Bump github.com/containers/common from 0.35.0 to 0.35.3

Bumps [github.com/containers/common](https://github.com/containers/common) from 0.35.0 to 0.35.3. - [Release notes](https://github.com/containers/common/releases) - [Commits](https://github.com/containers/common/compare/v0.35.0...v0.35.3) Signed-off-by: dependabot[bot] <support@github.com>
2025-10-20 20:54:45 +08:00 · 2021-03-19 11:02:53 +00:00
parent 61e3b152fc
commit f46b34ecd2
19 changed files with 202 additions and 97 deletions
--- a/vendor/github.com/containers/common/pkg/auth/auth.go
+++ b/vendor/github.com/containers/common/pkg/auth/auth.go
@ -22,9 +22,7 @@ import (
 func GetDefaultAuthFile() string {
 	authfile := os.Getenv("REGISTRY_AUTH_FILE")
 	if authfile == "" {
-		if authfile, ok := os.LookupEnv("DOCKER_CONFIG"); ok {
-			logrus.Infof("Using DOCKER_CONFIG environment variable for authfile path %s", authfile)
-		}
+		authfile = os.Getenv("DOCKER_CONFIG")
 	}
 	return authfile
 }
--- a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
+++ b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
@ -16,6 +16,9 @@ var (
 	// Used internally and populated during init().
 	capabilityList []string

+	// Used internally and populated during init().
+	capsList []capability.Cap
+
 	// ErrUnknownCapability is thrown when an unknown capability is processed.
 	ErrUnknownCapability = errors.New("unknown capability")

@ -28,6 +31,10 @@ var (
 // Useful on the CLI for `--cap-add=all` etc.
 const All = "ALL"

+func getCapName(c capability.Cap) string {
+	return "CAP_" + strings.ToUpper(c.String())
+}
+
 func init() {
 	last := capability.CAP_LAST_CAP
 	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
@ -38,7 +45,8 @@ func init() {
 		if cap > last {
 			continue
 		}
-		capabilityList = append(capabilityList, "CAP_"+strings.ToUpper(cap.String()))
+		capsList = append(capsList, cap)
+		capabilityList = append(capabilityList, getCapName(cap))
 	}
 }

@ -52,6 +60,26 @@ func stringInSlice(s string, sl []string) bool {
 	return false
 }

+// BoundingSet returns the capabilities in the current bounding set
+func BoundingSet() ([]string, error) {
+	currentCaps, err := capability.NewPid2(0)
+	if err != nil {
+		return nil, err
+	}
+	err = currentCaps.Load()
+	if err != nil {
+		return nil, err
+	}
+	var r []string
+	for _, c := range capsList {
+		if !currentCaps.Get(capability.BOUNDING, c) {
+			continue
+		}
+		r = append(r, getCapName(c))
+	}
+	return r, nil
+}
+
 // AllCapabilities returns all known capabilities.
 func AllCapabilities() []string {
 	return capabilityList
--- a/vendor/github.com/containers/common/pkg/chown/chown.go
+++ b/vendor/github.com/containers/common/pkg/chown/chown.go
@ -4,10 +4,8 @@ import (
 	"os"
 	"os/user"
 	"path/filepath"
-	"syscall"

 	"github.com/containers/storage/pkg/homedir"
-	"github.com/pkg/errors"
 )

 // DangerousHostPath validates if a host path is dangerous and should not be modified
@ -65,58 +63,3 @@ func DangerousHostPath(path string) (bool, error) {

 	return false, nil
 }
-
-// ChangeHostPathOwnership changes the uid and gid ownership of a directory or file within the host.
-// This is used by the volume U flag to change source volumes ownership
-func ChangeHostPathOwnership(path string, recursive bool, uid, gid int) error {
-	// Validate if host path can be chowned
-	isDangerous, err := DangerousHostPath(path)
-	if err != nil {
-		return errors.Wrapf(err, "failed to validate if host path is dangerous")
-	}
-
-	if isDangerous {
-		return errors.Errorf("chowning host path %q is not allowed. You can manually `chown -R %d:%d %s`", path, uid, gid, path)
-	}
-
-	// Chown host path
-	if recursive {
-		err := filepath.Walk(path, func(filePath string, f os.FileInfo, err error) error {
-			if err != nil {
-				return err
-			}
-
-			// Get current ownership
-			currentUID := int(f.Sys().(*syscall.Stat_t).Uid)
-			currentGID := int(f.Sys().(*syscall.Stat_t).Gid)
-
-			if uid != currentUID || gid != currentGID {
-				return os.Lchown(filePath, uid, gid)
-			}
-
-			return nil
-		})
-
-		if err != nil {
-			return errors.Wrapf(err, "failed to chown recursively host path")
-		}
-	} else {
-		// Get host path info
-		f, err := os.Lstat(path)
-		if err != nil {
-			return errors.Wrapf(err, "failed to get host path information")
-		}
-
-		// Get current ownership
-		currentUID := int(f.Sys().(*syscall.Stat_t).Uid)
-		currentGID := int(f.Sys().(*syscall.Stat_t).Gid)
-
-		if uid != currentUID || gid != currentGID {
-			if err := os.Lchown(path, uid, gid); err != nil {
-				return errors.Wrapf(err, "failed to chown host path")
-			}
-		}
-	}
-
-	return nil
-}
--- a/vendor/github.com/containers/common/pkg/chown/chown_unix.go
+++ b/vendor/github.com/containers/common/pkg/chown/chown_unix.go
@ -0,0 +1,66 @@
+// +build !windows
+
+package chown
+
+import (
+	"os"
+	"path/filepath"
+	"syscall"
+
+	"github.com/pkg/errors"
+)
+
+// ChangeHostPathOwnership changes the uid and gid ownership of a directory or file within the host.
+// This is used by the volume U flag to change source volumes ownership
+func ChangeHostPathOwnership(path string, recursive bool, uid, gid int) error {
+	// Validate if host path can be chowned
+	isDangerous, err := DangerousHostPath(path)
+	if err != nil {
+		return errors.Wrapf(err, "failed to validate if host path is dangerous")
+	}
+
+	if isDangerous {
+		return errors.Errorf("chowning host path %q is not allowed. You can manually `chown -R %d:%d %s`", path, uid, gid, path)
+	}
+
+	// Chown host path
+	if recursive {
+		err := filepath.Walk(path, func(filePath string, f os.FileInfo, err error) error {
+			if err != nil {
+				return err
+			}
+
+			// Get current ownership
+			currentUID := int(f.Sys().(*syscall.Stat_t).Uid)
+			currentGID := int(f.Sys().(*syscall.Stat_t).Gid)
+
+			if uid != currentUID || gid != currentGID {
+				return os.Lchown(filePath, uid, gid)
+			}
+
+			return nil
+		})
+
+		if err != nil {
+			return errors.Wrapf(err, "failed to chown recursively host path")
+		}
+	} else {
+		// Get host path info
+		f, err := os.Lstat(path)
+		if err != nil {
+			return errors.Wrapf(err, "failed to get host path information")
+		}
+
+		// Get current ownership
+		currentUID := int(f.Sys().(*syscall.Stat_t).Uid)
+		currentGID := int(f.Sys().(*syscall.Stat_t).Gid)
+
+		if uid != currentUID || gid != currentGID {
+			if err := os.Lchown(path, uid, gid); err != nil {
+				return errors.Wrapf(err, "failed to chown host path")
+			}
+		}
+	}
+
+	return nil
+}
--- a/vendor/github.com/containers/common/pkg/chown/chown_windows.go
+++ b/vendor/github.com/containers/common/pkg/chown/chown_windows.go
@ -0,0 +1,11 @@
+package chown
+
+import (
+	"github.com/pkg/errors"
+)
+
+// ChangeHostPathOwnership changes the uid and gid ownership of a directory or file within the host.
+// This is used by the volume U flag to change source volumes ownership
+func ChangeHostPathOwnership(path string, recursive bool, uid, gid int) error {
+	return errors.Errorf("windows not supported")
+}
--- a/vendor/github.com/containers/common/pkg/completion/completion.go
+++ b/vendor/github.com/containers/common/pkg/completion/completion.go
@ -139,3 +139,17 @@ func AutocompleteOS(cmd *cobra.Command, args []string, toComplete string) ([]str
 	completions := []string{"linux", "windows"}
 	return completions, cobra.ShellCompDirectiveNoFileComp
 }
+
+// AutocompleteJSONFormat - Autocomplete format flag option.
+// -> "json"
+func AutocompleteJSONFormat(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	return []string{"json"}, cobra.ShellCompDirectiveNoFileComp
+}
+
+// AutocompleteOneArg - Autocomplete one random arg
+func AutocompleteOneArg(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	if len(args) == 1 {
+		return nil, cobra.ShellCompDirectiveDefault
+	}
+	return nil, cobra.ShellCompDirectiveNoFileComp
+}
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@ -11,9 +11,9 @@ import (

 	"github.com/containers/common/pkg/apparmor"
 	"github.com/containers/common/pkg/cgroupv2"
-	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/homedir"
 	"github.com/containers/storage/pkg/unshare"
+	"github.com/containers/storage/types"
 	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@ -224,9 +224,9 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 	c.EventsLogFilePath = filepath.Join(c.TmpDir, "events", "events.log")

 	if path, ok := os.LookupEnv("CONTAINERS_STORAGE_CONF"); ok {
-		storage.SetDefaultConfigFilePath(path)
+		types.SetDefaultConfigFilePath(path)
 	}
-	storeOpts, err := storage.DefaultStoreOptions(unshare.IsRootless(), unshare.GetRootlessUID())
+	storeOpts, err := types.DefaultStoreOptions(unshare.IsRootless(), unshare.GetRootlessUID())
 	if err != nil {
 		return nil, err
 	}
--- a/vendor/github.com/containers/common/pkg/parse/parse_unix.go
+++ b/vendor/github.com/containers/common/pkg/parse/parse_unix.go
@ -7,13 +7,12 @@ import (
 	"path/filepath"

 	"github.com/containers/storage/pkg/unshare"
-	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/pkg/errors"
 )

-func DeviceFromPath(device string) ([]configs.Device, error) {
-	var devs []configs.Device
+func DeviceFromPath(device string) ([]devices.Device, error) {
+	var devs []devices.Device
 	src, dst, permissions, err := Device(device)
 	if err != nil {
 		return nil, err
@ -44,7 +43,7 @@ func DeviceFromPath(device string) ([]configs.Device, error) {
 	}
 	for _, d := range srcDevices {
 		d.Path = filepath.Join(dst, filepath.Base(d.Path))
-		d.Permissions = configs.DevicePermissions(permissions)
+		d.Permissions = devices.Permissions(permissions)
 		devs = append(devs, *d)
 	}
 	return devs, nil
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@ -1,4 +1,4 @@
 package version

 // Version is the version of the build.
-const Version = "0.35.0"
+const Version = "0.35.3"
--- a/vendor/github.com/containers/image/v5/copy/copy.go
+++ b/vendor/github.com/containers/image/v5/copy/copy.go
@ -1067,6 +1067,26 @@ type diffIDResult struct {
 // copyLayer copies a layer with srcInfo (with known Digest and Annotations and possibly known Size) in src to dest, perhaps (de/re/)compressing it,
 // and returns a complete blobInfo of the copied layer, and a value for LayerDiffIDs if diffIDIsNeeded
 func (ic *imageCopier) copyLayer(ctx context.Context, srcInfo types.BlobInfo, toEncrypt bool, pool *mpb.Progress) (types.BlobInfo, digest.Digest, error) {
+	// If the srcInfo doesn't contain compression information, try to compute it from the
+	// MediaType, which was either read from a manifest by way of LayerInfos() or constructed
+	// by LayerInfosForCopy(), if it was supplied at all.  If we succeed in copying the blob,
+	// the BlobInfo we return will be passed to UpdatedImage() and then to UpdateLayerInfos(),
+	// which uses the compression information to compute the updated MediaType values.
+	// (Sadly UpdatedImage() is documented to not update MediaTypes from
+	//  ManifestUpdateOptions.LayerInfos[].MediaType, so we are doing it indirectly.)
+	//
+	// This MIME type → compression mapping belongs in manifest-specific code in our manifest
+	// package (but we should preferably replace/change UpdatedImage instead of productizing
+	// this workaround).
+	if srcInfo.CompressionAlgorithm == nil {
+		switch srcInfo.MediaType {
+		case manifest.DockerV2Schema2LayerMediaType, imgspecv1.MediaTypeImageLayerGzip:
+			srcInfo.CompressionAlgorithm = &compression.Gzip
+		case imgspecv1.MediaTypeImageLayerZstd:
+			srcInfo.CompressionAlgorithm = &compression.Zstd
+		}
+	}
+
 	cachedDiffID := ic.c.blobInfoCache.UncompressedDigest(srcInfo.Digest) // May be ""
 	// Diffs are needed if we are encrypting an image or trying to decrypt an image
 	diffIDIsNeeded := ic.diffIDsAreNeeded && cachedDiffID == "" || toEncrypt || (isOciEncrypted(srcInfo.MediaType) && ic.c.ociDecryptConfig != nil)
@ -1095,6 +1115,19 @@ func (ic *imageCopier) copyLayer(ctx context.Context, srcInfo types.BlobInfo, to
 					Artifact: srcInfo,
 				}
 			}
+
+			// If the reused blob has the same digest as the one we asked for, but
+			// the transport didn't/couldn't supply compression info, fill it in based
+			// on what we know from the srcInfos we were given.
+			// If the srcInfos came from LayerInfosForCopy(), then UpdatedImage() will
+			// call UpdateLayerInfos(), which uses this information to compute the
+			// MediaType value for the updated layer infos, and it the transport
+			// didn't pass the information along from its input to its output, then
+			// it can derive the MediaType incorrectly.
+			if blobInfo.Digest == srcInfo.Digest && blobInfo.CompressionAlgorithm == nil {
+				blobInfo.CompressionOperation = srcInfo.CompressionOperation
+				blobInfo.CompressionAlgorithm = srcInfo.CompressionAlgorithm
+			}
 			return blobInfo, cachedDiffID, nil
 		}
 	}
@ -1349,7 +1382,15 @@ func (c *copier) copyBlobFromStream(ctx context.Context, srcStream io.Reader, sr
 		compressionOperation = types.PreserveOriginal
 		inputInfo = srcInfo
 		uploadCompressorName = srcCompressorName
-		uploadCompressionFormat = nil
+		// Remember if the original blob was compressed, and if so how, so that if
+		// LayerInfosForCopy() returned something that differs from what was in the
+		// source's manifest, and UpdatedImage() needs to call UpdateLayerInfos(),
+		// it will be able to correctly derive the MediaType for the copied blob.
+		if isCompressed {
+			uploadCompressionFormat = &compressionFormat
+		} else {
+			uploadCompressionFormat = nil
+		}
 	}

 	// Perform image encryption for valid mediatypes if ociEncryptConfig provided
--- a/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
+++ b/vendor/github.com/containers/image/v5/pkg/sysregistriesv2/shortnames.go
@ -34,15 +34,9 @@ func shortNameAliasesConfPath(ctx *types.SystemContext) (string, error) {
 	}

 	// Rootless user
-	var cacheRoot string
-	if xdgCache := os.Getenv("XDG_CACHE_HOME"); xdgCache != "" {
-		cacheRoot = xdgCache
-	} else {
-		configHome, err := homedir.GetConfigHome()
-		if err != nil {
-			return "", err
-		}
-		cacheRoot = filepath.Join(configHome, ".cache")
+	cacheRoot, err := homedir.GetCacheHome()
+	if err != nil {
+		return "", err
 	}

 	return filepath.Join(cacheRoot, userShortNamesFile), nil
--- a/vendor/github.com/containers/image/v5/storage/storage_image.go
+++ b/vendor/github.com/containers/image/v5/storage/storage_image.go
@ -246,8 +246,7 @@ func (s *storageImageSource) LayerInfosForCopy(ctx context.Context, instanceDige
 	case imgspecv1.MediaTypeImageManifest:
 		uncompressedLayerType = imgspecv1.MediaTypeImageLayer
 	case manifest.DockerV2Schema1MediaType, manifest.DockerV2Schema1SignedMediaType, manifest.DockerV2Schema2MediaType:
-		// This is actually a compressed type, but there's no uncompressed type defined
-		uncompressedLayerType = manifest.DockerV2Schema2LayerMediaType
+		uncompressedLayerType = manifest.DockerV2SchemaLayerMediaTypeUncompressed
 	}

 	physicalBlobInfos := []types.BlobInfo{}
--- a/vendor/github.com/containers/image/v5/version/version.go
+++ b/vendor/github.com/containers/image/v5/version/version.go
@ -8,7 +8,7 @@ const (
 	// VersionMinor is for functionality in a backwards-compatible manner
 	VersionMinor = 10
 	// VersionPatch is for backwards-compatible bug fixes
-	VersionPatch = 2
+	VersionPatch = 5

 	// VersionDev indicates development branch. Releases will be empty string.
 	VersionDev = ""
--- a/vendor/github.com/onsi/ginkgo/CHANGELOG.md
+++ b/vendor/github.com/onsi/ginkgo/CHANGELOG.md
@ -1,3 +1,8 @@
+## 1.15.2
+
+### Fixes
+- ignore blank `-focus` and `-skip` flags (#780) [e90a4a0]
+
 ## 1.15.1

 ### Fixes
--- a/vendor/github.com/onsi/ginkgo/README.md
+++ b/vendor/github.com/onsi/ginkgo/README.md
@ -62,6 +62,8 @@ Describe("the strings package", func() {

 - [Completions for VSCode](https://github.com/onsi/vscode-ginkgo): just use VSCode's extension installer to install `vscode-ginkgo`.

+- [Ginkgo tools for VSCode](https://marketplace.visualstudio.com/items?itemName=joselitofilho.ginkgotestexplorer): just use VSCode's extension installer to install `ginkgoTestExplorer`.
+
 - Straightforward support for third-party testing libraries such as [Gomock](https://code.google.com/p/gomock/) and [Testify](https://github.com/stretchr/testify).  Check out the [docs](https://onsi.github.io/ginkgo/#third-party-integrations) for details.

 - A modular architecture that lets you easily:
--- a/vendor/github.com/onsi/ginkgo/config/config.go
+++ b/vendor/github.com/onsi/ginkgo/config/config.go
@ -20,7 +20,7 @@ import (
 	"fmt"
 )

-const VERSION = "1.15.1"
+const VERSION = "1.15.2"

 type GinkgoConfigType struct {
 	RandomSeed         int64
@ -219,10 +219,14 @@ func BuildFlagArgs(prefix string, ginkgo GinkgoConfigType, reporter DefaultRepor

 // flagFocus implements the -focus flag.
 func flagFocus(arg string) {
-	GinkgoConfig.FocusStrings = append(GinkgoConfig.FocusStrings, arg)
+	if arg != "" {
+		GinkgoConfig.FocusStrings = append(GinkgoConfig.FocusStrings, arg)
+	}
 }

 // flagSkip implements the -skip flag.
 func flagSkip(arg string) {
-	GinkgoConfig.SkipStrings = append(GinkgoConfig.SkipStrings, arg)
+	if arg != "" {
+		GinkgoConfig.SkipStrings = append(GinkgoConfig.SkipStrings, arg)
+	}
 }