better vulnscan message

.dockerignore

@@ -1,5 +1,3 @@
 LICENSE
 README.md
-manifest.tmpl
 .gitea/
-.drone*

.drone.star

@@ -1,120 +0,0 @@
-def main(ctx):
-    archs = ["amd64", "arm64"]   ## arm
-    alpine_version = "3.19"
-
-    out = []
-    for arch in archs:
-        out += onpush(ctx, alpine_version, arch)
-
-    for arch in archs:
-        out += build_publish(ctx, alpine_version, arch)
-
-    out += manifest_publish(ctx, archs)
-
-    return out
-
-def onpush(ctx, alpine_version, arch):
-    return [{
-        "kind": "pipeline",
-        "type": "docker",
-        "name": "build-onpush-%s" % (arch),
-        "platform": {
-            "arch": arch,
-            "os": "linux",
-        },
-        "steps": [{
-            "name": "build_on_push",
-            "image": "plugins/docker:linux-%s" % (arch),
-            "settings": {
-                "context": ".",
-                "dockerfile": "Dockerfile",
-                "dry_run": True,
-                "repo": "docker.asperti.com/paspo/dnscache", 
-                "build_args": [
-                    "ALPINE_VERSION=%s" % (alpine_version)
-                ],
-            },
-        }],
-        "trigger": {
-            "event": ['push'],
-        }
-    }]
-
-def build_publish(ctx, alpine_version, arch):
-    return [{
-        "kind": "pipeline",
-        "type": "docker",
-        "name": "build-publish-%s" % (arch),
-        "platform": {
-            "arch": arch,
-            "os": "linux",
-        },
-        "steps": [{
-            "name": "build_on_push",
-            "image": "plugins/docker:linux-%s" % (arch),
-            "settings": {
-                "context": ".",
-                "dockerfile": "Dockerfile",
-                "build_args": [
-                    "ALPINE_VERSION=%s" % (alpine_version)
-                ],
-                "username": {
-                    "from_secret": "docker_username",
-                },
-                "password": {
-                    "from_secret": "docker_password",
-                },
-                "registry": "docker.asperti.com",
-                "repo": "docker.asperti.com/paspo/dnscache",    
-                "tags": [ 
-                    "latest-%s" % (arch)
-                ],
-                "auto_tag": False,
-                "force_tag": True,
-                "daemon_off": False,            
-            },
-        }],
-        "trigger": {
-            "ref": [
-                "refs/heads/master",
-                "refs/tags/**",
-            ],
-        },
-    }]
-
-def manifest_publish(ctx, archs):
-    return [{
-        "kind": "pipeline",
-        "type": "docker",
-        "name": "manifest",
-        "platform": {
-            "arch": archs[0],
-            "os": "linux",
-        },
-        "steps": [{
-            "name": "manifest",
-            "image": "plugins/manifest",
-            "settings": {
-                "spec": "manifest.tmpl",
-                "username": {
-                    "from_secret": "docker_username",
-                },
-                "password": {
-                    "from_secret": "docker_password",
-                }, 
-                "tags": [ 
-                    "latest"
-                ],
-                "ignore_missing": True,
-                "force_tag": True,
-            },
-        }],
-        "trigger": {
-            "ref": [
-                "refs/heads/master",
-                "refs/tags/**",
-            ],
-        },
-        "depends_on": ["build-publish-%s" % (arch) for arch in archs]
-    }]
-

.gitea/workflows/build_and_publish.yaml

@@ -0,0 +1,75 @@
+---
+name: Container Publish
+
+env:
+  REGISTRY: docker.asperti.com
+  REPOSITORY: paspo/dnscache
+  ALPINE_VERSION: "3.19"
+
+on:
+  push:
+  schedule:
+    - cron: "0 12 * * 3"
+  workflow_dispatch:
+  workflow_call:
+  workflow_run:
+    workflows: [vulnscan.yaml]
+    types: [completed]
+
+jobs:
+  on-success-skip:
+    runs-on:
+      labels: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - run: exit_with_success
+
+  build-image:
+    runs-on:
+      labels: [ubuntu-latest, "arch-${{ matrix.arch }}"]
+    container:
+      image: catthehacker/ubuntu:act-latest
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Build and publish
+        run: |
+          docker build \
+            --tag ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-${{ matrix.arch }} \
+            --build-arg "ALPINE_VERSION=${{ env.ALPINE_VERSION }}" \
+            --platform linux/${{ matrix.arch }} --no-cache -f Dockerfile .
+          docker push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-${{ matrix.arch }}
+
+  manifest:
+    name: update docker manifest
+    needs: build-image
+    runs-on: ubuntu-latest
+    container:
+      image: catthehacker/ubuntu:act-latest
+
+    steps:
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: latest
+        run: |
+          docker manifest create \
+            ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest \
+            --amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-amd64 \
+            --amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-arm64
+          docker manifest push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest

.gitea/workflows/vulnscan.yaml

@@ -1,20 +1,33 @@
+---
 name: Vulnerability Scan
 
+env:
+  REGISTRY: docker.asperti.com
+  REPOSITORY: paspo/dnscache
+
 on:
   schedule:
     - cron: "0 14 * * *"
   workflow_dispatch:
+  workflow_call:
+  workflow_run:
+    workflows: [build_and_publish.yaml]
+    types: [completed]
 
 jobs:
   scan:
     name: Daily Vulnerability Scan
-    runs-on: ubuntu-latest
+    runs-on:
+      labels: [ubuntu-latest, "arch-${{ matrix.arch }}"]
     container:
       image: catthehacker/ubuntu:act-latest
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
 
     steps:
       - name: Pull docker image
-        run: docker pull docker.asperti.com/paspo/dnscache:latest
+        run: docker pull ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest
 
       - name: Setup trivy
         run: |
@@ -31,7 +44,7 @@ jobs:
       - name: Run Trivy vulnerability scanner
         id: scan
         run: |
-          trivy --server ${{ secrets.TRIVY_SERVER }} --token ${{ secrets.TRIVY_TOKEN }} image --format json docker.asperti.com/paspo/dnscache:latest > trivy-results.json
+          trivy --server ${{ secrets.TRIVY_SERVER }} --token ${{ secrets.TRIVY_TOKEN }} image --format json ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest > trivy-results.json
 
       # if some vulnerability is found, we fail
       - name: check output
@@ -48,4 +61,4 @@ jobs:
           token: ${{ secrets.TELEGRAM_TOKEN }}
           format: markdown
           message: |
-            Found **${{ steps.vulncount.outputs.VULNCOUNT }}** vulnerabilities in `${{ github.repository }}`
+            Found **${{ steps.vulncount.outputs.VULNCOUNT }}** vulnerabilities in `${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest`

Dockerfile

@@ -1,13 +1,23 @@
+FROM golang:1.25.1-alpine AS build
+
+WORKDIR /src
+COPY src /src
+RUN \
+  go mod download && \
+  CGO_ENABLED=0 GOOS=linux go build -a -o /dnsproxy cmd/main.go
+
+
 FROM alpine:latest
 
 RUN \
-  apk --update upgrade && \
-  apk add unbound bind-tools && \
+  apk --no-cache upgrade && \
+  apk --no-cache add unbound bind-tools tini && \
   wget -O /etc/unbound/named.cache ftp://ftp.internic.net//domain/named.cache
 
 COPY rootfs /
+COPY --from=build /dnsproxy /app/
 
 HEALTHCHECK --interval=30s --start-period=5s --timeout=10s \
-  CMD /usr/bin/host -T -p 1053 asperti.com 127.0.0.1
+  CMD /usr/bin/host -T -p ${PORT} asperti.com 127.0.0.1
 
-ENTRYPOINT ["/usr/sbin/unbound", "-d"]
+ENTRYPOINT ["/sbin/tini", "--", "/bin/sh", "/app/entrypoint.sh"]

README.md

@@ -1,7 +1,5 @@
 # Dockerized Unbound for caching purposes
 
-[![Build Status](https://drone.asperti.com/api/badges/paspo/docker-dnscache/status.svg)](https://drone.asperti.com/paspo/docker-dnscache)
-
 ## Usage with docker compose
 
 ```yaml
@@ -14,6 +12,16 @@ services:
     ports:
       - 127.0.0.1:1053:1053
       - 127.0.0.1:1053:1053/udp
+      - 127.0.0.1:8000:8000  # dns proxy
+    environment:
+      LOGS: true
+      LOGDIR: /logs
+      PORT: 1053
+      VERBOSITY: 1
+      DNSPROXY: true
+      ACCESSLOG: true
+    volumes:
+      - ./logs:/logs
 ```
 
 ## Usage with docker
@@ -23,9 +31,3 @@ docker run --rm --name zabbix-dns \
   -p "1053:1053" -p "1053:1053/udp" \
   -ti docker.asperti.com/paspo/dnscache:latest
 ```
-
-## test drone config
-
-```sh
-drone starlark --format  --stdout 
-```

manifest.tmpl

@@ -1,25 +0,0 @@
-image: docker.asperti.com/paspo/dnscache:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
-{{#if build.tags}}
-tags:
-{{#each build.tags}}
-  - {{this}}
-{{/each}}
-{{/if}}
-manifests:
-  -
-    image: docker.asperti.com/paspo/dnscache:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64
-    platform:
-      architecture: amd64
-      os: linux
-  -
-    image: docker.asperti.com/paspo/dnscache:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64
-    platform:
-      variant: v8
-      architecture: arm64
-      os: linux
-  -
-    image: docker.asperti.com/paspo/dnscache:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm
-    platform:
-      variant: v7
-      architecture: arm
-      os: linux

rootfs/app/entrypoint.sh

@@ -0,0 +1,47 @@
+#!/bin/sh
+
+LOGS=${LOGS:-false}
+LOGDIR=${LOGDIR:-/logs}
+PORT=${PORT:-1053}
+VERBOSITY=${VERBOSITY:-1}
+DNSPROXY=${DNSPROXY:-false}
+ACCESSLOG=${ACCESSLOG:-true}
+
+# set logs
+if [ "${LOGS}" = true ] ; then
+    mkdir -p "${LOGDIR}"
+    chown unbound:unbound "${LOGDIR}"
+    cat >> /etc/unbound/unbound.conf.d/logs.conf << EOF
+server:
+    verbosity: ${VERBOSITY}
+    log-queries: yes
+    log-replies: yes
+    logfile: "${LOGDIR}/unbound.log"
+    log-time-ascii: yes
+    log-servfail: yes
+    log-local-actions: yes    
+EOF
+else
+    cat >> /etc/unbound/unbound.conf.d/logs.conf << EOF
+server:
+    verbosity: ${VERBOSITY}
+    log-queries: no
+    log-replies: no
+    logfile: ""
+EOF
+fi
+
+# set port
+cat > /etc/unbound/unbound.conf.d/port.conf << EOF
+server:
+    port: ${PORT}
+EOF
+
+if [ "${DNSPROXY}" = true ] ; then
+    export DNS_SERVER=127.0.0.1
+    export DNS_PORT="${PORT}"
+    /app/dnsproxy &
+fi
+
+# start unbound
+/usr/sbin/unbound -d

rootfs/etc/unbound/unbound.conf

@@ -1,6 +1,5 @@
 server:
     interface: 0.0.0.0
-    port: 1053
     do-ip4: yes
     do-ip6: no
     do-udp: yes
@@ -10,14 +9,6 @@ server:
     cache-max-ttl: 86400
     prefetch: yes
     num-threads: 4
-    verbosity: 1
-#    log-queries: yes
-    log-queries: no
-#    log-replies: yes
-    logfile: ""
-    log-time-ascii: yes
-    log-servfail: yes
-#    log-local-actions: yes
     use-syslog: no
     msg-cache-slabs: 8
     rrset-cache-slabs: 8
@@ -36,3 +27,4 @@ dynlib:
 remote-control:
 	control-enable: yes
 	control-interface: /run/unbound.control.sock
+include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"

rootfs/etc/unbound/unbound.conf.d/port.conf

@@ -0,0 +1,2 @@
+server:
+    port:  1053

src/.gitignore

@@ -0,0 +1 @@
+vendor/

src/cmd/.gitignore

@@ -0,0 +1 @@
+__debug*

src/cmd/main.go

@@ -0,0 +1,136 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"net"
+	"net/http"
+	"os"
+	"slices"
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+)
+
+var Resolver *net.Resolver
+
+func LookupIP(c *gin.Context) {
+	var err error
+	var ips []net.IP
+	q := c.Param("q")
+	ips, err = Resolver.LookupIP(context.Background(), "ip4", q)
+	c.JSON(http.StatusOK, gin.H{"ips": ips, "err": err})
+}
+
+type RBLLookupIPRequest struct {
+	RBLServer string `json:"rblserver"`
+}
+
+func RBLLookupIP(c *gin.Context) {
+	var err error
+	var dnsErr *net.DNSError
+	var listed string
+
+	ip := c.Param("ip")
+	ipAddress := net.ParseIP(ip)
+
+	// check if valid
+	if ipAddress.To4() == nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid IP address"})
+		return
+	}
+
+	// get requested data
+	var req RBLLookupIPRequest
+	err = c.BindJSON(&req)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request body"})
+		return
+	}
+
+	// reverse the ip
+	s := strings.Split(ipAddress.String(), ".")
+	slices.Reverse(s)
+
+	// and add the rbl server
+	s = append(s, req.RBLServer)
+
+	// final query
+	q := strings.Join(s, ".")
+	_, err = Resolver.LookupIP(context.Background(), "ip4", q)
+
+	listed = "listed"
+	if err == nil {
+		c.JSON(http.StatusOK, gin.H{"status": listed, "listed": true, "query": q})
+		return
+	}
+
+	if !errors.As(err, &dnsErr) {
+		c.JSON(http.StatusRequestTimeout, gin.H{"error": err.Error()})
+		return
+	}
+
+	if dnsErr.IsTimeout {
+		c.JSON(http.StatusRequestTimeout, gin.H{"error": "timeout", "query": q})
+		return
+	}
+
+	if dnsErr.IsTemporary {
+		c.JSON(http.StatusRequestTimeout, gin.H{"error": "temporary error", "query": q})
+		return
+	}
+
+	if !dnsErr.IsNotFound {
+		c.JSON(http.StatusRequestTimeout, gin.H{"error": "temporary error", "query": q})
+		return
+	}
+
+	if dnsErr.IsNotFound {
+		listed = "not listed"
+	}
+
+	c.JSON(http.StatusOK, gin.H{"status": listed, "listed": !dnsErr.IsNotFound, "query": q})
+}
+
+func initResolver() {
+	DNS_SERVER := os.Getenv("DNS_SERVER")
+	DNS_PORT := os.Getenv("DNS_PORT")
+
+	if DNS_SERVER == "" {
+		DNS_SERVER = "127.0.0.1"
+	}
+
+	if DNS_PORT == "" {
+		DNS_PORT = "53"
+	}
+
+	Resolver = &net.Resolver{
+		PreferGo: false,
+		Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
+			d := net.Dialer{
+				Timeout: time.Millisecond * time.Duration(10000),
+			}
+			return d.DialContext(ctx, network, DNS_SERVER+":"+DNS_PORT)
+		},
+	}
+}
+
+var Router *gin.Engine
+
+func init() {
+	initResolver()
+	Router = gin.Default()
+
+	accesslog := os.Getenv("ACCESSLOG")
+	if accesslog == "false" {
+		Router = gin.New()
+	}
+
+	Router.GET("/ip4/:q", LookupIP)
+	Router.POST("/rbl/:ip", RBLLookupIP)
+}
+
+func main() {
+	Router.Run(":8000")
+}

src/go.mod

@@ -0,0 +1,34 @@
+module asperti.com/dnsproxy
+
+go 1.25.1
+
+require github.com/gin-gonic/gin v1.10.0
+
+require (
+	github.com/bytedance/sonic v1.11.6 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.20.0 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
+	golang.org/x/arch v0.8.0 // indirect
+	golang.org/x/crypto v0.42.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

src/go.sum

@@ -0,0 +1,89 @@
+github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
+github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
+github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
+github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
+github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
+github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=
+github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
+github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
+github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
+golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
+golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=