vendor: update containers/{common,storage,image,buildah}

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-10-19 20:23:08 +08:00 · 2023-11-09 14:02:31 +01:00
parent ee5f582fbc
commit 478afa728d
65 changed files with 445 additions and 15476 deletions
--- a/vendor/github.com/containers/common/libimage/inspect.go
+++ b/vendor/github.com/containers/common/libimage/inspect.go
@ -180,22 +180,26 @@ func (i *Image) Inspect(ctx context.Context, options *InspectOptions) (*ImageDat
 		}

 	// Docker image
-	case manifest.DockerV2Schema1MediaType, manifest.DockerV2Schema2MediaType:
+	case manifest.DockerV2Schema2MediaType:
 		rawConfig, err := i.rawConfigBlob(ctx)
 		if err != nil {
 			return nil, err
 		}
-		var dockerManifest manifest.Schema2V1Image
-		if err := json.Unmarshal(rawConfig, &dockerManifest); err != nil {
+		var dockerConfig manifest.Schema2V1Image
+		if err := json.Unmarshal(rawConfig, &dockerConfig); err != nil {
 			return nil, err
 		}
-		data.Comment = dockerManifest.Comment
+		data.Comment = dockerConfig.Comment
 		// NOTE: Health checks may be listed in the container config or
 		// the config.
-		data.HealthCheck = dockerManifest.ContainerConfig.Healthcheck
-		if data.HealthCheck == nil && dockerManifest.Config != nil {
-			data.HealthCheck = dockerManifest.Config.Healthcheck
+		data.HealthCheck = dockerConfig.ContainerConfig.Healthcheck
+		if data.HealthCheck == nil && dockerConfig.Config != nil {
+			data.HealthCheck = dockerConfig.Config.Healthcheck
 		}
+
+	case manifest.DockerV2Schema1MediaType, manifest.DockerV2Schema1SignedMediaType:
+		// There seem to be at least _some_ images with .Healthcheck set in schema1 (possibly just as an artifact
+		// of testing format conversion?), so this could plausibly read these values.
 	}

 	if data.Annotations == nil {
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@ -13,7 +13,6 @@ import (
 	nettypes "github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/apparmor"
 	"github.com/containers/common/pkg/cgroupv2"
-	"github.com/containers/common/pkg/util"
 	"github.com/containers/storage/pkg/homedir"
 	"github.com/containers/storage/pkg/unshare"
 	"github.com/containers/storage/types"
@ -196,7 +195,9 @@ func defaultConfig() (*Config, error) {
 	}

 	defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath
-	if useUserConfigLocations() {
+	// NOTE: For now we want Windows to use system locations.
+	// GetRootlessUID == -1 on Windows, so exclude negative range
+	if unshare.GetRootlessUID() > 0 {
 		configHome, err := homedir.GetConfigHome()
 		if err != nil {
 			return nil, err
@ -320,7 +321,7 @@ func defaultEngineConfig() (*EngineConfig, error) {
 			return nil, err
 		}
 	}
-	storeOpts, err := types.DefaultStoreOptions(useUserConfigLocations(), unshare.GetRootlessUID())
+	storeOpts, err := types.DefaultStoreOptions()
 	if err != nil {
 		return nil, err
 	}
@ -480,11 +481,14 @@ func defaultEngineConfig() (*EngineConfig, error) {
 }

 func defaultTmpDir() (string, error) {
-	if !useUserConfigLocations() {
+	// NOTE: For now we want Windows to use system locations.
+	// GetRootlessUID == -1 on Windows, so exclude negative range
+	rootless := unshare.GetRootlessUID() > 0
+	if !rootless {
 		return getLibpodTmpDir(), nil
 	}

-	runtimeDir, err := util.GetRuntimeDir()
+	runtimeDir, err := homedir.GetRuntimeDir()
 	if err != nil {
 		return "", err
 	}
@ -669,12 +673,6 @@ func getDefaultSSHConfig() string {
 	return filepath.Join(dirname, ".ssh", "config")
 }

-func useUserConfigLocations() bool {
-	// NOTE: For now we want Windows to use system locations.
-	// GetRootlessUID == -1 on Windows, so exclude negative range
-	return unshare.GetRootlessUID() > 0
-}
-
 // getDefaultImage returns the default machine image stream
 // On Windows this refers to the Fedora major release number
 func getDefaultMachineImage() string {
--- a/vendor/github.com/containers/common/pkg/netns/netns_linux.go
+++ b/vendor/github.com/containers/common/pkg/netns/netns_linux.go
@ -30,7 +30,7 @@ import (
 	"sync"

 	"github.com/containernetworking/plugins/pkg/ns"
-	"github.com/containers/common/pkg/util"
+	"github.com/containers/storage/pkg/homedir"
 	"github.com/containers/storage/pkg/unshare"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
@ -40,7 +40,7 @@ import (
 // rootless, it needs to be at a location writable by user.
 func GetNSRunDir() (string, error) {
 	if unshare.IsRootless() {
-		rootlessDir, err := util.GetRuntimeDir()
+		rootlessDir, err := homedir.GetRuntimeDir()
 		if err != nil {
 			return "", err
 		}
--- a/vendor/github.com/containers/common/pkg/util/util_supported.go
+++ b/vendor/github.com/containers/common/pkg/util/util_supported.go
@ -1,91 +0,0 @@
-//go:build linux || darwin || freebsd
-// +build linux darwin freebsd
-
-package util
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-	"sync"
-	"syscall"
-
-	"github.com/containers/storage/pkg/homedir"
-	"github.com/containers/storage/pkg/unshare"
-	"github.com/sirupsen/logrus"
-)
-
-var (
-	rootlessRuntimeDirOnce sync.Once
-	rootlessRuntimeDir     string
-)
-
-// isWriteableOnlyByOwner checks that the specified permission mask allows write
-// access only to the owner.
-func isWriteableOnlyByOwner(perm os.FileMode) bool {
-	return (perm & 0o722) == 0o700
-}
-
-// GetRuntimeDir returns the runtime directory
-func GetRuntimeDir() (string, error) {
-	var rootlessRuntimeDirError error
-
-	rootlessRuntimeDirOnce.Do(func() {
-		runtimeDir, err := homedir.GetRuntimeDir()
-		if err != nil {
-			logrus.Debug(err)
-		}
-		if runtimeDir != "" {
-			st, err := os.Stat(runtimeDir)
-			if err != nil {
-				rootlessRuntimeDirError = err
-				return
-			}
-			if int(st.Sys().(*syscall.Stat_t).Uid) != os.Geteuid() {
-				rootlessRuntimeDirError = fmt.Errorf("XDG_RUNTIME_DIR directory %q is not owned by the current user", runtimeDir)
-				return
-			}
-		}
-		uid := fmt.Sprintf("%d", unshare.GetRootlessUID())
-		if runtimeDir == "" {
-			tmpDir := filepath.Join("/run", "user", uid)
-			if err := os.MkdirAll(tmpDir, 0o700); err != nil {
-				logrus.Debugf("unable to make temp dir: %v", err)
-			}
-			st, err := os.Stat(tmpDir)
-			if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && isWriteableOnlyByOwner(st.Mode().Perm()) {
-				runtimeDir = tmpDir
-			}
-		}
-		if runtimeDir == "" {
-			tmpDir := filepath.Join(os.TempDir(), fmt.Sprintf("podman-run-%s", uid))
-			if err := os.MkdirAll(tmpDir, 0o700); err != nil {
-				logrus.Debugf("unable to make temp dir %v", err)
-			}
-			st, err := os.Stat(tmpDir)
-			if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Geteuid() && isWriteableOnlyByOwner(st.Mode().Perm()) {
-				runtimeDir = tmpDir
-			}
-		}
-		if runtimeDir == "" {
-			home := os.Getenv("HOME")
-			if home == "" {
-				rootlessRuntimeDirError = errors.New("neither XDG_RUNTIME_DIR nor HOME was set non-empty")
-				return
-			}
-			resolvedHome, err := filepath.EvalSymlinks(home)
-			if err != nil {
-				rootlessRuntimeDirError = fmt.Errorf("cannot resolve home: %w", err)
-				return
-			}
-			runtimeDir = filepath.Join(resolvedHome, "rundir")
-		}
-		rootlessRuntimeDir = runtimeDir
-	})
-
-	if rootlessRuntimeDirError != nil {
-		return "", rootlessRuntimeDirError
-	}
-	return rootlessRuntimeDir, nil
-}
--- a/vendor/github.com/containers/common/pkg/util/util_windows.go
+++ b/vendor/github.com/containers/common/pkg/util/util_windows.go
@ -1,13 +0,0 @@
-//go:build windows
-// +build windows
-
-package util
-
-import (
-	"errors"
-)
-
-// getRuntimeDir returns the runtime directory
-func GetRuntimeDir() (string, error) {
-	return "", errors.New("this function is not implemented for windows")
-}