vendor buildah, image, storage, cni

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

vendor/github.com/containers/storage/pkg/archive/archive.go

@@ -636,7 +636,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L
 		if chownOpts == nil {
 			chownOpts = &idtools.IDPair{UID: hdr.Uid, GID: hdr.Gid}
 		}
-		if err := os.Lchown(path, chownOpts.UID, chownOpts.GID); err != nil {
+		if err := idtools.SafeLchown(path, chownOpts.UID, chownOpts.GID); err != nil {
 			return err
 		}
 	}

vendor/github.com/containers/storage/pkg/archive/archive_linux.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"syscall"
 
+	"github.com/containers/storage/pkg/idtools"
 	"github.com/containers/storage/pkg/system"
 	"golang.org/x/sys/unix"
 )
@@ -130,7 +131,7 @@ func (overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (bool,
 		if err := unix.Mknod(originalPath, unix.S_IFCHR, 0); err != nil {
 			return false, err
 		}
-		if err := os.Chown(originalPath, hdr.Uid, hdr.Gid); err != nil {
+		if err := idtools.SafeChown(originalPath, hdr.Uid, hdr.Gid); err != nil {
 			return false, err
 		}
 

vendor/github.com/containers/storage/pkg/idtools/idtools.go

@@ -7,6 +7,9 @@ import (
 	"sort"
 	"strconv"
 	"strings"
+	"syscall"
+
+	"github.com/pkg/errors"
 )
 
 // IDMap contains a single entry for user namespace range remapping. An array
@@ -277,3 +280,18 @@ func parseSubidFile(path, username string) (ranges, error) {
 	}
 	return rangeList, nil
 }
+
+func checkChownErr(err error, name string, uid, gid int) error {
+	if e, ok := err.(*os.PathError); ok && e.Err == syscall.EINVAL {
+		return errors.Wrapf(err, "there might not be enough IDs available in the namespace (requested %d:%d for %s)", uid, gid, name)
+	}
+	return err
+}
+
+func SafeChown(name string, uid, gid int) error {
+	return checkChownErr(os.Chown(name, uid, gid), name, uid, gid)
+}
+
+func SafeLchown(name string, uid, gid int) error {
+	return checkChownErr(os.Lchown(name, uid, gid), name, uid, gid)
+}

vendor/github.com/containers/storage/pkg/idtools/idtools_unix.go

@@ -30,7 +30,7 @@ func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chown
 		paths = []string{path}
 	} else if err == nil && chownExisting {
 		// short-circuit--we were called with an existing directory and chown was requested
-		return os.Chown(path, ownerUID, ownerGID)
+		return SafeChown(path, ownerUID, ownerGID)
 	} else if err == nil {
 		// nothing to do; directory path fully exists already and chown was NOT requested
 		return nil
@@ -60,7 +60,7 @@ func mkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int, mkAll, chown
 	// even if it existed, we will chown the requested path + any subpaths that
 	// didn't exist when we called MkdirAll
 	for _, pathComponent := range paths {
-		if err := os.Chown(pathComponent, ownerUID, ownerGID); err != nil {
+		if err := SafeChown(pathComponent, ownerUID, ownerGID); err != nil {
 			return err
 		}
 	}

vendor/github.com/containers/storage/pkg/reexec/command_linux.go

@@ -3,6 +3,7 @@
 package reexec
 
 import (
+	"context"
 	"os/exec"
 	"syscall"
 
@@ -20,11 +21,23 @@ func Self() string {
 // This will use the in-memory version (/proc/self/exe) of the current binary,
 // it is thus safe to delete or replace the on-disk binary (os.Args[0]).
 func Command(args ...string) *exec.Cmd {
-	return &exec.Cmd{
-		Path: Self(),
-		Args: args,
-		SysProcAttr: &syscall.SysProcAttr{
-			Pdeathsig: unix.SIGTERM,
-		},
+	cmd := exec.Command(Self())
+	cmd.Args = args
+	cmd.SysProcAttr = &syscall.SysProcAttr{
+		Pdeathsig: unix.SIGTERM,
 	}
+	return cmd
+}
+
+// CommandContext returns *exec.Cmd which has Path as current binary, and also
+// sets SysProcAttr.Pdeathsig to SIGTERM.
+// This will use the in-memory version (/proc/self/exe) of the current binary,
+// it is thus safe to delete or replace the on-disk binary (os.Args[0]).
+func CommandContext(ctx context.Context, args ...string) *exec.Cmd {
+	cmd := exec.CommandContext(ctx, Self())
+	cmd.Args = args
+	cmd.SysProcAttr = &syscall.SysProcAttr{
+		Pdeathsig: unix.SIGTERM,
+	}
+	return cmd
 }

vendor/github.com/containers/storage/pkg/reexec/command_unix.go

@@ -3,6 +3,7 @@
 package reexec
 
 import (
+	"context"
 	"os/exec"
 )
 
@@ -16,8 +17,14 @@ func Self() string {
 // For example if current binary is "docker" at "/usr/bin/", then cmd.Path will
 // be set to "/usr/bin/docker".
 func Command(args ...string) *exec.Cmd {
-	return &exec.Cmd{
-		Path: Self(),
-		Args: args,
-	}
+	cmd := exec.Command(Self())
+	cmd.Args = args
+	return cmd
+}
+
+// CommandContext returns *exec.Cmd which has Path as current binary.
+func CommandContext(ctx context.Context, args ...string) *exec.Cmd {
+	cmd := exec.CommandContext(ctx, Self())
+	cmd.Args = args
+	return cmd
 }

vendor/github.com/containers/storage/pkg/reexec/command_unsupported.go

@@ -3,6 +3,7 @@
 package reexec
 
 import (
+	"context"
 	"os/exec"
 )
 
@@ -10,3 +11,8 @@ import (
 func Command(args ...string) *exec.Cmd {
 	return nil
 }
+
+// CommandContext is unsupported on operating systems apart from Linux, Windows, Solaris and Darwin.
+func CommandContext(ctx context.Context, args ...string) *exec.Cmd {
+	return nil
+}

vendor/github.com/containers/storage/pkg/reexec/command_windows.go

@@ -3,6 +3,7 @@
 package reexec
 
 import (
+	"context"
 	"os/exec"
 )
 
@@ -16,8 +17,16 @@ func Self() string {
 // For example if current binary is "docker.exe" at "C:\", then cmd.Path will
 // be set to "C:\docker.exe".
 func Command(args ...string) *exec.Cmd {
-	return &exec.Cmd{
-		Path: Self(),
-		Args: args,
-	}
+	cmd := exec.Command(Self())
+	cmd.Args = args
+	return cmd
+}
+
+// Command returns *exec.Cmd which has Path as current binary.
+// For example if current binary is "docker.exe" at "C:\", then cmd.Path will
+// be set to "C:\docker.exe".
+func CommandContext(ctx context.Context, args ...string) *exec.Cmd {
+	cmd := exec.CommandContext(ctx, Self())
+	cmd.Args = args
+	return cmd
 }