vendor c/common@main

In hope to fix a CI flake.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/containernetworking/cni v1.1.0
 	github.com/containernetworking/plugins v1.1.1
 	github.com/containers/buildah v1.26.1
-	github.com/containers/common v0.48.0
+	github.com/containers/common v0.48.1-0.20220510094751-400832f41771
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/image/v5 v5.21.1
 	github.com/containers/ocicrypt v1.1.4-0.20220428134531-566b808bdf6f

go.sum

@@ -339,8 +339,9 @@ github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNG
 github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8=
 github.com/containers/buildah v1.26.1 h1:D65Vuo+orsI14WWtJhSX6KrpgBBa7+hveVWevzG8p8E=
 github.com/containers/buildah v1.26.1/go.mod h1:CsWSG8OpJd8v3mlLREJzVAOBgC93DjRNALUVHoi8QsY=
-github.com/containers/common v0.48.0 h1:997nnXBZ+eNpfSM7L4SxhhZubQrfEyw3jRyNMTSsNlw=
 github.com/containers/common v0.48.0/go.mod h1:zPLZCfLXfnd1jI0QRsD4By54fP4k1+ifQs+tulIe3o0=
+github.com/containers/common v0.48.1-0.20220510094751-400832f41771 h1:rHd882jzJK1fIXCJWvc1zTX5CIv2aOyzzkqj6mezLLw=
+github.com/containers/common v0.48.1-0.20220510094751-400832f41771/go.mod h1:xapcAN0NbthUpjBv2UWZ5uiCGBlYbuj0o1Qg4hCaiL8=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/image/v5 v5.21.1 h1:Cr3zw2f0FZs4SCkdGlc8SN/mpcmg2AKG4OUuDbeGS/Q=

test/e2e/containers_conf_test.go

@@ -456,13 +456,12 @@ var _ = Describe("Verify podman containers.conf usage", func() {
 		containersConf = []byte("[engine]\nimage_copy_tmp_dir=\"storage1\"")
 		err = ioutil.WriteFile(configPath, containersConf, os.ModePerm)
 		Expect(err).ToNot(HaveOccurred())
-		if IsRemote() {
+
-			podmanTest.RestartRemoteService()
+		SkipIfRemote("Restarting the system service will fail loading the broken containers.conf")
-		}
 
 		session = podmanTest.Podman([]string{"info", "--format", "{{.Store.ImageCopyTmpDir}}"})
 		session.WaitWithDefaultTimeout()
-		Expect(session).Should(Exit(0))
+		Expect(session).Should(Exit(125))
 		Expect(session.Err.Contents()).To(ContainSubstring("invalid image_copy_tmp_dir"))
 	})
 

vendor/github.com/containers/common/libimage/image.go

@@ -608,7 +608,7 @@ func (i *Image) RepoTags() ([]string, error) {
 // NamedTaggedRepoTags returns the repotags associated with the image as a
 // slice of reference.NamedTagged.
 func (i *Image) NamedTaggedRepoTags() ([]reference.NamedTagged, error) {
-	var repoTags []reference.NamedTagged
+	repoTags := make([]reference.NamedTagged, 0, len(i.Names()))
 	for _, name := range i.Names() {
 		parsed, err := reference.Parse(name)
 		if err != nil {

vendor/github.com/containers/common/libimage/load.go

@@ -32,8 +32,8 @@ func (r *Runtime) Load(ctx context.Context, path string, options *LoadOptions) (
 		options = &LoadOptions{}
 	}
 
-	var loadErrors []error
+	// we have 4 functions, so a maximum of 4 errors
-
+	loadErrors := make([]error, 0, 4)
 	for _, f := range []func() ([]string, string, error){
 		// OCI
 		func() ([]string, string, error) {
@@ -88,6 +88,8 @@ func (r *Runtime) Load(ctx context.Context, path string, options *LoadOptions) (
 	}
 
 	// Give a decent error message if nothing above worked.
+	// we want the colon here for the multiline error
+	//nolint:revive
 	loadError := fmt.Errorf("payload does not match any of the supported image formats:")
 	for _, err := range loadErrors {
 		loadError = fmt.Errorf("%v\n * %v", loadError, err)

vendor/github.com/containers/common/libimage/normalize.go

@@ -115,7 +115,7 @@ type NameTagPair struct {
 func ToNameTagPairs(repoTags []reference.Named) ([]NameTagPair, error) {
 	none := "<none>"
 
-	var pairs []NameTagPair
+	pairs := make([]NameTagPair, 0, len(repoTags))
 	for i, named := range repoTags {
 		pair := NameTagPair{
 			Name:  named.Name(),

vendor/github.com/containers/common/libimage/pull.go

@@ -413,11 +413,11 @@ func (r *Runtime) imagesIDsForManifest(manifestBytes []byte, sys *types.SystemCo
 		}
 		imageDigest = d
 	}
-	var results []string
 	images, err := r.store.ImagesByDigest(imageDigest)
 	if err != nil {
 		return nil, errors.Wrapf(err, "listing images by manifest digest")
 	}
+	results := make([]string, 0, len(images))
 	for _, image := range images {
 		results = append(results, image.ID)
 	}

vendor/github.com/containers/common/libimage/runtime.go

@@ -6,6 +6,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/pkg/shortnames"
 	storageTransport "github.com/containers/image/v5/storage"
@@ -22,13 +23,16 @@ import (
 var json = jsoniter.ConfigCompatibleWithStandardLibrary
 
 // tmpdir returns a path to a temporary directory.
-func tmpdir() string {
+func tmpdir() (string, error) {
-	tmpdir := os.Getenv("TMPDIR")
+	var tmpdir string
-	if tmpdir == "" {
+	defaultContainerConfig, err := config.Default()
-		tmpdir = "/var/tmp"
+	if err == nil {
+		tmpdir, err = defaultContainerConfig.ImageCopyTmpDir()
+		if err == nil {
+			return tmpdir, nil
 		}
-
+	}
-	return tmpdir
+	return tmpdir, err
 }
 
 // RuntimeOptions allow for creating a customized Runtime.
@@ -103,7 +107,11 @@ func RuntimeFromStore(store storage.Store, options *RuntimeOptions) (*Runtime, e
 		systemContext = types.SystemContext{}
 	}
 	if systemContext.BigFilesTemporaryDir == "" {
-		systemContext.BigFilesTemporaryDir = tmpdir()
+		tmpdir, err := tmpdir()
+		if err != nil {
+			return nil, err
+		}
+		systemContext.BigFilesTemporaryDir = tmpdir
 	}
 
 	setRegistriesConfPath(&systemContext)
@@ -224,7 +232,7 @@ func (r *Runtime) LookupImage(name string, options *LookupImageOptions) (*Image,
 		}
 		logrus.Debugf("Found image %q in local containers storage (%s)", name, storageRef.StringWithinTransport())
 		return r.storageToImage(img, storageRef), "", nil
-	} else {
+	}
 	// Docker compat: strip off the tag iff name is tagged and digested
 	// (e.g., fedora:latest@sha256...).  In that case, the tag is stripped
 	// off and entirely ignored.  The digest is the sole source of truth.
@@ -233,7 +241,6 @@ func (r *Runtime) LookupImage(name string, options *LookupImageOptions) (*Image,
 		return nil, "", err
 	}
 	name = normalizedName
-	}
 
 	byDigest := false
 	originalName := name

vendor/github.com/containers/common/libnetwork/cni/config.go

@@ -96,7 +96,7 @@ func (n *cniNetwork) networkCreate(newNetwork *types.Network, defaultNet bool) (
 	newNetwork.ID = getNetworkIDFromName(newNetwork.Name)
 
 	// when we do not have ipam we must disable dns
-	internalutil.IpamNoneDisableDns(newNetwork)
+	internalutil.IpamNoneDisableDNS(newNetwork)
 
 	// FIXME: Should this be a hard error?
 	if newNetwork.DNSEnabled && newNetwork.Internal && hasDNSNamePlugin(n.cniPluginDirs) {

vendor/github.com/containers/common/libnetwork/cni/run.go

@@ -106,7 +106,7 @@ func (n *cniNetwork) Setup(namespacePath string, options types.SetupOptions) (ma
 }
 
 // CNIResultToStatus convert the cni result to status block
-// nolint:golint
+// nolint:golint,revive
 func CNIResultToStatus(res cnitypes.Result) (types.StatusBlock, error) {
 	result := types.StatusBlock{}
 	cniResult, err := types040.GetResult(res)

vendor/github.com/containers/common/libnetwork/internal/util/create.go

@@ -41,7 +41,7 @@ func CommonNetworkCreate(n NetUtil, network *types.Network) error {
 	return nil
 }
 
-func IpamNoneDisableDns(network *types.Network) {
+func IpamNoneDisableDNS(network *types.Network) {
 	if network.IPAMOptions[types.Driver] == types.NoneIPAMDriver {
 		logrus.Debugf("dns disabled for network %q because ipam driver is set to none", network.Name)
 		network.DNSEnabled = false

vendor/github.com/containers/common/libnetwork/netavark/config.go

@@ -121,7 +121,7 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo
 	}
 
 	// when we do not have ipam we must disable dns
-	internalutil.IpamNoneDisableDns(newNetwork)
+	internalutil.IpamNoneDisableDNS(newNetwork)
 
 	// add gateway when not internal or dns enabled
 	addGateway := !newNetwork.Internal || newNetwork.DNSEnabled

vendor/github.com/containers/common/libnetwork/network/interface.go

@@ -46,6 +46,9 @@ const (
 //   1. read ${graphroot}/defaultNetworkBackend
 //   2. find netavark binary (if not installed use CNI)
 //   3. check containers, images and CNI networks and if there are some we have an existing install and should continue to use CNI
+//
+// revive does not like the name because the package is already called network
+//nolint:revive
 func NetworkBackend(store storage.Store, conf *config.Config, syslog bool) (types.NetworkBackend, types.ContainerNetwork, error) {
 	backend := types.NetworkBackend(conf.Network.NetworkBackend)
 	if backend == "" {

vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go

@@ -251,19 +251,17 @@ func CheckProfileAndLoadDefault(name string) (string, error) {
 	if unshare.IsRootless() {
 		if name != "" {
 			return "", errors.Wrapf(ErrApparmorRootless, "cannot load AppArmor profile %q", name)
-		} else {
+		}
 		logrus.Debug("Skipping loading default AppArmor profile (rootless mode)")
 		return "", nil
 	}
-	}
 
 	// Check if AppArmor is disabled and error out if a profile is to be set.
 	if !runcaa.IsEnabled() {
 		if name == "" {
 			return "", nil
-		} else {
-			return "", errors.Errorf("profile %q specified but AppArmor is disabled on the host", name)
 		}
+		return "", errors.Errorf("profile %q specified but AppArmor is disabled on the host", name)
 	}
 
 	if name == "" {

vendor/github.com/containers/common/pkg/auth/auth.go

@@ -26,8 +26,8 @@ func GetDefaultAuthFile() string {
 	if authfile := os.Getenv("REGISTRY_AUTH_FILE"); authfile != "" {
 		return authfile
 	}
-	if auth_env := os.Getenv("DOCKER_CONFIG"); auth_env != "" {
+	if authEnv := os.Getenv("DOCKER_CONFIG"); authEnv != "" {
-		return filepath.Join(auth_env, "config.json")
+		return filepath.Join(authEnv, "config.json")
 	}
 	return ""
 }
@@ -313,7 +313,7 @@ func Logout(systemContext *types.SystemContext, opts *LogoutOptions, args []stri
 			fmt.Printf("Not logged into %s with current tool. Existing credentials were established via docker login. Please use docker logout instead.\n", key)
 			return nil
 		}
-		return errors.Errorf("Not logged into %s\n", key)
+		return errors.Errorf("not logged into %s", key)
 	default:
 		return errors.Wrapf(err, "logging out of %q", key)
 	}

vendor/github.com/containers/common/pkg/capabilities/capabilities.go

@@ -104,8 +104,8 @@ func AllCapabilities() []string {
 // NormalizeCapabilities normalizes caps by adding a "CAP_" prefix (if not yet
 // present).
 func NormalizeCapabilities(caps []string) ([]string, error) {
-	normalized := make([]string, len(caps))
+	normalized := make([]string, 0, len(caps))
-	for i, c := range caps {
+	for _, c := range caps {
 		c = strings.ToUpper(c)
 		if c == All {
 			normalized = append(normalized, c)
@@ -117,7 +117,7 @@ func NormalizeCapabilities(caps []string) ([]string, error) {
 		if !stringInSlice(c, capabilityList) {
 			return nil, errors.Wrapf(ErrUnknownCapability, "%q", c)
 		}
-		normalized[i] = c
+		normalized = append(normalized, c)
 	}
 	sort.Strings(normalized)
 	return normalized, nil
@@ -140,8 +140,6 @@ func ValidateCapabilities(caps []string) error {
 // "ALL" in capAdd adds returns known capabilities
 // "All" in capDrop returns only the capabilities specified in capAdd
 func MergeCapabilities(base, adds, drops []string) ([]string, error) {
-	var caps []string
-
 	// Normalize the base capabilities
 	base, err := NormalizeCapabilities(base)
 	if err != nil {
@@ -189,6 +187,7 @@ func MergeCapabilities(base, adds, drops []string) ([]string, error) {
 		}
 	}
 
+	caps := make([]string, 0, len(base)+len(capAdd))
 	// Drop any capabilities in capDrop that are in base
 	for _, cap := range base {
 		if stringInSlice(cap, capDrop) {

vendor/github.com/containers/common/pkg/cgroups/cgroups_supported.go

@@ -9,6 +9,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"sync"
 	"syscall"
@@ -96,6 +97,22 @@ func UserOwnsCurrentSystemdCgroup() (bool, error) {
 // It differs from os.RemoveAll as it doesn't attempt to unlink files.
 // On cgroupfs we are allowed only to rmdir empty directories.
 func rmDirRecursively(path string) error {
+	killProcesses := func(signal syscall.Signal) {
+		if signal == unix.SIGKILL {
+			if err := ioutil.WriteFile(filepath.Join(path, "cgroup.kill"), []byte("1"), 0600); err == nil {
+				return
+			}
+		}
+		// kill all the processes that are still part of the cgroup
+		if procs, err := ioutil.ReadFile(filepath.Join(path, "cgroup.procs")); err == nil {
+			for _, pidS := range strings.Split(string(procs), "\n") {
+				if pid, err := strconv.Atoi(pidS); err == nil {
+					_ = unix.Kill(pid, signal)
+				}
+			}
+		}
+	}
+
 	if err := os.Remove(path); err == nil || os.IsNotExist(err) {
 		return nil
 	}
@@ -118,8 +135,16 @@ func rmDirRecursively(path string) error {
 			return nil
 		}
 		if errors.Is(err, unix.EBUSY) {
-			// attempt up to 5 seconds if the cgroup is busy
+			// send a SIGTERM after 3 second
-			if attempts < 500 {
+			if attempts == 300 {
+				killProcesses(unix.SIGTERM)
+			}
+			// send SIGKILL after 8 seconds
+			if attempts == 800 {
+				killProcesses(unix.SIGKILL)
+			}
+			// give up after 10 seconds
+			if attempts < 1000 {
 				time.Sleep(time.Millisecond * 10)
 				attempts++
 				continue

vendor/github.com/containers/common/pkg/completion/completion.go

@@ -51,7 +51,7 @@ func AutocompleteCapabilities(cmd *cobra.Command, args []string, toComplete stri
 		offset = 4
 	}
 
-	var completions []string
+	completions := make([]string, 0, len(caps))
 	for _, cap := range caps {
 		completions = append(completions, convertCase(cap)[offset:])
 	}

vendor/github.com/containers/common/pkg/config/config.go

@@ -553,6 +553,9 @@ type SecretConfig struct {
 }
 
 // ConfigMapConfig represents the "configmap" TOML config table
+//
+// revive does not like the name because the package is already called config
+//nolint:revive
 type ConfigMapConfig struct {
 	// Driver specifies the configmap driver to use.
 	// Current valid value:
@@ -1215,14 +1218,14 @@ func (c *Config) ActiveDestination() (uri, identity string, err error) {
 // FindHelperBinary will search the given binary name in the configured directories.
 // If searchPATH is set to true it will also search in $PATH.
 func (c *Config) FindHelperBinary(name string, searchPATH bool) (string, error) {
-	dir_list := c.Engine.HelperBinariesDir
+	dirList := c.Engine.HelperBinariesDir
 
 	// If set, search this directory first. This is used in testing.
 	if dir, found := os.LookupEnv("CONTAINERS_HELPER_BINARY_DIR"); found {
-		dir_list = append([]string{dir}, dir_list...)
+		dirList = append([]string{dir}, dirList...)
 	}
 
-	for _, path := range dir_list {
+	for _, path := range dirList {
 		fullpath := filepath.Join(path, name)
 		if fi, err := os.Stat(fullpath); err == nil && fi.Mode().IsRegular() {
 			return fullpath, nil

vendor/github.com/containers/common/pkg/filters/filters.go

@@ -36,11 +36,13 @@ func ComputeUntilTimestamp(filterValues []string) (time.Time, error) {
 //
 // Please refer to https://github.com/containers/podman/issues/6899 for some
 // background.
+//
+// revive does not like the name because the package is already called filters
+//nolint:revive
 func FiltersFromRequest(r *http.Request) ([]string, error) {
 	var (
 		compatFilters map[string]map[string]bool
 		filters       map[string][]string
-		libpodFilters []string
 		raw           []byte
 	)
 
@@ -54,6 +56,7 @@ func FiltersFromRequest(r *http.Request) ([]string, error) {
 
 	// Backwards compat with older versions of Docker.
 	if err := json.Unmarshal(raw, &compatFilters); err == nil {
+		libpodFilters := make([]string, 0, len(compatFilters))
 		for filterKey, filterMap := range compatFilters {
 			for filterValue, toAdd := range filterMap {
 				if toAdd {
@@ -68,6 +71,7 @@ func FiltersFromRequest(r *http.Request) ([]string, error) {
 		return nil, err
 	}
 
+	libpodFilters := make([]string, 0, len(filters))
 	for filterKey, filterSlice := range filters {
 		f := filterKey
 		for _, filterValue := range filterSlice {

vendor/github.com/containers/common/pkg/machine/machine.go

@@ -9,6 +9,8 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
+// TODO: change name to MachineMarker since package is already called machine
+//nolint:revive
 type MachineMarker struct {
 	Enabled bool
 	Type    string
@@ -54,6 +56,8 @@ func IsPodmanMachine() bool {
 	return GetMachineMarker().Enabled
 }
 
+// TODO: change name to HostType since package is already called machine
+//nolint:revive
 func MachineHostType() string {
 	return GetMachineMarker().Type
 }

vendor/github.com/containers/common/pkg/parse/parse_unix.go

@@ -13,7 +13,6 @@ import (
 )
 
 func DeviceFromPath(device string) ([]devices.Device, error) {
-	var devs []devices.Device
 	src, dst, permissions, err := Device(device)
 	if err != nil {
 		return nil, err
@@ -27,7 +26,7 @@ func DeviceFromPath(device string) ([]devices.Device, error) {
 	}
 
 	if !srcInfo.IsDir() {
-
+		devs := make([]devices.Device, 0, 1)
 		dev, err := devices.DeviceFromPath(src, permissions)
 		if err != nil {
 			return nil, errors.Wrapf(err, "%s is not a valid device", src)
@@ -42,6 +41,7 @@ func DeviceFromPath(device string) ([]devices.Device, error) {
 	if err != nil {
 		return nil, errors.Wrapf(err, "error getting source devices from directory %s", src)
 	}
+	devs := make([]devices.Device, 0, len(srcDevices))
 	for _, d := range srcDevices {
 		d.Path = filepath.Join(dst, filepath.Base(d.Path))
 		d.Permissions = devices.Permissions(permissions)

vendor/github.com/containers/common/pkg/retry/retry.go

@@ -17,12 +17,17 @@ import (
 )
 
 // RetryOptions defines the option to retry
+// revive does not like the name because the package is already called retry
+//nolint:revive
 type RetryOptions struct {
 	MaxRetry int           // The number of times to possibly retry
 	Delay    time.Duration // The delay to use between retries, if set
 }
 
 // RetryIfNecessary retries the operation in exponential backoff with the retryOptions
+//
+// revive does not like the name because the package is already called retry
+//nolint:revive
 func RetryIfNecessary(ctx context.Context, operation func() error, retryOptions *RetryOptions) error {
 	err := operation()
 	for attempt := 0; err != nil && isRetryable(err) && attempt < retryOptions.MaxRetry; attempt++ {

vendor/github.com/containers/common/pkg/seccomp/conversion.go

@@ -76,6 +76,7 @@ var (
 		specs.ActAllow:  ActAllow,
 		specs.ActTrace:  ActTrace,
 		specs.ActLog:    ActLog,
+		specs.ActNotify: ActNotify,
 	}
 	specOperatorToSeccompOperatorMap = map[specs.LinuxSeccompOperator]Operator{
 		specs.OpNotEqual:     OpNotEqual,

vendor/github.com/containers/common/pkg/seccomp/filter.go

@@ -130,7 +130,7 @@ func matchSyscall(filter *libseccomp.ScmpFilter, call *Syscall) error {
 				return errors.Wrapf(err, "create seccomp syscall condition for syscall %s", call.Name)
 			}
 
-			argCounts[cond.Index] += 1
+			argCounts[cond.Index]++
 
 			conditions = append(conditions, newCond)
 		}

vendor/github.com/containers/common/pkg/seccomp/types.go

@@ -75,6 +75,7 @@ const (
 	ActTrace      Action = "SCMP_ACT_TRACE"
 	ActAllow      Action = "SCMP_ACT_ALLOW"
 	ActLog        Action = "SCMP_ACT_LOG"
+	ActNotify     Action = "SCMP_ACT_NOTIFY"
 )
 
 // Operator used to match syscall arguments in Seccomp

vendor/github.com/containers/common/pkg/secrets/filedriver/filedriver.go

@@ -55,7 +55,7 @@ func (d *Driver) List() ([]string, error) {
 	if err != nil {
 		return nil, err
 	}
-	var allID []string
+	allID := make([]string, 0, len(secretData))
 	for k := range secretData {
 		allID = append(allID, k)
 	}
@@ -134,9 +134,8 @@ func (d *Driver) getAllData() (map[string][]byte, error) {
 		if os.IsNotExist(err) {
 			// the file will be created later on a store()
 			return make(map[string][]byte), nil
-		} else {
-			return nil, err
 		}
+		return nil, err
 	}
 
 	file, err := os.Open(d.secretsDataFilePath)

vendor/github.com/containers/common/pkg/secrets/secrets.go

@@ -53,6 +53,9 @@ var secretsFile = "secrets.json"
 var secretNameRegexp = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_.-]*$`)
 
 // SecretsManager holds information on handling secrets
+//
+// revive does not like the name because the package is already called secrets
+//nolint:revive
 type SecretsManager struct {
 	// secretsPath is the path to the db file where secrets are stored
 	secretsDBPath string
@@ -82,6 +85,9 @@ type Secret struct {
 // The driver stores the actual bytes of secret data, as opposed to
 // the secret metadata.
 // Currently only the unencrypted filedriver is implemented.
+//
+// revive does not like the name because the package is already called secrets
+//nolint:revive
 type SecretsDriver interface {
 	// List lists all secret ids in the secrets data store
 	List() ([]string, error)
@@ -234,7 +240,7 @@ func (s *SecretsManager) List() ([]Secret, error) {
 	if err != nil {
 		return nil, err
 	}
-	var ls []Secret
+	ls := make([]Secret, 0, len(secrets))
 	for _, v := range secrets {
 		ls = append(ls, v)
 	}
@@ -276,9 +282,8 @@ func getDriver(name string, opts map[string]string) (SecretsDriver, error) {
 	case "file":
 		if path, ok := opts["path"]; ok {
 			return filedriver.NewDriver(path)
-		} else {
-			return nil, errors.Wrap(errInvalidDriverOpt, "need path for filedriver")
 		}
+		return nil, errors.Wrap(errInvalidDriverOpt, "need path for filedriver")
 	case "pass":
 		return passdriver.NewDriver(opts)
 	case "shell":

vendor/github.com/containers/common/pkg/secrets/secretsdb.go

@@ -31,9 +31,8 @@ func (s *SecretsManager) loadDB() error {
 			// the db cache will show no entries anyway.
 			// The file will be created later on a store()
 			return nil
-		} else {
-			return err
 		}
+		return err
 	}
 
 	// We check if the file has been modified after the last time it was loaded into the cache.

vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go

@@ -212,8 +212,8 @@ func rchown(chowndir string, uid, gid int) error {
 // addSubscriptionsFromMountsFile copies the contents of host directory to container directory
 // and returns a list of mounts
 func addSubscriptionsFromMountsFile(filePath, mountLabel, containerRunDir string, uid, gid int) ([]rspec.Mount, error) {
-	var mounts []rspec.Mount
 	defaultMountsPaths := getMounts(filePath)
+	mounts := make([]rspec.Mount, 0, len(defaultMountsPaths))
 	for _, path := range defaultMountsPaths {
 		hostDirOrFile, ctrDirOrFile, err := getMountsMap(path)
 		if err != nil {

vendor/github.com/containers/common/pkg/sysinfo/nummem_linux.go

@@ -12,6 +12,8 @@ import (
 // NUMANodeCount queries the system for the count of Memory Nodes available
 // for use to this process.
 func NUMANodeCount() int {
+	// this is the correct flag name (not defined in the unix package)
+	//nolint:revive
 	MPOL_F_MEMS_ALLOWED := (1 << 2)
 	var mask [1024 / 64]uintptr
 	_, _, err := unix.RawSyscall6(unix.SYS_GET_MEMPOLICY, 0, uintptr(unsafe.Pointer(&mask[0])), uintptr(len(mask)*8), 0, uintptr(MPOL_F_MEMS_ALLOWED), 0)

vendor/github.com/containers/common/version/version.go

@@ -1,4 +1,4 @@
 package version
 
 // Version is the version of the build.
-const Version = "0.48.0"
+const Version = "0.49.0-dev"

vendor/modules.txt

@@ -109,7 +109,7 @@ github.com/containers/buildah/pkg/rusage
 github.com/containers/buildah/pkg/sshagent
 github.com/containers/buildah/pkg/util
 github.com/containers/buildah/util
-# github.com/containers/common v0.48.0
+# github.com/containers/common v0.48.1-0.20220510094751-400832f41771
 ## explicit
 github.com/containers/common/libimage
 github.com/containers/common/libimage/manifests