vendor: bump containers/buildah

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/checkpoint-restore/checkpointctl v1.3.0
 	github.com/checkpoint-restore/go-criu/v7 v7.2.0
 	github.com/containernetworking/plugins v1.5.1
-	github.com/containers/buildah v1.38.0
+	github.com/containers/buildah v1.38.1-0.20241115143500-f1543bdd7d37
 	github.com/containers/common v0.61.1-0.20241112152446-305e9ce69b0f
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/gvisor-tap-vsock v0.8.0

go.sum

@@ -79,8 +79,8 @@ github.com/containernetworking/cni v1.2.3 h1:hhOcjNVUQTnzdRJ6alC5XF+wd9mfGIUaj8F
 github.com/containernetworking/cni v1.2.3/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M=
 github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+E5J/EcKOE4gQ=
 github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM=
-github.com/containers/buildah v1.38.0 h1:FmciZMwzhdcvtWj+8IE+61+lfTG2JfgrbZ2DUnEMnTE=
-github.com/containers/buildah v1.38.0/go.mod h1:tUsHC2bcgR5Q/R76qZUn7x0FRglqPFry2g5KhWfH4LI=
+github.com/containers/buildah v1.38.1-0.20241115143500-f1543bdd7d37 h1:dcafNYeXF36G5/3bBR7XZtR+2IiKaHl8IWeKIbuQpY4=
+github.com/containers/buildah v1.38.1-0.20241115143500-f1543bdd7d37/go.mod h1:bjeQEXG0EDiLEkUmi4m7ihv6Ic1BugUF/wUfIcKBcU0=
 github.com/containers/common v0.61.1-0.20241112152446-305e9ce69b0f h1:K3jmJrkDJJhLnRdVFI7Gb5mv4/jb2ue9StZ2F1y2rsE=
 github.com/containers/common v0.61.1-0.20241112152446-305e9ce69b0f/go.mod h1:NGRISq2vTFPSbhNqj6MLwyes4tWSlCnqbJg7R77B8xc=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=

vendor/github.com/containers/buildah/.cirrus.yml

@@ -32,7 +32,7 @@ env:
     DEBIAN_NAME: "debian-13"
 
     # Image identifiers
-    IMAGE_SUFFIX: "c20241106t163000z-f41f40d13"
+    IMAGE_SUFFIX: "c20241107t210000z-f41f40d13"
     FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
     PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
     DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}"
@@ -120,13 +120,14 @@ vendor_task:
 
     # Runs within Cirrus's "community cluster"
     container:
-        image: docker.io/library/golang:latest
+        image: docker.io/library/golang:1.22
         cpu: 1
         memory: 1
 
     timeout_in: 5m
 
     vendor_script:
+        - './hack/check_vendor_toolchain.sh Try updating the image used by the vendor_task in .cirrus.yml.'
         - 'make vendor'
         - './hack/tree_status.sh'
 

vendor/github.com/containers/buildah/.codespellrc

@@ -0,0 +1,3 @@
+[codespell]
+skip = ./vendor,./.git,./go.sum,./docs/*.1,./docker/AUTHORS,./CHANGELOG.md,./changelog.txt,./tests/tools/vendor,./tests/tools/go.mod,./tests/tools/go.sum
+ignore-words-list = fo,passt,secon,erro

vendor/github.com/containers/buildah/Makefile

@@ -1,7 +1,7 @@
 export GOPROXY=https://proxy.golang.org
 
 APPARMORTAG := $(shell hack/apparmor_tag.sh)
-STORAGETAGS := exclude_graphdriver_devicemapper $(shell ./btrfs_tag.sh) $(shell ./btrfs_installed_tag.sh) $(shell ./hack/libsubid_tag.sh)
+STORAGETAGS := $(shell ./btrfs_tag.sh) $(shell ./btrfs_installed_tag.sh) $(shell ./hack/libsubid_tag.sh)
 SECURITYTAGS ?= seccomp $(APPARMORTAG)
 TAGS ?= $(SECURITYTAGS) $(STORAGETAGS) $(shell ./hack/systemd_tag.sh)
 ifeq ($(shell uname -s),FreeBSD)
@@ -29,15 +29,12 @@ RACEFLAGS := $(shell $(GO_TEST) -race ./pkg/dummy > /dev/null 2>&1 && echo -race
 COMMIT_NO ?= $(shell git rev-parse HEAD 2> /dev/null || true)
 GIT_COMMIT ?= $(if $(shell git status --porcelain --untracked-files=no),${COMMIT_NO}-dirty,${COMMIT_NO})
 SOURCE_DATE_EPOCH ?= $(if $(shell date +%s),$(shell date +%s),$(error "date failed"))
-STATIC_STORAGETAGS = "containers_image_openpgp $(STORAGE_TAGS)"
 
 # we get GNU make 3.x in MacOS build envs, which wants # to be escaped in
 # strings, while the 4.x we have on Linux doesn't. this is the documented
 # workaround
 COMMENT := \#
 CNI_COMMIT := $(shell sed -n 's;^$(COMMENT) github.com/containernetworking/cni \([^ \n]*\).*$$;\1;p' vendor/modules.txt)
-RUNC_COMMIT := $(shell sed -n 's;^$(COMMENT) github.com/opencontainers/runc \([^ \n]*\).*$$;\1;p' vendor/modules.txt)
-LIBSECCOMP_COMMIT := release-2.3
 
 EXTRA_LDFLAGS ?=
 BUILDAH_LDFLAGS := $(GO_LDFLAGS) '-X main.GitCommit=$(GIT_COMMIT) -X main.buildInfo=$(SOURCE_DATE_EPOCH) -X main.cniVersion=$(CNI_COMMIT) $(EXTRA_LDFLAGS)'
@@ -122,14 +119,8 @@ clean:
 docs: install.tools ## build the docs on the host
 	$(MAKE) -C docs
 
-# For vendoring to work right, the checkout directory must be such that our top
-# level is at $GOPATH/src/github.com/containers/buildah.
-.PHONY: gopath
-gopath:
-	test $(shell pwd) = $(shell cd ../../../../src/github.com/containers/buildah ; pwd)
-
 codespell:
-	codespell -S Makefile,buildah.spec.rpkg,AUTHORS,bin,vendor,.git,go.mod,go.sum,CHANGELOG.md,changelog.txt,seccomp.json,.cirrus.yml,"*.xz,*.gz,*.tar,*.tgz,*ico,*.png,*.1,*.5,*.orig,*.rej" -L secon,passt,bu,uint,iff,od,erro -w
+	codespell -w
 
 .PHONY: validate
 validate: install.tools
@@ -142,25 +133,6 @@ validate: install.tools
 install.tools:
 	$(MAKE) -C tests/tools
 
-.PHONY: runc
-runc: gopath
-	rm -rf ../../opencontainers/runc
-	git clone https://github.com/opencontainers/runc ../../opencontainers/runc
-	cd ../../opencontainers/runc && git checkout $(RUNC_COMMIT) && $(GO) build -tags "$(STORAGETAGS) $(SECURITYTAGS)"
-	ln -sf ../../opencontainers/runc/runc
-
-.PHONY: install.libseccomp.sudo
-install.libseccomp.sudo: gopath
-	rm -rf ../../seccomp/libseccomp
-	git clone https://github.com/seccomp/libseccomp ../../seccomp/libseccomp
-	cd ../../seccomp/libseccomp && git checkout $(LIBSECCOMP_COMMIT) && ./autogen.sh && ./configure --prefix=/usr && make all && sudo make install
-
-.PHONY: install.cni.sudo
-install.cni.sudo: gopath
-	rm -rf ../../containernetworking/plugins
-	git clone https://github.com/containernetworking/plugins ../../containernetworking/plugins
-	cd ../../containernetworking/plugins && ./build_linux.sh && sudo install -D -v -m755 -t /opt/cni/bin/ bin/*
-
 .PHONY: install
 install:
 	install -d -m 755 $(DESTDIR)/$(BINDIR)
@@ -178,10 +150,6 @@ install.completions:
 	install -m 755 -d $(DESTDIR)/$(BASHINSTALLDIR)
 	install -m 644 contrib/completions/bash/buildah $(DESTDIR)/$(BASHINSTALLDIR)/buildah
 
-.PHONY: install.runc
-install.runc:
-	install -m 755 ../../opencontainers/runc/runc $(DESTDIR)/$(BINDIR)/
-
 .PHONY: test-conformance
 test-conformance:
 	$(GO_TEST) -v -tags "$(STORAGETAGS) $(SECURITYTAGS)" -cover -timeout 60m ./tests/conformance
@@ -202,10 +170,11 @@ test-unit: tests/testreport/testreport
 	$(GO_TEST) -v -tags "$(STORAGETAGS) $(SECURITYTAGS)" -cover $(RACEFLAGS) ./cmd/buildah -args --root $$tmp/root --runroot $$tmp/runroot --storage-driver vfs --signature-policy $(shell pwd)/tests/policy.json --registries-conf $(shell pwd)/tests/registries.conf
 
 vendor-in-container:
+	goversion=$(shell sed -e '/^go /!d' -e '/^go /s,.* ,,g' go.mod) ; \
 	if test -d `go env GOCACHE` && test -w `go env GOCACHE` ; then \
-		podman run --privileged --rm --env HOME=/root -v `go env GOCACHE`:/root/.cache/go-build --env GOCACHE=/root/.cache/go-build -v `pwd`:/src -w /src docker.io/library/golang:1.21 make vendor ; \
+		podman run --privileged --rm --env HOME=/root -v `go env GOCACHE`:/root/.cache/go-build --env GOCACHE=/root/.cache/go-build -v `pwd`:/src -w /src docker.io/library/golang:$$goversion make vendor ; \
 	else \
-		podman run --privileged --rm --env HOME=/root -v `pwd`:/src -w /src docker.io/library/golang:1.21 make vendor ; \
+		podman run --privileged --rm --env HOME=/root -v `pwd`:/src -w /src docker.io/library/golang:$$goversion make vendor ; \
 	fi
 
 .PHONY: vendor

vendor/github.com/containers/buildah/copier/syscall_unix.go

@@ -77,12 +77,12 @@ func sameDevice(a, b os.FileInfo) bool {
 	if aSys == nil || bSys == nil {
 		return true
 	}
-	au, aok := aSys.(*syscall.Stat_t)
-	bu, bok := bSys.(*syscall.Stat_t)
-	if !aok || !bok {
+	uA, okA := aSys.(*syscall.Stat_t)
+	uB, okB := bSys.(*syscall.Stat_t)
+	if !okA || !okB {
 		return true
 	}
-	return au.Dev == bu.Dev
+	return uA.Dev == uB.Dev
 }
 
 const (

vendor/github.com/containers/buildah/define/build.go

@@ -379,4 +379,6 @@ type BuildOptions struct {
 	// provides a minimal initial configuration with a working directory
 	// set in it.
 	CompatScratchConfig types.OptionalBool
+	// NoPivotRoot inhibits the usage of pivot_root when setting up the rootfs
+	NoPivotRoot bool
 }

vendor/github.com/containers/buildah/define/types.go

@@ -29,7 +29,7 @@ const (
 	// identify working containers.
 	Package = "buildah"
 	// Version for the Package. Also used by .packit.sh for Packit builds.
-	Version = "1.38.0"
+	Version = "1.39.0-dev"
 
 	// DefaultRuntime if containers.conf fails.
 	DefaultRuntime = "runc"

vendor/github.com/containers/buildah/imagebuildah/executor.go

@@ -163,6 +163,7 @@ type Executor struct {
 	compatSetParent                         types.OptionalBool
 	compatVolumes                           types.OptionalBool
 	compatScratchConfig                     types.OptionalBool
+	noPivotRoot                             bool
 }
 
 type imageTypeAndHistoryAndDiffIDs struct {
@@ -322,6 +323,7 @@ func newExecutor(logger *logrus.Logger, logPrefix string, store storage.Store, o
 		compatSetParent:                         options.CompatSetParent,
 		compatVolumes:                           options.CompatVolumes,
 		compatScratchConfig:                     options.CompatScratchConfig,
+		noPivotRoot:                             options.NoPivotRoot,
 	}
 	if exec.err == nil {
 		exec.err = os.Stderr

vendor/github.com/containers/buildah/imagebuildah/stage_executor.go

@@ -800,7 +800,7 @@ func (s *StageExecutor) Run(run imagebuilder.Run, config docker.Config) error {
 		NamespaceOptions:     namespaceOptions,
 		NoHostname:           s.executor.noHostname,
 		NoHosts:              s.executor.noHosts,
-		NoPivot:              os.Getenv("BUILDAH_NOPIVOT") != "",
+		NoPivot:              os.Getenv("BUILDAH_NOPIVOT") != "" || s.executor.noPivotRoot,
 		Quiet:                s.executor.quiet,
 		CompatBuiltinVolumes: types.OptionalBoolFalse,
 		RunMounts:            run.Mounts,

vendor/github.com/containers/buildah/install.md

@@ -194,11 +194,8 @@ In Fedora, you can use this command:
 Then to install Buildah on Fedora follow the steps in this example:
 
 ```
-  mkdir ~/buildah
-  cd ~/buildah
-  export GOPATH=`pwd`
-  git clone https://github.com/containers/buildah ./src/github.com/containers/buildah
-  cd ./src/github.com/containers/buildah
+  git clone https://github.com/containers/buildah
+  cd buildah
   make
   sudo make install
   buildah --help
@@ -252,18 +249,10 @@ In Ubuntu 22.10 (Karmic) or Debian 12 (Bookworm) you can use these commands:
 
 ```
   sudo apt-get -y -qq update
-  sudo apt-get -y install bats btrfs-progs git go-md2man golang libapparmor-dev libglib2.0-dev libgpgme11-dev libseccomp-dev libselinux1-dev make skopeo libbtrfs-dev
+  sudo apt-get -y install bats btrfs-progs git go-md2man golang libapparmor-dev libglib2.0-dev libgpgme11-dev libseccomp-dev libselinux1-dev make runc skopeo libbtrfs-dev
 ```
 
-Then to install Buildah follow the steps in this example:
-
-```
-  git clone https://github.com/containers/buildah
-  cd buildah
-  make runc all SECURITYTAGS="apparmor seccomp"
-  sudo make install install.runc
-  buildah --help
-```
+The build steps for Buildah on Debian or Ubuntu are the same as for Fedora, above.
 
 ## Vendoring - Dependency Management
 

vendor/modules.txt

@@ -143,7 +143,7 @@ github.com/containernetworking/cni/pkg/version
 # github.com/containernetworking/plugins v1.5.1
 ## explicit; go 1.20
 github.com/containernetworking/plugins/pkg/ns
-# github.com/containers/buildah v1.38.0
+# github.com/containers/buildah v1.38.1-0.20241115143500-f1543bdd7d37
 ## explicit; go 1.22.6
 github.com/containers/buildah
 github.com/containers/buildah/bind