vendor latest c/common from main

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-10-18 19:53:58 +08:00 · 2025-01-07 13:35:43 +01:00
parent 52b8f6e369
commit 1dbd68f061
81 changed files with 5267 additions and 2135 deletions
--- a/vendor/github.com/containers/common/libnetwork/netavark/config.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/config.go
@ -30,6 +30,9 @@ func sliceRemoveDuplicates(strList []string) []string {
 }

 func (n *netavarkNetwork) commitNetwork(network *types.Network) error {
+	if err := os.MkdirAll(n.networkConfigDir, 0o755); err != nil {
+		return nil
+	}
 	confPath := filepath.Join(n.networkConfigDir, network.Name+".json")
 	f, err := os.Create(confPath)
 	if err != nil {
--- a/vendor/github.com/containers/common/libnetwork/netavark/network.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/network.go
@ -135,10 +135,6 @@ func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 		return nil, fmt.Errorf("failed to parse default subnet: %w", err)
 	}

-	if err := os.MkdirAll(conf.NetworkConfigDir, 0o755); err != nil {
-		return nil, err
-	}
-
 	if err := os.MkdirAll(conf.NetworkRunDir, 0o755); err != nil {
 		return nil, err
 	}
@ -187,6 +183,21 @@ func (n *netavarkNetwork) loadNetworks() error {
 	// check the mod time of the config dir
 	f, err := os.Stat(n.networkConfigDir)
 	if err != nil {
+		// the directory may not exists which is fine. It will be created on the first network create
+		if errors.Is(err, os.ErrNotExist) {
+			// networks are already loaded
+			if n.networks != nil {
+				return nil
+			}
+			networks := make(map[string]*types.Network, 1)
+			networkInfo, err := n.createDefaultNetwork()
+			if err != nil {
+				return fmt.Errorf("failed to create default network %s: %w", n.defaultNetwork, err)
+			}
+			networks[n.defaultNetwork] = networkInfo
+			n.networks = networks
+			return nil
+		}
 		return err
 	}
 	modTime := f.ModTime()
--- a/vendor/github.com/containers/common/libnetwork/pasta/pasta_linux.go
+++ b/vendor/github.com/containers/common/libnetwork/pasta/pasta_linux.go
@ -110,13 +110,26 @@ func Setup(opts *SetupOptions) (*SetupResult, error) {
 			return err
 		}
 		for _, addr := range addrs {
-			// make sure to skip localhost and other special addresses
-			if ipnet, ok := addr.(*net.IPNet); ok && ipnet.IP.IsGlobalUnicast() {
-				result.IPAddresses = append(result.IPAddresses, ipnet.IP)
-				if !ipv4 && util.IsIPv4(ipnet.IP) {
+			// make sure to skip loopback and multicast addresses
+			if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() && !ipnet.IP.IsMulticast() {
+				if util.IsIPv4(ipnet.IP) {
+					result.IPAddresses = append(result.IPAddresses, ipnet.IP)
 					ipv4 = true
-				}
-				if !ipv6 && util.IsIPv6(ipnet.IP) {
+				} else if !ipnet.IP.IsLinkLocalUnicast() {
+					// Else must be ipv6.
+					// We shouldn't resolve hosts.containers.internal to IPv6
+					// link-local addresses, for two reasons:
+					// 1. even if IPv6 is disabled in pasta (--ipv4-only), the
+					//    kernel will configure an IPv6 link-local address in the
+					//    container, but that doesn't mean that IPv6 connectivity
+					//    is actually working
+					// 2. link-local addresses need to be suffixed by the zone
+					//    (interface) to be of any use, but we can't do it here
+					//
+					// Thus, don't include IPv6 link-local addresses in
+					// IPAddresses: Podman uses them for /etc/hosts entries, and
+					// those need to be functional.
+					result.IPAddresses = append(result.IPAddresses, ipnet.IP)
 					ipv6 = true
 				}
 			}
--- a/vendor/github.com/containers/common/pkg/ssh/connection_golang.go
+++ b/vendor/github.com/containers/common/pkg/ssh/connection_golang.go
@ -10,7 +10,6 @@ import (
 	"net/url"
 	"os"
 	"os/user"
-	"path"
 	"path/filepath"
 	"regexp"
 	"strings"
@ -313,7 +312,7 @@ func ValidateAndConfigure(uri *url.URL, iden string, insecureIsMachineConnection
 		if !errors.Is(err, os.ErrNotExist) {
 			return nil, err
 		}
-		keyDir := path.Dir(keyFilePath)
+		keyDir := filepath.Dir(keyFilePath)
 		if err := fileutils.Exists(keyDir); errors.Is(err, os.ErrNotExist) {
 			if err := os.Mkdir(keyDir, 0o700); err != nil {
 				return nil, err
--- a/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go
+++ b/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go
@ -25,7 +25,7 @@ import (
 	"github.com/containers/ocicrypt/config"
 	"github.com/containers/ocicrypt/keywrap"
 	"github.com/containers/ocicrypt/utils"
-	"go.mozilla.org/pkcs7"
+	"github.com/smallstep/pkcs7"
 )

 type pkcs7KeyWrapper struct {