diff --git a/go.mod b/go.mod index 47c67822db..aa23c43e3e 100644 --- a/go.mod +++ b/go.mod @@ -65,9 +65,9 @@ require ( github.com/vbauerster/mpb/v8 v8.10.2 github.com/vishvananda/netlink v1.3.1 go.etcd.io/bbolt v1.4.3 - go.podman.io/common v0.0.0-20250826054041-6e4bed3c9118 - go.podman.io/image/v5 v5.36.1-0.20250820085751-a13b38f45723 - go.podman.io/storage v1.59.1-0.20250820085751-a13b38f45723 + go.podman.io/common v0.65.0 + go.podman.io/image/v5 v5.37.0 + go.podman.io/storage v1.60.0 golang.org/x/crypto v0.41.0 golang.org/x/net v0.43.0 golang.org/x/sync v0.16.0 diff --git a/go.sum b/go.sum index a2e3f1a38f..b1c9b1dd5e 100644 --- a/go.sum +++ b/go.sum @@ -448,12 +448,12 @@ go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4= go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4= -go.podman.io/common v0.0.0-20250826054041-6e4bed3c9118 h1:irrh47HeVh6YzKd/sDQPxeu4Tr1Cp3HfQt2l9icrDsg= -go.podman.io/common v0.0.0-20250826054041-6e4bed3c9118/go.mod h1:h7a5Zne6vSHzdYC8m4w+AOtuPGTne1852qc6YgLAwMU= -go.podman.io/image/v5 v5.36.1-0.20250820085751-a13b38f45723 h1:FMz5EojZwmYiWQuEs5fu7Iw870k293OPLmBxOsVBzDk= -go.podman.io/image/v5 v5.36.1-0.20250820085751-a13b38f45723/go.mod h1:IHbL4OPh79ir/Au4i3Z/U1Vcumvw3Lu0dgZjwLaydL0= -go.podman.io/storage v1.59.1-0.20250820085751-a13b38f45723 h1:Yvy8mEjlmlocJETNBKr1PV3BuwhNEKiRj8mFUPjsHWA= -go.podman.io/storage v1.59.1-0.20250820085751-a13b38f45723/go.mod h1:NFVh1MHgSeRrphOpLEeJsWV9F5AqT7ZxbYBFRLe0uJM= +go.podman.io/common v0.65.0 h1:8JNl25U4VpKDkFHSymSPm4te7ZQHJbfAB/l2FqtmYEg= +go.podman.io/common v0.65.0/go.mod h1:+lJu8KHeoDQsD9HDdiFaMaOUiqPLQnK406WuLnqM7Z0= +go.podman.io/image/v5 v5.37.0 h1:yzgQybwuWIIeK63hu+mQqna/wOh96XD5cpVc6j8Dg5M= +go.podman.io/image/v5 v5.37.0/go.mod h1:+s2Sx5dia/jVeT8tI3r2NAPrARMiDdbEq3QPIQogx3I= +go.podman.io/storage v1.60.0 h1:bWNSrR58nxg39VNFDSx3m0AswbvyzPGOo5XsUfomTao= +go.podman.io/storage v1.60.0/go.mod h1:NK+rsWJVuQeCM7ifv7cxD3abegWxwtW/3OkuSUJJoE4= go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8= go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= diff --git a/vendor/go.podman.io/common/internal/deepcopy.go b/vendor/go.podman.io/common/internal/deepcopy.go index d000bd9471..690b68fbe1 100644 --- a/vendor/go.podman.io/common/internal/deepcopy.go +++ b/vendor/go.podman.io/common/internal/deepcopy.go @@ -7,7 +7,7 @@ import ( v1 "github.com/opencontainers/image-spec/specs-go/v1" ) -// DeepCopyDescriptor copies a Descriptor, deeply copying its contents +// DeepCopyDescriptor copies a Descriptor, deeply copying its contents. func DeepCopyDescriptor(original *v1.Descriptor) *v1.Descriptor { tmp := *original if original.URLs != nil { diff --git a/vendor/go.podman.io/common/libimage/disk_usage.go b/vendor/go.podman.io/common/libimage/disk_usage.go index 49002445bb..ccca5c9b0e 100644 --- a/vendor/go.podman.io/common/libimage/disk_usage.go +++ b/vendor/go.podman.io/common/libimage/disk_usage.go @@ -10,7 +10,7 @@ import ( "go.podman.io/storage" ) -// ImageDiskUsage reports the total size of an image. That is the size +// ImageDiskUsage reports the total size of an image. That is the size. type ImageDiskUsage struct { // Number of containers using the image. Containers int diff --git a/vendor/go.podman.io/common/libimage/filters.go b/vendor/go.podman.io/common/libimage/filters.go index cf239b48f5..dd55713c8d 100644 --- a/vendor/go.podman.io/common/libimage/filters.go +++ b/vendor/go.podman.io/common/libimage/filters.go @@ -72,7 +72,7 @@ func (r *Runtime) filterImages(ctx context.Context, images []*Image, filters com // // after, since, before, containers, dangling, id, label, readonly, reference, intermediate // -// compileImageFilters returns: compiled filters, if LayerTree is needed, error +// compileImageFilters returns: compiled filters, if LayerTree is needed, error. func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOptions) (compiledFilters, bool, error) { logrus.Tracef("Parsing image filters %s", options.Filters) if len(options.Filters) == 0 { @@ -254,7 +254,7 @@ func (r *Runtime) bool(duplicate map[string]string, key, value string) (bool, er return set, nil } -// filterManifest filters whether or not the image is a manifest list +// filterManifest filters whether or not the image is a manifest list. func filterManifest(ctx context.Context, value bool) filterFunc { return func(img *Image, _ *layerTree) (bool, error) { isManifestList, err := img.IsManifestList(ctx) @@ -266,7 +266,7 @@ func filterManifest(ctx context.Context, value bool) filterFunc { } // filterReferences creates a reference filter for matching the specified wantedReferenceMatches value (OR logic) -// and for matching the unwantedReferenceMatches values (AND logic) +// and for matching the unwantedReferenceMatches values (AND logic). func filterReferences(r *Runtime, wantedReferenceMatches, unwantedReferenceMatches []string) filterFunc { return func(img *Image, _ *layerTree) (bool, error) { // Empty reference filters, return true @@ -357,7 +357,7 @@ func nameMatchesReference(name string, ref reference.Named) bool { return name == ref.String() } -// imageMatchesReferenceFilter returns true if an image matches the filter value given +// imageMatchesReferenceFilter returns true if an image matches the filter value given. func imageMatchesReferenceFilter(r *Runtime, img *Image, value string) (bool, error) { lookedUp, _, _ := r.LookupImage(value, nil) if lookedUp != nil { diff --git a/vendor/go.podman.io/common/libimage/image.go b/vendor/go.podman.io/common/libimage/image.go index 1665c0494e..d0eb1b4c0e 100644 --- a/vendor/go.podman.io/common/libimage/image.go +++ b/vendor/go.podman.io/common/libimage/image.go @@ -267,12 +267,12 @@ func (i *Image) Labels(ctx context.Context) (map[string]string, error) { return data.Labels, nil } -// TopLayer returns the top layer id as a string +// TopLayer returns the top layer id as a string. func (i *Image) TopLayer() string { return i.storageImage.TopLayer } -// Parent returns the parent image or nil if there is none +// Parent returns the parent image or nil if there is none. func (i *Image) Parent(ctx context.Context) (*Image, error) { tree, err := i.runtime.newFreshLayerTree() if err != nil { @@ -383,7 +383,7 @@ func (i *Image) removeContainers(options *RemoveImagesOptions) error { // an image specified by imageID. type RemoveContainerFunc func(imageID string) error -// RemoveImagesReport is the assembled data from removing *one* image. +// RemoveImageReport is the assembled data from removing *one* image. type RemoveImageReport struct { // ID of the image. ID string @@ -942,7 +942,7 @@ func (i *Image) hasDifferentDigestWithSystemContext(ctx context.Context, remoteR return true, nil } -// driverData gets the driver data from the store on a layer +// driverData gets the driver data from the store on a layer. func (i *Image) driverData() (*DriverData, error) { store := i.runtime.store layerID := i.TopLayer() @@ -995,7 +995,7 @@ func (i *Image) source(ctx context.Context) (types.ImageSource, error) { } // rawConfigBlob returns the image's config as a raw byte slice. Users need to -// unmarshal it to the corresponding type (OCI, Docker v2s{1,2}) +// unmarshal it to the corresponding type (OCI, Docker v2s{1,2}). func (i *Image) rawConfigBlob(ctx context.Context) ([]byte, error) { ref, err := i.StorageReference() if err != nil { @@ -1021,7 +1021,7 @@ func (i *Image) Manifest(ctx context.Context) (rawManifest []byte, mimeType stri } // getImageID creates an image object and uses the hex value of the config -// blob's digest (if it has one) as the image ID for parsing the store reference +// blob's digest (if it has one) as the image ID for parsing the store reference. func getImageID(ctx context.Context, src types.ImageReference, sys *types.SystemContext) (string, error) { newImg, err := src.NewImage(ctx, sys) if err != nil { diff --git a/vendor/go.podman.io/common/libimage/image_config.go b/vendor/go.podman.io/common/libimage/image_config.go index 550f0cd71c..6c6bb063e6 100644 --- a/vendor/go.podman.io/common/libimage/image_config.go +++ b/vendor/go.podman.io/common/libimage/image_config.go @@ -33,7 +33,7 @@ type ImageConfig struct { // * WORKDIR // * LABEL // * STOPSIGNAL -// * ONBUILD +// * ONBUILD. func ImageConfigFromChanges(changes []string) (*ImageConfig, error) { // nolint:gocyclo config := &ImageConfig{} diff --git a/vendor/go.podman.io/common/libimage/manifest_list.go b/vendor/go.podman.io/common/libimage/manifest_list.go index 18d34d1f06..1aa31b1d79 100644 --- a/vendor/go.podman.io/common/libimage/manifest_list.go +++ b/vendor/go.podman.io/common/libimage/manifest_list.go @@ -322,7 +322,7 @@ func (m *ManifestList) saveAndReload() error { return m.reloadID(newID) } -// Reload the image and list instances from storage +// Reload the image and list instances from storage. func (m *ManifestList) reload() error { listID := m.ID() return m.reloadID(listID) @@ -338,7 +338,7 @@ func (m *ManifestList) reloadID(listID string) error { return nil } -// getManifestList is a helper to obtain a manifest list +// getManifestList is a helper to obtain a manifest list. func (i *Image) getManifestList() (manifests.List, error) { _, list, err := manifests.LoadFromImage(i.runtime.store, i.ID()) if errors.Is(err, manifesterrors.ErrManifestTypeNotSupported) { @@ -441,7 +441,7 @@ func (m *ManifestList) Inspect() (*define.ManifestListData, error) { return &inspectList, nil } -// Options for adding an image or artifact to a manifest list. +// ManifestListAddOptions for adding an image or artifact to a manifest list. type ManifestListAddOptions struct { // Add all images to the list if the to-be-added image itself is a // manifest list. @@ -538,8 +538,8 @@ func (m *ManifestList) Add(ctx context.Context, name string, options *ManifestLi return newDigest, nil } -// Options for creating an artifact manifest for one or more files and adding -// the artifact manifest to a manifest list. +// ManifestListAddArtifactOptions used for creating an artifact manifest for one or more +// files and adding the artifact manifest to a manifest list. type ManifestListAddArtifactOptions struct { // The artifactType to set in the artifact manifest. Type *string `json:"artifact_type"` @@ -557,7 +557,7 @@ type ManifestListAddArtifactOptions struct { Subject string `json:"subject"` } -// Add adds one or more manifests to the manifest list and returns the digest +// AddArtifact adds one or more manifests to the manifest list and returns the digest // of the added instance. func (m *ManifestList) AddArtifact(ctx context.Context, options *ManifestListAddArtifactOptions, files ...string) (digest.Digest, error) { if options == nil { @@ -628,7 +628,7 @@ func (m *ManifestList) AddArtifact(ctx context.Context, options *ManifestListAdd return newDigest, nil } -// Options for annotating a manifest list. +// ManifestListAnnotateOptions used for annotating a manifest list. type ManifestListAnnotateOptions struct { // Add the specified annotations to the added image. Empty values are ignored. Annotations map[string]string @@ -650,7 +650,7 @@ type ManifestListAnnotateOptions struct { Subject string } -// Annotate an image instance specified by `d` in the manifest list. +// AnnotateInstance annotates an image instance specified by `d` in the manifest list. func (m *ManifestList) AnnotateInstance(d digest.Digest, options *ManifestListAnnotateOptions) error { ctx := context.Background() diff --git a/vendor/go.podman.io/common/libimage/manifests/manifests.go b/vendor/go.podman.io/common/libimage/manifests/manifests.go index 192b5580ee..b99d8fc2c2 100644 --- a/vendor/go.podman.io/common/libimage/manifests/manifests.go +++ b/vendor/go.podman.io/common/libimage/manifests/manifests.go @@ -675,7 +675,7 @@ func (l *list) Add(ctx context.Context, sys *types.SystemContext, ref types.Imag // AddArtifactOptions contains options which control the contents of the // artifact manifest that AddArtifact will create and add to the image index. -// This should provide for all of the ways to construct a manifest outlined in +// AddArtifactOptions should provide for all of the ways to construct a manifest outlined in // https://github.com/opencontainers/image-spec/blob/main/manifest.md#guidelines-for-artifact-usage // - no blobs → set ManifestArtifactType // - blobs, no configuration → set ManifestArtifactType and possibly LayerMediaType, and provide file names diff --git a/vendor/go.podman.io/common/libimage/normalize.go b/vendor/go.podman.io/common/libimage/normalize.go index 393b390a75..55aade61a4 100644 --- a/vendor/go.podman.io/common/libimage/normalize.go +++ b/vendor/go.podman.io/common/libimage/normalize.go @@ -74,7 +74,7 @@ type NameTagPair struct { named reference.Named } -// ToNameTagsPairs splits repoTags into name&tag pairs. +// ToNameTagPairs splits repoTags into name&tag pairs. // Guaranteed to return at least one pair. func ToNameTagPairs(repoTags []reference.Named) ([]NameTagPair, error) { none := "" diff --git a/vendor/go.podman.io/common/libimage/oci.go b/vendor/go.podman.io/common/libimage/oci.go index 80aefc974f..d6909a5ebc 100644 --- a/vendor/go.podman.io/common/libimage/oci.go +++ b/vendor/go.podman.io/common/libimage/oci.go @@ -28,7 +28,7 @@ func (i *Image) toOCI(ctx context.Context) (*ociv1.Image, error) { } // historiesMatch returns the number of entries in the histories which have the -// same contents +// same contents. func historiesMatch(a, b []ociv1.History) int { i := 0 for i < len(a) && i < len(b) { @@ -61,7 +61,7 @@ func historiesMatch(a, b []ociv1.History) int { } // areParentAndChild checks diff ID and history in the two images and return -// true if the second should be considered to be directly based on the first +// true if the second should be considered to be directly based on the first. func areParentAndChild(parent, child *ociv1.Image) bool { // the child and candidate parent should share all of the // candidate parent's diff IDs, which together would have diff --git a/vendor/go.podman.io/common/libimage/runtime.go b/vendor/go.podman.io/common/libimage/runtime.go index 9aa9c39720..3378e6120a 100644 --- a/vendor/go.podman.io/common/libimage/runtime.go +++ b/vendor/go.podman.io/common/libimage/runtime.go @@ -75,7 +75,7 @@ type Runtime struct { systemContext types.SystemContext } -// Returns a copy of the runtime's system context. +// SystemContext returns a copy of the runtime's system context. func (r *Runtime) SystemContext() *types.SystemContext { return r.systemContextCopy() } @@ -161,7 +161,7 @@ func (r *Runtime) storageToImage(storageImage *storage.Image, ref types.ImageRef } } -// getImagesAndLayers obtains consistent slices of Image and storage.Layer +// getImagesAndLayers obtains consistent slices of Image and storage.Layer. func (r *Runtime) getImagesAndLayers() ([]*Image, []storage.Layer, error) { snapshot, err := r.store.MultiList( storage.MultiListOptions{ @@ -225,7 +225,7 @@ type LookupImageOptions struct { var errNoHexValue = errors.New("invalid format: no 64-byte hexadecimal value") -// Lookup Image looks up `name` in the local container storage. Returns the +// LookupImage looks up `name` in the local container storage. Returns the // image and the name it has been found with. Note that name may also use the // `containers-storage:` prefix used to refer to the containers-storage // transport. Returns storage.ErrImageUnknown if the image could not be found. diff --git a/vendor/go.podman.io/common/libnetwork/cni/cni_conversion.go b/vendor/go.podman.io/common/libnetwork/cni/cni_conversion.go index 853f2c1daf..7b5d4eab75 100644 --- a/vendor/go.podman.io/common/libnetwork/cni/cni_conversion.go +++ b/vendor/go.podman.io/common/libnetwork/cni/cni_conversion.go @@ -213,7 +213,7 @@ func convertIPAMConfToNetwork(network *types.Network, ipam *ipamConfig, confPath return nil } -// getNetworkArgsFromConfList returns the map of args in a conflist, argType should be labels or options +// getNetworkArgsFromConfList returns the map of args in a conflist, argType should be labels or options. func getNetworkArgsFromConfList(args map[string]any, argType string) map[string]string { if args, ok := args[argType]; ok { if labels, ok := args.(map[string]any); ok { diff --git a/vendor/go.podman.io/common/libnetwork/cni/cni_types.go b/vendor/go.podman.io/common/libnetwork/cni/cni_types.go index f5cb69b7b0..e85a11b493 100644 --- a/vendor/go.podman.io/common/libnetwork/cni/cni_types.go +++ b/vendor/go.podman.io/common/libnetwork/cni/cni_types.go @@ -14,19 +14,19 @@ const ( defaultIPv4Route = "0.0.0.0/0" defaultIPv6Route = "::/0" // defaultPodmanDomainName is used for the dnsname plugin to define - // a localized domain name for a created network + // a localized domain name for a created network. defaultPodmanDomainName = "dns.podman" - // cniDeviceName is the default name for a new bridge, it should be suffixed with an integer + // cniDeviceName is the default name for a new bridge, it should be suffixed with an integer. cniDeviceName = "cni-podman" - // podmanLabelKey key used to store the podman network label in a cni config + // podmanLabelKey key used to store the podman network label in a cni config. podmanLabelKey = "podman_labels" - // podmanOptionsKey key used to store the podman network options in a cni config + // podmanOptionsKey key used to store the podman network options in a cni config. podmanOptionsKey = "podman_options" - // ingressPolicySameBridge is used to only allow connection on the same bridge network + // ingressPolicySameBridge is used to only allow connection on the same bridge network. ingressPolicySameBridge = "same-bridge" ) @@ -66,7 +66,7 @@ type ipamConfig struct { Ranges [][]ipamLocalHostRangeConf `json:"ranges,omitempty"` } -// ipamLocalHostRangeConf describes the new style IPAM ranges +// ipamLocalHostRangeConf describes the new style IPAM ranges. type ipamLocalHostRangeConf struct { Subnet string `json:"subnet"` RangeStart string `json:"rangeStart,omitempty"` @@ -74,18 +74,18 @@ type ipamLocalHostRangeConf struct { Gateway string `json:"gateway,omitempty"` } -// ipamRoute describes a route in an ipam config +// ipamRoute describes a route in an ipam config. type ipamRoute struct { Dest string `json:"dst"` } -// portMapConfig describes the default portmapping config +// portMapConfig describes the default portmapping config. type portMapConfig struct { PluginType string `json:"type"` Capabilities map[string]bool `json:"capabilities"` } -// VLANConfig describes the macvlan config +// VLANConfig describes the macvlan config. type VLANConfig struct { PluginType string `json:"type"` Master string `json:"master"` @@ -95,30 +95,30 @@ type VLANConfig struct { Capabilities map[string]bool `json:"capabilities,omitempty"` } -// firewallConfig describes the firewall plugin +// firewallConfig describes the firewall plugin. type firewallConfig struct { PluginType string `json:"type"` Backend string `json:"backend"` IngressPolicy string `json:"ingressPolicy,omitempty"` } -// tuningConfig describes the tuning plugin +// tuningConfig describes the tuning plugin. type tuningConfig struct { PluginType string `json:"type"` } -// dnsNameConfig describes the dns container name resolution plugin config +// dnsNameConfig describes the dns container name resolution plugin config. type dnsNameConfig struct { PluginType string `json:"type"` DomainName string `json:"domainName"` Capabilities map[string]bool `json:"capabilities"` } -// ncList describes a generic map +// ncList describes a generic map. type ncList map[string]any // newNcList creates a generic map of values with string -// keys and adds in version and network name +// keys and adds in version and network name. func newNcList(name, version string, labels, options map[string]string) ncList { n := ncList{} n["cniVersion"] = version @@ -136,7 +136,7 @@ func newNcList(name, version string, labels, options map[string]string) ncList { return n } -// newHostLocalBridge creates a new LocalBridge for host-local +// newHostLocalBridge creates a new LocalBridge for host-local. func newHostLocalBridge(name string, isGateWay, ipMasq bool, mtu, vlan int, ipamConf *ipamConfig) *hostLocalBridge { bridge := hostLocalBridge{ PluginType: "bridge", @@ -157,7 +157,7 @@ func newHostLocalBridge(name string, isGateWay, ipMasq bool, mtu, vlan int, ipam return &bridge } -// newIPAMHostLocalConf creates a new IPAMHostLocal configuration +// newIPAMHostLocalConf creates a new IPAMHostLocal configuration. func newIPAMHostLocalConf(routes []ipamRoute, ipamRanges [][]ipamLocalHostRangeConf) ipamConfig { ipamConf := ipamConfig{ PluginType: "host-local", @@ -168,7 +168,7 @@ func newIPAMHostLocalConf(routes []ipamRoute, ipamRanges [][]ipamLocalHostRangeC return ipamConf } -// newIPAMLocalHostRange create a new IPAM range +// newIPAMLocalHostRange create a new IPAM range. func newIPAMLocalHostRange(subnet types.IPNet, leaseRange *types.LeaseRange, gw net.IP) *ipamLocalHostRangeConf { hostRange := &ipamLocalHostRangeConf{ Subnet: subnet.String(), @@ -197,7 +197,7 @@ func newIPAMRoute(r *net.IPNet) ipamRoute { } // newIPAMDefaultRoute creates a new IPAMDefault route of -// 0.0.0.0/0 for IPv4 or ::/0 for IPv6 +// 0.0.0.0/0 for IPv4 or ::/0 for IPv6. func newIPAMDefaultRoute(isIPv6 bool) (ipamRoute, error) { route := defaultIPv4Route if isIPv6 { @@ -211,7 +211,7 @@ func newIPAMDefaultRoute(isIPv6 bool) (ipamRoute, error) { } // newPortMapPlugin creates a predefined, default portmapping -// configuration +// configuration. func newPortMapPlugin() portMapConfig { return portMapConfig{ PluginType: "portmap", @@ -219,7 +219,7 @@ func newPortMapPlugin() portMapConfig { } } -// newFirewallPlugin creates a generic firewall plugin +// newFirewallPlugin creates a generic firewall plugin. func newFirewallPlugin(isolate bool) firewallConfig { fw := firewallConfig{ PluginType: "firewall", @@ -230,7 +230,7 @@ func newFirewallPlugin(isolate bool) firewallConfig { return fw } -// newTuningPlugin creates a generic tuning section +// newTuningPlugin creates a generic tuning section. func newTuningPlugin() tuningConfig { return tuningConfig{ PluginType: "tuning", @@ -238,7 +238,7 @@ func newTuningPlugin() tuningConfig { } // newDNSNamePlugin creates the dnsname config with a given -// domainname +// domainname. func newDNSNamePlugin(domainName string) dnsNameConfig { return dnsNameConfig{ PluginType: "dnsname", @@ -247,7 +247,7 @@ func newDNSNamePlugin(domainName string) dnsNameConfig { } } -// hasDNSNamePlugin looks to see if the dnsname cni plugin is present +// hasDNSNamePlugin looks to see if the dnsname cni plugin is present. func hasDNSNamePlugin(paths []string) bool { for _, p := range paths { if err := fileutils.Exists(filepath.Join(p, "dnsname")); err == nil { @@ -257,7 +257,7 @@ func hasDNSNamePlugin(paths []string) bool { return false } -// newVLANPlugin creates a macvlanconfig with a given device name +// newVLANPlugin creates a macvlanconfig with a given device name. func newVLANPlugin(pluginType, device, mode string, mtu int, ipam *ipamConfig) VLANConfig { m := VLANConfig{ PluginType: pluginType, diff --git a/vendor/go.podman.io/common/libnetwork/cni/network.go b/vendor/go.podman.io/common/libnetwork/cni/network.go index 0567c6af83..8a22773388 100644 --- a/vendor/go.podman.io/common/libnetwork/cni/network.go +++ b/vendor/go.podman.io/common/libnetwork/cni/network.go @@ -295,14 +295,14 @@ func getNetworkIDFromName(name string) string { // Implement the NetUtil interface for easy code sharing with other network interfaces. -// ForEach call the given function for each network +// ForEach call the given function for each network. func (n *cniNetwork) ForEach(run func(types.Network)) { for _, val := range n.networks { run(*val.libpodNet) } } -// Len return the number of networks +// Len return the number of networks. func (n *cniNetwork) Len() int { return len(n.networks) } diff --git a/vendor/go.podman.io/common/libnetwork/etchosts/hosts.go b/vendor/go.podman.io/common/libnetwork/etchosts/hosts.go index 41def42c3b..dbde190fe0 100644 --- a/vendor/go.podman.io/common/libnetwork/etchosts/hosts.go +++ b/vendor/go.podman.io/common/libnetwork/etchosts/hosts.go @@ -26,7 +26,7 @@ type HostEntry struct { Names []string } -// Params for the New() function call +// Params for the New() function call. type Params struct { // BaseFile is the file where we read entries from and add entries to // the target hosts file. If the name is empty it will not read any entries. @@ -98,7 +98,7 @@ func Remove(file string, entries HostEntries) error { return nil } -// new see comment on New() +// new see comment on New(). func newHost(params *Params) error { entries, err := parseExtraHosts(params.ExtraHosts, params.HostContainersInternalIP) if err != nil { @@ -128,7 +128,7 @@ func newHost(params *Params) error { return writeHostFile(params.TargetFile, entries, containerIPs) } -// add see comment on Add() +// add see comment on Add(). func add(file string, entries HostEntries) error { currentEntries, err := parseHostsFile(file) if err != nil { @@ -152,7 +152,7 @@ func add(file string, entries HostEntries) error { return addEntriesIfNotExists(f, entries, names) } -// addIfExists see comment on AddIfExists() +// addIfExists see comment on AddIfExists(). func addIfExists(file string, existsEntries, newEntries HostEntries) error { // special case when there are no existing entries do a normal add // this can happen when we connect a network which was not connected @@ -190,7 +190,7 @@ func addIfExists(file string, existsEntries, newEntries HostEntries) error { return nil } -// remove see comment on Remove() +// remove see comment on Remove(). func remove(file string, entries HostEntries) error { currentEntries, err := parseHostsFile(file) if err != nil { @@ -300,7 +300,7 @@ func parseHostsFile(file string) (HostEntries, error) { return entries, scanner.Err() } -// writeHostFile write the entries to the given file +// writeHostFile write the entries to the given file. func writeHostFile(file string, userEntries, containerIPs HostEntries) error { f, err := os.Create(file) if err != nil { @@ -322,7 +322,7 @@ func writeHostFile(file string, userEntries, containerIPs HostEntries) error { } // addEntriesIfNotExists only adds the entries for names that are not already -// in the hosts file, otherwise we start overwriting user entries +// in the hosts file, otherwise we start overwriting user entries. func addEntriesIfNotExists(f io.StringWriter, containerIPs HostEntries, names map[string]struct{}) error { for _, entry := range containerIPs { freeNames := make([]string, 0, len(entry.Names)) diff --git a/vendor/go.podman.io/common/libnetwork/etchosts/ip.go b/vendor/go.podman.io/common/libnetwork/etchosts/ip.go index 18a2079295..98ab8d7c9d 100644 --- a/vendor/go.podman.io/common/libnetwork/etchosts/ip.go +++ b/vendor/go.podman.io/common/libnetwork/etchosts/ip.go @@ -12,7 +12,7 @@ import ( "go.podman.io/storage/pkg/unshare" ) -// HostContainersInternalOptions contains the options for GetHostContainersInternalIP() +// HostContainersInternalOptions contains the options for GetHostContainersInternalIP(). type HostContainersInternalOptions struct { // Conf is the containers.Conf, must not be nil Conf *config.Config @@ -46,7 +46,7 @@ var machineHostContainersInternalIP = sync.OnceValue(func() string { return "" }) -// GetHostContainersInternalIP returns the host.containers.internal ip +// GetHostContainersInternalIP returns the host.containers.internal ip. func GetHostContainersInternalIP(opts HostContainersInternalOptions) string { switch opts.Conf.Containers.HostContainersInternalIP { case "": @@ -99,7 +99,7 @@ func GetHostContainersInternalIP(opts HostContainersInternalOptions) string { // GetHostContainersInternalIPExcluding returns the host.containers.internal ip // Exclude are ips that should not be returned, this is useful to prevent returning the same ip as in the container. -// if netStatus is not nil then networkInterface also must be non nil otherwise this function panics +// if netStatus is not nil then networkInterface also must be non nil otherwise this function panics. func GetHostContainersInternalIPExcluding(conf *config.Config, netStatus map[string]types.StatusBlock, networkInterface types.ContainerNetwork, exclude []net.IP) string { return GetHostContainersInternalIP(HostContainersInternalOptions{ Conf: conf, diff --git a/vendor/go.podman.io/common/libnetwork/internal/rootlessnetns/netns_linux.go b/vendor/go.podman.io/common/libnetwork/internal/rootlessnetns/netns_linux.go index f80f42f512..05b3b16dd6 100644 --- a/vendor/go.podman.io/common/libnetwork/internal/rootlessnetns/netns_linux.go +++ b/vendor/go.podman.io/common/libnetwork/internal/rootlessnetns/netns_linux.go @@ -30,18 +30,18 @@ import ( ) const ( - // rootlessNetnsDir is the directory name + // rootlessNetnsDir is the directory name. rootlessNetnsDir = "rootless-netns" - // refCountFile file name for the ref count file + // refCountFile file name for the ref count file. refCountFile = "ref-count" - // infoCacheFile file name for the cache file used to store the rootless netns info + // infoCacheFile file name for the cache file used to store the rootless netns info. infoCacheFile = "info.json" - // rootlessNetNsConnPidFile is the name of the rootless netns slirp4netns/pasta pid file + // rootlessNetNsConnPidFile is the name of the rootless netns slirp4netns/pasta pid file. rootlessNetNsConnPidFile = "rootless-netns-conn.pid" - // persistentCNIDir is the directory where the CNI files are stored + // persistentCNIDir is the directory where the CNI files are stored. persistentCNIDir = "/var/lib/cni" tmpfs = "tmpfs" @@ -100,7 +100,7 @@ func New(dir string, backend NetworkBackend, conf *config.Config) (*Netns, error }, nil } -// getPath is a small wrapper around filepath.Join() to have a bit less code +// getPath is a small wrapper around filepath.Join() to have a bit less code. func (n *Netns) getPath(path string) string { return filepath.Join(n.dir, path) } @@ -333,7 +333,7 @@ func (n *Netns) cleanupRootlessNetns() error { return err } -// mountAndMkdirDest convenience wrapper for mount and mkdir +// mountAndMkdirDest convenience wrapper for mount and mkdir. func mountAndMkdirDest(source string, target string, fstype string, flags uintptr) error { if err := os.MkdirAll(target, 0o700); err != nil { return wrapError("create mount point", err) @@ -656,8 +656,9 @@ func (n *Netns) Run(lock *lockfile.LockFile, toRun func() error) error { return inErr } -// IPAddresses returns the currently used ip addresses in the netns -// These should then not be assigned for the host.containers.internal entry. +// Info returns the currently used ip addresses for the rootless-netns. +// These should be used to configure the containers resolv.conf and +// host.containers.internal entries. func (n *Netns) Info() *types.RootlessNetnsInfo { return n.info } diff --git a/vendor/go.podman.io/common/libnetwork/internal/util/interface.go b/vendor/go.podman.io/common/libnetwork/internal/util/interface.go index fced72b7d5..915c5499d0 100644 --- a/vendor/go.podman.io/common/libnetwork/internal/util/interface.go +++ b/vendor/go.podman.io/common/libnetwork/internal/util/interface.go @@ -5,7 +5,7 @@ import "go.podman.io/common/libnetwork/types" // This is a helper package to allow code sharing between the different // network interfaces. -// NetUtil is a helper interface which all network interfaces should implement to allow easy code sharing +// NetUtil is a helper interface which all network interfaces should implement to allow easy code sharing. type NetUtil interface { // ForEach executes the given function for each network ForEach(func(types.Network)) diff --git a/vendor/go.podman.io/common/libnetwork/internal/util/interfaces.go b/vendor/go.podman.io/common/libnetwork/internal/util/interfaces.go index 20819f7566..c3d93d57af 100644 --- a/vendor/go.podman.io/common/libnetwork/internal/util/interfaces.go +++ b/vendor/go.podman.io/common/libnetwork/internal/util/interfaces.go @@ -3,7 +3,7 @@ package util import "net" // getLiveNetworkSubnets returns a slice of subnets representing what the system -// has defined as network interfaces +// has defined as network interfaces. func getLiveNetworkSubnets() ([]*net.IPNet, error) { addrs, err := net.InterfaceAddrs() if err != nil { @@ -20,7 +20,7 @@ func getLiveNetworkSubnets() ([]*net.IPNet, error) { return nets, nil } -// GetLiveNetworkNames returns a list of network interface names on the system +// GetLiveNetworkNames returns a list of network interface names on the system. func GetLiveNetworkNames() ([]string, error) { liveInterfaces, err := net.Interfaces() if err != nil { diff --git a/vendor/go.podman.io/common/libnetwork/internal/util/ip.go b/vendor/go.podman.io/common/libnetwork/internal/util/ip.go index 7afc30f34c..565b4b2cb1 100644 --- a/vendor/go.podman.io/common/libnetwork/internal/util/ip.go +++ b/vendor/go.podman.io/common/libnetwork/internal/util/ip.go @@ -23,7 +23,7 @@ func incByte(subnet *net.IPNet, idx int, shift uint) error { return nil } -// NextSubnet returns subnet incremented by 1 +// NextSubnet returns subnet incremented by 1. func NextSubnet(subnet *net.IPNet) (*net.IPNet, error) { newSubnet := &net.IPNet{ IP: subnet.IP, diff --git a/vendor/go.podman.io/common/libnetwork/internal/util/parse.go b/vendor/go.podman.io/common/libnetwork/internal/util/parse.go index 74064eca79..1d26738669 100644 --- a/vendor/go.podman.io/common/libnetwork/internal/util/parse.go +++ b/vendor/go.podman.io/common/libnetwork/internal/util/parse.go @@ -5,7 +5,7 @@ import ( "strconv" ) -// ParseMTU parses the mtu option +// ParseMTU parses the mtu option. func ParseMTU(mtu string) (int, error) { if mtu == "" { return 0, nil // default @@ -20,7 +20,7 @@ func ParseMTU(mtu string) (int, error) { return m, nil } -// ParseVlan parses the vlan option +// ParseVlan parses the vlan option. func ParseVlan(vlan string) (int, error) { if vlan == "" { return 0, nil // default @@ -35,7 +35,7 @@ func ParseVlan(vlan string) (int, error) { return v, nil } -// ParseIsolate parses the isolate option +// ParseIsolate parses the isolate option. func ParseIsolate(isolate string) (string, error) { switch isolate { case "": diff --git a/vendor/go.podman.io/common/libnetwork/internal/util/util.go b/vendor/go.podman.io/common/libnetwork/internal/util/util.go index f52635768d..f24f9637c6 100644 --- a/vendor/go.podman.io/common/libnetwork/internal/util/util.go +++ b/vendor/go.podman.io/common/libnetwork/internal/util/util.go @@ -12,7 +12,7 @@ import ( ) // GetBridgeInterfaceNames returns all bridge interface names -// already used by network configs +// already used by network configs. func GetBridgeInterfaceNames(n NetUtil) []string { names := make([]string, 0, n.Len()) n.ForEach(func(net types.Network) { @@ -24,7 +24,7 @@ func GetBridgeInterfaceNames(n NetUtil) []string { } // GetUsedNetworkNames returns all network names already used -// by network configs +// by network configs. func GetUsedNetworkNames(n NetUtil) []string { names := make([]string, 0, n.Len()) n.ForEach(func(net types.Network) { @@ -35,7 +35,7 @@ func GetUsedNetworkNames(n NetUtil) []string { // GetFreeDeviceName returns a free device name which can // be used for new configs as name and bridge interface name. -// The base name is suffixed by a number +// The base name is suffixed by a number. func GetFreeDeviceName(n NetUtil) (string, error) { bridgeNames := GetBridgeInterfaceNames(n) netNames := GetUsedNetworkNames(n) @@ -77,7 +77,7 @@ func GetUsedSubnets(n NetUtil) ([]*net.IPNet, error) { return append(subnets, liveSubnets...), nil } -// GetFreeIPv4NetworkSubnet returns a unused ipv4 subnet +// GetFreeIPv4NetworkSubnet returns a unused ipv4 subnet. func GetFreeIPv4NetworkSubnet(usedNetworks []*net.IPNet, subnetPools []config.SubnetPool) (*types.Subnet, error) { var err error for _, pool := range subnetPools { @@ -109,7 +109,7 @@ func GetFreeIPv4NetworkSubnet(usedNetworks []*net.IPNet, subnetPools []config.Su return nil, errors.New("could not find free subnet from subnet pools") } -// GetFreeIPv6NetworkSubnet returns a unused ipv6 subnet +// GetFreeIPv6NetworkSubnet returns a unused ipv6 subnet. func GetFreeIPv6NetworkSubnet(usedNetworks []*net.IPNet) (*types.Subnet, error) { // FIXME: Is 10000 fine as limit? We should prevent an endless loop. for range 10000 { @@ -128,7 +128,7 @@ func GetFreeIPv6NetworkSubnet(usedNetworks []*net.IPNet) (*types.Subnet, error) return nil, errors.New("failed to get random ipv6 subnet") } -// Map docker driver network options to podman network options +// MapDockerBridgeDriverOptions docker driver network options to podman network options. func MapDockerBridgeDriverOptions(n *types.Network) { // validate the given options for key, value := range n.Options { diff --git a/vendor/go.podman.io/common/libnetwork/internal/util/validate.go b/vendor/go.podman.io/common/libnetwork/internal/util/validate.go index dc24e7b613..6b4f2497e3 100644 --- a/vendor/go.podman.io/common/libnetwork/internal/util/validate.go +++ b/vendor/go.podman.io/common/libnetwork/internal/util/validate.go @@ -143,7 +143,7 @@ func ValidateSetupOptions(n NetUtil, namespacePath string, options types.SetupOp return nil } -// validatePerNetworkOpts checks that all given static ips are in a subnet on this network +// validatePerNetworkOpts checks that all given static ips are in a subnet on this network. func validatePerNetworkOpts(network *types.Network, netOpts *types.PerNetworkOptions) error { if netOpts.InterfaceName == "" { return fmt.Errorf("interface name on network %s is empty", network.Name) diff --git a/vendor/go.podman.io/common/libnetwork/netavark/config.go b/vendor/go.podman.io/common/libnetwork/netavark/config.go index 781670703d..dafd7a937b 100644 --- a/vendor/go.podman.io/common/libnetwork/netavark/config.go +++ b/vendor/go.podman.io/common/libnetwork/netavark/config.go @@ -292,7 +292,7 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo return newNetwork, nil } -// ipvlan shares the same mac address so supporting DHCP is not really possible +// ipvlan shares the same mac address so supporting DHCP is not really possible. var errIpvlanNoDHCP = errors.New("ipam driver dhcp is not supported with ipvlan") func createIpvlanOrMacvlan(network *types.Network) error { diff --git a/vendor/go.podman.io/common/libnetwork/netavark/exec.go b/vendor/go.podman.io/common/libnetwork/netavark/exec.go index 2a52a4702b..88b40bbf98 100644 --- a/vendor/go.podman.io/common/libnetwork/netavark/exec.go +++ b/vendor/go.podman.io/common/libnetwork/netavark/exec.go @@ -50,7 +50,7 @@ func newNetavarkError(msg string, err error) error { } // Type to implement io.Writer interface -// This will write the logrus at info level +// This will write the logrus at info level. type logrusNetavarkWriter struct{} func (l *logrusNetavarkWriter) Write(b []byte) (int, error) { @@ -58,7 +58,7 @@ func (l *logrusNetavarkWriter) Write(b []byte) (int, error) { return len(b), nil } -// getRustLogEnv returns the RUST_LOG env var based on the current logrus level +// getRustLogEnv returns the RUST_LOG env var based on the current logrus level. func getRustLogEnv() string { level := logrus.GetLevel().String() // rust env_log uses warn instead of warning diff --git a/vendor/go.podman.io/common/libnetwork/netavark/ipam.go b/vendor/go.podman.io/common/libnetwork/netavark/ipam.go index 6192035365..3f6a667b1e 100644 --- a/vendor/go.podman.io/common/libnetwork/netavark/ipam.go +++ b/vendor/go.podman.io/common/libnetwork/netavark/ipam.go @@ -24,7 +24,7 @@ import ( const ( idBucket = "ids" // lastIP this is used as key to store the last allocated ip - // note that this string should not be 4 or 16 byte long + // note that this string should not be 4 or 16 byte long. lastIP = "lastIP" ) @@ -380,7 +380,7 @@ func (n *netavarkNetwork) removeNetworkIPAMBucket(network *types.Network) error } // requiresIPAMAlloc return true when we have to allocate ips for this network -// it checks the ipam driver and if subnets are set +// it checks the ipam driver and if subnets are set. func requiresIPAMAlloc(network *types.Network) bool { // only do host allocation when driver is set to HostLocalIPAMDriver or unset switch network.IPAMOptions[types.Driver] { diff --git a/vendor/go.podman.io/common/libnetwork/netavark/network.go b/vendor/go.podman.io/common/libnetwork/netavark/network.go index 62f8a662a3..855023db7d 100644 --- a/vendor/go.podman.io/common/libnetwork/netavark/network.go +++ b/vendor/go.podman.io/common/libnetwork/netavark/network.go @@ -342,14 +342,14 @@ func (n *netavarkNetwork) getNetwork(nameOrID string) (*types.Network, error) { // Implement the NetUtil interface for easy code sharing with other network interfaces. -// ForEach call the given function for each network +// ForEach call the given function for each network. func (n *netavarkNetwork) ForEach(run func(types.Network)) { for _, val := range n.networks { run(*val) } } -// Len return the number of networks +// Len return the number of networks. func (n *netavarkNetwork) Len() int { return len(n.networks) } diff --git a/vendor/go.podman.io/common/libnetwork/network/interface.go b/vendor/go.podman.io/common/libnetwork/network/interface.go index 4c9d97fbdd..82955b6edf 100644 --- a/vendor/go.podman.io/common/libnetwork/network/interface.go +++ b/vendor/go.podman.io/common/libnetwork/network/interface.go @@ -18,12 +18,12 @@ import ( ) const ( - // defaultNetworkBackendFileName is the file name for sentinel file to store the backend + // defaultNetworkBackendFileName is the file name for sentinel file to store the backend. defaultNetworkBackendFileName = "defaultNetworkBackend" - // netavarkBinary is the name of the netavark binary + // netavarkBinary is the name of the netavark binary. netavarkBinary = "netavark" - // aardvarkBinary is the name of the aardvark binary + // aardvarkBinary is the name of the aardvark binary. aardvarkBinary = "aardvark-dns" ) diff --git a/vendor/go.podman.io/common/libnetwork/network/interface_cni.go b/vendor/go.podman.io/common/libnetwork/network/interface_cni.go index 0ef4dbdd4c..a46ff25182 100644 --- a/vendor/go.podman.io/common/libnetwork/network/interface_cni.go +++ b/vendor/go.podman.io/common/libnetwork/network/interface_cni.go @@ -18,7 +18,7 @@ import ( ) const ( - // cniConfigDirRootless is the directory in XDG_CONFIG_HOME for cni plugins + // cniConfigDirRootless is the directory in XDG_CONFIG_HOME for cni plugins. cniConfigDirRootless = "cni/net.d/" cniSupported = true diff --git a/vendor/go.podman.io/common/libnetwork/network/interface_linux.go b/vendor/go.podman.io/common/libnetwork/network/interface_linux.go index a161944006..7a5db69a58 100644 --- a/vendor/go.podman.io/common/libnetwork/network/interface_linux.go +++ b/vendor/go.podman.io/common/libnetwork/network/interface_linux.go @@ -1,10 +1,10 @@ package network const ( - // cniConfigDir is the directory where cni configuration is found + // cniConfigDir is the directory where cni configuration is found. cniConfigDir = "/etc/cni/net.d/" - // netavarkConfigDir is the config directory for the rootful network files + // netavarkConfigDir is the config directory for the rootful network files. netavarkConfigDir = "/etc/containers/networks" - // netavarkRunDir is the run directory for the rootful temporary network files such as the ipam db + // netavarkRunDir is the run directory for the rootful temporary network files such as the ipam db. netavarkRunDir = "/run/containers/networks" ) diff --git a/vendor/go.podman.io/common/libnetwork/pasta/pasta_linux.go b/vendor/go.podman.io/common/libnetwork/pasta/pasta_linux.go index 6c3b4bf194..33043e8275 100644 --- a/vendor/go.podman.io/common/libnetwork/pasta/pasta_linux.go +++ b/vendor/go.podman.io/common/libnetwork/pasta/pasta_linux.go @@ -30,11 +30,11 @@ const ( mapGuestAddrOpt = "--map-guest-addr" // dnsForwardIpv4 static ip used as nameserver address inside the netns, - // given this is a "link local" ip it should be very unlikely that it causes conflicts + // given this is a "link local" ip it should be very unlikely that it causes conflicts. dnsForwardIpv4 = "169.254.1.1" // mapGuestAddrIpv4 static ip used as forwarder address inside the netns to reach the host, - // given this is a "link local" ip it should be very unlikely that it causes conflicts + // given this is a "link local" ip it should be very unlikely that it causes conflicts. mapGuestAddrIpv4 = "169.254.1.2" ) @@ -141,13 +141,13 @@ func Setup(opts *SetupOptions) (*SetupResult, error) { } result.IPv6 = ipv6 - result.DNSForwardIPs = filterIpFamily(dnsForwardIPs, ipv4, ipv6) - result.MapGuestAddrIPs = filterIpFamily(mapGuestAddrIPs, ipv4, ipv6) + result.DNSForwardIPs = filterIPFamily(dnsForwardIPs, ipv4, ipv6) + result.MapGuestAddrIPs = filterIPFamily(mapGuestAddrIPs, ipv4, ipv6) return result, nil } -func filterIpFamily(ips []string, ipv4, ipv6 bool) []string { +func filterIPFamily(ips []string, ipv4, ipv6 bool) []string { var result []string for _, ip := range ips { ipp := net.ParseIP(ip) diff --git a/vendor/go.podman.io/common/libnetwork/slirp4netns/const.go b/vendor/go.podman.io/common/libnetwork/slirp4netns/const.go index fa95e5a90a..d75785025b 100644 --- a/vendor/go.podman.io/common/libnetwork/slirp4netns/const.go +++ b/vendor/go.podman.io/common/libnetwork/slirp4netns/const.go @@ -6,14 +6,14 @@ const ( ipv6ConfDefaultAcceptDadSysctl = "/proc/sys/net/ipv6/conf/default/accept_dad" BinaryName = "slirp4netns" - // defaultMTU the default MTU override + // defaultMTU the default MTU override. defaultMTU = 65520 - // default slirp4ns subnet + // default slirp4ns subnet. defaultSubnet = "10.0.2.0/24" ) -// SetupResult return type from Setup() +// SetupResult return type from Setup(). type SetupResult struct { // Pid of the created slirp4netns process Pid int diff --git a/vendor/go.podman.io/common/libnetwork/slirp4netns/slirp4netns.go b/vendor/go.podman.io/common/libnetwork/slirp4netns/slirp4netns.go index 7f2063d962..c4020cae25 100644 --- a/vendor/go.podman.io/common/libnetwork/slirp4netns/slirp4netns.go +++ b/vendor/go.podman.io/common/libnetwork/slirp4netns/slirp4netns.go @@ -426,7 +426,7 @@ func Setup(opts *SetupOptions) (*SetupResult, error) { }, nil } -// Get expected slirp ipv4 address based on subnet. If subnet is null use default subnet +// GetIP returns the slirp ipv4 address based on subnet. If subnet is null use default subnet. // Reference: https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md#description func GetIP(subnet *net.IPNet) (*net.IP, error) { _, slirpSubnet, _ := net.ParseCIDR(defaultSubnet) @@ -440,7 +440,7 @@ func GetIP(subnet *net.IPNet) (*net.IP, error) { return expectedIP, nil } -// Get expected slirp Gateway ipv4 address based on subnet +// GetGateway returns the slirp gateway ipv4 address based on subnet. // Reference: https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md#description func GetGateway(subnet *net.IPNet) (*net.IP, error) { _, slirpSubnet, _ := net.ParseCIDR(defaultSubnet) @@ -454,7 +454,7 @@ func GetGateway(subnet *net.IPNet) (*net.IP, error) { return expectedGatewayIP, nil } -// Get expected slirp DNS ipv4 address based on subnet +// GetDNS returns slirp DNS ipv4 address based on subnet. // Reference: https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md#description func GetDNS(subnet *net.IPNet) (*net.IP, error) { _, slirpSubnet, _ := net.ParseCIDR(defaultSubnet) @@ -656,7 +656,7 @@ func setupRootlessPortMappingViaSlirp(ports []types.PortMapping, cmd *exec.Cmd, return nil } -// openSlirp4netnsPort sends the slirp4netns pai quey to the given socket +// openSlirp4netnsPort sends the slirp4netns pai quey to the given socket. func openSlirp4netnsPort(apiSocket, proto, hostip string, hostport, guestport uint16) error { conn, err := net.Dial("unix", apiSocket) if err != nil { diff --git a/vendor/go.podman.io/common/libnetwork/types/const.go b/vendor/go.podman.io/common/libnetwork/types/const.go index 6e2c3fbf4b..d8730dcdf0 100644 --- a/vendor/go.podman.io/common/libnetwork/types/const.go +++ b/vendor/go.podman.io/common/libnetwork/types/const.go @@ -1,22 +1,22 @@ package types const ( - // BridgeNetworkDriver defines the bridge driver + // BridgeNetworkDriver defines the bridge driver. BridgeNetworkDriver = "bridge" - // DefaultNetworkDriver is the default network type used + // DefaultNetworkDriver is the default network type used. DefaultNetworkDriver = BridgeNetworkDriver - // MacVLANNetworkDriver defines the macvlan driver + // MacVLANNetworkDriver defines the macvlan driver. MacVLANNetworkDriver = "macvlan" - // MacVLANNetworkDriver defines the macvlan driver + // MacVLANNetworkDriver defines the macvlan driver. IPVLANNetworkDriver = "ipvlan" - // IPAM drivers + // IPAM drivers. Driver = "driver" - // HostLocalIPAMDriver store the ip locally in a db + // HostLocalIPAMDriver store the ip locally in a db. HostLocalIPAMDriver = "host-local" - // DHCPIPAMDriver get subnet and ip from dhcp server + // DHCPIPAMDriver get subnet and ip from dhcp server. DHCPIPAMDriver = "dhcp" - // NoneIPAMDriver do not provide ipam management + // NoneIPAMDriver do not provide ipam management. NoneIPAMDriver = "none" // DefaultSubnet is the name that will be used for the default CNI network. @@ -27,18 +27,18 @@ const ( BridgeModeManaged = "managed" BridgeModeUnmanaged = "unmanaged" - // valid macvlan driver mode values + // valid macvlan driver mode values. MacVLANModeBridge = "bridge" MacVLANModePrivate = "private" MacVLANModeVepa = "vepa" MacVLANModePassthru = "passthru" - // valid ipvlan driver modes + // valid ipvlan driver modes. IPVLANModeL2 = "l2" IPVLANModeL3 = "l3" IPVLANModeL3s = "l3s" - // valid network options + // valid network options. VLANOption = "vlan" MTUOption = "mtu" ModeOption = "mode" @@ -56,11 +56,11 @@ const ( Netavark NetworkBackend = "netavark" ) -// ValidBridgeModes is the list of valid mode options for the bridge driver +// ValidBridgeModes is the list of valid mode options for the bridge driver. var ValidBridgeModes = []string{BridgeModeManaged, BridgeModeUnmanaged} -// ValidMacVLANModes is the list of valid mode options for the macvlan driver +// ValidMacVLANModes is the list of valid mode options for the macvlan driver. var ValidMacVLANModes = []string{MacVLANModeBridge, MacVLANModePrivate, MacVLANModeVepa, MacVLANModePassthru} -// ValidIPVLANModes is the list of valid mode options for the ipvlan driver +// ValidIPVLANModes is the list of valid mode options for the ipvlan driver. var ValidIPVLANModes = []string{IPVLANModeL2, IPVLANModeL3, IPVLANModeL3s} diff --git a/vendor/go.podman.io/common/libnetwork/types/define.go b/vendor/go.podman.io/common/libnetwork/types/define.go index c55df60a01..f5d90c8be5 100644 --- a/vendor/go.podman.io/common/libnetwork/types/define.go +++ b/vendor/go.podman.io/common/libnetwork/types/define.go @@ -8,17 +8,17 @@ import ( ) var ( - // ErrNoSuchNetwork indicates the requested network does not exist + // ErrNoSuchNetwork indicates the requested network does not exist. ErrNoSuchNetwork = errors.New("network not found") - // ErrInvalidArg indicates that an invalid argument was passed + // ErrInvalidArg indicates that an invalid argument was passed. ErrInvalidArg = errors.New("invalid argument") // ErrNetworkExists indicates that a network with the given name already // exists. ErrNetworkExists = errors.New("network already exists") - // ErrNotRootlessNetns indicates the rootless netns can only be used as root + // ErrNotRootlessNetns indicates the rootless netns can only be used as root. ErrNotRootlessNetns = errors.New("rootless netns cannot be used as root") // NameRegex is a regular expression to validate names. @@ -33,6 +33,6 @@ var ( // a hexadecimal string. NotHexRegex = regexp.Delayed(`[^0-9a-fA-F]`) - // MaxInterfaceNameLength is the maximum length of a network interface name + // MaxInterfaceNameLength is the maximum length of a network interface name. MaxInterfaceNameLength = 15 ) diff --git a/vendor/go.podman.io/common/libnetwork/types/network.go b/vendor/go.podman.io/common/libnetwork/types/network.go index b949928dab..df6a5ee446 100644 --- a/vendor/go.podman.io/common/libnetwork/types/network.go +++ b/vendor/go.podman.io/common/libnetwork/types/network.go @@ -87,7 +87,7 @@ type Network struct { IPAMOptions map[string]string `json:"ipam_options,omitempty"` } -// NetworkOptions for a given container. +// NetworkUpdateOptions for a given container. type NetworkUpdateOptions struct { // List of custom DNS server for podman's DNS resolver. // Priority order will be kept as defined by user in the configuration. @@ -104,7 +104,7 @@ type NetworkInfo struct { DNS DNSNetworkInfo `json:"dns,omitempty"` } -// NetworkInfo contains the DNS information. +// DNSNetworkInfo contains the DNS information. type DNSNetworkInfo struct { Version string `json:"version,omitempty"` Package string `json:"package,omitempty"` @@ -116,7 +116,7 @@ type IPNet struct { net.IPNet } -// ParseCIDR parse a string to IPNet +// ParseCIDR parse a string to IPNet. func ParseCIDR(cidr string) (IPNet, error) { ip, subnet, err := net.ParseCIDR(cidr) if err != nil { @@ -347,6 +347,7 @@ type RootlessNetnsInfo struct { // IPAddresses used in the netns, must not be used for host.containers.internal IPAddresses []net.IP // DnsForwardIps ips used in resolv.conf + //nolint:staticcheck //It wants this to be named DNSForwardIps but this would be a breaking change and thus is not worth it. DnsForwardIps []string // MapGuestIps should be used for the host.containers.internal entry when set MapGuestIps []string diff --git a/vendor/go.podman.io/common/libnetwork/util/ip.go b/vendor/go.podman.io/common/libnetwork/util/ip.go index 5dd93363bf..3324ac6fc2 100644 --- a/vendor/go.podman.io/common/libnetwork/util/ip.go +++ b/vendor/go.podman.io/common/libnetwork/util/ip.go @@ -14,7 +14,7 @@ func IsIPv4(netIP net.IP) bool { return netIP != nil && netIP.To4() != nil } -// LastIPInSubnet gets the last IP in a subnet +// LastIPInSubnet gets the last IP in a subnet. func LastIPInSubnet(addr *net.IPNet) (net.IP, error) { //nolint:interfacer // re-parse to ensure clean network address _, cidr, err := net.ParseCIDR(addr.String()) @@ -32,7 +32,7 @@ func LastIPInSubnet(addr *net.IPNet) (net.IP, error) { //nolint:interfacer return cidr.IP, nil } -// FirstIPInSubnet gets the first IP in a subnet +// FirstIPInSubnet gets the first IP in a subnet. func FirstIPInSubnet(addr *net.IPNet) (net.IP, error) { //nolint:interfacer // re-parse to ensure clean network address _, cidr, err := net.ParseCIDR(addr.String()) @@ -47,7 +47,7 @@ func FirstIPInSubnet(addr *net.IPNet) (net.IP, error) { //nolint:interfacer return cidr.IP, nil } -// NormalizeIP will transform the given ip to the 4 byte len ipv4 if possible +// NormalizeIP will transform the given ip to the 4 byte len ipv4 if possible. func NormalizeIP(ip *net.IP) { ipv4 := ip.To4() if ipv4 != nil { diff --git a/vendor/go.podman.io/common/libnetwork/util/ip_calc.go b/vendor/go.podman.io/common/libnetwork/util/ip_calc.go index a27ddf78bf..5257caf1b7 100644 --- a/vendor/go.podman.io/common/libnetwork/util/ip_calc.go +++ b/vendor/go.podman.io/common/libnetwork/util/ip_calc.go @@ -19,13 +19,13 @@ import ( "net" ) -// NextIP returns IP incremented by 1 +// NextIP returns IP incremented by 1. func NextIP(ip net.IP) net.IP { i := ipToInt(ip) return intToIP(i.Add(i, big.NewInt(1))) } -// PrevIP returns IP decremented by 1 +// PrevIP returns IP decremented by 1. func PrevIP(ip net.IP) net.IP { i := ipToInt(ip) return intToIP(i.Sub(i, big.NewInt(1))) @@ -34,7 +34,7 @@ func PrevIP(ip net.IP) net.IP { // Cmp compares two IPs, returning the usual ordering: // a < b : -1 // a == b : 0 -// a > b : 1 +// a > b : 1. func Cmp(a, b net.IP) int { aa := ipToInt(a) bb := ipToInt(b) diff --git a/vendor/go.podman.io/common/pkg/apparmor/apparmor.go b/vendor/go.podman.io/common/pkg/apparmor/apparmor.go index bc776824f6..46b8cd20ff 100644 --- a/vendor/go.podman.io/common/pkg/apparmor/apparmor.go +++ b/vendor/go.podman.io/common/pkg/apparmor/apparmor.go @@ -10,7 +10,7 @@ const ( // ProfilePrefix is used for version-independent presence checks. ProfilePrefix = "containers-default-" - // Profile default name + // Profile default name. Profile = ProfilePrefix + version.Version ) diff --git a/vendor/go.podman.io/common/pkg/apparmor/internal/supported/supported.go b/vendor/go.podman.io/common/pkg/apparmor/internal/supported/supported.go index bbac737173..d74ab8f08b 100644 --- a/vendor/go.podman.io/common/pkg/apparmor/internal/supported/supported.go +++ b/vendor/go.podman.io/common/pkg/apparmor/internal/supported/supported.go @@ -39,7 +39,7 @@ func NewAppArmorVerifier() *ApparmorVerifier { // The method will error if: // - the process runs in rootless mode // - AppArmor is disabled by the host system -// - the `apparmor_parser` binary is not discoverable +// - the `apparmor_parser` binary is not discoverable. func (a *ApparmorVerifier) IsSupported() error { if a.impl.UnshareIsRootless() { return errors.New("AppAmor is not supported on rootless containers") diff --git a/vendor/go.podman.io/common/pkg/auth/auth.go b/vendor/go.podman.io/common/pkg/auth/auth.go index 44e09ebe9e..8cb9f3a633 100644 --- a/vendor/go.podman.io/common/pkg/auth/auth.go +++ b/vendor/go.podman.io/common/pkg/auth/auth.go @@ -320,7 +320,7 @@ func getUserAndPass(opts *LoginOptions, password, userFromAuthFile string) (user return strings.TrimSpace(username), password, err } -// Logout implements a “log out” command with the provided opts and args +// Logout implements a “log out” command with the provided opts and args. func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []string) error { if err := CheckAuthFile(opts.AuthFile); err != nil { return err @@ -390,7 +390,7 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri } // defaultRegistryWhenUnspecified returns first registry from search list of registry.conf -// used by login/logout when registry argument is not specified +// used by login/logout when registry argument is not specified. func defaultRegistryWhenUnspecified(systemContext *types.SystemContext) (string, error) { registriesFromFile, err := sysregistriesv2.UnqualifiedSearchRegistries(systemContext) if err != nil { diff --git a/vendor/go.podman.io/common/pkg/auth/cli.go b/vendor/go.podman.io/common/pkg/auth/cli.go index 1e28242990..3546ccbebc 100644 --- a/vendor/go.podman.io/common/pkg/auth/cli.go +++ b/vendor/go.podman.io/common/pkg/auth/cli.go @@ -9,7 +9,7 @@ import ( // LoginOptions represents common flags in login // In addition, the caller should probably provide a --tls-verify flag (that affects the provided -// *types.SystemContest) +// *types.SystemContest). type LoginOptions struct { // CLI flags managed by the FlagSet returned by GetLoginFlags // Callers that use GetLoginFlags should not need to touch these values at all; callers that use @@ -30,7 +30,7 @@ type LoginOptions struct { NoWriteBack bool // set to true to not write the credentials to the authfile/cred helpers } -// LogoutOptions represents the results for flags in logout +// LogoutOptions represents the results for flags in logout. type LogoutOptions struct { // CLI flags managed by the FlagSet returned by GetLogoutFlags // Callers that use GetLogoutFlags should not need to touch these values at all; callers that use @@ -44,7 +44,7 @@ type LogoutOptions struct { AcceptUnspecifiedRegistry bool // set to true if allows logout with unspecified registry } -// GetLoginFlags defines and returns login flags for containers tools +// GetLoginFlags defines and returns login flags for containers tools. func GetLoginFlags(flags *LoginOptions) *pflag.FlagSet { fs := pflag.FlagSet{} fs.StringVar(&flags.AuthFile, "authfile", "", "path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") @@ -58,7 +58,7 @@ func GetLoginFlags(flags *LoginOptions) *pflag.FlagSet { return &fs } -// GetLoginFlagsCompletions returns the FlagCompletions for the login flags +// GetLoginFlagsCompletions returns the FlagCompletions for the login flags. func GetLoginFlagsCompletions() completion.FlagCompletions { flagCompletion := completion.FlagCompletions{} flagCompletion["authfile"] = completion.AutocompleteDefault @@ -69,7 +69,7 @@ func GetLoginFlagsCompletions() completion.FlagCompletions { return flagCompletion } -// GetLogoutFlags defines and returns logout flags for containers tools +// GetLogoutFlags defines and returns logout flags for containers tools. func GetLogoutFlags(flags *LogoutOptions) *pflag.FlagSet { fs := pflag.FlagSet{} fs.StringVar(&flags.AuthFile, "authfile", "", "path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override") @@ -78,7 +78,7 @@ func GetLogoutFlags(flags *LogoutOptions) *pflag.FlagSet { return &fs } -// GetLogoutFlagsCompletions returns the FlagCompletions for the logout flags +// GetLogoutFlagsCompletions returns the FlagCompletions for the logout flags. func GetLogoutFlagsCompletions() completion.FlagCompletions { flagCompletion := completion.FlagCompletions{} flagCompletion["authfile"] = completion.AutocompleteDefault diff --git a/vendor/go.podman.io/common/pkg/capabilities/capabilities.go b/vendor/go.podman.io/common/pkg/capabilities/capabilities.go index 371fbba9a1..d88d747ff1 100644 --- a/vendor/go.podman.io/common/pkg/capabilities/capabilities.go +++ b/vendor/go.podman.io/common/pkg/capabilities/capabilities.go @@ -127,7 +127,7 @@ func ValidateCapabilities(caps []string) error { // // Note that: // "ALL" in capAdd adds returns known capabilities -// "All" in capDrop returns only the capabilities specified in capAdd +// "All" in capDrop returns only the capabilities specified in capAdd. func MergeCapabilities(base, adds, drops []string) ([]string, error) { // Normalize the base capabilities base, err := NormalizeCapabilities(base) diff --git a/vendor/go.podman.io/common/pkg/cgroups/blkio_linux.go b/vendor/go.podman.io/common/pkg/cgroups/blkio_linux.go index a277660f8a..4d85ba4a70 100644 --- a/vendor/go.podman.io/common/pkg/cgroups/blkio_linux.go +++ b/vendor/go.podman.io/common/pkg/cgroups/blkio_linux.go @@ -24,7 +24,7 @@ func getBlkioHandler() *linuxBlkioHandler { return &linuxBlkioHandler{} } -// Apply set the specified constraints +// Apply set the specified constraints. func (c *linuxBlkioHandler) Apply(ctr *CgroupControl, res *cgroups.Resources) error { if ctr.cgroup2 { man, err := fs2.NewManager(ctr.config, filepath.Join(cgroupRoot, ctr.config.Path)) @@ -37,7 +37,7 @@ func (c *linuxBlkioHandler) Apply(ctr *CgroupControl, res *cgroups.Resources) er return c.Blkio.Set(path, res) } -// Create the cgroup +// Create the cgroup. func (c *linuxBlkioHandler) Create(ctr *CgroupControl) (bool, error) { if ctr.cgroup2 { return false, nil @@ -45,12 +45,12 @@ func (c *linuxBlkioHandler) Create(ctr *CgroupControl) (bool, error) { return ctr.createCgroupDirectory(Blkio) } -// Destroy the cgroup +// Destroy the cgroup. func (c *linuxBlkioHandler) Destroy(ctr *CgroupControl) error { return rmDirRecursively(ctr.getCgroupv1Path(Blkio)) } -// Stat fills a metrics structure with usage stats for the controller +// Stat fills a metrics structure with usage stats for the controller. func (c *linuxBlkioHandler) Stat(ctr *CgroupControl, m *cgroups.Stats) error { var ioServiceBytesRecursive []cgroups.BlkioStatEntry diff --git a/vendor/go.podman.io/common/pkg/cgroups/cgroups_linux.go b/vendor/go.podman.io/common/pkg/cgroups/cgroups_linux.go index b98a5986da..322436a93e 100644 --- a/vendor/go.podman.io/common/pkg/cgroups/cgroups_linux.go +++ b/vendor/go.podman.io/common/pkg/cgroups/cgroups_linux.go @@ -30,9 +30,9 @@ import ( ) var ( - // ErrCgroupDeleted means the cgroup was deleted + // ErrCgroupDeleted means the cgroup was deleted. ErrCgroupDeleted = errors.New("cgroup deleted") - // ErrCgroupV1Rootless means the cgroup v1 were attempted to be used in rootless environment + // ErrCgroupV1Rootless means the cgroup v1 were attempted to be used in rootless environment. ErrCgroupV1Rootless = errors.New("no support for CGroups V1 in rootless environments") ErrStatCgroup = errors.New("no cgroup available for gathering user statistics") @@ -41,7 +41,7 @@ var ( isUnifiedErr error ) -// CgroupControl controls a cgroup hierarchy +// CgroupControl controls a cgroup hierarchy. type CgroupControl struct { cgroup2 bool config *cgroups.Cgroup @@ -65,17 +65,17 @@ type controllerHandler interface { const ( cgroupRoot = "/sys/fs/cgroup" - // CPU is the cpu controller + // CPU is the cpu controller. CPU = "cpu" - // CPUAcct is the cpuacct controller + // CPUAcct is the cpuacct controller. CPUAcct = "cpuacct" - // CPUset is the cpuset controller + // CPUset is the cpuset controller. CPUset = "cpuset" - // Memory is the memory controller + // Memory is the memory controller. Memory = "memory" - // Pids is the pids controller + // Pids is the pids controller. Pids = "pids" - // Blkio is the blkio controller + // Blkio is the blkio controller. Blkio = "blkio" ) @@ -91,7 +91,7 @@ func init() { } } -// getAvailableControllers get the available controllers +// getAvailableControllers get the available controllers. func getAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool) ([]controller, error) { if cgroup2 { controllers := []controller{} @@ -146,7 +146,7 @@ func getAvailableControllers(exclude map[string]controllerHandler, cgroup2 bool) return controllers, nil } -// AvailableControllers get string:bool map of all the available controllers +// AvailableControllers get string:bool map of all the available controllers. func AvailableControllers(exclude map[string]controllerHandler, cgroup2 bool) ([]string, error) { availableControllers, err := getAvailableControllers(exclude, cgroup2) if err != nil { @@ -209,12 +209,12 @@ func getCgroupPathForCurrentProcess() (string, error) { return cgroupPath, nil } -// getCgroupv1Path is a helper function to get the cgroup v1 path +// getCgroupv1Path is a helper function to get the cgroup v1 path. func (c *CgroupControl) getCgroupv1Path(name string) string { return filepath.Join(cgroupRoot, name, c.config.Path) } -// initialize initializes the specified hierarchy +// initialize initializes the specified hierarchy. func (c *CgroupControl) initialize() (err error) { createdSoFar := map[string]controllerHandler{} defer func() { @@ -296,7 +296,7 @@ func readFileByKeyAsUint64(path, key string) (uint64, error) { return 0, fmt.Errorf("no key named %s from %s", key, path) } -// New creates a new cgroup control +// New creates a new cgroup control. func New(path string, resources *cgroups.Resources) (*CgroupControl, error) { cgroup2, err := IsCgroup2UnifiedMode() if err != nil { @@ -325,7 +325,7 @@ func New(path string, resources *cgroups.Resources) (*CgroupControl, error) { return control, nil } -// NewSystemd creates a new cgroup control +// NewSystemd creates a new cgroup control. func NewSystemd(path string, resources *cgroups.Resources) (*CgroupControl, error) { cgroup2, err := IsCgroup2UnifiedMode() if err != nil { @@ -344,7 +344,7 @@ func NewSystemd(path string, resources *cgroups.Resources) (*CgroupControl, erro return control, nil } -// Load loads an existing cgroup control +// Load loads an existing cgroup control. func Load(path string) (*CgroupControl, error) { cgroup2, err := IsCgroup2UnifiedMode() if err != nil { @@ -388,7 +388,7 @@ func Load(path string) (*CgroupControl, error) { return control, nil } -// CreateSystemdUnit creates the systemd cgroup +// CreateSystemdUnit creates the systemd cgroup. func (c *CgroupControl) CreateSystemdUnit(path string) error { if !c.systemd { return errors.New("the cgroup controller is not using systemd") @@ -403,7 +403,7 @@ func (c *CgroupControl) CreateSystemdUnit(path string) error { return systemdCreate(c.config.Resources, path, conn) } -// CreateSystemdUserUnit creates the systemd cgroup for the specified user +// CreateSystemdUserUnit creates the systemd cgroup for the specified user. func (c *CgroupControl) CreateSystemdUserUnit(path string, uid int) error { if !c.systemd { return errors.New("the cgroup controller is not using systemd") @@ -438,7 +438,7 @@ func dbusAuthConnection(uid int, createBus func(opts ...dbus.ConnOption) (*dbus. return conn, nil } -// Delete cleans a cgroup +// Delete cleans a cgroup. func (c *CgroupControl) Delete() error { return c.DeleteByPath(c.config.Path) } @@ -471,7 +471,7 @@ func (c *CgroupControl) DeleteByPathConn(path string, conn *systemdDbus.Conn) er return lastError } -// DeleteByPath deletes the specified cgroup path +// DeleteByPath deletes the specified cgroup path. func (c *CgroupControl) DeleteByPath(path string) error { if c.systemd { conn, err := systemdDbus.NewWithContext(context.TODO()) @@ -484,7 +484,7 @@ func (c *CgroupControl) DeleteByPath(path string) error { return c.DeleteByPathConn(path, nil) } -// Update updates the cgroups +// Update updates the cgroups. func (c *CgroupControl) Update(resources *cgroups.Resources) error { for _, h := range handlers { if err := h.Apply(c, resources); err != nil { @@ -494,7 +494,7 @@ func (c *CgroupControl) Update(resources *cgroups.Resources) error { return nil } -// AddPid moves the specified pid to the cgroup +// AddPid moves the specified pid to the cgroup. func (c *CgroupControl) AddPid(pid int) error { pidString := []byte(fmt.Sprintf("%d\n", pid)) @@ -524,7 +524,7 @@ func (c *CgroupControl) AddPid(pid int) error { return nil } -// Stat returns usage statistics for the cgroup +// Stat returns usage statistics for the cgroup. func (c *CgroupControl) Stat() (*cgroups.Stats, error) { m := cgroups.Stats{} found := false @@ -738,7 +738,7 @@ func cpusetCopyFileFromParent(dir, file string, cgroupv2 bool) ([]byte, error) { return data, nil } -// SystemCPUUsage returns the system usage for all the cgroups +// SystemCPUUsage returns the system usage for all the cgroups. func SystemCPUUsage() (uint64, error) { cgroupv2, err := IsCgroup2UnifiedMode() if err != nil { @@ -789,7 +789,7 @@ func IsCgroup2UnifiedMode() (bool, error) { return isUnified, isUnifiedErr } -// UserConnection returns an user connection to D-BUS +// UserConnection returns an user connection to D-BUS. func UserConnection(uid int) (*systemdDbus.Conn, error) { return systemdDbus.NewConnection(func() (*dbus.Conn, error) { return dbusAuthConnection(uid, dbus.SessionBusPrivateNoAutoStartup) diff --git a/vendor/go.podman.io/common/pkg/cgroups/cpu_linux.go b/vendor/go.podman.io/common/pkg/cgroups/cpu_linux.go index 7a8ffb8be6..899a86d5d3 100644 --- a/vendor/go.podman.io/common/pkg/cgroups/cpu_linux.go +++ b/vendor/go.podman.io/common/pkg/cgroups/cpu_linux.go @@ -21,7 +21,7 @@ func getCPUHandler() *linuxCPUHandler { return &linuxCPUHandler{} } -// Apply set the specified constraints +// Apply set the specified constraints. func (c *linuxCPUHandler) Apply(ctr *CgroupControl, res *cgroups.Resources) error { if ctr.cgroup2 { man, err := fs2.NewManager(ctr.config, filepath.Join(cgroupRoot, ctr.config.Path)) @@ -34,7 +34,7 @@ func (c *linuxCPUHandler) Apply(ctr *CgroupControl, res *cgroups.Resources) erro return c.CPU.Set(path, res) } -// Create the cgroup +// Create the cgroup. func (c *linuxCPUHandler) Create(ctr *CgroupControl) (bool, error) { if ctr.cgroup2 { return false, nil @@ -42,12 +42,12 @@ func (c *linuxCPUHandler) Create(ctr *CgroupControl) (bool, error) { return ctr.createCgroupDirectory(CPU) } -// Destroy the cgroup +// Destroy the cgroup. func (c *linuxCPUHandler) Destroy(ctr *CgroupControl) error { return rmDirRecursively(ctr.getCgroupv1Path(CPU)) } -// Stat fills a metrics structure with usage stats for the controller +// Stat fills a metrics structure with usage stats for the controller. func (c *linuxCPUHandler) Stat(ctr *CgroupControl, m *cgroups.Stats) error { var err error cpu := cgroups.CpuStats{} diff --git a/vendor/go.podman.io/common/pkg/cgroups/cpuset_linux.go b/vendor/go.podman.io/common/pkg/cgroups/cpuset_linux.go index f971910207..10b2298e12 100644 --- a/vendor/go.podman.io/common/pkg/cgroups/cpuset_linux.go +++ b/vendor/go.podman.io/common/pkg/cgroups/cpuset_linux.go @@ -18,7 +18,7 @@ func getCpusetHandler() *linuxCpusetHandler { return &linuxCpusetHandler{} } -// Apply set the specified constraints +// Apply set the specified constraints. func (c *linuxCpusetHandler) Apply(ctr *CgroupControl, res *cgroups.Resources) error { if ctr.cgroup2 { man, err := fs2.NewManager(ctr.config, filepath.Join(cgroupRoot, ctr.config.Path)) @@ -31,7 +31,7 @@ func (c *linuxCpusetHandler) Apply(ctr *CgroupControl, res *cgroups.Resources) e return c.CPUSet.Set(path, res) } -// Create the cgroup +// Create the cgroup. func (c *linuxCpusetHandler) Create(ctr *CgroupControl) (bool, error) { if ctr.cgroup2 { path := filepath.Join(cgroupRoot, ctr.config.Path) @@ -44,12 +44,12 @@ func (c *linuxCpusetHandler) Create(ctr *CgroupControl) (bool, error) { return true, cpusetCopyFromParent(ctr.getCgroupv1Path(CPUset), false) } -// Destroy the cgroup +// Destroy the cgroup. func (c *linuxCpusetHandler) Destroy(ctr *CgroupControl) error { return rmDirRecursively(ctr.getCgroupv1Path(CPUset)) } -// Stat fills a metrics structure with usage stats for the controller +// Stat fills a metrics structure with usage stats for the controller. func (c *linuxCpusetHandler) Stat(_ *CgroupControl, _ *cgroups.Stats) error { return nil } diff --git a/vendor/go.podman.io/common/pkg/cgroups/memory_linux.go b/vendor/go.podman.io/common/pkg/cgroups/memory_linux.go index fc45ffe859..7f61900308 100644 --- a/vendor/go.podman.io/common/pkg/cgroups/memory_linux.go +++ b/vendor/go.podman.io/common/pkg/cgroups/memory_linux.go @@ -18,7 +18,7 @@ func getMemoryHandler() *linuxMemHandler { return &linuxMemHandler{} } -// Apply set the specified constraints +// Apply set the specified constraints. func (c *linuxMemHandler) Apply(ctr *CgroupControl, res *cgroups.Resources) error { if ctr.cgroup2 { man, err := fs2.NewManager(ctr.config, filepath.Join(cgroupRoot, ctr.config.Path)) @@ -31,7 +31,7 @@ func (c *linuxMemHandler) Apply(ctr *CgroupControl, res *cgroups.Resources) erro return c.Mem.Set(path, res) } -// Create the cgroup +// Create the cgroup. func (c *linuxMemHandler) Create(ctr *CgroupControl) (bool, error) { if ctr.cgroup2 { return false, nil @@ -39,12 +39,12 @@ func (c *linuxMemHandler) Create(ctr *CgroupControl) (bool, error) { return ctr.createCgroupDirectory(Memory) } -// Destroy the cgroup +// Destroy the cgroup. func (c *linuxMemHandler) Destroy(ctr *CgroupControl) error { return rmDirRecursively(ctr.getCgroupv1Path(Memory)) } -// Stat fills a metrics structure with usage stats for the controller +// Stat fills a metrics structure with usage stats for the controller. func (c *linuxMemHandler) Stat(ctr *CgroupControl, m *cgroups.Stats) error { var err error memUsage := cgroups.MemoryStats{} diff --git a/vendor/go.podman.io/common/pkg/cgroups/pids_linux.go b/vendor/go.podman.io/common/pkg/cgroups/pids_linux.go index c87ebfd165..82202830e0 100644 --- a/vendor/go.podman.io/common/pkg/cgroups/pids_linux.go +++ b/vendor/go.podman.io/common/pkg/cgroups/pids_linux.go @@ -18,7 +18,7 @@ func getPidsHandler() *linuxPidHandler { return &linuxPidHandler{} } -// Apply set the specified constraints +// Apply set the specified constraints. func (c *linuxPidHandler) Apply(ctr *CgroupControl, res *cgroups.Resources) error { if ctr.cgroup2 { man, err := fs2.NewManager(ctr.config, filepath.Join(cgroupRoot, ctr.config.Path)) @@ -32,7 +32,7 @@ func (c *linuxPidHandler) Apply(ctr *CgroupControl, res *cgroups.Resources) erro return c.Pid.Set(path, res) } -// Create the cgroup +// Create the cgroup. func (c *linuxPidHandler) Create(ctr *CgroupControl) (bool, error) { if ctr.cgroup2 { return false, nil @@ -40,12 +40,12 @@ func (c *linuxPidHandler) Create(ctr *CgroupControl) (bool, error) { return ctr.createCgroupDirectory(Pids) } -// Destroy the cgroup +// Destroy the cgroup. func (c *linuxPidHandler) Destroy(ctr *CgroupControl) error { return rmDirRecursively(ctr.getCgroupv1Path(Pids)) } -// Stat fills a metrics structure with usage stats for the controller +// Stat fills a metrics structure with usage stats for the controller. func (c *linuxPidHandler) Stat(ctr *CgroupControl, m *cgroups.Stats) error { if ctr.config.Path == "" { // nothing we can do to retrieve the pids.current path diff --git a/vendor/go.podman.io/common/pkg/cgroups/utils_linux.go b/vendor/go.podman.io/common/pkg/cgroups/utils_linux.go index 2eca3ee659..2143358e67 100644 --- a/vendor/go.podman.io/common/pkg/cgroups/utils_linux.go +++ b/vendor/go.podman.io/common/pkg/cgroups/utils_linux.go @@ -19,7 +19,7 @@ import ( "golang.org/x/sys/unix" ) -// WriteFile writes to a cgroup file +// WriteFile writes to a cgroup file. func WriteFile(dir, file, data string) error { fd, err := OpenFile(dir, file, unix.O_WRONLY) if err != nil { @@ -36,7 +36,7 @@ func WriteFile(dir, file, data string) error { } } -// OpenFile opens a cgroup file with the given flags +// OpenFile opens a cgroup file with the given flags. func OpenFile(dir, file string, flags int) (*os.File, error) { var resolveFlags uint64 mode := os.FileMode(0) @@ -92,7 +92,7 @@ func OpenFile(dir, file string, flags int) (*os.File, error) { return os.NewFile(uintptr(fd), cgroupPath), nil } -// ReadFile reads from a cgroup file, opening it with the read only flag +// ReadFile reads from a cgroup file, opening it with the read only flag. func ReadFile(dir, file string) (string, error) { fd, err := OpenFile(dir, file, unix.O_RDONLY) if err != nil { @@ -105,7 +105,7 @@ func ReadFile(dir, file string) (string, error) { return buf.String(), err } -// BlkioFiles gets the proper files for blkio weights +// BlkioFiles gets the proper files for blkio weights. func BlkioFiles(cgroupPath string) (wtFile, wtDevFile string) { var weightFile string var weightDeviceFile string @@ -120,7 +120,7 @@ func BlkioFiles(cgroupPath string) (wtFile, wtDevFile string) { return weightFile, weightDeviceFile } -// SetBlkioThrottle sets the throttle limits for the cgroup +// SetBlkioThrottle sets the throttle limits for the cgroup. func SetBlkioThrottle(res *cgroups.Resources, cgroupPath string) error { for _, td := range res.BlkioThrottleReadBpsDevice { if err := WriteFile(cgroupPath, "blkio.throttle.read_bps_device", fmt.Sprintf("%d:%d %d", td.Major, td.Minor, td.Rate)); err != nil { diff --git a/vendor/go.podman.io/common/pkg/cgroupv2/cgroups_linux.go b/vendor/go.podman.io/common/pkg/cgroupv2/cgroups_linux.go index 749c89932d..b7e1e6aeac 100644 --- a/vendor/go.podman.io/common/pkg/cgroupv2/cgroups_linux.go +++ b/vendor/go.podman.io/common/pkg/cgroupv2/cgroups_linux.go @@ -13,7 +13,7 @@ var ( isCgroupV2Err error ) -// Enabled returns whether we are running on cgroup v2 +// Enabled returns whether we are running on cgroup v2. func Enabled() (bool, error) { isCgroupV2Once.Do(func() { var st syscall.Statfs_t diff --git a/vendor/go.podman.io/common/pkg/chown/chown.go b/vendor/go.podman.io/common/pkg/chown/chown.go index b254e105e3..02ed35640c 100644 --- a/vendor/go.podman.io/common/pkg/chown/chown.go +++ b/vendor/go.podman.io/common/pkg/chown/chown.go @@ -8,7 +8,7 @@ import ( "go.podman.io/storage/pkg/homedir" ) -// DangerousHostPath validates if a host path is dangerous and should not be modified +// DangerousHostPath validates if a host path is dangerous and should not be modified. func DangerousHostPath(path string) (bool, error) { excludePaths := map[string]bool{ "/": true, diff --git a/vendor/go.podman.io/common/pkg/chown/chown_unix.go b/vendor/go.podman.io/common/pkg/chown/chown_unix.go index 2c5e485af2..f372094d99 100644 --- a/vendor/go.podman.io/common/pkg/chown/chown_unix.go +++ b/vendor/go.podman.io/common/pkg/chown/chown_unix.go @@ -10,7 +10,7 @@ import ( ) // ChangeHostPathOwnership changes the uid and gid ownership of a directory or file within the host. -// This is used by the volume U flag to change source volumes ownership +// This is used by the volume U flag to change source volumes ownership. func ChangeHostPathOwnership(path string, recursive bool, uid, gid int) error { // Validate if host path can be chowned isDangerous, err := DangerousHostPath(path) diff --git a/vendor/go.podman.io/common/pkg/completion/completion.go b/vendor/go.podman.io/common/pkg/completion/completion.go index 9d5640f94e..fef95b7f35 100644 --- a/vendor/go.podman.io/common/pkg/completion/completion.go +++ b/vendor/go.podman.io/common/pkg/completion/completion.go @@ -10,7 +10,7 @@ import ( "go.podman.io/common/pkg/capabilities" ) -// FlagCompletions - hold flag completion functions to be applied later with CompleteCommandFlags() +// FlagCompletions - hold flag completion functions to be applied later with CompleteCommandFlags(). type FlagCompletions map[string]func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) // CompleteCommandFlags - Add completion functions for each flagname in FlagCompletions. @@ -22,7 +22,7 @@ func CompleteCommandFlags(cmd *cobra.Command, flags FlagCompletions) { /* Autocomplete Functions for cobra ValidArgsFunction */ -// AutocompleteNone - Block the default shell completion (no paths) +// AutocompleteNone - Block the default shell completion (no paths). func AutocompleteNone(_ *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) { return nil, cobra.ShellCompDirectiveNoFileComp } @@ -61,7 +61,7 @@ func AutocompleteCapabilities(_ *cobra.Command, _ []string, toComplete string) ( return completions, cobra.ShellCompDirectiveNoFileComp } -// autocompleteSubIDName - autocomplete the names in /etc/subuid or /etc/subgid +// autocompleteSubIDName - autocomplete the names in /etc/subuid or /etc/subgid. func autocompleteSubIDName(filename string) ([]string, cobra.ShellCompDirective) { file, err := os.Open(filename) if err != nil { @@ -92,7 +92,7 @@ func AutocompleteSubuidName(_ *cobra.Command, _ []string, _ string) ([]string, c return autocompleteSubIDName("/etc/subuid") } -// AutocompleteArch - Autocomplete platform supported by container engines +// AutocompletePlatform - Autocomplete platform supported by container engines. func AutocompletePlatform(_ *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) { completions := []string{ "linux/386", @@ -114,7 +114,7 @@ func AutocompletePlatform(_ *cobra.Command, _ []string, _ string) ([]string, cob return completions, cobra.ShellCompDirectiveNoFileComp } -// AutocompleteArch - Autocomplete architectures supported by container engines +// AutocompleteArch - Autocomplete architectures supported by container engines. func AutocompleteArch(_ *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) { completions := []string{ "386", @@ -134,19 +134,19 @@ func AutocompleteArch(_ *cobra.Command, _ []string, _ string) ([]string, cobra.S return completions, cobra.ShellCompDirectiveNoFileComp } -// AutocompleteOS - Autocomplete OS supported by container engines +// AutocompleteOS - Autocomplete OS supported by container engines. func AutocompleteOS(_ *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) { completions := []string{"linux", "windows"} return completions, cobra.ShellCompDirectiveNoFileComp } // AutocompleteJSONFormat - Autocomplete format flag option. -// -> "json" +// -> "json". func AutocompleteJSONFormat(_ *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) { return []string{"json"}, cobra.ShellCompDirectiveNoFileComp } -// AutocompleteOneArg - Autocomplete one random arg +// AutocompleteOneArg - Autocomplete one random arg. func AutocompleteOneArg(_ *cobra.Command, args []string, _ string) ([]string, cobra.ShellCompDirective) { if len(args) == 1 { return nil, cobra.ShellCompDirectiveDefault diff --git a/vendor/go.podman.io/common/pkg/config/config.go b/vendor/go.podman.io/common/pkg/config/config.go index f6ec67a6d9..9d5a339375 100644 --- a/vendor/go.podman.io/common/pkg/config/config.go +++ b/vendor/go.podman.io/common/pkg/config/config.go @@ -23,13 +23,13 @@ import ( const ( // userOverrideContainersConfig holds the containers config path overridden by the rootless user. userOverrideContainersConfig = ".config/" + _configPath - // Token prefix for looking for helper binary under $BINDIR + // Token prefix for looking for helper binary under $BINDIR. bindirPrefix = "$BINDIR" ) var validImageVolumeModes = []string{"anonymous", "tmpfs", "ignore"} -// ProxyEnv is a list of Proxy Environment variables +// ProxyEnv is a list of Proxy Environment variables. var ProxyEnv = []string{ "http_proxy", "https_proxy", @@ -41,7 +41,7 @@ var ProxyEnv = []string{ "NO_PROXY", } -// Config contains configuration options for container tools +// Config contains configuration options for container tools. type Config struct { // Containers specify settings that configure how containers will run ont the system Containers ContainersConfig `toml:"containers"` @@ -64,7 +64,7 @@ type Config struct { } // ContainersConfig represents the "containers" TOML config table -// containers global options for containers tools +// containers global options for containers tools. type ContainersConfig struct { // Devices to add to all containers Devices attributedstring.Slice `toml:"devices,omitempty"` @@ -252,7 +252,7 @@ type ContainersConfig struct { UserNSSize int `toml:"userns_size,omitempty,omitzero"` } -// EngineConfig contains configuration options used to set up a engine runtime +// EngineConfig contains configuration options used to set up a engine runtime. type EngineConfig struct { // CgroupCheck indicates the configuration has been rewritten after an // upgrade to Fedora 31 to change the default OCI runtime for cgroupv2v2. @@ -423,6 +423,9 @@ type EngineConfig struct { // OCIRuntimes are the set of configured OCI runtimes (default is runc). OCIRuntimes map[string][]string `toml:"runtimes,omitempty"` + // OCIRuntimesFlags are the set of configured OCI runtimes' flags + OCIRuntimesFlags map[string][]string `toml:"runtimes_flags,omitempty"` + // PlatformToOCIRuntime requests specific OCI runtime for a specified platform of image. PlatformToOCIRuntime map[string]string `toml:"platform_to_oci_runtime,omitempty"` @@ -584,7 +587,7 @@ type SetOptions struct { StorageConfigGraphDriverNameSet bool `toml:"-"` } -// NetworkConfig represents the "network" TOML config table +// NetworkConfig represents the "network" TOML config table. type NetworkConfig struct { // NetworkBackend determines what backend should be used for Podman's // networking. @@ -642,7 +645,7 @@ type SubnetPool struct { Size int `toml:"size,omitempty"` } -// SecretConfig represents the "secret" TOML config table +// SecretConfig represents the "secret" TOML config table. type SecretConfig struct { // Driver specifies the secret driver to use. // Current valid value: @@ -668,7 +671,7 @@ type ConfigMapConfig struct { Opts map[string]string `toml:"opts,omitempty"` } -// MachineConfig represents the "machine" TOML config table +// MachineConfig represents the "machine" TOML config table. type MachineConfig struct { // Number of CPU's a machine is created with. CPUs uint64 `toml:"cpus,omitempty,omitzero"` @@ -688,7 +691,7 @@ type MachineConfig struct { Rosetta bool `toml:"rosetta,omitempty"` } -// FarmConfig represents the "farm" TOML config tables +// FarmConfig represents the "farm" TOML config tables. type FarmConfig struct { // Default is the default farm to be used when farming out builds Default string `json:",omitempty" toml:"default,omitempty"` @@ -696,7 +699,7 @@ type FarmConfig struct { List map[string][]string `json:",omitempty" toml:"list,omitempty"` } -// Destination represents destination for remote service +// Destination represents destination for remote service. type Destination struct { // URI, required. Example: ssh://root@example.com:22/run/podman/podman.sock URI string `toml:"uri"` @@ -708,7 +711,7 @@ type Destination struct { IsMachine bool `json:",omitempty" toml:"is_machine,omitempty"` } -// PodmanshConfig represents configuration for the podman shell +// PodmanshConfig represents configuration for the podman shell. type PodmanshConfig struct { // Shell to start in container, default: "/bin/sh" Shell string `toml:"shell,omitempty"` @@ -721,8 +724,8 @@ type PodmanshConfig struct { Timeout uint `toml:"timeout,omitempty,omitzero"` } -// Consumes container image's os and arch and returns if any dedicated runtime was -// configured otherwise returns default runtime. +// ImagePlatformToRuntime consumes the container image's os and arch and returns if +// any dedicated runtime was configured otherwise returns default runtime. func (c *EngineConfig) ImagePlatformToRuntime(os string, arch string) string { platformString := os + "/" + arch if val, ok := c.PlatformToOCIRuntime[platformString]; ok { @@ -809,7 +812,7 @@ func (c *Config) Validate() error { return nil } -// URI returns the URI Path to the machine image +// URI returns the URI Path to the machine image. func (m *MachineConfig) URI() string { uri := m.Image for _, val := range []string{"$ARCH", "$arch"} { @@ -858,6 +861,11 @@ func (c *EngineConfig) Validate() error { return err } + // Check if runtimes specified under [engine.runtimes_flags] can be found under [engine.runtimes] + if err := c.validateRuntimeNames(); err != nil { + return err + } + return nil } @@ -910,7 +918,7 @@ func (c *NetworkConfig) Validate() error { if pool.Base.IP.To4() == nil { return fmt.Errorf("invalid subnet pool ip %q", pool.Base.IP) } - ones, _ := pool.Base.IPNet.Mask.Size() + ones, _ := pool.Base.Mask.Size() if ones > pool.Size { return fmt.Errorf("invalid subnet pool, size is bigger than subnet %q", &pool.Base.IPNet) } @@ -1128,7 +1136,7 @@ func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) return "", fmt.Errorf("could not find %q in one of %v. %s", name, dirList, configHint) } -// ImageCopyTmpDir default directory to store temporary image files during copy +// ImageCopyTmpDir default directory to store temporary image files during copy. func (c *Config) ImageCopyTmpDir() (string, error) { if path, found := os.LookupEnv("TMPDIR"); found { return path, nil @@ -1147,7 +1155,7 @@ func (c *Config) ImageCopyTmpDir() (string, error) { return "", fmt.Errorf("invalid image_copy_tmp_dir value %q (relative paths are not accepted)", c.Engine.ImageCopyTmpDir) } -// setupEnv sets the environment variables for the engine +// setupEnv sets the environment variables for the engine. func (c *Config) setupEnv() error { for _, env := range c.Engine.Env.Get() { splitEnv := strings.SplitN(env, "=", 2) @@ -1167,7 +1175,7 @@ func (c *Config) setupEnv() error { return nil } -// eventsLogMaxSize is the type used by EventsLogFileMaxSize +// eventsLogMaxSize is the type used by EventsLogFileMaxSize. type eventsLogMaxSize uint64 // UnmarshalText parses the JSON encoding of eventsLogMaxSize and @@ -1208,7 +1216,7 @@ func ValidateImageVolumeMode(mode string) error { return fmt.Errorf("invalid image volume mode %q required value: %s", mode, strings.Join(validImageVolumeModes, ", ")) } -// FindInitBinary will return the path to the init binary (catatonit) +// FindInitBinary will return the path to the init binary (catatonit). func (c *Config) FindInitBinary() (string, error) { // Sigh, for some reason we ended up with two InitPath field in containers.conf and // both are used in podman so we have to keep supporting both to prevent regressions. diff --git a/vendor/go.podman.io/common/pkg/config/config_linux.go b/vendor/go.podman.io/common/pkg/config/config_linux.go index 4079818376..dd5ae3685f 100644 --- a/vendor/go.podman.io/common/pkg/config/config_linux.go +++ b/vendor/go.podman.io/common/pkg/config/config_linux.go @@ -29,7 +29,7 @@ var defaultHelperBinariesDir = []string{ } // Capabilities returns the capabilities parses the Add and Drop capability -// list from the default capabilities for the container +// list from the default capabilities for the container. func (c *Config) Capabilities(user string, addCapabilities, dropCapabilities []string) ([]string, error) { userNotRoot := func(user string) bool { if user == "" || user == "root" || user == "0" { diff --git a/vendor/go.podman.io/common/pkg/config/config_local.go b/vendor/go.podman.io/common/pkg/config/config_local.go index 653978c878..e0568e09cb 100644 --- a/vendor/go.podman.io/common/pkg/config/config_local.go +++ b/vendor/go.podman.io/common/pkg/config/config_local.go @@ -30,6 +30,17 @@ func (c *EngineConfig) validatePaths() error { return nil } +func (c *EngineConfig) validateRuntimeNames() error { + // Check if runtimes specified under [engine.runtimes_flags] can be found under [engine.runtimes] + for runtime := range c.OCIRuntimesFlags { + if _, exists := c.OCIRuntimes[runtime]; !exists { + return fmt.Errorf("invalid runtime %q in [engine.runtimes_flags]: "+ + "not defined in [engine.runtimes]", runtime) + } + } + return nil +} + func (c *ContainersConfig) validateDevices() error { for _, d := range c.Devices.Get() { if parser.IsQualifiedName(d) { diff --git a/vendor/go.podman.io/common/pkg/config/config_remote.go b/vendor/go.podman.io/common/pkg/config/config_remote.go index 4cb4329447..29ed033460 100644 --- a/vendor/go.podman.io/common/pkg/config/config_remote.go +++ b/vendor/go.podman.io/common/pkg/config/config_remote.go @@ -16,6 +16,10 @@ func (c *EngineConfig) validatePaths() error { return nil } +func (c *EngineConfig) validateRuntimeNames() error { + return nil +} + func (c *ContainersConfig) validateDevices() error { return nil } diff --git a/vendor/go.podman.io/common/pkg/config/config_unix.go b/vendor/go.podman.io/common/pkg/config/config_unix.go index f74854383f..97befd1522 100644 --- a/vendor/go.podman.io/common/pkg/config/config_unix.go +++ b/vendor/go.podman.io/common/pkg/config/config_unix.go @@ -29,7 +29,7 @@ func userConfigPath() (string, error) { } // overrideContainersConfigPath returns the default config path overridden -// by the root user +// by the root user. func overrideContainersConfigPath() (string, error) { return overrideContainersConfig, nil } diff --git a/vendor/go.podman.io/common/pkg/config/connections.go b/vendor/go.podman.io/common/pkg/config/connections.go index e879faef73..6c074dc0c3 100644 --- a/vendor/go.podman.io/common/pkg/config/connections.go +++ b/vendor/go.podman.io/common/pkg/config/connections.go @@ -14,7 +14,7 @@ import ( const connectionsFile = "podman-connections.json" -// connectionsConfigFile returns the path to the rw connections config file +// connectionsConfigFile returns the path to the rw connections config file. func connectionsConfigFile() (string, error) { if path, found := os.LookupEnv("PODMAN_CONNECTIONS_CONF"); found { return path, nil @@ -179,7 +179,7 @@ func (c *Config) GetConnection(name string, def bool) (*Connection, error) { return nil, fmt.Errorf("connection %q not found", name) } -// GetAllConnections return all configured connections +// GetAllConnections return all configured connections. func (c *Config) GetAllConnections() ([]Connection, error) { path, err := connectionsConfigFile() if err != nil { @@ -279,7 +279,7 @@ func makeFarm(name string, cons []string, def, readWrite bool) Farm { } } -// GetAllFarms returns all configured farms +// GetAllFarms returns all configured farms. func (c *Config) GetAllFarms() ([]Farm, error) { path, err := connectionsConfigFile() if err != nil { diff --git a/vendor/go.podman.io/common/pkg/config/containers.conf b/vendor/go.podman.io/common/pkg/config/containers.conf index a432143d00..d0da362002 100644 --- a/vendor/go.podman.io/common/pkg/config/containers.conf +++ b/vendor/go.podman.io/common/pkg/config/containers.conf @@ -863,6 +863,23 @@ default_sysctls = [ # "/usr/local/bin/krun", #] +# Default flags for a valid OCI runtime (crun, runc, kata, runsc, krun, etc) +# Note: Do not pass the leading -- to the flag. To pass the runc flag --log-format json, the option given is log-format=json. +[engine.runtimes_flags] +#crun = [] + +#crun-vm = [] + +#kata = [] + +#runc = [] + +#runsc = [] + +#youki = [] + +#krun = [] + [engine.volume_plugins] #testplugin = "/run/podman/plugins/test.sock" diff --git a/vendor/go.podman.io/common/pkg/config/containers.conf-freebsd b/vendor/go.podman.io/common/pkg/config/containers.conf-freebsd index ceddd037bc..b57160b109 100644 --- a/vendor/go.podman.io/common/pkg/config/containers.conf-freebsd +++ b/vendor/go.podman.io/common/pkg/config/containers.conf-freebsd @@ -669,6 +669,23 @@ default_sysctls = [ # "/usr/local/bin/krun", #] +# Default flags for a valid OCI runtime (crun, runc, kata, runsc, krun, etc) +# Note: Do not pass the leading -- to the flag. To pass the runc flag --log-format json, the option given is log-format=json. +[engine.runtimes_flags] +#crun = [] + +#crun-vm = [] + +#kata = [] + +#runc = [] + +#runsc = [] + +#youki = [] + +#krun = [] + [engine.volume_plugins] #testplugin = "/var/run/podman/plugins/test.sock" diff --git a/vendor/go.podman.io/common/pkg/config/default.go b/vendor/go.podman.io/common/pkg/config/default.go index b48797a1c4..c48185646f 100644 --- a/vendor/go.podman.io/common/pkg/config/default.go +++ b/vendor/go.podman.io/common/pkg/config/default.go @@ -33,7 +33,7 @@ const ( // _defaultImageVolumeMode is a mode to handle built-in image volumes. _defaultImageVolumeMode = "anonymous" - // defaultInitName is the default name of the init binary + // defaultInitName is the default name of the init binary. defaultInitName = "catatonit" ) @@ -210,7 +210,7 @@ const ( SeccompOverridePath = _etcDir + "/containers/seccomp.json" // SeccompDefaultPath defines the default seccomp path. SeccompDefaultPath = _installPrefix + "/share/containers/seccomp.json" - // DefaultVolumePluginTimeout is the default volume plugin timeout, in seconds + // DefaultVolumePluginTimeout is the default volume plugin timeout, in seconds. DefaultVolumePluginTimeout = 5 ) @@ -470,6 +470,7 @@ func defaultEngineConfig() (*EngineConfig, error) { "/usr/local/bin/ocijail", }, } + c.OCIRuntimesFlags = map[string][]string{} c.PlatformToOCIRuntime = map[string]string{ "wasi/wasm": "crun-wasm", "wasi/wasm32": "crun-wasm", @@ -625,7 +626,7 @@ func (c *Config) IPCNS() string { return c.Containers.IPCNS } -// PIDNS returns the default PID Namespace configuration to run containers with. +// PidNS returns the default PID Namespace configuration to run containers with. func (c *Config) PidNS() string { return c.Containers.PidNS } @@ -721,7 +722,7 @@ func getDefaultSSHConfig() string { // getDefaultMachineUser returns the user to use for rootless podman // This is only for the apple, hyperv, and qemu implementations. -// WSL's user will be hardcoded in podman to "user" +// WSL's user will be hardcoded in podman to "user". func getDefaultMachineUser() string { return "core" } diff --git a/vendor/go.podman.io/common/pkg/config/default_linux.go b/vendor/go.podman.io/common/pkg/config/default_linux.go index 928ae9fa27..ae9810fad7 100644 --- a/vendor/go.podman.io/common/pkg/config/default_linux.go +++ b/vendor/go.podman.io/common/pkg/config/default_linux.go @@ -8,7 +8,7 @@ func getDefaultCgroupsMode() string { return "enabled" } -// getDefaultTmpDir for linux +// getDefaultTmpDir for linux. func getDefaultTmpDir() string { // first check the TMPDIR env var if path, found := os.LookupEnv("TMPDIR"); found { @@ -25,7 +25,7 @@ func getLibpodTmpDir() string { return "/run/libpod" } -// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded) +// getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded). func getDefaultMachineVolumes() []string { return []string{"$HOME:$HOME"} } diff --git a/vendor/go.podman.io/common/pkg/config/modules.go b/vendor/go.podman.io/common/pkg/config/modules.go index c1e1f8de80..cf165b1882 100644 --- a/vendor/go.podman.io/common/pkg/config/modules.go +++ b/vendor/go.podman.io/common/pkg/config/modules.go @@ -39,7 +39,7 @@ func (o *Options) modules(paths *paths) ([]string, error) { // ModuleDirectories return the directories to load modules from: // 1) XDG_CONFIG_HOME/HOME if rootless // 2) /etc/ -// 3) /usr/share +// 3) /usr/share. func ModuleDirectories() ([]string, error) { // Public API for shell completions in Podman paths, err := defaultPaths() if err != nil { diff --git a/vendor/go.podman.io/common/pkg/config/pull_policy.go b/vendor/go.podman.io/common/pkg/config/pull_policy.go index 474ede73e4..a33d33fe06 100644 --- a/vendor/go.podman.io/common/pkg/config/pull_policy.go +++ b/vendor/go.podman.io/common/pkg/config/pull_policy.go @@ -12,7 +12,7 @@ import ( // * "always" <-> PullPolicyAlways // * "missing" <-> PullPolicyMissing // * "newer" <-> PullPolicyNewer -// * "never" <-> PullPolicyNever +// * "never" <-> PullPolicyNever. type PullPolicy int const ( @@ -41,7 +41,7 @@ const ( // * "always" <-> PullPolicyAlways // * "missing" <-> PullPolicyMissing // * "newer" <-> PullPolicyNewer -// * "never" <-> PullPolicyNever +// * "never" <-> PullPolicyNever. func (p PullPolicy) String() string { switch p { case PullPolicyAlways: @@ -72,7 +72,7 @@ func (p PullPolicy) Validate() error { // * "always" <-> PullPolicyAlways // * "missing" <-> PullPolicyMissing (also "ifnotpresent" and "") // * "newer" <-> PullPolicyNewer (also "ifnewer") -// * "never" <-> PullPolicyNever +// * "never" <-> PullPolicyNever. func ParsePullPolicy(s string) (PullPolicy, error) { switch strings.ToLower(s) { case "always": diff --git a/vendor/go.podman.io/common/pkg/config/systemd.go b/vendor/go.podman.io/common/pkg/config/systemd.go index f374c6dbc6..5996302b72 100644 --- a/vendor/go.podman.io/common/pkg/config/systemd.go +++ b/vendor/go.podman.io/common/pkg/config/systemd.go @@ -20,7 +20,7 @@ var ( ) const ( - // DefaultLogDriver is the default type of log files + // DefaultLogDriver is the default type of log files. DefaultLogDriver = "journald" ) diff --git a/vendor/go.podman.io/common/pkg/filters/filters.go b/vendor/go.podman.io/common/pkg/filters/filters.go index adbfa3644a..385a9d73d9 100644 --- a/vendor/go.podman.io/common/pkg/filters/filters.go +++ b/vendor/go.podman.io/common/pkg/filters/filters.go @@ -14,7 +14,7 @@ import ( "go.podman.io/common/pkg/timetype" ) -// ComputeUntilTimestamp extracts until timestamp from filters +// ComputeUntilTimestamp extracts until timestamp from filters. func ComputeUntilTimestamp(filterValues []string) (time.Time, error) { invalid := time.Time{} if len(filterValues) != 1 { @@ -31,7 +31,7 @@ func ComputeUntilTimestamp(filterValues []string) (time.Time, error) { return time.Unix(seconds, nanoseconds), nil } -// filtersFromRequests extracts the "filters" parameter from the specified +// FiltersFromRequest extracts the "filters" parameter from the specified // http.Request. The parameter can either be a `map[string][]string` as done // in new versions of Docker and libpod, or a `map[string]map[string]bool` as // done in older versions of Docker. We have to do a bit of Yoga to support @@ -85,7 +85,7 @@ func FiltersFromRequest(r *http.Request) ([]string, error) { } // PrepareFilters prepares a *map[string][]string of filters to be later searched -// in lipod and compat API to get desired filters +// in lipod and compat API to get desired filters. func PrepareFilters(r *http.Request) (map[string][]string, error) { filtersList, err := FiltersFromRequest(r) if err != nil { @@ -101,7 +101,7 @@ func PrepareFilters(r *http.Request) (map[string][]string, error) { return filterMap, nil } -// MatchLabelFilters matches labels and returns true if they are valid +// MatchLabelFilters matches labels and returns true if they are valid. func MatchLabelFilters(filterValues []string, labels map[string]string) bool { outer: for _, filterValue := range filterValues { @@ -118,7 +118,7 @@ outer: return true } -// MatchNegatedLabelFilters matches negated labels and returns true if they are valid +// MatchNegatedLabelFilters matches negated labels and returns true if they are valid. func MatchNegatedLabelFilters(filterValues []string, labels map[string]string) bool { for _, filterValue := range filterValues { filterKey, filterValue, _ := strings.Cut(filterValue, "=") @@ -147,7 +147,7 @@ func matchPattern(pattern string, value string) bool { // FilterID is a function used to compare an id against a set of ids, if the // input is hex we check if the prefix matches. Otherwise we assume it is a // regex and try to match that. -// see https://github.com/containers/podman/issues/18471 for why we do this +// see https://github.com/containers/podman/issues/18471 for why we do this. func FilterID(id string, filters []string) bool { for _, want := range filters { isRegex := types.NotHexRegex.MatchString(want) diff --git a/vendor/go.podman.io/common/pkg/flag/flag.go b/vendor/go.podman.io/common/pkg/flag/flag.go index a8e3cc725d..bc4af6a798 100644 --- a/vendor/go.podman.io/common/pkg/flag/flag.go +++ b/vendor/go.podman.io/common/pkg/flag/flag.go @@ -17,7 +17,7 @@ func (ob *OptionalBool) Present() bool { return ob.present } -// Present returns the bool's value. Should only be used if Present() is true. +// Value returns the bool's value. Should only be used if Present() is true. func (ob *OptionalBool) Value() bool { return ob.value } @@ -25,7 +25,7 @@ func (ob *OptionalBool) Value() bool { // optionalBool is a cli.Generic == flag.Value implementation equivalent to // the one underlying flag.Bool, except that it records whether the flag has been set. // This is distinct from optionalBool to (pretend to) force callers to use -// optionalBoolFlag +// optionalBoolFlag. type optionalBoolValue OptionalBool // OptionalBoolFlag creates new flag for an optional in the specified flag with @@ -38,7 +38,7 @@ func OptionalBoolFlag(fs *pflag.FlagSet, p *OptionalBool, name, usage string) *p } // WARNING: Do not directly use this method to define optionalBool flag. -// Caller should use optionalBoolFlag +// Caller should use optionalBoolFlag. func internalNewOptionalBoolValue(p *OptionalBool) pflag.Value { p.present = false return (*optionalBoolValue)(p) @@ -84,7 +84,7 @@ func (os *OptionalString) Present() bool { return os.present } -// Present returns the string's value. Should only be used if Present() is true. +// Value returns the string's value. Should only be used if Present() is true. func (os *OptionalString) Value() string { return os.value } @@ -92,7 +92,7 @@ func (os *OptionalString) Value() string { // optionalString is a cli.Generic == flag.Value implementation equivalent to // the one underlying flag.String, except that it records whether the flag has been set. // This is distinct from optionalString to (pretend to) force callers to use -// newoptionalString +// newoptionalString. type optionalStringValue OptionalString // NewOptionalStringValue returns a pflag.Value for the string. @@ -132,7 +132,7 @@ func (oi *OptionalInt) Present() bool { return oi.present } -// Present returns the int's value. Should only be used if Present() is true. +// Value returns the int's value. Should only be used if Present() is true. func (oi *OptionalInt) Value() int { return oi.value } @@ -140,7 +140,7 @@ func (oi *OptionalInt) Value() int { // optionalInt is a cli.Generic == flag.Value implementation equivalent to // the one underlying flag.Int, except that it records whether the flag has been set. // This is distinct from optionalInt to (pretend to) force callers to use -// newoptionalIntValue +// newoptionalIntValue. type optionalIntValue OptionalInt // NewOptionalIntValue returns the pflag.Value of the int. diff --git a/vendor/go.podman.io/common/pkg/hooks/exec/exec.go b/vendor/go.podman.io/common/pkg/hooks/exec/exec.go index 2bd3a2adfc..0fee148dac 100644 --- a/vendor/go.podman.io/common/pkg/hooks/exec/exec.go +++ b/vendor/go.podman.io/common/pkg/hooks/exec/exec.go @@ -34,7 +34,7 @@ type RunOptions struct { // Run executes the hook and waits for it to complete or for the // context or hook-specified timeout to expire. // -// Deprecated: Too many arguments, has been refactored and replaced by RunWithOptions instead +// Deprecated: Too many arguments, has been refactored and replaced by RunWithOptions instead. func Run(ctx context.Context, hook *rspec.Hook, state []byte, stdout io.Writer, stderr io.Writer, postKillTimeout time.Duration) (hookErr, err error) { return RunWithOptions( ctx, diff --git a/vendor/go.podman.io/common/pkg/hooks/exec/runtimeconfigfilter.go b/vendor/go.podman.io/common/pkg/hooks/exec/runtimeconfigfilter.go index 3027112609..9c2d7a375f 100644 --- a/vendor/go.podman.io/common/pkg/hooks/exec/runtimeconfigfilter.go +++ b/vendor/go.podman.io/common/pkg/hooks/exec/runtimeconfigfilter.go @@ -37,7 +37,7 @@ type RuntimeConfigFilterOptions struct { // RuntimeConfigFilter passes the proposed runtime configuration (and // reads back a possibly-altered form from their standard output). // -// Deprecated: Too many arguments, has been refactored and replaced by RuntimeConfigFilterWithOptions instead +// Deprecated: Too many arguments, has been refactored and replaced by RuntimeConfigFilterWithOptions instead. func RuntimeConfigFilter(ctx context.Context, hooks []spec.Hook, config *spec.Spec, postKillTimeout time.Duration) (hookErr, err error) { return RuntimeConfigFilterWithOptions(ctx, RuntimeConfigFilterOptions{ Hooks: hooks, diff --git a/vendor/go.podman.io/common/pkg/netns/netns_linux.go b/vendor/go.podman.io/common/pkg/netns/netns_linux.go index 3bdeb2e69d..441d91fd9a 100644 --- a/vendor/go.podman.io/common/pkg/netns/netns_linux.go +++ b/vendor/go.podman.io/common/pkg/netns/netns_linux.go @@ -16,6 +16,7 @@ // repository. // It was copied here and modified for local use by the libpod maintainers. +// Package netns contains functions to manage network namespaces on linux. package netns import ( @@ -37,7 +38,7 @@ import ( "golang.org/x/sys/unix" ) -// threadNsPath is the /proc path to the current netns handle for the current thread +// threadNsPath is the /proc path to the current netns handle for the current thread. const threadNsPath = "/proc/thread-self/ns/net" var errNoFreeName = errors.New("failed to find free netns path name") @@ -257,7 +258,7 @@ func newNSPath(nsPath string) (ns.NetNS, error) { return ns.GetNS(nsPath) } -// UnmountNS unmounts the given netns path +// UnmountNS unmounts the given netns path. func UnmountNS(nsPath string) error { // Only unmount if it's been bind-mounted (don't touch namespaces in /proc...) if strings.HasPrefix(nsPath, "/proc/") { diff --git a/vendor/go.podman.io/common/pkg/parse/parse.go b/vendor/go.podman.io/common/pkg/parse/parse.go index cc4a41f7a3..11d59a1b94 100644 --- a/vendor/go.podman.io/common/pkg/parse/parse.go +++ b/vendor/go.podman.io/common/pkg/parse/parse.go @@ -13,7 +13,7 @@ import ( "go.podman.io/storage/pkg/fileutils" ) -// ValidateVolumeOpts validates a volume's options +// ValidateVolumeOpts validates a volume's options. func ValidateVolumeOpts(options []string) ([]string, error) { var foundRootPropagation, foundRWRO, foundLabelChange, bindType, foundExec, foundDev, foundSuid, foundChown, foundUpperDir, foundWorkDir, foundCopy, foundCopySymlink int finalOpts := make([]string, 0, len(options)) @@ -170,7 +170,7 @@ func isValidDeviceMode(mode string) bool { return true } -// ValidateVolumeHostDir validates a volume mount's source directory +// ValidateVolumeHostDir validates a volume mount's source directory. func ValidateVolumeHostDir(hostDir string) error { if hostDir == "" { return errors.New("host directory cannot be empty") diff --git a/vendor/go.podman.io/common/pkg/report/formatter.go b/vendor/go.podman.io/common/pkg/report/formatter.go index 993c425a32..dcc09fdb16 100644 --- a/vendor/go.podman.io/common/pkg/report/formatter.go +++ b/vendor/go.podman.io/common/pkg/report/formatter.go @@ -119,7 +119,7 @@ func (f *Formatter) Funcs(funcMap template.FuncMap) *Formatter { return f } -// Init either resets the given tabwriter with new values or wraps w in tabwriter with given values +// Init either resets the given tabwriter with new values or wraps w in tabwriter with given values. func (f *Formatter) Init(w io.Writer, minwidth, tabwidth, padding int, padchar byte, flags uint) *Formatter { flags |= tabwriter.StripEscape @@ -151,12 +151,12 @@ func (f *Formatter) Flush() error { return f.flusher.Flush() } -// Writer returns the embedded io.Writer from Formatter +// Writer returns the embedded io.Writer from Formatter. func (f *Formatter) Writer() io.Writer { return f.writer } -// New allocates a new, undefined Formatter with the given name and Writer +// New allocates a new, undefined Formatter with the given name and Writer. func New(output io.Writer, name string) *Formatter { f := new(Formatter) diff --git a/vendor/go.podman.io/common/pkg/report/template.go b/vendor/go.podman.io/common/pkg/report/template.go index be40ce5da7..bb6ce7bea5 100644 --- a/vendor/go.podman.io/common/pkg/report/template.go +++ b/vendor/go.podman.io/common/pkg/report/template.go @@ -11,16 +11,16 @@ import ( "go.podman.io/storage/pkg/regexp" ) -// Template embeds template.Template to add functionality to methods +// Template embeds template.Template to add functionality to methods. type Template struct { *template.Template isTable bool } -// FuncMap is aliased from template.FuncMap +// FuncMap is aliased from template.FuncMap. type FuncMap template.FuncMap -// tableReplacer will remove 'table ' prefix and clean up tabs +// tableReplacer will remove 'table ' prefix and clean up tabs. var tableReplacer = strings.NewReplacer( "table ", "", `\t`, "\t", @@ -28,7 +28,7 @@ var tableReplacer = strings.NewReplacer( `\n`, "\n", ) -// escapedReplacer will clean up escaped characters from CLI +// escapedReplacer will clean up escaped characters from CLI. var escapedReplacer = strings.NewReplacer( `\t`, "\t", `\n`, "\n", @@ -52,7 +52,7 @@ var DefaultFuncs = FuncMap{ "upper": strings.ToUpper, } -// NormalizeFormat reads given go template format provided by CLI and munges it into what we need +// NormalizeFormat reads given go template format provided by CLI and munges it into what we need. func NormalizeFormat(format string) string { var f string // two replacers used so we only remove the prefix keyword `table` @@ -68,7 +68,7 @@ func NormalizeFormat(format string) string { return f } -// padWithSpace adds spaces*prefix and spaces*suffix to the input when it is non-empty +// padWithSpace adds spaces*prefix and spaces*suffix to the input when it is non-empty. func padWithSpace(source string, prefix, suffix int) string { if source == "" { return source @@ -76,7 +76,7 @@ func padWithSpace(source string, prefix, suffix int) string { return strings.Repeat(" ", prefix) + source + strings.Repeat(" ", suffix) } -// truncateWithLength truncates the source string up to the length provided by the input +// truncateWithLength truncates the source string up to the length provided by the input. func truncateWithLength(source string, length int) string { if len(source) < length { return source @@ -124,12 +124,12 @@ func Headers(object any, overrides map[string]string) []map[string]string { return []map[string]string{headers} } -// NewTemplate creates a new template object +// NewTemplate creates a new template object. func NewTemplate(name string) *Template { return &Template{Template: template.New(name).Funcs(template.FuncMap(DefaultFuncs))} } -// Parse parses text as a template body for t +// Parse parses text as a template body for t. func (t *Template) Parse(text string) (*Template, error) { if strings.HasPrefix(text, "table ") { t.isTable = true @@ -155,14 +155,14 @@ func (t *Template) Funcs(funcMap FuncMap) *Template { return &Template{Template: t.Template.Funcs(template.FuncMap(m)), isTable: t.isTable} } -// IsTable returns true if format string defines a "table" +// IsTable returns true if format string defines a "table". func (t *Template) IsTable() bool { return t.isTable } var rangeRegex = regexp.Delayed(`(?s){{\s*range\s*\.\s*}}.*{{\s*end\s*-?\s*}}`) -// EnforceRange ensures that the format string contains a range +// EnforceRange ensures that the format string contains a range. func EnforceRange(format string) string { if !rangeRegex.MatchString(format) { return "{{range .}}" + format + "{{end -}}" @@ -170,7 +170,7 @@ func EnforceRange(format string) string { return format } -// HasTable returns whether the format is a table +// HasTable returns whether the format is a table. func HasTable(format string) bool { return strings.HasPrefix(format, "table ") } diff --git a/vendor/go.podman.io/common/pkg/report/validate.go b/vendor/go.podman.io/common/pkg/report/validate.go index 1da657c3f2..881a293666 100644 --- a/vendor/go.podman.io/common/pkg/report/validate.go +++ b/vendor/go.podman.io/common/pkg/report/validate.go @@ -8,7 +8,7 @@ import ( // {{json .}} is valid and thus not matched to let the template handle it like docker does. var jsonRegex = regexp.Delayed(`^\s*(json|{{\s*json\.?\s*}})\s*$`) -// JSONFormat test CLI --format string to be a JSON request +// IsJSON check if CLI --format string is a JSON request // // if report.IsJSON(cmd.Flag("format").Value.String()) { // ... process JSON and output diff --git a/vendor/go.podman.io/common/pkg/report/writer.go b/vendor/go.podman.io/common/pkg/report/writer.go index 360ef82659..c3129c3c87 100644 --- a/vendor/go.podman.io/common/pkg/report/writer.go +++ b/vendor/go.podman.io/common/pkg/report/writer.go @@ -5,23 +5,23 @@ import ( "text/tabwriter" ) -// Writer aliases tabwriter.Writer to provide Podman defaults +// Writer aliases tabwriter.Writer to provide Podman defaults. type Writer struct { *tabwriter.Writer } -// NewWriter initializes a new report.Writer with given values +// NewWriter initializes a new report.Writer with given values. func NewWriter(output io.Writer, minwidth, tabwidth, padding int, padchar byte, flags uint) (*Writer, error) { t := tabwriter.NewWriter(output, minwidth, tabwidth, padding, padchar, flags) return &Writer{t}, nil } -// NewWriterDefault initializes a new report.Writer with Podman defaults +// NewWriterDefault initializes a new report.Writer with Podman defaults. func NewWriterDefault(output io.Writer) (*Writer, error) { return NewWriter(output, 12, 2, 2, ' ', 0) } -// Flush any output left in buffers +// Flush any output left in buffers. func (w *Writer) Flush() error { return w.Writer.Flush() } diff --git a/vendor/go.podman.io/common/pkg/seccomp/errno_list.go b/vendor/go.podman.io/common/pkg/seccomp/errno_list.go index 616cae336d..bf82d63fdc 100644 --- a/vendor/go.podman.io/common/pkg/seccomp/errno_list.go +++ b/vendor/go.podman.io/common/pkg/seccomp/errno_list.go @@ -6,7 +6,7 @@ import ( "golang.org/x/sys/unix" ) -// Error table +// Error table. var errnoArch = map[string]uint{ "EPERM": uint(unix.EPERM), "ENOENT": uint(unix.ENOENT), diff --git a/vendor/go.podman.io/common/pkg/seccomp/seccomp_linux.go b/vendor/go.podman.io/common/pkg/seccomp/seccomp_linux.go index e399f6b28e..55570109fd 100644 --- a/vendor/go.podman.io/common/pkg/seccomp/seccomp_linux.go +++ b/vendor/go.podman.io/common/pkg/seccomp/seccomp_linux.go @@ -41,7 +41,7 @@ func LoadProfileFromBytes(body []byte, rs *specs.Spec) (*specs.LinuxSeccomp, err return setupSeccomp(config, rs) } -// LoadProfileFromConfig takes a Seccomp struct and a spec to retrieve a LinuxSeccomp +// LoadProfileFromConfig takes a Seccomp struct and a spec to retrieve a LinuxSeccomp. func LoadProfileFromConfig(config *Seccomp, specgen *specs.Spec) (*specs.LinuxSeccomp, error) { return setupSeccomp(config, specgen) } @@ -57,7 +57,7 @@ var nativeToSeccomp = map[string]Arch{ } // inSlice tests whether a string is contained in a slice of strings or not. -// Comparison is case sensitive +// Comparison is case sensitive. func inSlice(slice []string, s string) bool { for _, ss := range slice { if s == ss { diff --git a/vendor/go.podman.io/common/pkg/seccomp/types.go b/vendor/go.podman.io/common/pkg/seccomp/types.go index 56fd22a38f..a0a65da249 100644 --- a/vendor/go.podman.io/common/pkg/seccomp/types.go +++ b/vendor/go.podman.io/common/pkg/seccomp/types.go @@ -23,17 +23,17 @@ type Seccomp struct { } // Architecture is used to represent a specific architecture -// and its sub-architectures +// and its sub-architectures. type Architecture struct { Arch Arch `json:"architecture"` SubArches []Arch `json:"subArchitectures"` } -// Arch used for architectures +// Arch used for architectures. type Arch string // Additional architectures permitted to be used for system calls -// By default only the native architecture of the kernel is permitted +// By default only the native architecture of the kernel is permitted. const ( ArchNative Arch = "SCMP_ARCH_NATIVE" ArchX86 Arch = "SCMP_ARCH_X86" @@ -57,10 +57,10 @@ const ( ArchRISCV64 Arch = "SCMP_ARCH_RISCV64" ) -// Action taken upon Seccomp rule match +// Action taken upon Seccomp rule match. type Action string -// Define actions for Seccomp rules +// Define actions for Seccomp rules. const ( // ActKill results in termination of the thread that made the system call. ActKill Action = "SCMP_ACT_KILL" @@ -78,10 +78,10 @@ const ( ActNotify Action = "SCMP_ACT_NOTIFY" ) -// Operator used to match syscall arguments in Seccomp +// Operator used to match syscall arguments in Seccomp. type Operator string -// Define operators for syscall arguments in Seccomp +// Define operators for syscall arguments in Seccomp. const ( OpNotEqual Operator = "SCMP_CMP_NE" OpLessThan Operator = "SCMP_CMP_LT" @@ -92,7 +92,7 @@ const ( OpMaskedEqual Operator = "SCMP_CMP_MASKED_EQ" ) -// Arg used for matching specific syscall arguments in Seccomp +// Arg used for matching specific syscall arguments in Seccomp. type Arg struct { Index uint `json:"index"` Value uint64 `json:"value"` @@ -100,13 +100,13 @@ type Arg struct { Op Operator `json:"op"` } -// Filter is used to conditionally apply Seccomp rules +// Filter is used to conditionally apply Seccomp rules. type Filter struct { Caps []string `json:"caps,omitempty"` Arches []string `json:"arches,omitempty"` } -// Syscall is used to match a group of syscalls in Seccomp +// Syscall is used to match a group of syscalls in Seccomp. type Syscall struct { Name string `json:"name,omitempty"` Names []string `json:"names,omitempty"` diff --git a/vendor/go.podman.io/common/pkg/secrets/define/secrets.go b/vendor/go.podman.io/common/pkg/secrets/define/secrets.go index 6fb8c10202..61c3aa4d7c 100644 --- a/vendor/go.podman.io/common/pkg/secrets/define/secrets.go +++ b/vendor/go.podman.io/common/pkg/secrets/define/secrets.go @@ -5,12 +5,12 @@ import ( ) var ( - // ErrNoSuchSecret indicates that the secret does not exist + // ErrNoSuchSecret indicates that the secret does not exist. ErrNoSuchSecret = errors.New("no such secret") - // ErrSecretIDExists indicates that there is secret data already associated with an id + // ErrSecretIDExists indicates that there is secret data already associated with an id. ErrSecretIDExists = errors.New("secret data with ID already exists") - // ErrInvalidKey indicates that something about your key is wrong + // ErrInvalidKey indicates that something about your key is wrong. ErrInvalidKey = errors.New("invalid key") ) diff --git a/vendor/go.podman.io/common/pkg/secrets/filedriver/filedriver.go b/vendor/go.podman.io/common/pkg/secrets/filedriver/filedriver.go index d026a697e4..0df2823e24 100644 --- a/vendor/go.podman.io/common/pkg/secrets/filedriver/filedriver.go +++ b/vendor/go.podman.io/common/pkg/secrets/filedriver/filedriver.go @@ -15,10 +15,10 @@ import ( "go.podman.io/storage/pkg/lockfile" ) -// secretsDataFile is the file where secrets data/payload will be stored +// secretsDataFile is the file where secrets data/payload will be stored. var secretsDataFile = "secretsdata.json" -// Driver is the filedriver object +// Driver is the filedriver object. type Driver struct { // secretsDataFilePath is the path to the secretsfile secretsDataFilePath string @@ -45,7 +45,7 @@ func NewDriver(rootPath string) (*Driver, error) { return fileDriver, nil } -// List returns all secret IDs +// List returns all secret IDs. func (d *Driver) List() ([]string, error) { d.lockfile.Lock() defer d.lockfile.Unlock() @@ -56,7 +56,7 @@ func (d *Driver) List() ([]string, error) { return slices.Sorted(maps.Keys(secretData)), nil } -// Lookup returns the bytes associated with a secret ID +// Lookup returns the bytes associated with a secret ID. func (d *Driver) Lookup(id string) ([]byte, error) { d.lockfile.Lock() defer d.lockfile.Unlock() @@ -71,7 +71,7 @@ func (d *Driver) Lookup(id string) ([]byte, error) { return nil, fmt.Errorf("%s: %w", id, define.ErrNoSuchSecret) } -// Store stores the bytes associated with an ID. An error is returned if the ID already exists +// Store stores the bytes associated with an ID. An error is returned if the ID already exists. func (d *Driver) Store(id string, data []byte) error { d.lockfile.Lock() defer d.lockfile.Unlock() @@ -119,7 +119,7 @@ func (d *Driver) Delete(id string) error { return nil } -// getAllData reads the data file and returns all data +// getAllData reads the data file and returns all data. func (d *Driver) getAllData() (map[string][]byte, error) { // check if the db file exists err := fileutils.Exists(d.secretsDataFilePath) diff --git a/vendor/go.podman.io/common/pkg/secrets/passdriver/passdriver.go b/vendor/go.podman.io/common/pkg/secrets/passdriver/passdriver.go index 9e5656080f..92f3a2711a 100644 --- a/vendor/go.podman.io/common/pkg/secrets/passdriver/passdriver.go +++ b/vendor/go.podman.io/common/pkg/secrets/passdriver/passdriver.go @@ -78,7 +78,7 @@ func (cfg *driverConfig) findGpgID() { } } -// Driver is the passdriver object +// Driver is the passdriver object. type Driver struct { driverConfig } @@ -95,7 +95,7 @@ func NewDriver(opts map[string]string) (*Driver, error) { return driver, nil } -// List returns all secret IDs +// List returns all secret IDs. func (d *Driver) List() (secrets []string, err error) { files, err := os.ReadDir(d.Root) if err != nil { @@ -110,7 +110,7 @@ func (d *Driver) List() (secrets []string, err error) { return secrets, nil } -// Lookup returns the bytes associated with a secret ID +// Lookup returns the bytes associated with a secret ID. func (d *Driver) Lookup(id string) ([]byte, error) { out := &bytes.Buffer{} key, err := d.getPath(id) @@ -126,7 +126,7 @@ func (d *Driver) Lookup(id string) ([]byte, error) { return out.Bytes(), nil } -// Store saves the bytes associated with an ID. An error is returned if the ID already exists +// Store saves the bytes associated with an ID. An error is returned if the ID already exists. func (d *Driver) Store(id string, data []byte) error { if _, err := d.Lookup(id); err == nil { return fmt.Errorf("%s: %w", id, define.ErrSecretIDExists) diff --git a/vendor/go.podman.io/common/pkg/secrets/secrets.go b/vendor/go.podman.io/common/pkg/secrets/secrets.go index 5a744f7fec..1edf766168 100644 --- a/vendor/go.podman.io/common/pkg/secrets/secrets.go +++ b/vendor/go.podman.io/common/pkg/secrets/secrets.go @@ -18,40 +18,40 @@ import ( "go.podman.io/storage/pkg/stringid" ) -// maxSecretSize is the max size for secret data - 512kB +// maxSecretSize is the max size for secret data - 512kB. const maxSecretSize = 512000 -// secretIDLength is the character length of a secret ID - 25 +// secretIDLength is the character length of a secret ID - 25. const secretIDLength = 25 -// errInvalidPath indicates that the secrets path is invalid +// errInvalidPath indicates that the secrets path is invalid. var errInvalidPath = errors.New("invalid secrets path") -// ErrNoSuchSecret indicates that the secret does not exist +// ErrNoSuchSecret indicates that the secret does not exist. var ErrNoSuchSecret = define.ErrNoSuchSecret -// errSecretNameInUse indicates that the secret name is already in use +// errSecretNameInUse indicates that the secret name is already in use. var errSecretNameInUse = errors.New("secret name in use") -// errInvalidSecretName indicates that the secret name is invalid +// errInvalidSecretName indicates that the secret name is invalid. var errInvalidSecretName = errors.New("invalid secret name") -// errInvalidDriver indicates that the driver type is invalid +// errInvalidDriver indicates that the driver type is invalid. var errInvalidDriver = errors.New("invalid driver") -// errInvalidDriverOpt indicates that a driver option is invalid +// errInvalidDriverOpt indicates that a driver option is invalid. var errInvalidDriverOpt = errors.New("invalid driver option") -// errAmbiguous indicates that a secret is ambiguous +// errAmbiguous indicates that a secret is ambiguous. var errAmbiguous = errors.New("secret is ambiguous") -// errDataSize indicates that the secret data is too large or too small +// errDataSize indicates that the secret data is too large or too small. var errDataSize = errors.New("secret data must be larger than 0 and less than 512000 bytes") // errIgnoreIfExistsAndReplace indicates that ignoreIfExists and replace cannot be used together. var errIgnoreIfExistsAndReplace = errors.New("ignoreIfExists and replace cannot be used together") -// secretsFile is the name of the file that the secrets database will be stored in +// secretsFile is the name of the file that the secrets database will be stored in. var secretsFile = "secrets.json" // SecretsManager holds information on handling secrets @@ -68,7 +68,7 @@ type SecretsManager struct { db *db } -// Secret defines a secret +// Secret defines a secret. type Secret struct { // Name is the name of the secret Name string `json:"name"` @@ -107,7 +107,7 @@ type SecretsDriver interface { Delete(id string) error } -// StoreOptions are optional metadata fields that can be set when storing a new secret +// StoreOptions are optional metadata fields that can be set when storing a new secret. type StoreOptions struct { // DriverOptions are extra options used to run this driver DriverOpts map[string]string @@ -122,7 +122,7 @@ type StoreOptions struct { } // NewManager creates a new secrets manager -// rootPath is the directory where the secrets data file resides +// rootPath is the directory where the secrets data file resides. func NewManager(rootPath string) (*SecretsManager, error) { manager := new(SecretsManager) diff --git a/vendor/go.podman.io/common/pkg/secrets/secretsdb.go b/vendor/go.podman.io/common/pkg/secrets/secretsdb.go index 3628bfd877..561881a1d7 100644 --- a/vendor/go.podman.io/common/pkg/secrets/secretsdb.go +++ b/vendor/go.podman.io/common/pkg/secrets/secretsdb.go @@ -23,7 +23,7 @@ type db struct { lastModified time.Time } -// loadDB loads database data into the in-memory cache if it has been modified +// loadDB loads database data into the in-memory cache if it has been modified. func (s *SecretsManager) loadDB() error { // check if the db file exists fileInfo, err := os.Stat(s.secretsDBPath) @@ -120,7 +120,7 @@ func (s *SecretsManager) getExactNameAndID(nameOrID string) (name, id string, er } // exactSecretExists checks if the secret exists, given a name or ID -// Does not match partial name or IDs +// Does not match partial name or IDs. func (s *SecretsManager) exactSecretExists(nameOrID string) (bool, error) { _, _, err := s.getExactNameAndID(nameOrID) if err != nil { diff --git a/vendor/go.podman.io/common/pkg/secrets/shelldriver/shelldriver.go b/vendor/go.podman.io/common/pkg/secrets/shelldriver/shelldriver.go index 173e2b5a6d..5cf6aa48d2 100644 --- a/vendor/go.podman.io/common/pkg/secrets/shelldriver/shelldriver.go +++ b/vendor/go.podman.io/common/pkg/secrets/shelldriver/shelldriver.go @@ -13,7 +13,7 @@ import ( "go.podman.io/common/pkg/secrets/define" ) -// errMissingConfig indicates that one or more of the external actions are not configured +// errMissingConfig indicates that one or more of the external actions are not configured. var errMissingConfig = errors.New("missing config value") type driverConfig struct { @@ -56,7 +56,7 @@ func (cfg *driverConfig) ParseOpts(opts map[string]string) error { return nil } -// Driver is the passdriver object +// Driver is the passdriver object. type Driver struct { driverConfig } @@ -75,7 +75,7 @@ func NewDriver(opts map[string]string) (*Driver, error) { return driver, nil } -// List returns all secret IDs +// List returns all secret IDs. func (d *Driver) List() (secrets []string, err error) { cmd := exec.CommandContext(context.TODO(), "/bin/sh", "-c", d.ListCommand) cmd.Env = os.Environ() @@ -101,7 +101,7 @@ func (d *Driver) List() (secrets []string, err error) { return secrets, nil } -// Lookup returns the bytes associated with a secret ID +// Lookup returns the bytes associated with a secret ID. func (d *Driver) Lookup(id string) ([]byte, error) { if strings.Contains(id, "..") { return nil, define.ErrInvalidKey @@ -122,7 +122,7 @@ func (d *Driver) Lookup(id string) ([]byte, error) { return buf.Bytes(), nil } -// Store saves the bytes associated with an ID. An error is returned if the ID already exists +// Store saves the bytes associated with an ID. An error is returned if the ID already exists. func (d *Driver) Store(id string, data []byte) error { if strings.Contains(id, "..") { return define.ErrInvalidKey diff --git a/vendor/go.podman.io/common/pkg/signal/signal_common.go b/vendor/go.podman.io/common/pkg/signal/signal_common.go index 7c26629094..5f29588969 100644 --- a/vendor/go.podman.io/common/pkg/signal/signal_common.go +++ b/vendor/go.podman.io/common/pkg/signal/signal_common.go @@ -25,7 +25,7 @@ func ParseSignal(rawSignal string) (syscall.Signal, error) { } // ParseSignalNameOrNumber translates a string to a valid syscall signal. Input -// can be a name or number representation i.e. "KILL" "9" +// can be a name or number representation i.e. "KILL" "9". func ParseSignalNameOrNumber(rawSignal string) (syscall.Signal, error) { basename := strings.TrimPrefix(rawSignal, "-") s, err := ParseSignal(basename) diff --git a/vendor/go.podman.io/common/pkg/ssh/connection_golang.go b/vendor/go.podman.io/common/pkg/ssh/connection_golang.go index 60c73df799..591e1a7575 100644 --- a/vendor/go.podman.io/common/pkg/ssh/connection_golang.go +++ b/vendor/go.podman.io/common/pkg/ssh/connection_golang.go @@ -194,7 +194,7 @@ func golangConnectionScp(options ConnectionScpOptions) (*ConnectionScpReport, er } // ExecRemoteCommand takes a ssh client connection and a command to run and executes the -// command on the specified client. The function returns the Stdout from the client or the Stderr +// command on the specified client. The function returns the Stdout from the client or the Stderr. func ExecRemoteCommand(dial *ssh.Client, run string) ([]byte, error) { return ExecRemoteCommandWithInput(dial, run, nil) } diff --git a/vendor/go.podman.io/common/pkg/ssh/types.go b/vendor/go.podman.io/common/pkg/ssh/types.go index 07ab181b48..3f59fee8c8 100644 --- a/vendor/go.podman.io/common/pkg/ssh/types.go +++ b/vendor/go.podman.io/common/pkg/ssh/types.go @@ -68,7 +68,7 @@ type ConnectionScpReport struct { } // Info is the overall struct that describes the host system -// running libpod/podman +// running libpod/podman. type Info struct { Host *HostInfo `json:"host"` Store *StoreInfo `json:"store"` @@ -77,7 +77,7 @@ type Info struct { Version Version `json:"version"` } -// Version is an output struct for API +// Version is an output struct for API. type Version struct { APIVersion string Version string @@ -89,7 +89,7 @@ type Version struct { Os string } -// SecurityInfo describes the libpod host +// SecurityInfo describes the libpod host. type SecurityInfo struct { AppArmorEnabled bool `json:"apparmorEnabled"` DefaultCapabilities string `json:"capabilities"` @@ -99,7 +99,7 @@ type SecurityInfo struct { SELinuxEnabled bool `json:"selinuxEnabled"` } -// HostInfo describes the libpod host +// HostInfo describes the libpod host. type HostInfo struct { Arch string `json:"arch"` BuildahVersion string `json:"buildahVersion"` @@ -133,26 +133,26 @@ type HostInfo struct { Linkmode string `json:"linkmode"` } -// RemoteSocket describes information about the API socket +// RemoteSocket describes information about the API socket. type RemoteSocket struct { Path string `json:"path,omitempty"` Exists bool `json:"exists,omitempty"` } -// SlirpInfo describes the slirp executable that is being used +// SlirpInfo describes the slirp executable that is being used. type SlirpInfo struct { Executable string `json:"executable"` Package string `json:"package"` Version string `json:"version"` } -// IDMappings describe the GID and UID mappings +// IDMappings describe the GID and UID mappings. type IDMappings struct { GIDMap []idtools.IDMap `json:"gidmap"` UIDMap []idtools.IDMap `json:"uidmap"` } -// DistributionInfo describes the host distribution for libpod +// DistributionInfo describes the host distribution for libpod. type DistributionInfo struct { Distribution string `json:"distribution"` Variant string `json:"variant,omitempty"` @@ -160,7 +160,7 @@ type DistributionInfo struct { Codename string `json:"codename,omitempty"` } -// ConmonInfo describes the conmon executable being used +// ConmonInfo describes the conmon executable being used. type ConmonInfo struct { Package string `json:"package"` Path string `json:"path"` @@ -168,7 +168,7 @@ type ConmonInfo struct { } // OCIRuntimeInfo describes the runtime (crun or runc) being -// used with podman +// used with podman. type OCIRuntimeInfo struct { Name string `json:"name"` Package string `json:"package"` @@ -177,7 +177,7 @@ type OCIRuntimeInfo struct { } // StoreInfo describes the container storage and its -// attributes +// attributes. type StoreInfo struct { ConfigFile string `json:"configFile"` ContainerStore ContainerStore `json:"containerStore"` @@ -196,13 +196,13 @@ type StoreInfo struct { } // ImageStore describes the image store. Right now only the number -// of images present +// of images present. type ImageStore struct { Number int `json:"number"` } // ContainerStore describes the quantity of containers in the -// store by status +// store by status. type ContainerStore struct { Number int `json:"number"` Paused int `json:"paused"` diff --git a/vendor/go.podman.io/common/pkg/strongunits/config.go b/vendor/go.podman.io/common/pkg/strongunits/config.go index 35a6b0c3d1..6011720c64 100644 --- a/vendor/go.podman.io/common/pkg/strongunits/config.go +++ b/vendor/go.podman.io/common/pkg/strongunits/config.go @@ -2,24 +2,24 @@ package strongunits // supported units -// B represents bytes +// B represents bytes. type B uint64 -// KiB represents KiB +// KiB represents KiB. type KiB uint64 -// MiB represents MiB +// MiB represents MiB. type MiB uint64 -// GiB represents GiB +// GiB represents GiB. type GiB uint64 const ( - // kibToB is the math convert from bytes to KiB + // kibToB is the math convert from bytes to KiB. kibToB = 1 << 10 - // mibToB is the math to convert from bytes to MiB + // mibToB is the math to convert from bytes to MiB. mibToB = 1 << 20 - // gibToB s the math to convert from bytes to GiB + // gibToB s the math to convert from bytes to GiB. gibToB = 1 << 30 ) @@ -29,37 +29,37 @@ type StorageUnits interface { ToBytes() B } -// ToBytes is a pass-through function for bytes +// ToBytes is a pass-through function for bytes. func (b B) ToBytes() B { return b } -// ToBytes converts KiB to bytes +// ToBytes converts KiB to bytes. func (k KiB) ToBytes() B { return B(k * kibToB) } -// ToBytes converts MiB to bytes +// ToBytes converts MiB to bytes. func (m MiB) ToBytes() B { return B(m * mibToB) } -// ToBytes converts GiB to bytes +// ToBytes converts GiB to bytes. func (g GiB) ToBytes() B { return B(g * gibToB) } -// ToKiB converts any StorageUnit type to KiB +// ToKiB converts any StorageUnit type to KiB. func ToKiB(b StorageUnits) KiB { return KiB(b.ToBytes() >> 10) } -// ToMib converts any StorageUnit type to MiB +// ToMib converts any StorageUnit type to MiB. func ToMib(b StorageUnits) MiB { return MiB(b.ToBytes() >> 20) } -// ToGiB converts any StorageUnit type to GiB +// ToGiB converts any StorageUnit type to GiB. func ToGiB(b StorageUnits) GiB { return GiB(b.ToBytes() >> 30) } diff --git a/vendor/go.podman.io/common/pkg/subscriptions/subscriptions.go b/vendor/go.podman.io/common/pkg/subscriptions/subscriptions.go index ffe1135761..a907ea6758 100644 --- a/vendor/go.podman.io/common/pkg/subscriptions/subscriptions.go +++ b/vendor/go.podman.io/common/pkg/subscriptions/subscriptions.go @@ -19,17 +19,17 @@ import ( var ( // DefaultMountsFile holds the default mount paths in the form - // "host_path:container_path" + // "host_path:container_path". DefaultMountsFile = "/usr/share/containers/mounts.conf" // OverrideMountsFile holds the default mount paths in the form - // "host_path:container_path" overridden by the user + // "host_path:container_path" overridden by the user. OverrideMountsFile = "/etc/containers/mounts.conf" // UserOverrideMountsFile holds the default mount paths in the form - // "host_path:container_path" overridden by the rootless user + // "host_path:container_path" overridden by the rootless user. UserOverrideMountsFile = filepath.Join(os.Getenv("HOME"), ".config/containers/mounts.conf") ) -// subscriptionData stores the relative name of the file and the content read from it +// subscriptionData stores the relative name of the file and the content read from it. type subscriptionData struct { // relPath is the relative path to the file relPath string @@ -38,7 +38,7 @@ type subscriptionData struct { dirMode os.FileMode } -// saveTo saves subscription data to given directory +// saveTo saves subscription data to given directory. func (s subscriptionData) saveTo(dir string) error { // We need to join the path here and create all parent directories, only // creating dir is not good enough as relPath could also contain directories. @@ -143,7 +143,7 @@ func getMounts(filePath string) []string { return mounts } -// getHostAndCtrDir separates the host:container paths +// getHostAndCtrDir separates the host:container paths. func getMountsMap(path string) (string, string, error) { //nolint arr := strings.SplitN(path, ":", 2) switch len(arr) { @@ -158,7 +158,7 @@ func getMountsMap(path string) (string, string, error) { //nolint // Return true iff the system is in FIPS mode as determined by reading // /proc/sys/crypto/fips_enabled. func shouldAddFIPSMounts() bool { - fips_enabled, err := os.ReadFile("/proc/sys/crypto/fips_enabled") + fipsEnabled, err := os.ReadFile("/proc/sys/crypto/fips_enabled") if err != nil { if !errors.Is(err, os.ErrNotExist) { logrus.Errorf("Failed to read /proc/sys/crypto/fips_enabled to determine FIPS state: %v", err) @@ -166,7 +166,7 @@ func shouldAddFIPSMounts() bool { return false } - if strings.TrimSpace(string(fips_enabled)) != "1" { + if strings.TrimSpace(string(fipsEnabled)) != "1" { logrus.Debug("/proc/sys/crypto/fips_enabled does not contain '1', not adding FIPS mode bind mounts") return false } @@ -185,7 +185,7 @@ func shouldAddFIPSMounts() bool { // uid: to assign to content created for subscriptions // gid: to assign to content created for subscriptions // rootless: indicates whether container is running in rootless mode -// disableFips: indicates whether system should ignore fips mode +// disableFips: indicates whether system should ignore fips mode. func MountsWithUIDGID(mountLabel, containerRunDir, mountFile, mountPoint string, uid, gid int, rootless, disableFips bool) []rspec.Mount { var ( subscriptionMounts []rspec.Mount @@ -233,7 +233,7 @@ func rchown(chowndir string, uid, gid int) error { } // addSubscriptionsFromMountsFile copies the contents of host directory to container directory -// and returns a list of mounts +// and returns a list of mounts. func addSubscriptionsFromMountsFile(filePath, mountLabel, containerRunDir string, uid, gid int) ([]rspec.Mount, error) { defaultMountsPaths := getMounts(filePath) mounts := make([]rspec.Mount, 0, len(defaultMountsPaths)) @@ -483,7 +483,7 @@ func addFIPSMounts(mounts *[]rspec.Mount, containerRunDir, mountPoint, mountLabe return nil } -// mountExists checks if a mount already exists in the spec +// mountExists checks if a mount already exists in the spec. func mountExists(mounts []rspec.Mount, dest string) bool { for _, mount := range mounts { if mount.Destination == dest { diff --git a/vendor/go.podman.io/common/pkg/sysinfo/sysinfo.go b/vendor/go.podman.io/common/pkg/sysinfo/sysinfo.go index 45ec283491..ac3db80cdd 100644 --- a/vendor/go.podman.io/common/pkg/sysinfo/sysinfo.go +++ b/vendor/go.podman.io/common/pkg/sysinfo/sysinfo.go @@ -133,7 +133,7 @@ func isCpusetListAvailable(provided, available string) (bool, error) { return true, nil } -// GetDefaultPidsLimit returns the default pids limit to run containers with +// GetDefaultPidsLimit returns the default pids limit to run containers with. func GetDefaultPidsLimit() int64 { sysInfo := New(true) if !sysInfo.PidsLimit { diff --git a/vendor/go.podman.io/common/pkg/systemd/systemd_linux.go b/vendor/go.podman.io/common/pkg/systemd/systemd_linux.go index fe7b8a9d9c..a189cfbe05 100644 --- a/vendor/go.podman.io/common/pkg/systemd/systemd_linux.go +++ b/vendor/go.podman.io/common/pkg/systemd/systemd_linux.go @@ -20,7 +20,7 @@ var ( runsOnSystemd bool ) -// RunsOnSystemd returns whether the system is using systemd +// RunsOnSystemd returns whether the system is using systemd. func RunsOnSystemd() bool { runsOnSystemdOnce.Do(func() { // per sd_booted(3), check for this dir @@ -100,7 +100,7 @@ func MovePauseProcessToScope(pausePidPath string) { } } -// RunUnderSystemdScope adds the specified pid to a systemd scope +// RunUnderSystemdScope adds the specified pid to a systemd scope. func RunUnderSystemdScope(pid int, slice string, unitName string) error { var properties []systemdDbus.Property var conn *systemdDbus.Conn diff --git a/vendor/go.podman.io/common/pkg/timetype/timestamp.go b/vendor/go.podman.io/common/pkg/timetype/timestamp.go index ce03c784c5..2fc99d0e39 100644 --- a/vendor/go.podman.io/common/pkg/timetype/timestamp.go +++ b/vendor/go.podman.io/common/pkg/timetype/timestamp.go @@ -11,7 +11,7 @@ import ( ) // These are additional predefined layouts for use in Time.Format and Time.Parse -// with --since and --until parameters for `docker logs` and `docker events` +// with --since and --until parameters for `docker logs` and `docker events`. const ( rFC3339Local = "2006-01-02T15:04:05" // RFC3339 with local timezone rFC3339NanoLocal = "2006-01-02T15:04:05.999999999" // RFC3339Nano with local timezone @@ -108,7 +108,7 @@ func GetTimestamp(value string, reference time.Time) (string, error) { // seconds, nanoseconds, err := ParseTimestamp("1136073600.000000001",0) // if err == nil since := time.Unix(seconds, nanoseconds) // -// returns seconds as def(aultSeconds) if value == "" +// returns seconds as def(aultSeconds) if value == "". func ParseTimestamps(value string, def int64) (secs, nanoSecs int64, err error) { if value == "" { return def, 0, nil diff --git a/vendor/go.podman.io/common/pkg/util/util.go b/vendor/go.podman.io/common/pkg/util/util.go index 6907c143c1..a700e0d251 100644 --- a/vendor/go.podman.io/common/pkg/util/util.go +++ b/vendor/go.podman.io/common/pkg/util/util.go @@ -12,7 +12,7 @@ import ( "go.podman.io/storage/pkg/fileutils" ) -// StringMatchRegexSlice determines if a given string matches one of the given regexes, returns bool +// StringMatchRegexSlice determines if a given string matches one of the given regexes, returns bool. func StringMatchRegexSlice(s string, re []string) bool { for _, r := range re { m, err := regexp.MatchString(r, s) @@ -23,7 +23,7 @@ func StringMatchRegexSlice(s string, re []string) bool { return false } -// WaitForFile waits until a file has been created or the given timeout has occurred +// WaitForFile waits until a file has been created or the given timeout has occurred. func WaitForFile(path string, chWait chan error, timeout time.Duration) (bool, error) { var inotifyEvents chan fsnotify.Event watcher, err := fsnotify.NewWatcher() diff --git a/vendor/go.podman.io/common/pkg/version/version.go b/vendor/go.podman.io/common/pkg/version/version.go index 42340ce128..9b13f484d1 100644 --- a/vendor/go.podman.io/common/pkg/version/version.go +++ b/vendor/go.podman.io/common/pkg/version/version.go @@ -67,9 +67,11 @@ func queryPackageVersion(cmdArg ...string) string { return strings.Trim(output, "\n") } -// Note: This function is copied from containers/podman libpod/util.go -// Please see https://github.com/containers/common/pull/1460 -func Package(program string) string { // program is full path +// Package tries to query the package information of the given program path. +// Note it must be an absolute path. +func Package(program string) string { + // Note: This function is copied from containers/podman libpod/util.go + // Please see https://github.com/containers/common/pull/1460 err := fileutils.Exists(program) if err != nil { return UnknownPackage @@ -108,9 +110,10 @@ func Package(program string) string { // program is full path return UnknownPackage } -// Note: This function is copied from containers/podman libpod/util.go -// Please see https://github.com/containers/common/pull/1460 +// Program returns the --version output as string of the given command. func Program(name string) (string, error) { + // Note: This function is copied from containers/podman libpod/util.go + // Please see https://github.com/containers/common/pull/1460 return program(name, false) } diff --git a/vendor/go.podman.io/common/version/version.go b/vendor/go.podman.io/common/version/version.go index f78557ae2b..e13dd10e59 100644 --- a/vendor/go.podman.io/common/version/version.go +++ b/vendor/go.podman.io/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.65.0-dev" +const Version = "0.65.0" diff --git a/vendor/go.podman.io/image/v5/docker/registries_d.go b/vendor/go.podman.io/image/v5/docker/registries_d.go index 638f939479..53bbb53cb1 100644 --- a/vendor/go.podman.io/image/v5/docker/registries_d.go +++ b/vendor/go.podman.io/image/v5/docker/registries_d.go @@ -22,7 +22,7 @@ import ( // systemRegistriesDirPath is the path to registries.d, used for locating lookaside Docker signature storage. // You can override this at build time with -// -ldflags '-X github.com/containers/image/v5/docker.systemRegistriesDirPath=$your_path' +// -ldflags '-X go.podman.io/image/v5/docker.systemRegistriesDirPath=$your_path' var systemRegistriesDirPath = builtinRegistriesDirPath // builtinRegistriesDirPath is the path to registries.d. diff --git a/vendor/go.podman.io/image/v5/internal/image/docker_schema1.go b/vendor/go.podman.io/image/v5/internal/image/docker_schema1.go index ecf053e0b4..da7a943b3d 100644 --- a/vendor/go.podman.io/image/v5/internal/image/docker_schema1.go +++ b/vendor/go.podman.io/image/v5/internal/image/docker_schema1.go @@ -202,7 +202,7 @@ func (m *manifestSchema1) convertToManifestSchema2(_ context.Context, options *t d = layerDiffIDs[v2Index] } layers = append(layers, manifest.Schema2Descriptor{ - MediaType: "application/vnd.docker.image.rootfs.diff.tar.gzip", + MediaType: manifest.DockerV2Schema2LayerMediaType, Size: size, Digest: m.m.FSLayers[v1Index].BlobSum, }) @@ -217,7 +217,7 @@ func (m *manifestSchema1) convertToManifestSchema2(_ context.Context, options *t return nil, err } configDescriptor := manifest.Schema2Descriptor{ - MediaType: "application/vnd.docker.container.image.v1+json", + MediaType: manifest.DockerV2Schema2ConfigMediaType, Size: int64(len(configJSON)), Digest: digest.FromBytes(configJSON), } diff --git a/vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go b/vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go index ac6fe93473..634b2d0624 100644 --- a/vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go +++ b/vendor/go.podman.io/image/v5/internal/tmpdir/tmpdir.go @@ -9,7 +9,7 @@ import ( // unixTempDirForBigFiles is the directory path to store big files on non Windows systems. // You can override this at build time with -// -ldflags '-X github.com/containers/image/v5/internal/tmpdir.unixTempDirForBigFiles=$your_path' +// -ldflags '-X go.podman.io/image/v5/internal/tmpdir.unixTempDirForBigFiles=$your_path' var unixTempDirForBigFiles = builtinUnixTempDirForBigFiles // builtinUnixTempDirForBigFiles is the directory path to store big files. diff --git a/vendor/go.podman.io/image/v5/pkg/sysregistriesv2/system_registries_v2.go b/vendor/go.podman.io/image/v5/pkg/sysregistriesv2/system_registries_v2.go index 692251961b..1a1fcccf81 100644 --- a/vendor/go.podman.io/image/v5/pkg/sysregistriesv2/system_registries_v2.go +++ b/vendor/go.podman.io/image/v5/pkg/sysregistriesv2/system_registries_v2.go @@ -25,13 +25,13 @@ import ( // systemRegistriesConfPath is the path to the system-wide registry // configuration file and is used to add/subtract potential registries for // obtaining images. You can override this at build time with -// -ldflags '-X github.com/containers/image/v5/sysregistries.systemRegistriesConfPath=$your_path' +// -ldflags '-X go.podman.io/image/v5/sysregistries.systemRegistriesConfPath=$your_path' var systemRegistriesConfPath = builtinRegistriesConfPath // systemRegistriesConfDirPath is the path to the system-wide registry // configuration directory and is used to add/subtract potential registries for // obtaining images. You can override this at build time with -// -ldflags '-X github.com/containers/image/v5/sysregistries.systemRegistriesConfDirectoryPath=$your_path' +// -ldflags '-X go.podman.io/image/v5/sysregistries.systemRegistriesConfDirectoryPath=$your_path' var systemRegistriesConfDirPath = builtinRegistriesConfDirPath // AuthenticationFileHelper is a special key for credential helpers indicating diff --git a/vendor/go.podman.io/image/v5/signature/docker.go b/vendor/go.podman.io/image/v5/signature/docker.go index c85cfe91ca..954eda4a52 100644 --- a/vendor/go.podman.io/image/v5/signature/docker.go +++ b/vendor/go.podman.io/image/v5/signature/docker.go @@ -5,7 +5,6 @@ package signature import ( "errors" "fmt" - "slices" "strings" "github.com/opencontainers/go-digest" @@ -64,15 +63,8 @@ func VerifyImageManifestSignatureUsingKeyIdentityList(unverifiedSignature, unver if err != nil { return nil, "", err } - var matchedKeyIdentity string - sig, err := verifyAndExtractSignature(mech, unverifiedSignature, signatureAcceptanceRules{ - validateKeyIdentity: func(keyIdentity string) error { - if !slices.Contains(expectedKeyIdentities, keyIdentity) { - return internal.NewInvalidSignatureError(fmt.Sprintf("Signature by %s does not match expected fingerprints %v", keyIdentity, expectedKeyIdentities)) - } - matchedKeyIdentity = keyIdentity - return nil - }, + sig, matchedKeyIdentity, err := verifyAndExtractSignature(mech, unverifiedSignature, signatureAcceptanceRules{ + acceptedKeyIdentities: expectedKeyIdentities, validateSignedDockerReference: func(signedDockerReference string) error { signedRef, err := reference.ParseNormalizedNamed(signedDockerReference) if err != nil { diff --git a/vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.c b/vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.c new file mode 100644 index 0000000000..d5314016a6 --- /dev/null +++ b/vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.c @@ -0,0 +1,200 @@ +/* + * Copying and distribution of this file, with or without modification, + * are permitted in any medium without royalty provided the copyright + * notice and this notice are preserved. This file is offered as-is, + * without any warranty. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "gosequoia.h" + +#if defined(GO_SEQUOIA_ENABLE_DLOPEN) && GO_SEQUOIA_ENABLE_DLOPEN + +#include +#include +#include +#include + +/* If SEQUOIA_SONAME is defined, dlopen handle can be automatically + * set; otherwise, the caller needs to call + * go_sequoia_ensure_library with soname determined at run time. + */ +#ifdef SEQUOIA_SONAME + +static void +ensure_library (void) +{ + if (go_sequoia_ensure_library (SEQUOIA_SONAME, RTLD_LAZY | RTLD_LOCAL) < 0) + abort (); +} + +#if defined(GO_SEQUOIA_ENABLE_PTHREAD) && GO_SEQUOIA_ENABLE_PTHREAD +#include + +static pthread_once_t dlopen_once = PTHREAD_ONCE_INIT; + +#define ENSURE_LIBRARY pthread_once(&dlopen_once, ensure_library) + +#else /* GO_SEQUOIA_ENABLE_PTHREAD */ + +#define ENSURE_LIBRARY do { \ + if (!go_sequoia_dlhandle) \ + ensure_library(); \ + } while (0) + +#endif /* !GO_SEQUOIA_ENABLE_PTHREAD */ + +#else /* SEQUOIA_SONAME */ + +#define ENSURE_LIBRARY do {} while (0) + +#endif /* !SEQUOIA_SONAME */ + +static void *go_sequoia_dlhandle; + +/* Define redirection symbols */ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-macros" + +#if (2 <= __GNUC__ || (4 <= __clang_major__)) +#define FUNC(ret, name, args, cargs) \ + static __typeof__(name)(*go_sequoia_sym_##name); +#else +#define FUNC(ret, name, args, cargs) \ + static ret(*go_sequoia_sym_##name)args; +#endif +#define VOID_FUNC FUNC +#include "gosequoiafuncs.h" +#undef VOID_FUNC +#undef FUNC + +#pragma GCC diagnostic pop + +/* Define redirection wrapper functions */ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-macros" + +#define FUNC(ret, name, args, cargs) \ +ret go_##name args \ +{ \ + ENSURE_LIBRARY; \ + assert (go_sequoia_sym_##name); \ + return go_sequoia_sym_##name cargs; \ +} +#define VOID_FUNC(ret, name, args, cargs) \ +ret go_##name args \ +{ \ + ENSURE_LIBRARY; \ + assert (go_sequoia_sym_##name); \ + go_sequoia_sym_##name cargs; \ +} +#include "gosequoiafuncs.h" +#undef VOID_FUNC +#undef FUNC + +#pragma GCC diagnostic pop + +static int +ensure_symbol (const char *name, void **symp) +{ + if (!*symp) + { + void *sym = dlsym (go_sequoia_dlhandle, name); + if (!sym) + return -EINVAL; + *symp = sym; + } + return 0; +} + +int +go_sequoia_ensure_library (const char *soname, int flags) +{ + int err; + + if (!go_sequoia_dlhandle) + { + go_sequoia_dlhandle = dlopen (soname, flags); + if (!go_sequoia_dlhandle) + return -EINVAL; + } + +#define ENSURE_SYMBOL(name) \ + ensure_symbol(#name, (void **)&go_sequoia_sym_##name) + +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-macros" + +#define FUNC(ret, name, args, cargs) \ + err = ENSURE_SYMBOL(name); \ + if (err < 0) \ + { \ + dlclose (go_sequoia_dlhandle); \ + go_sequoia_dlhandle = NULL; \ + return err; \ + } +#define VOID_FUNC FUNC +#include "gosequoiafuncs.h" +#undef VOID_FUNC +#undef FUNC + +#pragma GCC diagnostic pop + +#undef ENSURE_SYMBOL + return 0; +} + +void +go_sequoia_unload_library (void) +{ + if (go_sequoia_dlhandle) + { + dlclose (go_sequoia_dlhandle); + go_sequoia_dlhandle = NULL; + } + +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-macros" + +#define FUNC(ret, name, args, cargs) \ + go_sequoia_sym_##name = NULL; +#define VOID_FUNC FUNC +#include "gosequoiafuncs.h" +#undef VOID_FUNC +#undef FUNC + +#pragma GCC diagnostic pop +} + +unsigned +go_sequoia_is_usable (void) +{ + return go_sequoia_dlhandle != NULL; +} + +#else /* GO_SEQUOIA_ENABLE_DLOPEN */ + +int +go_sequoia_ensure_library (const char *soname, int flags) +{ + (void) soname; + (void) flags; + return 0; +} + +void +go_sequoia_unload_library (void) +{ +} + +unsigned +go_sequoia_is_usable (void) +{ + /* The library is linked at build time, thus always usable */ + return 1; +} + +#endif /* !GO_SEQUOIA_ENABLE_DLOPEN */ diff --git a/vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.h b/vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.h new file mode 100644 index 0000000000..477b985bad --- /dev/null +++ b/vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoia.h @@ -0,0 +1,54 @@ +/* + * Copying and distribution of this file, with or without modification, + * are permitted in any medium without royalty provided the copyright + * notice and this notice are preserved. This file is offered as-is, + * without any warranty. + */ + +#ifndef GO_SEQUOIA_H_ +#define GO_SEQUOIA_H_ + +#include + +#if defined(GO_SEQUOIA_ENABLE_DLOPEN) && GO_SEQUOIA_ENABLE_DLOPEN + +#define FUNC(ret, name, args, cargs) \ + ret go_##name args; +#define VOID_FUNC FUNC +#include "gosequoiafuncs.h" +#undef VOID_FUNC +#undef FUNC + +#define GO_SEQUOIA_FUNC(name) go_##name + +#else + +#define GO_SEQUOIA_FUNC(name) name + +#endif /* GO_SEQUOIA_ENABLE_DLOPEN */ + +/* Ensure SONAME to be loaded with dlopen FLAGS, and all the necessary + * symbols are resolved. + * + * Returns 0 on success; negative error code otherwise. + * + * Note that this function is NOT thread-safe; when calling it from + * multi-threaded programs, protect it with a locking mechanism. + */ +int go_sequoia_ensure_library (const char *soname, int flags); + +/* Unload library and reset symbols. + * + * Note that this function is NOT thread-safe; when calling it from + * multi-threaded programs, protect it with a locking mechanism. + */ +void go_sequoia_unload_library (void); + +/* Return 1 if the library is loaded and usable. + * + * Note that this function is NOT thread-safe; when calling it from + * multi-threaded programs, protect it with a locking mechanism. + */ +unsigned go_sequoia_is_usable (void); + +#endif /* GO_SEQUOIA_H_ */ diff --git a/vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoiafuncs.h b/vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoiafuncs.h new file mode 100644 index 0000000000..3d7ae5fac8 --- /dev/null +++ b/vendor/go.podman.io/image/v5/signature/internal/sequoia/gosequoiafuncs.h @@ -0,0 +1,21 @@ +/* + * This file was automatically generated from sequoia.h, + * which is covered by the following license: + * SPDX-License-Identifier: Apache-2.0 + */ +VOID_FUNC(void, sequoia_error_free, (struct SequoiaError *err_ptr), (err_ptr)) +FUNC(struct SequoiaMechanism *, sequoia_mechanism_new_from_directory, (const char *dir_ptr, struct SequoiaError **err_ptr), (dir_ptr, err_ptr)) +FUNC(struct SequoiaMechanism *, sequoia_mechanism_new_ephemeral, (struct SequoiaError **err_ptr), (err_ptr)) +VOID_FUNC(void, sequoia_mechanism_free, (struct SequoiaMechanism *mechanism_ptr), (mechanism_ptr)) +VOID_FUNC(void, sequoia_signature_free, (struct SequoiaSignature *signature_ptr), (signature_ptr)) +FUNC(const uint8_t *, sequoia_signature_get_data, (const struct SequoiaSignature *signature_ptr, size_t *data_len), (signature_ptr, data_len)) +VOID_FUNC(void, sequoia_verification_result_free, (struct SequoiaVerificationResult *result_ptr), (result_ptr)) +FUNC(const uint8_t *, sequoia_verification_result_get_content, (const struct SequoiaVerificationResult *result_ptr, size_t *data_len), (result_ptr, data_len)) +FUNC(const char *, sequoia_verification_result_get_signer, (const struct SequoiaVerificationResult *result_ptr), (result_ptr)) +FUNC(struct SequoiaSignature *, sequoia_sign, (struct SequoiaMechanism *mechanism_ptr, const char *key_handle_ptr, const char *password_ptr, const uint8_t *data_ptr, size_t data_len, struct SequoiaError **err_ptr), (mechanism_ptr, key_handle_ptr, password_ptr, data_ptr, data_len, err_ptr)) +FUNC(struct SequoiaVerificationResult *, sequoia_verify, (struct SequoiaMechanism *mechanism_ptr, const uint8_t *signature_ptr, size_t signature_len, struct SequoiaError **err_ptr), (mechanism_ptr, signature_ptr, signature_len, err_ptr)) +VOID_FUNC(void, sequoia_import_result_free, (struct SequoiaImportResult *result_ptr), (result_ptr)) +FUNC(size_t, sequoia_import_result_get_count, (const struct SequoiaImportResult *result_ptr), (result_ptr)) +FUNC(const char *, sequoia_import_result_get_content, (const struct SequoiaImportResult *result_ptr, size_t index, struct SequoiaError **err_ptr), (result_ptr, index, err_ptr)) +FUNC(struct SequoiaImportResult *, sequoia_import_keys, (struct SequoiaMechanism *mechanism_ptr, const uint8_t *blob_ptr, size_t blob_len, struct SequoiaError **err_ptr), (mechanism_ptr, blob_ptr, blob_len, err_ptr)) +FUNC(int, sequoia_set_logger_consumer, (void (*consumer)(enum SequoiaLogLevel, const char *), struct SequoiaError **err_ptr), (consumer, err_ptr)) diff --git a/vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.go b/vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.go new file mode 100644 index 0000000000..46d9084b0e --- /dev/null +++ b/vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.go @@ -0,0 +1,223 @@ +//go:build containers_image_sequoia + +package sequoia + +// #cgo CFLAGS: -I. -DGO_SEQUOIA_ENABLE_DLOPEN=1 +// #include "gosequoia.h" +// #include +// #include +// typedef void (*sequoia_logger_consumer_t) (enum SequoiaLogLevel level, char *message); +// extern void sequoia_logrus_logger (enum SequoiaLogLevel level, char *message); +import "C" + +import ( + "errors" + "fmt" + "path/filepath" + "runtime" + "sync" + "unsafe" + + "github.com/sirupsen/logrus" +) + +// sequoiaLibraryDir is the path to the directory where libpodman_sequoia is installed, +// if it is not in the platform’s default library path. +// You can override this at build time with +// -ldflags '-X go.podman.io/image/v5/signature/sequoia.sequoiaLibraryDir=$your_path' +var sequoiaLibraryDir = "" + +type SigningMechanism struct { + mechanism *C.SequoiaMechanism +} + +// NewMechanismFromDirectory initializes a mechanism using (user-managed) Sequoia state +// in dir, which can be "" to indicate the default (using $SEQUOIA_HOME or the default home directory location). +func NewMechanismFromDirectory( + dir string, +) (*SigningMechanism, error) { + var cerr *C.SequoiaError + var cDir *C.char + if dir != "" { + cDir = C.CString(dir) + defer C.free(unsafe.Pointer(cDir)) + } + cMechanism := C.go_sequoia_mechanism_new_from_directory(cDir, &cerr) + if cMechanism == nil { + defer C.go_sequoia_error_free(cerr) + return nil, errors.New(C.GoString(cerr.message)) + } + return &SigningMechanism{ + mechanism: cMechanism, + }, nil +} + +func NewEphemeralMechanism() (*SigningMechanism, error) { + var cerr *C.SequoiaError + cMechanism := C.go_sequoia_mechanism_new_ephemeral(&cerr) + if cMechanism == nil { + defer C.go_sequoia_error_free(cerr) + return nil, errors.New(C.GoString(cerr.message)) + } + return &SigningMechanism{ + mechanism: cMechanism, + }, nil +} + +func (m *SigningMechanism) SignWithPassphrase( + input []byte, + keyIdentity string, + passphrase string, +) ([]byte, error) { + var cerr *C.SequoiaError + var cPassphrase *C.char + if passphrase == "" { + cPassphrase = nil + } else { + cPassphrase = C.CString(passphrase) + defer C.free(unsafe.Pointer(cPassphrase)) + } + cKeyIdentity := C.CString(keyIdentity) + defer C.free(unsafe.Pointer(cKeyIdentity)) + sig := C.go_sequoia_sign( + m.mechanism, + cKeyIdentity, + cPassphrase, + (*C.uchar)(unsafe.Pointer(unsafe.SliceData(input))), + C.size_t(len(input)), + &cerr, + ) + if sig == nil { + defer C.go_sequoia_error_free(cerr) + return nil, errors.New(C.GoString(cerr.message)) + } + defer C.go_sequoia_signature_free(sig) + var size C.size_t + cData := C.go_sequoia_signature_get_data(sig, &size) + if size > C.size_t(C.INT_MAX) { + return nil, errors.New("overflow") // Coverage: This should not reasonably happen, and we don’t want to generate gigabytes of input to test this. + } + return C.GoBytes(unsafe.Pointer(cData), C.int(size)), nil +} + +func (m *SigningMechanism) Sign( + input []byte, + keyIdentity string, +) ([]byte, error) { + return m.SignWithPassphrase(input, keyIdentity, "") +} + +func (m *SigningMechanism) Verify( + unverifiedSignature []byte, +) (contents []byte, keyIdentity string, err error) { + var cerr *C.SequoiaError + result := C.go_sequoia_verify( + m.mechanism, + (*C.uchar)(unsafe.Pointer(unsafe.SliceData(unverifiedSignature))), + C.size_t(len(unverifiedSignature)), + &cerr, + ) + if result == nil { + defer C.go_sequoia_error_free(cerr) + return nil, "", errors.New(C.GoString(cerr.message)) + } + defer C.go_sequoia_verification_result_free(result) + var size C.size_t + cContent := C.go_sequoia_verification_result_get_content(result, &size) + if size > C.size_t(C.INT_MAX) { + return nil, "", errors.New("overflow") // Coverage: This should not reasonably happen, and we don’t want to generate gigabytes of input to test this. + } + contents = C.GoBytes(unsafe.Pointer(cContent), C.int(size)) + cSigner := C.go_sequoia_verification_result_get_signer(result) + keyIdentity = C.GoString(cSigner) + return contents, keyIdentity, nil +} + +func (m *SigningMechanism) ImportKeys(blob []byte) ([]string, error) { + var cerr *C.SequoiaError + result := C.go_sequoia_import_keys( + m.mechanism, + (*C.uchar)(unsafe.Pointer(unsafe.SliceData(blob))), + C.size_t(len(blob)), + &cerr, + ) + if result == nil { + defer C.go_sequoia_error_free(cerr) + return nil, errors.New(C.GoString(cerr.message)) + } + defer C.go_sequoia_import_result_free(result) + + keyIdentities := []string{} + count := C.go_sequoia_import_result_get_count(result) + for i := C.size_t(0); i < count; i++ { + var cerr *C.SequoiaError + cKeyIdentity := C.go_sequoia_import_result_get_content(result, i, &cerr) + if cerr != nil { + defer C.go_sequoia_error_free(cerr) // Coverage: this can fail only if i is out of range. + return nil, errors.New(C.GoString(cerr.message)) + } + keyIdentities = append(keyIdentities, C.GoString(cKeyIdentity)) + } + + return keyIdentities, nil +} + +func (m *SigningMechanism) Close() error { + C.go_sequoia_mechanism_free(m.mechanism) + return nil +} + +//export sequoia_logrus_logger +func sequoia_logrus_logger(level C.enum_SequoiaLogLevel, message *C.char) { + var logrusLevel logrus.Level + switch level { // Coverage: We are not in control of whether / how the Rust code chooses to log things. + case C.SEQUOIA_LOG_LEVEL_ERROR: + logrusLevel = logrus.ErrorLevel + case C.SEQUOIA_LOG_LEVEL_WARN: + logrusLevel = logrus.WarnLevel + case C.SEQUOIA_LOG_LEVEL_INFO: + logrusLevel = logrus.InfoLevel + case C.SEQUOIA_LOG_LEVEL_DEBUG: + logrusLevel = logrus.DebugLevel + case C.SEQUOIA_LOG_LEVEL_TRACE: + logrusLevel = logrus.TraceLevel + case C.SEQUOIA_LOG_LEVEL_UNKNOWN: + fallthrough + default: + logrusLevel = logrus.ErrorLevel // Should never happen + } + logrus.StandardLogger().Log(logrusLevel, C.GoString(message)) +} + +// initOnce should only be called by Init. +func initOnce() error { + var soName string + switch runtime.GOOS { + case "linux": + soName = "libpodman_sequoia.so.0" + case "darwin": + soName = "libpodman_sequoia.dylib" + default: + return fmt.Errorf("Unhandled OS %q in sequoia initialization", runtime.GOOS) // Coverage: This is ~by definition not reached in tests. + } + if sequoiaLibraryDir != "" { + soName = filepath.Join(sequoiaLibraryDir, soName) + } + cSOName := C.CString(soName) + defer C.free(unsafe.Pointer(cSOName)) + if C.go_sequoia_ensure_library(cSOName, + C.RTLD_NOW|C.RTLD_GLOBAL) < 0 { + return fmt.Errorf("unable to load %q", soName) // Coverage: This is impractical to test in-process, with the static go_sequoia_dlhandle. + } + + var cerr *C.SequoiaError + if C.go_sequoia_set_logger_consumer(C.sequoia_logger_consumer_t(C.sequoia_logrus_logger), &cerr) != 0 { + defer C.go_sequoia_error_free(cerr) // Coverage: This is impractical to test in-process, with the static go_sequoia_dlhandle. + return fmt.Errorf("initializing logging: %s", C.GoString(cerr.message)) + } + return nil +} + +// Init ensures the libpodman_sequoia library is available. +// It is safe to call from arbitrary goroutines. +var Init = sync.OnceValue(initOnce) diff --git a/vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.h b/vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.h new file mode 100644 index 0000000000..e0e2189267 --- /dev/null +++ b/vendor/go.podman.io/image/v5/signature/internal/sequoia/sequoia.h @@ -0,0 +1,85 @@ +// SPDX-License-Identifier: Apache-2.0 + +#pragma once + +#include +#include +#include +#include + +typedef enum SequoiaErrorKind { + SEQUOIA_ERROR_KIND_UNKNOWN, + SEQUOIA_ERROR_KIND_INVALID_ARGUMENT, + SEQUOIA_ERROR_KIND_IO_ERROR, +} SequoiaErrorKind; + +typedef enum SequoiaLogLevel { + SEQUOIA_LOG_LEVEL_UNKNOWN, + SEQUOIA_LOG_LEVEL_ERROR, + SEQUOIA_LOG_LEVEL_WARN, + SEQUOIA_LOG_LEVEL_INFO, + SEQUOIA_LOG_LEVEL_DEBUG, + SEQUOIA_LOG_LEVEL_TRACE, +} SequoiaLogLevel; + +typedef struct SequoiaImportResult SequoiaImportResult; + +typedef struct SequoiaMechanism SequoiaMechanism; + +typedef struct SequoiaSignature SequoiaSignature; + +typedef struct SequoiaVerificationResult SequoiaVerificationResult; + +typedef struct SequoiaError { + enum SequoiaErrorKind kind; + char *message; +} SequoiaError; + +void sequoia_error_free(struct SequoiaError *err_ptr); + +struct SequoiaMechanism *sequoia_mechanism_new_from_directory(const char *dir_ptr, + struct SequoiaError **err_ptr); + +struct SequoiaMechanism *sequoia_mechanism_new_ephemeral(struct SequoiaError **err_ptr); + +void sequoia_mechanism_free(struct SequoiaMechanism *mechanism_ptr); + +void sequoia_signature_free(struct SequoiaSignature *signature_ptr); + +const uint8_t *sequoia_signature_get_data(const struct SequoiaSignature *signature_ptr, + size_t *data_len); + +void sequoia_verification_result_free(struct SequoiaVerificationResult *result_ptr); + +const uint8_t *sequoia_verification_result_get_content(const struct SequoiaVerificationResult *result_ptr, + size_t *data_len); + +const char *sequoia_verification_result_get_signer(const struct SequoiaVerificationResult *result_ptr); + +struct SequoiaSignature *sequoia_sign(struct SequoiaMechanism *mechanism_ptr, + const char *key_handle_ptr, + const char *password_ptr, + const uint8_t *data_ptr, + size_t data_len, + struct SequoiaError **err_ptr); + +struct SequoiaVerificationResult *sequoia_verify(struct SequoiaMechanism *mechanism_ptr, + const uint8_t *signature_ptr, + size_t signature_len, + struct SequoiaError **err_ptr); + +void sequoia_import_result_free(struct SequoiaImportResult *result_ptr); + +size_t sequoia_import_result_get_count(const struct SequoiaImportResult *result_ptr); + +const char *sequoia_import_result_get_content(const struct SequoiaImportResult *result_ptr, + size_t index, + struct SequoiaError **err_ptr); + +struct SequoiaImportResult *sequoia_import_keys(struct SequoiaMechanism *mechanism_ptr, + const uint8_t *blob_ptr, + size_t blob_len, + struct SequoiaError **err_ptr); + +int sequoia_set_logger_consumer(void (*consumer)(enum SequoiaLogLevel level, const char *message), + struct SequoiaError **err_ptr); diff --git a/vendor/go.podman.io/image/v5/signature/mechanism.go b/vendor/go.podman.io/image/v5/signature/mechanism.go index 1d3fe0fdc9..897fc49971 100644 --- a/vendor/go.podman.io/image/v5/signature/mechanism.go +++ b/vendor/go.podman.io/image/v5/signature/mechanism.go @@ -27,7 +27,10 @@ type SigningMechanism interface { // Sign creates a (non-detached) signature of input using keyIdentity. // Fails with a SigningNotSupportedError if the mechanism does not support signing. Sign(input []byte, keyIdentity string) ([]byte, error) - // Verify parses unverifiedSignature and returns the content and the signer's identity + // Verify parses unverifiedSignature and returns the content and the signer's identity. + // For mechanisms created using NewEphemeralGPGSigningMechanism, the returned key identity + // is expected to be one of the values returned by NewEphemeralGPGSigningMechanism, + // or the mechanism should implement signingMechanismWithVerificationIdentityLookup. Verify(unverifiedSignature []byte) (contents []byte, keyIdentity string, err error) // UntrustedSignatureContents returns UNTRUSTED contents of the signature WITHOUT ANY VERIFICATION, // along with a short identifier of the key used for signing. @@ -46,6 +49,16 @@ type signingMechanismWithPassphrase interface { SignWithPassphrase(input []byte, keyIdentity string, passphrase string) ([]byte, error) } +// signingMechanismWithVerificationIdentityLookup is an internal extension of SigningMechanism. +type signingMechanismWithVerificationIdentityLookup interface { + SigningMechanism + // keyIdentityForVerificationKeyIdentity re-checks the key identity returned by Verify + // if it doesn't match an identity returned by NewEphemeralGPGSigningMechanism, trying to match it. + // (To be more specific, for mechanisms which return a subkey fingerprint from Verify, + // this converts the subkey fingerprint into the corresponding primary key fingerprint.) + keyIdentityForVerificationKeyIdentity(keyIdentity string) (string, error) +} + // SigningNotSupportedError is returned when trying to sign using a mechanism which does not support that. type SigningNotSupportedError string diff --git a/vendor/go.podman.io/image/v5/signature/mechanism_gpgme.go b/vendor/go.podman.io/image/v5/signature/mechanism_gpgme.go index 71d5750550..38b4589112 100644 --- a/vendor/go.podman.io/image/v5/signature/mechanism_gpgme.go +++ b/vendor/go.podman.io/image/v5/signature/mechanism_gpgme.go @@ -2,6 +2,9 @@ package signature +// This is shared by mechanism_gpgme_only.go and mechanism_sequoia.go; in both situations +// newGPGSigningMechanismInDirectory is implemented using GPGME. + import ( "bytes" "errors" @@ -18,6 +21,16 @@ type gpgmeSigningMechanism struct { ephemeralDir string // If not "", a directory to be removed on Close() } +// newGPGMESigningMechanism returns a new GPG/OpenPGP signing mechanism for ctx. +// The caller must call .Close() on the returned SigningMechanism; if ephemeralDir is set, +// the .Close() call will remove its contents. +func newGPGMESigningMechanism(ctx *gpgme.Context, ephemeralDir string) signingMechanismWithPassphrase { + return &gpgmeSigningMechanism{ + ctx: ctx, + ephemeralDir: ephemeralDir, + } +} + // newGPGSigningMechanismInDirectory returns a new GPG/OpenPGP signing mechanism, using optionalDir if not empty. // The caller must call .Close() on the returned SigningMechanism. func newGPGSigningMechanismInDirectory(optionalDir string) (signingMechanismWithPassphrase, error) { @@ -25,46 +38,7 @@ func newGPGSigningMechanismInDirectory(optionalDir string) (signingMechanismWith if err != nil { return nil, err } - return &gpgmeSigningMechanism{ - ctx: ctx, - ephemeralDir: "", - }, nil -} - -// newEphemeralGPGSigningMechanism returns a new GPG/OpenPGP signing mechanism which -// recognizes _only_ public keys from the supplied blobs, and returns the identities -// of these keys. -// The caller must call .Close() on the returned SigningMechanism. -func newEphemeralGPGSigningMechanism(blobs [][]byte) (signingMechanismWithPassphrase, []string, error) { - dir, err := os.MkdirTemp("", "containers-ephemeral-gpg-") - if err != nil { - return nil, nil, err - } - removeDir := true - defer func() { - if removeDir { - os.RemoveAll(dir) - } - }() - ctx, err := newGPGMEContext(dir) - if err != nil { - return nil, nil, err - } - mech := &gpgmeSigningMechanism{ - ctx: ctx, - ephemeralDir: dir, - } - keyIdentities := []string{} - for _, blob := range blobs { - ki, err := mech.importKeysFromBytes(blob) - if err != nil { - return nil, nil, err - } - keyIdentities = append(keyIdentities, ki...) - } - - removeDir = false - return mech, keyIdentities, nil + return newGPGMESigningMechanism(ctx, ""), nil } // newGPGMEContext returns a new *gpgme.Context, using optionalDir if not empty. @@ -94,28 +68,6 @@ func (m *gpgmeSigningMechanism) Close() error { return nil } -// importKeysFromBytes imports public keys from the supplied blob and returns their identities. -// The blob is assumed to have an appropriate format (the caller is expected to know which one). -// NOTE: This may modify long-term state (e.g. key storage in a directory underlying the mechanism); -// but we do not make this public, it can only be used through newEphemeralGPGSigningMechanism. -func (m *gpgmeSigningMechanism) importKeysFromBytes(blob []byte) ([]string, error) { - inputData, err := gpgme.NewDataBytes(blob) - if err != nil { - return nil, err - } - res, err := m.ctx.Import(inputData) - if err != nil { - return nil, err - } - keyIdentities := []string{} - for _, i := range res.Imports { - if i.Result == nil { - keyIdentities = append(keyIdentities, i.Fingerprint) - } - } - return keyIdentities, nil -} - // SupportsSigning returns nil if the mechanism supports signing, or a SigningNotSupportedError. func (m *gpgmeSigningMechanism) SupportsSigning() error { return nil @@ -169,7 +121,10 @@ func (m *gpgmeSigningMechanism) Sign(input []byte, keyIdentity string) ([]byte, return m.SignWithPassphrase(input, keyIdentity, "") } -// Verify parses unverifiedSignature and returns the content and the signer's identity +// Verify parses unverifiedSignature and returns the content and the signer's identity. +// For mechanisms created using NewEphemeralGPGSigningMechanism, the returned key identity +// is expected to be one of the values returned by NewEphemeralGPGSigningMechanism, +// or the mechanism should implement signingMechanismWithVerificationIdentityLookup. func (m *gpgmeSigningMechanism) Verify(unverifiedSignature []byte) (contents []byte, keyIdentity string, err error) { signedBuffer := bytes.Buffer{} signedData, err := gpgme.NewDataWriter(&signedBuffer) @@ -196,6 +151,24 @@ func (m *gpgmeSigningMechanism) Verify(unverifiedSignature []byte) (contents []b return signedBuffer.Bytes(), sig.Fingerprint, nil } +// keyIdentityForVerificationKeyIdentity re-checks the key identity returned by Verify +// if it doesn't match an identity returned by NewEphemeralGPGSigningMechanism, trying to match it. +// (To be more specific, for mechanisms which return a subkey fingerprint from Verify, +// this converts the subkey fingerprint into the corresponding primary key fingerprint.) +func (m *gpgmeSigningMechanism) keyIdentityForVerificationKeyIdentity(keyIdentity string) (string, error) { + // In theory, if keyIdentity refers to a subkey, the same subkey could be attached to different primary keys; + // in that case, GetKey fails with “ambiguous name”. + // We _could_ handle that, by using KeyList* (GetKey is internally just a helper for KeyList*), but sharing + // a subkey that way is very unexpected, so, for now, prefer the much simpler implementation. + key, err := m.ctx.GetKey(keyIdentity, false) + if err != nil { + return "", err + } + // In theory this value could be nil if (gpg --list-keys --with-colons) misses a "pub:" line + // or a "fpr:" line, but gpg (in recent enough versions) prints that unconditionally. // codespell:ignore fpr + return key.Fingerprint(), nil +} + // UntrustedSignatureContents returns UNTRUSTED contents of the signature WITHOUT ANY VERIFICATION, // along with a short identifier of the key used for signing. // WARNING: The short key identifier (which corresponds to "Key ID" for OpenPGP keys) diff --git a/vendor/go.podman.io/image/v5/signature/mechanism_gpgme_only.go b/vendor/go.podman.io/image/v5/signature/mechanism_gpgme_only.go new file mode 100644 index 0000000000..0f971ac6a4 --- /dev/null +++ b/vendor/go.podman.io/image/v5/signature/mechanism_gpgme_only.go @@ -0,0 +1,64 @@ +//go:build !containers_image_openpgp && !containers_image_sequoia + +package signature + +import ( + "os" + + "github.com/proglottis/gpgme" +) + +// newEphemeralGPGSigningMechanism returns a new GPG/OpenPGP signing mechanism which +// recognizes _only_ public keys from the supplied blobs, and returns the identities +// of these keys. +// The caller must call .Close() on the returned SigningMechanism. +func newEphemeralGPGSigningMechanism(blobs [][]byte) (signingMechanismWithPassphrase, []string, error) { + dir, err := os.MkdirTemp("", "containers-ephemeral-gpg-") + if err != nil { + return nil, nil, err + } + removeDir := true + defer func() { + if removeDir { + os.RemoveAll(dir) + } + }() + ctx, err := newGPGMEContext(dir) + if err != nil { + return nil, nil, err + } + keyIdentities := []string{} + for _, blob := range blobs { + ki, err := importKeysFromBytes(ctx, blob) + if err != nil { + return nil, nil, err + } + keyIdentities = append(keyIdentities, ki...) + } + + mech := newGPGMESigningMechanism(ctx, dir) + removeDir = false + return mech, keyIdentities, nil +} + +// importKeysFromBytes imports public keys from the supplied blob and returns their identities. +// The blob is assumed to have an appropriate format (the caller is expected to know which one). +// NOTE: This may modify long-term state (e.g. key storage in a directory underlying the mechanism); +// but we do not make this public, it can only be used through newEphemeralGPGSigningMechanism. +func importKeysFromBytes(ctx *gpgme.Context, blob []byte) ([]string, error) { + inputData, err := gpgme.NewDataBytes(blob) + if err != nil { + return nil, err + } + res, err := ctx.Import(inputData) + if err != nil { + return nil, err + } + keyIdentities := []string{} + for _, i := range res.Imports { + if i.Result == nil { + keyIdentities = append(keyIdentities, i.Fingerprint) + } + } + return keyIdentities, nil +} diff --git a/vendor/go.podman.io/image/v5/signature/mechanism_openpgp.go b/vendor/go.podman.io/image/v5/signature/mechanism_openpgp.go index 86f2920df4..2f1b99d18c 100644 --- a/vendor/go.podman.io/image/v5/signature/mechanism_openpgp.go +++ b/vendor/go.podman.io/image/v5/signature/mechanism_openpgp.go @@ -112,13 +112,13 @@ func (m *openpgpSigningMechanism) importKeysFromBytes(blob []byte) ([]string, er // SupportsSigning returns nil if the mechanism supports signing, or a SigningNotSupportedError. func (m *openpgpSigningMechanism) SupportsSigning() error { - return SigningNotSupportedError("signing is not supported in github.com/containers/image built with the containers_image_openpgp build tag") + return SigningNotSupportedError("signing is not supported in go.podman.io/image built with the containers_image_openpgp build tag") } // Sign creates a (non-detached) signature of input using keyIdentity. // Fails with a SigningNotSupportedError if the mechanism does not support signing. func (m *openpgpSigningMechanism) SignWithPassphrase(input []byte, keyIdentity string, passphrase string) ([]byte, error) { - return nil, SigningNotSupportedError("signing is not supported in github.com/containers/image built with the containers_image_openpgp build tag") + return nil, SigningNotSupportedError("signing is not supported in go.podman.io/image built with the containers_image_openpgp build tag") } // Sign creates a (non-detached) signature of input using keyIdentity. @@ -127,7 +127,10 @@ func (m *openpgpSigningMechanism) Sign(input []byte, keyIdentity string) ([]byte return m.SignWithPassphrase(input, keyIdentity, "") } -// Verify parses unverifiedSignature and returns the content and the signer's identity +// Verify parses unverifiedSignature and returns the content and the signer's identity. +// For mechanisms created using NewEphemeralGPGSigningMechanism, the returned key identity +// is expected to be one of the values returned by NewEphemeralGPGSigningMechanism, +// or the mechanism should implement signingMechanismWithVerificationIdentityLookup. func (m *openpgpSigningMechanism) Verify(unverifiedSignature []byte) (contents []byte, keyIdentity string, err error) { md, err := openpgp.ReadMessage(bytes.NewReader(unverifiedSignature), m.keyring, nil, nil) if err != nil { @@ -166,7 +169,7 @@ func (m *openpgpSigningMechanism) Verify(unverifiedSignature []byte) (contents [ } // Uppercase the fingerprint to be compatible with gpgme - return content, strings.ToUpper(fmt.Sprintf("%x", md.SignedBy.PublicKey.Fingerprint)), nil + return content, strings.ToUpper(fmt.Sprintf("%x", md.SignedBy.Entity.PrimaryKey.Fingerprint)), nil } // UntrustedSignatureContents returns UNTRUSTED contents of the signature WITHOUT ANY VERIFICATION, diff --git a/vendor/go.podman.io/image/v5/signature/mechanism_sequoia.go b/vendor/go.podman.io/image/v5/signature/mechanism_sequoia.go new file mode 100644 index 0000000000..0a6f002f27 --- /dev/null +++ b/vendor/go.podman.io/image/v5/signature/mechanism_sequoia.go @@ -0,0 +1,84 @@ +//go:build containers_image_sequoia + +package signature + +import ( + "go.podman.io/image/v5/signature/internal/sequoia" +) + +// A GPG/OpenPGP signing mechanism, implemented using Sequoia and only supporting verification. +// Legacy users who reach newGPGSigningMechanismInDirectory will use GPGME. +// Signing using Sequoia is preferable, but should happen via signature/simplesequoia.NewSigner, not using +// the legacy mechanism API. +type sequoiaEphemeralSigningMechanism struct { + inner *sequoia.SigningMechanism +} + +// newEphemeralGPGSigningMechanism returns a new GPG/OpenPGP signing mechanism which +// recognizes _only_ public keys from the supplied blobs, and returns the identities +// of these keys. +// The caller must call .Close() on the returned SigningMechanism. +func newEphemeralGPGSigningMechanism(blobs [][]byte) (signingMechanismWithPassphrase, []string, error) { + if err := sequoia.Init(); err != nil { + return nil, nil, err // Coverage: This is impractical to test in-process, with the static go_sequoia_dlhandle. + } + + mech, err := sequoia.NewEphemeralMechanism() + if err != nil { + return nil, nil, err + } + keyIdentities := []string{} + for _, blob := range blobs { + ki, err := mech.ImportKeys(blob) + if err != nil { + return nil, nil, err + } + keyIdentities = append(keyIdentities, ki...) + } + + return &sequoiaEphemeralSigningMechanism{ + inner: mech, + }, keyIdentities, nil +} + +func (m *sequoiaEphemeralSigningMechanism) Close() error { + return m.inner.Close() +} + +// SupportsSigning returns nil if the mechanism supports signing, or a SigningNotSupportedError. +func (m *sequoiaEphemeralSigningMechanism) SupportsSigning() error { + // This code is externally reachable via NewEphemeralGPGSigningMechanism(), but that API provides no way to + // import or generate a key. + return SigningNotSupportedError("caller error: Attempt to sign using a mechanism created via NewEphemeralGPGSigningMechanism().") +} + +// Sign creates a (non-detached) signature of input using keyIdentity and passphrase. +// Fails with a SigningNotSupportedError if the mechanism does not support signing. +func (m *sequoiaEphemeralSigningMechanism) SignWithPassphrase(input []byte, keyIdentity string, passphrase string) ([]byte, error) { + // This code is externally reachable via NewEphemeralGPGSigningMechanism(), but that API provides no way to + // import or generate a key. + return nil, SigningNotSupportedError("caller error: Attempt to sign using a mechanism created via NewEphemeralGPGSigningMechanism().") +} + +// Sign creates a (non-detached) signature of input using keyIdentity. +// Fails with a SigningNotSupportedError if the mechanism does not support signing. +func (m *sequoiaEphemeralSigningMechanism) Sign(input []byte, keyIdentity string) ([]byte, error) { + return m.SignWithPassphrase(input, keyIdentity, "") +} + +// Verify parses unverifiedSignature and returns the content and the signer's identity. +// For mechanisms created using NewEphemeralGPGSigningMechanism, the returned key identity +// is expected to be one of the values returned by NewEphemeralGPGSigningMechanism, +// or the mechanism should implement signingMechanismWithVerificationIdentityLookup. +func (m *sequoiaEphemeralSigningMechanism) Verify(unverifiedSignature []byte) (contents []byte, keyIdentity string, err error) { + return m.inner.Verify(unverifiedSignature) +} + +// UntrustedSignatureContents returns UNTRUSTED contents of the signature WITHOUT ANY VERIFICATION, +// along with a short identifier of the key used for signing. +// WARNING: The short key identifier (which corresponds to "Key ID" for OpenPGP keys) +// is NOT the same as a "key identity" used in other calls to this interface, and +// the values may have no recognizable relationship if the public key is not available. +func (m *sequoiaEphemeralSigningMechanism) UntrustedSignatureContents(untrustedSignature []byte) (untrustedContents []byte, shortKeyIdentifier string, err error) { + return gpgUntrustedSignatureContents(untrustedSignature) +} diff --git a/vendor/go.podman.io/image/v5/signature/policy_config.go b/vendor/go.podman.io/image/v5/signature/policy_config.go index edace65691..50f445148f 100644 --- a/vendor/go.podman.io/image/v5/signature/policy_config.go +++ b/vendor/go.podman.io/image/v5/signature/policy_config.go @@ -31,7 +31,7 @@ import ( // systemDefaultPolicyPath is the policy path used for DefaultPolicy(). // You can override this at build time with -// -ldflags '-X github.com/containers/image/v5/signature.systemDefaultPolicyPath=$your_path' +// -ldflags '-X go.podman.io/image/v5/signature.systemDefaultPolicyPath=$your_path' var systemDefaultPolicyPath = builtinDefaultPolicyPath // userPolicyFile is the path to the per user policy path. diff --git a/vendor/go.podman.io/image/v5/signature/policy_eval_signedby.go b/vendor/go.podman.io/image/v5/signature/policy_eval_signedby.go index dec1e6adee..21ed59494d 100644 --- a/vendor/go.podman.io/image/v5/signature/policy_eval_signedby.go +++ b/vendor/go.podman.io/image/v5/signature/policy_eval_signedby.go @@ -6,7 +6,6 @@ import ( "context" "errors" "fmt" - "slices" digest "github.com/opencontainers/go-digest" "go.podman.io/image/v5/internal/multierr" @@ -50,15 +49,8 @@ func (pr *prSignedBy) isSignatureAuthorAccepted(ctx context.Context, image priva return sarRejected, nil, PolicyRequirementError("No public keys imported") } - signature, err := verifyAndExtractSignature(mech, sig, signatureAcceptanceRules{ - validateKeyIdentity: func(keyIdentity string) error { - if slices.Contains(trustedIdentities, keyIdentity) { - return nil - } - // Coverage: We use a private GPG home directory and only import trusted keys, so this should - // not be reachable. - return PolicyRequirementError(fmt.Sprintf("Signature by key %s is not accepted", keyIdentity)) - }, + signature, _, err := verifyAndExtractSignature(mech, sig, signatureAcceptanceRules{ + acceptedKeyIdentities: trustedIdentities, validateSignedDockerReference: func(ref string) error { if !pr.SignedIdentity.matchesDockerReference(image, ref) { return PolicyRequirementError(fmt.Sprintf("Signature for identity %q is not accepted", ref)) diff --git a/vendor/go.podman.io/image/v5/signature/sigstore/rekor/openapi_infra.go b/vendor/go.podman.io/image/v5/signature/sigstore/rekor/openapi_infra.go index 6d51897cf9..164dcba298 100644 --- a/vendor/go.podman.io/image/v5/signature/sigstore/rekor/openapi_infra.go +++ b/vendor/go.podman.io/image/v5/signature/sigstore/rekor/openapi_infra.go @@ -28,9 +28,6 @@ import ( // makeRequest makes a http request to the requested requestPath, and returns the received response. func (r *rekorClient) makeRequest(ctx context.Context, method, requestPath string, bodyContent any) (*http.Response, error) { - ctx, cancel := context.WithCancel(ctx) - defer cancel() - var body io.Reader headers := http.Header{} diff --git a/vendor/go.podman.io/image/v5/signature/simple.go b/vendor/go.podman.io/image/v5/signature/simple.go index 3429e9d7f9..8711f69080 100644 --- a/vendor/go.podman.io/image/v5/signature/simple.go +++ b/vendor/go.podman.io/image/v5/signature/simple.go @@ -8,6 +8,7 @@ import ( "encoding/json" "errors" "fmt" + "slices" "time" digest "github.com/opencontainers/go-digest" @@ -207,37 +208,52 @@ func (s untrustedSignature) sign(mech SigningMechanism, keyIdentity string, pass // because the functions have the same or similar types, so there is a risk of exchanging the functions; // named members of this struct are more explicit. type signatureAcceptanceRules struct { - validateKeyIdentity func(string) error + acceptedKeyIdentities []string validateSignedDockerReference func(string) error validateSignedDockerManifestDigest func(digest.Digest) error } // verifyAndExtractSignature verifies that unverifiedSignature has been signed, and that its principal components -// match expected values, both as specified by rules, and returns it -func verifyAndExtractSignature(mech SigningMechanism, unverifiedSignature []byte, rules signatureAcceptanceRules) (*Signature, error) { +// match expected values, both as specified by rules. +// Returns the signature, and an identity of the key that signed it. +func verifyAndExtractSignature(mech SigningMechanism, unverifiedSignature []byte, rules signatureAcceptanceRules) (*Signature, string, error) { signed, keyIdentity, err := mech.Verify(unverifiedSignature) if err != nil { - return nil, err + return nil, "", err } - if err := rules.validateKeyIdentity(keyIdentity); err != nil { - return nil, err + if !slices.Contains(rules.acceptedKeyIdentities, keyIdentity) { + withLookup, ok := mech.(signingMechanismWithVerificationIdentityLookup) + if !ok { + return nil, "", internal.NewInvalidSignatureError(fmt.Sprintf("signature by key %s is not accepted", keyIdentity)) + } + + primaryKey, err := withLookup.keyIdentityForVerificationKeyIdentity(keyIdentity) + if err != nil { + // Coverage: This only fails if lookup by keyIdentity fails, but we just found and used that key. + // Or maybe on some unexpected I/O error. + return nil, "", err + } + if !slices.Contains(rules.acceptedKeyIdentities, primaryKey) { + return nil, "", internal.NewInvalidSignatureError(fmt.Sprintf("signature by key %s of %s is not accepted", keyIdentity, primaryKey)) + } + keyIdentity = primaryKey } var unmatchedSignature untrustedSignature if err := json.Unmarshal(signed, &unmatchedSignature); err != nil { - return nil, internal.NewInvalidSignatureError(err.Error()) + return nil, "", internal.NewInvalidSignatureError(err.Error()) } if err := rules.validateSignedDockerManifestDigest(unmatchedSignature.untrustedDockerManifestDigest); err != nil { - return nil, err + return nil, "", err } if err := rules.validateSignedDockerReference(unmatchedSignature.untrustedDockerReference); err != nil { - return nil, err + return nil, "", err } // signatureAcceptanceRules have accepted this value. return &Signature{ DockerManifestDigest: unmatchedSignature.untrustedDockerManifestDigest, DockerReference: unmatchedSignature.untrustedDockerReference, - }, nil + }, keyIdentity, nil } // GetUntrustedSignatureInformationWithoutVerifying extracts information available in an untrusted signature, diff --git a/vendor/go.podman.io/image/v5/version/version.go b/vendor/go.podman.io/image/v5/version/version.go index 26237b0cee..e577735ee1 100644 --- a/vendor/go.podman.io/image/v5/version/version.go +++ b/vendor/go.podman.io/image/v5/version/version.go @@ -11,7 +11,7 @@ const ( VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-dev" + VersionDev = "" ) // Version is the specification version that the package types support. diff --git a/vendor/go.podman.io/storage/.cirrus.yml b/vendor/go.podman.io/storage/.cirrus.yml deleted file mode 100644 index d26b97d23a..0000000000 --- a/vendor/go.podman.io/storage/.cirrus.yml +++ /dev/null @@ -1,212 +0,0 @@ ---- - -# Main collection of env. vars to set for all tasks and scripts. -env: - #### - #### Global variables used for all tasks - #### - # Overrides default location (/tmp/cirrus) for repo clone - CIRRUS_WORKING_DIR: "/var/tmp/go/src/github.com/containers/storage" - # Shell used to execute all script commands - CIRRUS_SHELL: "/bin/bash" - # Automation script path relative to $CIRRUS_WORKING_DIR) - SCRIPT_BASE: "./contrib/cirrus" - # No need to go crazy, but grab enough to cover most PRs - CIRRUS_CLONE_DEPTH: 50 - - #### - #### Cache-image names to test with (double-quotes around names are critical) - ### - FEDORA_NAME: "fedora-42" - DEBIAN_NAME: "debian-13" - - # GCE project where images live - IMAGE_PROJECT: "libpod-218412" - # VM Image built in containers/automation_images - IMAGE_SUFFIX: "c20250422t130822z-f42f41d13" - FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" - DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}" - - #### - #### Command variables to help avoid duplication - #### - # Command to prefix every output line with a timestamp - # (can't do inline awk script, Cirrus-CI or YAML mangles quoting) - _TIMESTAMP: 'awk --file ${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/timestamp.awk' - _DFCMD: 'df -lhTx tmpfs' - _RAUDITCMD: 'cat /var/log/audit/audit.log' - _UAUDITCMD: 'cat /var/log/kern.log' - _JOURNALCMD: 'journalctl -b' - -gcp_credentials: ENCRYPTED[c87717f04fb15499d19a3b3fa0ad2cdedecc047e82967785d101e9bc418e93219f755e662feac8390088a2df1a4d8464] - -# Default timeout for each task -timeout_in: 120m - -# Default VM to use unless set or modified by task -gce_instance: - image_project: "${IMAGE_PROJECT}" - zone: "us-central1-b" # Required by Cirrus for the time being - cpu: 2 - memory: "4Gb" - disk: 200 - image_name: "${FEDORA_CACHE_IMAGE_NAME}" - - -linux_testing: &linux_testing - depends_on: - - lint - gce_instance: # Only need to specify differences from defaults (above) - image_name: "${VM_IMAGE}" - - # Separate scripts for separate outputs, makes debugging easier. - setup_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}' - build_and_test_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/build_and_test.sh |& ${_TIMESTAMP}' - - always: - df_script: '${_DFCMD} || true' - rh_audit_log_script: '${_RAUDITCMD} || true' - debian_audit_log_script: '${_UAUDITCMD} || true' - journal_log_script: '${_JOURNALCMD} || true' - - -fedora_testing_task: &fedora_testing - <<: *linux_testing - alias: fedora_testing - name: &std_test_name "${OS_NAME} ${TEST_DRIVER}" - env: - OS_NAME: "${FEDORA_NAME}" - VM_IMAGE: "${FEDORA_CACHE_IMAGE_NAME}" - # Not all $TEST_DRIVER combinations valid for all $VM_IMAGE types. - matrix: &test_matrix - - env: - TEST_DRIVER: "vfs" - - env: - TEST_DRIVER: "overlay" - - env: - TEST_DRIVER: "overlay-transient" - - env: - TEST_DRIVER: "fuse-overlay" - - env: - TEST_DRIVER: "fuse-overlay-whiteout" - - env: - TEST_DRIVER: "btrfs" - - -# aufs was dropped between 20.04 and 22.04, can't test it -debian_testing_task: &debian_testing - <<: *linux_testing - alias: debian_testing - name: *std_test_name - env: - OS_NAME: "${DEBIAN_NAME}" - VM_IMAGE: "${DEBIAN_CACHE_IMAGE_NAME}" - # Not all $TEST_DRIVER combinations valid for all $VM_IMAGE types. - matrix: - - env: - TEST_DRIVER: "vfs" - - env: - TEST_DRIVER: "overlay" - - env: - TEST_DRIVER: "fuse-overlay" - - env: - TEST_DRIVER: "fuse-overlay-whiteout" - - env: - TEST_DRIVER: "btrfs" - - -lint_task: - alias: lint - env: - CIRRUS_WORKING_DIR: "/go/src/github.com/containers/storage" - container: - image: golang - modules_cache: - fingerprint_script: cat go.sum - folder: $GOPATH/pkg/mod - build_script: | - apt-get update - apt-get install -y libbtrfs-dev libsubid-dev - test_script: | - [ -n "${CIRRUS_BASE_SHA}" ] && git fetch origin ${CIRRUS_BASE_SHA} # Make ${CIRRUS_BASE_SHA} resolvable for git-validation - make TAGS=regex_precompile local-validate - make lint - make clean - - -# Update metadata on VM images referenced by this repository state -meta_task: - alias: meta - - container: - image: "quay.io/libpod/imgts:latest" - cpu: 1 - memory: 1 - - env: - # Space-separated list of images used by this repository state - IMGNAMES: |- - ${FEDORA_CACHE_IMAGE_NAME} - ${DEBIAN_CACHE_IMAGE_NAME} - BUILDID: "${CIRRUS_BUILD_ID}" - REPOREF: "${CIRRUS_CHANGE_IN_REPO}" - GCPJSON: ENCRYPTED[244a93fe8b386b48b96f748342bf741350e43805eee81dd04b45093bdf737e540b993fc735df41f131835fa0f9b65826] - GCPNAME: ENCRYPTED[91cf7aa421858b26b67835978d224b4a5c46afcf52a0f1ec1b69a99b248715dc8e92a1b56fde18e092acf256fa80ae9c] - GCPPROJECT: ENCRYPTED[79b0f7eb5958e25bc7095d5d368fa8d94447a43ffacb9c693de438186e2f767b7efe9563d6954297ae4730220e10aa9c] - CIRRUS_CLONE_DEPTH: 1 # source not used - - script: '/usr/local/bin/entrypoint.sh |& ${_TIMESTAMP}' - - -vendor_task: - alias: vendor - container: - image: golang - modules_cache: - fingerprint_script: cat go.sum - folder: $GOPATH/pkg/mod - build_script: make vendor - test_script: hack/tree_status.sh - -cross_task: - alias: cross - container: - image: golang:1.24 - build_script: make cross - -gofix_task: - alias: gofix - container: - image: golang:1.24 - build_script: go fix ./... - test_script: git diff --exit-code - -codespell_task: - alias: codespell - container: - image: python - build_script: pip install codespell - test_script: codespell - - -# Status aggregator for all tests. This task simply ensures a defined -# set of tasks all passed, and allows confirming that based on the status -# of this task. -success_task: - alias: success - # N/B: The prow merge-bot (tide) is sensitized to this exact name, DO NOT CHANGE IT. - # Ref: https://github.com/openshift/release/pull/49820 - name: "Total Success" - depends_on: - - lint - - fedora_testing - - debian_testing - - meta - - vendor - - cross - - gofix - - codespell - container: - image: golang:1.24 - clone_script: 'mkdir -p "$CIRRUS_WORKING_DIR"' # Source code not needed - script: /bin/true diff --git a/vendor/go.podman.io/storage/.codespellrc b/vendor/go.podman.io/storage/.codespellrc deleted file mode 100644 index 2af969196e..0000000000 --- a/vendor/go.podman.io/storage/.codespellrc +++ /dev/null @@ -1,3 +0,0 @@ -[codespell] -skip = ./.git,./vendor,./tests/tools/vendor,AUTHORS -ignore-words-list = afile,flate,prevend,Plack,worl diff --git a/vendor/go.podman.io/storage/CODE-OF-CONDUCT.md b/vendor/go.podman.io/storage/CODE-OF-CONDUCT.md deleted file mode 100644 index f4f7df4b8c..0000000000 --- a/vendor/go.podman.io/storage/CODE-OF-CONDUCT.md +++ /dev/null @@ -1,3 +0,0 @@ -## The Containers Storage Project Community Code of Conduct - -The Containers Storage project follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/main/CODE-OF-CONDUCT.md). diff --git a/vendor/go.podman.io/storage/CONTRIBUTING.md b/vendor/go.podman.io/storage/CONTRIBUTING.md deleted file mode 100644 index f50eb88053..0000000000 --- a/vendor/go.podman.io/storage/CONTRIBUTING.md +++ /dev/null @@ -1,35 +0,0 @@ -# Contributing to Containers/Storage - -We'd love to have you join the community! [Learn how to contribute](https://github.com/containers/common/blob/main/CONTRIBUTING.md) to the Containers Group Projects. - -Please note that the following information is specific to this project: - -* We don’t typically require 2 LGTMs for this repository. - -## Communications - -For general questions, or discussions, please use the -IRC group on `irc.freenode.net` called `container-projects` -that has been setup. - -For discussions around issues/bugs and features, you can use the github -[issues](https://github.com/containers/storage/issues) -and -[PRs](https://github.com/containers/storage/pulls) -tracking system. - - diff --git a/vendor/go.podman.io/storage/Makefile b/vendor/go.podman.io/storage/Makefile index b4d23dc073..d411ce38c4 100644 --- a/vendor/go.podman.io/storage/Makefile +++ b/vendor/go.podman.io/storage/Makefile @@ -2,7 +2,6 @@ all \ binary \ clean \ - codespell \ containers-storage \ cross \ default \ @@ -11,7 +10,6 @@ help \ install \ install.docs \ - install.tools \ lint \ local-binary \ local-cross \ @@ -19,12 +17,8 @@ local-test \ local-test-integration \ local-test-unit \ - local-validate \ test-integration \ - test-unit \ - validate \ - vendor \ - vendor-in-container + test-unit NATIVETAGS := AUTOTAGS := $(shell ./hack/btrfs_tag.sh) $(shell ./hack/libsubid_tag.sh) @@ -32,12 +26,7 @@ BUILDFLAGS := -tags "$(AUTOTAGS) $(TAGS)" $(FLAGS) GO ?= go TESTFLAGS := $(shell $(GO) test -race $(BUILDFLAGS) ./pkg/stringutils 2>&1 > /dev/null && echo -race) -# N/B: This value is managed by Renovate, manual changes are -# possible, as long as they don't disturb the formatting -# (i.e. DO NOT ADD A 'v' prefix!) -GOLANGCI_LINT_VERSION := 2.3.1 - -default all: local-binary docs local-validate local-cross ## validate all checks, build and cross-build\nbinaries and docs +default all: local-binary docs local-cross ## build and cross-build\nbinaries and docs clean: ## remove all built files $(RM) -f containers-storage containers-storage.* docs/*.1 docs/*.5 @@ -45,9 +34,6 @@ clean: ## remove all built files containers-storage: ## build using gc on the host $(GO) build -compiler gc $(BUILDFLAGS) ./cmd/containers-storage -codespell: - codespell - binary local-binary: containers-storage local-gccgo gccgo: ## build using gccgo on the host @@ -64,7 +50,7 @@ local-cross cross: ## cross build the binaries for arm, darwin, and freebsd env CGO_ENABLED=0 GOOS=$${os} GOARCH=$${arch} $(GO) build -compiler gc -tags "$(NATIVETAGS) $(TAGS)" $(FLAGS) -o containers-storage.$${suffix} ./cmd/containers-storage || exit 1 ; \ done -docs: install.tools ## build the docs on the host +docs: ## build the docs on the host $(MAKE) -C docs docs local-test: local-binary local-test-unit local-test-integration ## build the binaries and run the tests @@ -75,27 +61,23 @@ local-test-unit test-unit: local-binary ## run the unit tests on the host (requi local-test-integration test-integration: local-binary ## run the integration tests on the host (requires\nsuperuser privileges) @cd tests; ./test_runner.bash -local-validate validate: install.tools ## validate DCO on the host - @./hack/git-validation.sh - -install.tools: - $(MAKE) -C tests/tools GOLANGCI_LINT_VERSION=$(GOLANGCI_LINT_VERSION) - install.docs: docs $(MAKE) -C docs install install: install.docs -lint: install.tools - tests/tools/build/golangci-lint run --build-tags="$(AUTOTAGS) $(TAGS)" +lint: + golangci-lint run --build-tags="$(AUTOTAGS) $(TAGS)" help: ## this help @awk 'BEGIN {FS = ":.*?## "} /^[a-z A-Z_-]+:.*?## / {gsub(" ",",",$$1);gsub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-21s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) -vendor-in-container: - podman run --privileged --rm --env HOME=/root -v `pwd`:/src -w /src golang make vendor +.PHONY: tidy-in-container +tidy-in-container: + podman run --privileged --rm --env HOME=/root -v `pwd`:/src -w /src golang make tidy -vendor: +.PHONY: tidy +tidy: $(GO) mod tidy - $(GO) work vendor $(GO) mod verify + $(GO) mod edit -toolchain none diff --git a/vendor/go.podman.io/storage/README.md b/vendor/go.podman.io/storage/README.md index fef46a6893..1017d319f7 100644 --- a/vendor/go.podman.io/storage/README.md +++ b/vendor/go.podman.io/storage/README.md @@ -42,5 +42,5 @@ Additionally, the library can store one or more of what it calls *big data* for images and containers. This is a named chunk of larger data, which is only in memory when it is being read from or being written to its own disk file. -**[Contributing](CONTRIBUTING.md)** +**[Contributing](../CONTRIBUTING.md)** Information about contributing to this project. diff --git a/vendor/go.podman.io/storage/SECURITY.md b/vendor/go.podman.io/storage/SECURITY.md deleted file mode 100644 index ab2c14182f..0000000000 --- a/vendor/go.podman.io/storage/SECURITY.md +++ /dev/null @@ -1,3 +0,0 @@ -## Security and Disclosure Information Policy for the Containers Storage Project - -The Containers Storage Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/main/SECURITY.md) for the Containers Projects. diff --git a/vendor/go.podman.io/storage/VERSION b/vendor/go.podman.io/storage/VERSION index 9345264f9e..4d5fde5bd1 100644 --- a/vendor/go.podman.io/storage/VERSION +++ b/vendor/go.podman.io/storage/VERSION @@ -1 +1 @@ -1.60.0-dev +1.60.0 diff --git a/vendor/modules.txt b/vendor/modules.txt index 7a49b98851..5e181df93d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -744,7 +744,7 @@ go.opentelemetry.io/otel/trace go.opentelemetry.io/otel/trace/embedded go.opentelemetry.io/otel/trace/internal/telemetry go.opentelemetry.io/otel/trace/noop -# go.podman.io/common v0.0.0-20250826054041-6e4bed3c9118 +# go.podman.io/common v0.65.0 ## explicit; go 1.23.3 go.podman.io/common/internal go.podman.io/common/internal/attributedstring @@ -811,7 +811,7 @@ go.podman.io/common/pkg/umask go.podman.io/common/pkg/util go.podman.io/common/pkg/version go.podman.io/common/version -# go.podman.io/image/v5 v5.36.1-0.20250820085751-a13b38f45723 +# go.podman.io/image/v5 v5.37.0 ## explicit; go 1.23.3 go.podman.io/image/v5/copy go.podman.io/image/v5/directory @@ -871,6 +871,7 @@ go.podman.io/image/v5/pkg/tlsclientconfig go.podman.io/image/v5/sif go.podman.io/image/v5/signature go.podman.io/image/v5/signature/internal +go.podman.io/image/v5/signature/internal/sequoia go.podman.io/image/v5/signature/signer go.podman.io/image/v5/signature/sigstore go.podman.io/image/v5/signature/sigstore/fulcio @@ -883,7 +884,7 @@ go.podman.io/image/v5/transports go.podman.io/image/v5/transports/alltransports go.podman.io/image/v5/types go.podman.io/image/v5/version -# go.podman.io/storage v1.59.1-0.20250820085751-a13b38f45723 +# go.podman.io/storage v1.60.0 ## explicit; go 1.23.3 go.podman.io/storage go.podman.io/storage/drivers