mirror of
https://github.com/containers/podman.git
synced 2025-10-24 15:03:45 +08:00
Update c/image after https://github.com/containers/image/pull/1299
> go get github.com/containers/image/v5@main > make vendor Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
31
vendor/github.com/containers/image/v5/docker/docker_client.go
generated
vendored
31
vendor/github.com/containers/image/v5/docker/docker_client.go
generated
vendored
@ -313,8 +313,14 @@ func CheckAuth(ctx context.Context, sys *types.SystemContext, username, password
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
return httpResponseToError(resp, "")
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
err := registryHTTPResponseToError(resp)
|
||||
if resp.StatusCode == http.StatusUnauthorized {
|
||||
err = ErrUnauthorizedForCredentials{Err: err}
|
||||
}
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// SearchResult holds the information of each matching image
|
||||
@ -411,7 +417,7 @@ func SearchRegistry(ctx context.Context, sys *types.SystemContext, registry, ima
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
err := httpResponseToError(resp, "")
|
||||
err := registryHTTPResponseToError(resp)
|
||||
logrus.Errorf("error getting search results from v2 endpoint %q: %v", registry, err)
|
||||
return nil, fmt.Errorf("couldn't search registry %q: %w", registry, err)
|
||||
}
|
||||
@ -816,7 +822,7 @@ func (c *dockerClient) detectPropertiesHelper(ctx context.Context) error {
|
||||
defer resp.Body.Close()
|
||||
logrus.Debugf("Ping %s status %d", url.Redacted(), resp.StatusCode)
|
||||
if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusUnauthorized {
|
||||
return httpResponseToError(resp, "")
|
||||
return registryHTTPResponseToError(resp)
|
||||
}
|
||||
c.challenges = parseAuthHeader(resp.Header)
|
||||
c.scheme = scheme
|
||||
@ -956,9 +962,10 @@ func (c *dockerClient) getBlob(ctx context.Context, ref dockerReference, info ty
|
||||
if err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
if err := httpResponseToError(res, "Error fetching blob"); err != nil {
|
||||
if res.StatusCode != http.StatusOK {
|
||||
err := registryHTTPResponseToError(res)
|
||||
res.Body.Close()
|
||||
return nil, 0, err
|
||||
return nil, 0, fmt.Errorf("fetching blob: %w", err)
|
||||
}
|
||||
cache.RecordKnownLocation(ref.Transport(), bicTransportScope(ref), info.Digest, newBICLocationReference(ref))
|
||||
return res.Body, getBlobSize(res), nil
|
||||
@ -982,13 +989,8 @@ func (c *dockerClient) getOCIDescriptorContents(ctx context.Context, ref dockerR
|
||||
|
||||
// isManifestUnknownError returns true iff err from fetchManifest is a “manifest unknown” error.
|
||||
func isManifestUnknownError(err error) bool {
|
||||
var errs errcode.Errors
|
||||
if !errors.As(err, &errs) || len(errs) == 0 {
|
||||
return false
|
||||
}
|
||||
err = errs[0]
|
||||
ec, ok := err.(errcode.ErrorCoder)
|
||||
if !ok {
|
||||
var ec errcode.ErrorCoder
|
||||
if !errors.As(err, &ec) {
|
||||
return false
|
||||
}
|
||||
return ec.ErrorCode() == v2.ErrorCodeManifestUnknown
|
||||
@ -1037,9 +1039,8 @@ func (c *dockerClient) getExtensionsSignatures(ctx context.Context, ref dockerRe
|
||||
return nil, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
|
||||
if res.StatusCode != http.StatusOK {
|
||||
return nil, fmt.Errorf("downloading signatures for %s in %s: %w", manifestDigest, ref.ref.Name(), handleErrorResponse(res))
|
||||
return nil, fmt.Errorf("downloading signatures for %s in %s: %w", manifestDigest, ref.ref.Name(), registryHTTPResponseToError(res))
|
||||
}
|
||||
|
||||
body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureListBodySize)
|
||||
|
4
vendor/github.com/containers/image/v5/docker/docker_image.go
generated
vendored
4
vendor/github.com/containers/image/v5/docker/docker_image.go
generated
vendored
@ -77,8 +77,8 @@ func GetRepositoryTags(ctx context.Context, sys *types.SystemContext, ref types.
|
||||
return nil, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err := httpResponseToError(res, "fetching tags list"); err != nil {
|
||||
return nil, err
|
||||
if res.StatusCode != http.StatusOK {
|
||||
return nil, fmt.Errorf("fetching tags list: %w", registryHTTPResponseToError(res))
|
||||
}
|
||||
|
||||
var tagsHolder struct {
|
||||
|
13
vendor/github.com/containers/image/v5/docker/docker_image_dest.go
generated
vendored
13
vendor/github.com/containers/image/v5/docker/docker_image_dest.go
generated
vendored
@ -244,7 +244,7 @@ func (d *dockerImageDestination) blobExists(ctx context.Context, repo reference.
|
||||
logrus.Debugf("... not present")
|
||||
return false, -1, nil
|
||||
default:
|
||||
return false, -1, fmt.Errorf("failed to read from destination repository %s: %d (%s)", reference.Path(d.ref.ref), res.StatusCode, http.StatusText(res.StatusCode))
|
||||
return false, -1, fmt.Errorf("checking whether a blob %s exists in %s: %w", digest, repo.Name(), registryHTTPResponseToError(res))
|
||||
}
|
||||
}
|
||||
|
||||
@ -487,15 +487,10 @@ func successStatus(status int) bool {
|
||||
return status >= 200 && status <= 399
|
||||
}
|
||||
|
||||
// isManifestInvalidError returns true iff err from client.HandleErrorResponse is a “manifest invalid” error.
|
||||
// isManifestInvalidError returns true iff err from registryHTTPResponseToError is a “manifest invalid” error.
|
||||
func isManifestInvalidError(err error) bool {
|
||||
errors, ok := err.(errcode.Errors)
|
||||
if !ok || len(errors) == 0 {
|
||||
return false
|
||||
}
|
||||
err = errors[0]
|
||||
ec, ok := err.(errcode.ErrorCoder)
|
||||
if !ok {
|
||||
var ec errcode.ErrorCoder
|
||||
if ok := errors.As(err, &ec); !ok {
|
||||
return false
|
||||
}
|
||||
|
||||
|
41
vendor/github.com/containers/image/v5/docker/docker_image_src.go
generated
vendored
41
vendor/github.com/containers/image/v5/docker/docker_image_src.go
generated
vendored
@ -28,6 +28,10 @@ import (
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
// maxLookasideSignatures is an arbitrary limit for the total number of signatures we would try to read from a lookaside server,
|
||||
// even if it were broken or malicious and it continued serving an enormous number of items.
|
||||
const maxLookasideSignatures = 128
|
||||
|
||||
type dockerImageSource struct {
|
||||
impl.Compat
|
||||
impl.PropertyMethodsInitialize
|
||||
@ -372,12 +376,9 @@ func (s *dockerImageSource) GetBlobAt(ctx context.Context, info types.BlobInfo,
|
||||
res.Body.Close()
|
||||
return nil, nil, private.BadPartialRequestError{Status: res.Status}
|
||||
default:
|
||||
err := httpResponseToError(res, "Error fetching partial blob")
|
||||
if err == nil {
|
||||
err = fmt.Errorf("invalid status code returned when fetching blob %d (%s)", res.StatusCode, http.StatusText(res.StatusCode))
|
||||
}
|
||||
err := registryHTTPResponseToError(res)
|
||||
res.Body.Close()
|
||||
return nil, nil, err
|
||||
return nil, nil, fmt.Errorf("fetching partial blob: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
@ -451,6 +452,10 @@ func (s *dockerImageSource) getSignaturesFromLookaside(ctx context.Context, inst
|
||||
// NOTE: Keep this in sync with docs/signature-protocols.md!
|
||||
signatures := []signature.Signature{}
|
||||
for i := 0; ; i++ {
|
||||
if i >= maxLookasideSignatures {
|
||||
return nil, fmt.Errorf("server provided %d signatures, assuming that's unreasonable and a server error", maxLookasideSignatures)
|
||||
}
|
||||
|
||||
url := lookasideStorageURL(s.c.signatureBase, manifestDigest, i)
|
||||
signature, missing, err := s.getOneSignature(ctx, url)
|
||||
if err != nil {
|
||||
@ -496,10 +501,19 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, url *url.URL) (
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if res.StatusCode == http.StatusNotFound {
|
||||
logrus.Debugf("... got status 404, as expected = end of signatures")
|
||||
return nil, true, nil
|
||||
} else if res.StatusCode != http.StatusOK {
|
||||
return nil, false, fmt.Errorf("reading signature from %s: status %d (%s)", url.Redacted(), res.StatusCode, http.StatusText(res.StatusCode))
|
||||
}
|
||||
|
||||
contentType := res.Header.Get("Content-Type")
|
||||
if mimeType := simplifyContentType(contentType); mimeType == "text/html" {
|
||||
logrus.Warnf("Signature %q has Content-Type %q, unexpected for a signature", url.Redacted(), contentType)
|
||||
// Don’t immediately fail; the lookaside spec does not place any requirements on Content-Type.
|
||||
// If the content really is HTML, it’s going to fail in signature.FromBlob.
|
||||
}
|
||||
|
||||
sigBlob, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureBodySize)
|
||||
if err != nil {
|
||||
return nil, false, err
|
||||
@ -605,16 +619,16 @@ func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerRefere
|
||||
return err
|
||||
}
|
||||
defer get.Body.Close()
|
||||
manifestBody, err := iolimits.ReadAtMost(get.Body, iolimits.MaxManifestBodySize)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
switch get.StatusCode {
|
||||
case http.StatusOK:
|
||||
case http.StatusNotFound:
|
||||
return fmt.Errorf("Unable to delete %v. Image may not exist or is not stored with a v2 Schema in a v2 registry", ref.ref)
|
||||
default:
|
||||
return fmt.Errorf("Failed to delete %v: %s (%v)", ref.ref, manifestBody, get.Status)
|
||||
return fmt.Errorf("deleting %v: %w", ref.ref, registryHTTPResponseToError(get))
|
||||
}
|
||||
manifestBody, err := iolimits.ReadAtMost(get.Body, iolimits.MaxManifestBodySize)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
manifestDigest, err := manifest.Digest(manifestBody)
|
||||
@ -630,13 +644,8 @@ func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerRefere
|
||||
return err
|
||||
}
|
||||
defer delete.Body.Close()
|
||||
|
||||
body, err := iolimits.ReadAtMost(delete.Body, iolimits.MaxErrorBodySize)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if delete.StatusCode != http.StatusAccepted {
|
||||
return fmt.Errorf("Failed to delete %v: %s (%v)", deletePath, string(body), delete.Status)
|
||||
return fmt.Errorf("deleting %v: %w", ref.ref, registryHTTPResponseToError(delete))
|
||||
}
|
||||
|
||||
for i := 0; ; i++ {
|
||||
|
44
vendor/github.com/containers/image/v5/docker/errors.go
generated
vendored
44
vendor/github.com/containers/image/v5/docker/errors.go
generated
vendored
@ -4,6 +4,9 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/docker/distribution/registry/api/errcode"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -33,7 +36,7 @@ func httpResponseToError(res *http.Response, context string) error {
|
||||
case http.StatusTooManyRequests:
|
||||
return ErrTooManyRequests
|
||||
case http.StatusUnauthorized:
|
||||
err := handleErrorResponse(res)
|
||||
err := registryHTTPResponseToError(res)
|
||||
return ErrUnauthorizedForCredentials{Err: err}
|
||||
default:
|
||||
if context != "" {
|
||||
@ -47,12 +50,47 @@ func httpResponseToError(res *http.Response, context string) error {
|
||||
// registry
|
||||
func registryHTTPResponseToError(res *http.Response) error {
|
||||
err := handleErrorResponse(res)
|
||||
if e, ok := err.(*unexpectedHTTPResponseError); ok {
|
||||
// len(errs) == 0 should never be returned by handleErrorResponse; if it does, we don't modify it and let the caller report it as is.
|
||||
if errs, ok := err.(errcode.Errors); ok && len(errs) > 0 {
|
||||
// The docker/distribution registry implementation almost never returns
|
||||
// more than one error in the HTTP body; it seems there is only one
|
||||
// possible instance, where the second error reports a cleanup failure
|
||||
// we don't really care about.
|
||||
//
|
||||
// The only _common_ case where a multi-element error is returned is
|
||||
// created by the handleErrorResponse parser when OAuth authorization fails:
|
||||
// the first element contains errors from a WWW-Authenticate header, the second
|
||||
// element contains errors from the response body.
|
||||
//
|
||||
// In that case the first one is currently _slightly_ more informative (ErrorCodeUnauthorized
|
||||
// for invalid tokens, ErrorCodeDenied for permission denied with a valid token
|
||||
// for the first error, vs. ErrorCodeUnauthorized for both cases for the second error.)
|
||||
//
|
||||
// Also, docker/docker similarly only logs the other errors and returns the
|
||||
// first one.
|
||||
if len(errs) > 1 {
|
||||
logrus.Debugf("Discarding non-primary errors:")
|
||||
for _, err := range errs[1:] {
|
||||
logrus.Debugf(" %s", err.Error())
|
||||
}
|
||||
}
|
||||
err = errs[0]
|
||||
}
|
||||
switch e := err.(type) {
|
||||
case *unexpectedHTTPResponseError:
|
||||
response := string(e.Response)
|
||||
if len(response) > 50 {
|
||||
response = response[:50] + "..."
|
||||
}
|
||||
err = fmt.Errorf("StatusCode: %d, %s", e.StatusCode, response)
|
||||
// %.0w makes e visible to error.Unwrap() without including any text
|
||||
err = fmt.Errorf("StatusCode: %d, %s%.0w", e.StatusCode, response, e)
|
||||
case errcode.Error:
|
||||
// e.Error() is fmt.Sprintf("%s: %s", e.Code.Error(), e.Message, which is usually
|
||||
// rather redundant. So reword it without using e.Code.Error() if e.Message is the default.
|
||||
if e.Message == e.Code.Message() {
|
||||
// %.0w makes e visible to error.Unwrap() without including any text
|
||||
err = fmt.Errorf("%s%.0w", e.Message, e)
|
||||
}
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
15
vendor/github.com/containers/image/v5/oci/archive/oci_src.go
generated
vendored
15
vendor/github.com/containers/image/v5/oci/archive/oci_src.go
generated
vendored
@ -17,6 +17,17 @@ import (
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
// ImageNotFoundError is used when the OCI structure, in principle, exists and seems valid enough,
|
||||
// but nothing matches the “image” part of the provided reference.
|
||||
type ImageNotFoundError struct {
|
||||
ref ociArchiveReference
|
||||
// We may make members public, or add methods, in the future.
|
||||
}
|
||||
|
||||
func (e ImageNotFoundError) Error() string {
|
||||
return fmt.Sprintf("no descriptor found for reference %q", e.ref.image)
|
||||
}
|
||||
|
||||
type ociArchiveImageSource struct {
|
||||
impl.Compat
|
||||
|
||||
@ -35,6 +46,10 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref ociArchiv
|
||||
|
||||
unpackedSrc, err := tempDirRef.ociRefExtracted.NewImageSource(ctx, sys)
|
||||
if err != nil {
|
||||
var notFound ocilayout.ImageNotFoundError
|
||||
if errors.As(err, ¬Found) {
|
||||
err = ImageNotFoundError{ref: ref}
|
||||
}
|
||||
if err := tempDirRef.deleteTempDir(); err != nil {
|
||||
return nil, fmt.Errorf("deleting temp directory %q: %w", tempDirRef.tempDirectory, err)
|
||||
}
|
||||
|
11
vendor/github.com/containers/image/v5/oci/layout/oci_src.go
generated
vendored
11
vendor/github.com/containers/image/v5/oci/layout/oci_src.go
generated
vendored
@ -21,6 +21,17 @@ import (
|
||||
imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
|
||||
)
|
||||
|
||||
// ImageNotFoundError is used when the OCI structure, in principle, exists and seems valid enough,
|
||||
// but nothing matches the “image” part of the provided reference.
|
||||
type ImageNotFoundError struct {
|
||||
ref ociReference
|
||||
// We may make members public, or add methods, in the future.
|
||||
}
|
||||
|
||||
func (e ImageNotFoundError) Error() string {
|
||||
return fmt.Sprintf("no descriptor found for reference %q", e.ref.image)
|
||||
}
|
||||
|
||||
type ociImageSource struct {
|
||||
impl.Compat
|
||||
impl.PropertyMethodsInitialize
|
||||
|
2
vendor/github.com/containers/image/v5/oci/layout/oci_transport.go
generated
vendored
2
vendor/github.com/containers/image/v5/oci/layout/oci_transport.go
generated
vendored
@ -205,7 +205,7 @@ func (ref ociReference) getManifestDescriptor() (imgspecv1.Descriptor, error) {
|
||||
}
|
||||
}
|
||||
if d == nil {
|
||||
return imgspecv1.Descriptor{}, fmt.Errorf("no descriptor found for reference %q", ref.image)
|
||||
return imgspecv1.Descriptor{}, ImageNotFoundError{ref}
|
||||
}
|
||||
return *d, nil
|
||||
}
|
||||
|
4
vendor/github.com/containers/image/v5/version/version.go
generated
vendored
4
vendor/github.com/containers/image/v5/version/version.go
generated
vendored
@ -8,10 +8,10 @@ const (
|
||||
// VersionMinor is for functionality in a backwards-compatible manner
|
||||
VersionMinor = 23
|
||||
// VersionPatch is for backwards-compatible bug fixes
|
||||
VersionPatch = 0
|
||||
VersionPatch = 1
|
||||
|
||||
// VersionDev indicates development branch. Releases will be empty string.
|
||||
VersionDev = ""
|
||||
VersionDev = "-dev"
|
||||
)
|
||||
|
||||
// Version is the specification version that the package types support.
|
||||
|
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -174,7 +174,7 @@ github.com/containers/common/version
|
||||
# github.com/containers/conmon v2.0.20+incompatible
|
||||
## explicit
|
||||
github.com/containers/conmon/runner/config
|
||||
# github.com/containers/image/v5 v5.23.0
|
||||
# github.com/containers/image/v5 v5.23.1-0.20221012204947-6ea53742be58
|
||||
## explicit; go 1.17
|
||||
github.com/containers/image/v5/copy
|
||||
github.com/containers/image/v5/directory
|
||||
|
Reference in New Issue
Block a user