diff --git a/go.mod b/go.mod index 03bffdb97e..e4e882b865 100644 --- a/go.mod +++ b/go.mod @@ -12,14 +12,14 @@ require ( github.com/container-orchestrated-devices/container-device-interface v0.5.4 github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.3.0 - github.com/containers/buildah v1.30.1-0.20230627110136-33b7088fec7b - github.com/containers/common v0.54.0 + github.com/containers/buildah v1.31.0 + github.com/containers/common v0.55.1 github.com/containers/conmon v2.0.20+incompatible - github.com/containers/image/v5 v5.26.0 + github.com/containers/image/v5 v5.26.1 github.com/containers/libhvee v0.2.0 github.com/containers/ocicrypt v1.1.7 github.com/containers/psgo v1.8.0 - github.com/containers/storage v1.47.0 + github.com/containers/storage v1.48.0 github.com/coreos/go-systemd/v22 v22.5.0 github.com/coreos/stream-metadata-go v0.4.3 github.com/crc-org/vfkit v0.0.5-0.20230602131541-3d57f09010c9 diff --git a/go.sum b/go.sum index 4b06a56fc7..9eebcdbddc 100644 --- a/go.sum +++ b/go.sum @@ -239,14 +239,14 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= github.com/containernetworking/plugins v1.3.0 h1:QVNXMT6XloyMUoO2wUOqWTC1hWFV62Q6mVDp5H1HnjM= github.com/containernetworking/plugins v1.3.0/go.mod h1:Pc2wcedTQQCVuROOOaLBPPxrEXqqXBFt3cZ+/yVg6l0= -github.com/containers/buildah v1.30.1-0.20230627110136-33b7088fec7b h1:cTb0Sxu/tIQ9uPIchFmkYs+uOtylhyO+0h2+i3XzisQ= -github.com/containers/buildah v1.30.1-0.20230627110136-33b7088fec7b/go.mod h1:O2jiDd5+569W8cwqyLnRKiqAHOPTi/Kj+oDlFNsFg24= -github.com/containers/common v0.54.0 h1:jJ2QVuliTa/40QxyDe1ZS1U/7BsDea7qdBeZE0VPu3E= -github.com/containers/common v0.54.0/go.mod h1:xbA3bUfth8p2xmqSg01oxHNDRJA71SAVUCqhyEISKic= +github.com/containers/buildah v1.31.0 h1:NgVtEyTsR7e/XLTSJElbInnGPjdDGNHqLKADPHzaUGg= +github.com/containers/buildah v1.31.0/go.mod h1:tcgXcGhqw3kw49RapUS7tskEhxKLG4eVFJKA/QzgwNU= +github.com/containers/common v0.55.1 h1:sOlcIxEYXoR3OSHufew7CuSeOWr7a2jHGYw3r+xKA1k= +github.com/containers/common v0.55.1/go.mod h1:ZKPllYOZ2xj2rgWRdnHHVvWg6ru4BT28En8mO8DMMPk= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= -github.com/containers/image/v5 v5.26.0 h1:P9H4+N/7fTTClnFthIWgJU+0LBkhGlW2tCWR+UNG0Vs= -github.com/containers/image/v5 v5.26.0/go.mod h1:QSW67adLL/B4eYsFPG6TjH5Ye4LiLazPAGWk5oQnUdQ= +github.com/containers/image/v5 v5.26.1 h1:8y3xq8GO/6y8FR+nAedHPsAFiAtOrab9qHTBpbqaX8g= +github.com/containers/image/v5 v5.26.1/go.mod h1:IwlOGzTkGnmfirXxt0hZeJlzv1zVukE03WZQ203Z9GA= github.com/containers/libhvee v0.2.0 h1:6h7LdSvBt176oIdMXKkgxdoT/IVP+o/gkwgyjWzvEAo= github.com/containers/libhvee v0.2.0/go.mod h1:Zr2Qhnl5THW/HQjF1o8HmxXWjvHfJb8fvd0ThTzHMys= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= @@ -259,8 +259,8 @@ github.com/containers/ocicrypt v1.1.7/go.mod h1:7CAhjcj2H8AYp5YvEie7oVSK2AhBY8Ns github.com/containers/psgo v1.8.0 h1:2loGekmGAxM9ir5OsXWEfGwFxorMPYnc6gEDsGFQvhY= github.com/containers/psgo v1.8.0/go.mod h1:T8ZxnX3Ur4RvnhxFJ7t8xJ1F48RhiZB4rSrOaR/qGHc= github.com/containers/storage v1.43.0/go.mod h1:uZ147thiIFGdVTjMmIw19knttQnUCl3y9zjreHrg11s= -github.com/containers/storage v1.47.0 h1:Tl/onL8yE/4QABc2kfPDaTSYijk3QrmXGrO21KXkj58= -github.com/containers/storage v1.47.0/go.mod h1:pRp3lkRo2qodb/ltpnudoXggrviRmaCmU5a5GhTBae0= +github.com/containers/storage v1.48.0 h1:wiPs8J2xiFoOEAhxHDRtP6A90Jzj57VqzLRXOqeizns= +github.com/containers/storage v1.48.0/go.mod h1:pRp3lkRo2qodb/ltpnudoXggrviRmaCmU5a5GhTBae0= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= diff --git a/vendor/github.com/containers/buildah/.cirrus.yml b/vendor/github.com/containers/buildah/.cirrus.yml index 0fffa6caae..3a101d4ecb 100644 --- a/vendor/github.com/containers/buildah/.cirrus.yml +++ b/vendor/github.com/containers/buildah/.cirrus.yml @@ -27,12 +27,12 @@ env: #### # GCE project where images live IMAGE_PROJECT: "libpod-218412" - FEDORA_NAME: "fedora-37" - PRIOR_FEDORA_NAME: "fedora-36" - DEBIAN_NAME: "debian-12" + FEDORA_NAME: "fedora-38" + PRIOR_FEDORA_NAME: "fedora-37" + DEBIAN_NAME: "debian-13" # Image identifiers - IMAGE_SUFFIX: "c20230405t152256z-f37f36d12" + IMAGE_SUFFIX: "c20230614t132754z-f38f37d13" FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}" diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md index e69f77820d..9939d91c8c 100644 --- a/vendor/github.com/containers/buildah/CHANGELOG.md +++ b/vendor/github.com/containers/buildah/CHANGELOG.md @@ -2,6 +2,92 @@ # Changelog +## v1.31.0 (2023-06-30) + + Bump c/common to 0.55.1 and c/image to 5.26.1 + Bump c/image to 5.26.0 and c/common to 0.54.0 + vendor: update c/{common,image,storage} to latest + chore: pkg imported more than once + buildah: add pasta(1) support + use slirp4netns package from c/common + update c/common to latest + add hostname to /etc/hosts when running with host network + vendor: update c/common to latest + [CI:BUILD] Packit: add jobs for downstream Fedora package builds + fix(deps): update module golang.org/x/sync to v0.3.0 + fix(deps): update module golang.org/x/crypto to v0.10.0 + Add smoke tests for encryption CLI helpers + fix(deps): update module golang.org/x/term to v0.9.0 + fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0-rc.3 + Remove device mapper support + Remove use of deprecated tar.TypeRegA + Update tooling to support newer golangci-lint + Make cli.EncryptConfig,DecryptConfig, GetFormat public + Don't decrypt images by default + fix(deps): update module github.com/onsi/gomega to v1.27.8 + fix(deps): update github.com/containers/storage digest to 3f3fb2f + Renovate: Don't touch fragile test stuffs + [CI:DOCS] Update comment to remove ambiguity + fix(deps): update github.com/containers/image/v5 digest to abe5133 + fix(deps): update module github.com/sirupsen/logrus to v1.9.3 + fix(deps): update module github.com/containerd/containerd to v1.7.2 + Explicitly ref. quay images for CI + At startup, log the effective capabilities for debugging + parse: use GetTempDir from internal utils + GetTmpDir: honor image_copy_tmp_dir from containers.conf + docs/Makefile: don't show sed invocations + CI: Support testing w/ podman-next COPR packages + intermediate-images inherit-label test: make it debuggable + fix(deps): update github.com/containers/common digest to 462ccdd + Add a warning to `--secret` docs + vendor: bump c/storage to v1.46.2-0.20230526114421-55ee2d19292f + executor: apply label to only final stage + remove registry.centos.org + Go back to setting SysProcAttr.Pdeathsig for child processes + Fix auth.json path (validated on Fedora 38) wq Signed-off-by: Andreas Mack + fix(deps): update module github.com/stretchr/testify to v1.8.3 + CI: fix test broken by renovatebot + chore(deps): update quay.io/libpod/testimage docker tag to v20221018 + fix(deps): update module github.com/onsi/gomega to v1.27.7 + test: use debian instead of docker.io/library/debian:testing-slim + vendor: bump logrus to 1.9.2 + [skip-ci] Update tim-actions/get-pr-commits action to v1.3.0 + Revert "Proof of concept: nightly dependency treadmill" + fix(deps): update module github.com/sirupsen/logrus to v1.9.1 + vendor in containers/(common,storage,image) + fix(deps): update module github.com/docker/distribution to v2.8.2+incompatible + run: drop Pdeathsig + chroot: lock thread before setPdeathsig + tests: add a case for required=false + fix(deps): update module github.com/openshift/imagebuilder to v1.2.5 + build: validate volumes on backend + secret: accept required flag w/o value + fix(deps): update module github.com/containerd/containerd to v1.7.1 + fix(deps): update module golang.org/x/crypto to v0.9.0 + Update the demos README file to fix minor typos + fix(deps): update module golang.org/x/sync to v0.2.0 + fix(deps): update module golang.org/x/term to v0.8.0 + manifest, push: use source as destination if not specified + run,mount: remove path only if they didnt pre-exist + Cirrus: Fix meta task failing to find commit + parse: filter edge-case for podman-remote + fix(deps): update module github.com/opencontainers/runc to v1.1.7 + fix(deps): update module github.com/docker/docker to v23.0.5+incompatible + build: --platform must accept only arch + fix(deps): update module github.com/containers/common to v0.53.0 + makefile: increase conformance timeout + Cap suffixDigitsModulo to a 9-digits suffix. + Rename conflict to suffixDigitsModulo + fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0-rc.2 + fix(deps): update module github.com/opencontainers/runc to v1.1.6 + chore(deps): update centos docker tag to v8 + Clarify the need for qemu-user-static package + chore(deps): update quay.io/centos/centos docker tag to v8 + Renovate: Ensure test/tools/go.mod is managed + Revert "buildah image should not enable fuse-overlayfs for rootful mode" + Bump to v1.31.0-dev + parse: add support for relabel bind mount option + ## v1.30.0 (2023-04-06) fix(deps): update module github.com/opencontainers/runc to v1.1.5 diff --git a/vendor/github.com/containers/buildah/Makefile b/vendor/github.com/containers/buildah/Makefile index 4fb1e37f94..b63cedc75b 100644 --- a/vendor/github.com/containers/buildah/Makefile +++ b/vendor/github.com/containers/buildah/Makefile @@ -179,7 +179,8 @@ tests/testreport/testreport: tests/testreport/testreport.go .PHONY: test-unit test-unit: tests/testreport/testreport - $(GO_TEST) -v -tags "$(STORAGETAGS) $(SECURITYTAGS)" -cover $(RACEFLAGS) $(shell $(GO) list ./... | grep -v vendor | grep -v tests | grep -v cmd) -timeout 45m + $(GO_TEST) -v -tags "$(STORAGETAGS) $(SECURITYTAGS)" -cover $(RACEFLAGS) $(shell $(GO) list ./... | grep -v vendor | grep -v tests | grep -v cmd | grep -v chroot | grep -v copier) -timeout 45m + $(GO_TEST) -v -tags "$(STORAGETAGS) $(SECURITYTAGS)" $(RACEFLAGS) ./chroot ./copier -timeout 45m tmp=$(shell mktemp -d) ; \ mkdir -p $$tmp/root $$tmp/runroot; \ $(GO_TEST) -v -tags "$(STORAGETAGS) $(SECURITYTAGS)" -cover $(RACEFLAGS) ./cmd/buildah -args --root $$tmp/root --runroot $$tmp/runroot --storage-driver vfs --signature-policy $(shell pwd)/tests/policy.json --registries-conf $(shell pwd)/tests/registries.conf diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt index 1dea1c0f2b..53c00b4ddf 100644 --- a/vendor/github.com/containers/buildah/changelog.txt +++ b/vendor/github.com/containers/buildah/changelog.txt @@ -1,3 +1,88 @@ +- Changelog for v1.31.0 (2023-06-30) + * Bump c/common to 0.55.1 and c/image to 5.26.1 + * Bump c/image to 5.26.0 and c/common to 0.54.0 + * vendor: update c/{common,image,storage} to latest + * chore: pkg imported more than once + * buildah: add pasta(1) support + * use slirp4netns package from c/common + * update c/common to latest + * add hostname to /etc/hosts when running with host network + * vendor: update c/common to latest + * [CI:BUILD] Packit: add jobs for downstream Fedora package builds + * fix(deps): update module golang.org/x/sync to v0.3.0 + * fix(deps): update module golang.org/x/crypto to v0.10.0 + * Add smoke tests for encryption CLI helpers + * fix(deps): update module golang.org/x/term to v0.9.0 + * fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0-rc.3 + * Remove device mapper support + * Remove use of deprecated tar.TypeRegA + * Update tooling to support newer golangci-lint + * Make cli.EncryptConfig,DecryptConfig, GetFormat public + * Don't decrypt images by default + * fix(deps): update module github.com/onsi/gomega to v1.27.8 + * fix(deps): update github.com/containers/storage digest to 3f3fb2f + * Renovate: Don't touch fragile test stuffs + * [CI:DOCS] Update comment to remove ambiguity + * fix(deps): update github.com/containers/image/v5 digest to abe5133 + * fix(deps): update module github.com/sirupsen/logrus to v1.9.3 + * fix(deps): update module github.com/containerd/containerd to v1.7.2 + * Explicitly ref. quay images for CI + * At startup, log the effective capabilities for debugging + * parse: use GetTempDir from internal utils + * GetTmpDir: honor image_copy_tmp_dir from containers.conf + * docs/Makefile: don't show sed invocations + * CI: Support testing w/ podman-next COPR packages + * intermediate-images inherit-label test: make it debuggable + * fix(deps): update github.com/containers/common digest to 462ccdd + * Add a warning to `--secret` docs + * vendor: bump c/storage to v1.46.2-0.20230526114421-55ee2d19292f + * executor: apply label to only final stage + * remove registry.centos.org + * Go back to setting SysProcAttr.Pdeathsig for child processes + * Fix auth.json path (validated on Fedora 38) wq Signed-off-by: Andreas Mack + * fix(deps): update module github.com/stretchr/testify to v1.8.3 + * CI: fix test broken by renovatebot + * chore(deps): update quay.io/libpod/testimage docker tag to v20221018 + * fix(deps): update module github.com/onsi/gomega to v1.27.7 + * test: use debian instead of docker.io/library/debian:testing-slim + * vendor: bump logrus to 1.9.2 + * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.0 + * Revert "Proof of concept: nightly dependency treadmill" + * fix(deps): update module github.com/sirupsen/logrus to v1.9.1 + * vendor in containers/(common,storage,image) + * fix(deps): update module github.com/docker/distribution to v2.8.2+incompatible + * run: drop Pdeathsig + * chroot: lock thread before setPdeathsig + * tests: add a case for required=false + * fix(deps): update module github.com/openshift/imagebuilder to v1.2.5 + * build: validate volumes on backend + * secret: accept required flag w/o value + * fix(deps): update module github.com/containerd/containerd to v1.7.1 + * fix(deps): update module golang.org/x/crypto to v0.9.0 + * Update the demos README file to fix minor typos + * fix(deps): update module golang.org/x/sync to v0.2.0 + * fix(deps): update module golang.org/x/term to v0.8.0 + * manifest, push: use source as destination if not specified + * run,mount: remove path only if they didnt pre-exist + * Cirrus: Fix meta task failing to find commit + * parse: filter edge-case for podman-remote + * fix(deps): update module github.com/opencontainers/runc to v1.1.7 + * fix(deps): update module github.com/docker/docker to v23.0.5+incompatible + * build: --platform must accept only arch + * fix(deps): update module github.com/containers/common to v0.53.0 + * makefile: increase conformance timeout + * Cap suffixDigitsModulo to a 9-digits suffix. + * Rename conflict to suffixDigitsModulo + * fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0-rc.2 + * fix(deps): update module github.com/opencontainers/runc to v1.1.6 + * chore(deps): update centos docker tag to v8 + * Clarify the need for qemu-user-static package + * chore(deps): update quay.io/centos/centos docker tag to v8 + * Renovate: Ensure test/tools/go.mod is managed + * Revert "buildah image should not enable fuse-overlayfs for rootful mode" + * Bump to v1.31.0-dev + * parse: add support for relabel bind mount option + - Changelog for v1.30.0 (2023-04-06) * fix(deps): update module github.com/opencontainers/runc to v1.1.5 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.9.7 diff --git a/vendor/github.com/containers/buildah/define/types.go b/vendor/github.com/containers/buildah/define/types.go index 0cf45f160a..53bbd5dd20 100644 --- a/vendor/github.com/containers/buildah/define/types.go +++ b/vendor/github.com/containers/buildah/define/types.go @@ -29,7 +29,7 @@ const ( // identify working containers. Package = "buildah" // Version for the Package. Also used by .packit.sh for Packit builds. - Version = "1.31.0-dev" + Version = "1.31.0" // DefaultRuntime if containers.conf fails. DefaultRuntime = "runc" diff --git a/vendor/github.com/containers/buildah/imagebuildah/executor.go b/vendor/github.com/containers/buildah/imagebuildah/executor.go index 5f23a5826a..7c4eadcd2e 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/executor.go +++ b/vendor/github.com/containers/buildah/imagebuildah/executor.go @@ -22,7 +22,6 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/image/v5/docker/reference" "github.com/containers/image/v5/manifest" - is "github.com/containers/image/v5/storage" storageTransport "github.com/containers/image/v5/storage" "github.com/containers/image/v5/transports" "github.com/containers/image/v5/transports/alltransports" @@ -424,7 +423,7 @@ func (b *Executor) getImageTypeAndHistoryAndDiffIDs(ctx context.Context, imageID if ok { return imageInfo.manifestType, imageInfo.history, imageInfo.diffIDs, imageInfo.err } - imageRef, err := is.Transport.ParseStoreReference(b.store, "@"+imageID) + imageRef, err := storageTransport.Transport.ParseStoreReference(b.store, "@"+imageID) if err != nil { return "", nil, nil, fmt.Errorf("getting image reference %q: %w", imageID, err) } @@ -992,8 +991,8 @@ func (b *Executor) Build(ctx context.Context, stages imagebuilder.Stages) (image // Add additional tags and print image names recorded in storage if dest, err := b.resolveNameToImageRef(b.output); err == nil { switch dest.Transport().Name() { - case is.Transport.Name(): - img, err := is.Transport.GetStoreImage(b.store, dest) + case storageTransport.Transport.Name(): + img, err := storageTransport.Transport.GetStoreImage(b.store, dest) if err != nil { return imageID, ref, fmt.Errorf("locating just-written image %q: %w", transports.ImageName(dest), err) } @@ -1004,7 +1003,7 @@ func (b *Executor) Build(ctx context.Context, stages imagebuilder.Stages) (image logrus.Debugf("assigned names %v to image %q", img.Names, img.ID) } // Report back the caller the tags applied, if any. - img, err = is.Transport.GetStoreImage(b.store, dest) + img, err = storageTransport.Transport.GetStoreImage(b.store, dest) if err != nil { return imageID, ref, fmt.Errorf("locating just-written image %q: %w", transports.ImageName(dest), err) } diff --git a/vendor/github.com/containers/buildah/run.go b/vendor/github.com/containers/buildah/run.go index 4473bef0eb..acb8aa9bfe 100644 --- a/vendor/github.com/containers/buildah/run.go +++ b/vendor/github.com/containers/buildah/run.go @@ -10,7 +10,6 @@ import ( "github.com/containers/image/v5/types" "github.com/containers/storage/pkg/lockfile" "github.com/opencontainers/runtime-spec/specs-go" - spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" ) @@ -199,8 +198,8 @@ type runMountInfo struct { // IDMaps are the UIDs, GID, and maps for the run type IDMaps struct { - uidmap []spec.LinuxIDMapping - gidmap []spec.LinuxIDMapping + uidmap []specs.LinuxIDMapping + gidmap []specs.LinuxIDMapping rootUID int rootGID int processUID int diff --git a/vendor/github.com/containers/buildah/run_common.go b/vendor/github.com/containers/buildah/run_common.go index 0b7261d717..9ea4a3e0b2 100644 --- a/vendor/github.com/containers/buildah/run_common.go +++ b/vendor/github.com/containers/buildah/run_common.go @@ -48,7 +48,6 @@ import ( storageTypes "github.com/containers/storage/types" "github.com/opencontainers/go-digest" "github.com/opencontainers/runtime-spec/specs-go" - spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" "github.com/sirupsen/logrus" @@ -118,7 +117,7 @@ func (b *Builder) addResolvConf(rdir string, chownOpts *idtools.IDPair, dnsServe } // generateHosts creates a containers hosts file -func (b *Builder) generateHosts(rdir string, chownOpts *idtools.IDPair, imageRoot string, spec *spec.Spec) (string, error) { +func (b *Builder) generateHosts(rdir string, chownOpts *idtools.IDPair, imageRoot string, spec *specs.Spec) (string, error) { conf, err := config.Default() if err != nil { return "", err @@ -1468,7 +1467,7 @@ func runSetupBuiltinVolumes(mountLabel, mountPoint, containerDir string, builtin } // Destinations which can be cleaned up after every RUN -func cleanableDestinationListFromMounts(mounts []spec.Mount) []string { +func cleanableDestinationListFromMounts(mounts []specs.Mount) []string { mountDest := []string{} for _, mount := range mounts { // Add all destination to mountArtifacts so that they can be cleaned up later @@ -1509,7 +1508,7 @@ func checkIfMountDestinationPreExists(root string, dest string) (bool, error) { // runSetupRunMounts sets up mounts that exist only in this RUN, not in subsequent runs // // If this function succeeds, the caller must unlock runMountArtifacts.TargetLocks (when??) -func (b *Builder) runSetupRunMounts(mountPoint string, mounts []string, sources runMountInfo, idMaps IDMaps) ([]spec.Mount, *runMountArtifacts, error) { +func (b *Builder) runSetupRunMounts(mountPoint string, mounts []string, sources runMountInfo, idMaps IDMaps) ([]specs.Mount, *runMountArtifacts, error) { // If `type` is not set default to TypeBind mountType := define.TypeBind mountTargets := make([]string, 0, 10) @@ -1527,7 +1526,7 @@ func (b *Builder) runSetupRunMounts(mountPoint string, mounts []string, sources } }() for _, mount := range mounts { - var mountSpec *spec.Mount + var mountSpec *specs.Mount var err error var envFile, image string var agent *sshagent.AgentServer @@ -1622,7 +1621,7 @@ func (b *Builder) runSetupRunMounts(mountPoint string, mounts []string, sources return finalMounts, artifacts, nil } -func (b *Builder) getBindMount(tokens []string, context *imageTypes.SystemContext, contextDir string, stageMountPoints map[string]internal.StageMountDetails, idMaps IDMaps, workDir string) (*spec.Mount, string, error) { +func (b *Builder) getBindMount(tokens []string, context *imageTypes.SystemContext, contextDir string, stageMountPoints map[string]internal.StageMountDetails, idMaps IDMaps, workDir string) (*specs.Mount, string, error) { if contextDir == "" { return nil, "", errors.New("Context Directory for current run invocation is not configured") } @@ -1639,7 +1638,7 @@ func (b *Builder) getBindMount(tokens []string, context *imageTypes.SystemContex return &volumes[0], image, nil } -func (b *Builder) getTmpfsMount(tokens []string, idMaps IDMaps) (*spec.Mount, error) { +func (b *Builder) getTmpfsMount(tokens []string, idMaps IDMaps) (*specs.Mount, error) { var optionMounts []specs.Mount mount, err := internalParse.GetTmpfsMount(tokens) if err != nil { @@ -1653,7 +1652,7 @@ func (b *Builder) getTmpfsMount(tokens []string, idMaps IDMaps) (*spec.Mount, er return &volumes[0], nil } -func (b *Builder) getSecretMount(tokens []string, secrets map[string]define.Secret, idMaps IDMaps, workdir string) (*spec.Mount, string, error) { +func (b *Builder) getSecretMount(tokens []string, secrets map[string]define.Secret, idMaps IDMaps, workdir string) (*specs.Mount, string, error) { errInvalidSyntax := errors.New("secret should have syntax id=id[,target=path,required=bool,mode=uint,uid=uint,gid=uint") if len(tokens) == 0 { return nil, "", errInvalidSyntax @@ -1781,7 +1780,7 @@ func (b *Builder) getSecretMount(tokens []string, secrets map[string]define.Secr } // getSSHMount parses the --mount type=ssh flag in the Containerfile, checks if there's an ssh source provided, and creates and starts an ssh-agent to be forwarded into the container -func (b *Builder) getSSHMount(tokens []string, count int, sshsources map[string]*sshagent.Source, idMaps IDMaps) (*spec.Mount, *sshagent.AgentServer, error) { +func (b *Builder) getSSHMount(tokens []string, count int, sshsources map[string]*sshagent.Source, idMaps IDMaps) (*specs.Mount, *sshagent.AgentServer, error) { errInvalidSyntax := errors.New("ssh should have syntax id=id[,target=path,required=bool,mode=uint,uid=uint,gid=uint") var err error diff --git a/vendor/github.com/containers/buildah/run_linux.go b/vendor/github.com/containers/buildah/run_linux.go index 30dac04f88..e3c12196f1 100644 --- a/vendor/github.com/containers/buildah/run_linux.go +++ b/vendor/github.com/containers/buildah/run_linux.go @@ -40,7 +40,6 @@ import ( "github.com/containers/storage/pkg/unshare" "github.com/docker/go-units" "github.com/opencontainers/runtime-spec/specs-go" - spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" "github.com/sirupsen/logrus" @@ -157,7 +156,7 @@ func (b *Builder) Run(command []string, options RunOptions) error { for _, m := range g.Mounts() { mounts[m.Destination] = true } - newMounts := []spec.Mount{} + newMounts := []specs.Mount{} for _, d := range b.Devices { // Default permission is read-only. perm := "ro" @@ -166,7 +165,7 @@ func (b *Builder) Run(command []string, options RunOptions) error { if strings.Contains(string(d.Rule.Permissions), "w") { perm = "rw" } - devMnt := spec.Mount{ + devMnt := specs.Mount{ Destination: d.Destination, Type: parse.TypeBind, Source: d.Source, @@ -185,7 +184,7 @@ func (b *Builder) Run(command []string, options RunOptions) error { g.Config.Mounts = append(newMounts, g.Config.Mounts...) } else { for _, d := range b.Devices { - sDev := spec.LinuxDevice{ + sDev := specs.LinuxDevice{ Type: string(d.Type), Path: d.Path, Major: d.Major, @@ -380,8 +379,8 @@ rootless=%d return err } -func (b *Builder) setupOCIHooks(config *spec.Spec, hasVolumes bool) (map[string][]spec.Hook, error) { - allHooks := make(map[string][]spec.Hook) +func (b *Builder) setupOCIHooks(config *specs.Spec, hasVolumes bool) (map[string][]specs.Hook, error) { + allHooks := make(map[string][]specs.Hook) if len(b.CommonBuildOpts.OCIHooksDir) == 0 { if unshare.IsRootless() { return nil, nil @@ -472,17 +471,13 @@ func addCommonOptsToSpec(commonOpts *define.CommonBuildOptions, g *generate.Gene return nil } -func setupSlirp4netnsNetwork(netns, cid string, options []string) (func(), map[string]nettypes.StatusBlock, error) { - defConfig, err := config.Default() - if err != nil { - return nil, nil, fmt.Errorf("failed to get container config: %w", err) - } +func setupSlirp4netnsNetwork(config *config.Config, netns, cid string, options []string) (func(), map[string]nettypes.StatusBlock, error) { // we need the TmpDir for the slirp4netns code - if err := os.MkdirAll(defConfig.Engine.TmpDir, 0o751); err != nil { + if err := os.MkdirAll(config.Engine.TmpDir, 0o751); err != nil { return nil, nil, fmt.Errorf("failed to create tempdir: %w", err) } res, err := slirp4netns.Setup(&slirp4netns.SetupOptions{ - Config: defConfig, + Config: config, ContainerID: cid, Netns: netns, ExtraOptions: options, @@ -519,14 +514,9 @@ func setupSlirp4netnsNetwork(netns, cid string, options []string) (func(), map[s }, netStatus, nil } -func setupPasta(netns string, options []string) (func(), map[string]nettypes.StatusBlock, error) { - defConfig, err := config.Default() - if err != nil { - return nil, nil, fmt.Errorf("failed to get container config: %w", err) - } - - err = pasta.Setup(&pasta.SetupOptions{ - Config: defConfig, +func setupPasta(config *config.Config, netns string, options []string) (func(), map[string]nettypes.StatusBlock, error) { + err := pasta.Setup(&pasta.SetupOptions{ + Config: config, Netns: netns, ExtraOptions: options, }) @@ -565,18 +555,33 @@ func setupPasta(netns string, options []string) (func(), map[string]nettypes.Sta func (b *Builder) runConfigureNetwork(pid int, isolation define.Isolation, options RunOptions, network, containerName string) (teardown func(), netStatus map[string]nettypes.StatusBlock, err error) { netns := fmt.Sprintf("/proc/%d/ns/net", pid) var configureNetworks []string + defConfig, err := config.Default() + if err != nil { + return nil, nil, fmt.Errorf("failed to get container config: %w", err) + } name, networkOpts, hasOpts := strings.Cut(network, ":") var netOpts []string if hasOpts { netOpts = strings.Split(networkOpts, ",") } + if isolation == IsolationOCIRootless && name == "" { + switch defConfig.Network.DefaultRootlessNetworkCmd { + case slirp4netns.BinaryName, "": + name = slirp4netns.BinaryName + case pasta.BinaryName: + name = pasta.BinaryName + default: + return nil, nil, fmt.Errorf("invalid default_rootless_network_cmd option %q", + defConfig.Network.DefaultRootlessNetworkCmd) + } + } + switch { - case name == slirp4netns.BinaryName, - isolation == IsolationOCIRootless && name == "": - return setupSlirp4netnsNetwork(netns, containerName, netOpts) + case name == slirp4netns.BinaryName: + return setupSlirp4netnsNetwork(defConfig, netns, containerName, netOpts) case name == pasta.BinaryName: - return setupPasta(netns, netOpts) + return setupPasta(defConfig, netns, netOpts) // Basically default case except we make sure to not split an empty // name as this would return a slice with one empty string which is @@ -1107,7 +1112,7 @@ func setupCapabilities(g *generate.Generator, defaultCapabilities, adds, drops [ return setupCapDrop(g, drops...) } -func addOrReplaceMount(mounts []specs.Mount, mount specs.Mount) []spec.Mount { +func addOrReplaceMount(mounts []specs.Mount, mount specs.Mount) []specs.Mount { for i := range mounts { if mounts[i].Destination == mount.Destination { mounts[i] = mount @@ -1120,7 +1125,7 @@ func addOrReplaceMount(mounts []specs.Mount, mount specs.Mount) []spec.Mount { // setupSpecialMountSpecChanges creates special mounts for depending on the namespaces // logic taken from podman and adapted for buildah // https://github.com/containers/podman/blob/4ba71f955a944790edda6e007e6d074009d437a7/pkg/specgen/generate/oci.go#L178 -func setupSpecialMountSpecChanges(spec *spec.Spec, shmSize string) ([]specs.Mount, error) { +func setupSpecialMountSpecChanges(spec *specs.Spec, shmSize string) ([]specs.Mount, error) { mounts := spec.Mounts isRootless := unshare.IsRootless() isNewUserns := false @@ -1236,7 +1241,7 @@ func setupSpecialMountSpecChanges(spec *spec.Spec, shmSize string) ([]specs.Moun return mounts, nil } -func checkIdsGreaterThan5(ids []spec.LinuxIDMapping) bool { +func checkIdsGreaterThan5(ids []specs.LinuxIDMapping) bool { for _, r := range ids { if r.ContainerID <= 5 && 5 < r.ContainerID+r.Size { return true @@ -1246,7 +1251,7 @@ func checkIdsGreaterThan5(ids []spec.LinuxIDMapping) bool { } // If this function succeeds and returns a non-nil *lockfile.LockFile, the caller must unlock it (when??). -func (b *Builder) getCacheMount(tokens []string, stageMountPoints map[string]internal.StageMountDetails, idMaps IDMaps, workDir string) (*spec.Mount, *lockfile.LockFile, error) { +func (b *Builder) getCacheMount(tokens []string, stageMountPoints map[string]internal.StageMountDetails, idMaps IDMaps, workDir string) (*specs.Mount, *lockfile.LockFile, error) { var optionMounts []specs.Mount mount, targetLock, err := internalParse.GetCacheMount(tokens, b.store, b.MountLabel, stageMountPoints, workDir) if err != nil { diff --git a/vendor/github.com/containers/common/pkg/secrets/secrets.go b/vendor/github.com/containers/common/pkg/secrets/secrets.go index 18902cb1de..61ab9be986 100644 --- a/vendor/github.com/containers/common/pkg/secrets/secrets.go +++ b/vendor/github.com/containers/common/pkg/secrets/secrets.go @@ -50,7 +50,7 @@ var errDataSize = errors.New("secret data must be larger than 0 and less than 51 var secretsFile = "secrets.json" // secretNameRegexp matches valid secret names -// Allowed: 64 [a-zA-Z0-9-_.] characters, and the start and end character must be [a-zA-Z0-9] +// Allowed: 253 [a-zA-Z0-9-_.] characters, and the start and end character must be [a-zA-Z0-9] var secretNameRegexp = regexp.Delayed(`^[a-zA-Z0-9][a-zA-Z0-9_.-]*$`) // SecretsManager holds information on handling secrets @@ -144,12 +144,7 @@ func NewManager(rootPath string) (*SecretsManager, error) { return manager, nil } -func (s *SecretsManager) newSecret(name string) (*Secret, error) { - secr := new(Secret) - secr.Name = name - secr.CreatedAt = time.Now() - secr.UpdatedAt = secr.CreatedAt - +func (s *SecretsManager) newID() (string, error) { for { newID := stringid.GenerateNonCryptoID() // GenerateNonCryptoID() gives 64 characters, so we truncate to correct length @@ -157,13 +152,11 @@ func (s *SecretsManager) newSecret(name string) (*Secret, error) { _, err := s.lookupSecret(newID) if err != nil { if errors.Is(err, ErrNoSuchSecret) { - secr.ID = newID - break + return newID, nil } - return nil, err + return "", err } } - return secr, nil } // Store takes a name, creates a secret and stores the secret metadata and the secret payload. @@ -197,13 +190,10 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, opti } secr.UpdatedAt = time.Now() } else { - if options.Replace { - return "", fmt.Errorf("%s: %w", name, ErrNoSuchSecret) - } - secr, err = s.newSecret(name) - if err != nil { - return "", err - } + secr = new(Secret) + secr.Name = name + secr.CreatedAt = time.Now() + secr.UpdatedAt = secr.CreatedAt } if options.Metadata == nil { @@ -225,6 +215,7 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, opti if err != nil { return "", err } + if options.Replace { err = driver.Delete(secr.ID) if err != nil { @@ -232,6 +223,11 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, opti } } + secr.ID, err = s.newID() + if err != nil { + return "", err + } + err = driver.Store(secr.ID, data) if err != nil { return "", fmt.Errorf("creating secret %s: %w", name, err) @@ -326,8 +322,8 @@ func (s *SecretsManager) LookupSecretData(nameOrID string) (*Secret, []byte, err // validateSecretName checks if the secret name is valid. func validateSecretName(name string) error { - if !secretNameRegexp.MatchString(name) || len(name) > 64 || strings.HasSuffix(name, "-") || strings.HasSuffix(name, ".") { - return fmt.Errorf("only 64 [a-zA-Z0-9-_.] characters allowed, and the start and end character must be [a-zA-Z0-9]: %s: %w", name, errInvalidSecretName) + if !secretNameRegexp.MatchString(name) || len(name) > 253 || strings.HasSuffix(name, "-") || strings.HasSuffix(name, ".") { + return fmt.Errorf("only 253 [a-zA-Z0-9-_.] characters allowed, and the start and end character must be [a-zA-Z0-9]: %s: %w", name, errInvalidSecretName) } return nil } diff --git a/vendor/github.com/containers/common/pkg/servicereaper/service.go b/vendor/github.com/containers/common/pkg/servicereaper/service.go index 54baef3137..11482c59c5 100644 --- a/vendor/github.com/containers/common/pkg/servicereaper/service.go +++ b/vendor/github.com/containers/common/pkg/servicereaper/service.go @@ -1,5 +1,5 @@ -//go:build linux -// +build linux +//go:build linux || freebsd +// +build linux freebsd package servicereaper diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index f4b68b44b8..9a370a898c 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.54.0" +const Version = "0.55.1" diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go index afb35157b1..3c8fc094d0 100644 --- a/vendor/github.com/containers/image/v5/version/version.go +++ b/vendor/github.com/containers/image/v5/version/version.go @@ -8,7 +8,7 @@ const ( // VersionMinor is for functionality in a backwards-compatible manner VersionMinor = 26 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 0 + VersionPatch = 1 // VersionDev indicates development branch. Releases will be empty string. VersionDev = "" diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION index 21998d3c2d..9db5ea12f5 100644 --- a/vendor/github.com/containers/storage/VERSION +++ b/vendor/github.com/containers/storage/VERSION @@ -1 +1 @@ -1.47.0 +1.48.0 diff --git a/vendor/github.com/containers/storage/pkg/archive/archive.go b/vendor/github.com/containers/storage/pkg/archive/archive.go index 408e4599c9..29f800b2af 100644 --- a/vendor/github.com/containers/storage/pkg/archive/archive.go +++ b/vendor/github.com/containers/storage/pkg/archive/archive.go @@ -131,16 +131,6 @@ const ( OverlayWhiteoutFormat ) -const ( - modeISDIR = 0o40000 // Directory - modeISFIFO = 0o10000 // FIFO - modeISREG = 0o100000 // Regular file - modeISLNK = 0o120000 // Symbolic link - modeISBLK = 0o60000 // Block special file - modeISCHR = 0o20000 // Character special file - modeISSOCK = 0o140000 // Socket -) - // IsArchivePath checks if the (possibly compressed) file at the given path // starts with a tar file header. func IsArchivePath(path string) bool { @@ -358,7 +348,7 @@ func FileInfoHeader(name string, fi os.FileInfo, link string) (*tar.Header, erro if err != nil { return nil, err } - hdr.Mode = fillGo18FileTypeBits(int64(chmodTarEntry(os.FileMode(hdr.Mode))), fi) + hdr.Mode = int64(chmodTarEntry(os.FileMode(hdr.Mode))) name, err = canonicalTarName(name, fi.IsDir()) if err != nil { return nil, fmt.Errorf("tar: cannot canonicalize path: %w", err) @@ -370,31 +360,6 @@ func FileInfoHeader(name string, fi os.FileInfo, link string) (*tar.Header, erro return hdr, nil } -// fillGo18FileTypeBits fills type bits which have been removed on Go 1.9 archive/tar -// https://github.com/golang/go/commit/66b5a2f -func fillGo18FileTypeBits(mode int64, fi os.FileInfo) int64 { - fm := fi.Mode() - switch { - case fm.IsRegular(): - mode |= modeISREG - case fi.IsDir(): - mode |= modeISDIR - case fm&os.ModeSymlink != 0: - mode |= modeISLNK - case fm&os.ModeDevice != 0: - if fm&os.ModeCharDevice != 0 { - mode |= modeISCHR - } else { - mode |= modeISBLK - } - case fm&os.ModeNamedPipe != 0: - mode |= modeISFIFO - case fm&os.ModeSocket != 0: - mode |= modeISSOCK - } - return mode -} - // ReadSecurityXattrToTarHeader reads security.capability, security,image // xattrs from filesystem to a tar header func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error { diff --git a/vendor/github.com/containers/storage/pkg/regexp/regexp.go b/vendor/github.com/containers/storage/pkg/regexp/regexp.go index 5b6a3f5e76..1a3333dba2 100644 --- a/vendor/github.com/containers/storage/pkg/regexp/regexp.go +++ b/vendor/github.com/containers/storage/pkg/regexp/regexp.go @@ -10,7 +10,9 @@ import ( // used as global variables. Using this structure helps speed the startup time // of apps that want to use global regex variables. This library initializes them on // first use as opposed to the start of the executable. -type Regexp = *regexpStruct +type Regexp struct { + *regexpStruct +} type regexpStruct struct { _ noCopy @@ -26,7 +28,7 @@ func Delayed(val string) Regexp { if precompile { re.regexp = regexp.MustCompile(re.val) } - return re + return Regexp{re} } func (re *regexpStruct) compile() { diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_freebsd.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_freebsd.go index f52760abba..7a44ca3013 100644 --- a/vendor/github.com/containers/storage/pkg/unshare/unshare_freebsd.go +++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_freebsd.go @@ -59,7 +59,7 @@ func (c *Cmd) Start() error { if err != nil { pidRead.Close() pidWrite.Close() - return fmt.Errorf("creating pid pipe: %w", err) + return fmt.Errorf("creating continue read/write pipe: %w", err) } c.Env = append(c.Env, fmt.Sprintf("_Containers-continue-pipe=%d", len(c.ExtraFiles)+3)) c.ExtraFiles = append(c.ExtraFiles, continueRead) diff --git a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go index 81cd67762f..e169633d05 100644 --- a/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go +++ b/vendor/github.com/containers/storage/pkg/unshare/unshare_linux.go @@ -129,7 +129,7 @@ func (c *Cmd) Start() error { if err != nil { pidRead.Close() pidWrite.Close() - return fmt.Errorf("creating pid pipe: %w", err) + return fmt.Errorf("creating continue read/write pipe: %w", err) } c.Env = append(c.Env, fmt.Sprintf("_Containers-continue-pipe=%d", len(c.ExtraFiles)+3)) c.ExtraFiles = append(c.ExtraFiles, continueRead) diff --git a/vendor/modules.txt b/vendor/modules.txt index 8c85958bb4..c144f3ddaa 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -105,7 +105,7 @@ github.com/containernetworking/cni/pkg/version # github.com/containernetworking/plugins v1.3.0 ## explicit; go 1.20 github.com/containernetworking/plugins/pkg/ns -# github.com/containers/buildah v1.30.1-0.20230627110136-33b7088fec7b +# github.com/containers/buildah v1.31.0 ## explicit; go 1.18 github.com/containers/buildah github.com/containers/buildah/bind @@ -128,7 +128,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.54.0 +# github.com/containers/common v0.55.1 ## explicit; go 1.18 github.com/containers/common/libimage github.com/containers/common/libimage/define @@ -186,7 +186,7 @@ github.com/containers/common/version # github.com/containers/conmon v2.0.20+incompatible ## explicit github.com/containers/conmon/runner/config -# github.com/containers/image/v5 v5.26.0 +# github.com/containers/image/v5 v5.26.1 ## explicit; go 1.18 github.com/containers/image/v5/copy github.com/containers/image/v5/directory @@ -293,7 +293,7 @@ github.com/containers/psgo/internal/dev github.com/containers/psgo/internal/host github.com/containers/psgo/internal/proc github.com/containers/psgo/internal/process -# github.com/containers/storage v1.47.0 +# github.com/containers/storage v1.48.0 ## explicit; go 1.19 github.com/containers/storage github.com/containers/storage/drivers