proc/sys/fs/binfmt_misc/rosetta\n\t\t\t\tfi\n\t\t\t\tumount \"${TAG}\"\n\t\t\t\tmount -t virtiofs \"${TAG}\" \"${MOUNT_POINT}\" -o \"${OPTIONS}\"\n\t\t\tfi\n\t\tfi\n\tdone\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/06-enable-mdns-on-systemd.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux -o pipefail\n\n# Do nothing on OpenRC systems (e.g., Alpine Linux)\nif [[ -f /sbin/openrc-run ]]; then\n\texit 0\nfi\n\n# It depends on systemd-resolved\ncommand -v systemctl >/dev/null 2>&1 || exit 0\ncommand -v resolvectl >/dev/null 2>&1 || exit 0\n\n# Configure systemd-resolved to enable mDNS resolution globally\nenable_mdns_conf_path=/etc/systemd/resolved.conf.d/00-lima-enable-mdns.conf\nenable_mdns_conf_content=\"[Resolve]\nMulticastDNS=yes\n\"\n# Create /etc/systemd/resolved.conf.d/00-lima-enable-mdns.conf if its content is different\nif [ \"$(echo \"${enable_mdns_conf_content}\" | sha256sum)\" != \"$(sha256sum <\"${enable_mdns_conf_path}\" 2>/dev/null)\" ]; then\n\tmkdir -p \"$(dirname \"${enable_mdns_conf_path}\")\"\n\techo \"${enable_mdns_conf_content}\" >\"${enable_mdns_conf_path}\"\n\tsystemctl daemon-reload\n\tsystemctl restart systemd-resolved.service\nfi\n\n# On Ubuntu, systemd.network's configuration won't work.\n# See: https://unix.stackexchange.com/a/652582\n# So we need to enable mDNS per-link using resolvectl.\nfor iface in $(resolvectl status | sed -n -E 's/^Link +[0-9]+ \\(([^)]+)\\)/\\1/p'); do\n\t# This setting is volatile and will be lost on reboot, so we need to set it every time\n\tresolvectl mdns \"${iface}\" yes\ndone\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/06-etc-hosts.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux -o pipefail\n\n# Define host.lima.internal in case the hostResolver is disabled. When using\n# the hostResolver, the name is provided by the lima resolver itself because\n# it doesn't have access to /etc/hosts inside the VM.\nsed -i '/host.lima.internal/d' /etc/hosts\necho -e \"${LIMA_CIDATA_SLIRP_GATEWAY}\\thost.lima.internal\" >>/etc/hosts\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/07-etc-environment.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux\n\n# /etc/environment must be written after 04-persistent-data-volume.sh has run to\n# make sure the changes on a restart are applied to the persisted version.\n\norig=$(test ! -f /etc/environment || cat /etc/environment)\nif [ -e /etc/environment ]; then\n\tsed -i '/#LIMA-START/,/#LIMA-END/d' /etc/environment\nfi\ncat \"${LIMA_CIDATA_MNT}/etc_environment\" >>/etc/environment\n\n# It is possible that a requirements script has started an ssh session before\n# /etc/environment was updated, so we need to kill it to make sure it will\n# restart with the updated environment before \"linger\" is being enabled.\n\nif command -v loginctl >/dev/null 2>&1 && [ \"${orig}\" != \"$(cat /etc/environment)\" ]; then\n\tloginctl terminate-user \"${LIMA_CIDATA_USER}\" || true\nfi\n\n# Signal that provisioning is done. The instance ID changes on every boot,\n# so any value from a previous boot cycle will be different.\necho \"${LIMA_CIDATA_IID}\" >/run/lima-ssh-ready\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/08-shell-prompt.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux\n\n# This script is only intended for the default.yaml image, which is based on Ubuntu LTS\n\nif [ \"${LIMA_CIDATA_NAME}\" = \"default\" ] && command -v patch >/dev/null 2>&1 && grep -q color_prompt \"${LIMA_CIDATA_HOME}/.bashrc\"; then\n\n\t! grep -q \"^# Lima PS1\" \"${LIMA_CIDATA_HOME}/.bashrc\" || exit 0\n\n\t# Change the default shell prompt from \"green\" to \"lime green\" (#32CD32)\n\n\tpatch --forward -r - \"${LIMA_CIDATA_HOME}/.bashrc\" <<'EOF'\n@@ -37,7 +37,11 @@\n\n # set a fancy prompt (non-color, unless we know we \"want\" color)\n case \"$TERM\" in\n- xterm-color|*-256color) color_prompt=yes;;\n+ xterm-color) color_prompt=yes;;\n+ *-256color) color_prompt=256;;\n+esac\n+case \"$COLORTERM\" in\n+ truecolor) color_prompt=true;;\n esac\n\n # uncomment for a colored prompt, if the terminal has the capability; turned\n@@ -56,7 +60,12 @@\n fi\n fi\n\n-if [ \"$color_prompt\" = yes ]; then\n+# Lima PS1: set color to lime green\n+if [ \"$color_prompt\" = true ]; then\n+ PS1='${debian_chroot:+($debian_chroot)}\\[\\033[38;2;50;205;50m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '\n+elif [ \"$color_prompt\" = 256 ]; then\n+ PS1='${debian_chroot:+($debian_chroot)}\\[\\033[38;5;77m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '\n+elif [ \"$color_prompt\" = yes ]; then\n PS1='${debian_chroot:+($debian_chroot)}\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;34m\\]\\w\\[\\033[00m\\]\\$ '\n else\n PS1='${debian_chroot:+($debian_chroot)}\\u@\\h:\\w\\$ '\nEOF\n\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/09-host-dns-setup.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux\n\nreadonly chain=LIMADNS\n\nchain_exists() {\n\tiptables --table nat -n --list \"${chain}\" >/dev/null 2>&1\n}\n\n# Wait until iptables has been installed; 35-configure-packages.sh will call this script again\nif command -v iptables >/dev/null 2>&1; then\n\tif ! chain_exists; then\n\t\tiptables --table nat --new-chain ${chain}\n\t\tiptables --table nat --insert PREROUTING 1 --jump \"${chain}\"\n\t\tiptables --table nat --insert OUTPUT 1 --jump \"${chain}\"\n\tfi\n\n\t# Remove old rules\n\tiptables --table nat --flush ${chain}\n\t# Add rules for the existing ip:port\n\tif [ -n \"${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}\" ] && [ \"${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}\" -ne 0 ]; then\n\t\tiptables --table nat --append \"${chain}\" --destination \"${LIMA_CIDATA_SLIRP_DNS}\" --protocol udp --dport 53 --jump DNAT \\\n\t\t\t--to-destination \"${LIMA_CIDATA_SLIRP_GATEWAY}:${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}\"\n\tfi\n\tif [ -n \"${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}\" ] && [ \"${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}\" -ne 0 ]; then\n\t\tiptables --table nat --append \"${chain}\" --destination \"${LIMA_CIDATA_SLIRP_DNS}\" --protocol tcp --dport 53 --jump DNAT \\\n\t\t\t--to-destination \"${LIMA_CIDATA_SLIRP_GATEWAY}:${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}\"\n\tfi\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/10-alpine-prep.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux\n\n# This script prepares Alpine for lima; there is nothing in here for other distros\ntest -f /etc/alpine-release || exit 0\n\n# Configure apk repos\nBRANCH=edge\nVERSION_ID=$(awk -F= '$1==\"VERSION_ID\" {print $2}' /etc/os-release)\ncase ${VERSION_ID} in\n*_alpha* | *_beta*) BRANCH=edge ;;\n*.*.*) BRANCH=v${VERSION_ID%.*} ;;\nesac\n\nfor REPO in main community; do\n\tURL=\"https://dl-cdn.alpinelinux.org/alpine/${BRANCH}/${REPO}\"\n\tif ! grep -q \"^${URL}$\" /etc/apk/repositories; then\n\t\techo \"${URL}\" >>/etc/apk/repositories\n\tfi\ndone\n\n# Alpine comes with doas instead of sudo\nif ! command -v sudo >/dev/null 2>&1; then\n\tapk add sudo\nfi\n\n# Alpine doesn't use PAM so we need to explicitly allow public key auth\nusermod -p '*' \"${LIMA_CIDATA_USER}\"\n\n# Alpine disables TCP forwarding, which is needed by the lima-guestagent\nsed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config\n# Enable PAM so as to load /etc/environment via pam_env\nsed -i 's/#UsePAM no/UsePAM yes/g' /etc/ssh/sshd_config\nrc-service --ifstarted sshd reload\n\n# mount /sys/fs/cgroup\nrc-service cgroups start\n\n# `limactl stop` tells acpid to powerdown\nrc-update add acpid\nrc-service acpid start\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/11-colorterm-environment.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux\n\nif [ -d /etc/ssh/sshd_config.d ]; then\n\tif [ -e /etc/ssh/sshd_config.d/10-acceptenv-colorterm.conf ]; then\n\t\texit 0\n\tfi\n\n\t# accept any incoming COLORTERM environment variable\n\techo \"AcceptEnv COLORTERM\" >/etc/ssh/sshd_config.d/10-acceptenv-colorterm.conf\nelif [ -e /etc/ssh/sshd_config ]; then\n\tif grep -q \"COLORTERM\" /etc/ssh/sshd_config; then\n\t\texit 0\n\tfi\n\n\t# accept any incoming COLORTERM environment variable\n\tsed -i 's/^AcceptEnv LANG LC_\\*$/AcceptEnv COLORTERM LANG LC_*/' /etc/ssh/sshd_config\nelse\n\texit 0\nfi\n\nif [ -f /sbin/openrc-run ]; then\n\tif [ -f etc/init.d/ssh ]; then\n\t\trc-service --ifstarted ssh reload\n\telif [ -f etc/init.d/sshd ]; then\n\t\trc-service --ifstarted sshd reload\n\tfi\nelif command -v systemctl >/dev/null 2>&1; then\n\tif systemctl -q is-active ssh; then\n\t\tsystemctl reload ssh\n\telif systemctl -q is-active sshd; then\n\t\tsystemctl reload sshd\n\tfi\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/20-rootless-base.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux\n\n# This script does not work unless systemd is available\ncommand -v systemctl >/dev/null 2>&1 || exit 0\n\nif [ -O \"${LIMA_CIDATA_HOME}\" ]; then\n\t# Fix ownership of the user home directory when created by root.\n\t# In cases where mount points exist in the user's home directory, the home directory and\n\t# the mount points are created by root before the user is created. This leads to the home\n\t# directory being owned by root.\n\t# Following commands fix the ownership of the home directory and its contents (on the same filesystem)\n\t# is updated to the correct user.\n\t# shellcheck disable=SC2046 # it fails if find results are quoted.\n\tchown \"${LIMA_CIDATA_USER}\" $(find \"${LIMA_CIDATA_HOME}\" -xdev) ||\n\t\ttrue # Ignore errors because changing owner of the mount points may fail but it is not critical.\nfi\n\n# Set up env\nfor f in .profile .bashrc .zshrc; do\n\tif ! grep -q \"# Lima BEGIN\" \"${LIMA_CIDATA_HOME}/$f\"; then\n\t\tcat >>\"${LIMA_CIDATA_HOME}/$f\" <>\"${LIMA_CIDATA_HOME}/$f\" <>\"${LIMA_CIDATA_HOME}/$f\" <\"/etc/systemd/system/user@.service.d/lima.conf\" <>\"${sysctl_conf}\"\n\tfi\n\techo \"net.ipv4.ping_group_range = 0 2147483647\" >>\"${sysctl_conf}\"\n\techo \"net.ipv4.ip_unprivileged_port_start=0\" >>\"${sysctl_conf}\"\n\tsysctl --system\nfi\n\n# Set up subuid\nfor f in /etc/subuid /etc/subgid; do\n\t# systemd-homed expects the subuid range to be within 524288-1878982656 (0x80000-0x6fff0000).\n\t# See userdbctl.\n\t# 1073741824 (1G) is just an arbitrary number.\n\t# 1073741825-1878982656 is left blank for additional accounts.\n\tsubuid_begin=524288\n\t# https://github.com/moby/moby/issues/49810#issuecomment-2808108191\n\t[ \"${LIMA_CIDATA_UID}\" -ge \"${subuid_begin}\" ] && subuid_begin=\"$((LIMA_CIDATA_UID + 1))\"\n\tgrep -qw \"${LIMA_CIDATA_USER}\" $f || echo \"${LIMA_CIDATA_USER}:${subuid_begin}:1073741824\" >>$f\ndone\n\n# Start systemd session\nsystemctl start systemd-logind.service\nloginctl enable-linger \"${LIMA_CIDATA_USER}\"\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/25-guestagent-base.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux\n\nif [ \"${LIMA_CIDATA_MOUNTTYPE}\" = \"reverse-sshfs\" ]; then\n\t# Create mount points\n\t# NOTE: Busybox sh does not support `for ((i=0;i<$N;i++))` form\n\tfor f in $(seq 0 $((LIMA_CIDATA_MOUNTS - 1))); do\n\t\tmountpointvar=\"LIMA_CIDATA_MOUNTS_${f}_MOUNTPOINT\"\n\t\tmountpoint=\"$(eval echo \\$\"$mountpointvar\")\"\n\t\tmkdir -p \"${mountpoint}\"\n\t\tgid=$(id -g \"${LIMA_CIDATA_USER}\")\n\t\tchown \"${LIMA_CIDATA_UID}:${gid}\" \"${mountpoint}\"\n\tdone\nfi\n\n# Install or update the guestagent binary\nmkdir -p \"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}\"/bin\nguestagent_updated=false\nif [ \"$(sha256sum <\"${LIMA_CIDATA_MNT}\"/lima-guestagent)\" = \"$(sha256sum <\"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}\"/bin/lima-guestagent 2>/dev/null)\" ]; then\n\techo \"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}/bin/lima-guestagent is up-to-date\"\nelse\n\tinstall -m 755 \"${LIMA_CIDATA_MNT}\"/lima-guestagent \"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}\"/bin/lima-guestagent\n\tguestagent_updated=true\nfi\n\n# Launch the guestagent service\nif [ -f /sbin/openrc-run ]; then\n\tprint_config() {\n\t\t# Convert .env to conf.d by wrapping values in double quotes.\n\t\t# Split the variable and value at the first \"=\" to handle cases where the value contains additional \"=\" characters.\n\t\tsed -E 's/^([^=]+)=(.*)/\\1=\"\\2\"/' \"${LIMA_CIDATA_MNT}/lima.env\"\n\t}\n\tprint_script() {\n\t\t# the openrc lima-guestagent service script\n\t\tcat <<-'EOF'\n\t\t\t#!/sbin/openrc-run\n\t\t\tsupervisor=supervise-daemon\n\n\t\t\tlog_file=\"${log_file:-/var/log/${RC_SVCNAME}.log}\"\n\t\t\terr_file=\"${err_file:-${log_file}}\"\n\t\t\tlog_mode=\"${log_mode:-0644}\"\n\t\t\tlog_owner=\"${log_owner:-root:root}\"\n\n\t\t\tsupervise_daemon_args=\"${supervise_daemon_opts:---stderr \\\"${err_file}\\\" --stdout \\\"${log_file}\\\"}\"\n\n\t\t\tname=\"lima-guestagent\"\n\t\t\tdescription=\"Forward ports to the lima-hostagent\"\n\n\t\t\tcommand=${LIMA_CIDATA_GUEST_INSTALL_PREFIX}/bin/lima-guestagent\n\t\t\tcommand_args=\"daemon --debug=${LIMA_CIDATA_DEBUG} --vsock-port \\\"${LIMA_CIDATA_VSOCK_PORT}\\\" --virtio-port \\\"${LIMA_CIDATA_VIRTIO_PORT}\\\"\"\n\t\t\tcommand_background=true\n\t\t\tpidfile=\"/run/lima-guestagent.pid\"\n\t\tEOF\n\t}\n\tif [ \"${guestagent_updated}\" = \"false\" ] &&\n\t\t[ \"$(print_config | sha256sum)\" = \"$(sha256sum /dev/null)\" ] &&\n\t\t[ \"$(print_script | sha256sum)\" = \"$(sha256sum /dev/null)\" ]; then\n\t\techo \"lima-guestagent service already up-to-date\"\n\t\texit 0\n\tfi\n\n\tprint_config >/etc/conf.d/lima-guestagent\n\tprint_script >/etc/init.d/lima-guestagent\n\tchmod 755 /etc/init.d/lima-guestagent\n\n\trc-update add lima-guestagent default\n\trc-service --ifstarted lima-guestagent restart # restart if running, otherwise do nothing\n\trc-service --ifstopped lima-guestagent start # start if not running, otherwise do nothing\nelse\n\t# Remove legacy systemd service\n\trm -f \"${LIMA_CIDATA_HOME}/.config/systemd/user/lima-guestagent.service\"\n\n\tif [ \"${LIMA_CIDATA_VSOCK_PORT}\" != \"0\" ]; then\n\t\tsudo \"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}\"/bin/lima-guestagent install-systemd --debug=\"${LIMA_CIDATA_DEBUG}\" --guestagent-updated=\"${guestagent_updated}\" --vsock-port \"${LIMA_CIDATA_VSOCK_PORT}\"\n\telif [ \"${LIMA_CIDATA_VIRTIO_PORT}\" != \"\" ]; then\n\t\tsudo \"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}\"/bin/lima-guestagent install-systemd --debug=\"${LIMA_CIDATA_DEBUG}\" --guestagent-updated=\"${guestagent_updated}\" --virtio-port \"${LIMA_CIDATA_VIRTIO_PORT}\"\n\telse\n\t\tsudo \"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}\"/bin/lima-guestagent install-systemd --debug=\"${LIMA_CIDATA_DEBUG}\" --guestagent-updated=\"${guestagent_updated}\"\n\tfi\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/30-install-packages.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux\n\nINSTALL_IPTABLES=0\nif [ \"${LIMA_CIDATA_CONTAINERD_SYSTEM}\" = 1 ] || [ \"${LIMA_CIDATA_CONTAINERD_USER}\" = 1 ]; then\n\tINSTALL_IPTABLES=1\nfi\nif [ \"${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}\" -ne 0 ] || [ \"${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}\" -ne 0 ]; then\n\tINSTALL_IPTABLES=1\nfi\n\n# Install minimum dependencies\n# Run any user provided dependency scripts first\nif [ -d \"${LIMA_CIDATA_MNT}\"/provision.dependency ]; then\n\techo \"Detected dependency provisioning scripts, running before default dependency installation\"\n\tCODE=0\n\tfor f in \"${LIMA_CIDATA_MNT}\"/provision.dependency/*; do\n\t\tif ! \"$f\"; then\n\t\t\tCODE=1\n\t\tfi\n\tdone\n\tif [ $CODE != 0 ]; then\n\t\texit \"$CODE\"\n\tfi\nfi\n\n# apt-get detected through the first bytes of apt-get binary to ensure we're\n# matching to an actual binary and not a wrapper script. This case is an issue\n# on OpenSuse which wraps its own package manager in to a script named apt-get\n# to mimic certain options but doesn't offer full parameters compatibility\n# See : https://github.com/lima-vm/lima/pull/1014\nif [ \"${LIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION}\" = 1 ]; then\n\techo \"LIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION is set, skipping regular dependency installation\"\n\texit 0\nfi\n\nREMOUNT_VIRTIOFS=0\n\nif head -c 4 \"$(command -v apt-get)\" | grep -qP '\\x7fELF' >/dev/null 2>&1; then\n\tpkgs=\"\"\n\tif [ \"${LIMA_CIDATA_MOUNTTYPE}\" = \"reverse-sshfs\" ]; then\n\t\tif [ \"${LIMA_CIDATA_MOUNTS}\" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then\n\t\t\tpkgs=\"${pkgs} sshfs\"\n\t\tfi\n\tfi\n\tif [ \"${INSTALL_IPTABLES}\" = 1 ] && [ ! -e /usr/sbin/iptables ]; then\n\t\tpkgs=\"${pkgs} iptables\"\n\tfi\n\tif [ \"${LIMA_CIDATA_CONTAINERD_USER}\" = 1 ] && ! command -v newuidmap >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} uidmap fuse3 dbus-user-session\"\n\tfi\n\tif ! command -v rsync >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} rsync\"\n\tfi\n\tif [ -n \"${pkgs}\" ]; then\n\t\tDEBIAN_FRONTEND=noninteractive\n\t\texport DEBIAN_FRONTEND\n\t\tapt-get update\n\t\t# shellcheck disable=SC2086\n\t\tapt-get install -y --no-upgrade --no-install-recommends -q ${pkgs}\n\tfi\nelif command -v dnf >/dev/null 2>&1; then\n\tpkgs=\"\"\n\textrapkgs=\"\"\n\tif ! command -v tar >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} tar\"\n\tfi\n\tif [ \"${LIMA_CIDATA_MOUNTTYPE}\" = \"reverse-sshfs\" ]; then\n\t\tif [ \"${LIMA_CIDATA_MOUNTS}\" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then\n\t\t\t# fuse-sshfs is not included in EL\n\t\t\textrapkgs=\"${extrapkgs} fuse-sshfs\"\n\t\tfi\n\tfi\n\tif [ \"${INSTALL_IPTABLES}\" = 1 ] && [ ! -e /usr/sbin/iptables ]; then\n\t\tpkgs=\"${pkgs} iptables\"\n\tfi\n\tif [ \"${LIMA_CIDATA_CONTAINERD_USER}\" = 1 ]; then\n\t\tif ! command -v newuidmap >/dev/null 2>&1; then\n\t\t\tpkgs=\"${pkgs} shadow-utils\"\n\t\tfi\n\t\tif ! command -v mount.fuse3 >/dev/null 2>&1; then\n\t\t\tpkgs=\"${pkgs} fuse3\"\n\t\tfi\n\tfi\n\tif ! command -v rsync >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} rsync\"\n\tfi\n\tif [ -n \"${pkgs}\" ] || [ -n \"${extrapkgs}\" ]; then\n\t\tdnf_install_flags=\"-y --setopt=install_weak_deps=False\"\n\t\tepel_install_flags=\"\"\n\t\tif grep -q \"Oracle Linux Server release 8\" /etc/system-release; then\n\t\t\t# repo flag instead of enable repo to reduce metadata syncing on slow Oracle repos\n\t\t\tdnf_install_flags=\"${dnf_install_flags} --repo ol8_baseos_latest --repo ol8_codeready_builder\"\n\t\telif grep -q \"release 8\" /etc/system-release; then\n\t\t\tdnf_install_flags=\"${dnf_install_flags} --enablerepo powertools\"\n\t\telif grep -q \"Oracle Linux Server release 9\" /etc/system-release; then\n\t\t\t# shellcheck disable=SC2086\n\t\t\tdnf install ${dnf_install_flags} oracle-epel-release-el9\n\t\t\tdnf config-manager --disable ol9_developer_EPEL >/dev/null 2>&1\n\t\t\tepel_install_flags=\"${epel_install_flags} --enablerepo ol9_developer_EPEL\"\n\t\telif grep -q \"Oracle Linux Server release 10\" /etc/system-release; then\n\t\t\toraclelinux_version=\"$(awk '{print $5}' /etc/system-release)\"\n\t\t\toraclelinux_version_major=$(echo \"$oraclelinux_version\" | cut -d. -f1)\n\t\t\toraclelinux_version_minor=$(echo \"$oraclelinux_version\" | cut -d. -f2)\n\t\t\toraclelinux_epel_repo=\"ol${oraclelinux_version_major}_u${oraclelinux_version_minor}_developer_EPEL\"\n\t\t\t# shellcheck disable=SC2086\n\t\t\tdnf install ${dnf_install_flags} oracle-epel-release-el${oraclelinux_version_major}\n\t\t\tdnf config-manager --disable \"$oraclelinux_epel_repo\" >/dev/null 2>&1 || true\n\t\t\tepel_install_flags=\"${epel_install_flags} --enablerepo $oraclelinux_epel_repo\"\n\t\telif grep -q -E \"release (9|10)\" /etc/system-release; then\n\t\t\t# shellcheck disable=SC2086\n\t\t\tdnf install ${dnf_install_flags} epel-release\n\t\t\t# Disable the OpenH264 repository as well, by default\n\t\t\tdnf config-manager --disable epel\\* >/dev/null 2>&1\n\t\t\tepel_install_flags=\"${epel_install_flags} --enablerepo epel\"\n\t\tfi\n\t\tif grep -q \"Oracle Linux Server\" /etc/system-release && [ \"${LIMA_CIDATA_MOUNTTYPE}\" = \"virtiofs\" ]; then\n\t\t\t# Enable repositories like \"ol9_UEKR7\"\n\t\t\tfor repo in $(dnf -q repolist | awk '/UEK/NR>1{print $1}'); do\n\t\t\t\tepel_install_flags=\"${epel_install_flags} --enablerepo ${repo}\"\n\t\t\tdone\n\t\t\textrapkgs=\"${extrapkgs} kernel-uek-modules-$(uname -r)\"\n\t\t\tREMOUNT_VIRTIOFS=1\n\t\tfi\n\t\tif [ -n \"${pkgs}\" ]; then\n\t\t\t# shellcheck disable=SC2086\n\t\t\tdnf install ${dnf_install_flags} ${pkgs}\n\t\tfi\n\t\tif [ -n \"${extrapkgs}\" ]; then\n\t\t\t# shellcheck disable=SC2086\n\t\t\tdnf install ${dnf_install_flags} ${epel_install_flags} ${extrapkgs}\n\t\tfi\n\tfi\n\tif [ \"${LIMA_CIDATA_CONTAINERD_USER}\" = 1 ] && [ ! -e /usr/bin/fusermount ]; then\n\t\t# Workaround for https://github.com/containerd/stargz-snapshotter/issues/340\n\t\tln -s fusermount3 /usr/bin/fusermount\n\tfi\nelif command -v yum >/dev/null 2>&1; then\n\techo \"DEPRECATED: CentOS7 and others RHEL-like version 7 are unsupported and might be removed or stop to work in future lima releases\"\n\tpkgs=\"\"\n\tyum_install_flags=\"-y\"\n\tif ! rpm -ql epel-release >/dev/null 2>&1; then\n\t\tyum install ${yum_install_flags} epel-release\n\tfi\n\tif ! command -v tar >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} tar\"\n\tfi\n\tif [ \"${LIMA_CIDATA_MOUNTS}\" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} fuse-sshfs\"\n\tfi\n\tif [ \"${INSTALL_IPTABLES}\" = 1 ] && [ ! -e /usr/sbin/iptables ]; then\n\t\tpkgs=\"${pkgs} iptables\"\n\tfi\n\tif [ \"${LIMA_CIDATA_CONTAINERD_USER}\" = 1 ]; then\n\t\tif ! command -v newuidmap >/dev/null 2>&1; then\n\t\t\tpkgs=\"${pkgs} shadow-utils\"\n\t\tfi\n\t\tif ! command -v mount.fuse3 >/dev/null 2>&1; then\n\t\t\tpkgs=\"${pkgs} fuse3\"\n\t\tfi\n\tfi\n\tif ! command -v rsync >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} rsync\"\n\tfi\n\tif [ -n \"${pkgs}\" ]; then\n\t\t# shellcheck disable=SC2086\n\t\tyum install ${yum_install_flags} ${pkgs}\n\t\tyum-config-manager --disable epel >/dev/null 2>&1\n\tfi\nelif command -v pacman >/dev/null 2>&1; then\n\tpkgs=\"\"\n\tif [ \"${LIMA_CIDATA_MOUNTTYPE}\" = \"reverse-sshfs\" ]; then\n\t\tif [ \"${LIMA_CIDATA_MOUNTS}\" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then\n\t\t\tpkgs=\"${pkgs} sshfs\"\n\t\tfi\n\tfi\n\tif ! command -v rsync >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} rsync\"\n\tfi\n\t# other dependencies are preinstalled on Arch Linux\n\tif [ -n \"${pkgs}\" ]; then\n\t\t# shellcheck disable=SC2086\n\t\tpacman -Sy --noconfirm ${pkgs}\n\tfi\nelif command -v zypper >/dev/null 2>&1; then\n\tpkgs=\"\"\n\tif [ \"${LIMA_CIDATA_MOUNTTYPE}\" = \"reverse-sshfs\" ]; then\n\t\tif [ \"${LIMA_CIDATA_MOUNTS}\" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then\n\t\t\tpkgs=\"${pkgs} sshfs\"\n\t\tfi\n\tfi\n\tif [ \"${INSTALL_IPTABLES}\" = 1 ] && [ ! -e /usr/sbin/iptables ]; then\n\t\tpkgs=\"${pkgs} iptables\"\n\tfi\n\tif [ \"${LIMA_CIDATA_CONTAINERD_USER}\" = 1 ] && ! command -v mount.fuse3 >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} fuse3\"\n\tfi\n\tif ! command -v rsync >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} rsync\"\n\tfi\n\tif [ -n \"${pkgs}\" ]; then\n\t\t# shellcheck disable=SC2086\n\t\tzypper --non-interactive install -y --no-recommends ${pkgs}\n\tfi\nelif command -v apk >/dev/null 2>&1; then\n\tpkgs=\"\"\n\tif [ \"${LIMA_CIDATA_MOUNTTYPE}\" = \"reverse-sshfs\" ]; then\n\t\tif [ \"${LIMA_CIDATA_MOUNTS}\" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then\n\t\t\tpkgs=\"${pkgs} sshfs\"\n\t\tfi\n\tfi\n\tif [ \"${INSTALL_IPTABLES}\" = 1 ] && ! command -v iptables >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} iptables\"\n\tfi\n\tif ! command -v rsync >/dev/null 2>&1; then\n\t\tpkgs=\"${pkgs} rsync\"\n\tfi\n\tif [ -n \"${pkgs}\" ]; then\n\t\tapk update\n\t\t# shellcheck disable=SC2086\n\t\tapk add ${pkgs}\n\tfi\nfi\n\nif [ \"${REMOUNT_VIRTIOFS}\" = 1 ]; then\n\tmount -t virtiofs -a\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/35-setup-packages.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux\n\nupdate_fuse_conf() {\n\t# Modify /etc/fuse.conf (/etc/fuse3.conf) to allow \"-o allow_root\"\n\tif [ \"${LIMA_CIDATA_MOUNTS}\" -gt 0 ]; then\n\t\tfuse_conf=\"/etc/fuse.conf\"\n\t\tif [ -e /etc/fuse3.conf ]; then\n\t\t\tfuse_conf=\"/etc/fuse3.conf\"\n\t\tfi\n\t\tif ! grep -q \"^user_allow_other\" \"${fuse_conf}\"; then\n\t\t\techo \"user_allow_other\" >>\"${fuse_conf}\"\n\t\tfi\n\tfi\n}\n\n# update_fuse_conf has to be called after installing all the packages,\n# otherwise apt-get fails with conflict\nif [ \"${LIMA_CIDATA_MOUNTTYPE}\" = \"reverse-sshfs\" ]; then\n\tupdate_fuse_conf\nfi\n\nSETUP_DNS=0\nif [ -n \"${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}\" ] && [ \"${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}\" -ne 0 ]; then\n\tSETUP_DNS=1\nfi\nif [ -n \"${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}\" ] && [ \"${LIMA_CIDATA_TCP_DNS_LOCAL_PORT}\" -ne 0 ]; then\n\tSETUP_DNS=1\nfi\nif [ \"${SETUP_DNS}\" = 1 ]; then\n\t# Try to setup iptables rule again, in case we just installed iptables\n\t\"${LIMA_CIDATA_MNT}/boot.Linux/09-host-dns-setup.sh\"\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.Linux/40-install-containerd.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eux\n: \"${CONTAINERD_NAMESPACE:=default}\"\n# Overridable in .bashrc\n: \"${CONTAINERD_SNAPSHOTTER:=overlayfs}\"\n\nif [ \"${LIMA_CIDATA_CONTAINERD_SYSTEM}\" != 1 ] && [ \"${LIMA_CIDATA_CONTAINERD_USER}\" != 1 ]; then\n\texit 0\nfi\n\n# This script does not work unless systemd is available\ncommand -v systemctl >/dev/null 2>&1 || exit 0\n\n# Extract bin/nerdctl and compare whether it is newer than the current /usr/local/bin/nerdctl (if already exists).\n# Takes 4-5 seconds. (FIXME: optimize)\ntmp_extract_nerdctl=\"$(mktemp -d)\"\ntar Cxaf \"${tmp_extract_nerdctl}\" \"${LIMA_CIDATA_MNT}\"/\"${LIMA_CIDATA_CONTAINERD_ARCHIVE}\" bin/nerdctl\n\nif [ ! -f \"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}\"/bin/nerdctl ] || [[ \"${tmp_extract_nerdctl}\"/bin/nerdctl -nt \"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}\"/bin/nerdctl ]]; then\n\tif [ -f \"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}\"/bin/nerdctl ]; then\n\t\t(\n\t\t\tset +e\n\t\t\techo \"Upgrading existing nerdctl\"\n\t\t\techo \"- Old: $(\"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}\"/bin/nerdctl --version)\"\n\t\t\techo \"- New: $(\"${tmp_extract_nerdctl}\"/bin/nerdctl --version)\"\n\t\t\tsystemctl disable --now containerd default-buildkit stargz-snapshotter\n\t\t\tsudo -iu \"${LIMA_CIDATA_USER}\" \"XDG_RUNTIME_DIR=/run/user/${LIMA_CIDATA_UID}\" \"PATH=${PATH}\" \"CONTAINERD_NAMESPACE=${CONTAINERD_NAMESPACE}\" containerd-rootless-setuptool.sh uninstall-buildkit-containerd\n\t\t\tsudo -iu \"${LIMA_CIDATA_USER}\" \"XDG_RUNTIME_DIR=/run/user/${LIMA_CIDATA_UID}\" \"PATH=${PATH}\" containerd-rootless-setuptool.sh uninstall\n\t\t)\n\tfi\n\ttar Cxaf \"${LIMA_CIDATA_GUEST_INSTALL_PREFIX}\" \"${LIMA_CIDATA_MNT}\"/\"${LIMA_CIDATA_CONTAINERD_ARCHIVE}\"\n\n\tmkdir -p /etc/bash_completion.d\n\tnerdctl completion bash >/etc/bash_completion.d/nerdctl\n\t# TODO: enable zsh completion too\nfi\n\nrm -rf \"${tmp_extract_nerdctl}\"\n\nif [ \"${LIMA_CIDATA_CONTAINERD_SYSTEM}\" = 1 ]; then\n\tif [ ! -e /etc/containerd/config.toml ]; then\n\t\tmkdir -p /etc/containerd\n\t\tcat >\"/etc/containerd/config.toml\" <\"/etc/buildkit/buildkitd.toml\" <\"${LIMA_CIDATA_HOME}/.config/containerd/config.toml\" </dev/null 2>&1 && selinuxenabled; then\n\t\tselinux=1\n\tfi\n\tif [ ! -e \"/etc/apparmor.d/usr.local.bin.rootlesskit\" ] && [ -e \"/etc/apparmor.d/abi/4.0\" ] && [ -e \"/proc/sys/kernel/apparmor_restrict_unprivileged_userns\" ]; then\n\t\tcat >\"/etc/apparmor.d/usr.local.bin.rootlesskit\" <,\ninclude \n\n/usr/local/bin/rootlesskit flags=(unconfined) {\n userns,\n\n # Site-specific additions and overrides. See local/README for details.\n include if exists \n}\nEOF\n\t\tsystemctl restart apparmor.service\n\tfi\n\tif [ ! -e \"${LIMA_CIDATA_HOME}/.config/systemd/user/containerd.service\" ]; then\n\t\tuntil [ -e \"/run/user/${LIMA_CIDATA_UID}/systemd/private\" ]; do sleep 3; done\n\t\tif [ -n \"$selinux\" ]; then\n\t\t\techo \"Temporarily disabling SELinux, during installing containerd units\"\n\t\t\tsetenforce 0\n\t\tfi\n\t\tif [ \"$(sudo -iu \"${LIMA_CIDATA_USER}\" sh -ec 'systemctl --user show --property=RefuseManualStart --value dbus')\" != \"yes\" ]; then\n\t\t\tsudo -iu \"${LIMA_CIDATA_USER}\" \"XDG_RUNTIME_DIR=/run/user/${LIMA_CIDATA_UID}\" systemctl --user enable --now dbus\n\t\tfi\n\t\tsudo -iu \"${LIMA_CIDATA_USER}\" \"XDG_RUNTIME_DIR=/run/user/${LIMA_CIDATA_UID}\" \"PATH=${PATH}\" containerd-rootless-setuptool.sh install\n\t\tsudo -iu \"${LIMA_CIDATA_USER}\" \"XDG_RUNTIME_DIR=/run/user/${LIMA_CIDATA_UID}\" \"PATH=${PATH}\" \\\n\t\t\t\"CONTAINERD_NAMESPACE=${CONTAINERD_NAMESPACE}\" \"CONTAINERD_SNAPSHOTTER=${CONTAINERD_SNAPSHOTTER}\" \\\n\t\t\tcontainerd-rootless-setuptool.sh install-buildkit-containerd\n\n\t\t# $CONTAINERD_SNAPSHOTTER is configured in 20-rootless-base.sh, when the guest kernel is < 5.13, or the instance was created with Lima < 0.9.0.\n\t\tif [ \"$(sudo -iu \"${LIMA_CIDATA_USER}\" sh -ec 'echo $CONTAINERD_SNAPSHOTTER')\" = \"fuse-overlayfs\" ]; then\n\t\t\tsudo -iu \"${LIMA_CIDATA_USER}\" \"XDG_RUNTIME_DIR=/run/user/${LIMA_CIDATA_UID}\" \"PATH=${PATH}\" containerd-rootless-setuptool.sh install-fuse-overlayfs\n\t\tfi\n\n\t\tif compare_version.sh \"$(uname -r)\" -ge \"5.13\"; then\n\t\t\tsudo -iu \"${LIMA_CIDATA_USER}\" \"XDG_RUNTIME_DIR=/run/user/${LIMA_CIDATA_UID}\" \"PATH=${PATH}\" containerd-rootless-setuptool.sh install-stargz\n\t\telse\n\t\t\techo >&2 \"WARNING: the guest kernel seems older than 5.13. Skipping installing rootless stargz.\"\n\t\tfi\n\t\tif [ -n \"$selinux\" ]; then\n\t\t\techo \"Restoring SELinux\"\n\t\t\tsetenforce 1\n\t\tfi\n\tfi\nfi\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.essential.FreeBSD/00-freebsd-user-group.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\n# This script ensures that the user is created with the expected UID.\n# This script is needed because nuageinit does not create the user with the expected UID.\n\nset -eu\n\n[ \"$(stat -f %u \"${LIMA_CIDATA_HOME}\")\" = \"${LIMA_CIDATA_UID}\" ] && exit 0\n\npw usermod -n \"${LIMA_CIDATA_USER}\" -u \"${LIMA_CIDATA_UID}\"\ngid=\"$(id -g \"${LIMA_CIDATA_USER}\")\"\nchown -R \"${LIMA_CIDATA_UID}:${gid}\" \"${LIMA_CIDATA_HOME}\"\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/boot.sh", "content": "#!/bin/sh\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu\n\nINFO() {\n\techo \"LIMA $(date -Iseconds)| $*\"\n}\n\nWARNING() {\n\techo \"LIMA $(date -Iseconds)| WARNING: $*\"\n}\n\nUNAME=\"$(uname -s)\"\n\nRUN=\"/run\"\nif [ \"${UNAME}\" != \"Linux\" ]; then\n\tRUN=\"/var/run\"\nfi\nrm -f \"${RUN}/lima-boot-done\"\n\n# shellcheck disable=SC2163\nwhile read -r line; do [ -n \"$line\" ] && export \"$line\"; done <\"${LIMA_CIDATA_MNT}\"/lima.env\n# shellcheck disable=SC2163\nwhile read -r line; do [ -n \"$line\" ] && export \"$line\"; done <\"${LIMA_CIDATA_MNT}\"/param.env\n\n# shellcheck disable=SC2163\nwhile read -r line; do\n\t# pam_env implementation:\n\t# - '#' is treated the same as newline; terminates value\n\t# - skip leading tabs and spaces\n\t# - skip leading \"export \" prefix (only single space)\n\t# - skip leading quote ('\\'' or '\"') on the value side\n\t# - skip trailing quote only if leading quote has been skipped;\n\t# quotes don't need to match; trailing quote may be omitted\n\tline=\"$(echo \"$line\" | sed -E \"s/^[ \\\\t]*(export )?//; s/#.*//; s/(^[^=]+=)[\\\"'](.*[^\\\"'])?[\\\"']?$/\\1\\2/\")\"\n\t[ -n \"$line\" ] && export \"$line\"\ndone <\"${LIMA_CIDATA_MNT}\"/etc_environment\n\nPATH=\"${LIMA_CIDATA_MNT}\"/util:\"${PATH}\"\nexport PATH\n\nCODE=0\n\n# Don't make any changes to /etc or /var/lib until boot.Linux/04-persistent-data-volume.sh\n# has run because it might move the directories to /mnt/data on first boot. In that\n# case changes made on restart would be lost.\n\nrun_boot_scripts() {\n\tboot=\"$1\"\n\tif [ -e \"${boot}\" ]; then\n\t\tfor f in \"${boot}\"/*.sh; do\n\t\t\tINFO \"Executing $f\"\n\t\t\tif ! \"$f\"; then\n\t\t\t\tWARNING \"Failed to execute $f\"\n\t\t\t\tCODE=1\n\t\t\tfi\n\t\tdone\n\tfi\n}\n\n# The boot.essential.${UNAME} scripts are executed in plain mode too.\nrun_boot_scripts \"${LIMA_CIDATA_MNT}/boot.essential.${UNAME}\"\n\nif [ \"$LIMA_CIDATA_PLAIN\" = \"1\" ]; then\n\tINFO \"Plain mode. Skipping to run non-essential boot scripts. Provisioning scripts will be still executed. Guest agent will not be running.\"\nelse\n\trun_boot_scripts \"${LIMA_CIDATA_MNT}/boot.${UNAME}\"\nfi\n\n# indirect variable lookup, like ${!var} in bash\nderef() {\n\teval echo \\$\"$1\"\n}\n\nif [ -d \"${LIMA_CIDATA_MNT}\"/provision.data ]; then\n\tfor f in \"${LIMA_CIDATA_MNT}\"/provision.data/*; do\n\t\tfilename=$(basename \"$f\")\n\t\toverwrite=$(deref \"LIMA_CIDATA_DATAFILE_${filename}_OVERWRITE\")\n\t\towner=$(deref \"LIMA_CIDATA_DATAFILE_${filename}_OWNER\")\n\t\tpath=$(deref \"LIMA_CIDATA_DATAFILE_${filename}_PATH\")\n\t\tpermissions=$(deref \"LIMA_CIDATA_DATAFILE_${filename}_PERMISSIONS\")\n\t\tuser=\"${owner%%:*}\"\n\t\tif [ -e \"$path\" ] && [ \"$overwrite\" = \"false\" ]; then\n\t\t\tINFO \"Not overwriting $path\"\n\t\telse\n\t\t\tINFO \"Copying $f to $path\"\n\t\t\tif ! sudo -iu \"${user}\" mkdir -p \"$(dirname \"$path\")\"; then\n\t\t\t\tWARNING \"Failed to create directory for ${path} (as user ${user})\"\n\t\t\t\tWARNING \"Falling back to creating directory as root to maintain compatibility\"\n\t\t\t\tmkdir -p \"$(dirname \"$path\")\"\n\t\t\tfi\n\t\t\tcp \"$f\" \"$path\"\n\t\t\tchown \"$owner\" \"$path\"\n\t\t\tchmod \"$permissions\" \"$path\"\n\t\tfi\n\tdone\nfi\n\nif [ -d \"${LIMA_CIDATA_MNT}\"/provision.yq ]; then\n\tyq=\"${LIMA_CIDATA_MNT}/lima-guestagent yq\"\n\tfor f in \"${LIMA_CIDATA_MNT}\"/provision.yq/*; do\n\t\tfilename=$(basename \"${f}\")\n\t\tformat=$(deref \"LIMA_CIDATA_YQ_PROVISION_${filename}_FORMAT\")\n\t\towner=$(deref \"LIMA_CIDATA_YQ_PROVISION_${filename}_OWNER\")\n\t\tpath=$(deref \"LIMA_CIDATA_YQ_PROVISION_${filename}_PATH\")\n\t\tpermissions=$(deref \"LIMA_CIDATA_YQ_PROVISION_${filename}_PERMISSIONS\")\n\t\tuser=\"${owner%%:*}\"\n\t\t# Creating intermediate directories may fail if the user does not have permission.\n\t\t# TODO: Create intermediate directories with the specified group ownership.\n\t\tif ! sudo -iu \"${user}\" mkdir -p \"$(dirname \"${path}\")\"; then\n\t\t\tWARNING \"Failed to create directory for ${path} (as user ${user})\"\n\t\t\tCODE=1\n\t\t\tcontinue\n\t\tfi\n\t\t# Since CIDATA is mounted with dmode=700,fmode=700,\n\t\t# `lima-guestagent yq` cannot be executed by non-root users,\n\t\t# and provision.yq/* files cannot be read by non-root users.\n\t\tif [ -f \"${path}\" ]; then\n\t\t\tINFO \"Updating ${path}\"\n\t\t\t# If the user does not have write permission, it should fail.\n\t\t\t# This avoids changes being made by the wrong user.\n\t\t\tif ! sudo -iu \"${user}\" test -w \"${path}\"; then\n\t\t\t\tWARNING \"File ${path} is not writable by user ${user}\"\n\t\t\t\tCODE=1\n\t\t\t\tcontinue\n\t\t\tfi\n\t\t\t# Relies on the fact that yq does not change the owner of the existing file.\n\t\t\tif ! ${yq} --inplace --from-file \"${f}\" --input-format \"${format}\" --output-format \"${format}\" \"${path}\"; then\n\t\t\t\tWARNING \"Failed to update ${path} (as user ${user})\"\n\t\t\t\tCODE=1\n\t\t\t\tcontinue\n\t\t\tfi\n\t\telse\n\t\t\tif [ \"${format}\" = \"auto\" ]; then\n\t\t\t\t# yq can't determine the output format from non-existing files\n\t\t\t\tcase \"${path}\" in\n\t\t\t\t*.csv) format=csv ;;\n\t\t\t\t*.ini) format=ini ;;\n\t\t\t\t*.json) format=json ;;\n\t\t\t\t*.properties) format=properties ;;\n\t\t\t\t*.toml) format=toml ;;\n\t\t\t\t*.tsv) format=tsv ;;\n\t\t\t\t*.xml) format=xml ;;\n\t\t\t\t*.yaml | *.yml) format=yaml ;;\n\t\t\t\t*)\n\t\t\t\t\tformat=yaml\n\t\t\t\t\tWARNING \"Cannot determine file type for ${path}, using yaml format\"\n\t\t\t\t\t;;\n\t\t\t\tesac\n\t\t\tfi\n\t\t\tINFO \"Creating ${path}\"\n\t\t\tif ! ${yq} --null-input --from-file \"${f}\" --output-format \"${format}\" | sudo -iu \"${user}\" tee \"${path}\"; then\n\t\t\t\tWARNING \"Failed to create ${path} (as user ${user})\"\n\t\t\t\tCODE=1\n\t\t\t\tcontinue\n\t\t\tfi\n\t\tfi\n\t\tif ! sudo -iu \"${user}\" chown \"${owner}\" \"${path}\"; then\n\t\t\tWARNING \"Failed to set owner for ${path} (as user ${user})\"\n\t\t\tCODE=1\n\t\tfi\n\t\tif ! sudo -iu \"${user}\" chmod \"${permissions}\" \"${path}\"; then\n\t\t\tWARNING \"Failed to set permissions for ${path} (as user ${user})\"\n\t\t\tCODE=1\n\t\tfi\n\tdone\nfi\n\nif [ -d \"${LIMA_CIDATA_MNT}\"/provision.system ]; then\n\tfor f in \"${LIMA_CIDATA_MNT}\"/provision.system/*; do\n\t\tINFO \"Executing $f\"\n\t\tif ! \"$f\"; then\n\t\t\tWARNING \"Failed to execute $f\"\n\t\t\tCODE=1\n\t\tfi\n\tdone\nfi\n\nUSER_SCRIPT=\"${LIMA_CIDATA_HOME}/.lima-user-script\"\nif [ -d \"${LIMA_CIDATA_MNT}\"/provision.user ]; then\n\tif [ \"$UNAME\" = \"Linux\" ] && [ ! -f /sbin/openrc-run ]; then\n\t\tuntil [ -e \"/run/user/${LIMA_CIDATA_UID}/systemd/private\" ]; do sleep 3; done\n\tfi\n\tparams=$(grep -o '^PARAM_[^=]*' \"${LIMA_CIDATA_MNT}\"/param.env | paste -sd , -)\n\tfor f in \"${LIMA_CIDATA_MNT}\"/provision.user/*; do\n\t\tINFO \"Executing $f (as user ${LIMA_CIDATA_USER})\"\n\t\tcp \"$f\" \"${USER_SCRIPT}\"\n\t\tchown \"${LIMA_CIDATA_USER}\" \"${USER_SCRIPT}\"\n\t\tchmod 755 \"${USER_SCRIPT}\"\n\t\tXDG_RUNTIME_DIR_ENV=\n\t\tif [ \"${UNAME}\" = \"Linux\" ]; then\n\t\t\tXDG_RUNTIME_DIR_ENV=\"XDG_RUNTIME_DIR=/run/user/${LIMA_CIDATA_UID}\"\n\t\tfi\n\t\t# shellcheck disable=SC2086\n\t\tif ! sudo -iu \"${LIMA_CIDATA_USER}\" \"--preserve-env=${params}\" $XDG_RUNTIME_DIR_ENV \"${USER_SCRIPT}\"; then\n\t\t\tWARNING \"Failed to execute $f (as user ${LIMA_CIDATA_USER})\"\n\t\t\tCODE=1\n\t\tfi\n\t\trm \"${USER_SCRIPT}\"\n\tdone\nfi\n\n# Signal that provisioning is done. The instance ID changes on every boot,\n# so any value from a previous boot cycle will be different.\necho \"${LIMA_CIDATA_IID}\" >\"${RUN}/lima-boot-done\"\n\nINFO \"Exiting with code $CODE\"\nexit \"$CODE\"\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/etc_environment", "content": "#LIMA-START\n{{- range $key, $val := .Env}}\n{{$key}}={{$val}}\n{{- end}}\n#LIMA-END\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/lima.env", "content": "LIMA_CIDATA_DEBUG={{ .Debug }}\nLIMA_CIDATA_IID={{ .IID }}\nLIMA_CIDATA_NAME={{ .Name }}\nLIMA_CIDATA_USER={{ .User }}\nLIMA_CIDATA_UID={{ .UID }}\nLIMA_CIDATA_COMMENT={{ .Comment }}\nLIMA_CIDATA_HOME={{ .Home}}\nLIMA_CIDATA_SHELL={{ .Shell }}\nLIMA_CIDATA_HOSTHOME_MOUNTPOINT={{ .HostHomeMountPoint }}\nLIMA_CIDATA_MOUNTS={{ len .Mounts }}\n{{- range $i, $val := .Mounts}}\nLIMA_CIDATA_MOUNTS_{{$i}}_MOUNTPOINT={{$val.MountPoint}}\n{{- end}}\nLIMA_CIDATA_MOUNTTYPE={{ .MountType }}\nLIMA_CIDATA_DISKS={{ len .Disks }}\n{{- range $i, $disk := .Disks}}\nLIMA_CIDATA_DISK_{{$i}}_NAME={{$disk.Name}}\nLIMA_CIDATA_DISK_{{$i}}_DEVICE={{$disk.Device}}\nLIMA_CIDATA_DISK_{{$i}}_FORMAT={{$disk.Format}}\nLIMA_CIDATA_DISK_{{$i}}_FSTYPE={{$disk.FSType}}\nLIMA_CIDATA_DISK_{{$i}}_FSARGS={{range $j, $arg := $disk.FSArgs}}{{if $j}} {{end}}{{$arg}}{{end}}\n{{- end}}\n{{- range $dataFile := .DataFiles}}\nLIMA_CIDATA_DATAFILE_{{$dataFile.FileName}}_OVERWRITE={{$dataFile.Overwrite}}\nLIMA_CIDATA_DATAFILE_{{$dataFile.FileName}}_OWNER={{$dataFile.Owner}}\nLIMA_CIDATA_DATAFILE_{{$dataFile.FileName}}_PATH={{$dataFile.Path}}\nLIMA_CIDATA_DATAFILE_{{$dataFile.FileName}}_PERMISSIONS={{$dataFile.Permissions}}\n{{- end}}\n{{- range $yqProvision := .YQProvisions}}\nLIMA_CIDATA_YQ_PROVISION_{{$yqProvision.FileName}}_FORMAT={{$yqProvision.Format}}\nLIMA_CIDATA_YQ_PROVISION_{{$yqProvision.FileName}}_OWNER={{$yqProvision.Owner}}\nLIMA_CIDATA_YQ_PROVISION_{{$yqProvision.FileName}}_PATH={{$yqProvision.Path}}\nLIMA_CIDATA_YQ_PROVISION_{{$yqProvision.FileName}}_PERMISSIONS={{$yqProvision.Permissions}}\n{{- end}}\nLIMA_CIDATA_GUEST_INSTALL_PREFIX={{ .GuestInstallPrefix }}\n{{- if .UpgradePackages}}\nLIMA_CIDATA_UPGRADE_PACKAGES=1\n{{- else}}\nLIMA_CIDATA_UPGRADE_PACKAGES=\n{{- end}}\n{{- if .Containerd.User}}\nLIMA_CIDATA_CONTAINERD_USER=1\n{{- else}}\nLIMA_CIDATA_CONTAINERD_USER=\n{{- end}}\n{{- if .Containerd.System}}\nLIMA_CIDATA_CONTAINERD_SYSTEM=1\n{{- else}}\nLIMA_CIDATA_CONTAINERD_SYSTEM=\n{{- end}}\n{{- if or .Containerd.User .Containerd.System}}\nLIMA_CIDATA_CONTAINERD_ARCHIVE={{.Containerd.Archive}}\n{{- end}}\nLIMA_CIDATA_SLIRP_DNS={{.SlirpDNS}}\nLIMA_CIDATA_SLIRP_GATEWAY={{.SlirpGateway}}\nLIMA_CIDATA_SLIRP_IP_ADDRESS={{.SlirpIPAddress}}\nLIMA_CIDATA_UDP_DNS_LOCAL_PORT={{.UDPDNSLocalPort}}\nLIMA_CIDATA_TCP_DNS_LOCAL_PORT={{.TCPDNSLocalPort}}\nLIMA_CIDATA_ROSETTA_ENABLED={{.RosettaEnabled}}\nLIMA_CIDATA_ROSETTA_BINFMT={{.RosettaBinFmt}}\n{{- if .SkipDefaultDependencyResolution}}\nLIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION=1\n{{- else}}\nLIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION=\n{{- end}}\nLIMA_CIDATA_VMTYPE={{ .VMType }}\nLIMA_CIDATA_VSOCK_PORT={{ .VSockPort }}\nLIMA_CIDATA_VIRTIO_PORT={{ .VirtioPort}}\n{{- if .Plain}}\nLIMA_CIDATA_PLAIN=1\n{{- else}}\nLIMA_CIDATA_PLAIN=\n{{- end}}\n{{- if .NoCloudInit}}\nLIMA_CIDATA_NO_CLOUD_INIT=1\n{{- else}}\nLIMA_CIDATA_NO_CLOUD_INIT=\n{{- end}}\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/meta-data", "content": "instance-id: {{.IID}}\nlocal-hostname: {{.Hostname}}\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/network-config", "content": "version: 2\nethernets:\n {{- range $nw := .Networks}}\n {{$nw.Interface}}:\n match:\n macaddress: '{{$nw.MACAddress}}'\n dhcp4: true\n set-name: {{$nw.Interface}}\n dhcp4-overrides:\n route-metric: {{$nw.Metric}}\n dhcp-identifier: mac\n {{- if and (eq $nw.Interface $.SlirpNICName) (gt (len $.DNSAddresses) 0) }}\n nameservers:\n addresses:\n {{- range $ns := $.DNSAddresses }}\n - {{$ns}}\n {{- end }}\n {{- end }}\n {{- end }}\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/param.env", "content": "{{range $key, $val := .Param -}}\nPARAM_{{ $key }}={{ $val }}\n{{end -}}\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/user-data", "content": "#cloud-config\n# vim:syntax=yaml\n\ngrowpart:\n mode: auto\n devices: ['/']\n\n{{- if eq .OS \"FreeBSD\" }}\npackages:\n # boot.sh depends on sudo.\n # TODO: consider replacing sudo with doas.\n # FIXME: The hostagent script depends on sudo too.\n # https://github.com/lima-vm/lima/issues/4594\n - sudo\n{{- end }}\n\n{{- if .UpgradePackages }}\npackage_update: true\npackage_upgrade: true\npackage_reboot_if_required: true\n{{- end }}\n\n{{- if or .RosettaEnabled (and .Mounts (or (eq .MountType \"9p\") (eq .MountType \"virtiofs\"))) }}\nmounts:\n {{- if .RosettaEnabled }}{{/* Mount the rosetta volume before systemd-binfmt.service(8) starts */}}\n- [vz-rosetta, /mnt/lima-rosetta, virtiofs, defaults, \"0\", \"0\"]\n {{- end }}\n {{- if and .Mounts (or (eq .MountType \"9p\") (eq .MountType \"virtiofs\")) }}\n {{- range $m := $.Mounts}}\n- [{{$m.Tag}}, {{$m.MountPoint}}, {{$m.Type}}, \"{{$m.Options}}\", \"0\", \"0\"]\n {{- end }}\n {{- end }}\n{{- end }}\n\n{{- if .TimeZone }}\ntimezone: {{.TimeZone}}\n{{- end }}\n\nusers:\n - name: \"{{.User}}\"\n{{- if ne .OS \"FreeBSD\" }}\n # nuageinit does not support specifying the UID.\n # The UID is fixed up in boot.essential.FreeBSD/00-freebsd-user-group.sh\n uid: \"{{.UID}}\"\n{{- end }}\n{{- if .Comment }}\n gecos: {{ printf \"%q\" .Comment }}\n{{- end }}\n homedir: \"{{.Home}}\"\n shell: {{.Shell}}\n{{- if eq .OS \"Darwin\" }}\n {{/* On macOS, the password is not locked so as to allow GUI login. */}}\n {{/* Since the user can run sudo with their own password, basically we don't need to set up passwordless sudo. */}}\n {{/* However, it is still configured to allow `/sbin/shutdown -h now` without password, as it is invoked by `limactl stop` for graceful shutdown. */}}\n {{/* (Why doesn't macOS VM support graceful shutdown?) */}}\n sudo: ALL=(ALL) NOPASSWD:/sbin/shutdown -h now\n{{- else }}\n sudo: ALL=(ALL) NOPASSWD:ALL\n {{- if eq .OS \"FreeBSD\" }}\n groups:\n - wheel\n doas: permit nopass :wheel\n {{- end}}\n lock_passwd: true\n{{- end }}\n{{- if eq .OS \"FreeBSD\" }}\n ssh_authorized_keys:\n{{- else }}\n ssh-authorized-keys:\n{{- end }}\n {{- range $val := .SSHPubKeys }}\n - {{ printf \"%q\" $val }}\n {{- end }}\n\n{{- if .BootScripts }}\nwrite_files:\n - content: |\n #!/bin/sh\n set -eux\n LIMA_CIDATA_MNT=\"/mnt/lima-cidata\"\n UNAME=\"$(uname -s)\"\n if [ \"${UNAME}\" = \"Darwin\" ]; then\n LIMA_CIDATA_MNT=\"/Volumes/cidata\"\n # Should have been mounted automatically\n elif [ \"${UNAME}\" = \"FreeBSD\" ]; then\n LIMA_CIDATA_DEV=\"/dev/iso9660/cidata\"\n if [ ! -e \"${LIMA_CIDATA_DEV}\" ]; then\n # When the iso is created with `hdiutil` on macOS,\n # apparently the volume name becomes \"CIDATA\" not \"cidata\"\n LIMA_CIDATA_DEV=\"/dev/iso9660/CIDATA\"\n fi\n mkdir -p -m 700 \"${LIMA_CIDATA_MNT}\"\n mount_cd9660 -G wheel -U root -m 0700 -o ro,exec \"${LIMA_CIDATA_DEV}\" \"${LIMA_CIDATA_MNT}\"\n elif [ \"${UNAME}\" = \"Linux\" ]; then\n LIMA_CIDATA_DEV=\"/dev/disk/by-label/cidata\"\n mkdir -p -m 700 \"${LIMA_CIDATA_MNT}\"\n mount -o ro,mode=0700,dmode=0700,overriderockperm,exec,uid=0 \"${LIMA_CIDATA_DEV}\" \"${LIMA_CIDATA_MNT}\"\n else\n echo \"Unsupported OS: ${UNAME}\" >&2\n exit 1\n fi\n export LIMA_CIDATA_MNT\n exec \"${LIMA_CIDATA_MNT}\"/boot.sh\n{{- if or (eq .OS \"Darwin\") (eq .OS \"FreeBSD\") }}\n owner: root:wheel\n{{- else }}\n owner: root:root\n{{- end }}\n{{- if eq .OS \"FreeBSD\" }}\n # nuageinit requires the path to be under an existing directory\n path: /usr/sbin/lima-freebsd-init.sh\n{{- else }}\n path: /var/lib/cloud/scripts/per-boot/00-lima.boot.sh\n{{- end }}\n permissions: '0755'\n{{- if eq .OS \"FreeBSD\" }}\n # nuageinit does not run /var/lib/cloud/scripts/per-boot/* scripts\n - content: |\n #!/bin/sh\n\n # PROVIDE: lima_freebsd_init\n # REQUIRE: DAEMON\n # BEFORE: LOGIN\n\n . /etc/rc.subr\n\n name=\"lima_freebsd_init\"\n rcvar=\"lima_freebsd_init_enable\"\n command=\"/usr/sbin/lima-freebsd-init.sh\"\n\n load_rc_config \"$name\"\n run_rc_command \"$1\"\n owner: root:wheel\n path: /etc/rc.d/lima_freebsd_init\n permissions: '0755'\n - content: |\n lima_freebsd_init_enable=\"YES\"\n owner: root:wheel\n path: /etc/rc.conf.d/lima_freebsd_init\n permissions: '0644'\n{{- end }}\n{{- end }}\n\n{{- if .DNSAddresses }}\n# This has no effect on systems using systemd-resolved, but is used\n# on e.g. Alpine to set up /etc/resolv.conf on first boot.\n\nmanage_resolv_conf: true\n\nresolv_conf:\n nameservers:\n {{- range $ns := $.DNSAddresses }}\n - {{$ns}}\n {{- end }}\n{{- end }}\n\n{{- if or .CACerts.RemoveDefaults .CACerts.Trusted }}\n{{ with .CACerts }}\nca_certs:\n {{- if .RemoveDefaults }}\n remove_defaults: {{ .RemoveDefaults }}\n {{- end }}\n {{- if .Trusted}}\n trusted:\n {{- range $cert := .Trusted }}\n - |\n {{- range $line := $cert.Lines }}\n {{ $line }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n{{- end }}\n\n{{- if .BootCmds }}\nbootcmd:\n {{- range $cmd := $.BootCmds }}\n- |\n # We need to embed the params.env as a here-doc because /mnt/lima-cidata is not yet mounted\n while read -r line; do [ -n \"$line\" ] && export \"$line\"; done <<'EOF'\n {{- range $key, $val := $.Param }}\n PARAM_{{ $key }}={{ $val }}\n {{- end }}\n EOF\n {{- range $line := $cmd.Lines }}\n {{ $line }}\n {{- end }}\n {{- end }}\n{{- end }}\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/util/compare_version.sh", "content": "#!/bin/bash\n\n# SPDX-FileCopyrightText: Copyright The Lima Authors\n# SPDX-License-Identifier: Apache-2.0\n\nset -eu\n\n: \"${SELFTEST:=}\"\nif [ -n \"$SELFTEST\" ]; then\n\tunset SELFTEST\n\techo >&2 \"=== Running positive tests ===\"\n\t(\n\t\tset -x\n\t\t\"$0\" 0.1.2 -eq 0.1.2\n\t\t\"$0\" 0.1.2 -ne 0.1.3\n\t\t\"$0\" 0.1.2 -ge 0.1.1\n\t\t\"$0\" 0.1.2 -ge 0.1.2\n\t\t\"$0\" 0.1.10 -ge 0.1.9\n\t\t\"$0\" 0.1.2 -gt 0.1.1\n\t\t\"$0\" 0.1.10 -gt 0.1.9\n\t\t\"$0\" 0.1.2 -le 0.1.2\n\t\t\"$0\" 0.1.2 -le 0.1.3\n\t\t\"$0\" 0.1.2 -le 0.1.10\n\t\t\"$0\" 0.1.2 -lt 0.1.3\n\t\t\"$0\" 0.1.2 -lt 0.1.10\n\t)\n\techo >&2 \"=== Running negative tests ===\"\n\t(\n\t\tset -x\n\t\t\"$0\" 0.1.2 -eq 0.1.1 && false\n\t\t\"$0\" 0.1.2 -ne 0.1.2 && false\n\t\t\"$0\" 0.1.2 -ge 0.1.3 && false\n\t\t\"$0\" 0.1.2 -gt 0.1.2 && false\n\t\t\"$0\" 0.1.2 -le 0.1.1 && false\n\t\t\"$0\" 0.1.2 -lt 0.1.2 && false\n\t\ttrue\n\t)\n\texit 0\nfi\n\nif [ \"$#\" -ne 3 ]; then\n\techo >&2 \"Usage: $0 VERSION-A OP VERSION-B\"\n\techo >&2 \"Implemented operators: -eq, -ne, -ge, -gt, -le, -lt\"\n\techo >&2 \"\"\n\techo >&2 \"Example: $0 1.2.10 -ge 1.2.9\"\n\texit 1\nfi\n\nversion_a=\"$1\"\nop=\"$2\"\nversion_b=\"$3\"\n\nsorted=\"$(echo -ne \"${version_a}\\n${version_b}\\n\" | sort -V -r | head -n1)\"\ncase \"${op}\" in\n-eq)\n\t[ \"${version_a}\" = \"${version_b}\" ]\n\t;;\n-ne)\n\t[ \"${version_a}\" != \"${version_b}\" ]\n\t;;\n-ge)\n\t[ \"${version_a}\" = \"${sorted}\" ]\n\t;;\n-gt)\n\t[ \"${version_a}\" = \"${sorted}\" ] && [ \"${version_a}\" != \"${version_b}\" ]\n\t;;\n-le)\n\t[ \"${version_b}\" = \"${sorted}\" ]\n\t;;\n-lt)\n\t[ \"${version_b}\" = \"${sorted}\" ] && [ \"${version_a}\" != \"${version_b}\" ]\n\t;;\n*)\n\techo \"Unknown operator \\\"$op\\\"\"\n\texit 1\n\t;;\nesac\n" }, { "path": "pkg/cidata/cidata.TEMPLATE.d/util.FreeBSD/print_cidata_fstab.lua", "content": "#!/usr/libexec/flua\nlocal yaml = require(\"lyaml\")\nlocal fpath = \"/mnt/lima-cidata/user-data\"\nlocal f = io.open(fpath, \"r\")\nif not f then\n\terror(\"Could not open \" .. fpath)\nend\nlocal content = f:read(\"*a\")\nf:close()\nlocal config = yaml.load(content)\nfor i, row in ipairs(config.mounts) do\n\tfor j, value in ipairs(row) do\n\t\tio.write(value, \"\\t\")\n\tend\n\tio.write(\"\\n\")\nend\n" }, { "path": "pkg/cidata/cidata.go", "content": "// SPDX-FileCopyrightText: Copyright The Lima Authors\n// SPDX-License-Identifier: Apache-2.0\n\npackage cidata\n\nimport (\n\t\"compress/gzip\"\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"maps\"\n\t\"net\"\n\t\"net/url\"\n\t\"os\"\n\t\"path\"\n\t\"path/filepath\"\n\t\"slices\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n\t\"unicode\"\n\n\t\"github.com/docker/go-units\"\n\t\"github.com/sirupsen/logrus\"\n\n\t\"github.com/lima-vm/lima/v2/pkg/debugutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/driver\"\n\t\"github.com/lima-vm/lima/v2/pkg/instance/hostname\"\n\t\"github.com/lima-vm/lima/v2/pkg/iso9660util\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype\"\n\t\"github.com/lima-vm/lima/v2/pkg/limatype/filenames\"\n\t\"github.com/lima-vm/lima/v2/pkg/limayaml\"\n\t\"github.com/lima-vm/lima/v2/pkg/localpathutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/networks\"\n\t\"github.com/lima-vm/lima/v2/pkg/networks/usernet\"\n\t\"github.com/lima-vm/lima/v2/pkg/osutil\"\n\t\"github.com/lima-vm/lima/v2/pkg/sshutil\"\n)\n\nvar netLookupIP = func(host string) []net.IP {\n\tips, err := net.LookupIP(host)\n\tif err != nil {\n\t\tlogrus.Debugf(\"net.LookupIP %s: %s\", host, err)\n\t\treturn nil\n\t}\n\n\treturn ips\n}\n\nfunc setupEnv(instConfigEnv map[string]string, propagateProxyEnv bool, slirpGateway string) (map[string]string, error) {\n\t// Start with the proxy variables from the system settings.\n\tenv, err := osutil.ProxySettings()\n\tif err != nil {\n\t\treturn env, err\n\t}\n\t// env.* settings from lima.yaml override system settings without giving a warning\n\tmaps.Copy(env, instConfigEnv)\n\t// Current process environment setting override both system settings and env.*\n\tlowerVars := []string{\"ftp_proxy\", \"http_proxy\", \"https_proxy\", \"no_proxy\"}\n\tupperVars := make([]string, len(lowerVars))\n\tfor i, name := range lowerVars {\n\t\tupperVars[i] = strings.ToUpper(name)\n\t}\n\tif propagateProxyEnv {\n\t\tfor _, name := range append(lowerVars, upperVars...) {\n\t\t\tif value, ok := os.LookupEnv(name); ok {\n\t\t\t\tif _, ok := env[name]; ok && value != env[name] {\n\t\t\t\t\tlogrus.Infof(\"Overriding %q value %q with %q from limactl process environment\",\n\t\t\t\t\t\tname, env[name], value)\n\t\t\t\t}\n\t\t\t\tenv[name] = value\n\t\t\t}\n\t\t}\n\t}\n\t// Replace IP that IsLoopback in proxy settings with the gateway address\n\t// Delete settings with empty values, so the user can choose to ignore system settings.\n\tfor _, name := range append(lowerVars, upperVars...) {\n\t\tvalue, ok := env[name]\n\t\tif ok && value == \"\" {\n\t\t\tdelete(env, name)\n\t\t} else if ok && !strings.EqualFold(name, \"no_proxy\") {\n\t\t\tu, err := url.Parse(value)\n\t\t\tif err != nil {\n\t\t\t\tlogrus.Warnf(\"Ignoring invalid proxy %q=%v: %s\", name, value, err)\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tfor _, ip := range netLookupIP(u.Hostname()) {\n\t\t\t\tif ip.IsLoopback() {\n\t\t\t\t\tnewHost := slirpGateway\n\t\t\t\t\tif u.Port() != \"\" {\n\t\t\t\t\t\tnewHost = net.JoinHostPort(newHost, u.Port())\n\t\t\t\t\t}\n\t\t\t\t\tu.Host = newHost\n\t\t\t\t\tvalue = u.String()\n\t\t\t\t}\n\t\t\t}\n\t\t\tif value != env[name] {\n\t\t\t\tlogrus.Infof(\"Replacing %q value %q with %q\", name, env[name], value)\n\t\t\t\tenv[name] = value\n\t\t\t}\n\t\t}\n\t}\n\t// Make sure uppercase variants have the same value as lowercase ones.\n\t// If both are set, the lowercase variant value takes precedence.\n\tfor _, lowerName := range lowerVars {\n\t\tupperName := strings.ToUpper(lowerName)\n\t\tif _, ok := env[lowerName]; ok {\n\t\t\tif _, ok := env[upperName]; ok && env[lowerName] != env[upperName] {\n\t\t\t\tlogrus.Warnf(\"Changing %q value from %q to %q to match %q\",\n\t\t\t\t\tupperName, env[upperName], env[lowerName], lowerName)\n\t\t\t}\n\t\t\tenv[upperName] = env[lowerName]\n\t\t} else if _, ok := env[upperName]; ok {\n\t\t\tenv[lowerName] = env[upperName]\n\t\t}\n\t}\n\treturn env, nil\n}\n\nfunc templateArgs(ctx context.Context, bootScripts bool, instDir, name string, instConfig *limatype.LimaYAML, udpDNSLocalPort, tcpDNSLocalPort, vsockPort int, virtioPort string, noCloudInit, rosettaEnabled, rosettaBinFmt bool) (*TemplateArgs, error) {\n\tif err := limayaml.Validate(instConfig, false); err != nil {\n\t\treturn nil, err\n\t}\n\tarchive := \"nerdctl-full.tgz\"\n\targs := TemplateArgs{\n\t\tDebug: debugutil.Debug,\n\t\tOS: *instConfig.OS,\n\t\tBootScripts: bootScripts,\n\t\tName: name,\n\t\tHostname: hostname.FromInstName(name), // TODO: support customization\n\t\tUser: *instConfig.User.Name,\n\t\tComment: removeControlChars(*instConfig.User.Comment),\n\t\tHome: *instConfig.User.Home,\n\t\tShell: *instConfig.User.Shell,\n\t\tUID: *instConfig.User.UID,\n\t\tGuestInstallPrefix: *instConfig.GuestInstallPrefix,\n\t\tUpgradePackages: *instConfig.UpgradePackages,\n\t\tContainerd: Containerd{System: *instConfig.Containerd.System, User: *instConfig.Containerd.User, Archive: archive},\n\t\tSlirpNICName: networks.SlirpNICName,\n\n\t\tVMType: *instConfig.VMType,\n\t\tVSockPort: vsockPort,\n\t\tVirtioPort: virtioPort,\n\t\tRosettaEnabled: rosettaEnabled,\n\t\tRosettaBinFmt: rosettaBinFmt,\n\t\tPlain: *instConfig.Plain,\n\t\tTimeZone: *instConfig.TimeZone,\n\t\tNoCloudInit: noCloudInit,\n\t\tParam: instConfig.Param,\n\t}\n\n\tfirstUsernetIndex := limayaml.FirstUsernetIndex(instConfig)\n\tvar subnet net.IP\n\tvar err error\n\n\tif firstUsernetIndex != -1 {\n\t\tusernetName := instConfig.Networks[firstUsernetIndex].Lima\n\t\tsubnet, err = usernet.Subnet(usernetName)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\targs.SlirpGateway = usernet.GatewayIP(subnet)\n\t\targs.SlirpDNS = usernet.GatewayIP(subnet)\n\t} else {\n\t\tsubnet, _, err = net.ParseCIDR(networks.SlirpNetwork)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\targs.SlirpGateway = usernet.GatewayIP(subnet)\n\t\tif *instConfig.VMType == limatype.VZ {\n\t\t\targs.SlirpDNS = usernet.GatewayIP(subnet)\n\t\t} else {\n\t\t\targs.SlirpDNS = usernet.DNSIP(subnet)\n\t\t}\n\t\targs.SlirpIPAddress = networks.SlirpIPAddress\n\t}\n\n\t// change instance id on every boot so network config will be processed again\n\targs.IID = fmt.Sprintf(\"iid-%d\", time.Now().Unix())\n\n\tpubKeys, err := sshutil.DefaultPubKeys(ctx, *instConfig.SSH.LoadDotSSHPubKeys)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tif len(pubKeys) == 0 {\n\t\treturn nil, errors.New(\"no SSH key was found, run `ssh-keygen`\")\n\t}\n\tfor _, f := range pubKeys {\n\t\targs.SSHPubKeys = append(args.SSHPubKeys, f.Content)\n\t}\n\n\tvar fstype string\n\tswitch *instConfig.MountType {\n\tcase limatype.REVSSHFS:\n\t\tfstype = \"sshfs\"\n\tcase limatype.NINEP:\n\t\tfstype = \"9p\"\n\t\tif *instConfig.OS == limatype.FREEBSD {\n\t\t\tfstype = \"p9fs\"\n\t\t}\n\tcase limatype.VIRTIOFS:\n\t\tfstype = \"virtiofs\"\n\t}\n\thostHome, err := localpathutil.Expand(\"~\")\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tfor _, f := range instConfig.Mounts {\n\t\ttag := limayaml.MountTag(f.Location, *f.MountPoint)\n\t\toptions := \"rw\"\n\t\tif *instConfig.OS == limatype.LINUX {\n\t\t\toptions = \"defaults\"\n\t\t}\n\t\tswitch fstype {\n\t\tcase \"9p\", \"p9fs\", \"virtiofs\":\n\t\t\toptions = \"ro\"\n\t\t\tif *f.Writable {\n\t\t\t\toptions = \"rw\"\n\t\t\t}\n\t\t\tif fstype == \"9p\" {\n\t\t\t\toptions += \",trans=virtio\"\n\t\t\t\toptions += fmt.Sprintf(\",version=%s\", *f.NineP.ProtocolVersion)\n\t\t\t\tmsize, err := units.RAMInBytes(*f.NineP.Msize)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, fmt.Errorf(\"failed to parse msize for %q: %w\", f.Location, err)\n\t\t\t\t}\n\t\t\t\toptions += fmt.Sprintf(\",msize=%d\", msize)\n\t\t\t\toptions += fmt.Sprintf(\",cache=%s\", *f.NineP.Cache)\n\t\t\t}\n\t\t\t// don't fail the boot, if virtfs is not available\n\t\t\tswitch *instConfig.OS {\n\t\t\tcase limatype.LINUX:\n\t\t\t\toptions += \",nofail\"\n\t\t\tcase limatype.FREEBSD:\n\t\t\t\toptions += \",failok\"\n\t\t\t}\n\t\t}\n\t\targs.Mounts = append(args.Mounts, Mount{Tag: tag, MountPoint: *f.MountPoint, Type: fstype, Options: options})\n\t\tif f.Location == hostHome {\n\t\t\targs.HostHomeMountPoint = *f.MountPoint\n\t\t}\n\t}\n\n\tswitch *instConfig.MountType {\n\tcase limatype.REVSSHFS:\n\t\targs.MountType = \"reverse-sshfs\"\n\tcase limatype.NINEP:\n\t\targs.MountType = \"9p\"\n\tcase limatype.VIRTIOFS:\n\t\targs.MountType = \"virtiofs\"\n\t}\n\n\tfor i, d := range instConfig.AdditionalDisks {\n\t\tformat := true\n\t\tif d.Format != nil {\n\t\t\tformat = *d.Format\n\t\t}\n\t\tfstype := \"\"\n\t\tif d.FSType != nil {\n\t\t\tfstype = *d.FSType\n\t\t}\n\t\targs.Disks = append(args.Disks, Disk{\n\t\t\tName: d.Name,\n\t\t\tDevice: diskDeviceNameFromOrder(i),\n\t\t\tFormat: format,\n\t\t\tFSType: fstype,\n\t\t\tFSArgs: d.FSArgs,\n\t\t})\n\t}\n\n\targs.Networks = append(args.Networks, Network{MACAddress: limayaml.MACAddress(instDir), Interface: networks.SlirpNICName, Metric: 200})\n\tfor i, nw := range instConfig.Networks {\n\t\tif i == firstUsernetIndex {\n\t\t\tcontinue\n\t\t}\n\t\targs.Networks = append(args.Networks, Network{MACAddress: nw.MACAddress, Interface: nw.Interface, Metric: *nw.Metric})\n\t}\n\n\targs.Env, err = setupEnv(instConfig.Env, *instConfig.PropagateProxyEnv, args.SlirpGateway)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tswitch {\n\tcase len(instConfig.DNS) > 0:\n\t\tfor _, addr := range instConfig.DNS {\n\t\t\targs.DNSAddresses = append(args.DNSAddresses, addr.String())\n\t\t}\n\tcase firstUsernetIndex != -1 || *instConfig.VMType == limatype.VZ:\n\t\targs.DNSAddresses = append(args.DNSAddresses, args.SlirpDNS)\n\tcase *instConfig.HostResolver.Enabled:\n\t\targs.UDPDNSLocalPort = udpDNSLocalPort\n\t\targs.TCPDNSLocalPort = tcpDNSLocalPort\n\t\targs.DNSAddresses = append(args.DNSAddresses, args.SlirpDNS)\n\tdefault:\n\t\targs.DNSAddresses, err = osutil.DNSAddresses()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\targs.CACerts.RemoveDefaults = instConfig.CACertificates.RemoveDefaults\n\n\tfor _, path := range instConfig.CACertificates.Files {\n\t\texpanded, err := localpathutil.Expand(path)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tcontent, err := os.ReadFile(expanded)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tcert := getCert(string(content))\n\t\targs.CACerts.Trusted = append(args.CACerts.Trusted, cert)\n\t}\n\n\tfor _, content := range instConfig.CACertificates.Certs {\n\t\tcert := getCert(content)\n\t\targs.CACerts.Trusted = append(args.CACerts.Trusted, cert)\n\t}\n\n\t// Remove empty caCerts (default values) from configuration yaml\n\tif !*args.CACerts.RemoveDefaults && len(args.CACerts.Trusted) == 0 {\n\t\targs.CACerts.RemoveDefaults = nil\n\t\targs.CACerts.Trusted = nil\n\t}\n\n\targs.BootCmds = getBootCmds(instConfig.Provision)\n\n\tfor i, f := range instConfig.Provision {\n\t\tif f.Mode == limatype.ProvisionModeDependency && *f.SkipDefaultDependencyResolution {\n\t\t\targs.SkipDefaultDependencyResolution = true\n\t\t}\n\t\tif f.Mode == limatype.ProvisionModeData {\n\t\t\targs.DataFiles = append(args.DataFiles, DataFile{\n\t\t\t\tFileName: fmt.Sprintf(\"%08d\", i),\n\t\t\t\tOverwrite: strconv.FormatBool(*f.Overwrite),\n\t\t\t\tOwner: *f.Owner,\n\t\t\t\tPath: *f.Path,\n\t\t\t\tPermissions: *f.Permissions,\n\t\t\t})\n\t\t}\n\t\tif f.Mode == limatype.ProvisionModeYQ {\n\t\t\targs.YQProvisions = append(args.YQProvisions, YQProvision{\n\t\t\t\tFileName: fmt.Sprintf(\"%08d\", i),\n\t\t\t\tFormat: *f.Format,\n\t\t\t\tOwner: *f.Owner,\n\t\t\t\tPath: *f.Path,\n\t\t\t\tPermissions: *f.Permissions,\n\t\t\t})\n\t\t}\n\t}\n\n\treturn &args, nil\n}\n\nfunc GenerateCloudConfig(ctx context.Context, instDir, name string, instConfig *limatype.LimaYAML) error {\n\targs, err := templateArgs(ctx, false, instDir, name, instConfig, 0, 0, 0, \"\", false, false, false)\n\tif err != nil {\n\t\treturn err\n\t}\n\t// mounts are not included here\n\targs.Mounts = nil\n\t// resolv_conf is not included here\n\targs.DNSAddresses = nil\n\n\tif err := ValidateTemplateArgs(args); err != nil {\n\t\treturn err\n\t}\n\n\tconfig, err := ExecuteTemplateCloudConfig(args)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tos.RemoveAll(filepath.Join(instDir, filenames.CloudConfig)) // delete existing\n\treturn os.WriteFile(filepath.Join(instDir, filenames.CloudConfig), config, 0o444)\n}\n\n// GenerateISO9660 generates the cidata ISO9660 image (or directory, for noCloudInit)\n// in instDir. It returns the instance ID, which changes on every boot.\nfunc GenerateISO9660(ctx context.Context, drv driver.Driver, instDir, name string, instConfig *limatype.LimaYAML, udpDNSLocalPort, tcpDNSLocalPort int, guestAgentBinary, nerdctlArchive string, vsockPort int, virtioPort string, noCloudInit, rosettaEnabled, rosettaBinFmt bool) (string, error) {\n\targs, err := templateArgs(ctx, true, instDir, name, instConfig, udpDNSLocalPort, tcpDNSLocalPort, vsockPort, virtioPort, noCloudInit, rosettaEnabled, rosettaBinFmt)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tif err := ValidateTemplateArgs(args); err != nil {\n\t\treturn \"\", err\n\t}\n\n\tlayout, err := ExecuteTemplateCIDataISO(args)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tdriverScripts, err := drv.BootScripts()\n\tif err != nil {\n\t\treturn \"\", fmt.Errorf(\"failed to get boot scripts: %w\", err)\n\t}\n\n\tfor filename, content := range driverScripts {\n\t\tlayoutPath := path.Join(\"boot.Linux\", filename)\n\t\tif strings.Contains(filename, \"/\") {\n\t\t\t// When the filename contains a slash, it must be in the format of \"boot./