Vendor in latest containers/(common, storage, image)

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

vendor/github.com/containers/common/libimage/copier.go

@@ -167,39 +167,37 @@ var storageAllowedPolicyScopes = signature.PolicyTransportScopes{
 	},
 }
 
-// getDockerAuthConfig extracts a docker auth config from the CopyOptions.  Returns
-// nil if no credentials are set.
-func (options *CopyOptions) getDockerAuthConfig() (*types.DockerAuthConfig, error) {
-	authConf := &types.DockerAuthConfig{IdentityToken: options.IdentityToken}
+// getDockerAuthConfig extracts a docker auth config. Returns nil if
+// no credentials are set.
+func getDockerAuthConfig(name, passwd, creds, idToken string) (*types.DockerAuthConfig, error) {
+	numCredsSources := 0
 
-	if options.Username != "" {
-		if options.Credentials != "" {
-			return nil, errors.New("username/password cannot be used with credentials")
-		}
-		authConf.Username = options.Username
-		authConf.Password = options.Password
-		return authConf, nil
+	if name != "" {
+		numCredsSources++
+	}
+	if creds != "" {
+		name, passwd, _ = strings.Cut(creds, ":")
+		numCredsSources++
+	}
+	if idToken != "" {
+		numCredsSources++
+	}
+	authConf := &types.DockerAuthConfig{
+		Username:      name,
+		Password:      passwd,
+		IdentityToken: idToken,
 	}
 
-	if options.Credentials != "" {
-		split := strings.SplitN(options.Credentials, ":", 2)
-		switch len(split) {
-		case 1:
-			authConf.Username = split[0]
-		default:
-			authConf.Username = split[0]
-			authConf.Password = split[1]
-		}
+	switch numCredsSources {
+	case 0:
+		// Return nil if there is no credential source.
+		return nil, nil
+	case 1:
 		return authConf, nil
+	default:
+		// Cannot use the multiple credential sources.
+		return nil, errors.New("cannot use the multiple credential sources")
 	}
-
-	// We should return nil unless a token was set.  That's especially
-	// useful for Podman's remote API.
-	if options.IdentityToken != "" {
-		return authConf, nil
-	}
-
-	return nil, nil
 }
 
 // newCopier creates a copier.  Note that fields in options *may* overwrite the
@@ -237,7 +235,7 @@ func (r *Runtime) newCopier(options *CopyOptions) (*copier, error) {
 		c.systemContext.SignaturePolicyPath = options.SignaturePolicyPath
 	}
 
-	dockerAuthConfig, err := options.getDockerAuthConfig()
+	dockerAuthConfig, err := getDockerAuthConfig(options.Username, options.Password, options.Credentials, options.IdentityToken)
 	if err != nil {
 		return nil, err
 	}

vendor/github.com/containers/common/libimage/search.go

@@ -2,7 +2,6 @@ package libimage
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"strconv"
 	"strings"
@@ -219,29 +218,12 @@ func (r *Runtime) searchImageInRegistry(ctx context.Context, term, registry stri
 		sys.DockerCertPath = options.CertDirPath
 	}
 
-	authConf := &types.DockerAuthConfig{IdentityToken: options.IdentityToken}
-	if options.Username != "" {
-		if options.Credentials != "" {
-			return nil, errors.New("username/password cannot be used with credentials")
-		}
-		authConf.Username = options.Username
-		authConf.Password = options.Password
+	dockerAuthConfig, err := getDockerAuthConfig(options.Username, options.Password, options.Credentials, options.IdentityToken)
+	if err != nil {
+		return nil, err
 	}
-
-	if options.Credentials != "" {
-		split := strings.SplitN(options.Credentials, ":", 2)
-		switch len(split) {
-		case 1:
-			authConf.Username = split[0]
-		default:
-			authConf.Username = split[0]
-			authConf.Password = split[1]
-		}
-	}
-	// We should set the authConf unless a token was set.  That's especially
-	// useful for Podman's remote API.
-	if options.IdentityToken != "" {
-		sys.DockerAuthConfig = authConf
+	if dockerAuthConfig != nil {
+		sys.DockerAuthConfig = dockerAuthConfig
 	}
 
 	if options.ListTags {

vendor/github.com/containers/common/pkg/auth/auth.go

@@ -19,6 +19,23 @@ import (
 	terminal "golang.org/x/term"
 )
 
+// ErrNewCredentialsInvalid means that the new user-provided credentials are
+// not accepted by the registry.
+type ErrNewCredentialsInvalid struct {
+	underlyingError error
+	message         string
+}
+
+// Error returns the error message as a string.
+func (e ErrNewCredentialsInvalid) Error() string {
+	return e.message
+}
+
+// Unwrap returns the underlying error.
+func (e ErrNewCredentialsInvalid) Unwrap() error {
+	return e.underlyingError
+}
+
 // GetDefaultAuthFile returns env value REGISTRY_AUTH_FILE as default
 // --authfile path used in multiple --authfile flag definitions
 // Will fail over to DOCKER_CONFIG if REGISTRY_AUTH_FILE environment is not set
@@ -158,7 +175,10 @@ func Login(ctx context.Context, systemContext *types.SystemContext, opts *LoginO
 	}
 	if unauthorized, ok := err.(docker.ErrUnauthorizedForCredentials); ok {
 		logrus.Debugf("error logging into %q: %v", key, unauthorized)
-		return fmt.Errorf("logging into %q: invalid username/password", key)
+		return ErrNewCredentialsInvalid{
+			underlyingError: err,
+			message:         fmt.Sprintf("logging into %q: invalid username/password", key),
+		}
 	}
 	return fmt.Errorf("authenticating creds for %q: %w", key, err)
 }

vendor/github.com/containers/common/pkg/report/formatter.go

@@ -49,6 +49,15 @@ type Formatter struct {
 	writer        io.Writer          // Destination for formatted output
 }
 
+// stringsCutPrefix is equivalent to Go 1.20’s strings.CutPrefix.
+// Replace this function with a direct call to the standard library after we update to Go 1.20.
+func stringsCutPrefix(s, prefix string) (string, bool) {
+	if !strings.HasPrefix(s, prefix) {
+		return s, false
+	}
+	return s[len(prefix):], true
+}
+
 // Parse parses golang template returning a formatter
 //
 //   - OriginPodman implies text is a template from podman code. Output will
@@ -64,11 +73,12 @@ func (f *Formatter) Parse(origin Origin, text string) (*Formatter, error) {
 	// To be backwards compatible with the previous behavior we try to replace and
 	// parse the template. If it fails use the original text and parse again.
 	var normText string
+	textWithoutTable, hasTable := stringsCutPrefix(text, "table ")
 	switch {
-	case strings.HasPrefix(text, "table "):
+	case hasTable:
 		f.RenderTable = true
 		normText = "{{range .}}" + NormalizeFormat(text) + "{{end -}}"
-		text = "{{range .}}" + text + "{{end -}}"
+		text = "{{range .}}" + textWithoutTable + "{{end -}}"
 	case OriginUser == origin:
 		normText = EnforceRange(NormalizeFormat(text))
 		text = EnforceRange(text)