update c/common to latest main

Signed-off-by: Paul Holzinger <pholzing@redhat.com>

vendor/github.com/containers/common/libimage/manifests/manifests.go

@@ -11,6 +11,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"time"
 
@@ -284,10 +285,8 @@ func (l *list) Reference(store storage.Store, multiple cp.ImageListSelection, in
 		}
 	case cp.CopySpecificImages:
 		for instance := range l.instances {
-			for _, allowed := range instances {
-				if instance == allowed {
-					whichInstances = append(whichInstances, instance)
-				}
+			if slices.Contains(instances, instance) {
+				whichInstances = append(whichInstances, instance)
 			}
 		}
 	}
@@ -304,8 +303,11 @@ func (l *list) Reference(store storage.Store, multiple cp.ImageListSelection, in
 		if err != nil {
 			return nil, err
 		}
+		subdir := 0
 		for artifactManifestDigest, contents := range l.artifacts.Manifests {
 			// create the blobs directory
+			subdir++
+			tmp := filepath.Join(tmp, strconv.Itoa(subdir))
 			blobsDir := filepath.Join(tmp, "blobs", artifactManifestDigest.Algorithm().String())
 			if err := os.MkdirAll(blobsDir, 0o700); err != nil {
 				return nil, fmt.Errorf("creating directory for blobs: %w", err)
@@ -811,12 +813,14 @@ func (l *list) AddArtifact(ctx context.Context, sys *types.SystemContext, option
 	configDescriptor := internal.DeepCopyDescriptor(&v1.DescriptorEmptyJSON)
 	if options.ConfigDescriptor != nil {
 		configDescriptor = internal.DeepCopyDescriptor(options.ConfigDescriptor)
-	} else if options.ConfigFile != "" {
-		configDescriptor = &v1.Descriptor{
-			MediaType: v1.MediaTypeImageConfig,
-			Digest:    "", // to be figured out below
-			Size:      -1, // to be figured out below
+	}
+	if options.ConfigFile != "" {
+		if options.ConfigDescriptor == nil { // i.e., we assigned the default mediatype
+			configDescriptor.MediaType = v1.MediaTypeImageConfig
 		}
+		configDescriptor.Data = nil
+		configDescriptor.Digest = "" // to be figured out below
+		configDescriptor.Size = -1   // to be figured out below
 	}
 	configFilePath := ""
 	if configDescriptor.Size != 0 {
@@ -889,13 +893,11 @@ func (l *list) AddArtifact(ctx context.Context, sys *types.SystemContext, option
 	}
 	l.artifacts.Manifests[artifactManifestDigest] = string(artifactManifestBytes)
 	l.artifacts.Layers[artifactManifestDigest] = nil
+	l.artifacts.Configs[artifactManifestDigest] = artifactManifest.Config.Digest
 	if configFilePath != "" {
-		l.artifacts.Configs[artifactManifestDigest] = artifactManifest.Config.Digest
 		l.artifacts.Detached[artifactManifest.Config.Digest] = configFilePath
 		l.artifacts.Files[artifactManifestDigest] = append(l.artifacts.Files[artifactManifestDigest], configFilePath)
-	}
-	if len(artifactManifest.Config.Data) != 0 {
-		l.artifacts.Configs[artifactManifestDigest] = artifactManifest.Config.Digest
+	} else {
 		l.artifacts.Blobs[artifactManifest.Config.Digest] = slices.Clone(artifactManifest.Config.Data)
 	}
 	for filePath, fileDigest := range fileDigests {
@@ -903,6 +905,12 @@ func (l *list) AddArtifact(ctx context.Context, sys *types.SystemContext, option
 		l.artifacts.Detached[fileDigest] = filePath
 		l.artifacts.Files[artifactManifestDigest] = append(l.artifacts.Files[artifactManifestDigest], filePath)
 	}
+	for _, layer := range layers {
+		if len(layer.Data) != 0 {
+			l.artifacts.Blobs[layer.Digest] = slices.Clone(layer.Data)
+			l.artifacts.Layers[artifactManifestDigest] = append(l.artifacts.Layers[artifactManifestDigest], layer.Digest)
+		}
+	}
 	// Add this artifact manifest to the image index.
 	if err := l.AddInstance(artifactManifestDigest, int64(len(artifactManifestBytes)), artifactManifest.MediaType, options.Platform.OS, options.Platform.Architecture, options.Platform.OSVersion, options.Platform.OSFeatures, options.Platform.Variant, nil, nil); err != nil {
 		return "", fmt.Errorf("adding artifact manifest for %q to image index: %w", files, err)

vendor/github.com/containers/common/pkg/config/connections.go

@@ -11,7 +11,7 @@ import (
 	"github.com/containers/storage/pkg/ioutils"
 )
 
-const connectionsFile = "podman-connections.conf"
+const connectionsFile = "podman-connections.json"
 
 // connectionsConfigFile returns the path to the rw connections config file
 func connectionsConfigFile() (string, error) {

vendor/github.com/containers/common/pkg/config/new.go

@@ -78,19 +78,8 @@ func newLocked(options *Options) (*Config, error) {
 	if err != nil {
 		return nil, fmt.Errorf("finding config on system: %w", err)
 	}
-	// connectionsPath, err := connectionsConfigFile()
-	// if err != nil {
-	// 	return nil, err
-	// }
 
 	for _, path := range configs {
-		// var dests []*Destination
-		// if path == connectionsPath {
-		// 	// Store the dest pointers so we know after the load if there are new pointers
-		// 	// the connection changed and thus is read write.
-		// 	dests = maps.Values(config.Engine.ServiceDestinations)
-		// }
-
 		// Merge changes in later configs with the previous configs.
 		// Each config file that specified fields, will override the
 		// previous fields.
@@ -99,13 +88,6 @@ func newLocked(options *Options) (*Config, error) {
 		}
 		logrus.Debugf("Merged system config %q", path)
 		logrus.Tracef("%+v", config)
-
-		// // if there is a new dest now we know it is read write as it was in the connections.conf file
-		// for _, dest := range config.Engine.ServiceDestinations {
-		// 	if !slices.Contains(dests, dest) {
-		// 		dest.ReadWrite = true
-		// 	}
-		// }
 	}
 
 	modules, err := options.modules()

vendor/github.com/containers/common/pkg/ssh/connection_golang.go

@@ -99,7 +99,7 @@ func golangConnectionDial(options ConnectionDialOptions) (*ConnectionDialReport,
 	return &ConnectionDialReport{dial}, nil
 }
 
-func golangConnectionExec(options ConnectionExecOptions) (*ConnectionExecReport, error) {
+func golangConnectionExec(options ConnectionExecOptions, input io.Reader) (*ConnectionExecReport, error) {
 	if !strings.HasPrefix(options.Host, "ssh://") {
 		options.Host = "ssh://" + options.Host
 	}
@@ -117,7 +117,7 @@ func golangConnectionExec(options ConnectionExecOptions) (*ConnectionExecReport,
 		return nil, fmt.Errorf("failed to connect: %w", err)
 	}
 
-	out, err := ExecRemoteCommand(dialAdd, strings.Join(options.Args, " "))
+	out, err := ExecRemoteCommandWithInput(dialAdd, strings.Join(options.Args, " "), input)
 	if err != nil {
 		return nil, err
 	}
@@ -189,6 +189,10 @@ func golangConnectionScp(options ConnectionScpOptions) (*ConnectionScpReport, er
 // ExecRemoteCommand takes a ssh client connection and a command to run and executes the
 // command on the specified client. The function returns the Stdout from the client or the Stderr
 func ExecRemoteCommand(dial *ssh.Client, run string) ([]byte, error) {
+	return ExecRemoteCommandWithInput(dial, run, nil)
+}
+
+func ExecRemoteCommandWithInput(dial *ssh.Client, run string, input io.Reader) ([]byte, error) {
 	sess, err := dial.NewSession() // new ssh client session
 	if err != nil {
 		return nil, err
@@ -197,8 +201,11 @@ func ExecRemoteCommand(dial *ssh.Client, run string) ([]byte, error) {
 
 	var buffer bytes.Buffer
 	var bufferErr bytes.Buffer
-	sess.Stdout = &buffer                 // output from client funneled into buffer
-	sess.Stderr = &bufferErr              // err form client funneled into buffer
+	sess.Stdout = &buffer    // output from client funneled into buffer
+	sess.Stderr = &bufferErr // err from client funneled into buffer
+	if input != nil {
+		sess.Stdin = input
+	}
 	if err := sess.Run(run); err != nil { // run the command on the ssh client
 		return nil, fmt.Errorf("%v: %w", bufferErr.String(), err)
 	}

vendor/github.com/containers/common/pkg/ssh/connection_native.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"io"
 	"os/exec"
 	"regexp"
 	"strings"
@@ -100,7 +101,7 @@ func nativeConnectionCreate(options ConnectionCreateOptions) error {
 	})
 }
 
-func nativeConnectionExec(options ConnectionExecOptions) (*ConnectionExecReport, error) {
+func nativeConnectionExec(options ConnectionExecOptions, input io.Reader) (*ConnectionExecReport, error) {
 	dst, uri, err := Validate(options.User, options.Host, options.Port, options.Identity)
 	if err != nil {
 		return nil, err
@@ -134,6 +135,9 @@ func nativeConnectionExec(options ConnectionExecOptions) (*ConnectionExecReport,
 	info := exec.Command(ssh, args...)
 	info.Stdout = output
 	info.Stderr = errors
+	if input != nil {
+		info.Stdin = input
+	}
 	err = info.Run()
 	if err != nil {
 		return nil, err

vendor/github.com/containers/common/pkg/ssh/ssh.go

@@ -2,6 +2,7 @@ package ssh
 
 import (
 	"fmt"
+	"io"
 
 	"golang.org/x/crypto/ssh"
 )
@@ -27,15 +28,19 @@ func Dial(options *ConnectionDialOptions, kind EngineMode) (*ssh.Client, error)
 }
 
 func Exec(options *ConnectionExecOptions, kind EngineMode) (string, error) {
+	return ExecWithInput(options, kind, nil)
+}
+
+func ExecWithInput(options *ConnectionExecOptions, kind EngineMode, input io.Reader) (string, error) {
 	var rep *ConnectionExecReport
 	var err error
 	if kind == NativeMode {
-		rep, err = nativeConnectionExec(*options)
+		rep, err = nativeConnectionExec(*options, input)
 		if err != nil {
 			return "", err
 		}
 	} else {
-		rep, err = golangConnectionExec(*options)
+		rep, err = golangConnectionExec(*options, input)
 		if err != nil {
 			return "", err
 		}

vendor/github.com/containers/common/pkg/supplemented/supplemented.go

@@ -14,6 +14,7 @@ import (
 	multierror "github.com/hashicorp/go-multierror"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/sirupsen/logrus"
+	"golang.org/x/exp/slices"
 )
 
 // supplementedImageReference groups multiple references together.
@@ -139,7 +140,7 @@ func (s *supplementedImageReference) NewImageSource(ctx context.Context, sys *ty
 		}
 		sources[manifestDigest] = src
 
-		// Parse the manifest as a list of images.
+		// Parse the manifest as a list of images and artifacts.
 		list, err := manifest.ListFromBlob(manifestBytes, manifestType)
 		if err != nil {
 			return fmt.Errorf("parsing manifest blob %q as a %q: %w", string(manifestBytes), manifestType, err)
@@ -155,7 +156,11 @@ func (s *supplementedImageReference) NewImageSource(ctx context.Context, sys *ty
 			}
 			chaseInstances = []digest.Digest{instance}
 		case cp.CopySpecificImages:
-			chaseInstances = s.instances
+			for _, instance := range list.Instances() {
+				if slices.Contains(s.instances, instance) {
+					chaseInstances = append(chaseInstances, instance)
+				}
+			}
 		case cp.CopyAllImages:
 			chaseInstances = list.Instances()
 		}

vendor/github.com/docker/docker/api/swagger.yaml

@@ -8327,6 +8327,16 @@ paths:
           description: "BuildKit output configuration"
           type: "string"
           default: ""
+        - name: "version"
+          in: "query"
+          type: "string"
+          default: "1"
+          enum: ["1", "2"]
+          description: |
+            Version of the builder backend to use.
+
+            - `1` is the first generation classic (deprecated) builder in the Docker daemon (default)
+            - `2` is [BuildKit](https://github.com/moby/buildkit)
       responses:
         200:
           description: "no error"

vendor/github.com/docker/docker/api/types/network/endpoint.go

@@ -14,6 +14,9 @@ type EndpointSettings struct {
 	IPAMConfig *EndpointIPAMConfig
 	Links      []string
 	Aliases    []string // Aliases holds the list of extra, user-specified DNS names for this endpoint.
+	// MacAddress may be used to specify a MAC address when the container is created.
+	// Once the container is running, it becomes operational data (it may contain a
+	// generated address).
 	MacAddress string
 	// Operational data
 	NetworkID           string

vendor/github.com/docker/docker/api/types/network/ipam.go

@@ -30,30 +30,9 @@ const (
 	ip6 ipFamily = "IPv6"
 )
 
-// HasIPv6Subnets checks whether there's any IPv6 subnets in the ipam parameter. It ignores any invalid Subnet and nil
-// ipam.
-func HasIPv6Subnets(ipam *IPAM) bool {
-	if ipam == nil {
-		return false
-	}
-
-	for _, cfg := range ipam.Config {
-		subnet, err := netip.ParsePrefix(cfg.Subnet)
-		if err != nil {
-			continue
-		}
-
-		if subnet.Addr().Is6() {
-			return true
-		}
-	}
-
-	return false
-}
-
 // ValidateIPAM checks whether the network's IPAM passed as argument is valid. It returns a joinError of the list of
 // errors found.
-func ValidateIPAM(ipam *IPAM) error {
+func ValidateIPAM(ipam *IPAM, enableIPv6 bool) error {
 	if ipam == nil {
 		return nil
 	}
@@ -70,6 +49,10 @@ func ValidateIPAM(ipam *IPAM) error {
 			subnetFamily = ip6
 		}
 
+		if !enableIPv6 && subnetFamily == ip6 {
+			continue
+		}
+
 		if subnet != subnet.Masked() {
 			errs = append(errs, fmt.Errorf("invalid subnet %s: it should be %s", subnet, subnet.Masked()))
 		}

vendor/github.com/docker/docker/pkg/ioutils/readers.go

@@ -3,11 +3,15 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils"
 import (
 	"context"
 	"io"
+	"runtime/debug"
+	"sync/atomic"
 
 	// make sure crypto.SHA256, crypto.sha512 and crypto.SHA384 are registered
 	// TODO remove once https://github.com/opencontainers/go-digest/pull/64 is merged.
 	_ "crypto/sha256"
 	_ "crypto/sha512"
+
+	"github.com/containerd/log"
 )
 
 // ReadCloserWrapper wraps an io.Reader, and implements an io.ReadCloser
@@ -16,10 +20,15 @@ import (
 type ReadCloserWrapper struct {
 	io.Reader
 	closer func() error
+	closed atomic.Bool
 }
 
 // Close calls back the passed closer function
 func (r *ReadCloserWrapper) Close() error {
+	if !r.closed.CompareAndSwap(false, true) {
+		subsequentCloseWarn("ReadCloserWrapper")
+		return nil
+	}
 	return r.closer()
 }
 
@@ -87,6 +96,7 @@ type cancelReadCloser struct {
 	cancel func()
 	pR     *io.PipeReader // Stream to read from
 	pW     *io.PipeWriter
+	closed atomic.Bool
 }
 
 // NewCancelReadCloser creates a wrapper that closes the ReadCloser when the
@@ -146,6 +156,17 @@ func (p *cancelReadCloser) closeWithError(err error) {
 // Close closes the wrapper its underlying reader. It will cause
 // future calls to Read to return io.EOF.
 func (p *cancelReadCloser) Close() error {
+	if !p.closed.CompareAndSwap(false, true) {
+		subsequentCloseWarn("cancelReadCloser")
+		return nil
+	}
 	p.closeWithError(io.EOF)
 	return nil
 }
+
+func subsequentCloseWarn(name string) {
+	log.G(context.TODO()).Error("subsequent attempt to close " + name)
+	if log.GetLevel() >= log.DebugLevel {
+		log.G(context.TODO()).Errorf("stack trace: %s", string(debug.Stack()))
+	}
+}

vendor/github.com/docker/docker/pkg/ioutils/writers.go

@@ -1,6 +1,9 @@
 package ioutils // import "github.com/docker/docker/pkg/ioutils"
 
-import "io"
+import (
+	"io"
+	"sync/atomic"
+)
 
 // NopWriter represents a type which write operation is nop.
 type NopWriter struct{}
@@ -29,9 +32,14 @@ func (f *NopFlusher) Flush() {}
 type writeCloserWrapper struct {
 	io.Writer
 	closer func() error
+	closed atomic.Bool
 }
 
 func (r *writeCloserWrapper) Close() error {
+	if !r.closed.CompareAndSwap(false, true) {
+		subsequentCloseWarn("WriteCloserWrapper")
+		return nil
+	}
 	return r.closer()
 }