vendor latest c/common main

Includes a new libnetwork API to get the rootlessnetns ips. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-08-06 19:44:14 +08:00 · 2024-05-17 11:32:20 +02:00
parent 77db54a78a
commit 54ce5c6af1
11 changed files with 122 additions and 28 deletions
--- a/vendor/github.com/containers/common/libnetwork/cni/run.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/run.go
@ -295,3 +295,10 @@ func (n *cniNetwork) RunInRootlessNetns(toRun func() error) error {
 	}
 	return n.rootlessNetns.Run(n.lock, toRun)
 }
+
+func (n *cniNetwork) RootlessNetnsInfo() (*types.RootlessNetnsInfo, error) {
+	if n.rootlessNetns == nil {
+		return nil, types.ErrNotRootlessNetns
+	}
+	return n.rootlessNetns.Info(), nil
+}
--- a/vendor/github.com/containers/common/libnetwork/internal/rootlessnetns/netns_freebsd.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/rootlessnetns/netns_freebsd.go
@ -3,6 +3,7 @@ package rootlessnetns
 import (
 	"errors"

+	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/storage/pkg/lockfile"
 )
@ -26,3 +27,7 @@ func (n *Netns) Teardown(nets int, toRun func() error) error {
 func (n *Netns) Run(lock *lockfile.LockFile, toRun func() error) error {
 	return ErrNotSupported
 }
+
+func (n *Netns) Info() *types.RootlessNetnsInfo {
+	return &types.RootlessNetnsInfo{}
+}
--- a/vendor/github.com/containers/common/libnetwork/internal/rootlessnetns/netns_linux.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/rootlessnetns/netns_linux.go
@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
+	"net"
 	"os"
 	"path/filepath"
 	"strconv"
@ -13,6 +14,7 @@ import (
 	"github.com/containers/common/libnetwork/pasta"
 	"github.com/containers/common/libnetwork/resolvconf"
 	"github.com/containers/common/libnetwork/slirp4netns"
+	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/netns"
 	"github.com/containers/common/pkg/systemd"
@ -51,6 +53,12 @@ type Netns struct {

 	// config contains containers.conf options.
 	config *config.Config
+
+	// ipAddresses used in the netns, this is needed to store
+	// the netns ips that are used by pasta. This is then handed
+	// back to the caller via IPAddresses() which then can make
+	// sure to not use them for host.containers.internal.
+	ipAddresses []net.IP
 }

 type rootlessNetnsError struct {
@ -521,7 +529,24 @@ func (n *Netns) runInner(toRun func() error) (err error) {
 		if err := n.setupMounts(); err != nil {
 			return err
 		}
-		return toRun()
+		if err := toRun(); err != nil {
+			return err
+		}
+
+		// get the current active addresses in the netns, and store them
+		addrs, err := net.InterfaceAddrs()
+		if err != nil {
+			return err
+		}
+		ips := make([]net.IP, 0, len(addrs))
+		for _, addr := range addrs {
+			// make sure to skip localhost and other special addresses
+			if ipnet, ok := addr.(*net.IPNet); ok && ipnet.IP.IsGlobalUnicast() {
+				ips = append(ips, ipnet.IP)
+			}
+		}
+		n.ipAddresses = ips
+		return nil
 	})
 }

@ -597,6 +622,14 @@ func (n *Netns) Run(lock *lockfile.LockFile, toRun func() error) error {
 	return inErr
 }

+// IPAddresses returns the currently used ip addresses in the netns
+// These should then not be assigned for the host.containers.internal entry.
+func (n *Netns) Info() *types.RootlessNetnsInfo {
+	return &types.RootlessNetnsInfo{
+		IPAddresses: n.ipAddresses,
+	}
+}
+
 func refCount(dir string, inc int) (int, error) {
 	file := filepath.Join(dir, refCountFile)
 	content, err := os.ReadFile(file)
--- a/vendor/github.com/containers/common/libnetwork/netavark/run.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/run.go
@ -187,3 +187,10 @@ func (n *netavarkNetwork) RunInRootlessNetns(toRun func() error) error {
 	}
 	return n.rootlessNetns.Run(n.lock, toRun)
 }
+
+func (n *netavarkNetwork) RootlessNetnsInfo() (*types.RootlessNetnsInfo, error) {
+	if n.rootlessNetns == nil {
+		return nil, types.ErrNotRootlessNetns
+	}
+	return n.rootlessNetns.Info(), nil
+}
--- a/vendor/github.com/containers/common/libnetwork/types/network.go
+++ b/vendor/github.com/containers/common/libnetwork/types/network.go
@ -31,6 +31,11 @@ type ContainerNetwork interface {
 	// Only used as rootless and should return an error as root.
 	RunInRootlessNetns(toRun func() error) error

+	// RootlessNetnsInfo return extra information about the rootless netns.
+	// Only valid when called after Setup().
+	// Only used as rootless and should return an error as root.
+	RootlessNetnsInfo() (*RootlessNetnsInfo, error)
+
 	// Drivers will return the list of supported network drivers
 	// for this interface.
 	Drivers() []string
@ -334,6 +339,11 @@ type TeardownOptions struct {
 	NetworkOptions
 }

+type RootlessNetnsInfo struct {
+	// IPAddresses used in the netns, must not be used for host.containers.internal
+	IPAddresses []net.IP
+}
+
 // FilterFunc can be passed to NetworkList to filter the networks.
 type FilterFunc func(Network) bool

--- a/vendor/github.com/containers/common/pkg/secrets/secrets.go
+++ b/vendor/github.com/containers/common/pkg/secrets/secrets.go
@ -218,11 +218,12 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, opti
 	}

 	if options.Replace {
-		if err := driver.Delete(secr.ID); err != nil && !errors.Is(err, define.ErrNoSuchSecret) {
-			return "", fmt.Errorf("deleting secret %s: %w", secr.ID, err)
-		}
-
-		if err == nil {
+		err := driver.Delete(secr.ID)
+		if err != nil {
+			if !errors.Is(err, define.ErrNoSuchSecret) {
+				return "", fmt.Errorf("deleting driver secret %s: %w", secr.ID, err)
+			}
+		} else {
 			if err := s.delete(secr.ID); err != nil && !errors.Is(err, define.ErrNoSuchSecret) {
 				return "", fmt.Errorf("deleting secret %s: %w", secr.ID, err)
 			}
--- a/vendor/github.com/stefanberger/go-pkcs11uri/.travis.yml
+++ b/vendor/github.com/stefanberger/go-pkcs11uri/.travis.yml
@ -5,7 +5,7 @@ os:
 - linux

 go:
-  - "1.13.x"
+  - "1.19.x"

 matrix:
  include:
@ -17,7 +17,7 @@ addons:
      - softhsm2

 install:
-  - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.30.0
+  - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.53.2

 script:
  - make
--- a/vendor/github.com/stefanberger/go-pkcs11uri/pkcs11uri.go
+++ b/vendor/github.com/stefanberger/go-pkcs11uri/pkcs11uri.go
@ -19,7 +19,6 @@ package pkcs11uri
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net/url"
 	"os"
 	"path/filepath"
@ -128,6 +127,12 @@ func (uri *Pkcs11URI) SetPathAttribute(name, value string) error {
 	return uri.setAttribute(uri.pathAttributes, name, value)
 }

+// SetPathAttributeUnencoded sets the value for a path attribute given as byte[].
+// The value must not have been pct-encoded already.
+func (uri *Pkcs11URI) SetPathAttributeUnencoded(name string, value []byte) {
+	uri.pathAttributes[name] = string(value)
+}
+
 // AddPathAttribute adds a path attribute; it returns an error if an attribute with the same
 // name already existed or if the given value cannot be pct-unescaped
 func (uri *Pkcs11URI) AddPathAttribute(name, value string) error {
@ -137,6 +142,16 @@ func (uri *Pkcs11URI) AddPathAttribute(name, value string) error {
 	return uri.SetPathAttribute(name, value)
 }

+// AddPathAttributeUnencoded adds a path attribute given as byte[] which must not already be pct-encoded;
+// it returns an error if an attribute with the same name already existed
+func (uri *Pkcs11URI) AddPathAttributeUnencoded(name string, value []byte) error {
+	if _, ok := uri.pathAttributes[name]; ok {
+		return errors.New("duplicate path attribute")
+	}
+	uri.SetPathAttributeUnencoded(name, value)
+	return nil
+}
+
 // RemovePathAttribute removes a path attribute
 func (uri *Pkcs11URI) RemovePathAttribute(name string) {
 	delete(uri.pathAttributes, name)
@ -173,6 +188,12 @@ func (uri *Pkcs11URI) SetQueryAttribute(name, value string) error {
 	return uri.setAttribute(uri.queryAttributes, name, value)
 }

+// SetQueryAttributeUnencoded sets the value for a quiery attribute given as byte[].
+// The value must not have been pct-encoded already.
+func (uri *Pkcs11URI) SetQueryAttributeUnencoded(name string, value []byte) {
+	uri.queryAttributes[name] = string(value)
+}
+
 // AddQueryAttribute adds a query attribute; it returns an error if an attribute with the same
 // name already existed or if the given value cannot be pct-unescaped
 func (uri *Pkcs11URI) AddQueryAttribute(name, value string) error {
@ -182,6 +203,16 @@ func (uri *Pkcs11URI) AddQueryAttribute(name, value string) error {
 	return uri.SetQueryAttribute(name, value)
 }

+// AddQueryAttributeUnencoded adds a query attribute given as byte[] which must not already be pct-encoded;
+// it returns an error if an attribute with the same name already existed
+func (uri *Pkcs11URI) AddQueryAttributeUnencoded(name string, value []byte) error {
+	if _, ok := uri.queryAttributes[name]; ok {
+		return errors.New("duplicate query attribute")
+	}
+	uri.SetQueryAttributeUnencoded(name, value)
+	return nil
+}
+
 // RemoveQueryAttribute removes a path attribute
 func (uri *Pkcs11URI) RemoveQueryAttribute(name string) {
 	delete(uri.queryAttributes, name)
@ -257,7 +288,7 @@ func (uri *Pkcs11URI) GetPIN() (string, error) {
 			if !filepath.IsAbs(pinuri.Path) {
 				return "", fmt.Errorf("PIN URI path '%s' is not absolute", pinuri.Path)
 			}
-			pin, err := ioutil.ReadFile(pinuri.Path)
+			pin, err := os.ReadFile(pinuri.Path)
 			if err != nil {
 				return "", fmt.Errorf("Could not open PIN file: %s", err)
 			}
@ -426,7 +457,7 @@ func (uri *Pkcs11URI) GetModule() (string, error) {
 	moduleName = strings.ToLower(moduleName)

 	for _, dir := range searchdirs {
-		files, err := ioutil.ReadDir(dir)
+		files, err := os.ReadDir(dir)
 		if err != nil {
 			continue
 		}