Vendor in the latest containers/storage, image and buildah

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

vendor/github.com/containers/buildah/image.go

@@ -329,20 +329,19 @@ func (i *containerImageRef) NewImageSource(ctx context.Context, sc *types.System
 			if err != nil {
 				return nil, err
 			}
-			defer rc.Close()
 		} else {
 			// Extract this layer, one of possibly many.
 			rc, err = i.store.Diff("", layerID, diffOptions)
 			if err != nil {
 				return nil, errors.Wrapf(err, "error extracting %s", what)
 			}
-			defer rc.Close()
 		}
 		srcHasher := digest.Canonical.Digester()
 		reader := io.TeeReader(rc, srcHasher.Hash())
 		// Set up to write the possibly-recompressed blob.
 		layerFile, err := os.OpenFile(filepath.Join(path, "layer"), os.O_CREATE|os.O_WRONLY, 0600)
 		if err != nil {
+			rc.Close()
 			return nil, errors.Wrapf(err, "error opening file for %s", what)
 		}
 		destHasher := digest.Canonical.Digester()
@@ -351,14 +350,17 @@ func (i *containerImageRef) NewImageSource(ctx context.Context, sc *types.System
 		// Compress the layer, if we're recompressing it.
 		writer, err := archive.CompressStream(multiWriter, i.compression)
 		if err != nil {
+			layerFile.Close()
+			rc.Close()
 			return nil, errors.Wrapf(err, "error compressing %s", what)
 		}
 		size, err := io.Copy(writer, reader)
+		writer.Close()
+		layerFile.Close()
+		rc.Close()
 		if err != nil {
 			return nil, errors.Wrapf(err, "error storing %s to file", what)
 		}
-		writer.Close()
-		layerFile.Close()
 		if i.compression == archive.Uncompressed {
 			if size != counter.Count {
 				return nil, errors.Errorf("error storing %s to file: inconsistent layer size (copied %d, wrote %d)", what, size, counter.Count)

vendor/github.com/containers/buildah/imagebuildah/build.go

@@ -648,20 +648,25 @@ func (b *Executor) Prepare(ctx context.Context, ib *imagebuilder.Builder, node *
 	for _, v := range builder.Volumes() {
 		volumes[v] = struct{}{}
 	}
+	ports := map[docker.Port]struct{}{}
+	for _, p := range builder.Ports() {
+		ports[docker.Port(p)] = struct{}{}
+	}
 	dConfig := docker.Config{
-		Hostname:   builder.Hostname(),
-		Domainname: builder.Domainname(),
-		User:       builder.User(),
-		Env:        builder.Env(),
-		Cmd:        builder.Cmd(),
-		Image:      from,
-		Volumes:    volumes,
-		WorkingDir: builder.WorkDir(),
-		Entrypoint: builder.Entrypoint(),
-		Labels:     builder.Labels(),
-		Shell:      builder.Shell(),
-		StopSignal: builder.StopSignal(),
-		OnBuild:    builder.OnBuild(),
+		Hostname:     builder.Hostname(),
+		Domainname:   builder.Domainname(),
+		User:         builder.User(),
+		Env:          builder.Env(),
+		Cmd:          builder.Cmd(),
+		Image:        from,
+		Volumes:      volumes,
+		WorkingDir:   builder.WorkDir(),
+		Entrypoint:   builder.Entrypoint(),
+		Labels:       builder.Labels(),
+		Shell:        builder.Shell(),
+		StopSignal:   builder.StopSignal(),
+		OnBuild:      builder.OnBuild(),
+		ExposedPorts: ports,
 	}
 	var rootfs *docker.RootFS
 	if builder.Docker.RootFS != nil {
@@ -751,6 +756,7 @@ func (b *Executor) Execute(ctx context.Context, ib *imagebuilder.Builder, node *
 	checkForLayers := true
 	children := node.Children
 	commitName := b.output
+	b.containerIDs = nil
 	for i, node := range node.Children {
 		step := ib.Step()
 		if err := step.Resolve(node); err != nil {

vendor/github.com/containers/buildah/unshare/unshare.c

@@ -31,7 +31,7 @@ static int _buildah_unshare_parse_envint(const char *envname) {
 
 void _buildah_unshare(void)
 {
-	int flags, pidfd, continuefd, n, pgrp, sid, ctty, allow_setgroups;
+	int flags, pidfd, continuefd, n, pgrp, sid, ctty;
 	char buf[2048];
 
 	flags = _buildah_unshare_parse_envint("_Buildah-unshare");
@@ -83,14 +83,7 @@ void _buildah_unshare(void)
 			_exit(1);
 		}
 	}
-	allow_setgroups = _buildah_unshare_parse_envint("_Buildah-allow-setgroups");
 	if ((flags & CLONE_NEWUSER) != 0) {
-		if (allow_setgroups == 1) {
-			if (setgroups(0, NULL) != 0) {
-				fprintf(stderr, "Error during setgroups(0, NULL): %m\n");
-				_exit(1);
-			}
-		}
 		if (setresgid(0, 0, 0) != 0) {
 			fprintf(stderr, "Error during setresgid(0): %m\n");
 			_exit(1);

vendor/github.com/containers/buildah/unshare/unshare.go

@@ -84,11 +84,6 @@ func (c *Cmd) Start() error {
 		c.Env = append(c.Env, fmt.Sprintf("_Buildah-ctty=%d", len(c.ExtraFiles)+3))
 		c.ExtraFiles = append(c.ExtraFiles, c.Ctty)
 	}
-	if c.GidMappingsEnableSetgroups {
-		c.Env = append(c.Env, "_Buildah-allow-setgroups=1")
-	} else {
-		c.Env = append(c.Env, "_Buildah-allow-setgroups=0")
-	}
 
 	// Make sure we clean up our pipes.
 	defer func() {

vendor/github.com/containers/buildah/vendor.conf

@@ -3,9 +3,9 @@ github.com/blang/semver master
 github.com/BurntSushi/toml master
 github.com/containerd/continuity master
 github.com/containernetworking/cni v0.7.0-alpha1
-github.com/seccomp/containers-golang master
-github.com/containers/image 85d7559d44fd71f30e46e43d809bfbf88d11d916
-github.com/containers/storage 243c4cd616afdf06b4a975f18c4db083d26b1641
+github.com/containers/image 8f11f3ad8912d8bc43a7d25992b8f313ffefd430
+github.com/containers/libpod 2afadeec6696fefac468a49c8ba24b0bc275aa75
+github.com/containers/storage 68332c059156eae970a03245cfcd4d717fb66ecd
 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716
 github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00
 github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1
@@ -42,7 +42,7 @@ github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460
 github.com/pborman/uuid master
 github.com/pkg/errors master
 github.com/pquerna/ffjson d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac
-github.com/containers/libpod 2afadeec6696fefac468a49c8ba24b0bc275aa75
+github.com/seccomp/containers-golang master
 github.com/sirupsen/logrus master
 github.com/syndtr/gocapability master
 github.com/tchap/go-patricia master