Vendor c/common

Vendor c/common@main

Signed-off-by: Ashley Cui <acui@redhat.com>

vendor/github.com/containers/common/libnetwork/netavark/exec.go

@@ -86,6 +86,9 @@ func (n *netavarkNetwork) execNetavark(args []string, needPlugin bool, stdin, re
 	if n.dnsBindPort != 0 {
 		env = append(env, "NETAVARK_DNS_PORT="+strconv.Itoa(int(n.dnsBindPort)))
 	}
+	if n.firewallDriver != "" {
+		env = append(env, "NETAVARK_FW="+n.firewallDriver)
+	}
 	return n.execBinary(n.netavarkBinary, append(n.getCommonNetavarkOptions(needPlugin), args...), stdin, result, env)
 }
 

vendor/github.com/containers/common/libnetwork/netavark/network.go

@@ -36,6 +36,9 @@ type netavarkNetwork struct {
 	// aardvarkBinary is the path to the aardvark binary.
 	aardvarkBinary string
 
+	// firewallDriver sets the firewall driver to use
+	firewallDriver string
+
 	// defaultNetwork is the name for the default network.
 	defaultNetwork string
 	// defaultSubnet is the default subnet for the default network.
@@ -79,6 +82,9 @@ type InitConfig struct {
 	// NetworkRunDir is where temporary files are stored, i.e.the ipam db, aardvark config
 	NetworkRunDir string
 
+	// FirewallDriver sets the firewall driver to use
+	FirewallDriver string
+
 	// DefaultNetwork is the name for the default network.
 	DefaultNetwork string
 	// DefaultSubnet is the default subnet for the default network.
@@ -146,6 +152,7 @@ func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 		aardvarkBinary:     conf.AardvarkBinary,
 		networkRootless:    unshare.IsRootless(),
 		ipamDBPath:         filepath.Join(conf.NetworkRunDir, "ipam.db"),
+		firewallDriver:     conf.FirewallDriver,
 		defaultNetwork:     defaultNetworkName,
 		defaultSubnet:      defaultNet,
 		defaultsubnetPools: defaultSubnetPools,

vendor/github.com/containers/common/libnetwork/network/interface.go

@@ -82,6 +82,7 @@ func NetworkBackend(store storage.Store, conf *config.Config, syslog bool) (type
 			NetavarkBinary:     netavarkBin,
 			AardvarkBinary:     aardvarkBin,
 			PluginDirs:         conf.Network.NetavarkPluginDirs.Get(),
+			FirewallDriver:     conf.Network.FirewallDriver,
 			DefaultNetwork:     conf.Network.DefaultNetwork,
 			DefaultSubnet:      conf.Network.DefaultSubnet,
 			DefaultsubnetPools: conf.Network.DefaultSubnetPools,

vendor/github.com/containers/common/pkg/config/config.go

@@ -567,6 +567,9 @@ type NetworkConfig struct {
 	// NetavarkPluginDirs is a list of directories which contain netavark plugins.
 	NetavarkPluginDirs attributedstring.Slice `toml:"netavark_plugin_dirs,omitempty"`
 
+	// FirewallDriver is the firewall driver to be used
+	FirewallDriver string `toml:"firewall_driver,omitempty"`
+
 	// DefaultNetwork is the network name of the default network
 	// to attach pods to.
 	DefaultNetwork string `toml:"default_network,omitempty"`

vendor/github.com/containers/common/pkg/config/config_darwin.go

@@ -32,6 +32,8 @@ func ifRootlessConfigPath() (string, error) {
 }
 
 var defaultHelperBinariesDir = []string{
+	// Relative to the binary directory
+	"$BINDIR/../libexec/podman",
 	// Homebrew install paths
 	"/usr/local/opt/podman/libexec/podman",
 	"/opt/homebrew/opt/podman/libexec/podman",
@@ -42,6 +44,4 @@ var defaultHelperBinariesDir = []string{
 	"/usr/local/lib/podman",
 	"/usr/libexec/podman",
 	"/usr/lib/podman",
-	// Relative to the binary directory
-	"$BINDIR/../libexec/podman",
 }

vendor/github.com/containers/common/pkg/config/containers.conf

@@ -340,6 +340,14 @@ default_sysctls = [
 #  "/usr/lib/netavark",
 #]
 
+# The firewall driver to be used by netavark.
+# The default is empty which means netavark will pick one accordingly. Current supported 
+# drivers are "iptables", "none" (no firewall rules will be created) and "firewalld" (firewalld is
+# experimental at the moment and not recommend outside of testing). In the future we are
+# planning to add support for a "nftables" driver.
+#firewall_driver = ""
+
+
 # The network name of the default network to attach pods to.
 #
 #default_network = "podman"

vendor/github.com/containers/common/pkg/config/default.go

@@ -253,6 +253,7 @@ func defaultConfig() (*Config, error) {
 			Volumes:             attributedstring.Slice{},
 		},
 		Network: NetworkConfig{
+			FirewallDriver:            "",
 			DefaultNetwork:            "podman",
 			DefaultSubnet:             DefaultSubnet,
 			DefaultSubnetPools:        DefaultSubnetPools,
@@ -339,7 +340,8 @@ func defaultEngineConfig() (*EngineConfig, error) {
 
 	c.HelperBinariesDir.Set(defaultHelperBinariesDir)
 	if additionalHelperBinariesDir != "" {
-		c.HelperBinariesDir.Set(append(c.HelperBinariesDir.Get(), additionalHelperBinariesDir))
+		// Prioritize addtionalHelperBinariesDir over defaults.
+		c.HelperBinariesDir.Set(append([]string{additionalHelperBinariesDir}, c.HelperBinariesDir.Get()...))
 	}
 	c.HooksDir.Set(DefaultHooksDirs)
 	c.ImageDefaultTransport = _defaultTransport

vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 2.13.2
+
+### Fixes
+- Fix file handler leak (#1309) [e2e81c8]
+- Avoid allocations with `(*regexp.Regexp).MatchString` (#1302) [3b2a2a7]
+
 ## 2.13.1
 
 ### Fixes

vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/test_suite.go

@@ -226,7 +226,7 @@ func suitesInDir(dir string, recurse bool) TestSuites {
 	files, _ := os.ReadDir(dir)
 	re := regexp.MustCompile(`^[^._].*_test\.go$`)
 	for _, file := range files {
-		if !file.IsDir() && re.Match([]byte(file.Name())) {
+		if !file.IsDir() && re.MatchString(file.Name()) {
 			suite := TestSuite{
 				Path:        relPath(dir),
 				PackageName: packageNameForSuite(dir),
@@ -241,7 +241,7 @@ func suitesInDir(dir string, recurse bool) TestSuites {
 	if recurse {
 		re = regexp.MustCompile(`^[._]`)
 		for _, file := range files {
-			if file.IsDir() && !re.Match([]byte(file.Name())) {
+			if file.IsDir() && !re.MatchString(file.Name()) {
 				suites = append(suites, suitesInDir(dir+"/"+file.Name(), recurse)...)
 			}
 		}
@@ -272,7 +272,7 @@ func filesHaveGinkgoSuite(dir string, files []os.DirEntry) bool {
 	reGinkgo := regexp.MustCompile(`package ginkgo|\/ginkgo"|\/ginkgo\/v2"|\/ginkgo\/v2/dsl/`)
 
 	for _, file := range files {
-		if !file.IsDir() && reTestFile.Match([]byte(file.Name())) {
+		if !file.IsDir() && reTestFile.MatchString(file.Name()) {
 			contents, _ := os.ReadFile(dir + "/" + file.Name())
 			if reGinkgo.Match(contents) {
 				return true

vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/dependencies.go

@@ -78,7 +78,7 @@ func (d Dependencies) resolveAndAdd(deps []string, depth int) {
 		if err != nil {
 			continue
 		}
-		if !pkg.Goroot && (!ginkgoAndGomegaFilter.Match([]byte(pkg.Dir)) || ginkgoIntegrationTestFilter.Match([]byte(pkg.Dir))) {
+		if !pkg.Goroot && (!ginkgoAndGomegaFilter.MatchString(pkg.Dir) || ginkgoIntegrationTestFilter.MatchString(pkg.Dir)) {
 			d.addDepIfNotPresent(pkg.Dir, depth)
 		}
 	}

vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go

@@ -79,7 +79,7 @@ func (p *PackageHash) computeHashes() (codeHash string, codeModifiedTime time.Ti
 			continue
 		}
 
-		if goTestRegExp.Match([]byte(info.Name())) {
+		if goTestRegExp.MatchString(info.Name()) {
 			testHash += p.hashForFileInfo(info)
 			if info.ModTime().After(testModifiedTime) {
 				testModifiedTime = info.ModTime()
@@ -87,7 +87,7 @@ func (p *PackageHash) computeHashes() (codeHash string, codeModifiedTime time.Ti
 			continue
 		}
 
-		if p.watchRegExp.Match([]byte(info.Name())) {
+		if p.watchRegExp.MatchString(info.Name()) {
 			codeHash += p.hashForFileInfo(info)
 			if info.ModTime().After(codeModifiedTime) {
 				codeModifiedTime = info.ModTime()

vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go

@@ -18,6 +18,7 @@ func GenerateJSONReport(report types.Report, destination string) error {
 	if err != nil {
 		return err
 	}
+	defer f.Close()
 	enc := json.NewEncoder(f)
 	enc.SetIndent("", "  ")
 	err = enc.Encode([]types.Report{
@@ -26,7 +27,7 @@ func GenerateJSONReport(report types.Report, destination string) error {
 	if err != nil {
 		return err
 	}
-	return f.Close()
+	return nil
 }
 
 // MergeJSONReports produces a single JSON-formatted report at the passed in destination by merging the JSON-formatted reports provided in sources
@@ -57,11 +58,12 @@ func MergeAndCleanupJSONReports(sources []string, destination string) ([]string,
 	if err != nil {
 		return messages, err
 	}
+	defer f.Close()
 	enc := json.NewEncoder(f)
 	enc.SetIndent("", "  ")
 	err = enc.Encode(allReports)
 	if err != nil {
 		return messages, err
 	}
-	return messages, f.Close()
+	return messages, nil
 }

vendor/github.com/onsi/ginkgo/v2/types/code_location.go

@@ -149,7 +149,7 @@ func PruneStack(fullStackTrace string, skip int) string {
 		re := regexp.MustCompile(`\/ginkgo\/|\/pkg\/testing\/|\/pkg\/runtime\/`)
 		for i := 0; i < len(stack)/2; i++ {
 			// We filter out based on the source code file name.
-			if !re.Match([]byte(stack[i*2+1])) {
+			if !re.MatchString(stack[i*2+1]) {
 				prunedStack = append(prunedStack, stack[i*2])
 				prunedStack = append(prunedStack, stack[i*2+1])
 			}

vendor/github.com/onsi/ginkgo/v2/types/version.go

@@ -1,3 +1,3 @@
 package types
 
-const VERSION = "2.13.1"
+const VERSION = "2.13.2"