Bump github.com/containers/buildah from 1.16.2 to 1.16.4

Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.16.2 to 1.16.4. - [Release notes](https://github.com/containers/buildah/releases) - [Changelog](https://github.com/containers/buildah/blob/master/CHANGELOG.md) - [Commits](https://github.com/containers/buildah/compare/v1.16.2...v1.16.4) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
author: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> 2020-10-02 08:18:09 +0000
committer: Daniel J Walsh <dwalsh@redhat.com> 2020-10-02 05:54:32 -0400
commit: 9212e0499b8152097515f5b2e00ca32ab0dd9c5e (patch)
tree: 3b45b36308ca552451244468dc4be8fa3118096d /vendor/github.com
parent: defd427503c2b36d64686b6ef327ce16810855c1 (diff)
download: podman-9212e0499b8152097515f5b2e00ca32ab0dd9c5e.tar.gz
podman-9212e0499b8152097515f5b2e00ca32ab0dd9c5e.tar.bz2
podman-9212e0499b8152097515f5b2e00ca32ab0dd9c5e.zip
8 files changed, 119 insertions, 57 deletions
diff --git a/vendor/github.com/containers/buildah/.golangci.yml b/vendor/github.com/containers/buildah/.golangci.yml
index 888d89afa..f8247f049 100644
--- a/vendor/github.com/containers/buildah/.golangci.yml
+++ b/vendor/github.com/containers/buildah/.golangci.yml
@@ -7,38 +7,26 @@ run:
   # Don't exceed number of threads available when running under CI
   concurrency: 4
 linters:
-  disable-all: true
-  enable:
-    - bodyclose
+  enable-all: true
+  disable:
+    # All these break for one reason or another
     - deadcode
     - depguard
     - dupl
     - errcheck
-    - gofmt
-    - goimports
+    - gochecknoglobals
+    - gochecknoinits
+    - goconst
+    - gocritic
+    - gocyclo
     - golint
-    # Broken? Unpredictably dies w/o any error well before deadline/timeout expires
-    # - gosimple
-    - govet
-    - ineffassign
-    - interfacer
-    - misspell
-    - nakedret
-    - staticcheck
+    - gosec
+    - gosimple
+    - lll
+    - maligned
+    - prealloc
+    - scopelint
     - structcheck
-    - stylecheck
     - typecheck
     - unconvert
-    - unparam
-    - unused
     - varcheck
-    # - gochecknoglobals
-    # - gochecknoinits
-    # - goconst
-    # - gocritic
-    # - gocyclo
-    # - gosec
-    # - lll
-    # - maligned
-    # - prealloc
-    # - scopelint
diff --git a/vendor/github.com/containers/buildah/CHANGELOG.md b/vendor/github.com/containers/buildah/CHANGELOG.md
index 6168dc317..ca6a98889 100644
--- a/vendor/github.com/containers/buildah/CHANGELOG.md
+++ b/vendor/github.com/containers/buildah/CHANGELOG.md
@@ -2,10 +2,21 @@
 
 # Changelog
 
+## v1.16.4 (2020-10-01)
+    ADD: only expand archives at the right time
+
+## v1.16.3 (2020-09-30)
+    Lint: Use same linters as podman
+    add: preserve ownerships and permissions on ADDed archives
+    chroot: fix handling of errno seccomp rules
+    git-validation.sh: set the base for comparison to v1.16.0
+    chroot: create bind mount targets 0755 instead of 0700
+
 ## v1.16.2 (2020-09-21)
     Add(): fix handling of relative paths with no ContextDir
 
 ## v1.16.1 (2020-09-10)
+    CI: use release-1.16 as the basis for validation tests
     copier.Get(): hard link targets shouldn't be relative paths
 
 ## v1.16.0 (2020-09-03)
diff --git a/vendor/github.com/containers/buildah/add.go b/vendor/github.com/containers/buildah/add.go
index bbfdda9c1..a3f3c7a37 100644
--- a/vendor/github.com/containers/buildah/add.go
+++ b/vendor/github.com/containers/buildah/add.go
@@ -33,7 +33,8 @@ type AddAndCopyOptions struct {
 	Chown string
 	// PreserveOwnership, if Chown is not set, tells us to avoid setting
 	// ownership of copied items to 0:0, instead using whatever ownership
-	// information is already set.  Not meaningful for remote sources.
+	// information is already set.  Not meaningful for remote sources or
+	// local archives that we extract.
 	PreserveOwnership bool
 	// All of the data being copied will pass through Hasher, if set.
 	// If the sources are URLs or files, their contents will be passed to
@@ -210,7 +211,6 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
 
 	// Find out which user (and group) the destination should belong to.
 	var chownDirs, chownFiles *idtools.IDPair
-	var chmodDirs, chmodFiles *os.FileMode
 	var user specs.User
 	if options.Chown != "" {
 		user, _, err = b.user(mountPoint, options.Chown)
@@ -319,9 +319,9 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
 						UIDMap:     destUIDMap,
 						GIDMap:     destGIDMap,
 						ChownDirs:  chownDirs,
-						ChmodDirs:  chmodDirs,
+						ChmodDirs:  nil,
 						ChownFiles: chownFiles,
-						ChmodFiles: chmodFiles,
+						ChmodFiles: nil,
 					}
 					putErr = copier.Put(mountPoint, extractDirectory, putOptions, io.TeeReader(pipeReader, hasher))
 				}
@@ -396,6 +396,10 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
 					GIDMap:         srcGIDMap,
 					Excludes:       options.Excludes,
 					ExpandArchives: extract,
+					ChownDirs:      chownDirs,
+					ChmodDirs:      nil,
+					ChownFiles:     chownFiles,
+					ChmodFiles:     nil,
 					StripSetuidBit: options.StripSetuidBit,
 					StripSetgidBit: options.StripSetgidBit,
 					StripStickyBit: options.StripStickyBit,
@@ -423,12 +427,14 @@ func (b *Builder) Add(destination string, extract bool, options AddAndCopyOption
 					_, putErr = io.Copy(hasher, pipeReader)
 				} else {
 					putOptions := copier.PutOptions{
-						UIDMap:     destUIDMap,
-						GIDMap:     destGIDMap,
-						ChownDirs:  chownDirs,
-						ChmodDirs:  chmodDirs,
-						ChownFiles: chownFiles,
-						ChmodFiles: chmodFiles,
+						UIDMap:          destUIDMap,
+						GIDMap:          destGIDMap,
+						DefaultDirOwner: chownDirs,
+						DefaultDirMode:  nil,
+						ChownDirs:       nil,
+						ChmodDirs:       nil,
+						ChownFiles:      nil,
+						ChmodFiles:      nil,
 					}
 					putErr = copier.Put(mountPoint, extractDirectory, putOptions, io.TeeReader(pipeReader, hasher))
 				}
diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go
index e63cfff3a..2ac0210bd 100644
--- a/vendor/github.com/containers/buildah/buildah.go
+++ b/vendor/github.com/containers/buildah/buildah.go
@@ -28,7 +28,7 @@ const (
 	Package = "buildah"
 	// Version for the Package.  Bump version in contrib/rpm/buildah.spec
 	// too.
-	Version = "1.16.2"
+	Version = "1.16.4"
 	// The value we use to identify what type of information, currently a
 	// serialized Builder structure, we are using as per-container state.
 	// This should only be changed when we make incompatible changes to
diff --git a/vendor/github.com/containers/buildah/changelog.txt b/vendor/github.com/containers/buildah/changelog.txt
index d34ede417..048dc61c1 100644
--- a/vendor/github.com/containers/buildah/changelog.txt
+++ b/vendor/github.com/containers/buildah/changelog.txt
@@ -1,7 +1,18 @@
+- Changelog for v1.16.4 (2020-10-01)
+  * ADD: only expand archives at the right time
+
+- Changelog for v1.16.3 (2020-09-30)
+  * Lint: Use same linters as podman
+  * add: preserve ownerships and permissions on ADDed archives
+  * chroot: fix handling of errno seccomp rules
+  * git-validation.sh: set the base for comparison to v1.16.0
+  * chroot: create bind mount targets 0755 instead of 0700
+
 - Changelog for v1.16.2 (2020-09-21)
   * Add(): fix handling of relative paths with no ContextDir
 
 - Changelog for v1.16.1 (2020-09-10)
+  * CI: use release-1.16 as the basis for validation tests
   * copier.Get(): hard link targets shouldn't be relative paths
 
 - Changelog for v1.16.0 (2020-09-03)
diff --git a/vendor/github.com/containers/buildah/chroot/run.go b/vendor/github.com/containers/buildah/chroot/run.go
index 7a83a73a3..e8842f7a9 100644
--- a/vendor/github.com/containers/buildah/chroot/run.go
+++ b/vendor/github.com/containers/buildah/chroot/run.go
@@ -1047,7 +1047,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 	subDev := filepath.Join(spec.Root.Path, "/dev")
 	if err := unix.Mount("/dev", subDev, "bind", devFlags, ""); err != nil {
 		if os.IsNotExist(err) {
-			err = os.Mkdir(subDev, 0700)
+			err = os.Mkdir(subDev, 0755)
 			if err == nil {
 				err = unix.Mount("/dev", subDev, "bind", devFlags, "")
 			}
@@ -1071,7 +1071,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 	subProc := filepath.Join(spec.Root.Path, "/proc")
 	if err := unix.Mount("/proc", subProc, "bind", procFlags, ""); err != nil {
 		if os.IsNotExist(err) {
-			err = os.Mkdir(subProc, 0700)
+			err = os.Mkdir(subProc, 0755)
 			if err == nil {
 				err = unix.Mount("/proc", subProc, "bind", procFlags, "")
 			}
@@ -1086,7 +1086,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 	subSys := filepath.Join(spec.Root.Path, "/sys")
 	if err := unix.Mount("/sys", subSys, "bind", sysFlags, ""); err != nil {
 		if os.IsNotExist(err) {
-			err = os.Mkdir(subSys, 0700)
+			err = os.Mkdir(subSys, 0755)
 			if err == nil {
 				err = unix.Mount("/sys", subSys, "bind", sysFlags, "")
 			}
@@ -1163,15 +1163,15 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func(
 			}
 			// The target isn't there yet, so create it.
 			if srcinfo.IsDir() {
-				if err = os.MkdirAll(target, 0111); err != nil {
+				if err = os.MkdirAll(target, 0755); err != nil {
 					return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
 				}
 			} else {
-				if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil {
+				if err = os.MkdirAll(filepath.Dir(target), 0755); err != nil {
 					return undoBinds, errors.Wrapf(err, "error ensuring parent of mountpoint %q (%q) is present in mount namespace", target, filepath.Dir(target))
 				}
 				var file *os.File
-				if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0); err != nil {
+				if file, err = os.OpenFile(target, os.O_WRONLY|os.O_CREATE, 0755); err != nil {
 					return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target)
 				}
 				file.Close()
diff --git a/vendor/github.com/containers/buildah/chroot/seccomp.go b/vendor/github.com/containers/buildah/chroot/seccomp.go
index 12a9b0032..1ca0a159e 100644
--- a/vendor/github.com/containers/buildah/chroot/seccomp.go
+++ b/vendor/github.com/containers/buildah/chroot/seccomp.go
@@ -15,18 +15,28 @@ func setSeccomp(spec *specs.Spec) error {
 	if spec.Linux.Seccomp == nil {
 		return nil
 	}
-	mapAction := func(specAction specs.LinuxSeccompAction) libseccomp.ScmpAction {
+	mapAction := func(specAction specs.LinuxSeccompAction, errnoRet *uint) libseccomp.ScmpAction {
 		switch specAction {
 		case specs.ActKill:
 			return libseccomp.ActKill
 		case specs.ActTrap:
 			return libseccomp.ActTrap
 		case specs.ActErrno:
-			return libseccomp.ActErrno
+			action := libseccomp.ActErrno
+			if errnoRet != nil {
+				action = action.SetReturnCode(int16(*errnoRet))
+			}
+			return action
 		case specs.ActTrace:
 			return libseccomp.ActTrace
 		case specs.ActAllow:
 			return libseccomp.ActAllow
+		case specs.ActLog:
+			return libseccomp.ActLog
+		case specs.ActKillProcess:
+			return libseccomp.ActKillProcess
+		default:
+			logrus.Errorf("unmappable action %v", specAction)
 		}
 		return libseccomp.ActInvalid
 	}
@@ -68,6 +78,8 @@ func setSeccomp(spec *specs.Spec) error {
 			/* fallthrough */ /* for now */
 		case specs.ArchPARISC64:
 			/* fallthrough */ /* for now */
+		default:
+			logrus.Errorf("unmappable arch %v", specArch)
 		}
 		return libseccomp.ArchInvalid
 	}
@@ -87,11 +99,13 @@ func setSeccomp(spec *specs.Spec) error {
 			return libseccomp.CompareGreater
 		case specs.OpMaskedEqual:
 			return libseccomp.CompareMaskedEqual
+		default:
+			logrus.Errorf("unmappable op %v", op)
 		}
 		return libseccomp.CompareInvalid
 	}
 
-	filter, err := libseccomp.NewFilter(mapAction(spec.Linux.Seccomp.DefaultAction))
+	filter, err := libseccomp.NewFilter(mapAction(spec.Linux.Seccomp.DefaultAction, nil))
 	if err != nil {
 		return errors.Wrapf(err, "error creating seccomp filter with default action %q", spec.Linux.Seccomp.DefaultAction)
 	}
@@ -112,7 +126,7 @@ func setSeccomp(spec *specs.Spec) error {
 		}
 		for scnum := range scnames {
 			if len(rule.Args) == 0 {
-				if err = filter.AddRule(scnum, mapAction(rule.Action)); err != nil {
+				if err = filter.AddRule(scnum, mapAction(rule.Action, rule.ErrnoRet)); err != nil {
 					return errors.Wrapf(err, "error adding a rule (%q:%q) to seccomp filter", scnames[scnum], rule.Action)
 				}
 				continue
@@ -129,7 +143,7 @@ func setSeccomp(spec *specs.Spec) error {
 				}
 				conditions = append(conditions, condition)
 			}
-			if err = filter.AddRuleConditional(scnum, mapAction(rule.Action), conditions); err != nil {
+			if err = filter.AddRuleConditional(scnum, mapAction(rule.Action, rule.ErrnoRet), conditions); err != nil {
 				// Okay, if the rules specify multiple equality
 				// checks, assume someone thought that they
 				// were OR'd, when in fact they're ordinarily
@@ -137,7 +151,7 @@ func setSeccomp(spec *specs.Spec) error {
 				// different rules to get that OR effect.
 				if len(rule.Args) > 1 && opsAreAllEquality && err.Error() == "two checks on same syscall argument" {
 					for i := range conditions {
-						if err = filter.AddRuleConditional(scnum, mapAction(rule.Action), conditions[i:i+1]); err != nil {
+						if err = filter.AddRuleConditional(scnum, mapAction(rule.Action, rule.ErrnoRet), conditions[i:i+1]); err != nil {
 							return errors.Wrapf(err, "error adding a conditional rule (%q:%q[%d]) to seccomp filter", scnames[scnum], rule.Action, i)
 						}
 					}
diff --git a/vendor/github.com/containers/buildah/copier/copier.go b/vendor/github.com/containers/buildah/copier/copier.go
index a980fe292..1021aeb6f 100644
--- a/vendor/github.com/containers/buildah/copier/copier.go
+++ b/vendor/github.com/containers/buildah/copier/copier.go
@@ -222,6 +222,10 @@ type GetOptions struct {
 	UIDMap, GIDMap     []idtools.IDMap // map from hostIDs to containerIDs in the output archive
 	Excludes           []string        // contents to pretend don't exist, using the OS-specific path separator
 	ExpandArchives     bool            // extract the contents of named items that are archives
+	ChownDirs          *idtools.IDPair // set ownership on directories. no effect on archives being extracted
+	ChmodDirs          *os.FileMode    // set permissions on directories. no effect on archives being extracted
+	ChownFiles         *idtools.IDPair // set ownership of files. no effect on archives being extracted
+	ChmodFiles         *os.FileMode    // set permissions on files. no effect on archives being extracted
 	StripSetuidBit     bool            // strip the setuid bit off of items being copied. no effect on archives being extracted
 	StripSetgidBit     bool            // strip the setgid bit off of items being copied. no effect on archives being extracted
 	StripStickyBit     bool            // strip the sticky bit off of items being copied. no effect on archives being extracted
@@ -265,6 +269,8 @@ func Get(root string, directory string, options GetOptions, globs []string, bulk
 // PutOptions controls parts of Put()'s behavior.
 type PutOptions struct {
 	UIDMap, GIDMap    []idtools.IDMap // map from containerIDs to hostIDs when writing contents to disk
+	DefaultDirOwner   *idtools.IDPair // set ownership of implicitly-created directories, default is ChownDirs, or 0:0 if ChownDirs not set
+	DefaultDirMode    *os.FileMode    // set permissions on implicitly-created directories, default is ChmodDirs, or 0755 if ChmodDirs not set
 	ChownDirs         *idtools.IDPair // set ownership of newly-created directories
 	ChmodDirs         *os.FileMode    // set permissions on newly-created directories
 	ChownFiles        *idtools.IDPair // set ownership of newly-created files
@@ -1032,6 +1038,9 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
 			}
 			// evaluate excludes relative to the root directory
 			if info.Mode().IsDir() {
+				// we don't expand any of the contents that are archives
+				options := req.GetOptions
+				options.ExpandArchives = false
 				walkfn := func(path string, info os.FileInfo, err error) error {
 					// compute the path of this item
 					// relative to the top-level directory,
@@ -1073,7 +1082,7 @@ func copierHandlerGet(bulkWriter io.Writer, req request, pm *fileutils.PatternMa
 						symlinkTarget = target
 					}
 					// add the item to the outgoing tar stream
-					return copierHandlerGetOne(info, symlinkTarget, rel, path, req.GetOptions, tw, hardlinkChecker, idMappings)
+					return copierHandlerGetOne(info, symlinkTarget, rel, path, options, tw, hardlinkChecker, idMappings)
 				}
 				// walk the directory tree, checking/adding items individually
 				if err := filepath.Walk(item, walkfn); err != nil {
@@ -1193,6 +1202,22 @@ func copierHandlerGetOne(srcfi os.FileInfo, symlinkTarget, name, contentPath str
 			return errors.Wrapf(err, "error mapping host filesystem owners %#v to container filesystem owners", hostPair)
 		}
 	}
+	// force ownership and/or permissions, if requested
+	if hdr.Typeflag == tar.TypeDir {
+		if options.ChownDirs != nil {
+			hdr.Uid, hdr.Gid = options.ChownDirs.UID, options.ChownDirs.GID
+		}
+		if options.ChmodDirs != nil {
+			hdr.Mode = int64(*options.ChmodDirs)
+		}
+	} else {
+		if options.ChownFiles != nil {
+			hdr.Uid, hdr.Gid = options.ChownFiles.UID, options.ChownFiles.GID
+		}
+		if options.ChmodFiles != nil {
+			hdr.Mode = int64(*options.ChmodFiles)
+		}
+	}
 	// output the header
 	if err = tw.WriteHeader(hdr); err != nil {
 		return errors.Wrapf(err, "error writing header for %s (%s)", contentPath, hdr.Name)
@@ -1220,13 +1245,20 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 	errorResponse := func(fmtspec string, args ...interface{}) (*response, func() error, error) {
 		return &response{Error: fmt.Sprintf(fmtspec, args...), Put: putResponse{}}, nil, nil
 	}
-	dirUID, dirGID := 0, 0
+	dirUID, dirGID, defaultDirUID, defaultDirGID := 0, 0, 0, 0
 	if req.PutOptions.ChownDirs != nil {
 		dirUID, dirGID = req.PutOptions.ChownDirs.UID, req.PutOptions.ChownDirs.GID
+		defaultDirUID, defaultDirGID = dirUID, dirGID
 	}
-	dirMode := os.FileMode(0755)
+	defaultDirMode := os.FileMode(0755)
 	if req.PutOptions.ChmodDirs != nil {
-		dirMode = *req.PutOptions.ChmodDirs
+		defaultDirMode = *req.PutOptions.ChmodDirs
+	}
+	if req.PutOptions.DefaultDirOwner != nil {
+		defaultDirUID, defaultDirGID = req.PutOptions.DefaultDirOwner.UID, req.PutOptions.DefaultDirOwner.GID
+	}
+	if req.PutOptions.DefaultDirMode != nil {
+		defaultDirMode = *req.PutOptions.DefaultDirMode
 	}
 	var fileUID, fileGID *int
 	if req.PutOptions.ChownFiles != nil {
@@ -1258,11 +1290,11 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 			subdir = filepath.Join(subdir, component)
 			path := filepath.Join(req.Root, subdir)
 			if err := os.Mkdir(path, 0700); err == nil {
-				if err = lchown(path, dirUID, dirGID); err != nil {
-					return errors.Wrapf(err, "copier: put: error setting owner of %q to %d:%d", path, dirUID, dirGID)
+				if err = lchown(path, defaultDirUID, defaultDirGID); err != nil {
+					return errors.Wrapf(err, "copier: put: error setting owner of %q to %d:%d", path, defaultDirUID, defaultDirGID)
 				}
-				if err = os.Chmod(path, dirMode); err != nil {
-					return errors.Wrapf(err, "copier: put: error setting permissions on %q to 0%o", path, dirMode)
+				if err = os.Chmod(path, defaultDirMode); err != nil {
+					return errors.Wrapf(err, "copier: put: error setting permissions on %q to 0%o", path, defaultDirMode)
 				}
 			} else {
 				if !os.IsExist(err) {
author	dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>	2020-10-02 08:18:09 +0000
committer	Daniel J Walsh <dwalsh@redhat.com>	2020-10-02 05:54:32 -0400
commit	9212e0499b8152097515f5b2e00ca32ab0dd9c5e (patch)
tree	3b45b36308ca552451244468dc4be8fa3118096d /vendor/github.com
parent	defd427503c2b36d64686b6ef327ce16810855c1 (diff)
download	podman-9212e0499b8152097515f5b2e00ca32ab0dd9c5e.tar.gz podman-9212e0499b8152097515f5b2e00ca32ab0dd9c5e.tar.bz2 podman-9212e0499b8152097515f5b2e00ca32ab0dd9c5e.zip