Update vendor of containers/buildah

Changes since 2022-05-31: - add --omit-history option (buildah PR 4028) Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-12-08 23:00:23 +08:00 · 2022-06-11 06:48:22 -04:00
parent 9fac1b335f
commit 5e9d20448c
94 changed files with 1819 additions and 4005 deletions
--- a/vendor/github.com/containers/storage/drivers/chown_darwin.go
+++ b/vendor/github.com/containers/storage/drivers/chown_darwin.go
@@ -0,0 +1,109 @@
+//go:build darwin
+// +build darwin
+
+package graphdriver
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"sync"
+	"syscall"
+
+	"github.com/containers/storage/pkg/idtools"
+	"github.com/containers/storage/pkg/system"
+)
+
+type inode struct {
+	Dev uint64
+	Ino uint64
+}
+
+type platformChowner struct {
+	mutex  sync.Mutex
+	inodes map[inode]bool
+}
+
+func newLChowner() *platformChowner {
+	return &platformChowner{
+		inodes: make(map[inode]bool),
+	}
+}
+
+func (c *platformChowner) LChown(path string, info os.FileInfo, toHost, toContainer *idtools.IDMappings) error {
+	st, ok := info.Sys().(*syscall.Stat_t)
+	if !ok {
+		return nil
+	}
+
+	i := inode{
+		Dev: uint64(st.Dev),
+		Ino: uint64(st.Ino),
+	}
+	c.mutex.Lock()
+	_, found := c.inodes[i]
+	if !found {
+		c.inodes[i] = true
+	}
+	c.mutex.Unlock()
+
+	if found {
+		return nil
+	}
+
+	// Map an on-disk UID/GID pair from host to container
+	// using the first map, then back to the host using the
+	// second map.  Skip that first step if they're 0, to
+	// compensate for cases where a parent layer should
+	// have had a mapped value, but didn't.
+	uid, gid := int(st.Uid), int(st.Gid)
+	if toContainer != nil {
+		pair := idtools.IDPair{
+			UID: uid,
+			GID: gid,
+		}
+		mappedUID, mappedGID, err := toContainer.ToContainer(pair)
+		if err != nil {
+			if (uid != 0) || (gid != 0) {
+				return fmt.Errorf("error mapping host ID pair %#v for %q to container: %v", pair, path, err)
+			}
+			mappedUID, mappedGID = uid, gid
+		}
+		uid, gid = mappedUID, mappedGID
+	}
+	if toHost != nil {
+		pair := idtools.IDPair{
+			UID: uid,
+			GID: gid,
+		}
+		mappedPair, err := toHost.ToHostOverflow(pair)
+		if err != nil {
+			return fmt.Errorf("error mapping container ID pair %#v for %q to host: %v", pair, path, err)
+		}
+		uid, gid = mappedPair.UID, mappedPair.GID
+	}
+	if uid != int(st.Uid) || gid != int(st.Gid) {
+		cap, err := system.Lgetxattr(path, "security.capability")
+		if err != nil && !errors.Is(err, system.EOPNOTSUPP) && err != system.ErrNotSupportedPlatform {
+			return fmt.Errorf("%s: %v", os.Args[0], err)
+		}
+
+		// Make the change.
+		if err := system.Lchown(path, uid, gid); err != nil {
+			return fmt.Errorf("%s: %v", os.Args[0], err)
+		}
+		// Restore the SUID and SGID bits if they were originally set.
+		if (info.Mode()&os.ModeSymlink == 0) && info.Mode()&(os.ModeSetuid|os.ModeSetgid) != 0 {
+			if err := system.Chmod(path, info.Mode()); err != nil {
+				return fmt.Errorf("%s: %v", os.Args[0], err)
+			}
+		}
+		if cap != nil {
+			if err := system.Lsetxattr(path, "security.capability", cap, 0); err != nil {
+				return fmt.Errorf("%s: %v", os.Args[0], err)
+			}
+		}
+
+	}
+	return nil
+}
--- a/vendor/github.com/containers/storage/drivers/chown_unix.go
+++ b/vendor/github.com/containers/storage/drivers/chown_unix.go
@@ -1,5 +1,5 @@
-//go:build !windows
-// +build !windows
+//go:build !windows && !darwin
+// +build !windows,!darwin

 package graphdriver

--- a/vendor/github.com/containers/storage/drivers/driver_darwin.go
+++ b/vendor/github.com/containers/storage/drivers/driver_darwin.go
@@ -0,0 +1,14 @@
+package graphdriver
+
+var (
+	// Slice of drivers that should be used in order
+	priority = []string{
+		"vfs",
+	}
+)
+
+// GetFSMagic returns the filesystem id given the path.
+func GetFSMagic(rootpath string) (FsMagic, error) {
+	// Note it is OK to return FsMagicUnsupported on Windows.
+	return FsMagicUnsupported, nil
+}
--- a/vendor/github.com/containers/storage/drivers/driver_unsupported.go
+++ b/vendor/github.com/containers/storage/drivers/driver_unsupported.go
@@ -1,4 +1,4 @@
-// +build !linux,!windows,!freebsd,!solaris
+// +build !linux,!windows,!freebsd,!solaris,!darwin

 package graphdriver

--- a/vendor/github.com/containers/storage/drivers/fsdiff.go
+++ b/vendor/github.com/containers/storage/drivers/fsdiff.go
@@ -2,6 +2,8 @@ package graphdriver

 import (
 	"io"
+	"os"
+	"runtime"
 	"time"

 	"github.com/containers/storage/pkg/archive"
@@ -170,9 +172,16 @@ func (gdw *NaiveDiffDriver) ApplyDiff(id, parent string, options ApplyDiffOpts)
 	}
 	defer driver.Put(id)

+	defaultForceMask := os.FileMode(0700)
+	var forceMask *os.FileMode = nil
+	if runtime.GOOS == "darwin" {
+		forceMask = &defaultForceMask
+	}
+
 	tarOptions := &archive.TarOptions{
 		InUserNS:          userns.RunningInUserNS(),
 		IgnoreChownErrors: options.IgnoreChownErrors,
+		ForceMask:         forceMask,
 	}
 	if options.Mappings != nil {
 		tarOptions.UIDMaps = options.Mappings.UIDs()
--- a/vendor/github.com/containers/storage/drivers/vfs/driver.go
+++ b/vendor/github.com/containers/storage/drivers/vfs/driver.go
@@ -5,6 +5,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strconv"
 	"strings"

@@ -170,6 +171,10 @@ func (d *Driver) create(id, parent string, opts *graphdriver.CreateOpts, ro bool
 	}()

 	rootPerms := defaultPerms
+	if runtime.GOOS == "darwin" {
+		rootPerms = os.FileMode(0700)
+	}
+
 	if parent != "" {
 		st, err := system.Stat(d.dir(parent))
 		if err != nil {