Update vendor of containers/(storage,image)

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-07-15 03:02:52 +08:00 · 2023-07-21 13:11:37 -04:00
parent d4fc66af9a
commit f4fbd6fd07
57 changed files with 1101 additions and 840 deletions
--- a/vendor/github.com/containers/common/libimage/filters.go
+++ b/vendor/github.com/containers/common/libimage/filters.go
@ -11,6 +11,7 @@ import (
 	filtersPkg "github.com/containers/common/pkg/filters"
 	"github.com/containers/common/pkg/timetype"
 	"github.com/containers/image/v5/docker/reference"
+	"github.com/opencontainers/go-digest"
 	"github.com/sirupsen/logrus"
 )

@ -147,7 +148,11 @@ func (r *Runtime) compileImageFilters(ctx context.Context, options *ListImagesOp
 			filter = filterID(value)

 		case "digest":
-			filter = filterDigest(value)
+			f, err := filterDigest(value)
+			if err != nil {
+				return nil, err
+			}
+			filter = f

 		case "intermediate":
 			intermediate, err := r.bool(duplicate, key, value)
@ -395,12 +400,14 @@ func filterID(value string) filterFunc {
 }

 // filterDigest creates a digest filter for matching the specified value.
-func filterDigest(value string) filterFunc {
-	// TODO: return an error if value is not a digest
-	// if _, err := digest.Parse(value); err != nil {...}
-	return func(img *Image) (bool, error) {
-		return img.hasDigest(value), nil
+func filterDigest(value string) (filterFunc, error) {
+	d, err := digest.Parse(value)
+	if err != nil {
+		return nil, fmt.Errorf("invalid value %q for digest filter: %w", value, err)
 	}
+	return func(img *Image) (bool, error) {
+		return img.hasDigest(d), nil
+	}, nil
 }

 // filterIntermediate creates an intermediate filter for images.  An image is
--- a/vendor/github.com/containers/common/libimage/image.go
+++ b/vendor/github.com/containers/common/libimage/image.go
@ -159,10 +159,9 @@ func (i *Image) Digests() []digest.Digest {

 // hasDigest returns whether the specified value matches any digest of the
 // image.
-func (i *Image) hasDigest(value string) bool {
-	// TODO: change the argument to a typed digest.Digest
+func (i *Image) hasDigest(wantedDigest digest.Digest) bool {
 	for _, d := range i.Digests() {
-		if string(d) == value {
+		if d == wantedDigest {
 			return true
 		}
 	}
@ -686,24 +685,22 @@ func (i *Image) NamedRepoTags() ([]reference.Named, error) {
 	return repoTags, nil
 }

-// inRepoTags looks for the specified name/tag in the image's repo tags.  If
-// `ignoreTag` is set, only the repo must match and the tag is ignored.
-func (i *Image) inRepoTags(namedTagged reference.NamedTagged, ignoreTag bool) (reference.Named, error) {
+// referenceFuzzilyMatchingRepoAndTag checks if the image’s repo (and tag if requiredTag != "") matches a fuzzy short input,
+// and if so, returns the matching reference.
+//
+// DO NOT ADD ANY NEW USERS OF THIS SEMANTICS. Rely on existing libimage calls like LookupImage instead,
+// and handle unqualified the way it does (c/image/pkg/shortnames).
+func (i *Image) referenceFuzzilyMatchingRepoAndTag(requiredRepo reference.Named, requiredTag string) (reference.Named, error) {
 	repoTags, err := i.NamedRepoTags()
 	if err != nil {
 		return nil, err
 	}

-	name := namedTagged.Name()
-	tag := namedTagged.Tag()
+	name := requiredRepo.Name()
 	for _, r := range repoTags {
-		if !ignoreTag {
-			var repoTag string
+		if requiredTag != "" {
 			tagged, isTagged := r.(reference.NamedTagged)
-			if isTagged {
-				repoTag = tagged.Tag()
-			}
-			if !isTagged || tag != repoTag {
+			if !isTagged || tagged.Tag() != requiredTag {
 				continue
 			}
 		}
--- a/vendor/github.com/containers/common/libimage/runtime.go
+++ b/vendor/github.com/containers/common/libimage/runtime.go
@ -454,28 +454,20 @@ func (r *Runtime) lookupImageInDigestsAndRepoTags(name string, possiblyUnqualifi
 	if possiblyUnqualifiedNamedReference == nil {
 		return nil, "", fmt.Errorf("%s: %w", originalName, storage.ErrImageUnknown)
 	}
-
-	// In case of a digested reference, we strip off the digest and require
-	// any image matching the repo/tag to also match the specified digest.
-	var requiredDigest digest.Digest
-	digested, isDigested := possiblyUnqualifiedNamedReference.(reference.Digested)
-	if isDigested {
-		requiredDigest = digested.Digest()
-		possiblyUnqualifiedNamedReference = reference.TrimNamed(possiblyUnqualifiedNamedReference)
-		name = possiblyUnqualifiedNamedReference.String()
-	}
-
 	if !shortnames.IsShortName(name) {
 		return nil, "", fmt.Errorf("%s: %w", originalName, storage.ErrImageUnknown)
 	}

-	// Docker compat: make sure to add the "latest" tag if needed.  The tag
-	// will be ignored if we're looking for a digest match.
-	possiblyUnqualifiedNamedReference = reference.TagNameOnly(possiblyUnqualifiedNamedReference)
-	namedTagged, isNamedTagged := possiblyUnqualifiedNamedReference.(reference.NamedTagged)
-	if !isNamedTagged {
-		// NOTE: this should never happen since we already stripped off
-		// the digest.
+	var requiredDigest digest.Digest // or ""
+	var requiredTag string           // or ""
+
+	possiblyUnqualifiedNamedReference = reference.TagNameOnly(possiblyUnqualifiedNamedReference) // Docker compat: make sure to add the "latest" tag if needed.
+	if digested, ok := possiblyUnqualifiedNamedReference.(reference.Digested); ok {
+		requiredDigest = digested.Digest()
+		name = reference.TrimNamed(possiblyUnqualifiedNamedReference).String()
+	} else if namedTagged, ok := possiblyUnqualifiedNamedReference.(reference.NamedTagged); ok {
+		requiredTag = namedTagged.Tag()
+	} else { // This should never happen after the reference.TagNameOnly above.
 		return nil, "", fmt.Errorf("%s: %w (could not cast to tagged)", originalName, storage.ErrImageUnknown)
 	}

@ -485,7 +477,7 @@ func (r *Runtime) lookupImageInDigestsAndRepoTags(name string, possiblyUnqualifi
 	}

 	for _, image := range allImages {
-		named, err := image.inRepoTags(namedTagged, isDigested)
+		named, err := image.referenceFuzzilyMatchingRepoAndTag(possiblyUnqualifiedNamedReference, requiredTag)
 		if err != nil {
 			return nil, "", err
 		}
@ -497,8 +489,8 @@ func (r *Runtime) lookupImageInDigestsAndRepoTags(name string, possiblyUnqualifi
 			return nil, "", err
 		}
 		if img != nil {
-			if isDigested {
-				if !img.hasDigest(requiredDigest.String()) {
+			if requiredDigest != "" {
+				if !img.hasDigest(requiredDigest) {
 					continue
 				}
 				named = reference.TrimNamed(named)
--- a/vendor/github.com/containers/common/libnetwork/etchosts/hosts.go
+++ b/vendor/github.com/containers/common/libnetwork/etchosts/hosts.go
@ -14,6 +14,7 @@ import (

 const (
 	HostContainersInternal = "host.containers.internal"
+	HostGateway            = "host-gateway"
 	localhost              = "localhost"
 )

@ -98,7 +99,7 @@ func Remove(file string, entries HostEntries) error {

 // new see comment on New()
 func newHost(params *Params) error {
-	entries, err := parseExtraHosts(params.ExtraHosts)
+	entries, err := parseExtraHosts(params.ExtraHosts, params.HostContainersInternalIP)
 	if err != nil {
 		return err
 	}
@ -230,7 +231,7 @@ func checkIfEntryExists(current HostEntry, entries HostEntries) bool {
 // parseExtraHosts converts a slice of "name:ip" string to entries.
 // Because podman and buildah both store the extra hosts in this format
 // we convert it here instead of having to this on the caller side.
-func parseExtraHosts(extraHosts []string) (HostEntries, error) {
+func parseExtraHosts(extraHosts []string, hostContainersInternalIP string) (HostEntries, error) {
 	entries := make(HostEntries, 0, len(extraHosts))
 	for _, entry := range extraHosts {
 		values := strings.SplitN(entry, ":", 2)
@ -243,7 +244,14 @@ func parseExtraHosts(extraHosts []string) (HostEntries, error) {
 		if values[1] == "" {
 			return nil, fmt.Errorf("IP address in host entry %q is empty", entry)
 		}
-		e := HostEntry{IP: values[1], Names: []string{values[0]}}
+		ip := values[1]
+		if values[1] == HostGateway {
+			if hostContainersInternalIP == "" {
+				return nil, fmt.Errorf("unable to replace %q of host entry %q: host containers internal IP address is empty", HostGateway, entry)
+			}
+			ip = hostContainersInternalIP
+		}
+		e := HostEntry{IP: ip, Names: []string{values[0]}}
 		entries = append(entries, e)
 	}
 	return entries, nil
--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@ -51,7 +51,7 @@ const (
 	BoltDBStateStore RuntimeStateStore = iota
 )

-var validImageVolumeModes = []string{"bind", "tmpfs", "ignore"}
+var validImageVolumeModes = []string{_typeBind, "tmpfs", "ignore"}

 // ProxyEnv is a list of Proxy Environment variables
 var ProxyEnv = []string{
@ -513,6 +513,11 @@ type EngineConfig struct {

 	// CompressionLevel is the compression level used to compress image layers.
 	CompressionLevel *int `toml:"compression_level,omitempty"`
+
+	// PodmanshTimeout is the number of seconds to wait for podmansh logins.
+	// In other words, the timeout for the `podmansh` container to be in running
+	// state.
+	PodmanshTimeout uint `toml:"podmansh_timeout,omitempty,omitzero"`
 }

 // SetOptions contains a subset of options in a Config. It's used to indicate if
--- a/vendor/github.com/containers/common/pkg/config/config_darwin.go
+++ b/vendor/github.com/containers/common/pkg/config/config_darwin.go
@ -14,6 +14,9 @@ const (
 	// DefaultSignaturePolicyPath is the default value for the
 	// policy.json file.
 	DefaultSignaturePolicyPath = "/etc/containers/policy.json"
+
+	// Mount type for mounting host dir
+	_typeBind = "bind"
 )

 // podman remote clients on darwin cannot use unshare.isRootless() to determine the configuration file locations.
--- a/vendor/github.com/containers/common/pkg/config/config_freebsd.go
+++ b/vendor/github.com/containers/common/pkg/config/config_freebsd.go
@ -14,6 +14,9 @@ const (
 	// DefaultSignaturePolicyPath is the default value for the
 	// policy.json file.
 	DefaultSignaturePolicyPath = "/usr/local/etc/containers/policy.json"
+
+	// Mount type for mounting host dir
+	_typeBind = "nullfs"
 )

 // podman remote clients on freebsd cannot use unshare.isRootless() to determine the configuration file locations.
--- a/vendor/github.com/containers/common/pkg/config/config_linux.go
+++ b/vendor/github.com/containers/common/pkg/config/config_linux.go
@ -17,6 +17,9 @@ const (
 	// DefaultSignaturePolicyPath is the default value for the
 	// policy.json file.
 	DefaultSignaturePolicyPath = "/etc/containers/policy.json"
+
+	// Mount type for mounting host dir
+	_typeBind = "bind"
 )

 func selinuxEnabled() bool {
--- a/vendor/github.com/containers/common/pkg/config/config_windows.go
+++ b/vendor/github.com/containers/common/pkg/config/config_windows.go
@ -12,6 +12,9 @@ const (
 	// DefaultSignaturePolicyPath is the default value for the
 	// policy.json file.
 	DefaultSignaturePolicyPath = "/etc/containers/policy.json"
+
+	// Mount type for mounting host dir
+	_typeBind = "bind"
 )

 // podman remote clients on windows cannot use unshare.isRootless() to determine the configuration file locations.
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@ -669,6 +669,9 @@ default_sysctls = [
 # A value of 0 is treated as no timeout.
 #volume_plugin_timeout = 5

+# Default timeout in seconds for podmansh logins.
+#podmansh_timeout = 30
+
 # Paths to look for a valid OCI runtime (crun, runc, kata, runsc, krun, etc)
 [engine.runtimes]
 #crun = [
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@ -28,7 +28,7 @@ const (
 	_defaultTransport = "docker://"

 	// _defaultImageVolumeMode is a mode to handle built-in image volumes.
-	_defaultImageVolumeMode = "bind"
+	_defaultImageVolumeMode = _typeBind
 )

 var (
@ -298,6 +298,7 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
 	c.CgroupManager = defaultCgroupManager()
 	c.ServiceTimeout = uint(5)
 	c.StopTimeout = uint(10)
+	c.PodmanshTimeout = uint(30)
 	c.ExitCommandDelay = uint(5 * 60)
 	c.Remote = isRemote()
 	c.OCIRuntimes = map[string][]string{