diff --git a/go.mod b/go.mod
index 7f660bd150..c9b1d5f2ec 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
github.com/containernetworking/cni v1.1.2
github.com/containernetworking/plugins v1.3.0
github.com/containers/buildah v1.33.2-0.20231121195905-d1a1c53c8e1c
- github.com/containers/common v0.57.1-0.20231127171932-3cec82a37105
+ github.com/containers/common v0.57.1-0.20231129142626-3b9abaa8806f
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/gvisor-tap-vsock v0.7.1
github.com/containers/image/v5 v5.29.1-0.20231120202631-293b00ba7166
@@ -46,7 +46,7 @@ require (
github.com/mdlayher/vsock v1.2.1
github.com/moby/term v0.5.0
github.com/nxadm/tail v1.4.11
- github.com/onsi/ginkgo/v2 v2.13.1
+ github.com/onsi/ginkgo/v2 v2.13.2
github.com/onsi/gomega v1.30.0
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.0-rc5
diff --git a/go.sum b/go.sum
index e80530dfd0..41a1439360 100644
--- a/go.sum
+++ b/go.sum
@@ -256,8 +256,8 @@ github.com/containernetworking/plugins v1.3.0 h1:QVNXMT6XloyMUoO2wUOqWTC1hWFV62Q
github.com/containernetworking/plugins v1.3.0/go.mod h1:Pc2wcedTQQCVuROOOaLBPPxrEXqqXBFt3cZ+/yVg6l0=
github.com/containers/buildah v1.33.2-0.20231121195905-d1a1c53c8e1c h1:E7nxvH3N3kpyson0waJv1X+eY9hAs+x2zQswsK+//yY=
github.com/containers/buildah v1.33.2-0.20231121195905-d1a1c53c8e1c/go.mod h1:oMNfVrZGEfWVOxXTNOYPMdZzDfSo2umURK/TO0d8TRk=
-github.com/containers/common v0.57.1-0.20231127171932-3cec82a37105 h1:CMtIWhUBDpOFPNUDiYUYiWC5ducrYPdynWAsB4jAX8k=
-github.com/containers/common v0.57.1-0.20231127171932-3cec82a37105/go.mod h1:9gSqpih8l6jSGOC0D28Bic4Yx1GuYKFH+MUZhr+sGkg=
+github.com/containers/common v0.57.1-0.20231129142626-3b9abaa8806f h1:palKvEWcNCW+mhh4hmOI/IpFthhnVwoRGOTlbTDpqE0=
+github.com/containers/common v0.57.1-0.20231129142626-3b9abaa8806f/go.mod h1:FlJBjxfbI9s1o7VROe/2fiN8kvgO29/qa3dPDCaX3og=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/gvisor-tap-vsock v0.7.1 h1:+Rc+sOPplrkQb/BUXeN0ug8TxjgyrIqo/9P/eNS2A4c=
@@ -833,8 +833,8 @@ github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0
github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU=
-github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
+github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs=
+github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
diff --git a/vendor/github.com/containers/common/libnetwork/netavark/exec.go b/vendor/github.com/containers/common/libnetwork/netavark/exec.go
index 20934a3f9a..f2c82359ad 100644
--- a/vendor/github.com/containers/common/libnetwork/netavark/exec.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/exec.go
@@ -86,6 +86,9 @@ func (n *netavarkNetwork) execNetavark(args []string, needPlugin bool, stdin, re
if n.dnsBindPort != 0 {
env = append(env, "NETAVARK_DNS_PORT="+strconv.Itoa(int(n.dnsBindPort)))
}
+ if n.firewallDriver != "" {
+ env = append(env, "NETAVARK_FW="+n.firewallDriver)
+ }
return n.execBinary(n.netavarkBinary, append(n.getCommonNetavarkOptions(needPlugin), args...), stdin, result, env)
}
diff --git a/vendor/github.com/containers/common/libnetwork/netavark/network.go b/vendor/github.com/containers/common/libnetwork/netavark/network.go
index 0d323db28b..5921167491 100644
--- a/vendor/github.com/containers/common/libnetwork/netavark/network.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/network.go
@@ -36,6 +36,9 @@ type netavarkNetwork struct {
// aardvarkBinary is the path to the aardvark binary.
aardvarkBinary string
+ // firewallDriver sets the firewall driver to use
+ firewallDriver string
+
// defaultNetwork is the name for the default network.
defaultNetwork string
// defaultSubnet is the default subnet for the default network.
@@ -79,6 +82,9 @@ type InitConfig struct {
// NetworkRunDir is where temporary files are stored, i.e.the ipam db, aardvark config
NetworkRunDir string
+ // FirewallDriver sets the firewall driver to use
+ FirewallDriver string
+
// DefaultNetwork is the name for the default network.
DefaultNetwork string
// DefaultSubnet is the default subnet for the default network.
@@ -146,6 +152,7 @@ func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
aardvarkBinary: conf.AardvarkBinary,
networkRootless: unshare.IsRootless(),
ipamDBPath: filepath.Join(conf.NetworkRunDir, "ipam.db"),
+ firewallDriver: conf.FirewallDriver,
defaultNetwork: defaultNetworkName,
defaultSubnet: defaultNet,
defaultsubnetPools: defaultSubnetPools,
diff --git a/vendor/github.com/containers/common/libnetwork/network/interface.go b/vendor/github.com/containers/common/libnetwork/network/interface.go
index aeac8d9c15..b3a5f2aec3 100644
--- a/vendor/github.com/containers/common/libnetwork/network/interface.go
+++ b/vendor/github.com/containers/common/libnetwork/network/interface.go
@@ -82,6 +82,7 @@ func NetworkBackend(store storage.Store, conf *config.Config, syslog bool) (type
NetavarkBinary: netavarkBin,
AardvarkBinary: aardvarkBin,
PluginDirs: conf.Network.NetavarkPluginDirs.Get(),
+ FirewallDriver: conf.Network.FirewallDriver,
DefaultNetwork: conf.Network.DefaultNetwork,
DefaultSubnet: conf.Network.DefaultSubnet,
DefaultsubnetPools: conf.Network.DefaultSubnetPools,
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go
index 75b917f013..d25dd019a2 100644
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@@ -567,6 +567,9 @@ type NetworkConfig struct {
// NetavarkPluginDirs is a list of directories which contain netavark plugins.
NetavarkPluginDirs attributedstring.Slice `toml:"netavark_plugin_dirs,omitempty"`
+ // FirewallDriver is the firewall driver to be used
+ FirewallDriver string `toml:"firewall_driver,omitempty"`
+
// DefaultNetwork is the network name of the default network
// to attach pods to.
DefaultNetwork string `toml:"default_network,omitempty"`
diff --git a/vendor/github.com/containers/common/pkg/config/config_darwin.go b/vendor/github.com/containers/common/pkg/config/config_darwin.go
index eb83733d46..1b40e2bae7 100644
--- a/vendor/github.com/containers/common/pkg/config/config_darwin.go
+++ b/vendor/github.com/containers/common/pkg/config/config_darwin.go
@@ -32,6 +32,8 @@ func ifRootlessConfigPath() (string, error) {
}
var defaultHelperBinariesDir = []string{
+ // Relative to the binary directory
+ "$BINDIR/../libexec/podman",
// Homebrew install paths
"/usr/local/opt/podman/libexec/podman",
"/opt/homebrew/opt/podman/libexec/podman",
@@ -42,6 +44,4 @@ var defaultHelperBinariesDir = []string{
"/usr/local/lib/podman",
"/usr/libexec/podman",
"/usr/lib/podman",
- // Relative to the binary directory
- "$BINDIR/../libexec/podman",
}
diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf
index 8c532f0798..22c4339718 100644
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@@ -340,6 +340,14 @@ default_sysctls = [
# "/usr/lib/netavark",
#]
+# The firewall driver to be used by netavark.
+# The default is empty which means netavark will pick one accordingly. Current supported
+# drivers are "iptables", "none" (no firewall rules will be created) and "firewalld" (firewalld is
+# experimental at the moment and not recommend outside of testing). In the future we are
+# planning to add support for a "nftables" driver.
+#firewall_driver = ""
+
+
# The network name of the default network to attach pods to.
#
#default_network = "podman"
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index 3b0bf913bd..9e65d5c201 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -253,6 +253,7 @@ func defaultConfig() (*Config, error) {
Volumes: attributedstring.Slice{},
},
Network: NetworkConfig{
+ FirewallDriver: "",
DefaultNetwork: "podman",
DefaultSubnet: DefaultSubnet,
DefaultSubnetPools: DefaultSubnetPools,
@@ -339,7 +340,8 @@ func defaultEngineConfig() (*EngineConfig, error) {
c.HelperBinariesDir.Set(defaultHelperBinariesDir)
if additionalHelperBinariesDir != "" {
- c.HelperBinariesDir.Set(append(c.HelperBinariesDir.Get(), additionalHelperBinariesDir))
+ // Prioritize addtionalHelperBinariesDir over defaults.
+ c.HelperBinariesDir.Set(append([]string{additionalHelperBinariesDir}, c.HelperBinariesDir.Get()...))
}
c.HooksDir.Set(DefaultHooksDirs)
c.ImageDefaultTransport = _defaultTransport
diff --git a/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md b/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md
index 102bb529fd..ec91408f99 100644
--- a/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md
+++ b/vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 2.13.2
+
+### Fixes
+- Fix file handler leak (#1309) [e2e81c8]
+- Avoid allocations with `(*regexp.Regexp).MatchString` (#1302) [3b2a2a7]
+
## 2.13.1
### Fixes
diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/test_suite.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/test_suite.go
index f3ae13bb14..df99875be2 100644
--- a/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/test_suite.go
+++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/test_suite.go
@@ -226,7 +226,7 @@ func suitesInDir(dir string, recurse bool) TestSuites {
files, _ := os.ReadDir(dir)
re := regexp.MustCompile(`^[^._].*_test\.go$`)
for _, file := range files {
- if !file.IsDir() && re.Match([]byte(file.Name())) {
+ if !file.IsDir() && re.MatchString(file.Name()) {
suite := TestSuite{
Path: relPath(dir),
PackageName: packageNameForSuite(dir),
@@ -241,7 +241,7 @@ func suitesInDir(dir string, recurse bool) TestSuites {
if recurse {
re = regexp.MustCompile(`^[._]`)
for _, file := range files {
- if file.IsDir() && !re.Match([]byte(file.Name())) {
+ if file.IsDir() && !re.MatchString(file.Name()) {
suites = append(suites, suitesInDir(dir+"/"+file.Name(), recurse)...)
}
}
@@ -272,7 +272,7 @@ func filesHaveGinkgoSuite(dir string, files []os.DirEntry) bool {
reGinkgo := regexp.MustCompile(`package ginkgo|\/ginkgo"|\/ginkgo\/v2"|\/ginkgo\/v2/dsl/`)
for _, file := range files {
- if !file.IsDir() && reTestFile.Match([]byte(file.Name())) {
+ if !file.IsDir() && reTestFile.MatchString(file.Name()) {
contents, _ := os.ReadFile(dir + "/" + file.Name())
if reGinkgo.Match(contents) {
return true
diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/dependencies.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/dependencies.go
index f5ddff30fc..a34d94354d 100644
--- a/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/dependencies.go
+++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/dependencies.go
@@ -78,7 +78,7 @@ func (d Dependencies) resolveAndAdd(deps []string, depth int) {
if err != nil {
continue
}
- if !pkg.Goroot && (!ginkgoAndGomegaFilter.Match([]byte(pkg.Dir)) || ginkgoIntegrationTestFilter.Match([]byte(pkg.Dir))) {
+ if !pkg.Goroot && (!ginkgoAndGomegaFilter.MatchString(pkg.Dir) || ginkgoIntegrationTestFilter.MatchString(pkg.Dir)) {
d.addDepIfNotPresent(pkg.Dir, depth)
}
}
diff --git a/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go
index e9f7ec0cb3..17d052bdc3 100644
--- a/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go
+++ b/vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go
@@ -79,7 +79,7 @@ func (p *PackageHash) computeHashes() (codeHash string, codeModifiedTime time.Ti
continue
}
- if goTestRegExp.Match([]byte(info.Name())) {
+ if goTestRegExp.MatchString(info.Name()) {
testHash += p.hashForFileInfo(info)
if info.ModTime().After(testModifiedTime) {
testModifiedTime = info.ModTime()
@@ -87,7 +87,7 @@ func (p *PackageHash) computeHashes() (codeHash string, codeModifiedTime time.Ti
continue
}
- if p.watchRegExp.Match([]byte(info.Name())) {
+ if p.watchRegExp.MatchString(info.Name()) {
codeHash += p.hashForFileInfo(info)
if info.ModTime().After(codeModifiedTime) {
codeModifiedTime = info.ModTime()
diff --git a/vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go b/vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go
index be506f9b47..5d3e8db994 100644
--- a/vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go
+++ b/vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go
@@ -18,6 +18,7 @@ func GenerateJSONReport(report types.Report, destination string) error {
if err != nil {
return err
}
+ defer f.Close()
enc := json.NewEncoder(f)
enc.SetIndent("", " ")
err = enc.Encode([]types.Report{
@@ -26,7 +27,7 @@ func GenerateJSONReport(report types.Report, destination string) error {
if err != nil {
return err
}
- return f.Close()
+ return nil
}
// MergeJSONReports produces a single JSON-formatted report at the passed in destination by merging the JSON-formatted reports provided in sources
@@ -57,11 +58,12 @@ func MergeAndCleanupJSONReports(sources []string, destination string) ([]string,
if err != nil {
return messages, err
}
+ defer f.Close()
enc := json.NewEncoder(f)
enc.SetIndent("", " ")
err = enc.Encode(allReports)
if err != nil {
return messages, err
}
- return messages, f.Close()
+ return messages, nil
}
diff --git a/vendor/github.com/onsi/ginkgo/v2/types/code_location.go b/vendor/github.com/onsi/ginkgo/v2/types/code_location.go
index 9cd5768170..57e87517e0 100644
--- a/vendor/github.com/onsi/ginkgo/v2/types/code_location.go
+++ b/vendor/github.com/onsi/ginkgo/v2/types/code_location.go
@@ -149,7 +149,7 @@ func PruneStack(fullStackTrace string, skip int) string {
re := regexp.MustCompile(`\/ginkgo\/|\/pkg\/testing\/|\/pkg\/runtime\/`)
for i := 0; i < len(stack)/2; i++ {
// We filter out based on the source code file name.
- if !re.Match([]byte(stack[i*2+1])) {
+ if !re.MatchString(stack[i*2+1]) {
prunedStack = append(prunedStack, stack[i*2])
prunedStack = append(prunedStack, stack[i*2+1])
}
diff --git a/vendor/github.com/onsi/ginkgo/v2/types/version.go b/vendor/github.com/onsi/ginkgo/v2/types/version.go
index 7a794d87a1..a4a1524b4f 100644
--- a/vendor/github.com/onsi/ginkgo/v2/types/version.go
+++ b/vendor/github.com/onsi/ginkgo/v2/types/version.go
@@ -1,3 +1,3 @@
package types
-const VERSION = "2.13.1"
+const VERSION = "2.13.2"
diff --git a/vendor/modules.txt b/vendor/modules.txt
index a348c03d9e..652b100c64 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -167,7 +167,7 @@ github.com/containers/buildah/pkg/sshagent
github.com/containers/buildah/pkg/util
github.com/containers/buildah/pkg/volumes
github.com/containers/buildah/util
-# github.com/containers/common v0.57.1-0.20231127171932-3cec82a37105
+# github.com/containers/common v0.57.1-0.20231129142626-3b9abaa8806f
## explicit; go 1.18
github.com/containers/common/internal/attributedstring
github.com/containers/common/libimage
@@ -811,7 +811,7 @@ github.com/nxadm/tail/winfile
# github.com/oklog/ulid v1.3.1
## explicit
github.com/oklog/ulid
-# github.com/onsi/ginkgo/v2 v2.13.1
+# github.com/onsi/ginkgo/v2 v2.13.2
## explicit; go 1.18
github.com/onsi/ginkgo/v2
github.com/onsi/ginkgo/v2/config