🐛 Update docker distribution to fix go sum error

[vpineda1996]

What this PR does / why we need it:

This change is needed as building fails. According to https://github.com/distribution/distribution/releases/tag/v2.8.1,
there are no changes between 2.8.0 and 2.8.1, the sole reason of having
this new version is to fix the go.sum issue.

[k8s-ci-robot]

Hi @vpineda1996. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[killianmuldoon]

@vpineda1996 have you seen this build issue / can we reproduce in Cluster API?

[sbueringer]

Yup would be interesting to know what their go sum error is, but either way
/lgtm
for the bump in general (I can't reproduce the problem locally)

[sbueringer]

/lgtm cancel

If I run make generate-modules (with go 1.17) on this PR it adds a few more dependencies in other go.mod files and seems to revert some of the delta. Can you run it locally and push the changes? (if there are any)

[vpineda1996]

@vpineda1996 have you seen this build issue / can we reproduce in Cluster API?

➜  make generate-modules
go mod tidy
cd hack/tools; go mod tidy
go: downloading golang.org/x/tools v0.1.8-0.20211029000441-d6a9af8af023
go: downloading google.golang.org/api v0.63.0
go: downloading github.com/googleapis/gax-go/v2 v2.1.1
go: downloading github.com/docker/docker v20.10.12+incompatible
go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
go: downloading go.opencensus.io v0.23.0
go: downloading gotest.tools v2.2.0+incompatible
go: downloading github.com/opencontainers/image-spec v1.0.2
go: downloading github.com/containerd/containerd v1.5.9
go: downloading github.com/google/martian/v3 v3.2.1
go: downloading github.com/google/martian v2.1.0+incompatible
go: downloading golang.org/x/mod v0.6.0-dev.0.20211013180041-c96bc1413d57
go: downloading github.com/kr/pretty v0.2.1
go: downloading github.com/Microsoft/go-winio v0.5.1
go: downloading github.com/gorilla/mux v1.8.0
go: downloading github.com/morikuni/aec v1.0.0
go: downloading github.com/envoyproxy/go-control-plane v0.10.1
go: downloading github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4
go: downloading github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490
go: downloading github.com/envoyproxy/protoc-gen-validate v0.6.2
go: downloading github.com/census-instrumentation/opencensus-proto v0.3.0
cd test; go mod tidy
go: downloading sigs.k8s.io/kind v0.12.0
go: downloading github.com/docker/distribution v2.8.0+incompatible
go: downloading github.com/Microsoft/go-winio v0.5.0
go: downloading github.com/alessio/shellescape v1.4.1
go: downloading github.com/BurntSushi/toml v0.4.1
verifying github.com/docker/[email protected]+incompatible: checksum mismatch
        downloaded: h1:u9vuu6qqG7nN9a735Noed0ahoUm30iipVRlhgh72N0M=
        go.sum:     h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

[killianmuldoon]

/ok-to-test

[sbueringer]

@vpineda1996
Thx for the additional context and thx for the fix!

I suspect I don't have the issue as the module in my local cache probably has the same checksum as the one in the go.sum file.
I guess they somehow changed the checksum on server-side.

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sbueringer

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [sbueringer]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mkumatag]

/cherrypick release-1.1

[k8s-infra-cherrypick-robot]

@mkumatag: #6548 failed to apply on top of branch "release-1.1":

Applying: Update docker distribution to fix go sum error
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
M	hack/tools/go.mod
M	hack/tools/go.sum
M	test/go.mod
M	test/go.sum
Falling back to patching base and 3-way merge...
Auto-merging test/go.sum
CONFLICT (content): Merge conflict in test/go.sum
Auto-merging test/go.mod
CONFLICT (content): Merge conflict in test/go.mod
Auto-merging hack/tools/go.sum
CONFLICT (content): Merge conflict in hack/tools/go.sum
Auto-merging hack/tools/go.mod
CONFLICT (content): Merge conflict in hack/tools/go.mod
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Update docker distribution to fix go sum error
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherrypick release-1.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.